Bug 1901068
| Summary: | Traceback while doing ipa-backup | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Mohammad Rizwan <myusuf> |
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 8.4 | CC: | amore, frenaud, ndehadra, pcech, rcritten, ssidhaye, tscherf, twoerner |
| Target Milestone: | rc | Keywords: | Regression, TestBlocker, TestCaseProvided, Triaged |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.9.0-0.2.rc2 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:48:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The issue seems to happen because DNSSEC_OPENSSL_CONF is set to None in RHEL (https://pagure.io/freeipa/blob/master/f/ipaplatform/base/paths.py#_73) but to /etc/ipa/dnssec/openssl.cnf in fedora (https://pagure.io/freeipa/blob/master/f/ipaplatform/fedora/paths.py#_39). The change was introduced with the fix for https://pagure.io/freeipa/issue/8094 Allow using of a custom OpenSSL engine for ISC BIND. The code for setting named openssl engine seems to be called only when NAMED_OPENSSL_ENGINE is set and it looks like we can define the DNSSEC_OPENSSL_CONF variable in all the cases. Upstream ticket: https://pagure.io/freeipa/issue/8597 The existing upstream test cases can be used to verify the fix: test_integration/test_backup_and_restore.py::TestBackupAndRestoreWithDNS::()::test_full_backup_and_restore_with_DNS_zone test_integration/test_backup_and_restore.py::TestUserRootFilesOwnershipPermission::()::test_userroot_ldif_files_ownership_and_permission Fixed upstream master: https://pagure.io/freeipa/c/3b007b7bba185989bec34bb071742270d3362e2e Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/06a7db1838ad9b9ebbe565dbbde126968f9c296f Using: ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64 [root@master ~]# ipa-backup -v .... .... ipaserver.install.ipa_backup: INFO: Backing up files ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['tar', '--exclude=/var/lib/ipa/backup', '--xattrs', '--selinux', '-cf', '/tmp/tmpf0bztyygipa/ipa/files.tar', '/usr/share/ipa/html', '/etc/pki/pki-tomcat', '/etc/sysconfig/pki', '/var/lib/pki', '/var/lib/ipa/sysrestore', '/var/lib/ipa-client/sysrestore', '/var/lib/ipa/dnssec', '/var/lib/sss/pubconf/krb5.include.d/', '/var/lib/certmonger', '/var/lib/ipa', '/run/dirsrv', '/run/lock/dirsrv', '/etc/dirsrv/slapd-IPA-TEST', '/var/lib/dirsrv/slapd-IPA-TEST', '/etc/named.conf', '/etc/named/ipa-ext.conf', '/etc/named/ipa-options-ext.conf', '/etc/named.keytab', '/etc/resolv.conf', '/etc/sysconfig/pki-tomcat', '/etc/sysconfig/krb5kdc', '/etc/sysconfig/ipa-dnskeysyncd', '/etc/sysconfig/ipa-ods-exporter', '/etc/sysconfig/named', '/etc/sysconfig/ods', '/etc/ipa/nssdb/pwdfile.txt', '/etc/pki/ca-trust/source/ipa.p11-kit', '/etc/authselect/user-nsswitch.conf', '/etc/krb5.keytab', '/etc/sssd/sssd.conf', '/etc/openldap/ldap.conf', '/etc/security/limits.conf', '/var/lib/ipa/gssproxy/http.keytab', '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf', '/etc/httpd/conf.d/ipa-pki-proxy.conf', '/etc/httpd/conf.d/ipa-rewrite.conf', '/etc/httpd/conf.d/ssl.conf', '/etc/httpd/conf.d/ssl.conf', '/var/lib/ipa/certs/httpd.crt', '/var/lib/ipa/private/httpd.key', '/etc/httpd/conf.d/ipa.conf', '/etc/ssh/sshd_config', '/etc/ssh/ssh_config', '/etc/krb5.conf', '/var/lib/ipa-client/pki/kdc-ca-bundle.pem', '/var/lib/ipa-client/pki/ca-bundle.pem', '/etc/ipa/ca.crt', '/etc/ipa/default.conf', '/etc/dirsrv/ds.keytab', '/etc/chrony.conf', '/etc/samba/smb.conf', '/root/ca-agent.p12', '/var/lib/ipa/ra-agent.pem', '/var/lib/ipa/ra-agent.key', '/root/cacert.p12', '/var/kerberos/krb5kdc/kdc.conf', '/var/kerberos/krb5kdc/kdc.crt', '/var/kerberos/krb5kdc/kdc.key', '/var/kerberos/krb5kdc/cacert.pem', '/etc/systemd/system/multi-user.target.wants/ipa.service', '/etc/systemd/system/httpd.service.d/ipa.conf', '/etc/systemd/system/multi-user.target.wants/sssd.service', '/etc/systemd/system/multi-user.target.wants/certmonger.service', '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd', '/etc/opendnssec/conf.xml', '/etc/opendnssec/kasp.xml', '/etc/opendnssec/zonelist.xml', '/var/opendnssec/kasp.db', '/etc/ipa/dnssec/softhsm2.conf', '/etc/ipa/dnssec/softhsm_pin_so', '/etc/ipa/dnssec/ipa-dnskeysyncd.keytab', '/etc/ipa/custodia/server.keys', '/etc/ipa/custodia/custodia.conf', '/etc/gssproxy/10-ipa.conf', '/etc/hosts', '/etc/systemd/system/pki-tomcatd.d/ipa.conf', '/etc/NetworkManager/conf.d/zzz-ipa.conf', '/etc/ipa/nssdb/cert9.db', '/etc/ipa/nssdb/key4.db', '/etc/ipa/nssdb/pkcs11.txt', '/etc/pkcs11/modules/softhsm2.module', '/etc/tmpfiles.d/dirsrv-IPA-TEST.conf', '/etc/systemd/system/dirsrv.d/ipa-env.conf', '/var/lib/ipa/passwds/master.ipa.test-443-RSA'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout= ipapython.ipautil: DEBUG: stderr=tar: Removing leading `/' from member names tar: Removing leading `/' from hard link targets ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['tar', '--exclude=/var/lib/ipa/backup', '--xattrs', '--selinux', '--no-recursion', '-rf', '/tmp/tmpf0bztyygipa/ipa/files.tar', '/var/log/pki/pki-tomcat', '/var/log/pki/pki-tomcat/ca', '/var/log/pki/pki-tomcat/ca/signedAudit', '/var/log/pki/pki-tomcat/ca/archive'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout= ipapython.ipautil: DEBUG: stderr=tar: Removing leading `/' from member names ipaserver.install.ipa_backup: INFO: Starting IPA service ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/usr/sbin/ipactl', 'start'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout=Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting httpd Service Starting ipa-custodia Service Starting pki-tomcatd Service Starting ipa-otpd Service Starting ipa-dnskeysyncd Service ipapython.ipautil: DEBUG: stderr=ipa: INFO: The ipactl command was successful ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/bin/gzip', '/tmp/tmpf0bztyygipa/ipa/files.tar'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout= ipapython.ipautil: DEBUG: stderr= ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['tar', '--xattrs', '--selinux', '-czf', '/var/lib/ipa/backup/ipa-full-2020-12-17-13-08-30/ipa-full.tar', '.'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout= ipapython.ipautil: DEBUG: stderr= ipaserver.install.ipa_backup: INFO: Backed up to /var/lib/ipa/backup/ipa-full-2020-12-17-13-08-30 ipapython.admintool: INFO: The ipa-backup command was successful Builds used for verification:
ipa-client-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
ipa-client-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch
ipa-selinux-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
ipa-server-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-dns-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-trust-ad-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
============================= test session starts ==============================
platform linux -- Python 3.6.8, pytest-3.10.1, py-1.10.0, pluggy-0.13.1 -- /usr/libexec/platform-python
cachedir: /home/cloud-user/.pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-262.el8.x86_64-x86_64-with-redhat-8.4-Ootpa', 'Packages': {'pytest': '3.10.1', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '1.22.1', 'multihost': '3.0', 'sourceorder': '0.5'}}
rootdir: /usr/lib/python3.6/site-packages/ipatests, inifile:
plugins: metadata-1.11.0, html-1.22.1, multihost-3.0, sourceorder-0.5
collecting ... collected 3 items
test_integration/test_backup_and_restore.py::TestBackupAndRestore::test_full_backup_and_restore PASSED [ 33%]
test_integration/test_backup_and_restore.py::TestBackupAndRestore::test_full_backup_and_restore_with_removed_users PASSED [ 66%]
test_integration/test_backup_and_restore.py::TestBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off PASSED [100%]
---------------- generated xml file: /home/cloud-user/junit.xml ----------------
----------- generated html file: file:///home/cloud-user/report.html -----------
========================== 3 passed in 919.75 seconds ==========================
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1846 |
Description of problem: Traceback is seen while doing ipa-backup. Version-Release number of selected component (if applicable): ipa-server-4.9.0-0.1.rc1.module+el8.4.0+8830+62cd648b.x86_64 How reproducible: always Steps to Reproduce: 1. Install ipa master 2. run $ ipa-backup -v Actual results: [..] ipaserver.install.ipa_backup: INFO: Backing up IPA-TEST ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/usr/sbin/dsctl', 'IPA-TEST', 'db2bak', '/var/lib/dirsrv/slapd-IPA-TEST/bak/IPA-TEST'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout=db2bak successful ipapython.ipautil: DEBUG: stderr= ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/usr/bin/authselect', 'current', '--raw'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout=sssd with-sudo ipapython.ipautil: DEBUG: stderr= ipaserver.install.ipa_backup: INFO: Backing up files ipapython.admintool: DEBUG: File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 348, in run self.file_backup(options) File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 643, in file_backup args.extend(verify_directories(self.files)) File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 629, in verify_directories return [s for s in dirs if os.path.exists(s)] File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_backup.py", line 629, in <listcomp> return [s for s in dirs if os.path.exists(s)] File "/usr/lib64/python3.6/genericpath.py", line 19, in exists os.stat(path) ipapython.admintool: DEBUG: The ipa-backup command failed, exception: TypeError: stat: path should be string, bytes, os.PathLike or integer, not NoneType ipapython.admintool: ERROR: stat: path should be string, bytes, os.PathLike or integer, not NoneType ipapython.admintool: ERROR: The ipa-backup command failed. See /var/log/ipabackup.log for more information Expected results: ipa-backup success Additional info: