Bug 1186398

Summary: Wrong directories created on full restore
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: drieden, ksiddiqu, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.1.0-17.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:19:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Kosek 2015-01-27 15:39:32 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4865

Doing a full IPA restore on an uninstalled server will not create the correct log directories needed by tomcat.

It will create /var/log/pki-ca and /var/log/pki-ca/signedAudit.

These should be in /var/log/pki/pki-tomcat/ca/
Comment 2 Martin Kosek 2015-01-27 15:59:01 UTC 
Fixed upstream:

master:
c90286cbbc1ab21e185c4d60d3a86142172c47ca Create correct log directories during full restore in ipa-restore

ipa-4-1:
275fb2dcec64d7de48bec9faf16c4551d18c6c42 Create correct log directories during full restore in ipa-restore
Comment 4 Kaleem 2015-01-29 09:25:38 UTC 
Verified as SanityOnly as was not reproducible at my end.

IPA Version:
============
[root@master ~]# rpm -q ipa-server
ipa-server-4.1.0-17.el7.x86_64
[root@master ~]# 

Consolo output:
===============
[root@master ~]# ls -la /var/log/pki/
total 8
drwxr-xr-x.  3 root root   55 Jan 29 17:09 .
drwxr-xr-x. 14 root root 4096 Jan 29 17:09 ..
-rw-r--r--.  1 root root  136 Jan 29 17:09 pki-server-upgrade-10.1.2.log
drwxr-xr-x.  3 root root   20 Jan 29 17:09 server
[root@master ~]#

[root@master ~]# ipa-restore -p xxxxxxxx -U /var/lib/ipa/backup/ipa-full-2015-01-29-16-31-20/
Preparing restore from /var/lib/ipa/backup/ipa-full-2015-01-29-16-31-20/ on master.testrelm.test
Performing FULL restore from FULL backup
Each master will individually need to be re-initialized or
re-created from this one. The replication agreements on
masters running IPA 3.1 or earlier will need to be manually
re-enabled. See the man page for details.
Disabling all replication.
Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory
Stopping IPA services
Restoring files
Systemwide CA database updated.
Starting IPA services
Restarting SSSD
The ipa-restore command was successful
[root@master ~]#

[root@master ~]# ls -la /var/log/pki/
total 58932
drwxr-xr-x.  4 root    root     16384 Jan 29 16:22 .
drwxr-xr-x. 14 root    root      4096 Jan 29 17:13 ..
-rw-rw----.  1 pkiuser pkiuser  60099 Nov 17 22:53 pki-ca-destroy.20141117225332.log
-rw-rw----.  1 pkiuser pkiuser  60099 Nov 18 15:20 pki-ca-destroy.20141118152057.log
..
...
....
-rw-rw----.  1 pkiuser pkiuser 410428 Jan 29 16:23 pki-ca-spawn.20150129162205.log
-rw-r--r--.  1 root    root       854 Nov 27 12:44 pki-server-upgrade-10.1.2.log
drwxrwx---.  3 pkiuser pkiuser   4096 Jan 29 16:22 pki-tomcat
-rw-r--r--.  1 root    root      1410 Nov 27 12:44 pki-upgrade-10.1.2.log
drwxr-xr-x.  3 root    root        20 Nov 21 18:06 server
[root@master ~]#

[root@master ~]# echo xxxxxxxx|kinit admin
Password for admin: 
[root@master ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin

Valid starting       Expires              Service principal
01/29/2015 17:14:31  01/30/2015 17:14:31  krbtgt/TESTRELM.TEST
[root@master ~]#

[root@master ~]# ipa user-find
---------------
2 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 721000000
  GID: 721000000
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: testuser1
  First name: testuser1
  Last name: testuser1
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1
  UID: 721000001
  GID: 721000001
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 2
----------------------------
[root@master ~]#
Comment 6 errata-xmlrpc 2015-03-05 10:19:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html