Bug 1353927

Summary: pkispawn calls dnsdomainname even if it does not rpm-require hostname
Product: Red Hat Enterprise Linux 7 Reporter: Jan Pazdziora (Red Hat) <jpazdziora>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: mharmsen, ssidhaye
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-10.3.3-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 05:26:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Pazdziora (Red Hat) 2016-07-08 12:37:46 UTC 
Description of problem:

Running ipa-server-install in container / on minimal installation fails with

  [2/31]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpD4KOGu' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Version-Release number of selected component (if applicable):

pki-server-10.3.3-3.el7.noarch

How reproducible:

Deterministic.

Steps to Reproduce:
1. Run ipa-server-install on system / in container where package hostname is not installed.

Actual results:

ipa-server-install fails.

In the ipaserver-install.log, there is

2016-07-08T12:30:43Z DEBUG Starting external process
2016-07-08T12:30:43Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpD4KOGu
2016-07-08T12:30:43Z DEBUG Process finished, return code=1
2016-07-08T12:30:43Z DEBUG stdout=
2016-07-08T12:30:43Z DEBUG stderr=Traceback (most recent call last):
  File "/usr/sbin/pkispawn", line 802, in <module>
    main(sys.argv)
  File "/usr/sbin/pkispawn", line 92, in main
    dnsdomainname = subprocess.check_output(["dnsdomainname"])
  File "/usr/lib64/python2.7/subprocess.py", line 568, in check_output
    process = Popen(stdout=PIPE, *popenargs, **kwargs)
  File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1327, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

2016-07-08T12:30:43Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpD4KOGu' returned non-zero exit status 1
2016-07-08T12:30:43Z CRITICAL See the installation logs and the following files/directories for more information:
2016-07-08T12:30:43Z CRITICAL   /var/log/pki/pki-tomcat
2016-07-08T12:30:43Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation

Expected results:

If pkispawn calls dnsdomainname unconditionally, it should require rpm to get it installed.

Additional info:
Comment 2 Matthew Harmsen 2016-07-11 15:50:21 UTC 
Upstream ticket:
https://fedorahosted.org/pki/ticket/2401
Comment 3 Matthew Harmsen 2016-07-11 18:50:13 UTC 
Checked into 'master':
* 74182c05460e19c7b9aeb3fadb13f0135e33a58a
Comment 5 Sumedh Sidhaye 2016-08-22 05:11:30 UTC 
hostname package has been added to the dependency list for pki-core.

Here is the deplist for older pki-server:

[root@ssidhaye-pki-tests-devel ~]# yum deplist pki-server
Loaded plugins: langpacks, search-disabled-repos
Repository RHCS9 is listed more than once in the configuration
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
package: pki-server.noarch 10.2.6-12.el7pki
  dependency: /bin/bash
   provider: bash.x86_64 4.2.46-19.el7
  dependency: /bin/sh
   provider: bash.x86_64 4.2.46-19.el7
  dependency: /usr/bin/python
   provider: python.x86_64 2.7.5-34.el7
  dependency: java-headless >= 1:1.7.0
   provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.65-3.b17.el7
   provider: java-1.7.0-openjdk-headless.x86_64 1:1.7.0.91-2.6.2.3.el7
  dependency: net-tools
   provider: net-tools.x86_64 2.0-0.17.20131004git.el7
  dependency: nuxwdog-client-java >= 1.0.1-11
   provider: nuxwdog-client-java.x86_64 1.0.3-2.el7
  dependency: openldap-clients
   provider: openldap-clients.x86_64 2.4.40-8.el7
  dependency: pki-base = 10.2.6-12.el7pki
   provider: pki-base.noarch 10.2.6-12.el7pki
  dependency: pki-tools = 10.2.6-12.el7pki
   provider: pki-tools.x86_64 10.2.6-12.el7pki
  dependency: policycoreutils
   provider: policycoreutils.x86_64 2.2.5-20.el7
  dependency: policycoreutils-python
   provider: policycoreutils-python.x86_64 2.2.5-20.el7
  dependency: python(abi) = 2.7
   provider: python.x86_64 2.7.5-34.el7
  dependency: selinux-policy-targeted >= 3.12.1-153
   provider: selinux-policy-targeted.noarch 3.13.1-60.el7
  dependency: shadow-utils
   provider: shadow-utils.x86_64 2:4.1.5.1-18.el7
  dependency: systemd-units
   provider: systemd.x86_64 219-19.el7
  dependency: tomcat >= 7.0.54
   provider: tomcat.noarch 7.0.54-2.el7_1
  dependency: tomcatjss >= 7.1.0-6
   provider: tomcatjss.noarch 7.1.2-1.el7
  dependency: velocity
   provider: velocity.noarch 1.7-10.el7

Here is the deplist for latest pki-server:

[root@auto-hv-02-guest01 ~]# yum deplist pki-server
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
package: pki-server.noarch 10.3.3-5.el7
  dependency: /bin/sh
   provider: bash.x86_64 4.2.46-20.el7_2
  dependency: /usr/bin/python
   provider: python.x86_64 2.7.5-48.el7
  dependency: hostname
   provider: hostname.x86_64 3.13-3.el7
  dependency: java-1.8.0-openjdk-headless
   provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.102-0.b14.el7
  dependency: net-tools
   provider: net-tools.x86_64 2.0-0.17.20131004git.el7
  dependency: nuxwdog-client-java >= 1.0.1-11
   provider: nuxwdog-client-java.x86_64 1.0.3-5.el7
  dependency: openldap-clients
   provider: openldap-clients.x86_64 2.4.40-12.el7
  dependency: pki-base = 10.3.3-5.el7
   provider: pki-base.noarch 10.3.3-5.el7
  dependency: pki-base-java = 10.3.3-5.el7
   provider: pki-base-java.noarch 10.3.3-5.el7
  dependency: pki-tools = 10.3.3-5.el7
   provider: pki-tools.x86_64 10.3.3-5.el7
  dependency: policycoreutils
   provider: policycoreutils.x86_64 2.5-6.2.el7
  dependency: policycoreutils-python
   provider: policycoreutils-python.x86_64 2.5-6.2.el7
  dependency: python(abi) = 2.7
   provider: python.x86_64 2.7.5-48.el7
  dependency: python-ldap
   provider: python-ldap.x86_64 2.4.15-2.el7
  dependency: python-lxml
   provider: python-lxml.x86_64 3.2.1-4.el7
  dependency: selinux-policy-targeted >= 3.12.1-153
   provider: selinux-policy-targeted.noarch 3.13.1-93.el7
  dependency: shadow-utils
   provider: shadow-utils.x86_64 2:4.1.5.1-24.el7
  dependency: systemd-units
   provider: systemd.x86_64 219-26.el7
  dependency: tomcat >= 7.0.69
   provider: tomcat.noarch 7.0.69-8.el7
  dependency: tomcatjss >= 7.1.2-2
   provider: tomcatjss.noarch 7.1.2-3.el7
  dependency: velocity
   provider: velocity.noarch 1.7-10.el7
[root@auto-hv-02-guest01 ~]#

Hence marking this as verified.
Comment 7 errata-xmlrpc 2016-11-04 05:26:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html