Bug 450941

Summary: Does not do in-use port detection properly
Product: [Community] 389 Reporter: Rob Crittenden <rcritten>
Component: Install/UninstallAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: low Docs Contact:
Priority: low    
Version: 1.1.0CC: andrey.ivanov
Target Milestone: ---Keywords: VerifiedUpstream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 11:54:45 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 249650, 442454, 452721    
Attachments:
Description Flags
diffs
none
cvs commit log none

Description Rob Crittenden 2008-06-11 16:17:36 EDT
Description of problem:

The DS installer checks to see if the requested ports are in-use before
continuing the installation (Util.pm::portAvailable). It does not set
SO_REUSEADDR so incorrectly detects as in-use ports that otherwise should be
available.

Version-Release number of selected component (if applicable):

fedora-ds-base-1.1.1-1.fc7

Steps to Reproduce:

I'm testing this in the context of the ipa project, so using those tools:

1. ipa-server-install
2. kinit admin
3. ipa-server-install --uninstall -U
4. ipa-server-install

After the uninstall there will be a number of sockets in TIME_WAIT and FIN_WAIT2.
Comment 1 Chandrasekar Kannan 2008-06-17 09:24:25 EDT
Wait for a couple of minutes after uninstall and then try install again. 
Comment 2 Rich Megginson 2008-07-08 17:13:17 EDT
*** Util.pm.in.~1.16.~	2007-12-17 16:49:50.000000000 -0700
--- Util.pm.in	2008-07-08 15:11:15.000000000 -0600
***************
*** 78,83 ****
--- 78,84 ----
      my $proto = getprotobyname('tcp');
      my $rc = socket(SOCK, PF_INET, SOCK_STREAM, $proto);
      if ($rc == 1) {
+         setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, 1);
          $rc = bind(SOCK, sockaddr_in($port, INADDR_ANY));
      }
      close(SOCK);
Comment 3 Rich Megginson 2008-07-14 12:41:40 EDT
Created attachment 311729 [details]
diffs
Comment 4 Rich Megginson 2008-07-14 19:26:33 EDT
Created attachment 311787 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Set SO_REUSEADDR to make sure the port is really available.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
Comment 5 Michael Gregg 2009-04-15 20:18:52 EDT
It appears that this bug still exists:

ipa-server-install:
Setup complete
Next steps:
Be sure to back up the CA certificate stored in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/cacert.p12
The password for this file is in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/pwdfile.txt

[root@localhost ~]# kinit admin
Password for admin@DSDEV.SJC.REDHAT.COM: 

[root@localhost ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@DSDEV.SJC.REDHAT.COM
Valid starting     Expires            Service principal
04/15/09 18:20:40  04/16/09 18:20:37  krbtgt/DSDEV.SJC.REDHAT.COM@DSDEV.SJC.REDHAT.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

[root@localhost ~]# ipa-server-install --uninstall -U

[root@localhost ~]# ipa-server-install 

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup the FreeIPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure TurboGears

To accept the default shown in brackets, press the Enter key.

IPA requires ports 389 and 636 for the Directory Server.
These are currently in use:
	389
Comment 6 Michael Gregg 2009-04-15 20:49:24 EDT
tested against  

rpm -qa ipa-server
ipa-server-1.2.1-1.fc9.x86_64
Comment 7 Rob Crittenden 2009-04-15 20:51:41 EDT
We had to adjust the IPA port detection routines to match the DS ones so we could detect the unavailable port early on and not fail during ds-setup. It could be that this is a false-alarm.
Comment 8 Rich Megginson 2009-09-21 15:47:45 EDT
I would like to either close this bug or move it to freeipa - ok?
Comment 9 Rob Crittenden 2009-09-23 09:35:05 EDT
The DS part should be testable using setup-ds.pl I think. Rich, correct me if I'm wrong, but I think the process would be:

- setup-ds.pl
- run some queries against server
- remove-ds.pl
- setup-ds.pl (should not fail)

I think it would be best for tracking to open a separate bug against IPA.
Comment 10 Rich Megginson 2009-09-23 10:16:26 EDT
(In reply to comment #9)
> The DS part should be testable using setup-ds.pl I think. Rich, correct me if
> I'm wrong, but I think the process would be:
> 
> - setup-ds.pl
> - run some queries against server
> - remove-ds.pl
> - setup-ds.pl (should not fail)

Correct.
> 
> I think it would be best for tracking to open a separate bug against IPA.
Comment 11 Rich Megginson 2009-09-25 13:48:28 EDT
ok - closing - please open a separate IPA BUG