Bug 903758 - upgrading IPA from 2.2 to 3.0 sees certmonger errors
upgrading IPA from 2.2 to 3.0 sees certmonger errors
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.4
Unspecified Unspecified
urgent Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
: Regression, TestBlocker
Depends On: 902474
Blocks: 905536
  Show dependency treegraph
 
Reported: 2013-01-24 14:13 EST by Scott Poore
Modified: 2013-10-07 15:01 EDT (History)
10 users (show)

See Also:
Fixed In Version: ipa-3.0.0-24.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 902474
Environment:
Last Closed: 2013-02-21 04:32:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Scott Poore 2013-01-24 14:13:02 EST
+++ This bug was initially created as a clone of Bug #902474 +++

Description of problem:

When upgrading IPA from 2.2 (RHEL6.3) to 3.0 (from RHEL6.4 repos), I'm seeing certmonger errors:

  Updating   : ipa-server-3.0.0-22.el6.x86_64                                                                49/89 
certmonger failed to start tracking certificate: Command '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n auditSigningCert cert-pki-ca -c dogtag-ipa-renew-agent -B /usr/lib64/ipa/certmonger/stop_pkicad -C /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca" -P XXXXXXXX' returned non-zero exit status 1
certmonger failed to start tracking certificate: Command '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n ocspSigningCert cert-pki-ca -c dogtag-ipa-renew-agent -B /usr/lib64/ipa/certmonger/stop_pkicad -C /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca" -P XXXXXXXX' returned non-zero exit status 1
certmonger failed to start tracking certificate: Command '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n subsystemCert cert-pki-ca -c dogtag-ipa-renew-agent -B /usr/lib64/ipa/certmonger/stop_pkicad -C /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca" -P XXXXXXXX' returned non-zero exit status 1
certmonger failed to start tracking certificate: Command '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n Server-Cert cert-pki-ca -c dogtag-ipa-renew-agent -P XXXXXXXX' returned non-zero exit status 1
Unable to find certmonger request ID for auditSigning Cert
  Updating   : ipa-server-selinux-3.0.0-22.el6.x86_64                                                        50/89 

Before the update I pre-updated certmonger to be sure that the dogtag-ipa-renew-agent CA was there.

[root@rhel6-5 ~]# yum update certmonger
...
Updated:
  certmonger.x86_64 0:0.61-3.el6                                                                                   

Dependency Updated:
  libtalloc.x86_64 0:2.0.7-2.el6                          libtevent.x86_64 0:0.9.17-1.el6                         

Complete!

[root@rhel6-5 ~]# getcert list-cas
CA 'SelfSign':
	is-default: no
	ca-type: INTERNAL:SELF
	next-serial-number: 01
CA 'IPA':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/ipa-submit
CA 'certmaster':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/certmaster-submit
CA 'dogtag-ipa-renew-agent':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit


I also checked the state of some directories before the ipa-server update:

[root@rhel6-5 ~]# ls -ld /var/lib/pki-ca
drwxrwx---. 11 pkiuser pkiuser 4096 Jan 21 12:59 /var/lib/pki-ca

[root@rhel6-5 ~]# ls -ld /var/lib/pki-ca/alias/
drwxrwx---. 2 pkiuser pkiuser 4096 Jan 21 12:59 /var/lib/pki-ca/alias/

[root@rhel6-5 ~]# ls -ld /var/lib/pki-ca/alias
drwxrwx---. 2 pkiuser pkiuser 4096 Jan 21 12:59 /var/lib/pki-ca/alias

Yet, I see this in ipaupgrade.log:

2013-01-21T18:17:13Z DEBUG args=/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n auditSigningCert cert-p
ki-ca -c dogtag-ipa-renew-agent -B /usr/lib64/ipa/certmonger/stop_pkicad -C /usr/lib64/ipa/certmonger/renew_ca_cert
 "auditSigningCert cert-pki-ca" -P XXXXXXXX
2013-01-21T18:17:13Z DEBUG stdout=The location "/var/lib/pki-ca/alias" must be a directory.

2013-01-21T18:17:13Z DEBUG stderr=
2013-01-21T18:17:13Z ERROR certmonger failed to start tracking certificate: Command '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n auditSigningCert cert-pki-ca -c dogtag-ipa-renew-agent -B /usr/lib64/ipa/certmonger/stop_pkicad -C /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca" -P XXXXXXXX' returned non-zero exit status 1


Version-Release number of selected component (if applicable):
RHEL6.3 IPA 2.2 -> 3.0 upgrade:

ipa-server-3.0.0-22.el6.x86_64
certmonger-0.61-3.el6.x86_64


How reproducible:
always

Steps to Reproduce:
1.  Install IPA on RHEL6.3 server
2.  add RHEL6.4 repos
3.  yum -y update certmonger
4.  yum -y update ipa-server
  
Actual results:

shows error above.

Expected results:

no error.

Additional info:

--- Additional comment from RHEL Product and Program Management on 2013-01-21 14:03:39 EST ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Scott Poore on 2013-01-21 15:40:01 EST ---

running additional tests working with Rob on this:

1.  pre-update certmonger, restart messagebus, restart certmonger, update ipa-server:

failed with same error.

2.  pre-update certmonger and messagebus, restart messagebus, restart certmonger, update ipa-server:

failed with same error.

--- Additional comment from Rob Crittenden on 2013-01-21 17:06:56 EST ---

I notice that downgrading to certmonger-0.56-1 and running 'getcert list-cas' still lists dogtag-ipa-renew-agent as an available CA type even though its underlying provider file is gone.

I wasn't able to make this go away via various restarts of certmonger/messagebus.

--- Additional comment from Rob Crittenden on 2013-01-21 17:33:55 EST ---

Found it in a file in /var/lib/certmonger/cas

--- Additional comment from Rob Crittenden on 2013-01-21 18:36:40 EST ---

selinux-policy-3.7.19-193.el6.noarch

Looks like SELinux exceptions:

type=AVC msg=audit(1358810171.195:87): avc:  denied  { search } for  pid=9243 comm="certmonger" name="pki-ca" dev=dm-0 ino=5659 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1358810171.195:87): avc:  denied  { getattr } for  pid=9243 comm="certmonger" path="/var/lib/pki-ca/alias" dev=dm-0 ino=5660 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1358810171.201:88): avc:  denied  { getattr } for  pid=9793 comm="certmonger" path="/var/lib/pki-ca/alias/cert8.db" dev=dm-0 ino=5977 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=file
type=AVC msg=audit(1358810171.201:89): avc:  denied  { read } for  pid=9793 comm="certmonger" name="cert8.db" dev=dm-0 ino=5977 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=file
type=AVC msg=audit(1358810171.201:89): avc:  denied  { open } for  pid=9793 comm="certmonger" name="cert8.db" dev=dm-0 ino=5977 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=file
type=AVC msg=audit(1358810171.213:90): avc:  denied  { write } for  pid=9794 comm="certmonger" name="cert8.db" dev=dm-0 ino=5977 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=file

--- Additional comment from Scott Poore on 2013-01-21 18:44:07 EST ---

And I saw similar for a beaker test job:

----
time->Sun Jan 20 11:14:57 2013

type=SYSCALL msg=audit(1358698497.969:606): arch=c000003e syscall=4 success=no exit=-13 a0=2507660 a1=7fff722d10f0 a2=7fff722d10f0 a3=3011139180 items=0 ppid=1 pid=13659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="certmonger" exe=2F7573722F7362696E2F636572746D6F6E676572202864656C6574656429 subj=unconfined_u:system_r:certmonger_t:s0 key=(null)

type=AVC msg=audit(1358698497.969:606): avc:  denied  { search } for  pid=13659 comm="certmonger" name="pki-ca" dev=dm-0 ino=2624285 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=dir

----
time->Sun Jan 20 11:14:57 2013

type=SYSCALL msg=audit(1358698497.940:605): arch=c000003e syscall=4 success=no exit=-13 a0=2507660 a1=7fff722d10f0 a2=7fff722d10f0 a3=7fff722d0e70 items=0 ppid=1 pid=13659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="certmonger" exe=2F7573722F7362696E2F636572746D6F6E676572202864656C6574656429 subj=unconfined_u:system_r:certmonger_t:s0 key=(null)

type=AVC msg=audit(1358698497.940:605): avc:  denied  { search } for  pid=13659 comm="certmonger" name="pki-ca" dev=dm-0 ino=2624285 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=dir

