If admin server was configured with SSL, and you remove the admin server- it will fail to install the next time you run setup-ds-admin.pl.
Are you ready to set up your servers? [yes]: Creating directory server . . . Your new DS instance 'localhost' was successfully created. Creating the configuration directory server . . . Beginning Admin Server creation . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.conf with information from configuration directory server . . . Updating the configuration for the httpd engine . . . Starting admin server . . . output: Starting dirsrv-admin: output: Syntax error on line 48 of /etc/dirsrv/admin-serv/nss.conf: output: NSSPassPhraseDialog: file '/etc/dirsrv/admin-serv/password.conf' does not exist output: Server failed to start !!! Please check errors log for problems output: [FAILED] Could not start the admin server. Error: 256 Failed to create and configure the admin server Exiting . . .
In console.conf you can see that NSSEngine is also still set to "on".
The current setup/remove-ds-admin behaviour:
"rpm -i 389-admin" installs these 4 config files in /etc/dirsrv/admin-serv. {{{ -rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf -rw-r--r--. 1 root root 4470 Jan 31 15:24 console.conf -rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf -rw-r--r--. 1 root root 4502 Jan 31 15:24 nss.conf }}} "setup-ds-admin.pl" generates additional 3 config files: {{{ -rw-------. 1 nobody root 535 Mar 27 10:52 adm.conf -rw-------. 1 nobody root 40 Mar 27 10:52 admpw -rw-------. 1 nobody root 13619 Mar 27 10:52 local.conf }}} and empty cert db files: {{{ -rw-------. 1 nobody root 65536 Mar 27 10:52 cert8.db -rw-------. 1 nobody root 16384 Mar 27 10:52 key3.db -rw-------. 1 nobody root 16384 Mar 27 10:52 secmod.db }}} plus bakup directory to keep the oritinal config files: {{{ drwxr-xr-x. 2 root root 4096 Mar 27 10:52 bakup }}} Once ssl is enabled, the nss.conf is updated: {{{ -r--------. 1 nobody nobody 4535 Mar 27 10:56 nss.conf }}} "remove-ds-admin.pl" with no '-a' option leaves config files in admin-serv without reverting to the initial state: {{{ -rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf -rw-------. 1 nobody root 65536 Mar 27 10:56 cert8.db -rw-------. 1 nobody root 4471 Mar 27 10:52 console.conf -rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf -rw-------. 1 nobody root 16384 Mar 27 10:56 key3.db -r--------. 1 nobody nobody 4535 Mar 27 10:56 nss.conf -rw-------. 1 nobody root 16384 Mar 27 10:52 secmod.db }}} Cert db keeps the certs, as well: {{{
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI server-cert u,u,u CA certificate CT,, }}} "remove-ds-admin.pl" with '-a' option overrides config files with the initial config files stored in admin-serv/bakup: {{{ -rw-r--r--. 1 root root 3936 Jan 31 15:24 admserv.conf -rw-------. 1 root root 65536 Mar 27 11:45 cert8.db -rw-r--r--. 1 root root 4471 Mar 27 11:45 console.conf -rw-r--r--. 1 root root 26302 Jan 31 15:24 httpd.conf -rw-------. 1 root root 16384 Mar 27 11:45 key3.db -rw-r--r--. 1 root root 4502 Jan 31 15:24 nss.conf -rw-------. 1 root root 16384 Mar 27 11:45 secmod.db }}} and cleans up the certs from the cert db: {{{
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
}}} We have no plan to change the behaviour in the current version (389-admin-1.1.32,33,?), but we may revisit in the future version.
remove-ds-admin.pl is supposed to update as follows ... {{{ 1) by default (without '-a') - revert to the initial config files. - keep the cert db files. 2) with '-a' - revert to the initial config files. - remove the cert db files (instead of removing certs from cert db). }}} Note: Once this change is made, "Configuration, Command, and File Reference Guide" needs to be updated, too.
0001-Ticket-47300-RFE-remove-ds-admin.pl-redesign-the-beh.patch 0001-Ticket-47300-RFE-remove-ds-admin.pl-redesign-the-beh.patch
commit 8d0482561ed95621e52710d74fb74dc6970a6f04 Author: Rich Megginson rmeggins@redhat.com Date: Mon Oct 21 15:23:07 2013 -0600
Reopening, remove-ds-admin.pl man page needs to be updated about the "-a" option.
man page update 0001-Ticket-47300-Update-man-page-for-remove-ds-admin.pl.patch
To ssh://git.fedorahosted.org/git/389/admin.git 0ef82b0..376cb98 master -> master
commit 376cb989e9b156e9a11c85cdd2a01585ca2922dd Author: Mark Reynolds mreynolds@redhat.com Date: Mon Sep 8 17:00:42 2014 -0400
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1173253
Metadata Update from @nhosoi: - Issue assigned to mreynolds - Issue set to the milestone: 389-admin,console 1.1.36
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/637
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.