FEDORA-2017-9a6df5d962 created by adamwill 2 years ago for Fedora 27
stable

This update is intended to fix a couple of significant bugs for Fedora 27 Beta. #1490762 prevented server deployment working with SELinux enabled, and #1491056 prevented client enrolment via kickstart working correctly.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-9a6df5d962
This update has been submitted for testing by adamwill. 2 years ago
This update has been pushed to testing. 2 years ago
User Icon amessina commented & provided feedback 2 years ago

Keeping karma neutral since I'm using the freeipa-4-6 copr repo for F26 (same FreeIPA version though)...

The SELinux execmem patch causes

[wsgi:error] [pid 3033] ipa: ERROR: Failed to start IPA: 'NoneType' object has no attribute 'inject_into_urllib3'
[wsgi:error] [pid 3032] [remote <IP ADDR>] mod_wsgi (pid=3032): Target WSGI script '/usr/share/ipa/wsgi.py' does not contain WSGI application 'application'.

Commenting out #sys.modules['requests.packages.urllib3.contrib.pyopenssl'] = None in /usr/share/ipa/wsgi.py allows httpd's IPA wsgi to at least start.

However, the WebUI then fails"

ipa: INFO: user@EXAMPLE.COM: batch: i18n_messages(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: config_show(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: whoami(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: env(None): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: dns_is_enabled(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: trustconfig_show(): NotFound
ipa: INFO: user@EXAMPLE.COM: batch: domainlevel_get(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: ca_is_enabled(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: vaultconfig_show(): InvocationError
ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: batch(({'method': 'i18n_messages', 'params': ([], {})}, {'method': 'config_show', 'params': ([], {})}, {'method': 'whoami', 'params': ([], {})}, {'method': 'env', 'params': ([], {})}, {'method': 'dns_is_enabled', 'params': ([], {})}, {'method': 'trustconfig_show', 'params': ([], {})}, {'method': 'domainlevel_get', 'params': ([], {})}, {'method': 'ca_is_enabled', 'params': ([], {})}, {'method': 'vaultconfig_show', 'params': ([], {})}), version='2.229'): SUCCESS
failed to set perms (3140) on file (/var/run/ipa/ccaches/user@EXAMPLE.COM)!, referer: https://ipa41a.ipa.example.com/ipa/ui/
failed to set perms (3140) on file (/var/run/ipa/ccaches/user@EXAMPLE.COM)!, referer: https://ipa41a.ipa.example.com/ipa/ui/
ipa: ERROR: non-public: AttributeError: 'dict_keys' object has no attribute 'pop'
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
    result = command(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
    return self.execute(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 85, in execute
    (o.name, json_serialize(o)) for o in self.api.Object()
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 86, in <genexpr>
    if o is self.api.Object[o.name]
  File "/usr/lib/python3.6/site-packages/ipalib/util.py", line 88, in json_serialize
    return json_serialize(obj.__json__())
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 798, in __json__
    attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
  File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 398, in attribute_types
    structural_oc = self.get_structural_oc(object_class_list)
  File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 301, in get_structural_oc
    oid = struct_oc_list.pop()
AttributeError: 'dict_keys' object has no attribute 'pop'

ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: json_metadata(None, None, object='all', version='2.229'): InternalError
ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: user_show/1('user', all=True, version='2.229'): SUCCESS
maxamillion edited this update. 2 years ago
karma
BZ#1490762 Ipa-server-install update dse.ldif with wrong SELinux context
BZ#1491056 FreeIPA enrolment via kickstart fails
This update has been submitted for stable by bodhi. 2 years ago
This update has been pushed to stable. 2 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1490762 Ipa-server-install update dse.ldif with wrong SELinux context
0
1
BZ#1491056 FreeIPA enrolment via kickstart fails
0
1

Automated Test Results