----
time->Sun Jan 20 11:14:57 2013

type=SYSCALL msg=audit(1358698497.995:607): arch=c000003e syscall=4 success=no exit=-13 a0=2507660 a1=7fff722d10f0 a2=7fff722d10f0 a3=3011139180 items=0 ppid=1 pid=13659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="certmonger" exe=2F7573722F7362696E2F636572746D6F6E676572202864656C6574656429 subj=unconfined_u:system_r:certmonger_t:s0 key=(null)

type=AVC msg=audit(1358698497.995:607): avc:  denied  { search } for  pid=13659 comm="certmonger" name="pki-ca" dev=dm-0 ino=2624285 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=dir

----
time->Sun Jan 20 11:14:58 2013

type=SYSCALL msg=audit(1358698498.084:608): arch=c000003e syscall=4 success=no exit=-13 a0=2509680 a1=7fff722d10f0 a2=7fff722d10f0 a3=3011139180 items=0 ppid=1 pid=13659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="certmonger" exe=2F7573722F7362696E2F636572746D6F6E676572202864656C6574656429 subj=unconfined_u:system_r:certmonger_t:s0 key=(null)

type=AVC msg=audit(1358698498.084:608): avc:  denied  { search } for  pid=13659 comm="certmonger" name="pki-ca" dev=dm-0 ino=2624285 scontext=unconfined_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:pki_ca_var_lib_t:s0 tclass=dir

--- Additional comment from Miroslav Grepl on 2013-01-22 01:19:13 EST ---

We label it in Fedora as

# matchpathcon /var/lib/pki-ca/alias/cert8.d
/var/lib/pki-ca/alias/cert8.d	system_u:object_r:pki_tomcat_cert_t:s0

and call

optional_policy(`
    pki_rw_tomcat_cert(certmonger_t)
')

--- Additional comment from Matthew Harmsen on 2013-01-22 18:11:19 EST ---

alee checked the following into the 'IPA_v2_RHEL_6_ERRATA_BRANCH':

    * commit ca5fa67a0d0797d1f4c54bbd4d9db3661eaeb8c9
      Author: Ade Lee <alee@redhat.com>
      Date:   Tue Jan 22 11:15:16 2013 -0800

          Resolves #902474 - upgrading IPA from 2.2 to 3.0 sees certmonger errors

--- Additional comment from errata-xmlrpc on 2013-01-22 18:33:12 EST ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHSA-2012:13959-06
http://errata.devel.redhat.com/errata/show/13959

--- Additional comment from Scott Poore on 2013-01-23 15:56:21 EST ---

hmm...I no longer see the AVCs but, do still see the error messages when I do an initial upgade.  Because of how my tests work, I install, upgrade, uninstall/downgrade, and start over to test something else.  Well, on subsequent tests, I do not see the error.

So, testing to confirm if the certmonger errors are SELinux related, I 

1. rebuilt a VM to rhel6.3
2. install 2.2 version of IPA
3. pointed to 6.4 repos
4. setenforce 0
5. semodule -DB # disable don't audit rules to pick up more
6. yum -u update ipa-server

Then I see same errors as originally posted.

Will post logs too.

--- Additional comment from Scott Poore on 2013-01-23 15:58:45 EST ---

Created attachment 686265 [details]
audit log from ipa upgade after selinux set to permissive and disabling don't audit

--- Additional comment from Scott Poore on 2013-01-23 16:00:13 EST ---

Created attachment 686267 [details]
ipa upgrade log with certmonger failures

--- Additional comment from Scott Poore on 2013-01-23 16:53:18 EST ---

Ok, from fresh install:

[root@rhel6-2 ~]# rpm -q ipa-server
ipa-server-2.2.0-16.el6.x86_64


[root@rhel6-2 ~]# ipa-getcert list-cas
CA 'IPA':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/ipa-submit
[root@rhel6-2 ~]# getcert list-cas
CA 'SelfSign':
	is-default: no
	ca-type: INTERNAL:SELF
	next-serial-number: 01
CA 'IPA':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/ipa-submit
CA 'certmaster':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/certmaster-submit

add repos and the update just dbus and certmonger:

[root@rhel6-2 ~]# yum -y update dbus certmonger
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity

This machine has not been registered and therefore has
no access to security and other critical updates. Please
register using subscription-manager.

Repository 'rhel63-optional' is missing name in configuration, using id
beaker-client                                                                   | 1.3 kB     00:00     
beaker-client/primary                                                           | 7.2 kB     00:00     
beaker-client                                                                                    35/35
mytestrepo1                                                                     | 3.9 kB     00:00     
mytestrepo1/primary_db                                                          | 3.1 MB     00:02     
mytestrepo2                                                                     | 3.7 kB     00:00     
mytestrepo2/primary_db                                                          | 1.3 MB     00:01     
mytestrepo3                                                                     | 1.3 kB     00:00     
mytestrepo3/primary                                                             | 3.6 kB     00:00     
mytestrepo3                                                                                        7/7
mytestrepo4                                                                     | 1.3 kB     00:00     
mytestrepo4/primary                                                             | 4.3 kB     00:00     
mytestrepo4                                                                                      13/13
mytestrepo5                                                                     | 3.9 kB     00:00     
mytestrepo5/primary_db                                                          | 3.2 MB     00:02     
rhel63-optional                                                                 | 3.8 kB     00:00     
rhel63-optional/primary_db                                                      | 1.3 MB     00:01     
rhel63z                                                                         | 2.2 kB     00:00     
rhel63z/primary_db                                                              | 4.0 MB     00:03     
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package certmonger.x86_64 0:0.56-1.el6 will be updated
---> Package certmonger.x86_64 0:0.61-3.el6 will be an update
--> Processing Dependency: libtevent.so.0(TEVENT_0.9.9)(64bit) for package: certmonger-0.61-3.el6.x86_64
--> Processing Dependency: libtalloc.so.2(TALLOC_2.0.2)(64bit) for package: certmonger-0.61-3.el6.x86_64
--> Running transaction check
---> Package libtalloc.x86_64 0:2.0.1-1.1.el6 will be updated
---> Package libtalloc.x86_64 0:2.0.7-2.el6 will be an update
---> Package libtevent.x86_64 0:0.9.8-8.el6 will be updated
---> Package libtevent.x86_64 0:0.9.17-1.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package                 Arch                Version                    Repository                Size
=======================================================================================================
Updating:
 certmonger              x86_64              0.61-3.el6                 mytestrepo1              280 k
Updating for dependencies:
 libtalloc               x86_64              2.0.7-2.el6                mytestrepo1               20 k
 libtevent               x86_64              0.9.17-1.el6               mytestrepo1               24 k

Transaction Summary
=======================================================================================================
Upgrade       3 Package(s)

Total download size: 324 k
Downloading Packages:
(1/3): certmonger-0.61-3.el6.x86_64.rpm                                         | 280 kB     00:00     
(2/3): libtalloc-2.0.7-2.el6.x86_64.rpm                                         |  20 kB     00:00     
(3/3): libtevent-0.9.17-1.el6.x86_64.rpm                                        |  24 kB     00:00     
-------------------------------------------------------------------------------------------------------
Total                                                                  273 kB/s | 324 kB     00:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : libtalloc-2.0.7-2.el6.x86_64                                                        1/6 
  Updating   : libtevent-0.9.17-1.el6.x86_64                                                       2/6 
  Updating   : certmonger-0.61-3.el6.x86_64                                                        3/6 
  Cleanup    : certmonger-0.56-1.el6.x86_64                                                        4/6 
  Cleanup    : libtevent-0.9.8-8.el6.x86_64                                                        5/6 
  Cleanup    : libtalloc-2.0.1-1.1.el6.x86_64                                                      6/6 
mytestrepo1/productid                                                           | 1.7 kB     00:00     
mytestrepo5/productid                                                           | 1.7 kB     00:00     
Installed products updated.
  Verifying  : libtevent-0.9.17-1.el6.x86_64                                                       1/6 
  Verifying  : certmonger-0.61-3.el6.x86_64                                                        2/6 
  Verifying  : libtalloc-2.0.7-2.el6.x86_64                                                        3/6 
  Verifying  : certmonger-0.56-1.el6.x86_64                                                        4/6 
  Verifying  : libtalloc-2.0.1-1.1.el6.x86_64                                                      5/6 
  Verifying  : libtevent-0.9.8-8.el6.x86_64                                                        6/6 

