Bug 808201 - IPA Master Upgrade failed with argument of type 'NoneType' is not iterable
Summary: IPA Master Upgrade failed with argument of type 'NoneType' is not iterable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-29 19:32 UTC by Scott Poore
Modified: 2013-10-07 18:52 UTC (History)
2 users (show)

Fixed In Version: ipa-2.2.0-8.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:26:17 UTC
Target Upstream Version:

Attachments (Terms of Use)
IPA Master ipaupgrade.log (1.41 KB, application/x-gzip)
2012-03-29 19:45 UTC, Scott Poore 		no flags Details
IPA Master dirsrv/slapd errors.log file (3.06 KB, application/x-gzip)
2012-03-29 19:46 UTC, Scott Poore 		no flags Details
IPA Master dirsrv/slapd access log file (63.24 KB, application/x-gzip)
2012-03-29 19:50 UTC, Scott Poore 		no flags Details
IPA Master ipaserver-install.log (2.91 MB, application/x-gzip)
2012-03-29 19:51 UTC, Scott Poore 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Scott Poore 2012-03-29 19:32:28 UTC 
Description of problem:

Attempting to upgrade the IPA master in a master and replica configuration failed.  Master and replica both running 2.1.3.  Attempted to upgrade master to 2.2.0-5.   From command output, it appeared as if the master upgrade succeeded.  Attempting to run ipa commands afterwards though shows kerberos errors.  Inspection of  the ipaupgrade.log file shows the errors listed in the summary.

Version-Release number of selected component (if applicable):

# rpm -q ipa-server 389-ds-base krb5-server bind-dyndb-ldap pki-common
ipa-server-2.2.0-5.el6.x86_64
389-ds-base-1.2.10.2-4.el6.x86_64
krb5-server-1.9-32.el6.x86_64
bind-dyndb-ldap-1.1.0-0.5.b1.el6.x86_64
pki-common-9.0.3-24.el6.noarch

How reproducible:

So far, it appears that it is always reproducable.

Steps to Reproduce:
1.  <setup ipa 2.1.3-9 master on RHEL6.2 >
2.  <setup ipa 2.1.3-9 replica on RHEL6.2>
3.  <setup ipa 2.1.3-9 client on RHEL6.2> # this may be optional but, it's what I was doing.
4.  <add some test data to IPA>
5.  <add yum repos for RHEL6.3 and/or IPA 2.2.0-5>
6.  yum -u update 'ipa*'
7.  kdestroy
8.  kinit admin
9.  ipa user-find
10. less /var/log/ipaupgrade.log
  
Actual results:

# ipa user-find
ipa: ERROR: Kerberos error: did not receive Kerberos credentials/


Expected results:

returns user list per normal operations.

Additional info:

/var/log/ipaupgrade.log entries:

2012-03-29T18:47:49Z DEBUG me to qe-blade-12.testrelm.com
2012-03-29T18:47:49Z ERROR Upgrade failed with argument of type 'NoneType' is not iterable
2012-03-29T18:47:49Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/ipaserver/install/upgradeinstance.py", line 107, in __upgrade
    self.modified = ld.update(self.files)
  File "/usr/lib/python2.6/site-packages/ipaserver/install/ldapupdate.py", line 792, in update
    updates = api.Backend.updateclient.update(PRE_UPDATE, self.dm_password, self.ldapi, self.live_run)
  File "/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py", line 135, in update
    (restart, apply_now, res) = self.run(update.name, **kw)
  File "/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py", line 165, in run
    return self.Updater[method](**kw) #pylint: disable=E1101
  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1347, in __call__
    return self.execute(**options)
  File "/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_memberof.py", line 46, in execute
    if 'memberof' not in replica.nsDS5ReplicatedAttributeList:
TypeError: argument of type 'NoneType' is not iterable
Comment 2 Scott Poore 2012-03-29 19:45:20 UTC 
Created attachment 573777 [details]
IPA Master ipaupgrade.log
Comment 3 Scott Poore 2012-03-29 19:46:02 UTC 
Created attachment 573778 [details]
IPA Master dirsrv/slapd errors.log file
Comment 4 Rob Crittenden 2012-03-29 19:47:06 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2594
Comment 5 Scott Poore 2012-03-29 19:50:05 UTC 
Created attachment 573780 [details]
IPA Master dirsrv/slapd access log file
Comment 6 Scott Poore 2012-03-29 19:51:08 UTC 
Created attachment 573781 [details]
IPA Master ipaserver-install.log
Comment 7 Martin Kosek 2012-04-02 08:53:30 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/16b38d39b36eb0b39a77720e30ac4321e902e66b
ipa-2-2: https://fedorahosted.org/freeipa/changeset/5b895af4065c6415fe7e9f5f2682c5ea63450d39
Comment 10 Scott Poore 2012-04-09 18:53:13 UTC 
Verified.

