Bug 1044202
Summary: | db2bak.pl issue when specifying non-default directory | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Nathan Kinder <nkinder> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | unspecified | Docs Contact: | |
Priority: | low | ||
Version: | 7.0 | CC: | amsharma, nhosoi |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.3.1-1.el7 | Doc Type: | Bug Fix |
Doc Text: |
Cause: If "-a backup_directory" is given to the db2bak.pl utility, the backup_directory is not supposed to exist. If it exists, it fails to create a symbolic link to the specified backup_directory.
Consequence: The utility fails to create a back up in the specified backup_directory.
Fix: Introduced a new option "-A backup_directory".
Result: Even if the backup_directory exists, another level of directory with the format "ID-<date_time>" is created under the backup_directory as a symbolic link. The backup is successfully created in backup_directory/ID-<date_time>.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 09:33:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nathan Kinder
2013-12-17 21:54:28 UTC
[root@dhcp201-126 ~]# rpm -qa | grep 389 389-ds-base-libs-1.3.3.1-10.el7.x86_64 389-ds-base-1.3.3.1-10.el7.x86_64 389-ds-base-debuginfo-1.3.3.1-10.el7.x86_64 /usr/lib64/dirsrv/slapd-dhcp201-126/db2bak.pl -v -D "cn=Directory Manager" -w Secret123 -a /export/backup Back up directory: /export/backup ldap_initialize( ldap://dhcp201-126.englab.pnq.redhat.com:389 ) Successfully added task entry "cn=backup_2014_12_29_12_52_9, cn=backup, cn=tasks, cn=config" Failed to create a symlink from /var/lib/dirsrv/slapd-dhcp201-126/bak/backup to /export/backup Am I missing anything, please guide. Thanks, Ami Hi Ami, Sorry about my not providing the details for the verification steps... If '-a backupdir' is given, the backupdir should not exist and the dir should be under selinux permission. So, most likely, you'd better run your test with the permissive mode. As you see in the following description, could you please "-A backupdir" with an existing backupdir? ====================================================================== Bug description: db2bak.pl takes an option "-a backupdir", which is supposed to be generated by the server and used as a backup directory. But since the created directory inherits the parent's selinux context, it fails to store the backup files in the directory. Fix description: As the reporter agaviola suggested, it should be a good idea to add one more level to the archive directory. $archivedir = "${archivedir}/ID-${yr}_${mn}_${dy}_${h}_${m}_${s}"; But to keep the backward compatibility, introducing a new option "-A backupdir" and when "-A" is given, storing the backup files in the nested backup directory. If the option is "-a backupdir", the backup files are stored in the backupdir. Respecting the selinux policy, the server and its utilities are not supposed to create a file/directory where it is not allowed. This patch creates a symlink from the back up location to the specified path by a user. bak2db.pl follows the symlink and restore from the back up directory. ====================================================================== I guess we should open a bug for a doc and man page to add "-A backupdir"... Please note that the usage of db2bak.pl shows these lines: -A backupdir - Backup directory (backupdir/ID-<date_time>) -a backupdir - Backup directory\n Thanks Noriko for detailed information. Doc bug created :: https://bugzilla.redhat.com/show_bug.cgi?id=1178640 [root@dhcp201-126 ~]# rpm -qa | grep 389 389-ds-base-libs-1.3.3.1-10.el7.x86_64 389-ds-base-1.3.3.1-10.el7.x86_64 389-ds-base-debuginfo-1.3.3.1-10.el7.x86_64 [root@dhcp201-126 ~]# getenforce Enforcing [root@dhcp201-126 ~]# setenforce 0 [root@dhcp201-126 ~]# getenforce Permissive [root@dhcp201-126 ~]# ls -al /export/backup total 4 drwxrwxrwx. 2 root root 6 Dec 29 12:50 . drwxr-xr-x. 7 root root 4096 Dec 30 13:19 .. [root@dhcp201-126 ~]# /usr/lib64/dirsrv/slapd-dhcp201-126/db2bak.pl -v -D "cn=Directory Manager" -w Secret123 -A /export/backup Back up directory: /export/backup/dhcp201-126-2015_1_5_14_0_41 ldap_initialize( ldap://dhcp201-126.englab.pnq.redhat.com:389 ) Successfully added task entry "cn=backup_2015_1_5_14_0_41, cn=backup, cn=tasks, cn=config" [root@dhcp201-126 ~]# /usr/lib64/dirsrv/slapd-dhcp201-126/db2bak.pl -v -D "cn=Directory Manager" -w Secret123 -a /export/non_existing_backup Back up directory: /export/non_existing_backup ldap_initialize( ldap://dhcp201-126.englab.pnq.redhat.com:389 ) Successfully added task entry "cn=backup_2015_1_5_14_1_0, cn=backup, cn=tasks, cn=config" [root@dhcp201-126 ~]# ls -al /export lrwxrwxrwx. 1 root root 57 Jan 5 14:01 non_existing_backup -> /var/lib/dirsrv/slapd-dhcp201-126/bak/non_existing_backup [root@dhcp201-126 ~]# ls -al /export/non_existing_backup/ total 10268 drwx------. 3 nobody nobody 103 Jan 5 14:01 . drwxrwx---. 4 nobody nobody 67 Jan 5 14:01 .. -rw-------. 1 nobody nobody 51 Jan 5 14:01 DBVERSION -rw-------. 1 nobody nobody 14471 Jan 5 14:01 dse_index.ldif -rw-------. 1 nobody nobody 377 Jan 5 14:01 dse_instance.ldif -rw-------. 1 nobody nobody 10485760 Jan 5 14:01 log.0000000001 drwx------. 2 nobody nobody 4096 Jan 5 14:01 userRoot Hence VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html |