Rob Crittenden via FreeIPA-users <[email protected]>
writes:
> Jochen Kellner via FreeIPA-users wrote:
>>
>> Hi,
>>
>> I've re-installed my test system with Fedora 40. ipa-healthcheck says:
>>
>> {
>> "source": "ipahealthcheck.ipa.files",
>> "check": "TomcatFileCheck",
>> "result": "WARNING",
>> "uuid": "0cad1a21-d450-4c68-845f-e72a640af360",
>> "when": "20240610020014Z",
>> "duration": "0.000986",
>> "kw": {
>> "key": "_var_lib_pki_pki-tomcat_conf_ca_CS.cfg_mode",
>> "path": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg",
>> "type": "mode",
>> "expected": "0660",
>> "got": "0664",
>> "msg": "Permissions of /var/lib/pki/pki-tomcat/conf/ca/CS.cfg are too
>> permissive: 0664 and should be 0660"
>> }
>> },
>>
>> Otherwise the system seems to run fine. Might be a packaging problem...
>
> Were only IPA packages updated or also dogtag-pki* or tomcat? I assume
> healthcheck output was clean prior to upgrading? I'm trying to narrow
> down where to look for the root cause.
The system had been newly installed. The first entry in dnf.rpm.log is
from 2024-06-04T21:02:05+0200.
These are the entries for 'grep -E "(ipa|pki)" /var/log/dnf.rpm.log':
2024-06-04T21:53:06+0200 SUBDEBUG Installed:
freeipa-client-common-4.12.0-1.fc40.noarch
2024-06-04T21:53:06+0200 SUBDEBUG Installed: krb5-pkinit-1.21.2-5.fc40.x86_64
2024-06-04T21:53:07+0200 SUBDEBUG Installed: libipa_hbac-2.9.5-1.fc40.x86_64
2024-06-04T21:53:07+0200 SUBDEBUG Installed:
python3-dogtag-pki-11.5.0-3.fc40.noarch
2024-06-04T21:53:07+0200 SUBDEBUG Installed:
dogtag-pki-base-11.5.0-3.fc40.noarch
2024-06-04T21:53:08+0200 SUBDEBUG Installed:
python3-libipa_hbac-2.9.5-1.fc40.x86_64
2024-06-04T21:53:09+0200 SUBDEBUG Installed: sssd-ipa-2.9.5-1.fc40.x86_64
2024-06-04T21:53:10+0200 SUBDEBUG Installed:
freeipa-server-common-4.12.0-1.fc40.noarch
2024-06-04T21:53:10+0200 SUBDEBUG Installed:
freeipa-selinux-4.12.0-1.fc40.noarch
2024-06-04T21:53:23+0200 SUBDEBUG Installed: freeipa-common-4.12.0-1.fc40.noarch
2024-06-04T21:53:24+0200 SUBDEBUG Installed: python3-ipalib-4.12.0-1.fc40.noarch
2024-06-04T21:53:24+0200 SUBDEBUG Installed:
python3-ipaclient-4.12.0-1.fc40.noarch
2024-06-04T21:53:25+0200 SUBDEBUG Installed:
python3-ipaserver-4.12.0-1.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed:
pki-resteasy-jackson2-provider-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed:
pki-resteasy-core-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed:
pki-resteasy-client-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed:
pki-resteasy-servlet-initializer-3.0.26-29.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed:
dogtag-pki-java-11.5.0-3.fc40.noarch
2024-06-04T21:53:27+0200 SUBDEBUG Installed:
dogtag-pki-tools-11.5.0-3.fc40.x86_64
2024-06-04T21:53:30+0200 SUBDEBUG Installed:
freeipa-healthcheck-core-0.16-5.fc40.noarch
2024-06-04T21:53:32+0200 SUBDEBUG Installed:
dogtag-pki-server-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed:
dogtag-pki-acme-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: dogtag-pki-ca-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: dogtag-pki-kra-11.5.0-3.fc40.noarch
2024-06-04T21:53:33+0200 SUBDEBUG Installed: freeipa-client-4.12.0-1.fc40.x86_64
2024-06-04T21:53:33+0200 SUBDEBUG Installed: freeipa-server-4.12.0-1.fc40.x86_64
2024-06-04T21:53:42+0200 SUBDEBUG Installed:
freeipa-server-dns-4.12.0-1.fc40.noarch
2024-06-05T06:51:41+0200 SUBDEBUG Installed:
freeipa-server-trust-ad-4.12.0-1.fc40.x86_64
2024-06-05T06:51:53+0200 SUBDEBUG Installed:
freeipa-healthcheck-0.16-5.fc40.noarch
ipa-server-install.log starts at 2024-06-04T20:34:53Z, there is no file
ipaupgrade.log.
These are the only updates applied since installation:
root@freeipa:/var/log# grep Upgrade dnf.rpm.log
2024-06-06T06:37:56+0200 SUBDEBUG Upgrade: qt5-srpm-macros-5.15.14-1.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgrade: git-core-2.45.2-2.fc40.x86_64
2024-06-06T06:37:56+0200 SUBDEBUG Upgrade:
apache-commons-io-1:2.16.1-1.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgraded:
qt5-srpm-macros-5.15.13-1.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgraded:
apache-commons-io-1:2.13.0-8.fc40.noarch
2024-06-06T06:37:56+0200 SUBDEBUG Upgraded: git-core-2.45.1-1.fc40.x86_64
2024-06-07T17:04:15+0200 SUBDEBUG Upgrade: iproute-6.7.0-2.fc40.x86_64
2024-06-07T17:04:15+0200 SUBDEBUG Upgraded: iproute-6.7.0-1.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgrade:
rsvg-pixbuf-loader-2.57.1-6.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgrade: librsvg2-2.57.1-6.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgrade: libdrm-2.4.121-1.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgraded: librsvg2-2.57.1-4.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgraded:
rsvg-pixbuf-loader-2.57.1-4.fc40.x86_64
2024-06-09T06:36:16+0200 SUBDEBUG Upgraded: libdrm-2.4.120-3.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-filesystem-24.0.9-1.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-va-drivers-24.0.9-1.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-libglapi-24.0.9-1.fc40.x86_64
2024-06-10T06:21:12+0200 SUBDEBUG Upgrade: mesa-dri-drivers-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: mesa-libgbm-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: mesa-libEGL-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: mesa-libGL-24.0.9-1.fc40.x86_64
2024-06-10T06:21:13+0200 SUBDEBUG Upgrade: fontconfig-2.15.0-6.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libEGL-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libGL-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libgbm-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-libglapi-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded:
mesa-dri-drivers-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-va-drivers-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: mesa-filesystem-24.0.8-1.fc40.x86_64
2024-06-10T06:21:14+0200 SUBDEBUG Upgraded: fontconfig-2.15.0-4.fc40.x86_64
> In any case I'd heed the warning and tighten up the perms.
Thanks a lot.
> Thanks for the report.
You're welcome!
Jochen
--
This space is intentionally left blank.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
