Running FreeIPA git master ipa-server-install occasionally fails because a temporary password generated while creating a directory server contains a dash character as a first one and then calls /usr/bin/pwdhash which complaints that this option does not exist:
/usr/bin/pwdhash
Configuring directory server (dirsrv). Estimated time: 30 seconds [1/43]: creating directory server instance Starting installation... /usr/bin/pwdhash: invalid option -- 'N' usage: /usr/bin/pwdhash -D config-dir [-H] [-s scheme | -c comparepwd ] password... [error] CalledProcessError: Command '['/usr/bin/pwdhash', '-Nn3hQCxVDMqhorEE22.482Z5tfIDHbElUJR-x5XCxjioK8.WimpAMix8UoJ8.pN1']' returned non-zero exit status 1. Command '['/usr/bin/pwdhash', '-Nn3hQCxVDMqhorEE22.482Z5tfIDHbElUJR-x5XCxjioK8.WimpAMix8UoJ8.pN1']' returned non-zero exit status 1. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
Fedora 30.x86_64
ipa-server-install
-<some letter>
installation fails
installation continues successfully
I've got the behaviour twice over this weekend while running IPA tests in Azure Pipelines CI. I'm attaching full logs but here is a traceback from ipaserver-install.log:
ipaserver-install.log
2019-05-19T10:25:20Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 603, in start_creation run_step(full_msg, method) File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 589, in run_step method() File "/usr/lib/python3.7/site-packages/ipaserver/install/dsinstance.py", line 554, in __create_instance sds.create_from_args(general, slapd, backends, None) File "/usr/lib/python3.7/site-packages/lib389/instance/setup.py", line 643, in create_from_args self._prepare_ds(general, slapd, backends) File "/usr/lib/python3.7/site-packages/lib389/instance/setup.py", line 601, in _prepare_ds self._secure_password = password_hash(self._raw_secure_password, bin_dir=slapd['bin_dir']) File "/usr/lib/python3.7/site-packages/lib389/passwd.py", line 38, in password_hash h = subprocess.check_output([pwdhashbin, pw]).strip() File "/usr/lib64/python3.7/subprocess.py", line 395, in check_output **kwargs).stdout File "/usr/lib64/python3.7/subprocess.py", line 487, in run output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '['/usr/bin/pwdhash', '-Nn3hQCxVDMqhorEE22.482Z5tfIDHbElUJR-x5XCxjioK8.WimpAMix8UoJ8.pN1']' returned non-zero exit status 1. 2019-05-19T10:25:20Z DEBUG [error] CalledProcessError: Command '['/usr/bin/pwdhash', '-Nn3hQCxVDMqhorEE22.482Z5tfIDHbElUJR-x5XCxjioK8.WimpAMix8UoJ8.pN1']' returned non-zero exit status 1. 2019-05-19T10:25:20Z DEBUG File "/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 347, in run return cfgr.run() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line 557, in main master_install(self) File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 254, in decorated func(installer) File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 813, in install setup_pkinit=not options.no_pkinit) File "/usr/lib/python3.7/site-packages/ipaserver/install/dsinstance.py", line 316, in create_instance self.start_creation(runtime=30) File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 603, in start_creation run_step(full_msg, method) File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 589, in run_step method() File "/usr/lib/python3.7/site-packages/ipaserver/install/dsinstance.py", line 554, in __create_instance sds.create_from_args(general, slapd, backends, None) File "/usr/lib/python3.7/site-packages/lib389/instance/setup.py", line 643, in create_from_args self._prepare_ds(general, slapd, backends) File "/usr/lib/python3.7/site-packages/lib389/instance/setup.py", line 601, in _prepare_ds self._secure_password = password_hash(self._raw_secure_password, bin_dir=slapd['bin_dir']) File "/usr/lib/python3.7/site-packages/lib389/passwd.py", line 38, in password_hash h = subprocess.check_output([pwdhashbin, pw]).strip() File "/usr/lib64/python3.7/subprocess.py", line 395, in check_output **kwargs).stdout File "/usr/lib64/python3.7/subprocess.py", line 487, in run output=stdout, stderr=stderr) 2019-05-19T10:25:20Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '['/usr/bin/pwdhash', '-Nn3hQCxVDMqhorEE22.482Z5tfIDHbElUJR-x5XCxjioK8.WimpAMix8UoJ8.pN1']' returned non-zero exit status 1. 2019-05-19T10:25:20Z ERROR Command '['/usr/bin/pwdhash', '-Nn3hQCxVDMqhorEE22.482Z5tfIDHbElUJR-x5XCxjioK8.WimpAMix8UoJ8.pN1']' returned non-zero exit status 1. 2019-05-19T10:25:20Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
<img alt="var_log.tar" src="/389-ds-base/issue/raw/files/c8f84197e9f84314e3b55639f80ed5b3a87284c89571bc5c758f2348aba11272-var_log.tar" /> <img alt="79.txt" src="/389-ds-base/issue/raw/files/0357956f48393e3449d54b25e30225cb5bf493dfbc81e0a7a310bc429ea8ec17-79.txt" />
There is a comment in password_generate() about the very same issue but it doesn't address the problem, thus this bug. It would be good, for example, to call random.shuffle(pw) until the first element is not a dash.
password_generate()
random.shuffle(pw)
While this is easy to prevent I don't see how a dash character could even be in the password since all the candidate characters come from:
string.ascii_letters + string.digits + '.''
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.
What is the exact version of python-lib389 that is on your system? I suspect this is already fixed but not in the current F30 release of 389.
Metadata Update from @mreynolds: - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None
Installing : 389-ds-base-1.4.1.2-2.fc30.x86_64 339/365
It is the last one available for F30: https://koji.fedoraproject.org/koji/buildinfo?buildID=1240368
It looks like it is fixed already with commit 223846d in master and 389-ds-base-1.4.0 branch. Let's close it when a new build will be available in F30.
389-ds-base-1.4.0
389-ds-base-1.4.1.3-1.fc30 is in testing:
https://koji.fedoraproject.org/koji/taskinfo?taskID=35035974
Closing ticket...
Metadata Update from @mreynolds: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3450
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.