Red Hat Bugzilla – Bug 1186398
Wrong directories created on full restore
Last modified: 2015-03-05 05:19:36 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/4865 Doing a full IPA restore on an uninstalled server will not create the correct log directories needed by tomcat. It will create /var/log/pki-ca and /var/log/pki-ca/signedAudit. These should be in /var/log/pki/pki-tomcat/ca/
Fixed upstream: master: c90286cbbc1ab21e185c4d60d3a86142172c47ca Create correct log directories during full restore in ipa-restore ipa-4-1: 275fb2dcec64d7de48bec9faf16c4551d18c6c42 Create correct log directories during full restore in ipa-restore
Verified as SanityOnly as was not reproducible at my end. IPA Version: ============ [root@master ~]# rpm -q ipa-server ipa-server-4.1.0-17.el7.x86_64 [root@master ~]# Consolo output: =============== [root@master ~]# ls -la /var/log/pki/ total 8 drwxr-xr-x. 3 root root 55 Jan 29 17:09 . drwxr-xr-x. 14 root root 4096 Jan 29 17:09 .. -rw-r--r--. 1 root root 136 Jan 29 17:09 pki-server-upgrade-10.1.2.log drwxr-xr-x. 3 root root 20 Jan 29 17:09 server [root@master ~]# [root@master ~]# ipa-restore -p xxxxxxxx -U /var/lib/ipa/backup/ipa-full-2015-01-29-16-31-20/ Preparing restore from /var/lib/ipa/backup/ipa-full-2015-01-29-16-31-20/ on master.testrelm.test Performing FULL restore from FULL backup Each master will individually need to be re-initialized or re-created from this one. The replication agreements on masters running IPA 3.1 or earlier will need to be manually re-enabled. See the man page for details. Disabling all replication. Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory Stopping IPA services Restoring files Systemwide CA database updated. Starting IPA services Restarting SSSD The ipa-restore command was successful [root@master ~]# [root@master ~]# ls -la /var/log/pki/ total 58932 drwxr-xr-x. 4 root root 16384 Jan 29 16:22 . drwxr-xr-x. 14 root root 4096 Jan 29 17:13 .. -rw-rw----. 1 pkiuser pkiuser 60099 Nov 17 22:53 pki-ca-destroy.20141117225332.log -rw-rw----. 1 pkiuser pkiuser 60099 Nov 18 15:20 pki-ca-destroy.20141118152057.log .. ... .... -rw-rw----. 1 pkiuser pkiuser 410428 Jan 29 16:23 pki-ca-spawn.20150129162205.log -rw-r--r--. 1 root root 854 Nov 27 12:44 pki-server-upgrade-10.1.2.log drwxrwx---. 3 pkiuser pkiuser 4096 Jan 29 16:22 pki-tomcat -rw-r--r--. 1 root root 1410 Nov 27 12:44 pki-upgrade-10.1.2.log drwxr-xr-x. 3 root root 20 Nov 21 18:06 server [root@master ~]# [root@master ~]# echo xxxxxxxx|kinit admin Password for admin@TESTRELM.TEST: [root@master ~]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: admin@TESTRELM.TEST Valid starting Expires Service principal 01/29/2015 17:14:31 01/30/2015 17:14:31 krbtgt/TESTRELM.TEST@TESTRELM.TEST [root@master ~]# [root@master ~]# ipa user-find --------------- 2 users matched --------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 721000000 GID: 721000000 Account disabled: False Password: True Kerberos keys available: True User login: testuser1 First name: testuser1 Last name: testuser1 Home directory: /home/testuser1 Login shell: /bin/sh Email address: testuser1@testrelm.test UID: 721000001 GID: 721000001 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 2 ---------------------------- [root@master ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html