Bug 450941 - Does not do in-use port detection properly
Does not do in-use port detection properly
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Install/Uninstall (Show other bugs)
1.1.0
All Linux
low Severity low
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
: VerifiedUpstream
Depends On:
Blocks: 249650 442454 FDS112
  Show dependency treegraph
 
Reported: 2008-06-11 16:17 EDT by Rob Crittenden
Modified: 2015-12-07 11:54 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:54:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (926 bytes, patch)
2008-07-14 12:41 EDT, Rich Megginson
no flags Details | Diff
cvs commit log (183 bytes, text/plain)
2008-07-14 19:26 EDT, Rich Megginson
no flags Details

  None (edit)
Description Rob Crittenden 2008-06-11 16:17:36 EDT
Description of problem:

The DS installer checks to see if the requested ports are in-use before
continuing the installation (Util.pm::portAvailable). It does not set
SO_REUSEADDR so incorrectly detects as in-use ports that otherwise should be
available.

Version-Release number of selected component (if applicable):

fedora-ds-base-1.1.1-1.fc7

Steps to Reproduce:

I'm testing this in the context of the ipa project, so using those tools:

1. ipa-server-install
2. kinit admin
3. ipa-server-install --uninstall -U
4. ipa-server-install

After the uninstall there will be a number of sockets in TIME_WAIT and FIN_WAIT2.
Comment 1 Chandrasekar Kannan 2008-06-17 09:24:25 EDT
Wait for a couple of minutes after uninstall and then try install again. 
Comment 2 Rich Megginson 2008-07-08 17:13:17 EDT
*** Util.pm.in.~1.16.~	2007-12-17 16:49:50.000000000 -0700
--- Util.pm.in	2008-07-08 15:11:15.000000000 -0600
***************
*** 78,83 ****
--- 78,84 ----
      my $proto = getprotobyname('tcp');
      my $rc = socket(SOCK, PF_INET, SOCK_STREAM, $proto);
      if ($rc == 1) {
+         setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, 1);
          $rc = bind(SOCK, sockaddr_in($port, INADDR_ANY));
      }
      close(SOCK);
Comment 3 Rich Megginson 2008-07-14 12:41:40 EDT
Created attachment 311729 [details]
diffs
Comment 4 Rich Megginson 2008-07-14 19:26:33 EDT
Created attachment 311787 [details]
cvs commit log

Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Set SO_REUSEADDR to make sure the port is really available.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
Comment 5 Michael Gregg 2009-04-15 20:18:52 EDT
It appears that this bug still exists:

ipa-server-install:
Setup complete
Next steps:
Be sure to back up the CA certificate stored in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/cacert.p12
The password for this file is in /etc/dirsrv/slapd-DSDEV-SJC-REDHAT-COM/pwdfile.txt

[root@localhost ~]# kinit admin
Password for admin@DSDEV.SJC.REDHAT.COM: 

[root@localhost ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@DSDEV.SJC.REDHAT.COM
Valid starting     Expires            Service principal
04/15/09 18:20:40  04/16/09 18:20:37  krbtgt/DSDEV.SJC.REDHAT.COM@DSDEV.SJC.REDHAT.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

[root@localhost ~]# ipa-server-install --uninstall -U

[root@localhost ~]# ipa-server-install 

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup the FreeIPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure TurboGears

To accept the default shown in brackets, press the Enter key.

IPA requires ports 389 and 636 for the Directory Server.
These are currently in use:
	389
Comment 6 Michael Gregg 2009-04-15 20:49:24 EDT
tested against  

rpm -qa ipa-server
ipa-server-1.2.1-1.fc9.x86_64
Comment 7 Rob Crittenden 2009-04-15 20:51:41 EDT
We had to adjust the IPA port detection routines to match the DS ones so we could detect the unavailable port early on and not fail during ds-setup. It could be that this is a false-alarm.
Comment 8 Rich Megginson 2009-09-21 15:47:45 EDT
I would like to either close this bug or move it to freeipa - ok?
Comment 9 Rob Crittenden 2009-09-23 09:35:05 EDT
The DS part should be testable using setup-ds.pl I think. Rich, correct me if I'm wrong, but I think the process would be:

- setup-ds.pl
- run some queries against server
- remove-ds.pl
- setup-ds.pl (should not fail)

I think it would be best for tracking to open a separate bug against IPA.
Comment 10 Rich Megginson 2009-09-23 10:16:26 EDT
(In reply to comment #9)
> The DS part should be testable using setup-ds.pl I think. Rich, correct me if
> I'm wrong, but I think the process would be:
> 
> - setup-ds.pl
> - run some queries against server
> - remove-ds.pl
> - setup-ds.pl (should not fail)

Correct.
> 
> I think it would be best for tracking to open a separate bug against IPA.
Comment 11 Rich Megginson 2009-09-25 13:48:28 EDT
ok - closing - please open a separate IPA BUG

Note You need to log in before you can comment on or make changes to this bug.