Hide Forgot
# ipa automember-rebuild --type=hostgroup ipa: ERROR: Automember rebuild task aborted. Error (-1): Task DN = 'cn=5167237e-a0ec-424d-b987-ba4108b84d1b,cn=automember rebuild membership,cn=tasks,cn=config' # rpm -qa | grep -i ipa-server ipa-server-4.2.0-15.el7_2.6.x86_64 ipa-server-dns-4.2.0-15.el7_2.6.x86_64errors: [26/Oct/2016:18:03:18 +0000] get_dom_sid - [file ipa_sidgen_common.c, line 75]: Internal search failed. [26/Oct/2016:18:03:18 +0000] auto-membership-plugin - automember_add_member_value: Unable to add "fqdn=sugar-app1....s,dc=net" as a "member" value to group "cn=hg-sugar-dev-qa-servers,cn=hostgroups,cn=accounts,dc=...,dc=net" (No such object). if the hostgroup is deleted the corresponding automember rule should have been deleted ,but it did not. I have manually removed the automember hostgroup rule, then the automember rebuild process has started working.
Also when there is an automember rule which targets non-existing hostgroup, then adding a host which matches the rulle will also fail with: """ Server is unwilling to perform: Automember Plugin update unexpectedly failed. """
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6476
Reproduction steps: ipa hostgroup-add test ipa automember-add --type hostgroup test ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com test ipa host-add web1.example.com ipa hostgroup-show test ipa automember-rebuild --type hostgroup ipa hostgroup-del test ipa automember-rebuild --type hostgroup ipa: ERROR: Automember rebuild task aborted...
You can also reproduce this by creating the automember entry, deleting the hostgroup, then adding a condition. Trying to add a host entry that matches the condition will also fail: [30/May/2018:14:34:22.811521568 -0400] - ERR - auto-membership-plugin - automember_add_member_value - Unable to add "fqdn=web1.example.com,cn=computers,cn=accounts,dc=example,dc=com" as a "member" value to group "cn=test,cn=hostgroups,cn=accounts,dc=example,dc=com" (No such object). [30/May/2018:14:34:22.834836405 -0400] - ERR - auto-membership-plugin - automember_add_member_value - Unable to add "fqdn=web1.example.com,cn=computers,cn=accounts,dc=example,dc=com" as a "member" value to group "cn=test,cn=hostgroups,cn=accounts,dc=example,dc=com" (No such object).
I talked to Mark Reynolds about this and suggested that the automembership plugin could reject a delete if its associated host/hostgroup entry exists.
Fixed upstream master: https://pagure.io/freeipa/c/7f507519d4acb85c1e8e98bb29e26039751db8ff
Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/890b8aa474c4b2248b2b1bcc97412300d5e7bd82 ipa-4-7: https://pagure.io/freeipa/c/67875c3b75ad1af493ff5930f9c5fd5e9797b775
I am sorry, wrong bug.
Verified using version : ipa-4.6.5-8.el7 Verified using upstream test automation: TestAutomemberFindOrphans::test_create_deps_for_find_orphans() TestAutomemberFindOrphans::test_find_orphan_automember_rules()
Automation exist in: ipatests/test_xmlrpc/test_automember_plugin.py test_create_deps_for_find_orphans() test_find_orphan_automember_rules()
Additional verification step : Using : 389-ds-base-1.3.9.1-6.el7.x86_64 ipa-server-4.6.5-8.el7.x86_64 [root@master ~]# ipa hostgroup-add test ---------------------- Added hostgroup "test" ---------------------- Host-group: test [root@master ~]# ipa automember-add --type hostgroup test ---------------------------- Added automember rule "test" ---------------------------- Automember Rule: test [root@master ~]# ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.testrelm\.test test ---------------------------- Added condition(s) to "test" ---------------------------- Automember Rule: test Inclusive Regex: fqdn=^web[1-9]+.testrelm.test ---------------------------- Number of conditions added 1 ---------------------------- [root@master ~]# ipa host-add web9.testrelm.test ------------------------------- Added host "web9.testrelm.test" ------------------------------- Host name: web9.testrelm.test Principal name: host/web9.testrelm.test Principal alias: host/web9.testrelm.test Password: False Member of host-groups: test Indirect Member of netgroup: test Keytab: False Managed by: web9.testrelm.test [root@master ~]# ipa hostgroup-show test Host-group: test Member hosts: web9.testrelm.test [root@master ~]# [root@master ~]# ipa hostgroup-del test ------------------------ Deleted hostgroup "test" ------------------------ [root@master ~]# [root@master ~]# ipa automember-find-orphans Grouping Type: hostgroup --------------- 1 rules matched --------------- Automember Rule: test Inclusive Regex: fqdn=^web[1-9]+.testrelm.test ---------------------------- Number of entries returned 1 ---------------------------- [root@master ~]# [root@master ~]# ipa automember-del --type hostgroup test ------------------------------ Deleted automember rule "test" ------------------------------ [root@master ~]# ipa automember-find-orphans hostgroup Grouping Type: hostgroup --------------- 0 rules matched --------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@master ~]# ipa automember-rebuild --type hostgroup -------------------------------------------------------- Automember rebuild task finished. Processed (2) entries. -------------------------------------------------------- [root@master ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241