Updated:
  certmonger.x86_64 0:0.61-3.el6                                                                       

Dependency Updated:
  libtalloc.x86_64 0:2.0.7-2.el6                    libtevent.x86_64 0:0.9.17-1.el6                   

Complete!
[root@rhel6-2 ~]# getcert list-cas
CA 'SelfSign':
	is-default: no
	ca-type: INTERNAL:SELF
	next-serial-number: 01
CA 'IPA':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/ipa-submit
CA 'certmaster':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/certmaster-submit
CA 'dogtag-ipa-renew-agent':
	is-default: no
	ca-type: EXTERNAL
	helper-location: /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit

[root@rhel6-2 ~]# rpm -q ipa-server
ipa-server-2.2.0-16.el6.x86_64

[root@rhel6-2 ~]# service messagebus restart
Stopping system message bus:                               [  OK  ]
Starting system message bus:                               [  OK  ]

[root@rhel6-2 ~]# service certmonger restart
Stopping certmonger:                                       [  OK  ]
Starting certmonger:                                       [  OK  ]

[root@rhel6-2 ~]# ls /var/lib/certmonger/cas/
20130107174444  20130107174445  20130107174445-1

[root@rhel6-2 ~]# cat /var/lib/certmonger/cas/*
id=SelfSign
ca_is_default=0
ca_type=INTERNAL:SELF
ca_internal_serial=01
id=IPA
ca_is_default=0
ca_type=EXTERNAL
ca_external_helper=/usr/libexec/certmonger/ipa-submit
id=certmaster
ca_is_default=0
ca_type=EXTERNAL
ca_external_helper=/usr/libexec/certmonger/certmaster-submit

SO...at this point, getcert listcas does show dogtag-ipa-renew-agent but, there doesn't appear to be a file for it in /var/lib/certmonger/cas.

Now, to note, if I upgrade, downgrade, upgade again, that file is left behind...I'm testing what happens if it's removed before initial install and before upgade.  will post update  when done

--- Additional comment from Scott Poore on 2013-01-23 17:12:50 EST ---

ok, I uninstalled/downgraded and cleaned up /var/lib/certmonger/cas/ by deleting the 4 files that matched the CAs.  Then I did install and finally upgrade.  Now I also see the errors I was seeing on initial install only.

Will test more before upgrade to see what's there and what can be done.

--- Additional comment from Scott Poore on 2013-01-23 17:41:04 EST ---

Ok, twice in a row now when I pre-update certmonger and dbus (like in comment #13), I no longer see that error.  Testing on a freshly installed server instead of re-running from reverted virsh snapshot to see if I see the same.

--- Additional comment from Scott Poore on 2013-01-23 22:07:40 EST ---

Ok, I've run tests several different times and so far, now it does look like I no longer see those errors is if upgrade certmonger and dbus first.
Comment 1 Scott Poore 2013-01-24 14:22:28 EST
Ok, running testing with pre-update with debugging:

yum --rpmverbosity=debug -y update certmonger

This showed certmonger's postun running service certmonger condrestart:

D:     erase: %postun(certmonger-0.56-1.el6.x86_64) scriptlet start
D:     erase: %postun(certmonger-0.56-1.el6.x86_64)	execv(/bin/sh) pid 2121
+ test 1 -gt 0
+ /sbin/service certmonger condrestart
+ exit 0

In the normal full ipa-server update, that was occuring AFTER ipa-server post ran ipa-upgradeconfig.  This caused the issue we saw with certmonger failures.  So when certmonger pre-updated, it worked.
Comment 4 Rob Crittenden 2013-01-24 16:13:21 EST
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3378
Comment 8 Scott Poore 2013-01-25 10:20:49 EST
Verified.

Version ::

ipa-server-2.2.0-16.el6.x86_64
upgrade to:
ipa-server-3.0.0-24.el6.x86_64

Manual Test Results ::

Below I do not see the certmonger errors I was seeing before.

[root@rhel6-2 yum.local.d]# rpm -q ipa-server
ipa-server-2.2.0-16.el6.x86_64

[root@rhel6-2 yum.local.d]# yum -y update ipa-server
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity

This machine has not been registered and therefore has
no access to security and other critical updates. Please
register using subscription-manager.

