Bug 1455045 - Simple service uninstallers must be able to handle missing service files gracefully
Summary: Simple service uninstallers must be able to handle missing service files grac...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Nikhil Dehadrai
URL:
Whiteboard:
Depends On:
Blocks: 1454719
TreeView+ depends on / blocked
 
Reported: 2017-05-24 07:05 UTC by Martin Babinsky
Modified: 2017-08-01 09:51 UTC (History)
5 users (show)

Fixed In Version: ipa-4.5.0-14.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:51:24 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Martin Babinsky 2017-05-24 07:05:06 UTC
Description of problem:

Currently the code that upgrades/uninstall simple services (like ipa-otpd, ipa_memcached) assumes that the simple service in question is always fully installed and has a systemd service file available. This, however, is not always true (e.g. in containerized environments) and can cause problems during upgrades of ipa-server container (as reported in https://bugzilla.redhat.com/show_bug.cgi?id=1454719).

The service installers/uninstallers must be able to gracefuly handle these situations and additionally check whether the component in question really is available on the system for management

Version-Release number of selected component (if applicable):

ipa-server 4.5.0-13.el7

Additional info:

See https://bugzilla.redhat.com/show_bug.cgi?id=1454719 for a bug caused by this defect and a reproducer.

Comment 2 Martin Bašti 2017-05-25 13:11:50 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6977

Comment 7 Nikhil Dehadrai 2017-06-07 11:25:19 UTC
ipa-server-version: ipa-server-4.5.0-15.el7.x86_64

Verified the bug on the basis of following observations:
1. Verified that when "/usr/lib/systemd/system/ipa_memcached.service" is removed and ipa-server is upgraded, then following warning message is removed during upgrade process:

warning: file /usr/lib/systemd/system/ipa_memcached.service: remove failed: No such file or directory

2. After upgrade process is complete no errors are observed, see below:
[root@inferno ~]# tail -1 /var/log/ipaupgrade.log 
2017-06-07T10:03:21Z INFO The ipa-server-upgrade command was successful
[root@inferno ~]# rpm -q ipa-server
ipa-server-4.5.0-15.el7.x86_64
[root@inferno ~]# kinit admin
Password for admin@TESTRELM.TEST: 
[root@inferno ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@inferno ~]# ipactl restart
Stopping pki-tomcatd Service
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
[root@inferno ~]# ls -l /usr/lib/systemd/system/ipa_memcached.service
ls: cannot access /usr/lib/systemd/system/ipa_memcached.service: No such file or directory
[root@inferno ~]# ipa user-find
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  Principal alias: admin@TESTRELM.TEST
  UID: 1075400000
  GID: 1075400000
  Account disabled: False
----------------------------
Number of entries returned 1
----------------------------
[root@inferno ~]# ipa host-find
--------------
1 host matched
--------------
  Host name: inferno.testrelm.test
  Principal name: host/inferno.testrelm.test@TESTRELM.TEST
  Principal alias: host/inferno.testrelm.test@TESTRELM.TEST
  SSH public key fingerprint: SHA256:LF8wIaQeKN6ww4llCkbPs6IuinEPL1O9At2QpyE23Qw (ssh-rsa),
                              SHA256:8jo0PBAD920N1MPQ/Kns9cspcu97gixeAvatoNbc4o0 (ssh-ed25519),
                              SHA256:8Yi1pl7+Nm8jaBwDDI3mjGnxVFqehziZ1CedR8sLjI0 (ecdsa-
                              sha2-nistp256)
----------------------------
Number of entries returned 1
----------------------------
[root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "maximum recursion depth"
[root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "recursion"
[root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "maximum"
[root@inferno ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.65.206.77 inferno.testrelm.test inferno
[root@inferno ~]# ipa user-show
User login: admin
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  Principal alias: admin@TESTRELM.TEST
  UID: 1075400000
  GID: 1075400000
  Account disabled: False
  Password: True
  Member of groups: admins, trust admins
  Kerberos keys available: True
[root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "gssapi"
[root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "GSSError"

3. Verified the same for following upgrade paths:
- Rhel 7.3.z > 7.4
- Rhel 7.3 GA > 7.4
- Rhel 7.2.z > 7.4

Thus on the basis of above observations marking status of bug to "VERIFIED"

Comment 8 errata-xmlrpc 2017-08-01 09:51:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.