698885 – Race conditions during IPA installation

Bug 698885 - Race conditions during IPA installation

Summary: Race conditions during IPA installation

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pki-core
Sub Component:
Version:	15
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Assignee:	Ade Lee
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	698796
Blocks:	696390
TreeView+	depends on / blocked

Reported:	2011-04-22 07:28 UTC by Martin Kosek
Modified:	2012-08-07 20:27 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	698796
Environment:
Last Closed:	2012-08-07 20:27:52 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Martin Kosek 2011-04-22 07:28:11 UTC

+++ This bug was initially created as a clone of Bug #698796 +++

This issue is known to be observed in F15.

# ipa-server-install -p secret123 -a secret123
...
Configuring certificate server: Estimated time 6 minutes
  [1/17]: creating certificate server user
  [2/17]: creating pki-ca instance
  [3/17]: restarting certificate server
  [4/17]: configuring certificate server instance
  [5/17]: restarting certificate server
  [6/17]: creating CA agent PKCS#12 file in /root
  [7/17]: creating RA agent certificate database
  [8/17]: importing CA chain to RA certificate database
Unexpected error - see ipaserver-install.log for details:
 Unable to retrieve CA chain: request failed with HTTP status 500

From Ade:

Basically, one of the things that the CA does on startup is read some
configuration data in /etc/pki-ca/registry.cfg.  The way the code is
currently written, it reads in this data and then promptly overwrites
this file the data it has just read.  It actually does this multiple
times - once for each plugin it reads in.

During the IPA installation process, we end up starting up and shutting
down the CA multiple times.  In fact, one of these restarts is issued
while the server is coming up - and in particular - while this file is
being overwritten. The way tomcat code works, if the server is shut down
while  not completely up (ie. before the ports are available), then the
server will call System.exit() immediately.  This means that the
registry.cfg file is left in an incomplete, corrupted state - and any
subsequent restarts are incomplete.

The simple code fix is simply not to rewrite this config file on
startup.  There is no reason to do so - as we are just rewriting the
data we just read in.

I have coded a fix that addresses this - and was able to configure IPA
multiple times with no issue.

--- Additional comment from dpal on 2011-04-21 16:01:11 EDT ---

https://fedorahosted.org/freeipa/ticket/1186

--- Additional comment from dpal on 2011-04-21 16:01:47 EDT ---

https://fedorahosted.org/freeipa/ticket/1186

--- Additional comment from alee on 2011-04-21 16:26:26 EDT ---

Created attachment 493983 [details]
patch to fix

--- Additional comment from jmagne on 2011-04-21 17:00:48 EDT ---

Comment on attachment 493983 [details]
patch to fix

This fix looks pretty straightforward. It would be good to have awnuk to have a quick look in case he knows of any gotchas.

Comment 1 Ade Lee 2011-04-25 19:00:24 UTC

tip: 

[vakwetu@dhcp231-121 common]$ svn ci -m "Bugzilla Bug 698885 - Race conditions during IPA installation"
Sending        common/src/com/netscape/cmscore/registry/PluginRegistry.java
Transmitting file data .
Committed revision 1983.

Comment 4 Martin Kosek 2011-04-29 11:52:20 UTC

I was able to successfully install FreeIPA with pki-core-9.0.7-1.fc15 installed. Everything seems to be working fine.

Comment 5 Asha Akkiangady 2011-05-31 19:03:19 UTC

Bug is already verified as reported in the comment #4.

Comment 6 Fedora End Of Life 2012-08-07 20:27:57 UTC

This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.