Bug 1023086

Summary: server install failure during client enrollment shouldn't roll back
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED CURRENTRELEASE QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: pviktori, rcritten, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.3.2-4.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:44:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Kosek 2013-10-24 15:09:02 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3990

Endi had a problem installing his IPA server. It kept failing during the client enrollment, which when failing tries to roll back the changes made. I think that in master mode the rollback should be skipped so you end up with a more debugable result.

{{{
2013-10-21T18:34:09Z DEBUG Could not connect socket to 10.16.96.111:443, error: (PR_CONNECT_RESET_ERROR) TCP connection reset by peer.
2013-10-21T18:34:09Z DEBUG Try to continue with next family...
2013-10-21T18:34:09Z ERROR Cannot connect to the server due to generic error: cannot connect to 'https://cloud-qe-4.idm.lab.bos.redhat.com/ipa/xml': Could not connect to cloud-qe-4.idm.lab.bos.redhat.com using any address: (PR_ADDRESS_NOT_SUPPORTED_ERROR) Network address type not supported.
2013-10-21T18:34:09Z ERROR Installation failed. Rolling back changes. 
}}}

As a side note, it looks like the installation was failing because Apache wasn't quite starting up properly due to exhausting all the system semaphores. This was evidenced by the error message:

[Mon Oct 21 14:53:08.684987 2013] [core:emerg] [pid 490] (28)No space left on device: AH00023: Couldn't create the mpm-accept mutex

It was cleaned up using ipcs and ipcrm in a loop.

{{{
for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done
}}}
Comment 1 Petr Viktorin (pviktori) 2013-10-25 12:01:23 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/c518a80ab7faa8cbb399e3ed32c213ad518d997c
ipa-3-3: https://fedorahosted.org/freeipa/changeset/24073d22e2e829ccba49e698c45e07b69cf25770
Comment 3 Scott Poore 2014-01-29 17:23:25 UTC 
Verified.

Version ::

ipa-server-3.3.3-15.el7.x86_64

Test Results ::

IN WINDOW1:

[root@rhel7-4 ~]# ipa-server-install --setup-dns --forwarder=$DNSFORWARD --hostname=$MASTER     -r $REALM -n $DOMAIN -p Secret123 -P Secret123 -a Secret123 -U

...

IN WINDOW2:

Wait for Restarting web server message in WINDOW1 then run:
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
[root@rhel7-4 ~]# killall httpd
httpd: no process found

IN WINDOW1:

Restarting the web server
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain example.com --server rhel7-4.example.com --realm EXAMPLE.COM --hostname rhel7-4.example.com' returned non-zero exit status 1

[root@rhel7-4 ~]# 

Did not rollback.
Comment 4 Ludek Smid 2014-06-13 12:44:26 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.