Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-9.7
Affects Version/s: rhel-9.6
Component/s: ipa
Labels:

Fixed in Build:
ipa-4.12.2-15.el9
Regression:
No
Severity:
Important
Epic Link:
FREEIPA-11990
sprint_count:
1

Pool Team:

rhel-sst-idm-ipa
AssignedTeam:
rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Dev Target Milestone:
6
Internal Target Milestone:
8
Story Points:
2
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
2025-Q2-Bravo-S2

Git Pull Request:
https://github.com/freeipa/freeipa/pull/7726
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/148368
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:
Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The ipa-server rpm breaks the upgrade DNF transaction when upgrading RHEL 9 to RHEL 10 as the preun scriptlet is not properly written to be compatible with leapp upgrades:

[  192.092980] upgrade[839]:               Running scriptlet: ipa-server-4.12.2-13.el9.x86_64                   936/1837
[  192.093177] upgrade[839]:             System has not been booted with systemd as init system (PID 1). Can't operate.
[  192.093366] upgrade[839]:             Failed to connect to system scope bus via local transport: Host is down
[  192.093558] upgrade[839]:             System has not been booted with systemd as init system (PID 1). Can't operate.
[  192.093661] upgrade[839]:             Failed to connect to system scope bus via local transport: Host is down
[  192.093863] upgrade[839]:             System has not been booted with systemd as init system (PID 1). Can't operate.
[  192.094140] upgrade[839]:             Failed to connect to system scope bus via local transport: Host is down
[  192.094334] upgrade[839]:             error: %preun(ipa-server-4.12.2-13.el9.x86_64) scriptlet failed, exit status 1
[  192.094527] upgrade[839]:

The current implementation inside leapp-repository component inhibit the upgrade if ipa-server rpm signed by RH is installed and configured. However, if the system has installed the package but IPA server is not configured, the inhibitor is not raised and the upgrade crashes after the point-of-no-return. Visible from the machine before the upgrade:

Type: IpaInfo
Message_data:
{
    "has_client_package": true,
    "has_server_package": true,
    "is_client_configured": false,
    "is_server_configured": false
}

RHEL RPMs must not damage the upgrade transaction and scriptlets in RPMs must be adjusted properly so issue like this does not happen. For this purposes you can check e.g. "LEAPP_IPU_IN_PROGRESS" envar inside the scriptlet to see whether the in-place upgrade between major versions of RHEL is running. The envar has in such a case value "XtoY" where X and Y are source and target major versions of RHEL systems where the upgrade is happening. In case of IPU 9 -> 10, it would be "9to10".

Expected result:
The scriptlet is properly adjusted so it does not fail during the DNF upgrade transaction executed during the upgrade of the system with leapp (when LEAPP_IPU_IN_PROGRESS is set)

Additional info:
Note that this particular DNF transaction is executed from the container, so it's expected that systemd is not running, etc..

links to

RHBA-2025:148368 ipa update

Assignee:: Florence Renaud

Reporter:: Petr Stodulka

Developer:: Florence Renaud

QA Contact:: Anuja More

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2025/03/04 11:13 AM

Updated:: 2025/04/24 12:50 PM

Dev Target end:: 2025/04/07

Target end:: 2025/04/21

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates