Bug 1909876

Summary: ipa uninstall fails when dns not installed
Product: Red Hat Enterprise Linux 8 Reporter: Scott Poore <spoore>
Component: ipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: abokovoy, frenaud, ksiddiqu, myusuf, pasik, pvoborni, rcritten, ssidhaye, tscherf, twoerner
Target Milestone: rcKeywords: TestCaseProvided, Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.9.1-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-18 15:48:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
report.html none

Description Scott Poore 2020-12-21 21:59:02 UTC 
Description of problem:

Uninstalling IPA after it was installed without DNS results in a failure because named group is missing:

# ipa-server-install --uninstall --unattended
Forcing removal of servername
Failed to cleanup servername DNS entries: no such entry
You may need to manually remove them from the tree
----------------------------------------------------------------------
Deleted IPA server "servername"
----------------------------------------------------------------------
Shutting down all IPA services
Unconfiguring CA
group 'named' not found
The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information


Version-Release number of selected component (if applicable):

# rpm -q ipa-server
ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64

# dnf module info idm
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Last metadata expiration check: 1:07:39 ago on Mon 21 Dec 2020 08:40:27 PM UTC.
Name             : idm
Stream           : DL1 [e] [a]
Version          : 8040020201211123410
Context          : 1f8cbe47
Architecture     : x86_64
Profiles         : adtrust, client, common [d], dns, server [i]
Default profiles : common
Repo             : rhel-8.4-appstream
Summary          : The Red Hat Enterprise Linux Identity Management system module


How reproducible:
seems consistent

Steps to Reproduce:
1. dnf -y module enable idm:DL1
2. dnf -y module install idm:DL1/server
3. ipa-server-install --realm=TESTRELM.TEST --ds-password=Secret123 --admin-password=Secret123 --unattended
4. ipa-server-install --uninstall --unattended

Actual results:
Fails with message:

group 'named' not found

Expected results:
ipa uninstalled cleanly with no failures.

Additional info:

simply adding the system user named before uninstall works around the issue.
Comment 3 Alexander Bokovoy 2020-12-22 08:02:18 UTC 
Upstream PR: https://github.com/freeipa/freeipa/pull/5376
Comment 4 Alexander Bokovoy 2020-12-22 14:18:17 UTC 
Fixed upstream
ipa-4-9:
https://pagure.io/freeipa/c/eb42b1097a89c5e863bd4fd1714d5ce84a47b718
https://pagure.io/freeipa/c/eae9f0d80c8fe67fdd44a9c772ce2c4234b35ba0
https://pagure.io/freeipa/c/eca22818c911646a111d2257213ee22737e2555f
master:
https://pagure.io/freeipa/c/8e16a1d169ddd6b6c1fee8f666ba7660b6d8ed6e
https://pagure.io/freeipa/c/b6a645338c447f8081c3e3501b7bfeb56178ca1d
https://pagure.io/freeipa/c/4c4f16fc9cd08385fda90452669484ab647c47eb
Comment 7 Florence Blanc-Renaud 2021-01-21 12:48:03 UTC 
Test case added upstream in ipatests/test_integration/test_uninstall.py (new file)

Fixed upstream
master:
https://pagure.io/freeipa/c/69d480003bc6a7c75280c3c1a5e30cd252edcaec
https://pagure.io/freeipa/c/74b4d7e4df3b5406bc62ed1663318430e1739d1c
Comment 16 Rob Crittenden 2021-02-01 15:40:18 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/f621d607bb7852b2aaac4626ede029bf11951319
https://pagure.io/freeipa/c/776d575c0607ad5c390b2199a07f0261e0a0cb8f
https://pagure.io/freeipa/c/3a584803da697b80d49590223be632a7451e1b7e
Comment 17 Mohammad Rizwan 2021-02-02 14:48:52 UTC 
Created attachment 1754415 [details]
report.html

Final verification done using: ipa-server-4.9.1.1.module+el8.4.0+9665+c9815399

2021-02-02T13:51:51+0000 ------------- generated html file: file:///tmp/wp/twd/report.html --------------
2021-02-02T13:51:51+0000 =========================== short test summary info ============================
2021-02-02T13:51:51+0000 PASSED ipatests/test_integration/test_uninstallation.py::TestUninstallWithoutDNS::test_uninstall_server_without_dns
2021-02-02T13:51:51+0000 ==================== 1 passed, 1 warnings in 364.40 seconds ====================
Comment 18 Alexander Bokovoy 2021-02-03 07:03:49 UTC 
Backport for ipa-4-9:
https://pagure.io/freeipa/c/85674f16a18a6d4917dcf56330dc122902b53475
Comment 20 errata-xmlrpc 2021-05-18 15:48:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1846