Repository 'rhel63-optional' is missing name in configuration, using id
beaker-client                                                                   | 1.3 kB     00:00     
beaker-client/primary                                                           | 7.2 kB     00:00     
beaker-client                                                                                    35/35
mylocal                                                                         | 2.9 kB     00:00 ... 
mylocal/primary_db                                                              |  11 kB     00:00 ... 
mytestrepo1                                                                     | 3.9 kB     00:00     
mytestrepo1/primary_db                                                          | 3.1 MB     00:02     
mytestrepo2                                                                     | 3.7 kB     00:00     
mytestrepo2/primary_db                                                          | 1.3 MB     00:01     
mytestrepo3                                                                     | 1.3 kB     00:00     
mytestrepo3/primary                                                             | 3.6 kB     00:00     
mytestrepo3                                                                                        7/7
mytestrepo4                                                                     | 1.3 kB     00:00     
mytestrepo4/primary                                                             | 4.3 kB     00:00     
mytestrepo4                                                                                      13/13
mytestrepo5                                                                     | 3.9 kB     00:00     
mytestrepo5/primary_db                                                          | 3.2 MB     00:02     
rhel63-optional                                                                 | 3.8 kB     00:00     
rhel63-optional/primary_db                                                      | 1.3 MB     00:01     
rhel63z                                                                         | 2.2 kB     00:00     
rhel63z/primary_db                                                              | 4.0 MB     00:03     
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package ipa-server.x86_64 0:2.2.0-16.el6 will be updated
--> Processing Dependency: ipa-server = 2.2.0-16.el6 for package: ipa-server-selinux-2.2.0-16.el6.x86_64
--> Processing Dependency: ipa-server = 2.2.0-16.el6 for package: ipa-server-selinux-2.2.0-16.el6.x86_64
---> Package ipa-server.x86_64 0:3.0.0-24.el6 will be an update
--> Processing Dependency: ipa-python = 3.0.0-24.el6 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: ipa-client = 3.0.0-24.el6 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: ipa-admintools = 3.0.0-24.el6 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: selinux-policy >= 3.7.19-193 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: selinux-policy >= 3.7.19-193 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: pki-silent >= 9.0.3-30 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: pki-setup >= 9.0.3-30 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: pki-ca >= 9.0.3-30 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: pki-ca >= 9.0.3-30 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: mod_nss >= 1.0.8-18 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: krb5-server >= 1.10 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: certmonger >= 0.61-3 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: 389-ds-base >= 1.2.11.14 for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libtalloc.so.2(TALLOC_2.0.2)(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libndr.so.0(NDR_0.0.1)(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libsamba-util.so.0()(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libndr.so.0()(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libndr-nbt.so.0()(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Processing Dependency: libndr-krb5pac.so.0()(64bit) for package: ipa-server-3.0.0-24.el6.x86_64
--> Running transaction check
---> Package 389-ds-base.x86_64 0:1.2.10.2-20.el6_3 will be updated
---> Package 389-ds-base.x86_64 0:1.2.11.15-10.el6 will be an update
--> Processing Dependency: 389-ds-base-libs = 1.2.11.15-10.el6 for package: 389-ds-base-1.2.11.15-10.el6.x86_64
--> Processing Dependency: perl-Socket6 for package: 389-ds-base-1.2.11.15-10.el6.x86_64
--> Processing Dependency: perl-NetAddr-IP for package: 389-ds-base-1.2.11.15-10.el6.x86_64
--> Processing Dependency: perl(NetAddr::IP::Util) for package: 389-ds-base-1.2.11.15-10.el6.x86_64
---> Package certmonger.x86_64 0:0.56-1.el6 will be updated
---> Package certmonger.x86_64 0:0.61-3.el6 will be an update
--> Processing Dependency: libtevent.so.0(TEVENT_0.9.9)(64bit) for package: certmonger-0.61-3.el6.x86_64
---> Package ipa-admintools.x86_64 0:2.2.0-16.el6 will be updated
---> Package ipa-admintools.x86_64 0:3.0.0-24.el6 will be an update
---> Package ipa-client.x86_64 0:2.2.0-16.el6 will be updated
---> Package ipa-client.x86_64 0:3.0.0-24.el6 will be an update
--> Processing Dependency: sssd >= 1.9.2-25 for package: ipa-client-3.0.0-24.el6.x86_64
--> Processing Dependency: libsss_autofs for package: ipa-client-3.0.0-24.el6.x86_64
---> Package ipa-python.x86_64 0:2.2.0-16.el6 will be updated
---> Package ipa-python.x86_64 0:3.0.0-24.el6 will be an update
---> Package ipa-server-selinux.x86_64 0:2.2.0-16.el6 will be updated
---> Package ipa-server-selinux.x86_64 0:3.0.0-24.el6 will be an update
---> Package krb5-server.x86_64 0:1.9-33.el6_3.3 will be updated
---> Package krb5-server.x86_64 0:1.10.3-10.el6 will be an update
beaker-client/filelists                                                         | 8.9 kB     00:00     
mylocal/filelists_db                                                            |  11 kB     00:00 ... 
mytestrepo1/filelists_db                                                        | 3.7 MB     00:02     
mytestrepo2/filelists_db                                                        | 2.0 MB     00:01     
mytestrepo3/filelists                                                           | 6.4 kB     00:00     
mytestrepo4/filelists                                                           |  16 kB     00:00     
mytestrepo5/filelists_db                                                        | 3.8 MB     00:06     
rhel63-optional/filelists_db                                                    | 2.0 MB     00:01     
rhel63z/filelists_db                                                            | 7.3 MB     00:04     
--> Processing Dependency: krb5-libs = 1.10.3-10.el6 for package: krb5-server-1.10.3-10.el6.x86_64
--> Processing Dependency: libverto.so.0(verto_0_MIT)(64bit) for package: krb5-server-1.10.3-10.el6.x86_64
--> Processing Dependency: libverto-k5ev.so.0(verto_k5ev_0_MIT)(64bit) for package: krb5-server-1.10.3-10.el6.x86_64
--> Processing Dependency: libkdb5.so.6(kdb5_6_MIT)(64bit) for package: krb5-server-1.10.3-10.el6.x86_64
--> Processing Dependency: libverto.so.0()(64bit) for package: krb5-server-1.10.3-10.el6.x86_64
--> Processing Dependency: libverto-k5ev.so.0()(64bit) for package: krb5-server-1.10.3-10.el6.x86_64
--> Processing Dependency: libkdb5.so.6()(64bit) for package: krb5-server-1.10.3-10.el6.x86_64
---> Package libtalloc.x86_64 0:2.0.1-1.1.el6 will be updated
---> Package libtalloc.x86_64 0:2.0.7-2.el6 will be an update
---> Package mod_nss.x86_64 0:1.0.8-15.el6 will be updated
---> Package mod_nss.x86_64 0:1.0.8-18.el6 will be an update
--> Processing Dependency: nss >= 3.14.0.0 for package: mod_nss-1.0.8-18.el6.x86_64
--> Processing Dependency: httpd >= 2.2.15-24 for package: mod_nss-1.0.8-18.el6.x86_64
--> Processing Dependency: libssl3.so(NSS_3.14)(64bit) for package: mod_nss-1.0.8-18.el6.x86_64
---> Package pki-ca.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-ca.noarch 0:9.0.3-30.el6 will be an update
--> Processing Dependency: pki-selinux = 9.0.3-30.el6 for package: pki-ca-9.0.3-30.el6.noarch
--> Processing Dependency: pki-common = 9.0.3-30.el6 for package: pki-ca-9.0.3-30.el6.noarch
---> Package pki-setup.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-setup.noarch 0:9.0.3-30.el6 will be an update
---> Package pki-silent.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-silent.noarch 0:9.0.3-30.el6 will be an update
---> Package samba4-libs.x86_64 0:4.0.0-53.el6.rc4 will be installed
--> Processing Dependency: libtdb.so.1(TDB_1.2.2)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libtdb.so.1(TDB_1.2.1)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.1)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.23)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.15)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.10)(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libpytalloc-util.so.2()(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
--> Processing Dependency: libldb.so.1()(64bit) for package: samba4-libs-4.0.0-53.el6.rc4.x86_64
---> Package selinux-policy.noarch 0:3.7.19-155.el6_3.13 will be updated
--> Processing Dependency: selinux-policy = 3.7.19-155.el6_3.13 for package: selinux-policy-targeted-3.7.19-155.el6_3.13.noarch
--> Processing Dependency: selinux-policy = 3.7.19-155.el6_3.13 for package: selinux-policy-targeted-3.7.19-155.el6_3.13.noarch
---> Package selinux-policy.noarch 0:3.7.19-194.el6 will be an update
--> Running transaction check
---> Package 389-ds-base-libs.x86_64 0:1.2.10.2-20.el6_3 will be updated
---> Package 389-ds-base-libs.x86_64 0:1.2.11.15-10.el6 will be an update
---> Package httpd.x86_64 0:2.2.15-15.el6_2.1 will be updated
---> Package httpd.x86_64 0:2.2.15-26.el6 will be an update
--> Processing Dependency: httpd-tools = 2.2.15-26.el6 for package: httpd-2.2.15-26.el6.x86_64
---> Package krb5-libs.x86_64 0:1.9-33.el6_3.3 will be updated
--> Processing Dependency: libkdb5.so.5()(64bit) for package: krb5-workstation-1.9-33.el6_3.3.x86_64
--> Processing Dependency: libkdb5.so.5(kdb5_5_MIT)(64bit) for package: krb5-workstation-1.9-33.el6_3.3.x86_64
--> Processing Dependency: krb5-libs = 1.9-33.el6_3.3 for package: krb5-pkinit-openssl-1.9-33.el6_3.3.x86_64
