Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1757064
Description of problem: IPA upgrade fails for latest ipa package when adtrust is installed Version-Release number of selected component (if applicable): ipa-server-4.8.0-11.module+el8.1.0+4247+9f3fd721.x86_64 How reproducible: Always Steps to Reproduce: 1. Setup IPA server at version RHEL8.0 2. Setup trust on this machine (in my case) # ipa-adtrust-install --netbios-name=ND30SEP -a Secret123 -U # ipa dnsforwardzone-add ipaad2k16cin.test --forwarder=10.0.144.176 --forward-policy=only # echo Secret123 | ipa trust-add ipaad2k16cin.test --admin Administrator --range-type=ipa-ad-trust --password --two-way=True 3. Setup repo for RHEL8.1 4. Run ipa-upgrade on this machine 'yum -y update' 5. Run ipactl restart 6. Check Kinit command Actual results: 1. After step 4, ipa-upgrade process FAILS 2. After step5, ipactl restart is successful 3. Kinit command is successful [root@vm-idm-014 ~]# rpm -q ipa-server ipa-server-4.8.0-11.module+el8.1.0+4247+9f3fd721.x86_64 [root@vm-idm-014 ~]# tail -1 /var/log/ipaupgrade.log 2019-09-30T12:51:55Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information [root@vm-idm-014 ~]# ipactl status Directory Service: STOPPED Directory Service must be running in order to obtain status of other services ipa: INFO: The ipactl command was successful [root@vm-idm-014 ~]# ipactl restart IPA version error: data needs to be upgraded (expected version '4.8.0-11.module+el8.1.0+4247+9f3fd721', current version '4.7.1-11.module+el8+2842+7481110c') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting httpd Service Starting ipa-custodia Service Starting pki-tomcatd Service Starting smb Service Starting winbind Service Starting ipa-otpd Service Starting ipa-dnskeysyncd Service ipa: INFO: The ipactl command was successful [root@vm-idm-014 ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: RUNNING smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful [root@vm-idm-014 ~]# kinit admin Password for admin@ND30SEP.NDPNE: [root@vm-idm-014 ~]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin@ND30SEP.NDPNE UID: 645600000 GID: 645600000 Account disabled: False ---------------------------- Number of entries returned 1 ---------------------------- [root@vm-idm-014 ~]# Expected results: ipaupgrade should be successful Additional info: When adtrust is not installed on the Master, then ipaupgrade is successful Upgrade without adtrust installed [root@ipaqavmd ~]# tail -1 /var/log/ipaupgrade.log 2019-09-30T12:30:51Z INFO The ipa-server-upgrade command was successful [root@ipaqavmd ~]# rpm -q ipa-server ipa-server-4.8.0-11.module+el8.1.0+4247+9f3fd721.x86_64 [root@ipaqavmd ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful [root@ipaqavmd ~]#
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1757064
master:
ipa-4-8:
ipa-4-7:
ipa-4-6:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.