Bug 1328549 - "ipa-kra-install" command reports incorrect message when it is executed on server already installed with KRA.
Summary: "ipa-kra-install" command reports incorrect message when it is executed on se...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-19 15:54 UTC by Nikhil Dehadrai
Modified: 2016-11-04 05:53 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-11-04 05:53:16 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Nikhil Dehadrai 2016-04-19 15:54:22 UTC
Description of problem:
"ipa-kra-install" command reports incorrect message when it is executed on server already installed with KRA.

Version-Release number of selected component (if applicable):
ipa-server-4.2.0-15.el7_2.15.x86_64
pki-server-10.2.5-6.el7.noarch
pki-kra-10.2.5-6.el7.noarch


How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server with 7.2 up4 (ipa-server-4.2.0-15.el7_2.15.x86_64)
2. Use command to install ipa server: 
#ipa-server-install --ip-address <IP addr> -r <realm> -p <directory manager password> -a <admin password> --forwarder <ip address> -U --setup-dns
3. Now install KRA
# ipa-kra-install -p <password> -U
4. Now again try to insta KRA:
# ipa-kra-install -p <password> -U

Actual results:
1. After step4, KRA is installed successfully.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds
  [1/8]: configuring KRA instance
  [2/8]: create KRA agent
  [3/8]: restarting KRA
  [4/8]: configure certmonger for renewals
  [5/8]: configure certificate renewals
  [6/8]: configure HTTP to proxy connections
  [7/8]: add vault container
  [8/8]: apply LDAP updates
Done configuring KRA server (pki-tomcatd).
Restarting the directory server
The ipa-kra-install command was successful
2. After step4, Following message is received:
Usage: ipa-kra-install [options] [replica_file]
ipa-kra-install: error: A replica file is required.


Expected results:
A proper error message suggesting KRA is already installed should be displayed.

Additional info:
When KRA is uninstalled, this behavior is not observed.
# ipa-kra-install -p <password> --uninstall
Configuring certmonger to stop tracking system certificates for KRA
Unconfiguring KRA
The ipa-kra-install command was successful
# ipa-kra-install -p <password> --uninstall
Usage: ipa-kra-install [options] [replica_file]
ipa-kra-install: error: Cannot uninstall.  There is no KRA installed on this system.

Comment 2 Petr Vobornik 2016-04-28 13:15:29 UTC
Fixed upstream. Not sure in what ticket, could be one of:

https://fedorahosted.org/freeipa/ticket/3872
https://fedorahosted.org/freeipa/ticket/4468
https://fedorahosted.org/freeipa/ticket/5197

alich: tested on F23, the issue has been fixed - test PASSED

4.3.90.201604181305GIT2a20c74, API_VERSION: 2.164
pki-server-10.2.6-14.fc23.noarch
pki-kra-10.2.6-14.fc23.noarch

Comment 4 Nikhil Dehadrai 2016-09-13 10:26:47 UTC
IPA -server version: ipa-server-4.4.0-11.el7.x86_64

Verified the bug on the basis of below points:
1. Verified that ipa-kra-install -p <password> -U is successfully installed on latest version of ipa-server.
2. Verified that when the same command (ipa-kra-install -p <password> -U) is re-run, following valid message is displayed:

# ipa-kra-install -p Secret123 -U
KRA already installed
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information

3. Also proper logs are captured within /var/log/ipaserver-kra-install.log:
# tail -f /var/log/ipaserver-kra-install.log
2016-09-13T10:20:43Z DEBUG IPA version 4.4.0-11.el7
2016-09-13T10:20:43Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2016-09-13T10:20:43Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_kra_install.py", line 164, in run
    raise admintool.ScriptError("KRA already installed")

2016-09-13T10:20:43Z DEBUG The ipa-kra-install command failed, exception: ScriptError: KRA already installed
2016-09-13T10:20:43Z ERROR KRA already installed
2016-09-13T10:20:43Z ERROR The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information

4. Also correct behavior is observed when ipa-kra-install -p <password> -U --uninstall' is run:
# ipa-kra-install -p Secret123 -U --uninstall
Configuring certmonger to stop tracking system certificates for KRA
Unconfiguring KRA
The ipa-kra-install command was successful

# ipa-kra-install -p Secret123 -U --uninstall
Usage: ipa-kra-install [options] [replica_file]

ipa-kra-install: error: Cannot uninstall.  There is no KRA installed on this system.
The ipa-kra-install command failed. See /var/log/ipaserver-kra-uninstall.log for more information

Thus on the basis of above observations marking status of bug to "VERIFIED".

Comment 6 errata-xmlrpc 2016-11-04 05:53:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.