--> Processing Dependency: krb5-libs = 1.9-33.el6_3.3 for package: krb5-workstation-1.9-33.el6_3.3.x86_64
---> Package krb5-libs.x86_64 0:1.10.3-10.el6 will be an update
---> Package libldb.x86_64 0:0.9.10-23.el6 will be updated
---> Package libldb.x86_64 0:1.1.13-3.el6 will be an update
---> Package libsss_autofs.x86_64 0:1.9.2-74.el6 will be installed
---> Package libtdb.x86_64 0:1.2.1-3.el6 will be updated
---> Package libtdb.x86_64 0:1.2.10-1.el6 will be an update
---> Package libtevent.x86_64 0:0.9.8-8.el6 will be updated
---> Package libtevent.x86_64 0:0.9.17-1.el6 will be an update
---> Package nss.x86_64 0:3.13.5-1.el6_3 will be updated
--> Processing Dependency: nss = 3.13.5-1.el6_3 for package: nss-sysinit-3.13.5-1.el6_3.x86_64
--> Processing Dependency: nss = 3.13.5-1.el6_3 for package: nss-tools-3.13.5-1.el6_3.x86_64
---> Package nss.x86_64 0:3.14.0.0-12.el6 will be an update
--> Processing Dependency: nss-util >= 3.14.0.0 for package: nss-3.14.0.0-12.el6.x86_64
--> Processing Dependency: nspr >= 4.9.2 for package: nss-3.14.0.0-12.el6.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.14)(64bit) for package: nss-3.14.0.0-12.el6.x86_64
---> Package perl-NetAddr-IP.x86_64 0:4.027-7.el6 will be installed
---> Package perl-Socket6.x86_64 0:0.23-3.el6 will be installed
---> Package pki-common.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-common.noarch 0:9.0.3-30.el6 will be an update
--> Processing Dependency: pki-symkey = 9.0.3-30.el6 for package: pki-common-9.0.3-30.el6.noarch
--> Processing Dependency: pki-java-tools = 9.0.3-30.el6 for package: pki-common-9.0.3-30.el6.noarch
---> Package pki-selinux.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-selinux.noarch 0:9.0.3-30.el6 will be an update
---> Package pytalloc.x86_64 0:2.0.7-2.el6 will be installed
---> Package selinux-policy-targeted.noarch 0:3.7.19-155.el6_3.13 will be updated
---> Package selinux-policy-targeted.noarch 0:3.7.19-194.el6 will be an update
---> Package sssd.x86_64 0:1.8.0-32.el6 will be updated
---> Package sssd.x86_64 0:1.9.2-74.el6 will be an update
--> Processing Dependency: sssd-client(x86-64) = 1.9.2-74.el6 for package: sssd-1.9.2-74.el6.x86_64
--> Processing Dependency: libsss_idmap(x86-64) = 1.9.2-74.el6 for package: sssd-1.9.2-74.el6.x86_64
--> Processing Dependency: libipa_hbac(x86-64) = 1.9.2-74.el6 for package: sssd-1.9.2-74.el6.x86_64
--> Processing Dependency: libsss_idmap.so.0()(64bit) for package: sssd-1.9.2-74.el6.x86_64
--> Running transaction check
---> Package httpd-tools.x86_64 0:2.2.15-15.el6_2.1 will be updated
---> Package httpd-tools.x86_64 0:2.2.15-26.el6 will be an update
---> Package krb5-pkinit-openssl.x86_64 0:1.9-33.el6_3.3 will be obsoleted
---> Package krb5-pkinit-openssl.x86_64 0:1.9-33.el6_3.3 will be updated
---> Package krb5-pkinit-openssl.x86_64 0:1.10.3-10.el6 will be obsoleting
---> Package krb5-workstation.x86_64 0:1.9-33.el6_3.3 will be updated
---> Package krb5-workstation.x86_64 0:1.10.3-10.el6 will be an update
---> Package libipa_hbac.x86_64 0:1.8.0-32.el6 will be updated
--> Processing Dependency: libipa_hbac = 1.8.0-32.el6 for package: libipa_hbac-python-1.8.0-32.el6.x86_64
---> Package libipa_hbac.x86_64 0:1.9.2-74.el6 will be an update
---> Package libsss_idmap.x86_64 0:1.9.2-74.el6 will be installed
---> Package nspr.x86_64 0:4.9.1-2.el6_3 will be updated
---> Package nspr.x86_64 0:4.9.2-1.el6 will be an update
---> Package nss-sysinit.x86_64 0:3.13.5-1.el6_3 will be updated
---> Package nss-sysinit.x86_64 0:3.14.0.0-12.el6 will be an update
---> Package nss-tools.x86_64 0:3.13.5-1.el6_3 will be updated
---> Package nss-tools.x86_64 0:3.14.0.0-12.el6 will be an update
---> Package nss-util.x86_64 0:3.13.5-1.el6_3 will be updated
---> Package nss-util.x86_64 0:3.14.0.0-2.el6 will be an update
---> Package pki-java-tools.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-java-tools.noarch 0:9.0.3-30.el6 will be an update
--> Processing Dependency: pki-util = 9.0.3-30.el6 for package: pki-java-tools-9.0.3-30.el6.noarch
--> Processing Dependency: pki-native-tools = 9.0.3-30.el6 for package: pki-java-tools-9.0.3-30.el6.noarch
---> Package pki-symkey.x86_64 0:9.0.3-24.el6 will be updated
---> Package pki-symkey.x86_64 0:9.0.3-30.el6 will be an update
---> Package sssd-client.x86_64 0:1.8.0-32.el6 will be updated
---> Package sssd-client.x86_64 0:1.9.2-74.el6 will be an update
--> Running transaction check
---> Package libipa_hbac-python.x86_64 0:1.8.0-32.el6 will be updated
---> Package libipa_hbac-python.x86_64 0:1.9.2-74.el6 will be an update
---> Package pki-native-tools.x86_64 0:9.0.3-24.el6 will be updated
---> Package pki-native-tools.x86_64 0:9.0.3-30.el6 will be an update
---> Package pki-util.noarch 0:9.0.3-24.el6 will be updated
---> Package pki-util.noarch 0:9.0.3-30.el6 will be an update
--> Processing Conflict: ipa-server-3.0.0-24.el6.x86_64 conflicts bind-dyndb-ldap < 2.3-2
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package bind-dyndb-ldap.x86_64 0:1.1.0-0.9.b1.el6_3.1 will be updated
---> Package bind-dyndb-ldap.x86_64 0:2.3-2.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package                          Arch            Version                   Repository            Size
=======================================================================================================
Installing:
 krb5-pkinit-openssl              x86_64          1.10.3-10.el6             mytestrepo1          117 k
     replacing  krb5-pkinit-openssl.x86_64 1.9-33.el6_3.3
Updating:
 bind-dyndb-ldap                  x86_64          2.3-2.el6                 mytestrepo1           68 k
 ipa-server                       x86_64          3.0.0-24.el6              mylocal              1.1 M
Installing for dependencies:
 libsss_autofs                    x86_64          1.9.2-74.el6              mytestrepo1           81 k
 libsss_idmap                     x86_64          1.9.2-74.el6              mytestrepo1           80 k
 perl-NetAddr-IP                  x86_64          4.027-7.el6               mytestrepo1           96 k
 perl-Socket6                     x86_64          0.23-3.el6                mytestrepo1           23 k
 pytalloc                         x86_64          2.0.7-2.el6               mytestrepo1          9.5 k
 samba4-libs                      x86_64          4.0.0-53.el6.rc4          mytestrepo1          4.0 M
Updating for dependencies:
 389-ds-base                      x86_64          1.2.11.15-10.el6          mytestrepo1          1.5 M
 389-ds-base-libs                 x86_64          1.2.11.15-10.el6          mytestrepo1          390 k
 certmonger                       x86_64          0.61-3.el6                mytestrepo1          280 k
 httpd                            x86_64          2.2.15-26.el6             mytestrepo1          821 k
 httpd-tools                      x86_64          2.2.15-26.el6             mytestrepo1           72 k
 ipa-admintools                   x86_64          3.0.0-24.el6              mylocal               61 k
 ipa-client                       x86_64          3.0.0-24.el6              mylocal              137 k
 ipa-python                       x86_64          3.0.0-24.el6              mylocal              918 k
 ipa-server-selinux               x86_64          3.0.0-24.el6              mylocal               60 k
 krb5-libs                        x86_64          1.10.3-10.el6             mytestrepo1          760 k
 krb5-server                      x86_64          1.10.3-10.el6             mytestrepo1          2.0 M
 krb5-workstation                 x86_64          1.10.3-10.el6             mytestrepo1          804 k
 libipa_hbac                      x86_64          1.9.2-74.el6              mytestrepo1           78 k
 libipa_hbac-python               x86_64          1.9.2-74.el6              mytestrepo1           72 k
 libldb                           x86_64          1.1.13-3.el6              mytestrepo1          111 k
 libtalloc                        x86_64          2.0.7-2.el6               mytestrepo1           20 k
 libtdb                           x86_64          1.2.10-1.el6              mytestrepo1           33 k
 libtevent                        x86_64          0.9.17-1.el6              mytestrepo1           24 k
 mod_nss                          x86_64          1.0.8-18.el6              mytestrepo1           86 k
 nspr                             x86_64          4.9.2-1.el6               mytestrepo1          111 k
 nss                              x86_64          3.14.0.0-12.el6           mytestrepo1          770 k
 nss-sysinit                      x86_64          3.14.0.0-12.el6           mytestrepo1           34 k
 nss-tools                        x86_64          3.14.0.0-12.el6           mytestrepo1          735 k
 nss-util                         x86_64          3.14.0.0-2.el6            mytestrepo1           62 k
 pki-ca                           noarch          9.0.3-30.el6              mytestrepo4          204 k
 pki-common                       noarch          9.0.3-30.el6              mytestrepo4          2.3 M
 pki-java-tools                   noarch          9.0.3-30.el6              mytestrepo4          123 k
 pki-native-tools                 x86_64          9.0.3-30.el6              mytestrepo4          121 k
 pki-selinux                      noarch          9.0.3-30.el6              mytestrepo4           61 k
 pki-setup                        noarch          9.0.3-30.el6              mytestrepo4           80 k
 pki-silent                       noarch          9.0.3-30.el6              mytestrepo4          265 k
 pki-symkey                       x86_64          9.0.3-30.el6              mytestrepo4           55 k
 pki-util                         noarch          9.0.3-30.el6              mytestrepo4          492 k
 selinux-policy                   noarch          3.7.19-194.el6            mytestrepo1          1.7 M
 selinux-policy-targeted          noarch          3.7.19-194.el6            mytestrepo1          2.8 M
 sssd                             x86_64          1.9.2-74.el6              mytestrepo1          3.6 M
 sssd-client                      x86_64          1.9.2-74.el6              mytestrepo1          117 k

