Bug 1372056
Summary: | pkidestroy may not remove all files | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Matthew Harmsen <mharmsen> | |
Component: | pki-core | Assignee: | Dinesh Prasanth <dmoluguw> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | high | |||
Version: | 7.4 | CC: | edewata, gkapoor, msauton | |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | pki-core-10.5.16-2.el7 | Doc Type: | Enhancement | |
Doc Text: |
.Uninstalling Certificate System no longer removes all log files
Previously, Certificate System removed all corresponding logs when you uninstalled subsystems. With this update, by default, the pkidestroy utility no longer removes the logs. To remove the logs when you uninstall a subsystem, pass the new --remove-logs parameter to pkidestroy. Additionally, this update adds the --force parameter to pkidestroy. Previously, an incomplete installation left some files and directories, which prevented a complete uninstallation of a Certificate System instance. Pass --force to pkidestroy to completely remove a subsystem and all corresponding files of an instance.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1645262 (view as bug list) | Environment: | ||
Last Closed: | 2019-08-06 13:07:17 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1644769 | |||
Bug Blocks: | 1645262 |
Description
Matthew Harmsen
2016-08-31 19:45:04 UTC
mbasti added: Please don't remove logfiles if possible :) Per PKI Bug Council of 08/31/2016: * Consider this bug for a RHEL 7.3 Batch 1 Update Candidate Per PKI Bug Council of 11/29/2016: 10.4 - critical [20171025] - RHEL 7.5 pre-Alpha Offline Triage ==> 7.6 Per RHEL 7.5.z/7.6/8.0 Triage: 7.6 alee: this is related to a previous bug 1458010. Fixing this will help ipa and other installs in cases of install failure. Moved to RHEL 7.7. Verification steps for QE: CASE 1: Normal uninstallation 1. Install CA (and other subsystems, if needed) 2. tree /var/log/pki/ # To verify that logs aren't removed by default 3. Run `pkidestroy -s <subsystem> -i <instance> 4. tree /var/log/pki # Entries must match output from #2 This should uninstall the subsystem (and instance if that's the last subsystem). The logs in /var/log/pki/<instance> will not be removed. Verification steps for QE: CASE 2: Forced uninstallation 1. Install CA (and other subsystems, if needed) 2. Remove a random subsystem dir (eg: rm -rf /var/lib/pki/<instance>/<subsystem>) 3. Run `pkidestroy -s <subsystem> -i <instance>` # This should throw an error 4. Run `pkidestroy --force -s <subsystem> -i <instance>` # This should uninstall the subsystem The logs in /var/log/pki/<instance> will not be removed Verification steps for QE: CASE 3: Normal uninstallation with Removing logs 1. Install CA (and other subsystems, if needed) 2. tree /var/log/pki/ # To verify the logs dir structure 3. Run `pkidestroy --remove-logs -s <subsystem> -i <instance>` 4. tree /var/log/pki # Logs will be removed The resolution of this bug introduces a new bug: https://bugzilla.redhat.com/show_bug.cgi?id=1644769 The changes have been backported (to 10.5) through PR: https://github.com/dogtagpki/pki/pull/93 10_5 branch: ============ The commit that fixes this specific bug: https://github.com/dogtagpki/pki/commit/926c26e10db1b3fde8f24802d7a77419d0f2f28d New change to keep logs by default is introduced by commit: https://github.com/dogtagpki/pki/commit/9e2cdb0b2f5df552ef50ba7883b4c686adec41b3 (In reply to Dinesh Prasanth from comment #10) > Verification steps for QE: > > CASE 3: Normal uninstallation with Removing logs > > 1. Install CA (and other subsystems, if needed) > 2. tree /var/log/pki/ # To verify the logs dir structure > 3. Run `pkidestroy --remove-logs -s <subsystem> -i <instance>` > 4. tree /var/log/pki # Logs will be removed QE team, Just as a note: in this scenario, the *pkispawn* and *pkidestroy* are intentionally preserved for sysadmin's reference. My original reply to z-stream bug: https://bugzilla.redhat.com/show_bug.cgi?id=1645262#c8 # rpm -qa pki* pki-server-10.5.16-2.el7.noarch pki-javadoc-10.5.16-2.el7.noarch pki-tks-10.5.16-2.el7pki.noarch pki-base-java-10.5.16-2.el7.noarch pki-kra-10.5.16-2.el7.noarch pki-symkey-10.5.16-2.el7.x86_64 pki-core-debuginfo-10.5.16-2.el7.x86_64 pki-tps-10.5.16-2.el7pki.x86_64 pki-ocsp-10.5.16-2.el7pki.noarch pki-base-10.5.16-2.el7.noarch pki-tools-10.5.16-2.el7.x86_64 pki-ca-10.5.16-2.el7.noarch pki-console-10.5.16-1.el7pki.noarch Test Case 1 : pkidestroy should display --force and --remove-logs options. # pkidestroy --help usage: pkidestroy [-s <subsystem>] [-h] [-v] [-p <prefix>] [-i <instance>] [-u <security domain user>] [-W <security domain password file>] [--force] [--remove-logs] PKI Instance Removal optional arguments: -s <subsystem> where <subsystem> is CA, KRA, OCSP, TKS, or TPS -h, --help show this help message and exit -v display verbose information (details below) -i <instance> FORMAT: ${pki_instance_name} -u <security domain user> security domain user -W <security domain password file> security domain password file path --force force removal of subsystem --remove-logs remove subsystem logs Test Case 3: pkidestroy -s CA -i rhel77_ca_gkapoor1 --force --remove-logs -vv Above command should delete instance and logs. Test Case 4: There is a known failure when instance is removed and then we try to remove logs. https://bugzilla.redhat.com/show_bug.cgi?id=1698084 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2228 |