The nightly test test_integration/test_backup_and_restore.py::TestUserRootFilesOwnershipPermission::test_userroot_ldif_files_ownership_and_permission is failing when executed with the copr repository @389ds/389-ds-base-nightly. This repo provides the source code enabling LMDB backend instead of Berkeley DB.
test_integration/test_backup_and_restore.py::TestUserRootFilesOwnershipPermission::test_userroot_ldif_files_ownership_and_permission
Example of test failure in the nightly PR #3326 with the following logs and report:
E subprocess.CalledProcessError: Command '['stat', '-c', '%U:%G:%a', '/var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-ipaca.ldif']' returned non-zero exit status 1.
Test scenario: - install IPA server with an embedded CA - call ipa-backup - uninstall the server - call ipa-restore - ensure that there is a file /var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-ipaca.ldif
/var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-ipaca.ldif
The ipa-backup command does not backup the ipaca backend (it only picks the userRoot backend):
ipaserver.install.ipa_backup: INFO: Backing up userRoot in IPA-TEST to LDIF ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/usr/sbin/dsctl', 'IPA-TEST', 'db2ldif', '--replication', 'userRoot', '/var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-userRoot.ldif'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout=db2ldif successful ipapython.ipautil: DEBUG: stderr=ldiffile: /var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-userRoot.ldif ipaserver.install.ipa_backup: INFO: Backing up IPA-TEST ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/usr/sbin/dsctl', 'IPA-TEST', 'db2bak', '/var/lib/dirsrv/slapd-IPA-TEST/bak/IPA-TEST'] ipapython.ipautil: DEBUG: Process finished, return code=0 ipapython.ipautil: DEBUG: stdout=db2bak successful
This is because the code relies on the presence of /var/lib/dirsrv/slapd-IPA-TEST/db/ipaca but this file does not exist any more with LMDB: https://pagure.io/freeipa/blob/3645543670562f9c7c0b9ac04721f146844e07de/f/ipaserver/install/ipa_backup.py#_338-344
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE % (instance, 'ipaca')): self.db2ldif(instance, 'ipaca', online=options.online) self.db2ldif(instance, 'userRoot', online=options.online) self.db2bak(instance, online=options.online)
The code needs to find another mechanism to check if the ipaca backend exists.
FYI: If you need to detect the presence of ipaca backend, I suggest to use the same method that we use in 389ds CI tests (both for bdb and lmdb database) : Run 'dbscan -L /var/lib/dirsrv/slapd-IPA-TEST/db' and check that /var/lib/dirsrv/slapd-IPA-TEST/db/ipaca/ is in the output
FYI: lib389 has an utility function to help doing that: from lib389.cli_ctl.dblib import run_dbscan output = run_dbscan(['-L', '/var/lib/dirsrv/slapd-supplier1/db']) assert '/var/lib/dirsrv/slapd-supplier1/db/userroot/' in output
If you want to check the database files permission, the files to checks are: /var/lib/dirsrv/slapd-IPA-TEST/db/data.mdb /var/lib/dirsrv/slapd-IPA-TEST/db/INFO.mdb /var/lib/dirsrv/slapd-IPA-TEST/db/lock.mdb
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7192
master:
ipa-4-11:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.