freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

#2827 ipa-client-install crashes when sssd restart fails

Created 5 years ago by mkosek
Modified a year ago

https://bugzilla.redhat.com/show_bug.cgi?id=827162 (Red Hat Enterprise Linux 6)

Description of problem:

Automation seems to always have a crash, but doing it manually, it is not
always crashing.

Sequence of events:
Install ipa-client using --preserve-sssd (attaching what sssd.conf and
krb5.conf looked like before install)
Uninstall

And the crash is as seen below:

Install:
# ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM  -p admin -w
Secret123 -U --server=qe-blade-05.testrelm.com --preserve-sssd
Discovery was successful!
Hostname: ipaqa64vmb.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm.com
IPA Server: qe-blade-05.testrelm.com
BaseDN: dc=testrelm,dc=com


Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.

Enrolled in IPA realm TESTRELM.COM
Created /etc/ipa/default.conf
Unable to activate the SSH service in SSSD config.
Please make sure you have SSSD built with SSH support installed.
Configure SSH support manually in /etc/sssd/sssd.conf.
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.COM
Warning: Hostname (ipaqa64vmb.testrelm.com) not found in DNS
DNS server record set to: ipaqa64vmb.testrelm.com -> 10.16.98.183
SSSD enabled
NTP enabled
Client configuration complete.

Uninstall:
# ipa-client-install --uninstall
Unenrolling client from IPA server
Unenrolling host failed: Error obtaining initial credentials: Preauthentication
failed.

Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Restoring client configuration files
The original configuration of SSSD included other domains than IPA-based one.
Original configuration file is restored, restarting SSSD service.
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1558, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1538, in main
    return uninstall(options, env)
  File "/usr/sbin/ipa-client-install", line 409, in uninstall
    sssd.restart()
  File "/usr/lib/python2.6/site-packages/ipapython/platform/redhat.py", line
47, in restart
    ipautil.run(["/sbin/service", self.service_name, "restart", instance_name],
capture_output=capture_output)
  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 291, in
run
    raise CalledProcessError(p.returncode, args)
subprocess.CalledProcessError: Command '/sbin/service sssd restart ' returned
non-zero exit status 1


Version-Release number of selected component (if applicable):
ipa-client-2.2.0-16.el6.x86_64

How reproducible:
not always

Steps to Reproduce:
1. As indicated above

Actual results:
uninstall crashes

Expected results:
uninstall successfully

Additional info:

This ticket handle the sssd restart more gracefully.

This is a good candidate to start learning FreeIPA.

a year ago

Metadata Update from @mkosek:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.0 Beta 2

Login to comment on this ticket.

defect

IPA

1

https://bugzilla.redhat.com/show_bug.cgi?id=827162

cancel