Transaction Summary
=======================================================================================================
Install       7 Package(s)
Upgrade      39 Package(s)

Total download size: 27 M
Downloading Packages:
(1/46): 389-ds-base-1.2.11.15-10.el6.x86_64.rpm                                 | 1.5 MB     00:01     
(2/46): 389-ds-base-libs-1.2.11.15-10.el6.x86_64.rpm                            | 390 kB     00:00     
(3/46): bind-dyndb-ldap-2.3-2.el6.x86_64.rpm                                    |  68 kB     00:00     
(4/46): certmonger-0.61-3.el6.x86_64.rpm                                        | 280 kB     00:00     
(5/46): httpd-2.2.15-26.el6.x86_64.rpm                                          | 821 kB     00:00     
(6/46): httpd-tools-2.2.15-26.el6.x86_64.rpm                                    |  72 kB     00:00     
(12/46): krb5-libs-1.10.3-10.el6.x86_64.rpm                                     | 760 kB     00:00     
(13/46): krb5-pkinit-openssl-1.10.3-10.el6.x86_64.rpm                           | 117 kB     00:00     
(14/46): krb5-server-1.10.3-10.el6.x86_64.rpm                                   | 2.0 MB     00:01     
(15/46): krb5-workstation-1.10.3-10.el6.x86_64.rpm                              | 804 kB     00:00     
(16/46): libipa_hbac-1.9.2-74.el6.x86_64.rpm                                    |  78 kB     00:00     
(17/46): libipa_hbac-python-1.9.2-74.el6.x86_64.rpm                             |  72 kB     00:00     
(18/46): libldb-1.1.13-3.el6.x86_64.rpm                                         | 111 kB     00:00     
(19/46): libsss_autofs-1.9.2-74.el6.x86_64.rpm                                  |  81 kB     00:00     
(20/46): libsss_idmap-1.9.2-74.el6.x86_64.rpm                                   |  80 kB     00:00     
(21/46): libtalloc-2.0.7-2.el6.x86_64.rpm                                       |  20 kB     00:00     
(22/46): libtdb-1.2.10-1.el6.x86_64.rpm                                         |  33 kB     00:00     
(23/46): libtevent-0.9.17-1.el6.x86_64.rpm                                      |  24 kB     00:00     
(24/46): mod_nss-1.0.8-18.el6.x86_64.rpm                                        |  86 kB     00:00     
(25/46): nspr-4.9.2-1.el6.x86_64.rpm                                            | 111 kB     00:00     
(26/46): nss-3.14.0.0-12.el6.x86_64.rpm                                         | 770 kB     00:00     
(27/46): nss-sysinit-3.14.0.0-12.el6.x86_64.rpm                                 |  34 kB     00:00     
(28/46): nss-tools-3.14.0.0-12.el6.x86_64.rpm                                   | 735 kB     00:00     
(29/46): nss-util-3.14.0.0-2.el6.x86_64.rpm                                     |  62 kB     00:00     
(30/46): perl-NetAddr-IP-4.027-7.el6.x86_64.rpm                                 |  96 kB     00:00     
(31/46): perl-Socket6-0.23-3.el6.x86_64.rpm                                     |  23 kB     00:00     
(32/46): pki-ca-9.0.3-30.el6.noarch.rpm                                         | 204 kB     00:02     
(33/46): pki-common-9.0.3-30.el6.noarch.rpm                                     | 2.3 MB     00:04     
(34/46): pki-java-tools-9.0.3-30.el6.noarch.rpm                                 | 123 kB     00:01     
(35/46): pki-native-tools-9.0.3-30.el6.x86_64.rpm                               | 121 kB     00:01     
(36/46): pki-selinux-9.0.3-30.el6.noarch.rpm                                    |  61 kB     00:00     
(37/46): pki-setup-9.0.3-30.el6.noarch.rpm                                      |  80 kB     00:01     
(38/46): pki-silent-9.0.3-30.el6.noarch.rpm                                     | 265 kB     00:02     
(39/46): pki-symkey-9.0.3-30.el6.x86_64.rpm                                     |  55 kB     00:04     
(40/46): pki-util-9.0.3-30.el6.noarch.rpm                                       | 492 kB     00:04     
(41/46): pytalloc-2.0.7-2.el6.x86_64.rpm                                        | 9.5 kB     00:00     
(42/46): samba4-libs-4.0.0-53.el6.rc4.x86_64.rpm                                | 4.0 MB     00:05     
(43/46): selinux-policy-3.7.19-194.el6.noarch.rpm                               | 1.7 MB     00:01     
(44/46): selinux-policy-targeted-3.7.19-194.el6.noarch.rpm                      | 2.8 MB     00:01     
(45/46): sssd-1.9.2-74.el6.x86_64.rpm                                           | 3.6 MB     00:02     
(46/46): sssd-client-1.9.2-74.el6.x86_64.rpm                                    | 117 kB     00:00     
-------------------------------------------------------------------------------------------------------
Total                                                                  456 kB/s |  27 MB     01:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : krb5-libs-1.10.3-10.el6.x86_64                                                     1/86 
  Updating   : nspr-4.9.2-1.el6.x86_64                                                            2/86 
  Updating   : nss-util-3.14.0.0-2.el6.x86_64                                                     3/86 
  Updating   : nss-sysinit-3.14.0.0-12.el6.x86_64                                                 4/86 
  Updating   : nss-3.14.0.0-12.el6.x86_64                                                         5/86 
  Updating   : libtalloc-2.0.7-2.el6.x86_64                                                       6/86 
  Updating   : libtevent-0.9.17-1.el6.x86_64                                                      7/86 
  Updating   : nss-tools-3.14.0.0-12.el6.x86_64                                                   8/86 
  Updating   : libtdb-1.2.10-1.el6.x86_64                                                         9/86 
  Updating   : libldb-1.1.13-3.el6.x86_64                                                        10/86 
  Updating   : certmonger-0.61-3.el6.x86_64                                                      11/86 
  Updating   : libipa_hbac-1.9.2-74.el6.x86_64                                                   12/86 
  Updating   : pki-setup-9.0.3-30.el6.noarch                                                     13/86 
  Updating   : selinux-policy-3.7.19-194.el6.noarch                                              14/86 
  Updating   : selinux-policy-targeted-3.7.19-194.el6.noarch                                     15/86 
  Updating   : pki-selinux-9.0.3-30.el6.noarch                                                   16/86 
  Updating   : libipa_hbac-python-1.9.2-74.el6.x86_64                                            17/86 
  Updating   : ipa-python-3.0.0-24.el6.x86_64                                                    18/86 
  Updating   : pki-native-tools-9.0.3-30.el6.x86_64                                              19/86 
  Installing : pytalloc-2.0.7-2.el6.x86_64                                                       20/86 
  Installing : samba4-libs-4.0.0-53.el6.rc4.x86_64                                               21/86 
  Updating   : 389-ds-base-libs-1.2.11.15-10.el6.x86_64                                          22/86 
  Updating   : pki-symkey-9.0.3-30.el6.x86_64                                                    23/86 
  Updating   : sssd-client-1.9.2-74.el6.x86_64                                                   24/86 
  Updating   : krb5-workstation-1.10.3-10.el6.x86_64                                             25/86 
  Updating   : krb5-server-1.10.3-10.el6.x86_64                                                  26/86 
  Updating   : httpd-tools-2.2.15-26.el6.x86_64                                                  27/86 
  Updating   : httpd-2.2.15-26.el6.x86_64                                                        28/86 
  Updating   : mod_nss-1.0.8-18.el6.x86_64                                                       29/86 
warning: /etc/httpd/conf.d/nss.conf created as /etc/httpd/conf.d/nss.conf.rpmnew
  Installing : libsss_autofs-1.9.2-74.el6.x86_64                                                 30/86 
  Installing : perl-NetAddr-IP-4.027-7.el6.x86_64                                                31/86 
  Installing : libsss_idmap-1.9.2-74.el6.x86_64                                                  32/86 
  Updating   : sssd-1.9.2-74.el6.x86_64                                                          33/86 
  Updating   : ipa-client-3.0.0-24.el6.x86_64                                                    34/86 
  Updating   : ipa-admintools-3.0.0-24.el6.x86_64                                                35/86 
  Updating   : pki-util-9.0.3-30.el6.noarch                                                      36/86 
  Updating   : pki-java-tools-9.0.3-30.el6.noarch                                                37/86 
  Updating   : pki-common-9.0.3-30.el6.noarch                                                    38/86 
  Updating   : pki-ca-9.0.3-30.el6.noarch                                                        39/86 
  Updating   : pki-silent-9.0.3-30.el6.noarch                                                    40/86 
  Installing : perl-Socket6-0.23-3.el6.x86_64                                                    41/86 
  Updating   : 389-ds-base-1.2.11.15-10.el6.x86_64                                               42/86 
  Updating   : ipa-server-3.0.0-24.el6.x86_64                                                    43/86 
  Updating   : ipa-server-selinux-3.0.0-24.el6.x86_64                                            44/86 
  Updating   : bind-dyndb-ldap-2.3-2.el6.x86_64                                                  45/86 
  Installing : krb5-pkinit-openssl-1.10.3-10.el6.x86_64                                          46/86 
  Cleanup    : ipa-server-selinux-2.2.0-16.el6.x86_64                                            47/86 
  Cleanup    : ipa-server-2.2.0-16.el6.x86_64                                                    48/86 
  Cleanup    : ipa-admintools-2.2.0-16.el6.x86_64                                                49/86 
  Cleanup    : pki-ca-9.0.3-24.el6.noarch                                                        50/86 
  Cleanup    : pki-selinux-9.0.3-24.el6.noarch                                                   51/86 
  Cleanup    : selinux-policy-targeted-3.7.19-155.el6_3.13.noarch                                52/86 
  Cleanup    : pki-silent-9.0.3-24.el6.noarch                                                    53/86 
  Cleanup    : 389-ds-base-1.2.10.2-20.el6_3.x86_64                                              54/86 
  Cleanup    : mod_nss-1.0.8-15.el6.x86_64                                                       55/86 
  Cleanup    : ipa-client-2.2.0-16.el6.x86_64                                                    56/86 
  Cleanup    : pki-common-9.0.3-24.el6.noarch                                                    57/86 
  Cleanup    : sssd-1.8.0-32.el6.x86_64                                                          58/86 
  Cleanup    : certmonger-0.56-1.el6.x86_64                                                      59/86 
  Cleanup    : pki-symkey-9.0.3-24.el6.x86_64                                                    60/86 
  Cleanup    : 389-ds-base-libs-1.2.10.2-20.el6_3.x86_64                                         61/86 
  Cleanup    : pki-java-tools-9.0.3-24.el6.noarch                                                62/86 
  Cleanup    : pki-native-tools-9.0.3-24.el6.x86_64                                              63/86 
  Cleanup    : nss-tools-3.13.5-1.el6_3.x86_64                                                   64/86 
