Bug 1256518 - database cleanup/expire procedure
database cleanup/expire procedure
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipsilon (Show other bugs)
7.2
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
:
: 1265261 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-24 15:57 EDT by Nathan Kinder
Modified: 2015-11-19 05:50 EST (History)
4 users (show)

See Also:
Fixed In Version: ipsilon-1.0.0-11.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 05:50:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:2319 normal SHIPPED_LIVE new packages: ipsilon 2015-11-19 05:06:13 EST

  None (edit)
Description Nathan Kinder 2015-08-24 15:57:06 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/ipsilon/ticket/155

Currently on the saml2 session database has a background task for cleanup. A generic mechanism is needed to clean up/expire old entries across any database.

The default should be to do nothing as some (e.g. config) don't need cleanup.
Comment 3 Patrick Uiterwijk 2015-09-06 13:11:39 EDT
This has been fixed upstream in the following commits:
Framework: 1e985d549481a2ca0e03440e410912b4e2b49271
TranStore: 2b17119bb97eba45030d18f590624c2b2a9f257e
Sessions: 24fa1f2acd9cb84342064ec59b311968353fd0ae
OpenIDStore: 11bbbe3ac6a0842599ab2e5110427758ebaa5573
Comment 6 Patrick Uiterwijk 2015-09-22 12:32:40 EDT
*** Bug 1265261 has been marked as a duplicate of this bug. ***
Comment 7 Jan Pazdziora 2015-09-23 02:16:33 EDT
Per bug 1265261, things are broken in ipsilon-1.0.0-10 so this bugzilla should likely be in ASSIGNED, for fix in the backport.
Comment 9 Scott Poore 2015-10-14 13:43:33 EDT
Verified.

Version ::

ipsilon-1.0.0-12.el7.noarch

Results ::

I installed IPA Server and 2 clients.  1 IPA client setup as IDP server and the other setup as SP.

Create a user and login to a third IPA client workstation with X.  Configure firefox for kerberos for the IPA domain.

Setup IDP debug logging:

/etc/ipsilon/idp/ipsilon.conf
[global]
debug = True
tools.log_request_response.on = True
...
db.conn.log = True
log.screen = True
...

Then connect via GSSAPI from workstation as user to SP.  Check logs on IDP for scheduled cleanups:

[Wed Oct 14 11:09:53.937544 2015] [:error] [pid 11211] [14/Oct/2015:11:09:53] ENGINE Started monitor thread 'Session cleanup'.
...
[Wed Oct 14 11:09:53.942111 2015] [:error] [pid 11211] [14/Oct/2015:11:09:53]  DEBUG(ipsilon/util/data.py:317 TranStore._schedule_cleanup()): Scheduling cleanups for TranStore
...
[Wed Oct 14 11:10:53.971045 2015] [:error] [pid 11211] [14/Oct/2015:11:10:53]  DEBUG(ipsilon/util/data.py:345 SAML2SessionStore._maybe_run_cleanup()): Cleaned up 0 entries for SAML2SessionStore
Comment 10 errata-xmlrpc 2015-11-19 05:50:57 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-2319.html

Note You need to log in before you can comment on or make changes to this bug.