Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1254412
Created attachment 1064146 389-ds log Description of problem: when dirsrv is off ,upgrade from 7.1 to 7.2 fails with starting CA and named-pkcs11.service Version-Release number of selected component (if applicable): ipa-server-4.1.0-18.el7.x86_64 -> ipa-server-4.2.0-4.el7.x86_64 pki-ca-10.1.2-7.el7.noarch -> pki-ca-10.2.5-5.el7.noarch 389-ds-base-1.3.3.1-13.el7.x86_64 -> 389-ds-base-1.3.4.0-11.el7.x86_64 bind-pkcs11-9.9.4-28.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. 7.1 server installed 2. stop dirsrv 3. upgrade to 7.2 Actual results: upgrade from 7.1 to 7.2 fails with starting CA and named-pkcs11.service Expected results: Upgrade success with no failures. Additional info: [root@cloud-qe-3 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.1 (Maipo) [root@cloud-qe-3 ~]# systemctl stop dirsrv.target [root@cloud-qe-3 ~]# systemctl status dirsrv.target dirsrv.target - 389 Directory Server Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; disabled) Active: inactive (dead) [root@cloud-qe-3 ~]# yum -y update 'ipa*' sssd . . . Cleanup : systemd-libs-208-20.el7.x86_64 134/136 Cleanup : libsss_idmap-1.12.2-58.el7.x86_64 135/136 Cleanup : slapi-nis-0.54-2.el7.x86_64 136/136 IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. CA did not start in 300.0s MYNEWREPO1/productid | 1.6 kB 00:00:00 Verifying : 32:bind-libs-lite-9.9.4-28.el7.x86_64 1/136 Verifying : 32:bind-utils-9.9.4-28.el7.x86_64 2/136 Verifying : 389-ds-base-libs-1.3.4.0-11.el7.x86_64 3/136 Verifying : pki-server-10.2.5-5.el7.noarch 4/136 Verifying : systemd-python-219-11.el7.x86_64 5/136 . . . [root@cloud-qe-3 ~]# ipactl status Directory Service: STOPPED Directory Service must be running in order to obtain status of other services ipa: INFO: The ipactl command was successful [root@cloud-qe-3 ~]# ipactl restart Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Job for named-pkcs11.service failed because the control process exited with error code. See "systemctl status named-pkcs11.service" and "journalctl -xe" for details. Failed to start named Service Shutting down Aborting ipactl [root@cloud-qe-3 ~]# systemctl status named-pkcs11 -l ? named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native PKCS#11 Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2015-08-17 23:05:29 EDT; 34min ago Process: 19865 ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS (code=exited, status=1/FAILURE) Process: 19862 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com named-pkcs11[19867]: adjusted limit on open files from 4096 to 1048576 Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com named-pkcs11[19867]: found 4 CPUs, using 4 worker threads Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com named-pkcs11[19867]: using 4 UDP listeners per interface Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com named-pkcs11[19867]: using up to 4096 sockets Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com named-pkcs11[19867]: ObjectStore.cpp(59): Failed to enumerate object store in /var/lib/softhsm/tokens/ Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com named-pkcs11[19867]: SoftHSM.cpp(456): Could not load the object store Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com systemd[1]: named-pkcs11.service: control process exited, code=exited status=1 Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11. Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com systemd[1]: Unit named-pkcs11.service entered failed state. Aug 17 23:05:29 cloud-qe-3.idmqe.lab.eng.bos.redhat.com systemd[1]: named-pkcs11.service failed.
master:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.