Comments page #1 of 3 pages

  • Thank you for this quick update.

    karma: +1 critpath: +1 #1718192: +1
  • Unfortunately without #1718192 fixed in systemd for Fedora 30, this update is a show stopper.

    critpath: -1
  • iwlwifi issue with 5350 AGN: #1626691

    critpath: -1
  • Resolves #1540703. Thank you.

    karma: +1 critpath: +1
  • I confirm this fixes #1514820 (that I had re-opened). However I did have to add --ignore-db-dirs=.rocksdb to get around #1530511.

    karma: +1
  • @gtwilliams, correct. But the 101.2.10 builds don't provide it:

    # dnf --refresh --best --enablerepo=updates-testing provides 'libmysqlclient.so.18()(64bit)'
    Last metadata expiration check: 0:00:00 ago on Sun 17 Dec 2017 11:14:18 AM CST.
    mariadb-libs-3:10.2.9-3.fc27.x86_64 : The shared libraries required for MariaDB/MySQL clients
    Repo        : @System
    Matched from:
    Provide    : libmysqlclient.so.18()(64bit)
    
    mariadb-libs-3:10.2.9-3.fc27.x86_64 : The shared libraries required for MariaDB/MySQL clients
    Repo        : fedora
    Matched from:
    Provide    : libmysqlclient.so.18()(64bit)
    
  • @mschorm for my comment above regarding package dependency issues...

    Do the dependent packages need to be rebuilt against new versions of mariadb? For example, mysql-connector-odbc hasn't had any change except for being rebuilt since Fedora 23: https://src.fedoraproject.org/rpms/mysql-connector-odbc/commits/f27.

    Or does mariadb need to provide libmysqlclient.so.18()(64bit)?

  • I'm never sure where devs want the feedback (the bug or bohdi). Thank you @rharwood for clarifying and providing the link to the issue with KCM.

  • @rharwood, this doesn't seem to resolve #1514241 for me.

    I am however using sssd-kcm. In https://bugzilla.redhat.com/show_bug.cgi?id=1514241#c10 you mentioned erasing sssd-kcm. Is gssproxy/nfs/krb5 not going to work when using sssd-kcm? If so are there plans to address this (as sssd-kcm became the default),

  • I haven't installed, but what in this version is supposed to provide libmysqlclient.so.18()(64bit)?

    Problem: problem with installed package mysql-connector-odbc-5.3.4-6.fc26.x86_64
    - package mysql-connector-odbc-5.3.4-6.fc26.x86_64 requires libmysqlclient.so.18()(64bit), but none of the providers can be installed
    - cannot install both mariadb-libs-3:10.2.10-2.fc27.x86_64 and mariadb-libs-3:10.2.9-3.fc27.x86_64
    - cannot install both mariadb-libs-3:10.2.9-3.fc27.x86_64 and mariadb-libs-3:10.2.10-2.fc27.x86_64
    - cannot install the best update candidate for package mariadb-libs-3:10.2.9-3.fc27.x86_64
    
  • @pvoborni, thank you for the link to https://pagure.io/freeipa/issue/4967. I followed some notes there and got DNSSEC reinstalled on the master and things seem to be working again.

    #1489184: +1
  • On the replica:

    ipalib.install.kinit: DEBUG    Attempt 1/5: success
    ipa-dnskeysync-replica: DEBUG    Got TGT
    ipa-dnskeysync-replica: DEBUG    Connecting to LDAP
    ipa-dnskeysync-replica: DEBUG    Connected
    Traceback (most recent call last):
    File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 169, in <module>
        open(paths.DNSSEC_SOFTHSM_PIN).read())
    File "/usr/lib/python2.7/site-packages/ipaserver/dnssec/localhsm.py", line 96, in __init__
        self.p11 = _ipap11helper.P11_Helper(label, pin, library)
    File "/usr/lib/python2.7/site-packages/ipaserver/p11helper.py", line 874, in __init__
        raise Error("No slot for label {} found".format(self.token_label))
    ipaserver.p11helper.Error: No slot for label ipaDNSSEC found
    Exception AttributeError: "'LocalHSM' object has no attribute 'p11'" in <bound method LocalHSM.__del__ of <ipaserver.dnssec.localhsm.LocalHSM object at 0x7f7325688650>> ignored
    
  • This resolves the issue on a my IPA DNSSEC master, but on the replica:

    ipa-dnskeysyncd: INFO     Commencing sync process
    ipaserver.dnssec.keysyncer: INFO     Initial LDAP dump is done, sychronizing with ODS and BIND
    Traceback (most recent call last):
    File "/usr/libexec/ipa/ipa-dnskeysyncd", line 116, in <module>
        while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
    File "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 404, in syncrepl_poll
        self.syncrepl_refreshdone()
    File "/usr/lib/python2.7/site-packages/ipaserver/dnssec/keysyncer.py", line 120, in syncrepl_refreshdone
        self.hsm_replica_sync()
    File "/usr/lib/python2.7/site-packages/ipaserver/dnssec/keysyncer.py", line 186, in hsm_replica_sync
        ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA])
    File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 523, in run
        raise CalledProcessError(p.returncode, arg_string, str(output))
    subprocess.CalledProcessError: Command '/usr/libexec/ipa/ipa-dnskeysync-replica' returned non-zero exit status 1
    
