Bug 1217015

Summary: remove-ds-admin.pl removes files in the rpm
Product: Red Hat Directory Server Reporter: Amita Sharma <amsharma>
Component: AdminAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 10.0CC: amsharma, nhosoi
Target Milestone: DS10.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-admin-1.1.40-1.el7dsrv Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1229325 1229445 (view as bug list) Environment:
Last Closed: 2015-06-12 01:04:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1229325, 1229445    

Description Amita Sharma 2015-04-29 12:19:27 UTC 
Description of problem:
setup-ds-admin.pl gives an error - NMC_ErrInfo: Cannot open file  for reading

Version-Release number of selected component (if applicable):

[root@dhcp201-126 admin-serv]# rpm -qa | grep 389
389-ds-base-libs-1.3.3.1-13.el7.x86_64
389-adminutil-devel-1.1.22-1.el7dsrv.x86_64
389-ds-console-1.2.12-1.el7dsrv.noarch
389-console-1.1.8-1.el7dsrv.noarch
389-adminutil-1.1.22-1.el7dsrv.x86_64
389-ds-base-devel-1.3.3.1-13.el7.x86_64
389-admin-1.1.39-1.el7dsrv.x86_64
389-admin-console-doc-1.1.10-1.el7dsrv.noarch
389-ds-base-debuginfo-1.3.3.1-11.el7.x86_64
389-admin-console-1.1.10-1.el7dsrv.noarch
389-adminutil-debuginfo-1.1.22-1.el7dsrv.x86_64
389-ds-base-1.3.3.1-13.el7.x86_64
389-admin-debuginfo-1.1.39-1.el7dsrv.x86_64
389-ds-console-doc-1.2.12-1.el7dsrv.noarch

How reproducible:
Some time, specially if remove-ds-admin.pl is not able to clean instances properly.

Steps to Reproduce:
1. remove-ds-admin.pl -f -a -y
2. setup-ds-admin.pl
3. you will get an error ::
NMC_Status: 1
NMC_ErrType: 
NMC_ErrInfo: Cannot open file  for reading
Could not update the httpd engine configuration.
Failed to create and configure the admin server
Exiting . . .
Log file is '/tmp/setupHX_GzO.log'

Additional Info ::
PFA for the full logs.
Comment 1 Amita Sharma 2015-04-29 12:20:31 UTC 
NOTE :: I am facing this issue after the new build of admin-util i.e. 389-adminutil-1.1.22-1.el7dsrv.x86_64
Comment 2 Viktor Ashirov 2015-04-29 12:44:49 UTC 
remove-ds-admin.pl removes config files that were installed from rpm.

[root@dhcp201-126 ~]# remove-ds-admin.pl -a -y -d -f
The following errors occurred during removal of M1:
Error: could not find directory server configuration directory 'slapd-M1'.  Error: No such file or directory
Error: could not remove directory server M1
+Successfully stopped admin server
ValueError: Port tcp/9830 is not defined
+selinux boolean httpd_can_connect_ldap is already off - httpd_can_connect_ldap --> off
+removing file /etc/dirsrv/admin-serv/adm.conf
+removing file /etc/dirsrv/admin-serv/admpw
+removing file /etc/dirsrv/admin-serv/local.conf
+removing file /etc/dirsrv/admin-serv/secmod.db
+removing file /etc/dirsrv/admin-serv/cert8.db
+removing file /etc/dirsrv/admin-serv/key3.db
+removing file /etc/dirsrv/admin-serv/admserv.conf
+removing file /etc/dirsrv/admin-serv/console.conf
+removing file /etc/dirsrv/admin-serv/httpd.conf
+removing file /etc/dirsrv/admin-serv/nss.conf
Removed admin server and all directory server instances
[root@dhcp201-126 ~]# ls /etc/dirsrv/admin-serv/ -la
total 4
drwx------. 2 nobody root      6 Apr 29 17:56 .
drwxrwxr-x. 7 root   nobody 4096 Apr 29 17:56 ..

At this point, if we try to install admin server, it will fail, because it couldn't find config files

After reinstallation of 389-admin, config files are in place:
[root@dhcp201-126 ~]# ls /etc/dirsrv/admin-serv/ -la
total 52
drwx------. 2 nobody root      76 Apr 29 18:04 .
drwxrwxr-x. 7 root   nobody  4096 Apr 29 17:56 ..
-rw-r--r--. 1 root   root    3936 Apr 25 11:06 admserv.conf
-rw-r--r--. 1 root   root    4466 Apr 25 11:06 console.conf
-rw-r--r--. 1 root   root   26738 Apr 25 11:06 httpd.conf
-rw-r--r--. 1 root   root    4505 Apr 25 11:06 nss.conf

and installation of admin-server succeeds.
Comment 3 Rich Megginson 2015-04-29 14:31:03 UTC 
Should we change the summary of this bug to be "remove-ds-admin.pl removes files in the rpm"?
Comment 4 Noriko Hosoi 2015-04-29 19:38:19 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/48171
Comment 5 Noriko Hosoi 2015-04-30 05:40:43 UTC 
Could you find out what is the cause of this error?
> setup-ds-admin.pl gives an error - NMC_ErrInfo: Cannot open file  for reading

This error is returned if "configdir/file" is not accessible (missing, permission problem, or ...?).

A utility function util_find_file_in_paths in admin server is not so smart that it returns an empty string if "configdir/file" is not accessible. :(

The caller read_conf/update_conf logs the empty string instead of the original configdir/file although they have the info... :( :(

Anyway, once it happens setup-ds-admin.pl quits there without creating the config file backups.

remove-ds-admin.pl expects the backups are in configdir/bakup.  If they are there, remove-ds-admin.pl removes the config files then restore the original ones.  If backup files are not found, just files are removed.

