Bug 1080532
| Summary: | ipa-client-install --uninstall crash on a freshly installed machine joined to IPA via reamd and anaconda | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> | ||||
| Component: | ipa | Assignee: | Martin Kosek <mkosek> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 7.0 | CC: | jgalipea, jpazdziora, pkis, pviktori, rcritten, rmainz, spoore | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-4.0.3-1.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-03-05 10:10:43 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
chrony apparently could not be started. Can you please also attach ipaclient-uninstall.log? It would help us understand why. Created attachment 878914 [details]
ipa install/uninstall logs
Thanks. I will open an upstream ticket. Upstream ticket: https://fedorahosted.org/freeipa/ticket/4273 What does /bin/systemctl status chronyd.service show as the log after that failed /bin/systemctl start chronyd.service? (In reply to Jan Pazdziora from comment #5) > What does /bin/systemctl status chronyd.service show as the log after that > failed /bin/systemctl start chronyd.service? I guess it would report error since chronyd is not installed as it is mentioned description, but I have not tested it. I don't have the failing environment anymore so it would take some time to set it up again; do you really need to test this? This is strange because the restore_forced_ntpd where it tracebacks should take the list of services from the statestore and should attempt to start the service only if it was seen running before. Looking at the ipaclient-install.log 2014-03-25T15:26:35Z DEBUG args=/bin/systemctl is-enabled chronyd.service 2014-03-25T15:26:35Z DEBUG Process finished, return code=1 2014-03-25T15:26:35Z DEBUG stdout= 2014-03-25T15:26:35Z DEBUG stderr= 2014-03-25T15:26:35Z DEBUG Starting external process 2014-03-25T15:26:35Z DEBUG args=/bin/systemctl is-active chronyd.service 2014-03-25T15:26:35Z DEBUG Process finished, return code=0 2014-03-25T15:26:35Z DEBUG stdout= 2014-03-25T15:26:35Z DEBUG stderr=Running in chroot, ignoring request. 2014-03-25T15:26:35Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2014-03-25T15:26:35Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2014-03-25T15:26:35Z DEBUG Starting external process 2014-03-25T15:26:35Z DEBUG args=/bin/systemctl stop chronyd.service 2014-03-25T15:26:35Z DEBUG Process finished, return code=0 2014-03-25T15:26:35Z DEBUG stdout= 2014-03-25T15:26:35Z DEBUG stderr=Running in chroot, ignoring request. The problem seems to be that /bin/systemctl is-active chronyd.service returns code 0 even if it says Running in chroot, ignoring request. For the record: bug 1110675 was filed to get systemd behaviour changed. However, until that happens and change gets to RHEL 7 (if the behaviour is ever changed), we might need to check for the "running in chroot" situation and ignore the systemctl results. Fixed upstream master: https://fedorahosted.org/freeipa/changeset/2ff14607b170c86ccd93cff60f5a34d64cd1e419 ipa-4-1: https://fedorahosted.org/freeipa/changeset/2ff14607b170c86ccd93cff60f5a34d64cd1e419 ipa-4-0: https://fedorahosted.org/freeipa/changeset/2ff14607b170c86ccd93cff60f5a34d64cd1e419 Verified. Version :: ipa-client-4.1.0-16.el7.x86_64 Results :: [root@vm2 ~]# ipa-client-install --uninstall --unattended Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Failed to start chronyd: Command ''/bin/systemctl' 'start' 'chronyd.service'' returned non-zero exit status 6 Systemwide CA database updated. Client uninstall complete. So, proper error message and no crash. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |
Description of problem: When joining a machine to IPA via realmd during the machine installation with anaconda kickstart, the ipa uninstall crashes. I was not able to reproduce this issue under other conditions, only just after installation and joining via anaconda. It seems that ipa client ties to start the chronyd service, but as it is not installed it crashes. I think it should handle the situation more clearly. Version-Release number of selected component (if applicable): ipa-client-3.3.3-25.el7 How reproducible: always Steps to Reproduce: 1/ Install a machine with kickstart and join it to IPA; I use the following kickstart file: text zerombr bootloader --location=mbr clearpart --all --initlabel autopart logging --level=debug rootpw --plaintext redhat firewall --disabled keyboard us lang en_US timezone --isUtc America/New_York network --bootproto=static --device=eth0 --gateway=192.168.100.1 --ip=192.168.100.72 --netmask=255.255.255.0 --nameserver=10.34.37.24 --hostname=rhel72.ipa.baseos.qe --noipv6 --activate reboot realm join --one-time-password=MyPassword ipa.baseos.qe %packages --ignoremissing wget make @core %end 2/ After the installation log into the machine and try remove it from IPA: [root@rhel72 ~]# /usr/sbin/ipa-client-install --uninstall --unattended Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 2597, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 2569, in main return uninstall(options, env) File "/usr/sbin/ipa-client-install", line 619, in uninstall ipaclient.ntpconf.restore_forced_ntpd(statestore) File "/usr/lib/python2.7/site-packages/ipaclient/ntpconf.py", line 224, in restore_forced_ntpd service.start() File "/usr/lib/python2.7/site-packages/ipapython/platform/base/systemd.py", line 119, in start ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 328, in run raise CalledProcessError(p.returncode, arg_string, stdout) subprocess.CalledProcessError: Command '/bin/systemctl start chronyd.service' returned non-zero exit status 6 The second attempt seems to be successful: [root@rhel72 log]# [root@rhel72 log]# /usr/sbin/ipa-client-install --uninstall --unattended Unenrolling client from IPA server Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm. Removing Kerberos service principals from /etc/krb5.keytab Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IPA.BASEOS.QE' returned non-zero exit status 5 Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete.