Bug 1477870
Summary: | IPA Installation fails when kdcproxy user is not present | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Abhijeet Kasurde <akasurde> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED NOTABUG | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | pvoborni, rcritten, slaznick, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-09-05 16:40:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Abhijeet Kasurde
2017-08-03 06:18:19 UTC
# id kdcproxy uid=386(kdcproxy) gid=385(kdcproxy) groups=385(kdcproxy) # userdel kdcproxy # rpm -e ipa-server ipa-server-dns # id kdcproxy id: kdcproxy: no such user # yum install -y ipa-server ipa-server-dns ---snipped--- Warning: RPMDB altered outside of yum. Installing : ipa-server-4.5.0-21.el7_4.1.x86_64 1/2 Installing : ipa-server-dns-4.5.0-21.el7_4.1.noarch 2/2 Verifying : ipa-server-4.5.0-21.el7_4.1.x86_64 1/2 Verifying : ipa-server-dns-4.5.0-21.el7_4.1.noarch 2/2 Installed: ipa-server.x86_64 0:4.5.0-21.el7_4.1 ipa-server-dns.noarch 0:4.5.0-21.el7_4.1 Complete! # id kdcproxy uid=386(kdcproxy) gid=385(kdcproxy) groups=385(kdcproxy) If user kdcproxy is added, installation succeeds successfully. Upstream ticket: https://pagure.io/freeipa/issue/7101 Why would you remove the kdcproxy user? (In reply to Stanislav Laznicka from comment #4) > Why would you remove the kdcproxy user? This is part of negative testcase. Imagine, if kdcproxy user is deleted by system administrator then installation would fail and there is no way to find why installation failed. (In reply to Abhijeet Kasurde from comment #5) > (In reply to Stanislav Laznicka from comment #4) > > Why would you remove the kdcproxy user? > > This is part of negative testcase. Imagine, if kdcproxy user is deleted by > system administrator then installation would fail and there is no way to > find why installation failed. You can just as well do, e.g. `# chmod 006 /usr/libexec/ipa/certmonger/renew_ra_cert` and be surprised that RA cert renewal is not working. You can also remove the kdcproxy user at any time FreeIPA is installed and the service restart would probably fail just as well. You can remove the ipaapi user at any time IPA is installed and everything will go to ruins. So no, I don't think this is a valid testcase. Also, I removed the private tag of your comment, we are having an open discussion here, please, keep it that way. That chmod in comment 6 is probably a bad example, but you get the picture. One thing to note here - you can make this invalid testcase into a valid one by removing the kdcproxy user before you install the ipa packages, but definitely not after you install them. In that case, however, the installation won't (shouldn't) fail for you. Thus closing this as NOTABUG. I totally disagree with this as I feel you can not predict/assume/force user environment. Least thing we can do is to check if kdcproxy user exists or not and depending upon that perform some action. Giving traceback is not good thing. |