910899 – Client does not uninstall when fstore is empty

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 910899 - Client does not uninstall when fstore is empty

Summary: Client does not uninstall when fstore is empty

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-13 20:06 UTC by Namita Soman
Modified:	2014-06-18 00:06 UTC (History)
CC List:	2 users (show)
Fixed In Version:	ipa-3.3.3-12.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 12:39:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
console uninstallation and ipaclient-uninstall.log file (50.00 KB, application/x-tar) 2014-01-06 09:12 UTC, Kaleem	no flags	Details
View All

Description Namita Soman 2013-02-13 20:06:43 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3331

`ipa-client-install` installer checks `ipa-client` `fstore` and when it is empty, it considers the client as not installed.

However, when no config file is backed up during installation, client may wrongly assume that it is not installed and cause issues for example during server uninstallation when the client uninstallation procedure is skipped:

{{{
# ipa-server-install --uninstall -U
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Unconfiguring CA directory server
Unconfiguring CA
Unconfiguring named
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa_memcached
# grep -C 3 ipa-client-install /var/log/ipaserver-uninstall.log 
Stopping Directory Service

2013-01-09T08:00:24Z DEBUG stderr=
2013-01-09T08:00:24Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --uninstall
2013-01-09T08:00:24Z DEBUG stdout=IPA client is not configured on this system.

2013-01-09T08:00:24Z DEBUG stderr=

# certutil -L -d /etc/pki/nssdb/

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

IPA CA                                                       CT,C,C
}}}

Installation leftovers may cause failure in subsequent installation.

Comment 1 Namita Soman 2013-02-13 20:42:02 UTC

Please add steps to ensure "no config file is backed up during installation" to help verify this case

Comment 2 Martin Kosek 2013-02-14 08:01:47 UTC

In current IPA versions it is much hard to reproduce the issue, previously user would just need to install IPA server and do not have /etc/sssd/sssd.conf present. Now, the issue is only reproducable on ipa-client-install with special combination of flags:

# ls /etc/krb5.conf   
ls: cannot access /etc/krb5.conf: No such file or directory
# ls /etc/sssd/sssd.conf
ls: cannot access /etc/sssd/sssd.conf: No such file or directory

# ipa-client-install --domain linux.ad.test --no-ssh --no-sshd --noac --no-ntp
Discovery was successful!
Hostname: vm-148.idm.lab.bos.redhat.com
Realm: LINUX.AD.TEST
DNS Domain: linux.ad.test
IPA Server: ipa.linux.ad.test
BaseDN: dc=linux,dc=ad,dc=test

Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin.TEST: 
Enrolled in IPA realm LINUX.AD.TEST
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LINUX.AD.TEST
trying https://ipa.linux.ad.test/ipa/xml
Hostname (vm-148.idm.lab.bos.redhat.com) not found in DNS
Failed to update DNS records.
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to server u'https://ipa.linux.ad.test/ipa/xml'
Could not update DNS SSHFP records.
Client configuration complete.



No config gile is backed up:
# ll /var/lib/ipa-client/sysrestore/
total 0

IPA client is now installed (and we can kinit):
# kinit admin
Password for admin.TEST: 

However, client installer does not detect it and would allow other client or server installation (which would fail) before uninstalling the client:

# ipa-client-install --domain linux.ad.test
Discovery was successful!
Hostname: vm-148.idm.lab.bos.redhat.com
Realm: LINUX.AD.TEST
DNS Domain: linux.ad.test
IPA Server: ipa.linux.ad.test
BaseDN: dc=linux,dc=ad,dc=test

Continue to configure the system with these values? [no]: ^C

Comment 3 Martin Kosek 2013-02-22 09:14:41 UTC

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/a7110d7a32b6eb7131ce47655cb14f693681ab01
ipa-3-1: https://fedorahosted.org/freeipa/changeset/89268ce4f507a12eeb0d1752bab39387c2fd83fb

Comment 6 Kaleem 2014-01-06 09:12:04 UTC

I tried with latest build (ipa-client-3.3.3-8) and found that now ipa-client un-installation is successful when fstore is empty but still i see following message in ipaclient-uninstall.log

[root@rhel70-client ~]# cat /var/log/ipaclient-uninstall.log |grep "IPA client"
2014-01-06T09:00:11Z DEBUG stderr=IPA client is not configured on this system.
[root@rhel70-client ~]#

And following message on console while un-installing ipa-client.

Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1

After above ipa-client un-installation, next ipa-client install is successful.

Please find the attached console log and ipaclient-uninstallation log.

Comment 7 Kaleem 2014-01-06 09:12:56 UTC

Created attachment 845974 [details]
console uninstallation and ipaclient-uninstall.log file

Comment 8 Martin Kosek 2014-01-06 09:53:32 UTC

This looks like an additional issue, let me file an upstream ticket.

Comment 9 Martin Kosek 2014-01-06 09:57:39 UTC

Upstream ticket:

https://fedorahosted.org/freeipa/ticket/4091

Comment 10 Martin Kosek 2014-01-15 11:11:14 UTC

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/e369e3dcade7d85575645bf7a67040248dfd1ccf
ipa-3-3: https://fedorahosted.org/freeipa/changeset/dce4c1ce44f4c84dae1767f7373b420cbfec5c1a

Comment 12 Kaleem 2014-01-16 11:24:55 UTC

Verified.

IPA client version:
===================

---------[RPMs & OS: [RedHat - x86_64]--------
|       ipa-client-3.3.3-12.el7.x86_64
|       sssd-ipa-1.11.2-19.el7.x86_64
----------------------------------------------

Snippet from automation log:
============================
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ910899 Client does not uninstall when fstore is empty
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Removing /etc/krb.conf (Expected 0, got 0)
:: [   PASS   ] :: Installing ipa-client (Expected 0, got 0)
:: [   PASS   ] :: Checking fstore content (Expected 0, got 0)
:: [   PASS   ] :: Running 'cat /tmp/bz910899.txt' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/bz910899.txt' should not contain 'ldap.conf' 
:: [   PASS   ] :: File '/tmp/bz910899.txt' should not contain 'krb5.conf' 
:: [   PASS   ] :: File '/tmp/bz910899.txt' should not contain 'sshd_config' 
:: [   PASS   ] :: File '/tmp/bz910899.txt' should not contain 'ssh_config' 
:: [   PASS   ] :: Installing ipa-client again (Expected 3, got 3)
:: [   PASS   ] :: uninstalling ipa-client again (Expected 0, got 0)
:: [   PASS   ] :: Running 'cat /tmp/bz910899.txt' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/bz910899.txt' should not contain 'automount client failed' 
:: [   PASS   ] :: File '/var/log/ipaclient-uninstall.log' should not contain 'IPA client is not configured on this system' 
:: [   PASS   ] :: Installing ipa-client again (Expected 0, got 0)
:: [   PASS   ] :: uninstall ipa client success 
:: [   LOG    ] :: Duration: 47s
:: [   LOG    ] :: Assertions: 15 good, 0 bad
:: [   PASS   ] :: RESULT: BZ910899 Client does not uninstall when fstore is empty

Comment 13 Ludek Smid 2014-06-13 12:39:03 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.