hi,
no, it's without quotes but the rolledback version:
Configuration-Version: 11.4.2
I tried modifiying it to 11.5.0 and ipactl restart, but it does not help (reset it to the proper value 11.4.2 now)
On Fri, May 24, 2024 at 5:14 PM Alexander Bokovoy abokovoy@redhat.com wrote:
On Fri, 24 May 2024, Natxo Asenjo via FreeIPA-users wrote:
hi,
after a botched update (https://access.redhat.com/solutions/7065748) and rolling back the changes, this service will not start:
# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: STOPPED smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING 1 service(s) are not running
in journalctl I found this stdout/stderr messages:
May 24 11:40:35 kdc1.sub.domain.tld named[27437]: zone sub.domain.tld/IN: sending notifies (serial 1716543629) May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: ERROR: Unable to parse version number: "11.5.0" May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Traceback (most recent call last): May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in
<module> May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: cli.execute(sys.argv) May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 145,
in
execute May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: super().execute(args) May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in
execute
May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: module.execute(module_args) May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 144, in execute May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: self.upgrade( May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 178, in upgrade May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: upgrader.upgrade() May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in upgrade May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: versions = self.versions() May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in versions May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: current_version = self.get_current_version() May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in get_current_version May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: current_version = self.get_tracker().get_version() May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in
get_version
May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: return pki.util.Version(version) May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File "/usr/lib/python3.9/site-packages/pki/util.py", line 613, in __init__ May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: raise Exception('Unable to parse version number: %s' % obj) May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Exception: Unable
to
parse version number: "11.5.0"
What do you have in /etc/pki/pki.version file? Is it literally
# cat /etc/pki/pki.version Configuration-Version: "11.5.0"
? If so, then remove quotes around 11.5.0, they are not expected.
May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited, status=1/FAILURE May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'. May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
So it seems something is broken on this upgrade script. This is in in almalinux 9.3 ipa-server-4.10.2-5.el9_3.alma.1.x86_64
I cannot upgrade because I get bitten by the named ldap thing, even though the versions are newer.
I will create a replicat to a rhel host but first I need to get the CA up and running obviously :-).
Any ideas?
Thanks!
-- regards,
natxo
--
Groeten, natxo
-- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland