Bug 1309700
Summary: | Process /usr/sbin/winbindd was killed by signal 6 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> | ||||||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 7.2 | CC: | abokovoy, ksiddiqu, mbasti, ohudlick, pholica, pspacek, pvoborni, rcritten, snagar, sumenon, thozza, vanhoof | ||||||||
Target Milestone: | rc | ||||||||||
Target Release: | 7.3 | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | ipa-4.4.0-6.el7 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2016-11-04 05:51:18 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 1359079 | ||||||||||
Attachments: |
|
Description
Sudhir Menon
2016-02-18 14:04:12 UTC
Sorry, but sosreport doesn't have anything useful in it -- no logs, even /var/log/messages is missing, not even talking about /var/log/httpd and /var/log/samba. Is it possible to generate something more useful? Created attachment 1128512 [details]
samba log-1
Created attachment 1128513 [details]
messages
Alexander/Petr, before logging this bug, sbose was having a look at the test system where the crash was seen and he said that. "there was an issue during the ipa-client-install run, the cifs/... principal was not created. This was maybe due to DNS issue because as I tried to start IPA on the host named was not able to start. It looks like the chroot environment is not correct, I fixed this by commenting out the chroot path in /etc/sysconfig/named. Now named start. Please run ipa-adtrust-install again to get the cifs/... principal created" But when I restested the same thing. 1. Found that the crash occured only when the below line was commented in #ROOTDIR=/var/named/chroot' in /etc/named.conf file. This entry is however added by bind-chroot when installed. Manually commenting the option is incorrect and invalid test scenario and which was not done during the test. FreeIPA doesn't use bind-chroot at all and was never tested with it. What drags bind-chroot in? The VM image on which the testing was done had bind-chroot package installed already. Although what i see is that the bind-chroot package is not required by any of ipa packages. May be I should create a pristine image and try to reprduce the issue. Tested this on a pristine RHEL6.8 VM without the bind-chroot package installed and found that the crash is not seen. Upstream ticket: https://fedorahosted.org/freeipa/ticket/5696 We should add conflicts with bind-chroot to spec. I would fix it only on RHEL 7. IPA in 6.8 won't receive any updates unless they are critical or sufficiently justified. Changing to RHEL 7. Fixed upstream: master: 3ab63fa6ba60947b1452c2108c4cf7637f4aacdb spec: add conflict with bind-chroot to freeipa-server-dns ipa-4-3: 2b1b9ad6722e7008a97f09dc4a34019ad250cd4d spec: add conflict with bind-chroot to freeipa-server-dns This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Fix is seen. Verified using ipa-server-4.4.0-2.1.el7.x86_64 Conflicts are now added while installing ipa-server ipa-server-dns with bind-chroot already installed on the box. [root@server ~]# rpm -qa | grep bind-chroot bind-chroot-9.9.4-36.el7.x86_64 [root@server ~]# yum install -y ipa-server ipa-server-dns Loaded plugins: auto-update-debuginfo, langpacks, product-id, search-disabled-repos, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Resolving Dependencies --> Running transaction check ---> Package ipa-server.x86_64 0:4.4.0-2.1.el7 will be installed ---> Package ipa-server-dns.noarch 0:4.4.0-2.1.el7 will be installed --> Processing Conflict: ipa-server-dns-4.4.0-2.1.el7.noarch conflicts bind-chroot --> Finished Dependency Resolution Error: ipa-server-dns conflicts with 32:bind-chroot-9.9.4-36.el7.x86_64 You could try using --skip-broken to work around the problem ** Found 5 pre-existing rpmdb problem(s), 'yum check' output follows: ipa-admintools-4.4.0-2.1.el7.noarch has installed conflicts freeipa-admintools: ipa-admintools-4.4.0-2.1.el7.noarch ipa-client-4.4.0-2.1.el7.x86_64 has installed conflicts freeipa-client: ipa-client-4.4.0-2.1.el7.x86_64 ipa-client-common-4.4.0-2.1.el7.noarch has installed conflicts freeipa-client-common: ipa-client-common-4.4.0-2.1.el7.noarch ipa-common-4.4.0-2.1.el7.noarch has installed conflicts freeipa-common: ipa-common-4.4.0-2.1.el7.noarch ipa-server-common-4.4.0-2.1.el7.noarch has installed conflicts freeipa-server-common: ipa-server-common-4.4.0-2.1.el7.noarch Note: FreeIPA cannot work with BIND in chroot. Requesting release note due to bug 1359079 The conflicts change needs to be documented because it breaks upgrade path. Hi, I am concerned that this is not best solution for fixing the crash. By introducing a new conflict you break upgrade path for customer who have both packages installed (in RHEL7.2) - it could be high number of deployments and it could have negative impact on customer experience (even if documented). Also can you confirm that there are no deployment which would required both components? Asking PM (Siddharth) CEE (Chris) for review and additional feedback Ondrej, Sorry but FreeIPA DNS does not work with bind-chroot at all, so nobody was/is/will be able to have a working configuration where both ipa-server-dns and bind-chroot are installed. > Sorry but FreeIPA DNS does not work with bind-chroot at all, so nobody This incompatibility should be documented but no big concerns there. > was/is/will be able to have a working configuration where both > ipa-server-dns and bind-chroot are installed. There is difference between *installed* and *configured*. Installing bind-chroot doesn't enable the chroot jail => installing bind-chroot should not affect name server function Having ipa-server crash due commented line in bind config file could be symptom of ipa-server bug which could be probably triggered in multiple ways? Again my motivation is to avoid any possible troubles during RHEL7.2->RHEL7.3 update because customers are in general not happy with stability of upgrades. Installing bind-chroot on RHEL-7 does not change any configuration of bind and does not have any effect on how bind is run. The behavior in RHEL-7 is completely different compared to RHEL-6, where we shipped just a single init script and installing bind-chroot actually changed the way how bind is started. In RHEL-7 we ship multiple .service files and installing bind-chroot installs named-chroot.service. Unless you explicitly start this service, you'll be still running regular bind NOT in chroot. In RHEL-7 we actually don't even use the 'ROOTDIR' variable in /etc/sysconfig/named and it is not part of the default configuration. This means the changes that looked like "good" idea for RHEL-6 don't make any sense for RHEL-7. IMO introducing the conflict with bind-chroot package seems like unnecessary and unsystematic. Based on previous comment and after consultation with IDM QE moving to ASSIGNED Fixed upstream master: https://fedorahosted.org/freeipa/changeset/96db47cfa516911741dd7942509b0a94551dbace ipa-4-3: https://fedorahosted.org/freeipa/changeset/56695d969325cb2cb754d0ea549c5b6face89c6f Fix is seen. ipa-server and ipa-server-trust-ad rpm gets installed even with bind-chroot installed on the box. [root@master ~]# rpm -qa | grep bind-chroot bind-chroot-9.9.4-36.el7.x86_64 [root@master ~]# yum install -y ipa-server ipa-server-trust-ad Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager --> Running transaction check ---> Package ipa-server.x86_64 0:4.4.0-6.el7 will be installed ---> Package ipa-server-trust-ad.x86_64 0:4.4.0-6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: ipa-server x86_64 4.4.0-6.el7 rhel73 423 k ipa-server-trust-ad x86_64 4.4.0-6.el7 rhel73 191 k Transaction Summary ================================================================================ Install 2 Packages Total download size: 614 k Installed size: 1.2 M Downloading packages: ipa-server-4.4.0-6.el7.x86_64.rpm 423 kB 00:00:01 ipa-server-trust-ad-4.4.0-6.el7.x86_64.rpm | 191 kB 00:00:01 -------------------------------------------------------------------------------- Total 145 kB/s | 614 kB 00:00:04 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : ipa-server-4.4.0-6.el7.x86_64 1/2 Installing : ipa-server-trust-ad-4.4.0-6.el7.x86_64 2/2 Verifying : ipa-server-trust-ad-4.4.0-6.el7.x86_64 1/2 Verifying : ipa-server-4.4.0-6.el7.x86_64 2/2 Installed: ipa-server.x86_64 0:4.4.0-6.el7 ipa-server-trust-ad.x86_64 0:4.4.0-6.el7 Complete! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |