910410 – ipa-client-install fixed-primary server list out of order in sssd.conf on i386

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 910410 - ipa-client-install fixed-primary server list out of order in sssd.conf on i386

Summary: ipa-client-install fixed-primary server list out of order in sssd.conf on i386

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-12 15:08 UTC by Scott Poore
Modified:	2014-06-18 00:05 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ipa-3.2.1-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 10:56:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Scott Poore 2013-02-12 15:08:26 UTC

Description of problem:

When passing multiple servers on command line, they are not being listed in the same order in sssd.conf.  I have so far only seen this on i386.  I did not see the same behavior on x86_64 yet.


Version-Release number of selected component (if applicable):
ipa-client-3.0.0-26.el6_4.i686

How reproducible:
Very on i386.  Have not see it anywhere else yet.


Steps to Reproduce:
1.  Setup 2 IPA servers
2.  ipa-client-install -p admin -w PASSWORD --fixed-primary --server=SERVER1 --server=SERVER2 --domain=testrelm.com --realm=TESTRELM.COM -U
3.  check sssd.conf
  
Actual results:
ipa_server list in sssd.conf order not same as passed on command line.

Expected results:
ipa_server list should be the same?

Additional info:

More info seen in my testing:
:: [17:22:25] ::  EXECUTING: ipa-client-install -p admin -w Secret123 --fixed-primary --server=mgmt9.testrelm.com --server=storm.testrelm.com --domain=testrelm.com --realm=TESTRELM.COM -U
Hostname: qe-blade-05.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: storm.testrelm.com, mgmt9.testrelm.com
BaseDN: dc=testrelm,dc=com
Synchronizing time with KDC...
Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
trying https://storm.testrelm.com/ipa/xml
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to server u'https://storm.testrelm.com/ipa/xml'
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.

:: [   PASS   ] :: Running 'ipa-client-install -p admin -w Secret123 --fixed-primary --server=mgmt9.testrelm.com --server=storm.testrelm.com --domain=testrelm.com --realm=TESTRELM.COM -U'
[domain/testrelm.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = testrelm.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = qe-blade-05.testrelm.com
chpass_provider = ipa
ipa_server = storm.testrelm.com, mgmt9.testrelm.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2

domains = testrelm.com
[nss]

[pam]

[sudo]

[autofs]

[ssh]

[pac]

:: [   PASS   ] :: Running 'cat /etc/sssd/sssd.conf'

Comment 2 Dmitri Pal 2013-02-12 16:39:47 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3418

Comment 4 Martin Kosek 2013-03-14 08:41:37 UTC

Fixed upstream:

master:
354a5db38e46aaf7ff4ecb0b6ee54a18194c376e Avoid multiple client discovery with fixed server list
452ffa143aadba5f16f4fe67720e28852fdf1fb7 Preserve order of servers in ipa-client-install

ipa-3-1:
cc51f969cfb83b9d7fcff3c064feebb3eb5702cd Avoid multiple client discovery with fixed server list
af4a1e53f782a977a053bb3b986a712dc5a65fbf Preserve order of servers in ipa-client-install

List of servers in /etc/sssd/sssd.conf will now preserve an order with --server options. We have also improved the client discovery logging, it will be now visible which server was excluded from discovery and why.

Comment 7 Scott Poore 2013-12-18 17:11:30 UTC

Verified.

Version ::
ipa-client-3.3.3-5.el7.x86_64


Test Results ::


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: client-install-fixed-primary-server 05 [Positive] fixed primary with --server=MASTER --server=SLAVE
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 11:15:45 ] ::  uninstall_fornexttest starts
:: [ 11:15:45 ] ::  Uninstall for next test
:: [ 11:15:45 ] ::  Uninstalling ipa client for next test
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
nscd daemon is not installed, skip configuration
Client uninstall complete.
:: [ 11:15:57 ] ::  sssd.conf for testing BZ 819982 does not exists
ntpd.stop.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

