Bug 1498387
Summary: | 389-ds-base crashed as part of ipa-server-intall in ipa-uuid | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | thierry bordaz <tbordaz> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Michal Reznik <mreznik> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | abokovoy, edewata, enewland, extras-qa, ipa-maint, jhrozek, ksiddiqu, lkrispen, lslebodn, mkosek, mreynolds, mreznik, nhosoi, nkinder, pvoborni, rcritten, rmeggins, slaznick, ssorce, tbordaz, tscherf, vashirov |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.5.4-7.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 1496226 | Environment: | |
Last Closed: | 2018-04-10 16:48:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1496226 | ||
Bug Blocks: |
Description
thierry bordaz
2017-10-04 08:06:03 UTC
This bug was found while investigating https://bugzilla.redhat.com/show_bug.cgi?id=1493965. However it is separated issue and this bug does *not* block #1493965 upstream ticket: https://pagure.io/freeipa/issue/7227 (In reply to thierry bordaz from comment #3) > upstream ticket: https://pagure.io/freeipa/issue/7227 Bug is already fixed in upstream. Is there any change that it will be part of next RHEL release? Because it is a blocker for testing ipa with hardended 389-ds-base(ASAN). The patch is simple and there is no_or_very_low risk about it. So I agree it would be interesting to fix it into next RHEL release, especially because it is nasty bug (access after free) Regarding the status of blocker, IMHO it does not worth. This issue was only reported with ASAN run and is independant of #1493965 (https://bugzilla.redhat.com/show_bug.cgi?id=1498387#c2). Seems that state of this bug was not updated. master: 9345142 389-ds-base crashed as part of ipa-server-intall in ipa-uuid ipa-4-5: 78f9c6a 389-ds-base crashed as part of ipa-server-intall in ipa-uuid ipa-4-6: cb6ac16 389-ds-base crashed as part of ipa-server-intall in ipa-uuid Sanity only on: [root@master ~]# rpm -q ipa-server ipa-server-4.5.4-7.el7.x86_64 [root@master ~]# ipa-server-install -r IPA.TEST -n ipa.test -p 'xxx' -a 'xxx' --setup-dns --forwarder 10.37.170.1 -U ... ... ... [7/7]: configuring ipa-dnskeysyncd to start on boot Done configuring DNS key synchronization service (ipa-dnskeysyncd). Restarting ipa-dnskeysyncd Restarting named Updating DNS system records Configuring client side components Using existing certificate '/etc/ipa/ca.crt'. Client hostname: master.ipa.test Realm: IPA.TEST DNS Domain: ipa.test IPA Server: master.ipa.test BaseDN: dc=ipa,dc=test Skipping synchronizing time with NTP server. New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf trying https://master.ipa.test/ipa/json [try 1]: Forwarding 'schema' to json server 'https://master.ipa.test/ipa/json' trying https://master.ipa.test/ipa/session/json [try 1]: Forwarding 'ping' to json server 'https://master.ipa.test/ipa/session/json' [try 1]: Forwarding 'ca_is_enabled' to json server 'https://master.ipa.test/ipa/session/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub [try 1]: Forwarding 'host_mod' to json server 'https://master.ipa.test/ipa/session/json' SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring ipa.test as NIS domain. Client configuration complete. The ipa-client-install command was successful ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificates stored in /root/cacert.p12 These files are required to create replicas. The password for these files is the Directory Manager password [root@master ~]# [root@master ~]# ipa ping ------------------------------------------- IPA server version 4.5.4. API version 2.228 ------------------------------------------- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0918 |