[Freeipa-users] Re: pki-tomcatd service stopped

[Natxo Asenjo via FreeIPA-users]

hi,

indeed, sorry.

# cat
/etc/pki/pki.version
│
Configuration-Version: 11.5.0

# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running

May 29 12:12:34 kdc.sub.domain.tld systemd[1]: Starting PKI Tomcat Server
pki-tomcat...
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: ERROR: Unable to
parse version number: "11.5.0"
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: Traceback (most
recent call last):
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in
<module>
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:
cli.execute(sys.argv)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 145, in
execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:
super().execute(args)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:
module.execute(module_args)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 144, in
execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     self.upgrade(
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 178, in
upgrade
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     upgrader.upgrade()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in upgrade
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     versions =
self.versions()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in versions
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     current_version =
self.get_current_version()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in
get_current_version
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     current_version =
self.get_tracker().get_version()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in get_version
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     return
pki.util.Version(version)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:   File
"/usr/lib/python3.9/site-packages/pki/util.py", line 613, in __init__
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:     raise
Exception('Unable to parse version number: %s' % obj)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: Exception: Unable to
parse version number: "11.5.0"

If I revert it to 11.4.2, so it looks as though it is not reading this file
for getting this information.

# cat /etc/pki/pki.version
Configuration-Version: 11.4.2

# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running

May 29 12:17:08 kdc.sub.domain.tld systemd[1]: Starting PKI Tomcat Server
pki-tomcat...
May 29 12:17:08 kdc.sub.domain.tld pki-server[37297]: ERROR: Unable to
parse version number: "11.5.0"

Strange.


On Tue, May 28, 2024 at 7:35 PM Rob Crittenden <rcrit...@redhat.com> wrote:

> Natxo Asenjo via FreeIPA-users wrote:
> > hi,
> >
> > no, it's without quotes but the rolledback version:
> >
> > Configuration-Version: 11.4.2
> >
> > I tried modifiying it to 11.5.0 and ipactl restart, but it does not help
> > (reset it to the proper value 11.4.2 now)
>
> Did the error change when you switched to 11.4.2? You didn't include a
> new traceback.
>
> rob
>
> >
> >
> >
> > On Fri, May 24, 2024 at 5:14 PM Alexander Bokovoy <aboko...@redhat.com
> > <mailto:aboko...@redhat.com>> wrote:
> >
> >     On Fri, 24 May 2024, Natxo Asenjo via FreeIPA-users wrote:
> >     >hi,
> >     >
> >     >after a botched update
> >     (https://access.redhat.com/solutions/7065748) and
> >     >rolling back the changes, this service will not start:
> >     >
> >     ># ipactl status
> >     >Directory Service: RUNNING
> >     >krb5kdc Service: RUNNING
> >     >kadmin Service: RUNNING
> >     >named Service: RUNNING
> >     >httpd Service: RUNNING
> >     >ipa-custodia Service: RUNNING
> >     >pki-tomcatd Service: STOPPED
> >     >smb Service: RUNNING
> >     >winbind Service: RUNNING
> >     >ipa-otpd Service: RUNNING
> >     >ipa-dnskeysyncd Service: RUNNING
> >     >1 service(s) are not running
> >     >
> >     >in journalctl I found this stdout/stderr messages:
> >     >
> >     >
> >     >May 24 11:40:35 kdc1.sub.domain.tld named[27437]: zone
> >     sub.domain.tld/IN:
> >     >sending notifies (serial 1716543629)
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: ERROR:
> Unable to
> >     >parse version number: "11.5.0"
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Traceback
> (most
> >     >recent call last):
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line
> 41, in
> >     ><module>
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >     >cli.execute(sys.argv)
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line
> >     145, in
> >     >execute
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >     >super().execute(args)
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217,
> >     in execute
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >     >module.execute(module_args)
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line
> >     144, in
> >     >execute
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >      self.upgrade(
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line
> >     178, in
> >     >upgrade
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >     >upgrader.upgrade()
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in
> upgrade
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     versions
> =
> >     >self.versions()
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in
> >     versions
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >      current_version
> >     >= self.get_current_version()
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in
> >     >get_current_version
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >      current_version
> >     >= self.get_tracker().get_version()
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in
> >     get_version
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     return
> >     >pki.util.Version(version)
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:   File
> >     >"/usr/lib/python3.9/site-packages/pki/util.py", line 613, in
> __init__
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:     raise
> >     >Exception('Unable to parse version number: %s' % obj)
> >     >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Exception:
> >     Unable to
> >     >parse version number: "11.5.0"
> >
> >     What do you have in /etc/pki/pki.version file? Is it literally
> >
> >     # cat /etc/pki/pki.version
> >     Configuration-Version: "11.5.0"
> >
> >     ? If so, then remove quotes around 11.5.0, they are not expected.
> >
> >     >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
> >     >pki-tomcatd@pki-tomcat.service: Control process exited,
> code=exited,
> >     >status=1/FAILURE
> >     >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
> >     >pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.
> >     >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: Failed to start PKI
> >     Tomcat
> >     >Server pki-tomcat.
> >     >
> >     >So it seems something is broken on this upgrade script. This is in
> in
> >     >almalinux 9.3
> >     >ipa-server-4.10.2-5.el9_3.alma.1.x86_64
> >     >
> >     >I cannot upgrade because I get bitten by the named ldap thing, even
> >     though
> >     >the versions are newer.
> >     >
> >     >I will create a replicat to a rhel host but first I need to get the
> >     CA up
> >     >and running obviously :-).
> >     >
> >     >Any ideas?
> >     >
> >     >Thanks!
> >     >
> >     >--
> >     >regards,
> >     >
> >     >natxo
> >     >
> >     >--
> >     >--
> >     >Groeten,
> >     >natxo
> >
> >
> >
> >
> >     --
> >     / Alexander Bokovoy
> >     Sr. Principal Software Engineer
> >     Security / Identity Management Engineering
> >     Red Hat Limited, Finland
> >
> >
> >
> > --
> > --
> > Groeten,
> > natxo
> >
> > --
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> > Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
> >
>
>

-- 
--
Groeten,
natxo

--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue