Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1186396 - ipa-restore crashes if replica is unreachable
ipa-restore crashes if replica is unreachable
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.0
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-27 10:37 EST by Martin Kosek
Modified: 2015-03-05 05:19 EST (History)
3 users (show)

See Also:
Fixed In Version: ipa-4.1.0-17.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 05:19:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0442 normal SHIPPED_LIVE Moderate: ipa security, bug fix, and enhancement update 2015-03-05 09:50:39 EST

  None (edit)
Description Martin Kosek 2015-01-27 10:37:24 EST 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4857

Transcript:
{{{
# ipa-restore --data --online /var/lib/ipa/backup/ipa-data-2015-01-19-23-02-40 --debug
Directory Manager (existing master) password: 

ipa.ipaserver.install.ipa_restore.Restore: DEBUG: Logging to /var/log/iparestore.log
ipa.ipaserver.install.ipa_restore.Restore: DEBUG: ipa-restore was invoked with arguments ['/var/lib/ipa/backup/ipa-data-2015-01-19-23-02-40'] and options: {'log_file': None, 'data_only': True, 'verbose': True, 'gpg_keyring': None, 'quiet': False, 'instance': None, 'no_logs': False, 'online': True, 'password': None, 'unattended': False, 'backend': None}
ipa.ipaserver.install.ipa_restore.Restore: DEBUG: IPA version 4.1.2.201501140350GIT6950e7b-0.fc21
ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'...
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idviews.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/otpconfig.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken_yubikey.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'
ipa: DEBUG: Starting external process
ipa: DEBUG: args='klist' '-V'
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=Kerberos 5 version 1.12.2

ipa: DEBUG: stderr=
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/radiusproxy.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/rpcclient.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
ipa.ipaserver.install.ipa_restore.Restore: INFO: Preparing restore from /var/lib/ipa/backup/ipa-data-2015-01-19-23-02-40 on ipa.mkosek-f21.test
ipa: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa.ipaserver.install.ipa_restore.Restore: INFO: Performing DATA restore from DATA backup
ipa.ipaplatform.base.tasks: DEBUG: group dirsrv exists
ipa.ipaplatform.base.tasks: DEBUG: user dirsrv exists
ipa: DEBUG: Starting external process
ipa: DEBUG: args='tar' '--xattrs' '--selinux' '-xzf' '/var/lib/ipa/backup/ipa-data-2015-01-19-23-02-40/ipa-data.tar' '.'
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=
Restoring data will overwrite existing live data. Continue to restore? [no]: y
ipa.ipaserver.install.ipa_restore.Restore: INFO: Each master will individually need to be re-initialized or
ipa.ipaserver.install.ipa_restore.Restore: INFO: re-created from this one. The replication agreements on
ipa.ipaserver.install.ipa_restore.Restore: INFO: masters running IPA 3.1 or earlier will need to be manually
ipa.ipaserver.install.ipa_restore.Restore: INFO: re-enabled. See the man page for details.
ipa.ipaserver.install.ipa_restore.Restore: INFO: Disabling all replication.
ipa.ipapython.ipaldap.SchemaCache: DEBUG: flushing ldapi://%2fvar%2frun%2fslapd-MKOSEK-F21-TEST.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-MKOSEK-F21-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f0ba5a04098>
ipa: DEBUG: wait_for_open_ports: vm-089.idm.lab.bos.redhat.com [636] timeout 10
ipa.ipaserver.install.ipa_restore.Restore: CRITICAL: Unable to disable agreement on vm-089.idm.lab.bos.redhat.com: 
ipa.ipaserver.install.ipa_restore.Restore: DEBUG:   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 349, in run
    self.disable_agreements()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 464, in disable_agreements
    services = repl.conn.get_entries(master_dn,

ipa.ipaserver.install.ipa_restore.Restore: DEBUG: The ipa-restore command failed, exception: UnboundLocalError: local variable 'repl' referenced before assignment
ipa.ipaserver.install.ipa_restore.Restore: ERROR: local variable 'repl' referenced before assignment
}}}
Comment 4 Kaleem 2015-01-28 10:41:04 EST 
Verified.

IPA Version:
============
[root@master ~]# rpm -q ipa-server
ipa-server-4.1.0-17.el7.x86_64
[root@master ~]# 

"Unable to disable agreement on dhcp207-58.testrelm.test: " is shown now if Replica not reachable to during ipa-restore.


[root@master ~]# ipa user-del testuser1
------------------------
Deleted user "testuser1"
------------------------
[root@master ~]# ipa-restore --data --online -p xxxxxxxx /var/lib/ipa/backup/ipa-data-2015-01-28-23-39-11
Preparing restore from /var/lib/ipa/backup/ipa-data-2015-01-28-23-39-11 on master.testrelm.test
Performing DATA restore from DATA backup
Restoring data will overwrite existing live data. Continue to restore? [no]: yes
Each master will individually need to be re-initialized or
re-created from this one. The replication agreements on
masters running IPA 3.1 or earlier will need to be manually
re-enabled. See the man page for details.
Disabling all replication.
Unable to disable agreement on dhcp207-58.testrelm.test: 
Starting Directory Server
Restoring from userRoot in TESTRELM-TEST
Waiting for LDIF to finish
Restoring from ipaca in TESTRELM-TEST
Waiting for LDIF to finish
The ipa-restore command was successful
[root@master ~]# ipa user-find
---------------
3 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 1983000000
  GID: 1983000000
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: testuser1
  First name: testuser1
  Last name: testuser1
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1@testrelm.test
  UID: 1983000001
  GID: 1983000001
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: testuser2
  First name: testuser2
  Last name: testuser2
  Home directory: /home/testuser2
  Login shell: /bin/sh
  Email address: testuser2@testrelm.test
  UID: 1983100500
  GID: 1983100500
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 3
----------------------------
[root@master ~]#
Comment 6 errata-xmlrpc 2015-03-05 05:19:34 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.