Description of problem: Upgrading my freeipa servers from Fedora 35 to 36 I hit an issue with dogtag ERROR: [Errno 13] Permission denied: 'ca' Apr 27 13:09:21 martouf.ausil.us pki-server[170272]: Traceback (most recent call last): Apr 27 13:09:21 martouf.ausil.us pki-server[170272]: File "/usr/lib64/python3.10/shutil.py", line 813, in move Apr 27 13:09:21 martouf.ausil.us pki-server[170272]: os.rename(src, real_dst) Apr 27 13:09:21 martouf.ausil.us pki-server[170272]: PermissionError: [Errno 13] Permission denied: '/var/lib/pki/pki-tomcat/ca/profiles' -> '/etc/pki/pki-tomcat/ca/profiles/profiles' was in the output from the first attempt from running ipa-server-upgrade. subsequent attempts the pki process failed with an error saying that /etc/pki/pki-tomcat/ca/profiles/profiles already existed. removing /etc/pki/pki-tomcat/ca/profiles/profiles and running "pki-server upgrade" allowed everything to run and then the ipa-server-upgrade process completed Version-Release number of selected component (if applicable): dogtag-pki-symkey-11.0.2-1.fc35.aarch64 krb5-pkinit-1.19.2-6.fc36.aarch64 pki-resteasy-jackson2-provider-3.0.26-15.fc36.noarch pki-resteasy-core-3.0.26-15.fc36.noarch pki-resteasy-client-3.0.26-15.fc36.noarch python3-dogtag-pki-11.1.0-1.fc36.noarch dogtag-pki-base-11.1.0-1.fc36.noarch dogtag-pki-java-11.1.0-1.fc36.noarch dogtag-pki-tools-11.1.0-1.fc36.aarch64 dogtag-pki-server-11.1.0-1.fc36.noarch dogtag-pki-acme-11.1.0-1.fc36.noarch dogtag-pki-ca-11.1.0-1.fc36.noarch dogtag-pki-kra-11.1.0-1.fc36.noarch How reproducible: always Steps to Reproduce: 1. upgrade from f35 to f36 2. 3. Actual results: Expected results: Additional info:
Proposed as a Blocker for 36-final by Fedora user ausil using the blocker tracking app because: freeipa fails to function after upgrade from fedora 35
Could you please provide more comprehensive log output, so we can see where in the process is/what command produced the first error?
logs provided privately, for a bit more detail I went from dogtag-pki 11.0.2-1.fc35 to 11.1.0-1.fc36 as part of the upgrade freeipa went from 4.9.8-1.fc35 to 4.9.8-3.fc36
For the record, we do have an automated test for this, and it passes regularly. It deploys a clean Fedora 35 install as a FreeIPA server, deploys another clean F35 install as a client, checks everything works, then upgrades both systems to F36 and checks that things work again. It works fine: https://openqa.fedoraproject.org/tests/1245377 (server) https://openqa.fedoraproject.org/tests/1245401 (client) ...well, OK, there's an apparent packaging error in sssd which requires `--allowerasing` for the upgrade, I should've spotted that earlier. But aside from that, it works fine. :)
ah, that issue is because sssd in f35 is newer than in f36. When the 2.7.0 in updates-testing goes stable for f36 it should go away.
Interesting, thanks for that!
In today's Go/No-Go meeting, we agreed to reject this as a blocker because the openQA tests succeed and there's insufficient information to call this a blocker. https://meetbot.fedoraproject.org/fedora-meeting/2022-04-28/f36-final-go_no_go-meeting.2022-04-28-17.01.log.html#l-76
both masters do not have a log file at /var/log/ipaserver-upgrade.log
This message is a reminder that Fedora Linux 36 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '36'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 36 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 36 entered end-of-life (EOL) status on 2023-05-16. Fedora Linux 36 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.