Bug 1729622

Summary: pkidestroy is not working as expected when used with --force and --remove-logs
Product: Red Hat Enterprise Linux 7 Reporter: Matthew Harmsen <mharmsen>
Component: pki-coreAssignee: Dinesh Prasanth <dmoluguw>
Status: CLOSED ERRATA QA Contact: PKI QE <bugzilla-pkiqe>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.8CC: aakkiang, dmoluguw, gkapoor, mharmsen
Target Milestone: rcKeywords: TestCaseProvided
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-10.5.17-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: While executing `pkidestroy` with `--force` option on a half-removed instance, the `pki-tomcat` instance was being picked regardless of the instance name provided via `-i <instance>` option. Consequence: The bug caused removal of `pki-tomcat` instance even though it was not desired by the user Fix: The fix now picksup the right instance name and removes only the intended instance. Result: pkidestroy executes more unambiguously and removes only the intended instance's leftovers.
 Story Points: ---
Clone Of: 1698084 Environment:
Last Closed: 2020-03-31 19:53:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1698084    
Bug Blocks:    

Comment 2 Dinesh Prasanth 2019-07-25 21:19:01 UTC 
Adding this comment for (my) reference:

Though the patch [1] is for master (10.7 while submitting), once reviewed will need to be backported.

The initial patch review was done by Endi and he wanted to discuss with Ade lee to convert SElinux context removal from transactional to non-transactional model. I have personally tried in my dev machine and there was no difference.

[1] https://github.com/dogtagpki/pki/pull/231
Comment 3 Dinesh Prasanth 2019-08-03 18:55:15 UTC 
Fixed via the following commit:

commit f466ea6fefc44f319573febb7c71e3329a331036 (HEAD -> DOGTAG_10_5_BRANCH, upstream/pkidestroy_force_backport, upstream/DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, internal/DOGTAG_10_5_BRANCH, pkidestroy_force_backport)
Author: Dinesh Prasanth M K <dmoluguw>
Date:   Sat Aug 3 13:15:21 2019 -0400

    Fix 'pkidestroy --force' to pickup correct instance name
    
    - When `pkidestroy --force` was executed with a non-existant non-default
      instance, it should not pickup `pki-tomcat` as the default instance
    
    - The commit adds an additional check to remove selinux contexts
      iff the context exists. Otherwise, it skips them. This is
      necessary to accommodate the `--force` option to pkidestroy
    
    NOTE: This commit is a modified backport of PR #231
    
    Resolves: BZ#1729622
    
    Signed-off-by: Dinesh Prasanth M K <dmoluguw>


GH Commit URL: https://github.com/dogtagpki/pki/commit/f466ea6fefc44f319573febb7c71e3329a331036
Comment 4 Dinesh Prasanth 2019-08-03 19:07:00 UTC 
Test case 1:
============
pkidestroy -v -s CA -i <nonexistant instance> --force



Test Case 2:
============

pkidestroy -v -s CA -i <nonexistant instance> --force --remove-logs

*NOTE:* Ensure to have some left over logs in /var/log/pki/<nonexistant instance> to test this
Comment 6 Geetika Kapoor 2019-11-12 08:50:14 UTC 
Test Cases :

1. When instance doesn't exist 

# pkidestroy -s CA -i pki-kra --force --remove-logs
Log file: /var/log/pki/pki-ca-destroy.20191112034519.log
Uninstalling CA from /var/lib/pki/pki-kra.
pkidestroy  : ERROR    ....... PKI subsystem 'CA' for instance 'pki-kra' does NOT exist!
pkidestroy  : ERROR    OSError:  PKI subsystem 'CA' for instance 'pki-kra' does NOT exist!!


2. When instance doesn't exist and we see ERROR , I think it should exist at that point instead of going further.

# pkidestroy -s CA -i pki-tomcat23!  --remove-logs --force
Log file: /var/log/pki/pki-ca-destroy.20191112034841.log
Uninstalling CA from /var/lib/pki/pki-tomcat23!.
pkidestroy  : ERROR    ....... PKI subsystem 'CA' for instance 'pki-tomcat23!' does NOT exist!
pkidestroy  : ERROR    OSError:  PKI subsystem 'CA' for instance 'pki-tomcat23!' does NOT exist!!
Failed to stop pki-tomcatd@pki-tomcat23!.service: Unit name pki-tomcatd@pki-tomcat23!.service is not valid.
See system logs and 'systemctl status pki-tomcatd@pki-tomcat23!.service' for details.
pkidestroy  : ERROR    ....... subprocess.CalledProcessError:  Command '['systemctl', 'stop', 'pki-tomcatd@pki-tomcat23!.service']' returned non-zero exit status 1!

Uninstallation failed: Command failed: systemctl stop pki-tomcatd@pki-tomcat23!.service
Comment 8 errata-xmlrpc 2020-03-31 19:53:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1078