Bug 1901068 - Traceback while doing ipa-backup
Summary: Traceback while doing ipa-backup
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.4
Hardware: Unspecified
OS: Unspecified
urgent
unspecified
Target Milestone: rc
: 8.0
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-11-24 12:38 UTC by Mohammad Rizwan
Modified: 2021-05-18 15:48 UTC (History)
8 users (show)

Fixed In Version: ipa-4.9.0-0.2.rc2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 15:48:22 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Mohammad Rizwan 2020-11-24 12:38:49 UTC 
Description of problem:
Traceback is seen while doing ipa-backup.

Version-Release number of selected component (if applicable):
ipa-server-4.9.0-0.1.rc1.module+el8.4.0+8830+62cd648b.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install ipa master
2. run $ ipa-backup -v

Actual results:
[..]
ipaserver.install.ipa_backup: INFO: Backing up IPA-TEST
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/sbin/dsctl', 'IPA-TEST', 'db2bak', '/var/lib/dirsrv/slapd-IPA-TEST/bak/IPA-TEST']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=db2bak successful

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/authselect', 'current', '--raw']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=sssd with-sudo

ipapython.ipautil: DEBUG: stderr=
ipaserver.install.ipa_backup: INFO: Backing up files
ipapython.admintool: DEBUG:   File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in execute
    return_value = self.run()
  File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 348, in run
    self.file_backup(options)
  File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 643, in file_backup
    args.extend(verify_directories(self.files))
  File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 629, in verify_directories
    return [s for s in dirs if os.path.exists(s)]
  File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 629, in <listcomp>
    return [s for s in dirs if os.path.exists(s)]
  File "/usr/lib64/python3.6/genericpath.py", line 19, in exists
    os.stat(path)

ipapython.admintool: DEBUG: The ipa-backup command failed, exception: TypeError: stat: path should be string, bytes, os.PathLike or integer, not NoneType
ipapython.admintool: ERROR: stat: path should be string, bytes, os.PathLike or integer, not NoneType
ipapython.admintool: ERROR: The ipa-backup command failed. See /var/log/ipabackup.log for more information


Expected results:
ipa-backup success

Additional info:
Comment 4 Florence Blanc-Renaud 2020-11-25 14:56:53 UTC 
The issue seems to happen because DNSSEC_OPENSSL_CONF is set to None in RHEL (https://pagure.io/freeipa/blob/master/f/ipaplatform/base/paths.py#_73) but to /etc/ipa/dnssec/openssl.cnf in fedora (https://pagure.io/freeipa/blob/master/f/ipaplatform/fedora/paths.py#_39).

The change was introduced with the fix for https://pagure.io/freeipa/issue/8094 Allow using of a custom OpenSSL engine for ISC BIND.

The code for setting named openssl engine seems to be called only when NAMED_OPENSSL_ENGINE is set and it looks like we can define the DNSSEC_OPENSSL_CONF variable in all the cases.
Comment 5 Florence Blanc-Renaud 2020-11-25 15:38:13 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8597
Comment 6 Florence Blanc-Renaud 2020-11-25 16:08:56 UTC 
The existing upstream test cases can be used to verify the fix:
test_integration/test_backup_and_restore.py::TestBackupAndRestoreWithDNS::()::test_full_backup_and_restore_with_DNS_zone
test_integration/test_backup_and_restore.py::TestUserRootFilesOwnershipPermission::()::test_userroot_ldif_files_ownership_and_permission
Comment 7 Florence Blanc-Renaud 2020-11-30 14:53:53 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/3b007b7bba185989bec34bb071742270d3362e2e
Comment 8 Florence Blanc-Renaud 2020-12-01 07:41:17 UTC 
Fixed upstream
ipa-4-9:
https://pagure.io/freeipa/c/06a7db1838ad9b9ebbe565dbbde126968f9c296f
Comment 15 anuja 2020-12-17 13:11:25 UTC 
Using: ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64

