#49635 stop-dirsrv is blocked by interactive password prompt
Closed: wontfix 3 years ago by firstyear. Opened 4 years ago by cheimes.

Issue Description

Uninstallation of FreeIPA server is blocked because remove-ds.pl is waiting for a password input:

 16172 pts/2    S      0:00      \_ /bin/bash
 27701 pts/2    S+     0:04          \_ /usr/bin/python3 -E /usr/sbin/ipa-server-install --uninstall -U
 28063 pts/2    S+     0:00              \_ /usr/bin/perl /usr/sbin/remove-ds.pl -i slapd-IPA.EXAMPLE
 28064 pts/2    S+     0:00                  \_ /bin/sh /usr/sbin/stop-dirsrv IPA.EXAMPLE
 28095 pts/2    S+     0:00                      \_ /usr/bin/systemctl stop dirsrv@IPA.EXAMPLE.service
 28096 pts/2    S+     0:00                          \_ /usr/bin/systemd-tty-ask-password-agent --watch

Package Version and Platform


Steps to reproduce

  1. ipa-server-install
  2. ipa-server-install --uninstall -U

Actual results

# ipa-server-install --uninstall -U
Shutting down all IPA services
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server

Uninstallation just sits there and doesn't proceed.

Expected results

remove-ds shouldn't block.

All commands are executed as user root with an unconfined context:

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 16172 0.0  0.0 18304 5140 pts/2 S Apr10   0:00          \_ /bin/bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 27701 0.8  1.1 400852 91360 pts/2 S+ 07:30   0:04              \_ /usr/bin/python3 -E /usr/sbin/ipa-server-install --uninstall -U
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 28063 0.0  0.2 123680 21732 pts/2 S+ 07:30   0:00                  \_ /usr/bin/perl /usr/sbin/remove-ds.pl -i slapd-IPA.EXAMPLE
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 28064 0.0  0.0 12788 3136 pts/2 S+ 07:30   0:00                      \_ /bin/sh /usr/sbin/stop-dirsrv IPA.EXAMPLE
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 28095 0.0  0.0 77968 6076 pts/2 S+ 07:30   0:00                          \_ /usr/bin/systemctl stop dirsrv@IPA.EXAMPLE.service
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 28096 0.0  0.0 74880 3600 pts/2 S+ 07:30   0:00                              \_ /usr/bin/systemd-tty-ask-password-agent --watch

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue set to the milestone: 1.4.0

4 years ago

Metadata Update from @mreynolds:
- Issue assigned to mreynolds

4 years ago

I've never seen remove-ds.pl block before or prompt for any kind of password. So this is odd indeed.

I tested 389-ds-base- on F28 with freeipa 4.6.90. Uninstall works fine for me. I installed and uninstalled over and over - no problems.

Perhaps there is more to reproducing the problem than installing and uninstalling?

The only time we access systemd-ask-password is part of svrcore to get the pin for the NSSDB. This indicates that perhaps it's starting the server?

Can this error be produced with ds-create or dsctl <inst> remove?

No movement in 11 months, so I think this is no longer an issue.

Metadata Update from @firstyear:
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2694

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: worksforme)

2 years ago

Login to comment on this ticket.