    #1489184: +1
  • After https://pagure.io/koji/c/06818122ab0fcb3f2c4bd1c9b067a52dc948a5ad, an issue similar to https://pagure.io/koji/issue/231 has popped up again for build notifications. RPMs seem to make it through the builds properly.

    Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/koji/daemon.py", line 1219, in runTask
        response = (handler.run(),)
    File "/usr/lib/python2.7/site-packages/koji/tasks.py", line 162, in run
        return koji.util.call_with_argcheck(self.handler, self.params, self.opts)
    File "/usr/lib/python2.7/site-packages/koji/util.py", line 205, in call_with_argcheck
        return func(*args, **kwargs)
    File "/usr/sbin/kojid", line 4779, in handler
        creation_time = koji.formatTimeLong(build['creation_time'])
    File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2795, in formatTimeLong
        localtime = time.mktime(time.strptime(formatTime(value), '%Y-%m-%d %H:%M:%S'))
    File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2781, in formatTime
        dotidx = value.rfind('.')
    AttributeError: DateTime instance has no attribute 'rfind'
    
    karma: +1 critpath: -1
  • Keeping karma neutral since I'm using the freeipa-4-6 copr repo for F26 (same FreeIPA version though)...

    The SELinux execmem patch causes

    [wsgi:error] [pid 3033] ipa: ERROR: Failed to start IPA: 'NoneType' object has no attribute 'inject_into_urllib3'
    [wsgi:error] [pid 3032] [remote <IP ADDR>] mod_wsgi (pid=3032): Target WSGI script '/usr/share/ipa/wsgi.py' does not contain WSGI application 'application'.
    

    Commenting out #sys.modules['requests.packages.urllib3.contrib.pyopenssl'] = None in /usr/share/ipa/wsgi.py allows httpd's IPA wsgi to at least start.

    However, the WebUI then fails"

    ipa: INFO: user@EXAMPLE.COM: batch: i18n_messages(): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: config_show(): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: whoami(): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: env(None): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: dns_is_enabled(): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: trustconfig_show(): NotFound
    ipa: INFO: user@EXAMPLE.COM: batch: domainlevel_get(): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: ca_is_enabled(): SUCCESS
    ipa: INFO: user@EXAMPLE.COM: batch: vaultconfig_show(): InvocationError
    ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: batch(({'method': 'i18n_messages', 'params': ([], {})}, {'method': 'config_show', 'params': ([], {})}, {'method': 'whoami', 'params': ([], {})}, {'method': 'env', 'params': ([], {})}, {'method': 'dns_is_enabled', 'params': ([], {})}, {'method': 'trustconfig_show', 'params': ([], {})}, {'method': 'domainlevel_get', 'params': ([], {})}, {'method': 'ca_is_enabled', 'params': ([], {})}, {'method': 'vaultconfig_show', 'params': ([], {})}), version='2.229'): SUCCESS
    failed to set perms (3140) on file (/var/run/ipa/ccaches/user@EXAMPLE.COM)!, referer: https://ipa41a.ipa.example.com/ipa/ui/
    failed to set perms (3140) on file (/var/run/ipa/ccaches/user@EXAMPLE.COM)!, referer: https://ipa41a.ipa.example.com/ipa/ui/
    ipa: ERROR: non-public: AttributeError: 'dict_keys' object has no attribute 'pop'
    Traceback (most recent call last):
      File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
        result = command(*args, **options)
      File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
        return self.__do_call(*args, **options)
      File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
        ret = self.run(*args, **options)
      File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
        return self.execute(*args, **options)
      File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 85, in execute
        (o.name, json_serialize(o)) for o in self.api.Object()
      File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 86, in <genexpr>
        if o is self.api.Object[o.name]
      File "/usr/lib/python3.6/site-packages/ipalib/util.py", line 88, in json_serialize
        return json_serialize(obj.__json__())
      File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 798, in __json__
        attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
      File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 398, in attribute_types
        structural_oc = self.get_structural_oc(object_class_list)
      File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 301, in get_structural_oc
        oid = struct_oc_list.pop()
    AttributeError: 'dict_keys' object has no attribute 'pop'
    
    ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: json_metadata(None, None, object='all', version='2.229'): InternalError
    ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: user_show/1('user', all=True, version='2.229'): SUCCESS
    
  • Can this update be moved to testing?