#5305 ipa start issue after upgrade failure
Closed: fixed 2 years ago by rcritten. Opened 8 years ago by pvoborni.

ipa-server-install:
1. backs up:
- nsslapd-port
- nsslapd-security
2. sets:
- nsslapd-port: 0
- nsslapd-security: off
3. does upgrade
4. restores the values from backup (should happen even if something fails)

Issue is when something fails and also step 4 fails. In such case ipa won't start because nothing can connect do DS (it does not listen on port 389).

Corrective action would be to run the updater again but during this run it backups the incorrect port number and security settings so the upgrader fails with:

[10/10]: starting directory server
[error] timeout: Timeout exceeded



File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1195, in wait_for_open_ports
raise socket.timeout("Timeout exceeded")

The port number has to be set back manually which is bad.

Updater should detect that it has not restored the state properly and then skip a backup of incorrect values.


If I stop dirsrv and set the port to 389 and nslapd-security to "on" in dse.ldif before the timeout, the upgrade finishes successfully.

reproducer: kill ipa-server-update while it runs. Happened to me in rpm transaction.

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

This was addressed in https://pagure.io/freeipa/issue/7534

A state is now used to determine if the values have been backed up or not rather than always doing it. There is still a very short window where a user can ^C or kill their way into problems but it is much narrower than it used to be.

Marking as fixed.

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue set to the milestone: None (was: FreeIPA 4.5 backlog)
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata