After successfully installing FreeIPA on a new Fedora 22 instance, on 2015-06-08, I ran 'dnf upgrade' on the system which pulled in pki-{base,ca,server,tools}-10.2.4-2.fc22 (previously running 10.2.3-2.fc22).
After the upgrade, pki-tomcatd@pki-tomcat failed to start:
SEVERE: Begin event threw exception java.lang.ClassNotFoundException: com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer
I was only able to temporarily resolve the issue by editing /var/lib/machines/ipa41a/etc/pki/pki-tomcat/server.xml and commenting out
<!--<Listener className="com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer"/>-->
I will attach the log detailing the upgrade process and the failure.
I still have the section above commented out to keep the server running, but am not sure how to proceed from here.
FreeIPA & pki-10.2.4 upgrade failure log pki-10.2.4-upgrade-failure.txt
It is believed that the following packages that were just released should address this issue:
Please download and install these packages and retry your test.
Replying to [comment:1 mharmsen]:
It is believed that the following packages that were just released should address this issue: * https://admin.fedoraproject.org/updates/pki-core-10.2.5-1.fc22 pki-core-10.2.5-1.fc22 Please download and install these packages and retry your test.
It is believed that the following packages that were just released should address this issue: * https://admin.fedoraproject.org/updates/pki-core-10.2.5-1.fc22 pki-core-10.2.5-1.fc22
Thank you. Do I need to change anything in the configuration before or after I upgrade to these packages? For example, should I uncomment the following before or after upgrading the packages?
I'd like to get to the working FreeIPA state as if this issue never occured.
Yes, please revert the server.xml to the original content before upgrading to 10.2.5-1. The new package contains a script that will fix server.xml.
Please also check this file after upgrading: /var/log/pki/pki-server-upgrade-10.2.5.log
Replying to [comment:4 edewata]:
Yes, please revert the server.xml to the original content before upgrading to 10.2.5-1. The new package contains a script that will fix server.xml. Please also check this file after upgrading: /var/log/pki/pki-server-upgrade-10.2.5.log
Removing the following line
<Listener className="com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer"/>
before upgrading to 10.2.5-1 enabled the upgrade to proceed smoothly.
Thanks for verifying the fix.
Fixed by ftweedal in 10.2.5: 489636a2cbf7f6cbfb61e34e69c7c4d3d325ffa9
Metadata Update from @amessina: - Issue assigned to ftweedal - Issue set to the milestone: 10.2.5
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1990
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.