  Cleanup    : nss-sysinit-3.13.5-1.el6_3.x86_64                                                 65/86 
  Cleanup    : nss-3.13.5-1.el6_3.x86_64                                                         66/86 
  Cleanup    : libldb-0.9.10-23.el6.x86_64                                                       67/86 
  Cleanup    : libtevent-0.9.8-8.el6.x86_64                                                      68/86 
  Cleanup    : nss-util-3.13.5-1.el6_3.x86_64                                                    69/86 
  Cleanup    : ipa-python-2.2.0-16.el6.x86_64                                                    70/86 
  Cleanup    : libipa_hbac-python-1.8.0-32.el6.x86_64                                            71/86 
  Cleanup    : krb5-workstation-1.9-33.el6_3.3.x86_64                                            72/86 
  Cleanup    : httpd-2.2.15-15.el6_2.1.x86_64                                                    73/86 
  Cleanup    : krb5-pkinit-openssl-1.9-33.el6_3.3.x86_64                                         74/86 
  Cleanup    : krb5-server-1.9-33.el6_3.3.x86_64                                                 75/86 
  Cleanup    : pki-util-9.0.3-24.el6.noarch                                                      76/86 
  Cleanup    : pki-setup-9.0.3-24.el6.noarch                                                     77/86 
  Cleanup    : selinux-policy-3.7.19-155.el6_3.13.noarch                                         78/86 
  Cleanup    : krb5-libs-1.9-33.el6_3.3.x86_64                                                   79/86 
  Cleanup    : httpd-tools-2.2.15-15.el6_2.1.x86_64                                              80/86 
  Cleanup    : libipa_hbac-1.8.0-32.el6.x86_64                                                   81/86 
  Cleanup    : nspr-4.9.1-2.el6_3.x86_64                                                         82/86 
  Cleanup    : libtalloc-2.0.1-1.1.el6.x86_64                                                    83/86 
  Cleanup    : libtdb-1.2.1-3.el6.x86_64                                                         84/86 
  Cleanup    : sssd-client-1.8.0-32.el6.x86_64                                                   85/86 
  Cleanup    : bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64                                       86/86 
Installed products updated.
  Verifying  : pki-common-9.0.3-30.el6.noarch                                                     1/86 
  Verifying  : libipa_hbac-python-1.9.2-74.el6.x86_64                                             2/86 
  Verifying  : ipa-server-3.0.0-24.el6.x86_64                                                     3/86 
  Verifying  : nss-3.14.0.0-12.el6.x86_64                                                         4/86 
  Verifying  : ipa-server-selinux-3.0.0-24.el6.x86_64                                             5/86 
  Verifying  : 389-ds-base-libs-1.2.11.15-10.el6.x86_64                                           6/86 
  Verifying  : perl-Socket6-0.23-3.el6.x86_64                                                     7/86 
  Verifying  : pki-java-tools-9.0.3-30.el6.noarch                                                 8/86 
  Verifying  : ipa-admintools-3.0.0-24.el6.x86_64                                                 9/86 
  Verifying  : pytalloc-2.0.7-2.el6.x86_64                                                       10/86 
  Verifying  : nss-tools-3.14.0.0-12.el6.x86_64                                                  11/86 
  Verifying  : pki-util-9.0.3-30.el6.noarch                                                      12/86 
  Verifying  : selinux-policy-3.7.19-194.el6.noarch                                              13/86 
  Verifying  : sssd-client-1.9.2-74.el6.x86_64                                                   14/86 
  Verifying  : ipa-client-3.0.0-24.el6.x86_64                                                    15/86 
  Verifying  : nss-sysinit-3.14.0.0-12.el6.x86_64                                                16/86 
  Verifying  : ipa-python-3.0.0-24.el6.x86_64                                                    17/86 
  Verifying  : bind-dyndb-ldap-2.3-2.el6.x86_64                                                  18/86 
  Verifying  : nss-util-3.14.0.0-2.el6.x86_64                                                    19/86 
  Verifying  : pki-setup-9.0.3-30.el6.noarch                                                     20/86 
  Verifying  : httpd-2.2.15-26.el6.x86_64                                                        21/86 
  Verifying  : krb5-workstation-1.10.3-10.el6.x86_64                                             22/86 
  Verifying  : libipa_hbac-1.9.2-74.el6.x86_64                                                   23/86 
  Verifying  : 389-ds-base-1.2.11.15-10.el6.x86_64                                               24/86 
  Verifying  : pki-symkey-9.0.3-30.el6.x86_64                                                    25/86 
  Verifying  : libtalloc-2.0.7-2.el6.x86_64                                                      26/86 
  Verifying  : libldb-1.1.13-3.el6.x86_64                                                        27/86 
  Verifying  : libtevent-0.9.17-1.el6.x86_64                                                     28/86 
  Verifying  : krb5-server-1.10.3-10.el6.x86_64                                                  29/86 
  Verifying  : libsss_idmap-1.9.2-74.el6.x86_64                                                  30/86 
  Verifying  : selinux-policy-targeted-3.7.19-194.el6.noarch                                     31/86 
  Verifying  : libtdb-1.2.10-1.el6.x86_64                                                        32/86 
  Verifying  : perl-NetAddr-IP-4.027-7.el6.x86_64                                                33/86 
  Verifying  : mod_nss-1.0.8-18.el6.x86_64                                                       34/86 
  Verifying  : libsss_autofs-1.9.2-74.el6.x86_64                                                 35/86 
  Verifying  : certmonger-0.61-3.el6.x86_64                                                      36/86 
  Verifying  : krb5-pkinit-openssl-1.10.3-10.el6.x86_64                                          37/86 
  Verifying  : pki-ca-9.0.3-30.el6.noarch                                                        38/86 
  Verifying  : pki-silent-9.0.3-30.el6.noarch                                                    39/86 
  Verifying  : krb5-libs-1.10.3-10.el6.x86_64                                                    40/86 
  Verifying  : httpd-tools-2.2.15-26.el6.x86_64                                                  41/86 
  Verifying  : nspr-4.9.2-1.el6.x86_64                                                           42/86 
  Verifying  : pki-selinux-9.0.3-30.el6.noarch                                                   43/86 
  Verifying  : samba4-libs-4.0.0-53.el6.rc4.x86_64                                               44/86 
  Verifying  : sssd-1.9.2-74.el6.x86_64                                                          45/86 
  Verifying  : pki-native-tools-9.0.3-30.el6.x86_64                                              46/86 
  Verifying  : selinux-policy-targeted-3.7.19-155.el6_3.13.noarch                                47/86 
  Verifying  : libipa_hbac-python-1.8.0-32.el6.x86_64                                            48/86 
  Verifying  : ipa-python-2.2.0-16.el6.x86_64                                                    49/86 
  Verifying  : ipa-client-2.2.0-16.el6.x86_64                                                    50/86 
  Verifying  : pki-native-tools-9.0.3-24.el6.x86_64                                              51/86 
  Verifying  : pki-common-9.0.3-24.el6.noarch                                                    52/86 
  Verifying  : bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.x86_64                                       53/86 
  Verifying  : httpd-tools-2.2.15-15.el6_2.1.x86_64                                              54/86 
  Verifying  : certmonger-0.56-1.el6.x86_64                                                      55/86 
  Verifying  : ipa-server-selinux-2.2.0-16.el6.x86_64                                            56/86 
  Verifying  : mod_nss-1.0.8-15.el6.x86_64                                                       57/86 
  Verifying  : pki-selinux-9.0.3-24.el6.noarch                                                   58/86 
  Verifying  : nss-tools-3.13.5-1.el6_3.x86_64                                                   59/86 
  Verifying  : pki-symkey-9.0.3-24.el6.x86_64                                                    60/86 
  Verifying  : nspr-4.9.1-2.el6_3.x86_64                                                         61/86 
  Verifying  : pki-silent-9.0.3-24.el6.noarch                                                    62/86 
  Verifying  : httpd-2.2.15-15.el6_2.1.x86_64                                                    63/86 
  Verifying  : nss-util-3.13.5-1.el6_3.x86_64                                                    64/86 
  Verifying  : libldb-0.9.10-23.el6.x86_64                                                       65/86 
  Verifying  : 389-ds-base-1.2.10.2-20.el6_3.x86_64                                              66/86 
  Verifying  : pki-java-tools-9.0.3-24.el6.noarch                                                67/86 
  Verifying  : ipa-server-2.2.0-16.el6.x86_64                                                    68/86 
  Verifying  : libtevent-0.9.8-8.el6.x86_64                                                      69/86 
  Verifying  : pki-ca-9.0.3-24.el6.noarch                                                        70/86 
  Verifying  : libtalloc-2.0.1-1.1.el6.x86_64                                                    71/86 
  Verifying  : pki-util-9.0.3-24.el6.noarch                                                      72/86 
  Verifying  : sssd-client-1.8.0-32.el6.x86_64                                                   73/86 
  Verifying  : krb5-workstation-1.9-33.el6_3.3.x86_64                                            74/86 
  Verifying  : libipa_hbac-1.8.0-32.el6.x86_64                                                   75/86 
  Verifying  : krb5-pkinit-openssl-1.9-33.el6_3.3.x86_64                                         76/86 
  Verifying  : krb5-pkinit-openssl-1.9-33.el6_3.3.x86_64                                         77/86 
  Verifying  : ipa-admintools-2.2.0-16.el6.x86_64                                                78/86 
  Verifying  : libtdb-1.2.1-3.el6.x86_64                                                         79/86 
  Verifying  : selinux-policy-3.7.19-155.el6_3.13.noarch                                         80/86 
  Verifying  : 389-ds-base-libs-1.2.10.2-20.el6_3.x86_64                                         81/86 
  Verifying  : pki-setup-9.0.3-24.el6.noarch                                                     82/86 
  Verifying  : nss-3.13.5-1.el6_3.x86_64                                                         83/86 
  Verifying  : krb5-server-1.9-33.el6_3.3.x86_64                                                 84/86 
  Verifying  : krb5-libs-1.9-33.el6_3.3.x86_64                                                   85/86 
  Verifying  : nss-sysinit-3.13.5-1.el6_3.x86_64                                                 86/86 
  Verifying  : sssd-1.8.0-32.el6.x86_64                                                          87/86 

