1328549 – "ipa-kra-install" command reports incorrect message when it is executed on server already installed with KRA.

Bug 1328549 - "ipa-kra-install" command reports incorrect message when it is executed on server already installed with KRA.

Summary: "ipa-kra-install" command reports incorrect message when it is executed on se...

Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Kaleem
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-19 15:54 UTC by Nikhil Dehadrai
Modified:	2016-11-04 05:53 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2016-11-04 05:53:16 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2404	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2016-11-03 13:56:18 UTC

Description Nikhil Dehadrai 2016-04-19 15:54:22 UTC

Description of problem:
"ipa-kra-install" command reports incorrect message when it is executed on server already installed with KRA.

Version-Release number of selected component (if applicable):
ipa-server-4.2.0-15.el7_2.15.x86_64
pki-server-10.2.5-6.el7.noarch
pki-kra-10.2.5-6.el7.noarch


How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server with 7.2 up4 (ipa-server-4.2.0-15.el7_2.15.x86_64)
2. Use command to install ipa server: 
#ipa-server-install --ip-address <IP addr> -r <realm> -p <directory manager password> -a <admin password> --forwarder <ip address> -U --setup-dns
3. Now install KRA
# ipa-kra-install -p <password> -U
4. Now again try to insta KRA:
# ipa-kra-install -p <password> -U

Actual results:
1. After step4, KRA is installed successfully.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds
  [1/8]: configuring KRA instance
  [2/8]: create KRA agent
  [3/8]: restarting KRA
  [4/8]: configure certmonger for renewals
  [5/8]: configure certificate renewals
  [6/8]: configure HTTP to proxy connections
  [7/8]: add vault container
  [8/8]: apply LDAP updates
Done configuring KRA server (pki-tomcatd).
Restarting the directory server
The ipa-kra-install command was successful
2. After step4, Following message is received:
Usage: ipa-kra-install [options] [replica_file]
ipa-kra-install: error: A replica file is required.


Expected results:
A proper error message suggesting KRA is already installed should be displayed.

Additional info:
When KRA is uninstalled, this behavior is not observed.
# ipa-kra-install -p <password> --uninstall
Configuring certmonger to stop tracking system certificates for KRA
Unconfiguring KRA
The ipa-kra-install command was successful
# ipa-kra-install -p <password> --uninstall
Usage: ipa-kra-install [options] [replica_file]
ipa-kra-install: error: Cannot uninstall.  There is no KRA installed on this system.

Comment 2 Petr Vobornik 2016-04-28 13:15:29 UTC

Fixed upstream. Not sure in what ticket, could be one of:

https://fedorahosted.org/freeipa/ticket/3872
https://fedorahosted.org/freeipa/ticket/4468
https://fedorahosted.org/freeipa/ticket/5197

alich: tested on F23, the issue has been fixed - test PASSED

4.3.90.201604181305GIT2a20c74, API_VERSION: 2.164
pki-server-10.2.6-14.fc23.noarch
pki-kra-10.2.6-14.fc23.noarch

Comment 4 Nikhil Dehadrai 2016-09-13 10:26:47 UTC

IPA -server version: ipa-server-4.4.0-11.el7.x86_64

Verified the bug on the basis of below points:
1. Verified that ipa-kra-install -p <password> -U is successfully installed on latest version of ipa-server.
2. Verified that when the same command (ipa-kra-install -p <password> -U) is re-run, following valid message is displayed:

# ipa-kra-install -p Secret123 -U
KRA already installed
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information

3. Also proper logs are captured within /var/log/ipaserver-kra-install.log:
# tail -f /var/log/ipaserver-kra-install.log
2016-09-13T10:20:43Z DEBUG IPA version 4.4.0-11.el7
2016-09-13T10:20:43Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-09-13T10:20:43Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py", line 164, in run
raise admintool.ScriptError("KRA already installed")

2016-09-13T10:20:43Z DEBUG The ipa-kra-install command failed, exception: ScriptError: KRA already installed
2016-09-13T10:20:43Z ERROR KRA already installed
2016-09-13T10:20:43Z ERROR The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information

4. Also correct behavior is observed when ipa-kra-install -p <password> -U --uninstall' is run:
# ipa-kra-install -p Secret123 -U --uninstall
Configuring certmonger to stop tracking system certificates for KRA
Unconfiguring KRA
The ipa-kra-install command was successful

# ipa-kra-install -p Secret123 -U --uninstall
Usage: ipa-kra-install [options] [replica_file]

ipa-kra-install: error: Cannot uninstall. There is no KRA installed on this system.
The ipa-kra-install command failed. See /var/log/ipaserver-kra-uninstall.log for more information

Thus on the basis of above observations marking status of bug to "VERIFIED".

Comment 6 errata-xmlrpc 2016-11-04 05:53:16 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html

Note You need to log in before you can comment on or make changes to this bug.