#3867 after ipa-server-install --uninstall on a replica, ipa-ca.$DOMAIN name not updated.
Closed: Fixed None Opened 10 years ago by rcritten.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 998069

Description of problem:
uninstall of ipa-server on a IPA replica does not remove the replica from the
ipa-ca.$DOMAIN dns entry.

Version-Release number of selected component (if applicable):
RHEL-7.0-20130815.n.0

How reproducible:
always

Steps to Reproduce:
On Master
1. /usr/sbin/ipa-server-install --setup-dns --forwarder=<DNS forwarder>
--hostname=<MASTER hostname> -r TESTRELM.COM -n testrelm.com -p Secret123 -P
Secret123 -a Secret123 -U
2. ipa-replica-prepare --ip-address=<IP of replica>  <hostname of replica>
3. Copy GPG file to replica server

On Slave
4. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p
Secret123 /tmp/<replica-file>.testrelm.com.gpg
5. ipa-replica-install -U --setup-dns --forwarder=10.11.5.19 -w Secret123 -p
Secret123 /tmp/replica-info-ipaqavmd.testrelm.com.gpg
6. dig ipa-ca.$DOMAIN

Actual results:
After uninstall of replica, the answer section still contains the replica:
;; ANSWER SECTION:
ipa-ca.testrelm.com.    86400   IN      A       10.16.98.181
ipa-ca.testrelm.com.    86400   IN      A       10.16.98.180

Expected results:
The name should not contain 10.16.98.181 as it's the IP for a uninstalled
replica.

Additional info:

Removal of the ipa-ca name is (or should be) done by the ipa-replica-manage tool when replication agreements are severed.

The propoer way to 'fix' this bug is probably to warn the user there are still replication agreements in place and that the user should remove them first.

Then make sure ipa-replica-manage delete/cleanup does properly remove the DNS record if present.

I just found out that this patch causes a crash in uninstallation when the DS is not reachable:

# ipa-server-install --uninstall --unattended
[Errno 2] No such file or directory

Exception:

ipa         : DEBUG      File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 622, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 626, in main
    conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)

  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1744, in do_external_bind
    self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)

  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1730, in __bind_with_wait
    self.__wait_for_connection(timeout)

  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1716, in __wait_for_connection
    wait_for_open_socket(lurl.hostport, timeout)

  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1115, in wait_for_open_socket
    raise e

ipa         : DEBUG    The ipa-server-install command failed, exception: error: [Errno 2] No such file or directory
[Errno 2] No such file or directory

This check should not cause a crash of the entire uninstallation. It should rather just warn that it could not contact the DS to run the check.

Thanks for catching this, I sent a fix to the freeipa-devel list.

Moving to next month milestone.

Metadata Update from @rcritten:
- Issue assigned to akrivoka
- Issue set to the milestone: FreeIPA 3.3.x - 2013/09 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata