Red Hat Bugzilla – Bug 893722
ipa-server upgrade ERROR Cannot move CRL file to new directory
Last modified: 2013-10-07 14:58:25 EDT
Description of problem: During the yum update from 2.2.0-16 to 3.0.0-20 I'm seeing this: Updating : ipa-server-3.0.0-20.el6.x86_64 43/86 Cannot move CRL file to new directory: [Errno 2] No such file or directory: '/var/lib/ipa/pki-ca/publish/MasterCRL.bin' Updating : ipa-server-selinux-3.0.0-20.el6.x86_64 44/86 But, afterwards, I do see that: [root@rhel6-1 ipa-upgrade]# ls -ld /var/lib/ipa/pki-ca/publish/MasterCRL.bin lrwxrwxrwx. 1 root root 57 Jan 9 11:55 /var/lib/ipa/pki-ca/publish/MasterCRL.bin -> /var/lib/ipa/pki-ca/publish/MasterCRL-20130109-113944.der [root@rhel6-1 ipa-upgrade]# file /var/lib/ipa/pki-ca/publish/MasterCRL-20130109-113944.der /var/lib/ipa/pki-ca/publish/MasterCRL-20130109-113944.der: data Looking at the /var/log/ipaupgrade.log file: 2013-01-09T17:55:42Z DEBUG copy_crl_file: /var/lib/pki-ca/publish/MasterCRL.bin -> /var/lib/ipa/pki-ca/publish/MasterCRL.bin 2013-01-09T17:55:42Z DEBUG copy_crl_file: Create symlink /var/lib/ipa/pki-ca/publish/MasterCRL.bin -> /var/lib/ipa/pki-ca/publish/MasterCRL-20130109-113944.der 2013-01-09T17:55:42Z ERROR Cannot move CRL file to new directory: [Errno 2] No such file or directory: '/var/lib/ipa/pki-ca/publish/MasterCRL.bin' 2013-01-09T17:55:42Z DEBUG copy_crl_file: /var/lib/pki-ca/publish/MasterCRL-20130109-113944.der -> /var/lib/ipa/pki-ca/publish/MasterCRL-20130109-113944.der It looks like it's failing because it tries to create the symlink before copying the .der file to the new location? Version-Release number of selected component (if applicable): 2.2.0 to 3.0.0 yum update 'ipa*' How reproducible: always Steps to Reproduce: 1. setup rhel 6.3 IPA master server 2. point to rhel 6.4 repos for yum 3. yum update 'ipa*' Actual results: works but see this error: Updating : ipa-server-3.0.0-20.el6.x86_64 43/86 Cannot move CRL file to new directory: [Errno 2] No such file or directory: '/var/lib/ipa/pki-ca/publish/MasterCRL.bin' Updating : ipa-server-selinux-3.0.0-20.el6.x86_64 44/86 Expected results: Files copied in appropriate order and no error should be seen here? Additional info: see above in description.
This bug could lead to unreachable CRL file as exactly this symlink is read served by httpd to clients and mentioned in published certificates. I would rather see this included in RHEL-6.4 (if possible) - I will create a patch.
I just found when reproducing the issue in real server that this error message is actually benign and is reported not in the copy phase, but when we try to do `chown' on the copied symlink. This should still be fixed, but it is not a blocker for RHEL 6.4.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3336
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/79bcf904a50aff704819134a58d09ba688b285e8 ipa-3-1: https://fedorahosted.org/freeipa/changeset/d9114842f62b465306ecbba40bda5c57f581260b ipa-3-0: https://fedorahosted.org/freeipa/changeset/1fc0d1256bba3358017f4cd8b214a2497489e500
Upgraded to ipa-server-3.0.0-21.el6.x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: upgrade_bz_893722: ipa-server upgrade ERROR Cannot move CRL file to new directory :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [00:19:14] :: Machine in recipe is MASTER :: [ PASS ] :: File '/var/log/ipaupgrade.log' should not contain 'Cannot move CRL file to new directory' :: [ PASS ] :: BZ 893722 not found :: [ PASS ] :: Running 'rhts-sync-set -s 'upgrade_bz_893722.110' -m 10.16.76.43' '5f3b3f80-a389-4196-aadc-01df5830a2da' upgrade-bz-893722 result: PASS
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html