On Срд, 29 мая 2024, Natxo Asenjo wrote:
hi,
indeed, sorry.
# cat
/etc/pki/pki.version
│
Configuration-Version: 11.5.0
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running
May 29 12:12:34 kdc.sub.domain.tld systemd[1]: Starting PKI Tomcat Server
pki-tomcat...
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: ERROR: Unable to
parse version number: "11.5.0"
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: Traceback (most
recent call last):
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in
<module>
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:
cli.execute(sys.argv)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 145, in
execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:
super().execute(args)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]:
module.execute(module_args)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 144, in
execute
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: self.upgrade(
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 178, in
upgrade
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: upgrader.upgrade()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in upgrade
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: versions =
self.versions()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in versions
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: current_version =
self.get_current_version()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in
get_current_version
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: current_version =
self.get_tracker().get_version()
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in get_version
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: return
pki.util.Version(version)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: File
"/usr/lib/python3.9/site-packages/pki/util.py", line 613, in __init__
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: raise
Exception('Unable to parse version number: %s' % obj)
May 29 12:12:35 kdc.sub.domain.tld pki-server[36733]: Exception: Unable to
parse version number: "11.5.0"
The only way to get this string in double quotes is if it was in double
quotes in the original file:
-----------------------------------------------------------------
obj = "11.5.0"
m = re.match(r'^(\d+)\.(\d+)\.(\d+)', obj)
m.group(2)
'5'
raise Exception('Unable to parse version number: %s' % obj)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
Exception: Unable to parse version number: 11.5.0
obj = '"11.5.0"'
m = re.match(r'^(\d+)\.(\d+)\.(\d+)', obj)
m.group(2)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'NoneType' object has no attribute 'group'
raise Exception('Unable to parse version number: %s' % obj)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
Exception: Unable to parse version number: "11.5.0"
-----------------------------------------------------------------
So I still think there is something wrong with the file it reads...
If I revert it to 11.4.2, so it looks as though it is not reading this file
for getting this information.
# cat /etc/pki/pki.version
Configuration-Version: 11.4.2
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running
May 29 12:17:08 kdc.sub.domain.tld systemd[1]: Starting PKI Tomcat Server
pki-tomcat...
May 29 12:17:08 kdc.sub.domain.tld pki-server[37297]: ERROR: Unable to
parse version number: "11.5.0"
Strange.
On Tue, May 28, 2024 at 7:35 PM Rob Crittenden <[email protected]> wrote:
Natxo Asenjo via FreeIPA-users wrote:
> hi,
>
> no, it's without quotes but the rolledback version:
>
> Configuration-Version: 11.4.2
>
> I tried modifiying it to 11.5.0 and ipactl restart, but it does not help
> (reset it to the proper value 11.4.2 now)
Did the error change when you switched to 11.4.2? You didn't include a
new traceback.
rob
>
>
>
> On Fri, May 24, 2024 at 5:14 PM Alexander Bokovoy <[email protected]
> <mailto:[email protected]>> wrote:
>
> On Fri, 24 May 2024, Natxo Asenjo via FreeIPA-users wrote:
> >hi,
> >
> >after a botched update
> (https://access.redhat.com/solutions/7065748) and
> >rolling back the changes, this service will not start:
> >
> ># ipactl status
> >Directory Service: RUNNING
> >krb5kdc Service: RUNNING
> >kadmin Service: RUNNING
> >named Service: RUNNING
> >httpd Service: RUNNING
> >ipa-custodia Service: RUNNING
> >pki-tomcatd Service: STOPPED
> >smb Service: RUNNING
> >winbind Service: RUNNING
> >ipa-otpd Service: RUNNING
> >ipa-dnskeysyncd Service: RUNNING
> >1 service(s) are not running
> >
> >in journalctl I found this stdout/stderr messages:
> >
> >
> >May 24 11:40:35 kdc1.sub.domain.tld named[27437]: zone
> sub.domain.tld/IN:
> >sending notifies (serial 1716543629)
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: ERROR:
Unable to
> >parse version number: "11.5.0"
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Traceback
(most
> >recent call last):
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line
41, in
> ><module>
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >cli.execute(sys.argv)
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line
> 145, in
> >execute
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >super().execute(args)
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217,
> in execute
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >module.execute(module_args)
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line
> 144, in
> >execute
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> self.upgrade(
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line
> 178, in
> >upgrade
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> >upgrader.upgrade()
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 481, in
upgrade
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: versions
=
> >self.versions()
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 238, in
> versions
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> current_version
> >= self.get_current_version()
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 341, in
> >get_current_version
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]:
> current_version
> >= self.get_tracker().get_version()
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/upgrade.py", line 141, in
> get_version
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: return
> >pki.util.Version(version)
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: File
> >"/usr/lib/python3.9/site-packages/pki/util.py", line 613, in
__init__
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: raise
> >Exception('Unable to parse version number: %s' % obj)
> >May 24 11:40:35 kdc1.sub.domain.tld pki-server[27758]: Exception:
> Unable to
> >parse version number: "11.5.0"
>
> What do you have in /etc/pki/pki.version file? Is it literally
>
> # cat /etc/pki/pki.version
> Configuration-Version: "11.5.0"
>
> ? If so, then remove quotes around 11.5.0, they are not expected.
>
> >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
> >[email protected]: Control process exited,
code=exited,
> >status=1/FAILURE
> >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]:
> >[email protected]: Failed with result 'exit-code'.
> >May 24 11:40:35 kdc1.sub.domain.tld systemd[1]: Failed to start PKI
> Tomcat
> >Server pki-tomcat.
> >
> >So it seems something is broken on this upgrade script. This is in
in
> >almalinux 9.3
> >ipa-server-4.10.2-5.el9_3.alma.1.x86_64
> >
> >I cannot upgrade because I get bitten by the named ldap thing, even
> though
> >the versions are newer.
> >
> >I will create a replicat to a rhel host but first I need to get the
> CA up
> >and running obviously :-).
> >
> >Any ideas?
> >
> >Thanks!
> >
> >--
> >regards,
> >
> >natxo
> >
> >--
> >--
> >Groeten,
> >natxo
>
>
>
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
>
>
>
> --
> --
> Groeten,
> natxo
>
> --
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to
[email protected]
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
>
--
--
Groeten,
natxo
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
