Bug 1175326

Summary: ipa-restore proceed even IPA not configured
Product: Red Hat Enterprise Linux 7 Reporter: Kaleem <ksiddiqu>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.1CC: jcholast, lmiksik, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.1.0-14.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:19:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kaleem 2014-12-17 13:53:04 UTC 
Description of problem:
Tried to run ipa-restore when IPA not configured.
ipa-restore proceeds without error message that IPA not configured and fails.

[root@dhcp207-1 ~]# ipa-server-install --uninstall -U
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Unconfiguring CA
Unconfiguring named
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
[root@dhcp207-1 ~]# ipa-restore -p xxxxxxxx /var/lib/ipa/backup/ipa-full-2014-12-17-21-53-01/ -U
Preparing restore from /var/lib/ipa/backup/ipa-full-2014-12-17-21-53-01/ on dhcp207-1.testrelm.test
Each master will individually need to be re-initialized or
re-created from this one. The replication agreements on
masters running IPA 3.1 or earlier will need to be manually
re-enabled. See the man page for details.
Disabling all replication.
Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory
Stopping IPA services
[Errno 2] No such file or directory: '/etc/dirsrv/slapd-EXAMPLE-COM'
[root@dhcp207-1 ~]# 

Expecting that ipa-restore should not proceed if IPA not configured and should throw following error message

"IPA is not configured on this system" like seen in case of backup

[root@dhcp207-1 ~]# ipa-backup --logs
IPA is not configured on this system.
[root@dhcp207-1 ~]#

Version-Release number of selected component (if applicable):
[root@dhcp207-1 ~]# rpm -q ipa-server
ipa-server-4.1.0-12.el7.x86_64
[root@dhcp207-1 ~]# 

How reproducible:
Always

Steps to Reproduce:
1. Install IPA server 
2. Take a full backup
3. Un-install IPA
4. Run ipa-restore pointing to backup of step(2)

Actual results:
ipa-restore proceeds without throwing error message

Expected results:
ipa-restore not proceed and should throw following error message 

"IPA is not configured on this system."
Comment 2 Martin Kosek 2015-01-05 16:14:28 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4824
Comment 3 Jan Cholasta 2015-01-13 16:30:23 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/abcbe271d5e022ac805b448c85ebe4790bae7fb1
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/a98bc2381b7152c7076223e6bd36a1411fa850eb
Comment 5 Kaleem 2015-01-16 11:10:38 UTC 
Verified.

IPA Version:
============
[root@dhcp207-214 ~]# rpm -q ipa-server
ipa-server-4.1.0-15.el7.x86_64
[root@dhcp207-214 ~]# 

As per http://www.freeipa.org/page/V3/Backup_and_Restore#Catastrophic_hardware_failure_on_a_machine.

Restore should proceed even if IPA not configured.

[root@dhcp207-214 ~]# ipa-restore -p xxxxxxxx /var/lib/ipa/backup/ipa-full-2015-01-16-14-20-47/ -U
Preparing restore from /var/lib/ipa/backup/ipa-full-2015-01-16-14-20-47/ on dhcp207-214.testrelm.test
Performing FULL restore from FULL backup
Each master will individually need to be re-initialized or
re-created from this one. The replication agreements on
masters running IPA 3.1 or earlier will need to be manually
re-enabled. See the man page for details.
Disabling all replication.
Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory
Stopping IPA services
Restoring files
Systemwide CA database updated.
Starting IPA services
Restarting SSSD
The ipa-restore command was successful
[root@dhcp207-214 ~]# echo $?
0
[root@dhcp207-214 ~]# 

For better error message instead of above error message "Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory", following upstream tkt filed.

https://fedorahosted.org/freeipa/ticket/4838
Comment 7 errata-xmlrpc 2015-03-05 10:19:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html