Bug 1205660

Summary: ipa-client rpm should require keyutils
Product: Red Hat Enterprise Linux 6 Reporter: Martin Kosek <mkosek>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.7CC: dpal, eminguez, nsoman, pvoborni, rcritten, spoore, xdong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-45.el6 Doc Type: Bug Fix
Doc Text:
Do not document
 Story Points: ---
Clone Of: 986848 Environment:
Last Closed: 2015-07-22 07:39:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 986848    
Bug Blocks:    

Description Martin Kosek 2015-03-25 12:33:03 UTC 
+++ This bug was initially created as a clone of Bug #986848 +++

Description of problem:
RHEL6.0 + RHEL6.4 ipa-client packages doesn't install keyctl and ipa-client install will fail like this:

...
Configured /etc/krb5.conf for IPA realm IDM.LVTC.GSNET.CORP
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 2323, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 2309, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 2086, in install
    delete_persistent_client_session_data(host_principal)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in delete_persistent_client_session_data
    kernel_keyring.del_key(keyname)
  File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 99, in del_key
    real_key = get_real_key(key)
  File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 45, in get_real_key
    (stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, key], raiseonerr=False)
  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 295, in run
    close_fds=True, env=env, cwd=cwd)
  File "/usr/lib64/python2.6/subprocess.py", line 639, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.6/subprocess.py", line 1228, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
...

[root@vmlbcipacl60 ~]# whereis keyctl
keyctl: /usr/share/man/man2/keyctl.2.gz
[root@vmlbcipacl60 ~]# rpm -qf /bin/keyctl
error: file /bin/keyctl: No such file or directory
[root@vmlbcipacl60 ~]# rpm -qa | grep -i keyutils
keyutils-libs-1.4-1.el6.x86_64

Version-Release number of selected component (if applicable):
ipa-client-3.0.0-26.el6_4.2.x86_64.rpm

How reproducible:
Try to enroll a RHEL6.0 client with the latest ipa-client packages

Steps to Reproduce:
1. Install RHEL6.0
2. Install ipa-client from RHEL6.4
3. ipa-client-install will fail

Actual results:
ipa-client-install fails:

...
Configured /etc/krb5.conf for IPA realm IDM.LVTC.GSNET.CORP
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 2323, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 2309, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 2086, in install
    delete_persistent_client_session_data(host_principal)
  File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 124, in delete_persistent_client_session_data
    kernel_keyring.del_key(keyname)
  File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 99, in del_key
    real_key = get_real_key(key)
  File "/usr/lib/python2.6/site-packages/ipapython/kernel_keyring.py", line 45, in get_real_key
    (stdout, stderr, rc) = run(['keyctl', 'search', KEYRING, KEYTYPE, key], raiseonerr=False)
  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 295, in run
    close_fds=True, env=env, cwd=cwd)
  File "/usr/lib64/python2.6/subprocess.py", line 639, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.6/subprocess.py", line 1228, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
...

Expected results:
ipa-client-install enroll the client fine

Additional info:
Comment 1 Martin Kosek 2015-03-25 12:33:53 UTC 
Related freeipa-users thread:
https://www.redhat.com/archives/freeipa-users/2015-March/msg00729.html

This is a simple fix, we should do it rather sooner than later.
Comment 5 Xiyang Dong 2015-03-30 16:43:37 UTC 
Thanks Petr.
Verified on ipa-client-3.0.0-45.el6.x86_64:

[root@idm-qe-03 yum.repos.d]# rpm -e keyutils
error: Failed dependencies:
	keyutils >= 1.4-4 is needed by (installed) nfs-utils-1:1.2.3-58.el6.x86_64
	keyutils is needed by (installed) ipa-python-3.0.0-45.el6.x86_64
Comment 7 errata-xmlrpc 2015-07-22 07:39:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1462.html