RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1777764 - [RFE ]ipactl status returns incorrect exit code issue when a service listed in ipactl is stopped
Summary: [RFE ]ipactl status returns incorrect exit code issue when a service listed i...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.2
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: 8.0
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-28 09:42 UTC by Jayesh garg
Modified: 2021-11-09 23:00 UTC (History)
9 users (show)

Fixed In Version: ipa-4.9.2-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-09 18:21:19 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FREEIPA-7252 0 None None None 2021-11-09 00:32:25 UTC
Red Hat Product Errata RHBA-2021:4230 0 None None None 2021-11-09 18:21:38 UTC

Description Jayesh garg 2019-11-28 09:42:41 UTC 
Description of problem:
ipactl status returns incorrect exit code issue when a service listed in ipactl is stopped

Version-Release number of selected component (if applicable):
ipa-server-4.8.2-2.module+el8.2.0+4736+360582ce.x86_64

How reproducible:
Always

Steps to Reproduce:
1.Setup IPA server
2.check the service status by ipactl status command
3.check the exit code
4.stop a service listed in ipactl, e.g using systemctl stop httpd
5.again check the status of service using ipactl status command
6.now check the exit code

Actual results:
Exit code:0

Expected results:
Exit code:1

Additional info:
[root@server ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@server ~]# echo $?
0
[root@server ~]# 
[root@server ~]# systemctl stop httpd
[root@server ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/httpd.service.d
           └─ipa.conf
   Active: inactive (dead)
     Docs: man:httpd.service(8)

Nov 27 17:13:22 server.demo.test systemd[1]: httpd.service: Succeeded.
Nov 27 17:13:22 server.demo.test systemd[1]: Stopped The Apache HTTP Server.
Nov 27 17:13:22 server.demo.test systemd[1]: Starting The Apache HTTP Server...
Nov 27 17:13:23 server.demo.test ipa-httpd-kdcproxy[20224]: ipa: INFO: KDC proxy enabled
Nov 27 17:13:23 server.demo.test ipa-httpd-kdcproxy[20224]: ipa-httpd-kdcproxy: INFO     KDC proxy enabled
Nov 27 17:13:23 server.demo.test httpd[20226]: Server configured, listening on: port 443, port 80
Nov 27 17:13:23 server.demo.test systemd[1]: Started The Apache HTTP Server.
Nov 27 18:21:18 server.demo.test systemd[1]: Stopping The Apache HTTP Server...
Nov 27 18:21:20 server.demo.test systemd[1]: httpd.service: Succeeded.
Nov 27 18:21:20 server.demo.test systemd[1]: Stopped The Apache HTTP Server.
[root@server ~]# 
[root@server ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: STOPPED
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@server ~]# echo $?
0
Comment 2 Florence Blanc-Renaud 2021-03-18 07:53:49 UTC 
The issue has been fixed upstream (since release-4-9-2) and the exit codes updated, see the man page for ipactl:
----- 8< -----
All actions except status:
0 success
1 a generic error occurred
2 unknown or invalid argument(s)
4 user has insufficient privilege
6 IPA server is not configured

For the status action:
0 service is running
3 service is not running
4 service status is unknown (or unconfigured)

If not executed as root then the status action will return 4 for
insufficient privileges.

Some services are socket activated and may show as STOPPED by the status
action. These services include ipa-ods-exporter and ipa-otpd.
----- >8 -----

Fixed upstream:
master:

    62521ed Change CA profile migration message from info to debug
    daf2ca3 Use the new API introduced in PKI 10.8
    928ab51 ipactl: support script status 3, program is not running
    1870c93 Ensure IPA is running (ideally) before uninstalling the KRA
    ed21787 Add exit status to the ipactl man page
    8082a2d ipatests: Handle non-zero return code in test_ipactl_scenario_check

ipa-4-9:

    b99bc2d Change CA profile migration message from info to debug
    4d26ce5 Use the new API introduced in PKI 10.8
    ddb5414 ipactl: support script status 3, program is not running
    87ede26 Ensure IPA is running (ideally) before uninstalling the KRA
    302f937 Add exit status to the ipactl man page
    00226ad ipatests: Handle non-zero return code in test_ipactl_scenario_check


