https://bugzilla.redhat.com/show_bug.cgi?id=895298 (Red Hat Enterprise Linux 6)
Description of problem: If dirsrv is stopped before an upgrade, named not restarted cleanly during the IPA upgrade. This is what I see during yum update 'ipa*': Updating : ipa-server-3.0.0-21.el6.x86_64 34/72 Unexpected error CalledProcessError: Command '/sbin/service named restart ' returned non-zero exit status 7 Updating : ipa-server-selinux-3.0.0-21.el6.x86_64 35/72 Version-Release number of selected component (if applicable): 2.2.0 -> 3.0.0 update How reproducible: always Steps to Reproduce: 1. Install RHEL6.3 IPA server 2. Point yum repos for RHEL6.4 3. service dirsrv stop 4. yum update 'ipa*' Actual results: fails to restart named and things don't work afterwards Expected results: restarts Additional info: Looks like ipaupgrade.log shows that dirsrv restarted after attempted named restart...not sure if it matters. /var/log/ipaupgrade.log: 2013-01-11T22:35:14Z INFO Changes to named.conf have been made, restart named 2013-01-11T22:35:14Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2013-01-11T22:35:17Z DEBUG args=/sbin/service named restart 2013-01-11T22:35:17Z DEBUG stdout=Stopping named: .[ OK ]^M Starting named: [FAILED]^M 2013-01-11T22:35:17Z DEBUG stderr= 2013-01-11T22:35:17Z INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-upgradeconfig", line 660, in main bindinstance.BindInstance(fstore).restart() File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 268, in restart self.service.restart(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.6/site-packages/ipapython/platform/redhat.py", line 76, in restart ipautil.run(["/sbin/service", self.service_name, "restart", instance_name], capture_output=capture_output) File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 316, in run raise CalledProcessError(p.returncode, args) 2013-01-11T22:35:17Z INFO The ipa-upgradeconfig command failed, exception: CalledProcessError: Command '/sbin/service named restart ' returned non-zero exit status 7 Attempts to start named alone show this failure in /var/log/messages: Jan 14 19:42:15 rhel6-1 named[32388]: sizing zone task pool based on 6 zones Jan 14 19:42:15 rhel6-1 named[32388]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind' Jan 14 19:42:15 rhel6-1 named[32388]: Failed to init credentials (Cannot contact any KDC for realm 'TESTRELM.COM') Jan 14 19:42:15 rhel6-1 named[32388]: loading configuration: failure Jan 14 19:42:15 rhel6-1 named[32388]: exiting (due to fatal error) Now, I can work around this with ipactl stop/start: [root@rhel6-1 ipa-upgrade]# ipactl stop Stopping CA Service Stopping pki-ca: [ OK ] Stopping HTTP Service Stopping httpd: [ OK ] Stopping MEMCACHE Service Stopping ipa_memcached: [ OK ] Stopping DNS Service Stopping named: [ OK ] Stopping KPASSWD Service Stopping Kerberos 5 Admin Server: [FAILED] Stopping KDC Service Stopping Kerberos 5 KDC: [FAILED] Stopping Directory Service Shutting down dirsrv: PKI-IPA... [ OK ] TESTRELM-COM... [ OK ] [root@rhel6-1 ipa-upgrade]# ipactl start Starting Directory Service Starting dirsrv: PKI-IPA... [ OK ] TESTRELM-COM... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting DNS Service Starting named: [ OK ] Starting MEMCACHE Service Starting ipa_memcached: [ OK ] Starting HTTP Service Starting httpd: [ OK ] Starting CA Service Starting pki-ca: [ OK ] [root@rhel6-1 ipa-upgrade]# kinit admin Password for admin@TESTRELM.COM: [root@rhel6-1 ipa-upgrade]#
Patch ''freeipa-mkosek-350-upgrade-process-should-not-crash-on-named-restart.patch'' sent for review freeipa-mkosek-350-upgrade-process-should-not-crash-on-named-restart.patch
master: 476aacd[[BR]] ipa-3-1: cab85b7[[BR]] ipa-3-0: a89d96f
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0.3 (bug fixing)
Login to comment on this ticket.