hi,

indeed, sorry.

# cat /etc/pki/pki.version                                                                 │
Configuration-Version: 11.5.0

# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running

May 29 12:12:34 kdc.sub.domain.tld systemd[1]: Starting PKI Tomcat Server pki-tomcat...
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: ERROR: Unable to parse version number: "11.5.0"
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: Traceback (most recent call last):
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in <module>
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     cli.execute(sys.argv)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 145, in execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     super().execute(args)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     module.execute(module_args)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 144, in execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     self.upgrade(
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 178, in upgrade
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     upgrader.upgrade()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in upgrade
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     versions = self.versions()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in versions
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     current_version = self.get_current_version()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in get_current_version
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     current_version = self.get_tracker().get_version()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in get_version
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     return pki.util.Version(version)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File "/usr/lib/python3.9/site-packages/pki/util.py", line 613, in __init__
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     raise Exception('Unable to parse version number: %s' % obj)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: Exception: Unable to parse version number: "11.5.0"

If I revert it to 11.4.2, so it looks as though it is not reading this file for getting this information.

# cat /etc/pki/pki.version
Configuration-Version: 11.4.2

# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running

May 29 12:17:08 kdc.sub.domain.tld systemd[1]: Starting PKI Tomcat Server pki-tomcat...
May 29 12:17:08 kdc.sub.domain.tld pki-server[37297]: ERROR: Unable to parse version number: "11.5.0"

Strange.


On Tue, May 28, 2024 at 7:35 PM Rob Crittenden <rcritten@redhat.com> wrote:
Natxo Asenjo via FreeIPA-users wrote:
> hi,
>
> no, it's without quotes but the rolledback version:
>
> Configuration-Version: 11.4.2
>
> I tried modifiying it to 11.5.0 and ipactl restart, but it does not help
> (reset it to the proper value 11.4.2 now)

Did the error change when you switched to 11.4.2? You didn't include a
new traceback.

rob

>
>
>
> On Fri, May 24, 2024 at 5:14 PM Alexander Bokovoy <abokovoy@redhat.com
> <mailto:abokovoy@redhat.com>> wrote:
>
>     On Fri, 24 May 2024, Natxo Asenjo via FreeIPA-users wrote:
>     >hi,
>     >
>     >after a botched update
>     (https://access.redhat.com/solutions/7065748) and
>     >rolling back the changes, this service will not start:
>     >
>     ># ipactl status
>     >Directory Service: RUNNING
>     >krb5kdc Service: RUNNING
>     >kadmin Service: RUNNING
>     >named Service: RUNNING
>     >httpd Service: RUNNING
>     >ipa-custodia Service: RUNNING
>     >pki-tomcatd Service: STOPPED
>     >smb Service: RUNNING
>     >winbind Service: RUNNING
>     >ipa-otpd Service: RUNNING
>     >ipa-dnskeysyncd Service: RUNNING
>     >1 service(s) are not running
>     >
>     >in journalctl I found this stdout/stderr messages:
>     >
>     >
>     >May 24 11:40:35 kdc1.sub.domain.tld named[27437]: zone
>     sub.domain.tld/IN:
>     >sending notifies (serial 1716543629)
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: ERROR: Unable to
>     >parse version number: "11.5.0"
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Traceback (most
>     >recent call last):
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in
>     ><module>
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>     >cli.execute(sys.argv)
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line
>     145, in
>     >execute
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>     >super().execute(args)
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217,
>     in execute
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>     >module.execute(module_args)
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line
>     144, in
>     >execute
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   
>      self.upgrade(
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line
>     178, in
>     >upgrade
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
>     >upgrader.upgrade()
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in upgrade
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     versions =
>     >self.versions()
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in
>     versions
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   
>      current_version
>     >= self.get_current_version()
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in
>     >get_current_version
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   
>      current_version
>     >= self.get_tracker().get_version()
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in
>     get_version
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     return
>     >pki.util.Version(version)
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
>     >"/usr/lib/python3.9/site-packages/pki/util.py", line 613, in __init__
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     raise
>     >Exception('Unable to parse version number: %s' % obj)
>     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Exception:
>     Unable to
>     >parse version number: "11.5.0"
>
>     What do you have in /etc/pki/pki.version file? Is it literally
>
>     # cat /etc/pki/pki.version
>     Configuration-Version: "11.5.0"
>
>     ? If so, then remove quotes around 11.5.0, they are not expected.
>
>     >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
>     >pki-tomcatd@pki-tomcat.service: Control process exited, code=exited,
>     >status=1/FAILURE
>     >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
>     >pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.
>     >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: Failed to start PKI
>     Tomcat
>     >Server pki-tomcat.
>     >
>     >So it seems something is broken on this upgrade script. This is in in
>     >almalinux 9.3
>     >ipa-server-4.10.2-5.el9_3.alma.1.x86_64
>     >
>     >I cannot upgrade because I get bitten by the named ldap thing, even
>     though
>     >the versions are newer.
>     >
>     >I will create a replicat to a rhel host but first I need to get the
>     CA up
>     >and running obviously :-).
>     >
>     >Any ideas?
>     >
>     >Thanks!
>     >
>     >--
>     >regards,
>     >
>     >natxo
>     >
>     >--
>     >--
>     >Groeten,
>     >natxo
>
>
>
>
>     --
>     / Alexander Bokovoy
>     Sr. Principal Software Engineer
>     Security / Identity Management Engineering
>     Red Hat Limited, Finland
>
>
>
> --
> --
> Groeten,
> natxo
>
> --
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
>



--
--
Groeten,
natxo