@Thomas:
I'm moving the BZ to POST but you will probably need to check in which build the fix was included and update the erratum / synchronize with QE.
Comment 4 Thomas Woerner 2021-05-04 12:27:24 UTC 
> 
> ipa-4-9:
> 
>     b99bc2d Change CA profile migration message from info to debug
>     4d26ce5 Use the new API introduced in PKI 10.8
>     ddb5414 ipactl: support script status 3, program is not running
>     87ede26 Ensure IPA is running (ideally) before uninstalling the KRA
>     302f937 Add exit status to the ipactl man page
>     00226ad ipatests: Handle non-zero return code in
> test_ipactl_scenario_check
> 

All of these have been added with release 4.9.2.
Comment 8 Sumedh Sidhaye 2021-07-02 14:01:45 UTC 
Build used for verification:

[root@ci-vm-10-0-137-160 ~]# rpm -q ipa-server ipa-server-dns
ipa-server-4.9.5-1.module+el8.5.0+11410+91a33fe4.x86_64
ipa-server-dns-4.9.5-1.module+el8.5.0+11410+91a33fe4.noarch
[root@ci-vm-10-0-137-160 ~]# 


Test Steps:

[root@ci-vm-10-0-137-160 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@ci-vm-10-0-137-160 ~]# systemctl status httpd; sleep 5; systemctl stop httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/httpd.service.d
           └─ipa.conf
   Active: active (running) since Fri 2021-07-02 09:45:28 EDT; 9min ago
     Docs: man:httpd.service(8)
 Main PID: 12157 (httpd)
   Status: "Total requests: 5; Idle/Busy workers 100/0;Requests/sec: 0.0085; Bytes served/sec: 198 B/sec"
    Tasks: 330 (limit: 11404)
   Memory: 339.5M
   CGroup: /system.slice/httpd.service
           ├─12157 /usr/sbin/httpd -DFOREGROUND
           ├─12162 /usr/sbin/httpd -DFOREGROUND
           ├─12163 (wsgi:kdcproxy) -DFOREGROUND
           ├─12164 (wsgi:kdcproxy) -DFOREGROUND
           ├─12165 (wsgi:ipa)      -DFOREGROUND
           ├─12166 (wsgi:ipa)      -DFOREGROUND
           ├─12167 (wsgi:ipa)      -DFOREGROUND
           ├─12168 (wsgi:ipa)      -DFOREGROUND
           ├─12169 /usr/sbin/httpd -DFOREGROUND
           ├─12170 /usr/sbin/httpd -DFOREGROUND
           ├─12171 /usr/sbin/httpd -DFOREGROUND
           └─12536 /usr/sbin/httpd -DFOREGROUND

Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12168]: GSSAPI client step 1
Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12165]: GSSAPI client step 1
Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12165]: GSSAPI client step 1
Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12165]: GSSAPI client step 1
Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12167]: GSSAPI client step 1
Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12167]: GSSAPI client step 1
Jul 02 09:45:46 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12167]: GSSAPI client step 1
Jul 02 09:45:47 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12166]: GSSAPI client step 1
Jul 02 09:45:47 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12166]: GSSAPI client step 1
Jul 02 09:45:47 ci-vm-10-0-137-160.hosted.upshift.rdu2.redhat.com [12166]: GSSAPI client step 1
[root@ci-vm-10-0-137-160 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: STOPPED
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
1 service(s) are not running
[root@ci-vm-10-0-137-160 ~]# echo $?
3
[root@ci-vm-10-0-137-160 ~]# systemctl start httpd
[root@ci-vm-10-0-137-160 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@ci-vm-10-0-137-160 ~]# echo $?
0
[root@ci-vm-10-0-137-160 ~]# ipactl blahblah
Unrecognized action [blahblah]
[root@ci-vm-10-0-137-160 ~]# echo $?
2
[root@ci-vm-10-0-137-160 ~]# 



Based on above results marking Bugzilla verified
Comment 11 errata-xmlrpc 2021-11-09 18:21:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4230
Note You need to log in before you can comment on or make changes to this bug.