Bug 1274470

Summary: ipsilon-server-install uninstall aborted unable to find domain if installed with ipa=no
Product: Red Hat Enterprise Linux 7 Reporter: Scott Poore <spoore>
Component: ipsilonAssignee: Rob Crittenden <rcritten>
Status: CLOSED WONTFIX QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: mkosek, nkinder, puiterwijk
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-23 11:17:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Poore 2015-10-22 19:10:48 UTC 
Description of problem:

I installed an ipsilon IdP server with --ipa=no.  Now, I'm trying to uninstall and I'm seeing an error:

[root@rhel7-2 ~]# ipsilon-server-install --uninstall
Uninstallation initiated
Are you certain you want to erase instance idp [yes/NO]: yes
Removing environment helpers
Removing login managers
Removing Info providers
'domains'
Traceback (most recent call last):
  File "/usr/sbin/ipsilon-server-install", line 438, in <module>
    uninstall(fplugins, opts)
  File "/usr/sbin/ipsilon-server-install", line 274, in uninstall
    if plugin.unconfigure(args, plugin_changes) == False:
  File "/usr/lib/python2.7/site-packages/ipsilon/info/infosssd.py", line 253, in unconfigure
    for domain in changes['domains']:
KeyError: 'domains'
Uninstallation aborted.
See log file /var/log/ipsilon-install.log for details
[root@rhel7-2 ~]# 


Version-Release number of selected component (if applicable):
ipsilon-1.0.0-12.el7.noarch

How reproducible:
always

Steps to Reproduce:
1.  ipsilon-server-install --ipa=no --form=yes
2.  ipsilon-server-install --uninstall

Actual results:
fails as above

Expected results:
uninstalls IDP instance

Additional info:

ipsilon-install.log:
[2015-10-22 14:07:52,510] Installation arguments:
[2015-10-22 14:07:52,510] admin_dburi: None
[2015-10-22 14:07:52,510] admin_user: admin
[2015-10-22 14:07:52,510] cleanup_interval: 30
[2015-10-22 14:07:52,510] config_profile: None
[2015-10-22 14:07:52,510] database_url: sqlite:///%(datadir)s/%(dbname)s.sqlite
[2015-10-22 14:07:52,510] form: no
[2015-10-22 14:07:52,510] form_service: remote
[2015-10-22 14:07:52,510] gssapi: no
[2015-10-22 14:07:52,510] gssapi_httpd_keytab: /etc/httpd/conf/http.keytab
[2015-10-22 14:07:52,510] hostname: rhel7-2.example.com
[2015-10-22 14:07:52,510] info_nss: no
[2015-10-22 14:07:52,510] info_sssd: no
[2015-10-22 14:07:52,510] info_sssd_domain: None
[2015-10-22 14:07:52,510] instance: idp
[2015-10-22 14:07:52,510] ipa: auto
[2015-10-22 14:07:52,510] lm_order: None
[2015-10-22 14:07:52,510] saml2: yes
[2015-10-22 14:07:52,511] saml2_metadata_validity: 1825
[2015-10-22 14:07:52,511] saml2_session_dburl: None
[2015-10-22 14:07:52,511] samlsessions_dburi: None
[2015-10-22 14:07:52,511] secure: yes
[2015-10-22 14:07:52,511] server_debugging: False
[2015-10-22 14:07:52,511] system_user: ipsilon
[2015-10-22 14:07:52,511] testauth: no
[2015-10-22 14:07:52,511] transaction_dburi: None
[2015-10-22 14:07:52,511] uninstall: True
[2015-10-22 14:07:52,511] users_dburi: None
[2015-10-22 14:07:52,511] yes: False
[2015-10-22 14:07:52,511] Uninstallation initiated
[2015-10-22 14:07:53,997] Removing environment helpers
[2015-10-22 14:07:53,997] Removing login managers
[2015-10-22 14:07:53,997] Removing Info providers
[2015-10-22 14:07:54,003] 'domains'
Traceback (most recent call last):
  File "/usr/sbin/ipsilon-server-install", line 438, in <module>
    uninstall(fplugins, opts)
  File "/usr/sbin/ipsilon-server-install", line 274, in uninstall
    if plugin.unconfigure(args, plugin_changes) == False:
  File "/usr/lib/python2.7/site-packages/ipsilon/info/infosssd.py", line 253, in unconfigure
    for domain in changes['domains']:
KeyError: 'domains'
[2015-10-22 14:07:54,003] Uninstallation aborted.
[2015-10-22 14:07:54,003] See log file /var/log/ipsilon-install.log for details
Comment 1 Scott Poore 2015-10-22 19:12:45 UTC 
FYI, it looks like as a workaround, I can re-run install to add options and then re-run uninstall:


[root@rhel7-2 ~]#   ipsilon-server-install --ipa=yes --form=yes --info-sssd=yes
Installation initiated
Installing default config files
Configuring environment helpers
Searching for keytab in: /etc/httpd/conf/http.keytab... Found!
Configuring login managers
Configuring Info provider
Configured SSSD domain example.com
Redirecting to /bin/systemctl restart  sssd.service
Configuring Authentication Providers
Generating a 2048 bit RSA private key
..+++
.....................................................................................................................................................+++
writing new private key to '/var/lib/ipsilon/idp/saml2/idp.key'
-----
Installation complete.
Please restart HTTPD to enable the IdP instance.
[root@rhel7-2 ~]# ipsilon-server-install --uninstall
Uninstallation initiated
Are you certain you want to erase instance idp [yes/NO]: yes
Removing environment helpers
Removing login managers
Removing Info providers
Redirecting to /bin/systemctl restart  sssd.service
Removing Authentication Providers
Removing httpd configuration
Erasing instance configuration
Erasing instance data
Uninstalled instance idp
Uninstallation complete.
Comment 3 Nathan Kinder 2015-11-02 17:02:14 UTC 
Upstream ticket:
https://fedorahosted.org/ipsilon/ticket/199
Comment 5 Martin Kosek 2016-11-23 11:17:25 UTC 
Red Hat Enterprise Linux 7.2 introduced the Ipsilon identity provider service for federated single sign-on (SSO). Subsequently, Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.

Therefore, as mentioned in the RHEL-7.3 Release Notes:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/chap-Red_Hat_Enterprise_Linux-7.3_Release_Notes-Deprecated_Functionality.html
Ipsilon is now obsolete in RHEL and all existing Ipsilon users are recommended to migrate to Red Hat SSO product:
https://access.redhat.com/products/red-hat-single-sign-on
Please approach the Customer Service for advice.

Given above, this Bugzilla is now closed as WONTFIX.