Installed:
  krb5-pkinit-openssl.x86_64 0:1.10.3-10.el6                                                           

Dependency Installed:
  libsss_autofs.x86_64 0:1.9.2-74.el6               libsss_idmap.x86_64 0:1.9.2-74.el6                
  perl-NetAddr-IP.x86_64 0:4.027-7.el6              perl-Socket6.x86_64 0:0.23-3.el6                  
  pytalloc.x86_64 0:2.0.7-2.el6                     samba4-libs.x86_64 0:4.0.0-53.el6.rc4             

Updated:
  bind-dyndb-ldap.x86_64 0:2.3-2.el6                  ipa-server.x86_64 0:3.0.0-24.el6                 

Dependency Updated:
  389-ds-base.x86_64 0:1.2.11.15-10.el6                389-ds-base-libs.x86_64 0:1.2.11.15-10.el6     
  certmonger.x86_64 0:0.61-3.el6                       httpd.x86_64 0:2.2.15-26.el6                   
  httpd-tools.x86_64 0:2.2.15-26.el6                   ipa-admintools.x86_64 0:3.0.0-24.el6           
  ipa-client.x86_64 0:3.0.0-24.el6                     ipa-python.x86_64 0:3.0.0-24.el6               
  ipa-server-selinux.x86_64 0:3.0.0-24.el6             krb5-libs.x86_64 0:1.10.3-10.el6               
  krb5-server.x86_64 0:1.10.3-10.el6                   krb5-workstation.x86_64 0:1.10.3-10.el6        
  libipa_hbac.x86_64 0:1.9.2-74.el6                    libipa_hbac-python.x86_64 0:1.9.2-74.el6       
  libldb.x86_64 0:1.1.13-3.el6                         libtalloc.x86_64 0:2.0.7-2.el6                 
  libtdb.x86_64 0:1.2.10-1.el6                         libtevent.x86_64 0:0.9.17-1.el6                
  mod_nss.x86_64 0:1.0.8-18.el6                        nspr.x86_64 0:4.9.2-1.el6                      
  nss.x86_64 0:3.14.0.0-12.el6                         nss-sysinit.x86_64 0:3.14.0.0-12.el6           
  nss-tools.x86_64 0:3.14.0.0-12.el6                   nss-util.x86_64 0:3.14.0.0-2.el6               
  pki-ca.noarch 0:9.0.3-30.el6                         pki-common.noarch 0:9.0.3-30.el6               
  pki-java-tools.noarch 0:9.0.3-30.el6                 pki-native-tools.x86_64 0:9.0.3-30.el6         
  pki-selinux.noarch 0:9.0.3-30.el6                    pki-setup.noarch 0:9.0.3-30.el6                
  pki-silent.noarch 0:9.0.3-30.el6                     pki-symkey.x86_64 0:9.0.3-30.el6               
  pki-util.noarch 0:9.0.3-30.el6                       selinux-policy.noarch 0:3.7.19-194.el6         
  selinux-policy-targeted.noarch 0:3.7.19-194.el6      sssd.x86_64 0:1.9.2-74.el6                     
  sssd-client.x86_64 0:1.9.2-74.el6                   

Replaced:
  krb5-pkinit-openssl.x86_64 0:1.9-33.el6_3.3                                                          

Complete!
[root@rhel6-2 yum.local.d]# 

[root@rhel6-2 yum.local.d]# ausearch -m avc
<no matches>

Automated Test Results (manually run) ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: upgrade_bz_903758: upgrading IPA from 2.2 to 3.0 sees certmonger errors
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [09:19:18] ::  Machine in recipe is MASTER
:: [   PASS   ] :: File '/var/log/ipaupgrade.log' should not contain 'ERROR certmonger failed to start tracking certificate:.*dogtag-ipa-renew-agent'
:: [   PASS   ] :: BZ 903758 not found
Comment 12 errata-xmlrpc 2013-02-21 04:32:39 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.