Description of problem: The DS installer checks to see if the requested ports are in-use before continuing the installation (Util.pm::portAvailable). It does not set SO_REUSEADDR so incorrectly detects as in-use ports that otherwise should be available. Version-Release number of selected component (if applicable): fedora-ds-base-1.1.1-1.fc7 Steps to Reproduce: I'm testing this in the context of the ipa project, so using those tools: 1. ipa-server-install 2. kinit admin 3. ipa-server-install --uninstall -U 4. ipa-server-install After the uninstall there will be a number of sockets in TIME_WAIT and FIN_WAIT2.
Wait for a couple of minutes after uninstall and then try install again.
*** Util.pm.in.~1.16.~ 2007-12-17 16:49:50.000000000 -0700 --- Util.pm.in 2008-07-08 15:11:15.000000000 -0600 *************** *** 78,83 **** --- 78,84 ---- my $proto = getprotobyname('tcp'); my $rc = socket(SOCK, PF_INET, SOCK_STREAM, $proto); if ($rc == 1) { + setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, 1); $rc = bind(SOCK, sockaddr_in($port, INADDR_ANY)); } close(SOCK);
Created attachment 311729 [details] diffs
Created attachment 311787 [details] cvs commit log Reviewed by: nkinder (Thanks!) Branch: HEAD Fix Description: Set SO_REUSEADDR to make sure the port is really available. Platforms tested: RHEL5, Fedora 8, Fedora 9 Flag Day: no Doc impact: no
It appears that this bug still exists: ipa-server-install: Setup complete Next steps: Be sure to back up the CA certificate stored in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/cacert.p12 The password for this file is in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/pwdfile.txt [root@localhost ~]# kinit admin Password for admin.REDHAT.COM: [root@localhost ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin.REDHAT.COM Valid starting Expires Service principal 04/15/09 18:20:40 04/16/09 18:20:37 krbtgt/DSDEV.SJC.REDHAT.COM.REDHAT.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@localhost ~]# ipa-server-install --uninstall -U [root@localhost ~]# ipa-server-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup the FreeIPA Server. This includes: * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure TurboGears To accept the default shown in brackets, press the Enter key. IPA requires ports 389 and 636 for the Directory Server. These are currently in use: 389
tested against rpm -qa ipa-server ipa-server-1.2.1-1.fc9.x86_64
We had to adjust the IPA port detection routines to match the DS ones so we could detect the unavailable port early on and not fail during ds-setup. It could be that this is a false-alarm.
I would like to either close this bug or move it to freeipa - ok?
The DS part should be testable using setup-ds.pl I think. Rich, correct me if I'm wrong, but I think the process would be: - setup-ds.pl - run some queries against server - remove-ds.pl - setup-ds.pl (should not fail) I think it would be best for tracking to open a separate bug against IPA.
(In reply to comment #9) > The DS part should be testable using setup-ds.pl I think. Rich, correct me if > I'm wrong, but I think the process would be: > > - setup-ds.pl > - run some queries against server > - remove-ds.pl > - setup-ds.pl (should not fail) Correct. > > I think it would be best for tracking to open a separate bug against IPA.
ok - closing - please open a separate IPA BUG