Bug 1304618 - Residual Files After IPA Server Uninstall
Summary: Residual Files After IPA Server Uninstall
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-04 08:19 UTC by ilmostro7
Modified: 2016-11-04 05:50 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-11-04 05:50:59 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC
FedoraHosted FreeIPA 2694 None None None 2016-02-04 08:31 UTC
FedoraHosted FreeIPA 5508 None None None 2016-02-04 08:31 UTC

Description ilmostro7 2016-02-04 08:19:37 UTC
Description of problem:
Decommissioning a system as the IPA Server(IdM) using `ipa-server-install --uninstall` and/or `ipa-server-install --uninstall -U` leaves residual IPA/IdM related files on system; e.g. during the installation, I presume the httpd.service file is copied into /etc/systemd/system/httpd.service and modified to suit the needs of the IPA server instance.  This is evident in bug 1044994.


Version-Release number of selected component (if applicable):

ipa-server-4.2.0-15.el7_2.3.x86_64

How reproducible:

Assuming user executes uninstall script as referenced in first line the `/etc/systemd/system/httpd.service` file is left in place with residual, irrelevant environment variables/links, rendering the Apache web server unable to start.

~~~
# cat /etc/systemd/system/httpd.service 
.include /usr/lib/systemd/system/httpd.service

[Service]
Environment=KRB5CCNAME=/var/run/httpd/ipa/krbcache/krb5ccache
Environment=KDCPROXY_CONFIG=/etc/ipa/kdcproxy/kdcproxy.conf
ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy
ExecStopPost=-/usr/bin/kdestroy -A
~~~

Actual results:

~~~
Feb 04 01:33:24 fedpadssd.opensourceinfo.ba systemd[1]: Starting The Apache HTTP Server...
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba ipa-httpd-kdcproxy[14110]: ipa         : WARNING  Unable to connect to dirsrv: Timeout exceeded
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba ipa-httpd-kdcproxy[14110]: ipa         : WARNING  Disabling KDC proxy
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba kill[14119]: kill: cannot find process ""
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba systemd[1]: httpd.service: control process exited, code=exited status=1
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba systemd[1]: Failed to start The Apache HTTP Server.
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba systemd[1]: Unit httpd.service entered failed state.
Feb 04 01:33:26 fedpadssd.opensourceinfo.ba systemd[1]: httpd.service failed.
~~~

Comment 2 Petr Vobornik 2016-02-16 16:33:25 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5681

Comment 3 Martin Bašti 2016-04-22 08:21:34 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/586fee293f42388510fa5436af19460bbe1fdec5

Comment 5 Sudhir Menon 2016-09-15 16:31:39 UTC
Fix is seen in RHEL7.3 using ipa-server-4.4.0-11.el7.x86_64

[root@ipa01 dirsrv]# date
Thu Sep 15 16:30:52 IST 2016

1. After installation
[root@ipa01 dirsrv]# ll /etc/systemd/system/httpd.service.d/ipa.conf
-rw-r--r--. 1 root root 258 Sep 15 16:24 /etc/systemd/system/httpd.service.d/ipa.conf

2. Uninstallation
[root@ipa01 dirsrv]# ipa-server-install --uninstall -U
Updating DNS system records
ipa         : ERROR    unable to resolve host name ipa01.labs03.test. to IP address, ipa-ca DNS record will be incomplete
--------------------------------------
Deleted IPA server "ipa01.labs03.test"
--------------------------------------
Shutting down all IPA services
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring named
Unconfiguring ipa-dnskeysyncd
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa-custodia
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
Removing IPA client configuration
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.

3. File is removed.
[root@ipa01 dirsrv]# ll /etc/systemd/system/httpd.service.d/ipa.conf
ls: cannot access /etc/systemd/system/httpd.service.d/ipa.conf: No such file or directory

Comment 7 errata-xmlrpc 2016-11-04 05:50:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.