So, probably, we should move the backup code to the place before the error occurs?

See DS #48171 for the patch.
================================================================
# remove-ds-admin.pl -f -y [-a] -d  ## Note: -a does not matter.
   ...
# rpm -V 389-admin
.M...U...    /etc/dirsrv/admin-serv
missing   c /etc/dirsrv/admin-serv/admserv.conf
missing   c /etc/dirsrv/admin-serv/console.conf
missing   c /etc/dirsrv/admin-serv/httpd.conf
missing   c /etc/dirsrv/admin-serv/nss.conf
.M....G..    /usr/lib64/dirsrv
Comment 7 Amita Sharma 2015-05-12 08:07:10 UTC 
This is working fine ::
om, ou=englab.pnq.redhat.com, o=NetscapeRoot is added
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
+Content-type: text/html

NMC_Status: 0
+setsebool -P httpd_can_connect_ldap on was successful
Starting admin server . . .
The admin server was successfully started.
+Changing the owner of /var/log/dirsrv/admin-serv/access to (99, 99)
+Changing the owner of /var/log/dirsrv/admin-serv/error to (99, 99)
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupSyHU7L.log'

[root@dhcp201-126 export]# rpm -qa | grep 389
389-ds-base-libs-1.3.3.1-13.el7.x86_64
389-adminutil-devel-1.1.22-1.el7dsrv.x86_64
389-admin-console-1.1.10-1.el7dsrv.noarch
389-admin-1.1.40-1.el7dsrv.x86_64
389-ds-base-debuginfo-1.3.3.1-13.el7.x86_64
389-admin-console-doc-1.1.10-1.el7dsrv.noarch
389-ds-base-1.3.3.1-13.el7.x86_64
389-ds-console-doc-1.2.12-1.el7dsrv.noarch
389-adminutil-debuginfo-1.1.22-1.el7dsrv.x86_64
389-ds-console-1.2.12-1.el7dsrv.noarch
389-adminutil-1.1.22-1.el7dsrv.x86_64
389-ds-base-devel-1.3.3.1-13.el7.x86_64
389-admin-debuginfo-1.1.39-1.el7dsrv.x86_64
389-console-1.1.8-1.el7dsrv.noarch
Comment 8 Viktor Ashirov 2015-06-05 09:01:19 UTC 
Reopening this bug.
If remove-ds-admin.pl is executed without installed admin server, it will remove these files.

[root@rhel7ds ~]# ls -a /etc/dirsrv/admin-serv/
.  ..  admserv.conf  console.conf  httpd.conf  nss.conf
[root@rhel7ds ~]# remove-ds-admin.pl -a -y -d -f
+Successfully stopped admin server
ValueError: Port tcp/9830 is not defined
+selinux boolean httpd_can_connect_ldap is already off - httpd_can_connect_ldap --> off
+Warning: Could not remove directory /var/log/dirsrv/admin-serv: No such file or directory
+removing file /etc/dirsrv/admin-serv/admserv.conf
+removing file /etc/dirsrv/admin-serv/httpd.conf
+removing file /etc/dirsrv/admin-serv/nss.conf
+removing file /etc/dirsrv/admin-serv/console.conf
Removed admin server and all directory server instances
[root@rhel7ds ~]# ls -a /etc/dirsrv/admin-serv/
.  ..
[root@rhel7ds ~]#
Comment 9 Noriko Hosoi 2015-06-08 18:53:31 UTC 
(In reply to Viktor Ashirov from comment #8)
> Reopening this bug.
> If remove-ds-admin.pl is executed without installed admin server, it will
> remove these files.
> 
> [root@rhel7ds ~]# ls -a /etc/dirsrv/admin-serv/
> .  ..  admserv.conf  console.conf  httpd.conf  nss.conf
> [root@rhel7ds ~]# remove-ds-admin.pl -a -y -d -f
> +Successfully stopped admin server
> ValueError: Port tcp/9830 is not defined
> +selinux boolean httpd_can_connect_ldap is already off -
> httpd_can_connect_ldap --> off
> +Warning: Could not remove directory /var/log/dirsrv/admin-serv: No such
> file or directory
> +removing file /etc/dirsrv/admin-serv/admserv.conf
> +removing file /etc/dirsrv/admin-serv/httpd.conf
> +removing file /etc/dirsrv/admin-serv/nss.conf
> +removing file /etc/dirsrv/admin-serv/console.conf
> Removed admin server and all directory server instances
> [root@rhel7ds ~]# ls -a /etc/dirsrv/admin-serv/
> .  ..
> [root@rhel7ds ~]#

Ah, I see.  That makes sense since there is no backups created...

Unfortunately, these conf files are directly installed in /etc/dirsrv/admin-serv dir.
# rpm -ql 389-admin | egrep "\.conf"
/etc/dirsrv/admin-serv/admserv.conf
/etc/dirsrv/admin-serv/console.conf
/etc/dirsrv/admin-serv/httpd.conf

Running yum reinstall 389-admin should be able to recover the files.  We have to file this in the known issue list.
Comment 10 Noriko Hosoi 2015-06-08 19:22:28 UTC 
The case described in comment 8 is being added to the known issue list.

Can we go back to "VERIFIED" again?
Comment 11 Viktor Ashirov 2015-06-09 08:48:39 UTC 
Marking as VERIFIED.
Comment 13 errata-xmlrpc 2015-06-12 01:04:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:1094