Bug 1820318 - FreeIPA server upgrade to pki-core 10.8.3 fails due to pki-server upgrade choking on an interactive response
Summary: FreeIPA server upgrade to pki-core 10.8.3 fails due to pki-server upgrade cho...
Keywords:
Status: CLOSED DUPLICATE of bug 1814242
Alias: None
Product: Fedora
Classification: Fedora
Component: pki-core
Version: rawhide
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Matthew Harmsen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-02 18:25 UTC by Adam Williamson
Modified: 2020-04-02 19:14 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-02 18:59:00 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Adam Williamson 2020-04-02 18:25:05 UTC 
I just noticed my F31 FreeIPA server wasn't working. When I logged into it and investigated, I saw this in the IPA upgrade log:

===

Upgrading PKI server configuration on Sat 14 Mar 2020 06:02:24 AM PDT.
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/1/oldfiles/var/lib/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/4/oldfiles/etc/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/4/oldfiles/etc/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/5/oldfiles/etc/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/6/oldfiles/etc/pki/pki-tomcat
ERROR: expected str, bytes or os.PathLike object, not NoneType
ERROR: Upgrade failed in pki-tomcat/ca: expected str, bytes or os.PathLike object, not NoneType
Upgrading from version 10.7.3 to 10.8.0:
No upgrade scriptlets.
Tracker has been set to version 10.8.0.
 
Upgrading from version 10.8.0 to 10.8.2:
1. Fix common folder
2. Remove LDAP setup files from instance folder
3. Fix links to default Tomcat files
4. Remove unused UserDatabase from server.xml
5. Remove pki.policy from instance folder
6. Remove empty custom.policy from instance folder
 
Upgrading from version 10.8.2 to 10.8.3:
1. Fix EC admin certificate profile
Failed upgrading pki-tomcat/ca subsystem.
 
 
Continue (Yes/No) [Y]? ERROR: EOF when reading a line

===

It seems to be choking because it's expecting an interactive response. Of course the upgrade process should *never* require an interactive response because it runs in RPM scriptlets.

If I run 'ipa-server-upgrade' interactively at a console it also fails. If I run 'pki-server upgrade -v --validate' (command suggested by zdzichu) it fails with the same "EOF when reading a line" error. But if I just run 'pki-server upgrade' with no other args, it actually waits for me to answer 'Y', then completes successfully. After that I could run ipa-server-upgrade successfully, and my server is now back working again. But I shouldn't have needed to do that and it shouldn't have broken my server.
Comment 1 Dinesh Prasanth 2020-04-02 18:59:00 UTC 
THe interactive response should not be needed and should default to Y. The issue you see
in "Fix EC admin certificate profile" is due to a known bug which is fixed in 10.9 (not pushed it).

Closing this as duplicate.

*** This bug has been marked as a duplicate of bug 1814242 ***
Comment 2 Adam Williamson 2020-04-02 19:14:25 UTC 
aha, thanks for the explanation. Sorry for not spotting the other report - I didn't see it as it's assigned to dogtag-pki, and I looked for bugs against pki-core.
Note You need to log in before you can comment on or make changes to this bug.