Bug 2214933
Summary: | Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Varun Mylaraiah <mvarun> |
Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 9.3 | CC: | amore, gkaihoro, rcritten, tscherf, twoerner |
Target Milestone: | rc | Keywords: | Regression, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.10.2-2.el9 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-11-07 08:34:14 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Deadline: | 2023-07-03 |
Description
Varun Mylaraiah
2023-06-14 06:52:10 UTC
Upstream ticket: https://pagure.io/freeipa/issue/9330 Additional information: also, Failure was noticed in the ipa-server-4.10.1-7 and idm-pki-ca-11.4.2-1 But it was working fine with ipa-server-4.10.1-6 and idm-pki-ca-11.3.0-1 The issue was also seen upstream and appeared with PKI 11.4. With earlier versions, pki destroy is successful even if the PKI service is down. With 11.4 it fails. IPA uninstallation stops the pki service before calling pkidestroy, we should investigate if it's possible to keep pki running. There are two issues here: "Unconfiguring CA" is failing AND "ipa-server-install --uninstall -U" is not failing. The uninstall not failing if any component fails to uninstall is working as expected. It charges on and the uninstaller is idempotent so can be re-run. There are several valid use-cases to uninstall any component where it is not running: - it wasn't completely set up in the first place (deployment fails) - some configuration is in such a state the component simply won't start (e.g. expired certificates) I think the pki team is going to need to address this. Upstream PR: https://github.com/freeipa/freeipa/pull/6881 Fixed upstream master: https://pagure.io/freeipa/c/67a33e5a305c7510fb182f84e46f304043f6ab37 https://pagure.io/freeipa/c/6c84ae5c3035ecd917404cc41c32a4b25c607b46 Test case available upstream: test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault Fixed upstream ipa-4-10: https://pagure.io/freeipa/c/f93a6d3ff52247ce5e582816fec689b8901fc984 https://pagure.io/freeipa/c/b9a07b1e97ee4e310b50860103872685da540da4 Test result without fix: FAILED test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault ============== 1 failed, 1 passed, 1 warning in 746.24s (0:12:26) ============== =========================================================================================================================================================== Test result with fix using test-compose: test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault PASSED [ 50%] test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_no_error_message_with_uninstall_ipa_with_kra PASSED [100%] =============================== warnings summary =============================== ================== 2 passed, 1 warning in 1135.84s (0:18:55) =================== Verified using nightly build: ipa-4.10.2-2.el9 test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault PASSED [ 50%] test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_no_error_message_with_uninstall_ipa_with_kra PASSED [100%] ----------- generated html file: file:///home/cloud-user/report.html ----------- ================== 2 passed, 1 warning in 1123.16s (0:18:43) =================== Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6477 |