stable

freeipa-4.6.0-3.fc27

FEDORA-2017-9a6df5d962 created by adamwill 7 years ago for Fedora 27

This update is intended to fix a couple of significant bugs for Fedora 27 Beta. #1490762 prevented server deployment working with SELinux enabled, and #1491056 prevented client enrolment via kickstart working correctly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-9a6df5d962

This update has been submitted for testing by adamwill.

7 years ago

This update has been pushed to testing.

7 years ago
User Icon amessina commented & provided feedback 7 years ago

Keeping karma neutral since I'm using the freeipa-4-6 copr repo for F26 (same FreeIPA version though)...

The SELinux execmem patch causes

[wsgi:error] [pid 3033] ipa: ERROR: Failed to start IPA: 'NoneType' object has no attribute 'inject_into_urllib3'
[wsgi:error] [pid 3032] [remote <IP ADDR>] mod_wsgi (pid=3032): Target WSGI script '/usr/share/ipa/wsgi.py' does not contain WSGI application 'application'.

Commenting out #sys.modules['requests.packages.urllib3.contrib.pyopenssl'] = None in /usr/share/ipa/wsgi.py allows httpd's IPA wsgi to at least start.

However, the WebUI then fails"

ipa: INFO: user@EXAMPLE.COM: batch: i18n_messages(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: config_show(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: whoami(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: env(None): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: dns_is_enabled(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: trustconfig_show(): NotFound
ipa: INFO: user@EXAMPLE.COM: batch: domainlevel_get(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: ca_is_enabled(): SUCCESS
ipa: INFO: user@EXAMPLE.COM: batch: vaultconfig_show(): InvocationError
ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: batch(({'method': 'i18n_messages', 'params': ([], {})}, {'method': 'config_show', 'params': ([], {})}, {'method': 'whoami', 'params': ([], {})}, {'method': 'env', 'params': ([], {})}, {'method': 'dns_is_enabled', 'params': ([], {})}, {'method': 'trustconfig_show', 'params': ([], {})}, {'method': 'domainlevel_get', 'params': ([], {})}, {'method': 'ca_is_enabled', 'params': ([], {})}, {'method': 'vaultconfig_show', 'params': ([], {})}), version='2.229'): SUCCESS
failed to set perms (3140) on file (/var/run/ipa/ccaches/user@EXAMPLE.COM)!, referer: https://ipa41a.ipa.example.com/ipa/ui/
failed to set perms (3140) on file (/var/run/ipa/ccaches/user@EXAMPLE.COM)!, referer: https://ipa41a.ipa.example.com/ipa/ui/
ipa: ERROR: non-public: AttributeError: 'dict_keys' object has no attribute 'pop'
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
    result = command(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
    return self.execute(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 85, in execute
    (o.name, json_serialize(o)) for o in self.api.Object()
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/internal.py", line 86, in <genexpr>
    if o is self.api.Object[o.name]
  File "/usr/lib/python3.6/site-packages/ipalib/util.py", line 88, in json_serialize
    return json_serialize(obj.__json__())
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 798, in __json__
    attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
  File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 398, in attribute_types
    structural_oc = self.get_structural_oc(object_class_list)
  File "/usr/lib64/python3.6/site-packages/ldap/schema/subentry.py", line 301, in get_structural_oc
    oid = struct_oc_list.pop()
AttributeError: 'dict_keys' object has no attribute 'pop'

ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: json_metadata(None, None, object='all', version='2.229'): InternalError
ipa: INFO: [jsonserver_session] user@EXAMPLE.COM: user_show/1('user', all=True, version='2.229'): SUCCESS

maxamillion edited this update.

6 years ago
karma
BZ#1490762 Ipa-server-install update dse.ldif with wrong SELinux context
BZ#1491056 FreeIPA enrolment via kickstart fails

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
6 years ago
modified
6 years ago
BZ#1490762 Ipa-server-install update dse.ldif with wrong SELinux context
0
1
BZ#1491056 FreeIPA enrolment via kickstart fails
0
1

Automated Test Results