Bug 2398021 - openbao packages try to replace vault, and error doing it
Summary: openbao packages try to replace vault, and error doing it
Keywords:
Status: CLOSED DUPLICATE of bug 2397546
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: openbao
Version: epel9
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Dave Dykstra
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-25 00:13 UTC by Eric Eisenhart
Modified: 2025-09-25 03:00 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-09-25 03:00:44 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 2376217 0 medium CLOSED Review Request: openbao - A tool for securely accessing secrets 2025-09-25 03:19:33 UTC
Red Hat Bugzilla 2397546 0 unspecified CLOSED dnf-automatic timer silently replaces vault with openbao, errs on openbao-vault-compat 2025-10-02 02:15:07 UTC

Description Eric Eisenhart 2025-09-25 00:13:46 UTC 
Description of problem:

Encountered this on EPEL9, but I assume there's similar/same issues with EPEL8 and EPEL10.

We run a hashicorp vault cluster on EPEL9 and have various vault client installs on other EPEL systems.

This example is from one of the clients (we caught it before it hit the servers). A relatively automatic update caused the vault package to be removed, the "openbao" package to be installed, and FAILED to install openbao-compat-vault.

If we hadn't caught this on the vault cluster servers it would _very likely_ have completely broken that cluster.

# dnf history info 395
Transaction ID : 395
Begin time     : Wed 24 Sep 2025 01:56:26 PM PDT
Begin rpmdb    : b14b09d4b4e64ce3f83124d6de9bc4680502c67fb5cae71649d8dd8b0ddf2a7d
End time       : Wed 24 Sep 2025 01:56:28 PM PDT (2 seconds)
End rpmdb      : 8aad899762d5371af0c56b507c516745b985ff0b790b3318ba6062f726d65f5f
User           : root <root>
Return-Code    : Failure: 1
Releasever     : 9
Command Line   : -y upgrade
Comment        :
Packages Altered:
    Install   openbao-2.4.1-1.el9.x86_64              @epel
 ** Install   openbao-vault-compat-2.4.1-1.el9.x86_64 @epel
    Obsoleted vault-1.20.3-1.x86_64                   @@System
Scriptlet output:
   1 warning: group openbao does not exist - using root
   2 warning: user openbao does not exist - using root
   3 warning: group openbao does not exist - using root
   4 error: unpacking of archive failed on file /etc/vault.d;68d45afa: cpio: File from package already exists as a directory in system
   5 error: openbao-vault-compat-2.4.1-1.el9.x86_64: install failed
   6 Creating group 'openbao' with GID 978.
   7 Creating user 'openbao' (openbao secrets manager) with UID 978 and GID 978.

# rpm -qa vault\* openbao\*
openbao-2.4.1-1.el9.x86_64

Version-Release number of selected component (if applicable):
2.4.1-1

How reproducible:
Very

Steps to Reproduce:
1. yum install -y yum-utils
2. yum-config-manager --disable epel
3. yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
4. yum -y install vault
5. yum-config-manager --enable epel
6. yum update

Actual results:
vault removed
openbao installed
error installing openbao-vault-compat

Expected results:
no openbao packages installed and vault left installed.

Additional info:
Comment 1 Dave Dykstra 2025-09-25 03:00:44 UTC 
The fix is already in testing via #2397546.  Give it karma and it will be moved to stable.

*** This bug has been marked as a duplicate of bug 2397546 ***
Note You need to log in before you can comment on or make changes to this bug.