Version :: ipa-server-2.2.0-8.el6.x86_64

Automated Test Results ::

Automated results not available from beaker jobs just yet but, here is a manual execution.  Upgrade succeeded as did a check of test data.  Then, confirming bug seen and logs will be checked here:

# upgrade_bz_808201

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: upgrade_bz_808201: IPA Master Upgrade failed with argument of type 'NoneType' is not iterable
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [13:48:53] ::  Machine in recipe is MASTER
:: [13:48:53] ::  Restarting IPA services
Restarting Directory Service
Shutting down dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]
Starting dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]
Restarting KDC Service
Stopping Kerberos 5 KDC:                                   [  OK  ]
Starting Kerberos 5 KDC:                                   [  OK  ]
Restarting KPASSWD Service
Stopping Kerberos 5 Admin Server:                          [  OK  ]
Starting Kerberos 5 Admin Server:                          [  OK  ]
Restarting DNS Service
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
Restarting MEMCACHE Service
Stopping ipa_memcached:                                    [  OK  ]
Starting ipa_memcached:                                    [  OK  ]
Restarting HTTP Service
Stopping httpd:                                            [  OK  ]
Starting httpd: [Mon Apr 09 13:49:11 2012] [warn] worker ajp://localhost:9447/ already used by another worker
[Mon Apr 09 13:49:11 2012] [warn] worker ajp://localhost:9447/ already used by another worker
                                                           [  OK  ]
Restarting CA Service
Stopping pki-ca:                                           [  OK  ]
Starting pki-ca:                                           [  OK  ]
:: [   PASS   ] :: Running 'ipactl restart'
:: [13:49:51] ::  Check for Kerberos error from ipa user-find command
:: [   PASS   ] :: Running 'ipa user-find > /tmp/errormsg.out 2>&1'
:: [13:49:58] ::  check for NoneType is not iterable error in /var/log/ipaupgrade
:: [   PASS   ] :: BZ 808201 not found...ipa user-find after upgrade succeeded.  No error returned.
result_server not set, assuming developer mode.
Setting 192.168.122.101 to state upgrade_bz_808201.35
:: [   PASS   ] :: Running 'rhts-sync-set -s 'upgrade_bz_808201.35' -m 192.168.122.101'

Manual Test Results ::

# ipa user-find 
---------------
3 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 977800000
  GID: 977800000
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: jack
  First name: First
  Last name: Last
  Home directory: /home/jack
  Login shell: /bin/sh
  UID: 977800003
  GID: 977800003
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: jill
  First name: First
  Last name: Last
  Home directory: /home/jill
  Login shell: /bin/sh
  UID: 977800004
  GID: 977800004
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 3
----------------------------


# grep "Upgrade failed with argument of type" /var/log/ipaupgrade.log 
# 


# rpm -q ipa-server
ipa-server-2.2.0-8.el6.x86_64
Comment 12 Martin Kosek 2012-04-25 11:19:20 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 14 errata-xmlrpc 2012-06-20 13:26:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.