Bug 733009 - ipa-client-install says system configured after an unsuccessful run
Summary: ipa-client-install says system configured after an unsuccessful run
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-24 13:03 UTC by Marko Myllynen
Modified: 2015-01-04 23:50 UTC (History)
5 users (show)

Fixed In Version: ipa-2.1.1-1.el6
Doc Type: Bug Fix
Doc Text:
Do not document
Clone Of:
Environment:
Last Closed: 2011-12-06 18:30:25 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Marko Myllynen 2011-08-24 13:03:11 UTC
Description of problem:
If ipa-client-install fails with IPA 2.0 (e.g., due to ipa-join failing, ref: bug 732468) then when running ipa-client-install again it will try to configure the system as expected.

However, with IPA 2.1 in the same situation when running ipa-client-install for the second time it says "IPA client is already configured on this system.

In both cases essential configuration files like krb5.conf and sssd.conf have not been updated so the system is clearly unconfigured.

Version-Release number of selected component (if applicable):
IPA 2.1

Comment 1 Rob Crittenden 2011-08-24 13:09:22 UTC
Can you provide details on where the client installer failed?

Can you attach /var/lib/ipa-client/sysrestore/sysrestore.index

Comment 3 Marko Myllynen 2011-08-24 13:23:05 UTC
> Can you provide details on where the client installer failed?

After entering the admin password this is printed:

"Joining realm failed: HTTP response code is 500, not 200"

This was caused by the known issue with A/PTR mismatch as discussed in bug 732468.

> Can you attach /var/lib/ipa-client/sysrestore/sysrestore.index

It only has:

[files]
63b72c9e823af994-network = 33188,0,0,/etc/sysconfig/network

Thanks.

Comment 4 Rob Crittenden 2011-08-24 14:27:45 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1704

Comment 5 Dmitri Pal 2011-08-24 16:37:45 UTC
Would it be sufficient to fix by adding more text to the message:

"IPA client is already configured on this system. If you want to repair a broken installation run 'ipa-client-install --uninstall --U' to uninstall client software and then try again."

Comment 6 Rob Crittenden 2011-08-24 16:48:52 UTC
The problem is that /etc/sysconfig/network gets set before we attempt to enroll. This isn't getting rolled-back on unsuccessful enrollment attempts.

So we need to either set network after enrollment or roll back that change when installation fails.

Comment 7 Rob Crittenden 2011-08-30 14:28:11 UTC
Fixed upstream.

master: ad717bff3c8c176f2c3c983d1a743eac00af426e

ipa-2-1: 4cd65a1d6e432945ae3c86a49ebc236d845d9cbd

Comment 10 Namita Soman 2011-10-10 13:52:34 UTC
Tested using ipa-server-2.1.2-2.el6.x86_64


Steps taken:
1. the client doesn't have a host entry for the server in /etc/hosts.
2. install client, and the installation is unsuccessful
3. check /etc/sysconfig/network, and verify it is restored.
4. reinstall, and see same behaviour as above, and not the reported error that "when running ipa-client-install for the second time it says "IPA client is already configured on this system."

test result outputs:

# ipa-client-install --hostname namita.testrelm
Discovery was successful!
Hostname: namita.testrelm
Realm: TESTRELM
DNS Domain: testrelm
IPA Server: rhel62-server1.testrelm
BaseDN: dc=testrelm


Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@TESTRELM: 

Joining realm failed: HTTP response code is 500, not 200
Installation failed. Rolling back changes.


# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=rhel62-server2.testrelm


# ipa-client-install --hostname namita.testrelm
Discovery was successful!
Hostname: namita.testrelm
Realm: TESTRELM
DNS Domain: testrelm
IPA Server: rhel62-server1.testrelm
BaseDN: dc=testrelm


Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@TESTRELM: 

Joining realm failed: HTTP response code is 500, not 200
Installation failed. Rolling back changes.

Comment 11 Rob Crittenden 2011-10-10 14:06:53 UTC
A 500 error means that something bad happened on the server side. Can you see if a backtrace is in /var/log/httpd/error_log on the IPA server and include it here?

Comment 12 Namita Soman 2011-10-17 18:19:04 UTC
Not getting the 500 error since then...but it was very timely to see the error to help verify this bug. Verified that when this error was thrown, client was uninstalled, and all files were restored successfully. 
Tested with ipa-server-2.1.2-2.el6.x86_64

Comment 14 Martin Kosek 2011-11-01 13:42:16 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Do not document

Comment 15 errata-xmlrpc 2011-12-06 18:30:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html


Note You need to log in before you can comment on or make changes to this bug.