#2543 ipa upgrade with services down errors on configuring ipa_memcached
Closed: Duplicate None Opened 12 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=803452 (Red Hat Enterprise Linux 6)

Description of problem:

Upgrading IPA to version 2.2.0-3 on RHEL6.2 errors configuring ipa_memcached.

In this case, services were down before the upgrade,
/var/run/slapd-TESTRELM-COM.socket was removed, and resolv.conf was pointed to
a different name server.

ipactl stop
rm /var/run/slapd-TESTRELM-COM.socket
yum update 'ipa*'

Version-Release number of selected component (if applicable):
RHEL6.2 build with IPA 2.1.3 being upgraded to 2.2.0-3.

How reproducible:
Currently unknown.  First time seeing this and haven't reproduced yet.

Steps to Reproduce:
1.  <Start with RHEL6.2 build>
2.  <setup IPA 2.1.3 server from base OS repos>
3.  ipactl stop
4.  rm /var/run/slapd-<REALMINSTANCE>.socket
5.  <add RHEL6.3 repos and/or repos containing IPA 2.2.0-3 rpms>
6.  vi /etc/resolv.conf # point to known good DNS server if necessary
7.  yum -y update 'ipa*'

Actual results:

Error and traceback seen:

<snip>

  Updating   : ipa-server-2.2.0-3.el6.x86_64                              21/44
Upgraded /etc/httpd/conf.d/ipa.conf to version 4
Configuring ipa_memcached
  [1/2]: starting ipa_memcached
  [2/2]: configuring ipa_memcached to start on boot
Traceback (most recent call last):
  File "/usr/sbin/ipa-upgradeconfig", line 289, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-upgradeconfig", line 282, in main
    memcache.create_instance('MEMCACHE', fqdn, None,
ipautil.realm_to_suffix(krbctx.default_realm))
  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
325, in create_instance
    self.start_creation("Configuring %s" % self.service_name)
  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
257, in start_creation
    method()
  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
338, in __enable
    self.dm_password, self.suffix)
  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line
311, in ldap_enable
    self.admin_conn.addEntry(entry)
  File "/usr/lib/python2.6/site-packages/ipaserver/ipaldap.py", line 496, in
addEntry
    self.__handle_errors(e, arg_desc=arg_desc)
  File "/usr/lib/python2.6/site-packages/ipaserver/ipaldap.py", line 312, in
__handle_errors
    raise errors.NotFound(reason=arg_desc)
ipalib.errors.NotFound: entry=dn: cn=MEMCACHE,cn=dell-pe2950-01.testrelm.com,cn
=masters,cn=ipa,cn=etc,dc=testrelm,dc=com
cn: MEMCACHE
ipaconfigstring: enabledService
ipaconfigstring: startOrder 39
objectclass: nsContainer
objectclass: ipaConfigObject
</snip>


And, afterwards, IPA will not start:

[root@dell-pe2950-01 ipa-upgrade]# ipactl start
Starting Directory Service
Starting dirsrv:
    PKI-IPA...[  OK  ]
    TESTRELM-COM...[  OK  ]
Failed to read data from Directory Service: Failed to get list of services to
probe status!
Configured hostname 'dell-pe2950-01.testrelm.com' does not match any master
server in LDAP:
No master found because of error: {'matched': 'dc=testrelm,dc=com', 'desc': 'No
such object'}
Shutting down
Shutting down dirsrv:
    PKI-IPA...[  OK  ]
    TESTRELM-COM...[  OK  ]

Expected results:

Clean upgrade and IPA can be started after upgrade.

Additional info:

/var/log/messages contain some KDC/LDAP messages for sssd:

Mar 14 13:18:44 dell-pe2950-01 [sssd[ldap_child[13376]]]: Failed to initialize
credentials using keytab [(null)]: Cannot contact any KDC for realm
'TESTRELM.COM'. Unable to create GSSAPI-encrypted LDAP connection.
Mar 14 13:18:44 dell-pe2950-01 [sssd[ldap_child[13376]]]: Cannot contact any
KDC for requested realm

Looks like this is another manifestation of the 389-ds database corruption on upgrade. Upstream bug closed as duplicate of 803930.

I'm doing the same, closing as a duplicate of 2541

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03

7 years ago

Login to comment on this ticket.

Metadata