#47300 [RFE] remove-ds-admin.pl: redesign the behaviour
Closed: Fixed None Opened 6 years ago by mreynolds.

If admin server was configured with SSL, and you remove the admin server- it will fail to install the next time you run setup-ds-admin.pl.

Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance 'localhost' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin:
output: Syntax error on line 48 of /etc/dirsrv/admin-serv/nss.conf:
output: NSSPassPhraseDialog: file '/etc/dirsrv/admin-serv/password.conf' does not exist
output: Server failed to start !!! Please check errors log for problems
output: [FAILED]
Could not start the admin server. Error: 256
Failed to create and configure the admin server
Exiting . . .

In console.conf you can see that NSSEngine is also still set to "on".


The current setup/remove-ds-admin behaviour:

"rpm -i 389-admin" installs these 4 config files in /etc/dirsrv/admin-serv.
{{{
-rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf
-rw-r--r--. 1 root root 4470 Jan 31 15:24 console.conf
-rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf
-rw-r--r--. 1 root root 4502 Jan 31 15:24 nss.conf
}}}
"setup-ds-admin.pl" generates additional 3 config files:
{{{
-rw-------. 1 nobody root 535 Mar 27 10:52 adm.conf
-rw-------. 1 nobody root 40 Mar 27 10:52 admpw
-rw-------. 1 nobody root 13619 Mar 27 10:52 local.conf
}}}
and empty cert db files:
{{{
-rw-------. 1 nobody root 65536 Mar 27 10:52 cert8.db
-rw-------. 1 nobody root 16384 Mar 27 10:52 key3.db
-rw-------. 1 nobody root 16384 Mar 27 10:52 secmod.db
}}}
plus bakup directory to keep the oritinal config files:
{{{
drwxr-xr-x. 2 root root 4096 Mar 27 10:52 bakup
}}}
Once ssl is enabled, the nss.conf is updated:
{{{
-r--------. 1 nobody nobody 4535 Mar 27 10:56 nss.conf
}}}
"remove-ds-admin.pl" with no '-a' option leaves config files in admin-serv without reverting to the initial state:
{{{
-rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf
-rw-------. 1 nobody root 65536 Mar 27 10:56 cert8.db
-rw-------. 1 nobody root 4471 Mar 27 10:52 console.conf
-rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf
-rw-------. 1 nobody root 16384 Mar 27 10:56 key3.db
-r--------. 1 nobody nobody 4535 Mar 27 10:56 nss.conf
-rw-------. 1 nobody root 16384 Mar 27 10:52 secmod.db
}}}
Cert db keeps the certs, as well:
{{{

certutil -L -d .

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
server-cert u,u,u
CA certificate CT,,
}}}
"remove-ds-admin.pl" with '-a' option overrides config files with the initial config files stored in admin-serv/bakup:
{{{
-rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf
-rw-------. 1 root root 65536 Mar 27 11:45 cert8.db
-rw-r--r--. 1 root root 4471 Mar 27 11:45 console.conf
-rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf
-rw-------. 1 root root 16384 Mar 27 11:45 key3.db
-rw-r--r--. 1 root root 4502 Jan 31 15:24 nss.conf
-rw-------. 1 root root 16384 Mar 27 11:45 secmod.db
}}}
and cleans up the certs from the cert db:
{{{

certutil -L -d .

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

}}}
We have no plan to change the behaviour in the current version (389-admin-1.1.32,33,?), but we may revisit in the future version.

remove-ds-admin.pl is supposed to update as follows ...
{{{
1) by default (without '-a')
- revert to the initial config files.
- keep the cert db files.
2) with '-a'
- revert to the initial config files.
- remove the cert db files (instead of removing certs from cert db).
}}}
Note: Once this change is made, "Configuration, Command, and File Reference Guide" needs to be updated, too.

0001-Ticket-47300-RFE-remove-ds-admin.pl-redesign-the-beh.patch
0001-Ticket-47300-RFE-remove-ds-admin.pl-redesign-the-beh.patch

commit 8d0482561ed95621e52710d74fb74dc6970a6f04
Author: Rich Megginson rmeggins@redhat.com
Date: Mon Oct 21 15:23:07 2013 -0600

Reopening, remove-ds-admin.pl man page needs to be updated about the "-a" option.

To ssh://git.fedorahosted.org/git/389/admin.git
0ef82b0..376cb98 master -> master

commit 376cb989e9b156e9a11c85cdd2a01585ca2922dd
Author: Mark Reynolds mreynolds@redhat.com
Date: Mon Sep 8 17:00:42 2014 -0400

Metadata Update from @nhosoi:
- Issue assigned to mreynolds
- Issue set to the milestone: 389-admin,console 1.1.36

2 years ago

Login to comment on this ticket.

Metadata