Bug 808042 - "host group not found" error message is displayed while removing a member host from the hostgroup with huge members.
"host group not found" error message is displayed while removing a member hos...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-29 08:15 EDT by Gowrishankar Rajaiyan
Modified: 2012-06-20 09:26 EDT (History)
4 users (show)

See Also:
Fixed In Version: ipa-2.2.0-10.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:26:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gowrishankar Rajaiyan 2012-03-29 08:15:58 EDT
Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-7.el6.x86_64

How reproducible:


Steps to Reproduce:
1. Create hostgroup
2. Add more than 2000 members to this hostgroup
3. Try removing a member. 
  
Actual results: See the following error message every other time while removing a member.

"ipa: ERROR: hostgroup772150: host group not found"

Expected results:
Member should be removed successfully. 

Additional info:
[root@primenova ~]# ipa -d hostgroup-remove-member hostgroup772150 --hosts=host816.lab.eng.pnq.redhat.com
...
ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
ipa: DEBUG: cert valid True for "CN=primenova.lab.eng.pnq.redhat.com,O=LAB.ENG.PNQ.REDHAT.COM"
ipa: DEBUG: handshake complete, peer = 10.65.201.100:443
ipa: DEBUG: Created connection context.xmlclient
ipa: DEBUG: raw: hostgroup_remove_member(u'hostgroup772150', all=False, raw=False, version=u'2.32', host=(u'host816.lab.eng.pnq.redhat.com',))
ipa: DEBUG: hostgroup_remove_member(u'hostgroup772150', all=False, raw=False, version=u'2.32', host=(u'host816.lab.eng.pnq.redhat.com',))
ipa: INFO: Forwarding 'hostgroup_remove_member' to server u'http://primenova.lab.eng.pnq.redhat.com/ipa/xml'
ipa: DEBUG: NSSConnection init primenova.lab.eng.pnq.redhat.com
ipa: DEBUG: connect_socket_family: host=primenova.lab.eng.pnq.redhat.com port=443 family=PR_AF_INET
ipa: DEBUG: connecting: 10.65.201.100:443
ipa: DEBUG: handshake complete, peer = 10.65.201.100:443
ipa: DEBUG: Caught fault 4001 from server http://primenova.lab.eng.pnq.redhat.com/ipa/xml: hostgroup772150: host group not found
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: hostgroup772150: host group not found
[root@primenova ~]# 



Script used to populate data:

#!/bin/bash

domain="lab.eng.pnq.redhat.com"

ipa sudocmd-add "/bin/ls"
ipa sudocmd-add "/bin/rm"
ipa hostgroup-add hostgroup772150 --desc="hostgroup772150"

for j in {1..253}; do
   for i in {1..253}; do
      echo Secret123 | kinit admin
      ipa dnsrecord-add $domain host$j$i --a-rec=1.1.$j.$i

      ipa user-add user$j$i --first=user$j$i --last=user$j$i

      ipa host-add host$j$i.$domain
      ipa hostgroup-add hostgrp$j$i --desc="hostgrp$j$i"
      ipa hostgroup-add-member hostgrp$j$i --hosts=host$j$i.$domain
      ipa hostgroup-add-member hostgroup772150 --hosts=host$j$i.$domain

      ipa hbacrule-add hbacrulehost$j$i
      ipa hbacrule-add-user hbacrulehost$j$i --users=user$j$i
      ipa hbacrule-add-service hbacrulehost$j$i --hbacsvcs=sshd
      ipa hbacrule-add-sourcehost hbacrulehost$j$i --hostgroups=hostgrp$j$i
      ipa hbacrule-add-host hbacrulehost$j$i --hostgroups=hostgrp$j$i

      ipa sudorule-add sudorulehost$j$i --desc="sudorulehost$j$i"
      ipa sudorule-add-user sudorulehost$j$i --users=user$j$i
      ipa sudorule-add-host sudorulehost$j$i --hosts=host$j$i.$domain
      ipa sudorule-add-host sudorulehost$j$i --hostgroups=hostgrp$j$i
      ipa sudorule-add-allow-command sudorulehost$j$i --sudocmds="/bin/ls"
      ipa sudorule-add-deny-command sudorulehost$j$i --sudocmds="/bin/rm"

      done
done
Comment 2 Dmitri Pal 2012-04-03 12:32:13 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2606
Comment 4 Rob Crittenden 2012-04-17 16:33:38 EDT
Fixed upstream. Detect when the results have been truncated when trying to retrieve a single entry and raise a Limits error instead of Not Found.

master: a663e83cb2717ac4cf831261c93c1582f562a07f

ipa-2-2: 4a48efe636c0036334d4d3afadc933b0408de0f0
Comment 9 Martin Kosek 2012-04-25 07:06:44 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 10 Jenny Galipeau 2012-05-22 09:10:46 EDT
results ::

ipa hostgroup-find --hosts=host18108.testrelm.com | grep hostgroup772150
  Host-group: hostgroup772150
  Description: hostgroup772150


# ipa hostgroup-remove-member --hosts=host18108.testrelm.com hostgroup772150 
ipa: ERROR: limits exceeded for this query


however the host is removed from the hostgroup

# ipa hostgroup-find --hosts=host18108.testrelm.com | grep hostgroup772150
#


expected success on removing the member an not an ipa ERROR
Comment 11 Rob Crittenden 2012-05-22 10:10:35 EDT
This is a perfectly legitimate error. The operation took too long which is why it failed. If this happens the user will need to either specify --timelimit=XX or increase the default searchtimelimit in the configuration.
Comment 12 Jenny Galipeau 2012-05-22 10:13:11 EDT
(In reply to comment #11)
> This is a perfectly legitimate error. The operation took too long which is
> why it failed. If this happens the user will need to either specify
> --timelimit=XX or increase the default searchtimelimit in the configuration.

ahhh okay .. marking bug verified :)

version :
ipa-2.2.0-14.el6
Comment 14 errata-xmlrpc 2012-06-20 09:26:06 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.