Bug 827162
| Summary: | ipa-client uninstall causes a crash after installing using --preserve-sssd | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Namita Soman <nsoman> | ||||
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 6.3 | CC: | jgalipea, ksiddiqu, mkosek | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-3.0.0-1.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-02-21 09:14:41 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 588181 [details]
ipaclient-uninstall.log sssd.conf ipaclient-install.log krb5.conf
I tried to reproduce the issue manually, but the uninstall (with you configuration) worked for me as well. Namita, can you please also include /etc/sssd/sssd.conf in the state after the IPA client uninstallation and what is in /var/log/messages? The reason why sssd failed to start should be there. sssd may have failed to start for example because of incorrect permissions on /etc/sssd/sssd.conf. Yes - incorrect permissions was the most likely cause. i don't have the setup, but /var/log/messages had a message about the permission. After i had the corrected sssd.conf, didn't see the crash. But should the uninstall fail with a crash because of permissions? Also as far as i remember sssd.conf didn't change, because i had started with this sssd.conf to test preserve-sssd...so restores back to what i started with. I tested this use case again today and it worked for me - if /etc/sssd/sssd.conf permissions were right before ipa-client-install, they were preserved after uninstall as we edit the file in-place. Namita, can you please check if the permissions in the failing scenario were in a correct state? When the permissions areright, you would see something like that (i.e. no access for group, others): # ll /etc/sssd/sssd.conf -rw-------. 1 root root 371 Jun 1 02:47 /etc/sssd/sssd.conf the permissions were not correct, and looks like that was causing the crash. Can we give an error of some sort instead of crashing? Right, we can do that. I will open a ticket. Upstream ticket: https://fedorahosted.org/freeipa/ticket/2827 Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/53967f21bd4c35dee2209d1d80b65deb2ad177d6 Verified. Now following message is displayed in ipa-client un-installation console messages instead of crashing "SSSD service restart was unsuccessful." ipa-client/sssd version: ======================= [root@rhel64client1 ~]# rpm -q ipa-client sssd ipa-client-3.0.0-8.el6.x86_64 sssd-1.9.2-21.el6.x86_64 [root@rhel64client1 ~]# [root@rhel64client1 ~]# ipa-client-install -p admin -w xxxxxxxx --server=rhel64master.testrelm.com --domain=testrelm.com --preserve-sssd -U Hostname: rhel64client1.testrelm.com Realm: TESTRELM.COM DNS Domain: testrelm.com IPA Server: rhel64master.testrelm.com BaseDN: dc=testrelm,dc=com Synchronizing time with KDC... Enrolled in IPA realm TESTRELM.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.COM trying https://rhel64master.testrelm.com/ipa/xml Hostname (rhel64client1.testrelm.com) not found in DNS Failed to update DNS records. Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Forwarding 'host_mod' to server u'http://rhel64master.testrelm.com/ipa/xml' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf Unable to find 'admin' user with 'getent passwd admin'! Recognized configuration: SSSD NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete. [root@rhel64client1 ~]# [root@rhel64client1 ~]# ls -la /etc/sssd/sssd.conf -rw-------. 1 root root 645 Nov 26 10:37 /etc/sssd/sssd.conf [root@rhel64client1 ~]# [root@rhel64client1 ~]# chmod 666 /etc/sssd/sssd.conf [root@rhel64client1 ~]# ls -la /etc/sssd/sssd.conf -rw-rw-rw-. 1 root root 645 Nov 26 10:37 /etc/sssd/sssd.conf [root@rhel64client1 ~]# ipa-client-install --uninstall -U [root@rhel64client1 ~]# ipa-client-install --uninstall -U Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations The original configuration of SSSD included other domains than the IPA-based one. Original pre-IPA SSSD configuration file was restored to /etc/sssd/sssd.conf.bkp. IPA domain removed from current one, restarting SSSD service SSSD service restart was unsuccessful. Restoring client configuration files nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete. [root@rhel64client1 ~]# Extract from /var/log/messages: =============================== Nov 26 10:38:11 rhel64client1 oddjobd: oddjobd startup succeeded Nov 26 10:38:11 rhel64client1 sssd: Cannot read config file /etc/sssd/sssd.conf, please check if permissions are 0600 and the file is owned by root.root Nov 26 10:38:12 rhel64client1 ntpd[9208]: ntpd exiting on signal 15 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html |
Description of problem: Automation seems to always have a crash, but doing it manually, it is not always crashing. Sequence of events: Install ipa-client using --preserve-sssd (attaching what sssd.conf and krb5.conf looked like before install) Uninstall And the crash is as seen below: Install: # ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w Secret123 -U --server=qe-blade-05.testrelm.com --preserve-sssd Discovery was successful! Hostname: ipaqa64vmb.testrelm.com Realm: TESTRELM.COM DNS Domain: testrelm.com IPA Server: qe-blade-05.testrelm.com BaseDN: dc=testrelm,dc=com Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Enrolled in IPA realm TESTRELM.COM Created /etc/ipa/default.conf Unable to activate the SSH service in SSSD config. Please make sure you have SSSD built with SSH support installed. Configure SSH support manually in /etc/sssd/sssd.conf. Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.COM Warning: Hostname (ipaqa64vmb.testrelm.com) not found in DNS DNS server record set to: ipaqa64vmb.testrelm.com -> 10.16.98.183 SSSD enabled NTP enabled Client configuration complete. Uninstall: # ipa-client-install --uninstall Unenrolling client from IPA server Unenrolling host failed: Error obtaining initial credentials: Preauthentication failed. Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Restoring client configuration files The original configuration of SSSD included other domains than IPA-based one. Original configuration file is restored, restarting SSSD service. Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1558, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1538, in main return uninstall(options, env) File "/usr/sbin/ipa-client-install", line 409, in uninstall sssd.restart() File "/usr/lib/python2.6/site-packages/ipapython/platform/redhat.py", line 47, in restart ipautil.run(["/sbin/service", self.service_name, "restart", instance_name], capture_output=capture_output) File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 291, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/sbin/service sssd restart ' returned non-zero exit status 1 Version-Release number of selected component (if applicable): ipa-client-2.2.0-16.el6.x86_64 How reproducible: not always Steps to Reproduce: 1. As indicated above Actual results: uninstall crashes Expected results: uninstall successfully Additional info: