RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1186398 - Wrong directories created on full restore
Summary: Wrong directories created on full restore
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-27 15:39 UTC by Martin Kosek
Modified: 2015-03-05 10:19 UTC (History)
3 users (show)

Fixed In Version: ipa-4.1.0-17.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 10:19:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0442 0 normal SHIPPED_LIVE Moderate: ipa security, bug fix, and enhancement update 2015-03-05 14:50:39 UTC

Description Martin Kosek 2015-01-27 15:39:32 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4865

Doing a full IPA restore on an uninstalled server will not create the correct log directories needed by tomcat.

It will create /var/log/pki-ca and /var/log/pki-ca/signedAudit.

These should be in /var/log/pki/pki-tomcat/ca/
Comment 2 Martin Kosek 2015-01-27 15:59:01 UTC 
Fixed upstream:

master:
c90286cbbc1ab21e185c4d60d3a86142172c47ca Create correct log directories during full restore in ipa-restore

ipa-4-1:
275fb2dcec64d7de48bec9faf16c4551d18c6c42 Create correct log directories during full restore in ipa-restore
Comment 4 Kaleem 2015-01-29 09:25:38 UTC 
Verified as SanityOnly as was not reproducible at my end.

IPA Version:
============
[root@master ~]# rpm -q ipa-server
ipa-server-4.1.0-17.el7.x86_64
[root@master ~]# 

Consolo output:
===============
[root@master ~]# ls -la /var/log/pki/
total 8
drwxr-xr-x.  3 root root   55 Jan 29 17:09 .
drwxr-xr-x. 14 root root 4096 Jan 29 17:09 ..
-rw-r--r--.  1 root root  136 Jan 29 17:09 pki-server-upgrade-10.1.2.log
drwxr-xr-x.  3 root root   20 Jan 29 17:09 server
[root@master ~]#

[root@master ~]# ipa-restore -p xxxxxxxx -U /var/lib/ipa/backup/ipa-full-2015-01-29-16-31-20/
Preparing restore from /var/lib/ipa/backup/ipa-full-2015-01-29-16-31-20/ on master.testrelm.test
Performing FULL restore from FULL backup
Each master will individually need to be re-initialized or
re-created from this one. The replication agreements on
masters running IPA 3.1 or earlier will need to be manually
re-enabled. See the man page for details.
Disabling all replication.
Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory
Stopping IPA services
Restoring files
Systemwide CA database updated.
Starting IPA services
Restarting SSSD
The ipa-restore command was successful
[root@master ~]#

[root@master ~]# ls -la /var/log/pki/
total 58932
drwxr-xr-x.  4 root    root     16384 Jan 29 16:22 .
drwxr-xr-x. 14 root    root      4096 Jan 29 17:13 ..
-rw-rw----.  1 pkiuser pkiuser  60099 Nov 17 22:53 pki-ca-destroy.20141117225332.log
-rw-rw----.  1 pkiuser pkiuser  60099 Nov 18 15:20 pki-ca-destroy.20141118152057.log
..
...
....
-rw-rw----.  1 pkiuser pkiuser 410428 Jan 29 16:23 pki-ca-spawn.20150129162205.log
-rw-r--r--.  1 root    root       854 Nov 27 12:44 pki-server-upgrade-10.1.2.log
drwxrwx---.  3 pkiuser pkiuser   4096 Jan 29 16:22 pki-tomcat
-rw-r--r--.  1 root    root      1410 Nov 27 12:44 pki-upgrade-10.1.2.log
drwxr-xr-x.  3 root    root        20 Nov 21 18:06 server
[root@master ~]#

[root@master ~]# echo xxxxxxxx|kinit admin
Password for admin: 
[root@master ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin

Valid starting       Expires              Service principal
01/29/2015 17:14:31  01/30/2015 17:14:31  krbtgt/TESTRELM.TEST
[root@master ~]#

[root@master ~]# ipa user-find
---------------
2 users matched
---------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  UID: 721000000
  GID: 721000000
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: testuser1
  First name: testuser1
  Last name: testuser1
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1
  UID: 721000001
  GID: 721000001
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 2
----------------------------
[root@master ~]#
Comment 6 errata-xmlrpc 2015-03-05 10:19:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html
Note You need to log in before you can comment on or make changes to this bug.