:: [ 11:15:57 ] ::  checking for '^nameserver <IPREMOVED>' in /etc/resolv.conf
nameserver <IPREMOVED>
cloud-qe-19.idm.lab.bos.redhat.com. 11039 IN A	<IPREMOVED>
Password for admin: 
--------------------------------------
Deleted host "ipaqa64vmc.testrelm.com"
--------------------------------------
:: [   PASS   ] :: Running 'ssh root@<IPREMOVED> "echo Secret123|kinit admin;ipa host-del ipaqa64vmc.testrelm.com"' (Expected 0,1,2, got 0)
:: [   PASS   ] :: Running 'sleep 60' (Expected 0, got 0)
:: [ 11:16:58 ] ::  uninstall_fornexttest ends
:: [   PASS   ] :: Running 'echo "echo Secret123|kinit admin;ipa host-del ipaqa64vmc.testrelm.com" > /local.sh' (Expected 0, got 0)
:: [   PASS   ] :: Running 'chmod +x /local.sh' (Expected 0, got 0)
Password for admin: 
ipa: ERROR: ipaqa64vmc.testrelm.com: host not found
:: [   PASS   ] :: Running 'ssh -o StrictHostKeyChecking=no root@<IPREMOVED> 'bash -s' < /local.sh' (Expected 0,1,2, got 2)
:: [   PASS   ] :: Running 'sleep 10' (Expected 0, got 0)
:: [ 11:17:10 ] ::  EXECUTING: ipa-client-install -p admin -w Secret123 --fixed-primary --server=cloud-qe-19.testrelm.com --server=qe-blade-14.testrelm.com --domain=testrelm.com --realm=TESTRELM.COM -U
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Hostname: ipaqa64vmc.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: cloud-qe-19.testrelm.com, qe-blade-14.testrelm.com
BaseDN: dc=testrelm,dc=com

Synchronizing time with KDC...
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=TESTRELM.COM
    Issuer:      CN=Certificate Authority,O=TESTRELM.COM
    Valid From:  Tue Dec 17 23:42:14 2013 UTC
    Valid Until: Sat Dec 17 23:42:14 2033 UTC

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.
:: [   PASS   ] :: Running 'ipa-client-install -p admin -w Secret123 --fixed-primary --server=cloud-qe-19.testrelm.com --server=qe-blade-14.testrelm.com --domain=testrelm.com --realm=TESTRELM.COM -U' (Expected 0, got 0)
[domain/testrelm.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = testrelm.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ipaqa64vmc.testrelm.com
chpass_provider = ipa
ipa_server = cloud-qe-19.testrelm.com, qe-blade-14.testrelm.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2

domains = testrelm.com
[nss]

[pam]

[sudo]

[autofs]

[ssh]

[pac]

:: [   PASS   ] :: Running 'cat /etc/sssd/sssd.conf' (Expected 0, got 0)
:: [   PASS   ] :: File '/etc/sssd/sssd.conf' should contain 'ipa_server = cloud-qe-19.testrelm.com, qe-blade-14.testrelm.com' 

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipaclientinstall_bug_910410 ipa-client-install fixed-primary server list out of order in sssd.conf on i386 bz910410
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: BZ 910410 not found...ipa_server line in correct order 
:: [   PASS   ] :: Running 'sed '/cache_credentials/ a debug_level = 9' /etc/sssd/sssd.conf > /tmp/sssd.conf' (Expected 0, got 0)
cp: overwrite ‘/etc/sssd/sssd.conf’? y
:: [   PASS   ] :: Running 'cp /tmp/sssd.conf /etc/sssd/sssd.conf' (Expected 0, got 0)
:: [   PASS   ] :: Running 'cat /dev/null > /var/log/sssd/sssd_testrelm.com.log' (Expected 0, got 0)
:: [   PASS   ] :: Running 'systemctl stop sssd.service' (Expected 0, got 0)
:: [   PASS   ] :: Running 'sss_cache -u admin' (Expected 0, got 0)
:: [   PASS   ] :: Running 'systemctl start sssd.service' (Expected 0, got 0)
uid=1387600000(admin) gid=1387600000(admins) groups=1387600000(admins)
admin:*:1387600000:1387600000:Administrator:/home/admin:/bin/bash
Password for admin: 
:: [   PASS   ] :: Running 'id admin;getent passwd admin;echo Secret123|kinit admin' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/sssd/sssd_testrelm.com.log' should contain 'Option ipa_server has value cloud-qe-19.testrelm.com, qe-blade-14.testrelm.com' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_testrelm.com.log' should contain 'Added Server cloud-qe-19.testrelm.com' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_testrelm.com.log' should contain 'Added Server qe-blade-14.testrelm.com' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_testrelm.com.log' should contain 'Marking server 'cloud-qe-19.testrelm.com' as 'working'' 
:: [   PASS   ] :: File '/var/log/sssd/sssd_testrelm.com.log' should not contain 'Marking server 'qe-blade-14.testrelm.com' as 'working'' 
:: [ 11:19:21 ] ::  Backing up and submitting /var/log/ipaclient-install.log.
result_server not set, assuming developer mode.
Log File : /var/log/ipaclient-install.log..20131218-111921

Comment 8 Ludek Smid 2014-06-13 10:56:59 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.