#47300 [RFE] remove-ds-admin.pl: redesign the behaviour
Closed: wontfix None Opened 7 years ago by mreynolds.

If admin server was configured with SSL, and you remove the admin server- it will fail to install the next time you run setup-ds-admin.pl.

Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance 'localhost' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin:
output: Syntax error on line 48 of /etc/dirsrv/admin-serv/nss.conf:
output: NSSPassPhraseDialog: file '/etc/dirsrv/admin-serv/password.conf' does not exist
output: Server failed to start !!! Please check errors log for problems
output: [FAILED]
Could not start the admin server. Error: 256
Failed to create and configure the admin server
Exiting . . .

In console.conf you can see that NSSEngine is also still set to "on".


The current setup/remove-ds-admin behaviour:

"rpm -i 389-admin" installs these 4 config files in /etc/dirsrv/admin-serv.
{{{
-rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf
-rw-r--r--. 1 root root 4470 Jan 31 15:24 console.conf
-rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf
-rw-r--r--. 1 root root 4502 Jan 31 15:24 nss.conf
}}}
"setup-ds-admin.pl" generates additional 3 config files:
{{{
-rw-------. 1 nobody root 535 Mar 27 10:52 adm.conf
-rw-------. 1 nobody root 40 Mar 27 10:52 admpw
-rw-------. 1 nobody root 13619 Mar 27 10:52 local.conf
}}}
and empty cert db files:
{{{
-rw-------. 1 nobody root 65536 Mar 27 10:52 cert8.db
-rw-------. 1 nobody root 16384 Mar 27 10:52 key3.db
-rw-------. 1 nobody root 16384 Mar 27 10:52 secmod.db
}}}
plus bakup directory to keep the oritinal config files:
{{{
drwxr-xr-x. 2 root root 4096 Mar 27 10:52 bakup
}}}
Once ssl is enabled, the nss.conf is updated:
{{{
-r--------. 1 nobody nobody 4535 Mar 27 10:56 nss.conf
}}}
"remove-ds-admin.pl" with no '-a' option leaves config files in admin-serv without reverting to the initial state:
{{{
-rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf
-rw-------. 1 nobody root 65536 Mar 27 10:56 cert8.db
-rw-------. 1 nobody root 4471 Mar 27 10:52 console.conf
-rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf
-rw-------. 1 nobody root 16384 Mar 27 10:56 key3.db
-r--------. 1 nobody nobody 4535 Mar 27 10:56 nss.conf
-rw-------. 1 nobody root 16384 Mar 27 10:52 secmod.db
}}}
Cert db keeps the certs, as well:
{{{

certutil -L -d .

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
server-cert u,u,u
CA certificate CT,,
}}}
"remove-ds-admin.pl" with '-a' option overrides config files with the initial config files stored in admin-serv/bakup:
{{{
-rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf
-rw-------. 1 root root 65536 Mar 27 11:45 cert8.db
-rw-r--r--. 1 root root 4471 Mar 27 11:45 console.conf
-rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf
-rw-------. 1 root root 16384 Mar 27 11:45 key3.db
-rw-r--r--. 1 root root 4502 Jan 31 15:24 nss.conf
-rw-------. 1 root root 16384 Mar 27 11:45 secmod.db
}}}
and cleans up the certs from the cert db:
{{{

certutil -L -d .

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

}}}
We have no plan to change the behaviour in the current version (389-admin-1.1.32,33,?), but we may revisit in the future version.

remove-ds-admin.pl is supposed to update as follows ...
{{{
1) by default (without '-a')
- revert to the initial config files.
- keep the cert db files.
2) with '-a'
- revert to the initial config files.
- remove the cert db files (instead of removing certs from cert db).
}}}
Note: Once this change is made, "Configuration, Command, and File Reference Guide" needs to be updated, too.

0001-Ticket-47300-RFE-remove-ds-admin.pl-redesign-the-beh.patch
0001-Ticket-47300-RFE-remove-ds-admin.pl-redesign-the-beh.patch

commit 8d0482561ed95621e52710d74fb74dc6970a6f04
Author: Rich Megginson rmeggins@redhat.com
Date: Mon Oct 21 15:23:07 2013 -0600

Reopening, remove-ds-admin.pl man page needs to be updated about the "-a" option.

To ssh://git.fedorahosted.org/git/389/admin.git
0ef82b0..376cb98 master -> master

commit 376cb989e9b156e9a11c85cdd2a01585ca2922dd
Author: Mark Reynolds mreynolds@redhat.com
Date: Mon Sep 8 17:00:42 2014 -0400

Metadata Update from @nhosoi:
- Issue assigned to mreynolds
- Issue set to the milestone: 389-admin,console 1.1.36

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/637

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

a month ago

Login to comment on this ticket.

Metadata