Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1479663

Summary: pki-server-upgrade fails when upgrading from RHEL 7.1
Product: Red Hat Enterprise Linux 7 Reporter: Fraser Tweedale <ftweedal>
Component: pki-coreAssignee: Fraser Tweedale <ftweedal>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: urgent Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: urgent    
Version: 7.4CC: arubin, mharmsen, msauton, pbokoc, rpattath
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The "pki-server-upgrade" utility no longer fails if target files are missing A bug in the "pki-server-upgrade" utiltiy caused it to attempt to locate a non-existent file. As a consequence, the upgrade process failed to complete, and could possibly leave the PKI deployment in an invalid state. With this update, "pki-server-upgrade" has been modified to correctly handle cases where target files are missing, and PKI upgrades now work correctly.
 Story Points: ---
Clone Of:
: 1487509 (view as bug list) Environment:
Last Closed: 2018-04-10 17:00:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1487509    

Description Fraser Tweedale 2017-08-09 05:59:38 UTC 
Description of problem:

When upgrading from RHEL 7.1, pki-server-upgrade fails.

Log output:

<<EOF
[root@auto-hv-01-guest03 localhost]# cat /var/log/pki/pki-server-upgrade-10.4.1.log 
Upgrading PKI server configuration at Thu Aug  3 03:46:16 EDT 2017.
Upgrading from version 10.1.2 to 10.1.99:
1. Add TLS Range Support

Upgrading from version 10.1.99 to 10.2.0:
1. Move web application context file
2. Replace Jettison with Jackson
3. Added RESTEasy client
4. Replace RESTEasy application class
5. Remove config path from web.xml

Upgrading from version 10.2.0 to 10.2.1:
No upgrade scriptlets.
Tracker has been set to version 10.2.1.

Upgrading from version 10.2.1 to 10.2.2:
1. Add TLS Range Support

Upgrading from version 10.2.2 to 10.2.3:
1. Move Web application deployment locations
2. Enabled Web application auto deploy
3. Remove dependency on Jackson 2

Upgrading from version 10.2.3 to 10.2.4:
1. Fix instance work folder ownership
2. Fix bindPWPrompt for internalDB

Upgrading from version 10.2.4 to 10.2.5:
1. Add missing OCSP Get Servlet Mapping to upgraded Dogtag 9 instances
2. Fix nuxwdog listener class

Upgrading from version 10.2.5 to 10.2.6:
1. Add new KRA audit events

Upgrading from version 10.2.6 to 10.3.0:
1. Remove inaccessable URLs from server.xml
2. Add Phone Home URLs to TPS section of server.xml.

Upgrading from version 10.3.0 to 10.3.1:
1. Enable Tomcat ALLOW_ENCODED_SLASH parameter
2. Add authz realm constraint and default to registry

Upgrading from version 10.3.1 to 10.3.2:
No upgrade scriptlets.
Tracker has been set to version 10.3.2.

Upgrading from version 10.3.2 to 10.3.3:
No upgrade scriptlets.
Tracker has been set to version 10.3.3.

Upgrading from version 10.3.3 to 10.4.0:
1. Fix JAVA_HOME path
2. Fix server library
3. Fix deployment descriptor
ERROR: [Errno 2] No such file or directory: '/usr/share/pki/server/conf/Catalina/localhost/pki#admin.xml'
Failed upgrading pki-tomcat instance.
Upgrade failed in pki-tomcat: [Errno 2] No such file or directory: '/usr/share/pki/server/conf/Catalina/localhost/pki#admin.xml'
EOF



Version-Release number of selected component (if applicable):

pki-server-10.4.1-11.el7.noarch



How reproducible: always


Steps to Reproduce:
1. Deploy pki (e.g. as part of IPA) on RHEL 7.1
2. Upgrade to 7.4


Actual results:

Upgrade, including pki-server-upgrade, completes without error.


Expected results:


Additional info: seems to be related to an upgrade script looking for
a file that does not exist.  Possibly it existed in a version in between
7.1 and 7.4, but no longer does.  The upgrade scriptlet affected is:

/usr/share/pki/server/upgrade/10.3.3/03-FixDeploymentDescriptor 

It is sufficient in the `fix_webapp` function to return early if the source
file does not exist, e.g. add the fragment:

        if not os.path.exists(source_xml):
            return
Comment 2 Fraser Tweedale 2017-08-09 06:08:14 UTC 
Upstream ticket: https://pagure.io/dogtagpki/issue/2789
Comment 3 Fraser Tweedale 2017-08-11 07:59:24 UTC 
Upstream gerrit review: https://review.gerrithub.io/#/c/373880/
Comment 4 Fraser Tweedale 2017-08-14 01:40:26 UTC 
Upstream commit: https://github.com/dogtagpki/pki/commit/d0a861923a27672d8633c87e21fb8596080e84af
Comment 7 Roshni 2017-12-07 18:51:22 UTC 
[root@bkr-hv03-guest01 ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.5.1
Release     : 4.el7
Architecture: noarch
Install Date: Thu 07 Dec 2017 01:38:56 PM EST
Group       : System Environment/Daemons
Size        : 2360514
License     : GPLv2
Signature   : RSA/SHA256, Tue 28 Nov 2017 10:33:09 PM EST, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-4.el7.src.rpm
Build Date  : Tue 28 Nov 2017 09:17:20 PM EST
Build Host  : ppc-035.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

Verification steps:
1. ipa-server-install on a rhel 7.1 server.
2. successfully upgraded to rhel 7.5 builds
Comment 9 errata-xmlrpc 2018-04-10 17:00:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0925