freeipa

Clone
Source Code
GIT

#4727 server uninstallation after ipa-restore leaves certificates tracked by certmonger
Closed: Fixed None Opened 8 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Reproduction:

  • install ipa server
  • backup
  • uninstall
  • install
  • restore
  • uninstall

Reproducible both on RHEL and Fedora.

ipa-server-install --uninstall -U
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
Unconfiguring CA
Unconfiguring named
Unconfiguring ipa-dnskeysyncd
Unconfiguring web server
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
ipa         : ERROR    Failed to get request: Criteria expected to be met by 1 request, got 2.
ipa         : ERROR    certmonger failed to stop tracking certificate: Criteria expected to be met by 1 request, got 2.
WARNING: Could not set SELinux booleans: samba_portmapper=None
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
ipa         : ERROR    Some certificates may still be tracked by certmonger.
This will cause re-installation to fail.
Start the certmonger service and list the certificates being tracked
 # getcert list
These may be untracked by executing
 # getcert stop-tracking -i <request_id>
for each id in: 20141113173837, 20141113173838, 20141113173839, 20141113173840, 20141113173842, 20141114172515, 20141114172516, 20141114172517, 20141114172518, 20141114172520, 20141113173841, 20141113173926, 20141114172519, 20141114172607

Also I see some weird lines in iparestore.log:

a lot of:
[14/Nov/2014:18:34:30 +0100] entryrdn-index - _entryrdn_index_read: Suffix "o=ipaca" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[14/Nov/2014:18:34:30 +0100] entryrdn-index - _entryrdn_index_read: Suffix "o=ipaca" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)

in INFO Restoring from ipaca in step

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=951581 (Red Hat Enterprise Linux 7)

master:

  • aa9ecb2 Stop tracking certificates before restoring them in ipa-restore

ipa-4-1:

  • 66db7b9 Stop tracking certificates before restoring them in ipa-restore

Metadata Update from @pvoborni:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.1.2
6 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
pvoborni
None
https://bugzilla.redhat.com/show_bug.cgi?id=951581
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.