|Summary:||IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using "yum update ipa* sssd"|
|Product:||Red Hat Enterprise Linux 7||Reporter:||Jan Kurik <jkurik>|
|Component:||ipa||Assignee:||IPA Maintainers <ipa-maint>|
|Status:||CLOSED ERRATA||QA Contact:||Namita Soman <nsoman>|
|Version:||7.2||CC:||ekeck, enewland, gparente, ipa-maint, jcholast, ksiddiqu, mbasti, mkosek, ndehadra, pspacek, pvoborni, rcritten|
|Fixed In Version:||ipa-4.2.0-15.el7_2.5||Doc Type:||Bug Fix|
The ipa packages require openssl packages of version 1.0.1e-42 or later. Previously, this requirement was missing from the spec file. As a consequence, upgrade of an IdM server could fail upon creating a SoftHSM database. With this update, the dependency on the correct version of openssl has been added to the spec file. As a result, the SoftHSM database is created and the upgrade is successful.
|Last Closed:||2016-02-16 10:58:32 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1286635|
Description Jan Kurik 2016-01-13 09:00:51 UTC
This bug has been copied from bug #1286635 and has been proposed to be backported to 7.2 z-stream (EUS).
Comment 5 Nikhil Dehadrai 2016-01-25 18:09:03 UTC
IPA server 7.0: ipa-server-3.3.3-28.el7.x86_64 IPA server 7.2 update 2: ipa-server-4.2.0-15.el7_2.4.x86_64 Tested the bug with following steps for RHEL 7.2 update 2: 1. Setup RHEL7.0 host with IPA master 2. Add RHEl7.2 and RHEL 7.2 update repos on the system. 3. Run command #yum update ipa* sssd 4. Verify the logs for yum update process along with ipaupgrade process. # tail -f /var/log/messages # tail -f /var/log/ipaupgrade.log # tail -f /var/log/yum.log Actual results: 1. After step4, Following error message is displayed at the screen: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX' returned non-zero exit status 1 2. ipa-upgrade is successful (rpm -qa | grep ipa-server*) 3. openssl version is not updated (remains as openssl-1.0.1e-34.el7.x86_64 in my case) On the basis of above observations, the error message is still observed while upgrade ipa-server from RHEL 7.0 to RHEL 7.2 update 2, thus marking the status of bug to "ASSIGNED".
Comment 6 Martin Bašti 2016-01-25 18:11:56 UTC
We investigated it, and it requires to have specified epoch in specfile for opnssl, otherwise yum will not update openssl package. Requires(pre): openssl >= 1:1.0.1e-42 Requires: openssl >= 1:1.0.1e-42
Comment 8 Nikhil Dehadrai 2016-01-27 11:08:24 UTC
IPA server 7.0: ipa-server-3.3.3-28.el7.x86_64 IPA server 7.2 update 2: ipa-server-4.2.0-15.el7_2.5.x86_64 Verified the bug with following steps for RHEL 7.2 update 2: 1. Setup RHEL7.0 host with IPA master 2. Add RHEl7.2 and RHEL 7.2 update repos on the system. 3. Run command #yum update ipa* sssd 4. Once the update process is complete, Verified that upgrade of ipa-server to 4.2.0-15.el7_2.5 is successful. 5. Verified that no failure messages related to IPA update process are reported inside following log files: # tail -f /var/log/messages # tail -f /var/log/ipaupgrade.log # tail -f /var/log/yum.log 6. Also verified that ipa server is updated successfully even when command #yum update is used. Thus on the basis of above observations, marking the status of bug to "VERIFIED". Please refer the attachment for logs related to this upgrade process.
Comment 9 Nikhil Dehadrai 2016-01-27 11:09:49 UTC
Created attachment 1118757 [details] Verification steps / logs for bug 1298097
Comment 11 errata-xmlrpc 2016-02-16 10:58:32 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0211.html