Issue #4833: IPA replica missing data after master upgraded - freeipa

freeipa

#4833 IPA replica missing data after master upgraded

Closed: Fixed None Opened 9 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1176995

Description of problem:

In an IPA RHEL7 environment, I'm seeing data missing from replica after master
is upgraded from 7.0 to 7.1.

After upgade, DNS data is missing:

[root@vm2 ~]# ipa dnszone-find
----------------------------
Number of entries returned 0
----------------------------

As is host data:

[root@vm2 ~]# ipa host-find
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------

During (or right after)

I even tried using copy-schema-to-ca.py after the upgrade but, that didn't
work:

[root@vm2 ~]# python /root/copy-schema-to-ca.py
ipa         : WARNING  Could not install
/etc/dirsrv/slapd-PKI-IPA//schema/60kerberos.ldif: [Errno 2] No such file or
directory:
'/etc/dirsrv/slapd-PKI-IPA//schema/60kerberos.ldif'
Traceback (most recent call last):
  File "/root/copy-schema-to-ca.py", line 91, in <module>
    main()
  File "/root/copy-schema-to-ca.py", line 85, in main
    add_ca_schema()
  File "/root/copy-schema-to-ca.py", line 66, in add_ca_schema
    os.chmod(target_fname, 0440)    # read access for dirsrv user/group
OSError: [Errno 2] No such file or directory:
'/etc/dirsrv/slapd-PKI-IPA//schema/60kerberos.ldif'

Similar to bug #1167964 but, I don't know if it's the same.

Version-Release number of selected component (if applicable):
On RHEL7.1 Master:
ipa-server-4.1.0-13.el7.x86_64
389-ds-base-1.3.3.1-10.el7.x86_64

On RHEL7.0 Replica:
ipa-server-3.3.3-28.el7.x86_64
389-ds-base-1.3.1.6-25.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.  install RHEL7.0 master and replica with dns support
2.  point master yum configs to RHEL7.1 repos
3.  yum -y update ipa-server sssd  # on master
4.  ipa dnszone-find # on replica

Actual results:
nothing returned as shown above.

Expected results:
shows configured DNS zones.

Additional info:
Will attach dirsrv logs shortly.

pvoborni commented 9 years ago

Caused by schema change https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=adcd373931c50d91550f6b74b191d08ecce5b137 , see BZ comment 8

Attributes should changed back from MUST to MAY.

mkosek commented 9 years ago

FreeIPA part of this fix is done:

master:

fe4b319 Revert "Make all ipatokenTOTP attributes mandatory"

ipa-4-1:

5b99024 Revert "Make all ipatokenTOTP attributes mandatory"

ipa-4-0:

370a5b2 Revert "Make all ipatokenTOTP attributes mandatory"

Note that we are still waiting for the DS part of the fix: https://fedorahosted.org/389/ticket/47988.

Metadata Update from @pvoborni:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.0.6

7 years ago

Metadata

Assignee

jcholast

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.0.6

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1176995

tester

None

changelog

None

design

None

freeipa

Source Code

#4833 IPA replica missing data after master upgraded Closed: Fixed None Opened 9 years ago by pvoborni.

Metadata

#4833 IPA replica missing data after master upgraded

Closed: Fixed None Opened 9 years ago by pvoborni.