Bug 1465472 - Error at open session: 0x3 when installling IPA server in F26
Summary: Error at open session: 0x3 when installling IPA server in F26
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 26
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: IPA Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: RejectedBlocker
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-27 13:43 UTC by Oliver Gutiérrez
Modified: 2017-07-13 14:50 UTC (History)
12 users (show)

Fixed In Version: freeipa-4.4.4-4.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-13 14:50:27 UTC


Attachments (Terms of Use)
Full install log (3.59 MB, text/plain)
2017-06-27 13:43 UTC, Oliver Gutiérrez
no flags Details

Description Oliver Gutiérrez 2017-06-27 13:43:28 UTC
Created attachment 1292340 [details]
Full install log

Description of problem:

IPA server installation command fails almost finishing with this error:

The ipa-server-install command failed, exception: Error: Error at open session: 0x3

Version-Release number of selected component (if applicable):


How reproducible: Suposedly always (I did it 2 times in a row in clean F26 virtual machines)

Steps to Reproduce:
1. I am using this script for installation: https://github.com/olivergs/fleet-commander-freeipa-environment/blob/master/ipamaster.sh
2. Configured IPA server installation leaving default values except the DNS forwarding that I set to NO
3. Installation begins and fails when it is almost finishing.

Actual results:

Server not installed. Failing with error: The ipa-server-install command failed, exception: Error: Error at open session: 0x3

Las part of log:

https://paste.fedoraproject.org/paste/kfsUTVtUE2kdgZ4cAXJAoQ

full log file in attachments.

Expected results:

IPA server install finishing

Additional info:

I noticed resol.conf got modified and shows the following contents:

search fc.ipa
nameserver 127.0.0.1

Comment 1 Martin Bašti 2017-06-27 15:18:03 UTC
Thank you for reporting this.

Tomas we have to backport this patch to FreeIPA in F26 07df61b7814db08d81e1ff92f58b24e5d852fdf8

Comment 2 Fedora Blocker Bugs Application 2017-06-29 08:45:18 UTC
Proposed as a Blocker for 26-beta by Fedora user ogutierrez using the blocker tracking app because:

 Latest FreeIPA server in F26 Beta is not installable. During the execution of freeipa-server-install it fails the installation with a reproducible error.

Comment 3 Andre Robatino 2017-06-29 08:57:57 UTC
Beta is out, if you want this to be a blocker it has to be against F26 Final.

Comment 4 Oliver Gutiérrez 2017-06-29 09:02:46 UTC
Thanks for fixing the mistake Andre.

Comment 5 Fedora Update System 2017-06-29 09:26:00 UTC
freeipa-4.4.4-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-1dabaf8ee1

Comment 6 Oliver Gutiérrez 2017-06-29 10:08:17 UTC
Tested in a clean/updated Fedora 26 and seems working now.

Comment 7 Adam Williamson 2017-06-29 15:40:54 UTC
The openQA FreeIPA server test has been working fine for weeks; is there some specific circumstance which triggers this bug?

Comment 8 Adam Williamson 2017-06-29 15:57:29 UTC
Ah, now I see what the issue is:

https://pagure.io/freeipa/issue/6692

"ipa-dnskeysyncd: is failing with softhsm 2.2.0"

softhsm 2.2.0 is in updates-testing, not in stable. So the openQA nightly test is passing because it doesn't use u-t.

That means this doesn't need to be a release blocker unless softhsm 2.2.0 gets pushed stable for some reason (it doesn't seem to be proposed for a blocker or FE bug, so there's no reason why it would at present).

Note that softhsm 2.2.0 is queued for F25 as well as F26:

https://bodhi.fedoraproject.org/updates/FEDORA-2017-30c570630b (F25)
https://bodhi.fedoraproject.org/updates/FEDORA-2017-12359c53e8 (F26)

Instead of having separate freeipa updates (as is currently the case), the fixed freeipa packages should be added to the softhsm updates, as per the packaging guidelines (so softhsm doesn't get pushed without freeipa, resulting in freeipa breaking until the freeipa update is pushed). I'm trying to do this at present, but running into Bodhi issues; trying to get releng to help with that.

Comment 9 Fedora Update System 2017-06-29 16:54:03 UTC
freeipa-4.4.4-4.fc26 softhsm-2.2.0-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-12359c53e8

Comment 10 Fedora Update System 2017-06-29 16:54:28 UTC
freeipa-4.4.4-4.fc26 softhsm-2.2.0-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-12359c53e8

Comment 11 Adam Williamson 2017-06-29 19:01:51 UTC
Discussed at 2017-06-29 blocker review meeting: https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2017-06-29/f26-blocker-review.2017-06-29-16.00.html . Rejected as a blocker, as the update that causes the problem is not in stable and is not queued as a blocker or FE fix, so the frozen package set should not have the problem.

I've now edited the F25 and F26 updates such that the softhsm and freeipa updates are together, so it should not be possible for the softhsm update to go to stable without the freeipa build that works with it.

Comment 12 Alexander Bokovoy 2017-06-29 19:03:36 UTC
Thanks, Adam. This should work fine.

Comment 13 Fedora Update System 2017-06-30 20:25:00 UTC
freeipa-4.4.4-4.fc26, softhsm-2.2.0-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-12359c53e8

Comment 14 Fedora Update System 2017-07-13 14:50:27 UTC
freeipa-4.4.4-4.fc26, softhsm-2.2.0-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.