hi,

no, it's without quotes but the rolledback version:

Configuration-Version: 11.4.2

I tried modifiying it to 11.5.0 and ipactl restart, but it does not help (reset it to the proper value 11.4.2 now)



On Fri, May 24, 2024 at 5:14 PM Alexander Bokovoy <abokovoy@redhat.com> wrote:
On Fri, 24 May 2024, Natxo Asenjo via FreeIPA-users wrote:
>hi,
>
>after a botched update (https://access.redhat.com/solutions/7065748) and
>rolling back the changes, this service will not start:
>
># ipactl status
>Directory Service: RUNNING
>krb5kdc Service: RUNNING
>kadmin Service: RUNNING
>named Service: RUNNING
>httpd Service: RUNNING
>ipa-custodia Service: RUNNING
>pki-tomcatd Service: STOPPED
>smb Service: RUNNING
>winbind Service: RUNNING
>ipa-otpd Service: RUNNING
>ipa-dnskeysyncd Service: RUNNING
>1 service(s) are not running
>
>in journalctl I found this stdout/stderr messages:
>
>
>May 24 11:40:35 kdc1.sub.domain.tld named[27437]: zone sub.domain.tld/IN:
>sending notifies (serial 1716543629)
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: ERROR: Unable to
>parse version number: "11.5.0"
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Traceback (most
>recent call last):
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in
><module>
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>cli.execute(sys.argv)
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 145, in
>execute
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>super().execute(args)
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>module.execute(module_args)
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 144, in
>execute
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     self.upgrade(
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 178, in
>upgrade
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>upgrader.upgrade()
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in upgrade
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     versions =
>self.versions()
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in versions
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     current_version
>= self.get_current_version()
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in
>get_current_version
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     current_version
>= self.get_tracker().get_version()
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in get_version
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     return
>pki.util.Version(version)
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>"/usr/lib/python3.9/site-packages/pki/util.py", line 613, in __init__
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     raise
>Exception('Unable to parse version number: %s' % obj)
>May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Exception: Unable to
>parse version number: "11.5.0"

What do you have in /etc/pki/pki.version file? Is it literally

# cat /etc/pki/pki.version
Configuration-Version: "11.5.0"

? If so, then remove quotes around 11.5.0, they are not expected.

>May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
>pki-tomcatd@pki-tomcat.service: Control process exited, code=exited,
>status=1/FAILURE
>May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
>pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.
>May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: Failed to start PKI Tomcat
>Server pki-tomcat.
>
>So it seems something is broken on this upgrade script. This is in in
>almalinux 9.3
>ipa-server-4.10.2-5.el9_3.alma.1.x86_64
>
>I cannot upgrade because I get bitten by the named ldap thing, even though
>the versions are newer.
>
>I will create a replicat to a rhel host but first I need to get the CA up
>and running obviously :-).
>
>Any ideas?
>
>Thanks!
>
>--
>regards,
>
>natxo
>
>--
>--
>Groeten,
>natxo




--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland



--
--
Groeten,
natxo