Bug 1390757
Summary: | automember-rebuild crashes | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Amy Farley <afarley> | |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> | |
Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | high | |||
Version: | 7.2 | CC: | amore, cpelland, cww, frenaud, gparente, ipa-maint, msauton, pasik, pcech, pvoborni, rcritten, tscherf, twoerner | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | All | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.6.5-1.el7 | Doc Type: | Enhancement | |
Doc Text: |
.A command to detect and remove orphaned automember rules has been added to IdM
Automember rules in Identity Management (IdM) can refer to a hostgroup or a group that has been deleted. Previously, the `ipa automember-rebuild` command failed unexpectedly and it was difficult to diagnose the reason of the failure. This enhancement adds `ipa automember-find-orphans` to IdM to IdM to identify and remove such orphaned automember rules.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1638373 1659499 (view as bug list) | Environment: | ||
Last Closed: | 2019-08-06 13:09:02 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1298243, 1638373, 1647919, 1659499 |
Comment 1
Amy Farley
2016-11-01 20:32:42 UTC
Also when there is an automember rule which targets non-existing hostgroup, then adding a host which matches the rulle will also fail with: """ Server is unwilling to perform: Automember Plugin update unexpectedly failed. """ Upstream ticket: https://fedorahosted.org/freeipa/ticket/6476 Reproduction steps: ipa hostgroup-add test ipa automember-add --type hostgroup test ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com test ipa host-add web1.example.com ipa hostgroup-show test ipa automember-rebuild --type hostgroup ipa hostgroup-del test ipa automember-rebuild --type hostgroup ipa: ERROR: Automember rebuild task aborted... You can also reproduce this by creating the automember entry, deleting the hostgroup, then adding a condition. Trying to add a host entry that matches the condition will also fail: [30/May/2018:14:34:22.811521568 -0400] - ERR - auto-membership-plugin - automember_add_member_value - Unable to add "fqdn=web1.example.com,cn=computers,cn=accounts,dc=example,dc=com" as a "member" value to group "cn=test,cn=hostgroups,cn=accounts,dc=example,dc=com" (No such object). [30/May/2018:14:34:22.834836405 -0400] - ERR - auto-membership-plugin - automember_add_member_value - Unable to add "fqdn=web1.example.com,cn=computers,cn=accounts,dc=example,dc=com" as a "member" value to group "cn=test,cn=hostgroups,cn=accounts,dc=example,dc=com" (No such object). I talked to Mark Reynolds about this and suggested that the automembership plugin could reject a delete if its associated host/hostgroup entry exists. Fixed upstream master: https://pagure.io/freeipa/c/7f507519d4acb85c1e8e98bb29e26039751db8ff Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/890b8aa474c4b2248b2b1bcc97412300d5e7bd82 ipa-4-7: https://pagure.io/freeipa/c/67875c3b75ad1af493ff5930f9c5fd5e9797b775 I am sorry, wrong bug. Verified using version : ipa-4.6.5-8.el7 Verified using upstream test automation: TestAutomemberFindOrphans::test_create_deps_for_find_orphans() TestAutomemberFindOrphans::test_find_orphan_automember_rules() Automation exist in: ipatests/test_xmlrpc/test_automember_plugin.py test_create_deps_for_find_orphans() test_find_orphan_automember_rules() Additional verification step : Using : 389-ds-base-1.3.9.1-6.el7.x86_64 ipa-server-4.6.5-8.el7.x86_64 [root@master ~]# ipa hostgroup-add test ---------------------- Added hostgroup "test" ---------------------- Host-group: test [root@master ~]# ipa automember-add --type hostgroup test ---------------------------- Added automember rule "test" ---------------------------- Automember Rule: test [root@master ~]# ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.testrelm\.test test ---------------------------- Added condition(s) to "test" ---------------------------- Automember Rule: test Inclusive Regex: fqdn=^web[1-9]+.testrelm.test ---------------------------- Number of conditions added 1 ---------------------------- [root@master ~]# ipa host-add web9.testrelm.test ------------------------------- Added host "web9.testrelm.test" ------------------------------- Host name: web9.testrelm.test Principal name: host/web9.testrelm.test Principal alias: host/web9.testrelm.test Password: False Member of host-groups: test Indirect Member of netgroup: test Keytab: False Managed by: web9.testrelm.test [root@master ~]# ipa hostgroup-show test Host-group: test Member hosts: web9.testrelm.test [root@master ~]# [root@master ~]# ipa hostgroup-del test ------------------------ Deleted hostgroup "test" ------------------------ [root@master ~]# [root@master ~]# ipa automember-find-orphans Grouping Type: hostgroup --------------- 1 rules matched --------------- Automember Rule: test Inclusive Regex: fqdn=^web[1-9]+.testrelm.test ---------------------------- Number of entries returned 1 ---------------------------- [root@master ~]# [root@master ~]# ipa automember-del --type hostgroup test ------------------------------ Deleted automember rule "test" ------------------------------ [root@master ~]# ipa automember-find-orphans hostgroup Grouping Type: hostgroup --------------- 0 rules matched --------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@master ~]# ipa automember-rebuild --type hostgroup -------------------------------------------------------- Automember rebuild task finished. Processed (2) entries. -------------------------------------------------------- [root@master ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 |