Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1512894 - IPA upgrade fails after ca-cert renewal
Summary: IPA upgrade fails after ca-cert renewal
Keywords:
Status: CLOSED DUPLICATE of bug 1513467
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-14 12:08 UTC by anuja
Modified: 2017-11-17 10:41 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-17 10:41:25 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description anuja 2017-11-14 12:08:26 UTC
Description of problem:
IPA upgrade fails for latest ipa package when upgraded from RHEL 7.4.z to 7.5 

Version-Release number of selected component (if applicable):
4.5.4-4.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server on RHEL 7.4.z (In my case ipa-4.5.0-22.el7_4.x86_64)
2. In my case self-signed to external-ca
3. Perform upgrade to 7.5

Actual results:

After step 2 upgrade fails

#tail /var/log/ipaupgrade.log

2017-11-14T09:07:30Z DEBUG Waiting for CA to start...
2017-11-14T09:07:31Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2017-11-14T09:07:31Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 48, in run
    raise admintool.ScriptError(str(e))

2017-11-14T09:07:31Z DEBUG The ipa-server-upgrade command failed, exception: ScriptError: CA did not start in 300.0s
2017-11-14T09:07:31Z ERROR CA did not start in 300.0s
2017-11-14T09:07:31Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information


Expected results:
After ca-cert renewal upgrade should be successful. 

Additional info:

This similar issue is observed for IPA server upgrade from:
7.3.z to 7.5

IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: Command '/bin/systemctl start dirsrv@TESTRELM-TEST.service' returned non-zero exit status 1

Comment 2 anuja 2017-11-17 09:03:50 UTC
re-ran the test case and the issue is no more observed

Comment 4 Florence Blanc-Renaud 2017-11-17 10:41:25 UTC
The issue seen upgrading to 7.5 (with dirsrv not starting during uprade) is probably a duplicate of bz 1513467, for which an errata is already available:
https://errata.devel.redhat.com/advisory/30661

*** This bug has been marked as a duplicate of bug 1513467 ***


Note You need to log in before you can comment on or make changes to this bug.