[root@master ~]# ipa-backup -v
....
....
ipaserver.install.ipa_backup: INFO: Backing up files
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['tar', '--exclude=/var/lib/ipa/backup', '--xattrs', '--selinux', '-cf', '/tmp/tmpf0bztyygipa/ipa/files.tar', '/usr/share/ipa/html', '/etc/pki/pki-tomcat', '/etc/sysconfig/pki', '/var/lib/pki', '/var/lib/ipa/sysrestore', '/var/lib/ipa-client/sysrestore', '/var/lib/ipa/dnssec', '/var/lib/sss/pubconf/krb5.include.d/', '/var/lib/certmonger', '/var/lib/ipa', '/run/dirsrv', '/run/lock/dirsrv', '/etc/dirsrv/slapd-IPA-TEST', '/var/lib/dirsrv/slapd-IPA-TEST', '/etc/named.conf', '/etc/named/ipa-ext.conf', '/etc/named/ipa-options-ext.conf', '/etc/named.keytab', '/etc/resolv.conf', '/etc/sysconfig/pki-tomcat', '/etc/sysconfig/krb5kdc', '/etc/sysconfig/ipa-dnskeysyncd', '/etc/sysconfig/ipa-ods-exporter', '/etc/sysconfig/named', '/etc/sysconfig/ods', '/etc/ipa/nssdb/pwdfile.txt', '/etc/pki/ca-trust/source/ipa.p11-kit', '/etc/authselect/user-nsswitch.conf', '/etc/krb5.keytab', '/etc/sssd/sssd.conf', '/etc/openldap/ldap.conf', '/etc/security/limits.conf', '/var/lib/ipa/gssproxy/http.keytab', '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf', '/etc/httpd/conf.d/ipa-pki-proxy.conf', '/etc/httpd/conf.d/ipa-rewrite.conf', '/etc/httpd/conf.d/ssl.conf', '/etc/httpd/conf.d/ssl.conf', '/var/lib/ipa/certs/httpd.crt', '/var/lib/ipa/private/httpd.key', '/etc/httpd/conf.d/ipa.conf', '/etc/ssh/sshd_config', '/etc/ssh/ssh_config', '/etc/krb5.conf', '/var/lib/ipa-client/pki/kdc-ca-bundle.pem', '/var/lib/ipa-client/pki/ca-bundle.pem', '/etc/ipa/ca.crt', '/etc/ipa/default.conf', '/etc/dirsrv/ds.keytab', '/etc/chrony.conf', '/etc/samba/smb.conf', '/root/ca-agent.p12', '/var/lib/ipa/ra-agent.pem', '/var/lib/ipa/ra-agent.key', '/root/cacert.p12', '/var/kerberos/krb5kdc/kdc.conf', '/var/kerberos/krb5kdc/kdc.crt', '/var/kerberos/krb5kdc/kdc.key', '/var/kerberos/krb5kdc/cacert.pem', '/etc/systemd/system/multi-user.target.wants/ipa.service', '/etc/systemd/system/httpd.service.d/ipa.conf', '/etc/systemd/system/multi-user.target.wants/sssd.service', '/etc/systemd/system/multi-user.target.wants/certmonger.service', '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd', '/etc/opendnssec/conf.xml', '/etc/opendnssec/kasp.xml', '/etc/opendnssec/zonelist.xml', '/var/opendnssec/kasp.db', '/etc/ipa/dnssec/softhsm2.conf', '/etc/ipa/dnssec/softhsm_pin_so', '/etc/ipa/dnssec/ipa-dnskeysyncd.keytab', '/etc/ipa/custodia/server.keys', '/etc/ipa/custodia/custodia.conf', '/etc/gssproxy/10-ipa.conf', '/etc/hosts', '/etc/systemd/system/pki-tomcatd.d/ipa.conf', '/etc/NetworkManager/conf.d/zzz-ipa.conf', '/etc/ipa/nssdb/cert9.db', '/etc/ipa/nssdb/key4.db', '/etc/ipa/nssdb/pkcs11.txt', '/etc/pkcs11/modules/softhsm2.module', '/etc/tmpfiles.d/dirsrv-IPA-TEST.conf', '/etc/systemd/system/dirsrv.d/ipa-env.conf', '/var/lib/ipa/passwds/master.ipa.test-443-RSA']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=tar: Removing leading `/' from member names
tar: Removing leading `/' from hard link targets

ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['tar', '--exclude=/var/lib/ipa/backup', '--xattrs', '--selinux', '--no-recursion', '-rf', '/tmp/tmpf0bztyygipa/ipa/files.tar', '/var/log/pki/pki-tomcat', '/var/log/pki/pki-tomcat/ca', '/var/log/pki/pki-tomcat/ca/signedAudit', '/var/log/pki/pki-tomcat/ca/archive']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=tar: Removing leading `/' from member names

ipaserver.install.ipa_backup: INFO: Starting IPA service
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/sbin/ipactl', 'start']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting httpd Service
Starting ipa-custodia Service
Starting pki-tomcatd Service
Starting ipa-otpd Service
Starting ipa-dnskeysyncd Service

ipapython.ipautil: DEBUG: stderr=ipa: INFO: The ipactl command was successful

ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/bin/gzip', '/tmp/tmpf0bztyygipa/ipa/files.tar']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['tar', '--xattrs', '--selinux', '-czf', '/var/lib/ipa/backup/ipa-full-2020-12-17-13-08-30/ipa-full.tar', '.']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaserver.install.ipa_backup: INFO: Backed up to /var/lib/ipa/backup/ipa-full-2020-12-17-13-08-30
ipapython.admintool: INFO: The ipa-backup command was successful
Comment 16 Sumedh Sidhaye 2020-12-17 14:28:54 UTC 
Builds used for verification:

ipa-client-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
ipa-client-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch
ipa-selinux-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
ipa-server-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-dns-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-trust-ad-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64

============================= test session starts ==============================
platform linux -- Python 3.6.8, pytest-3.10.1, py-1.10.0, pluggy-0.13.1 -- /usr/libexec/platform-python
cachedir: /home/cloud-user/.pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-262.el8.x86_64-x86_64-with-redhat-8.4-Ootpa', 'Packages': {'pytest': '3.10.1', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '1.22.1', 'multihost': '3.0', 'sourceorder': '0.5'}}
rootdir: /usr/lib/python3.6/site-packages/ipatests, inifile:
plugins: metadata-1.11.0, html-1.22.1, multihost-3.0, sourceorder-0.5
collecting ... collected 3 items

test_integration/test_backup_and_restore.py::TestBackupAndRestore::test_full_backup_and_restore PASSED [ 33%]
test_integration/test_backup_and_restore.py::TestBackupAndRestore::test_full_backup_and_restore_with_removed_users PASSED [ 66%]
test_integration/test_backup_and_restore.py::TestBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off PASSED [100%]

---------------- generated xml file: /home/cloud-user/junit.xml ----------------
----------- generated html file: file:///home/cloud-user/report.html -----------
========================== 3 passed in 919.75 seconds ==========================
Comment 19 errata-xmlrpc 2021-05-18 15:48:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1846
Note You need to log in before you can comment on or make changes to this bug.