#9516 Nightly test failure (389ds) in test_backup_and_restore_TestUserRootFilesOwnershipPermission
Closed: fixed a year ago by frenaud. Opened a year ago by frenaud.

The nightly test test_integration/test_backup_and_restore.py::TestUserRootFilesOwnershipPermission::test_userroot_ldif_files_ownership_and_permission is failing when executed with the copr repository @389ds/389-ds-base-nightly. This repo provides the source code enabling LMDB backend instead of Berkeley DB.

Example of test failure in the nightly PR #3326 with the following logs and report:

E           subprocess.CalledProcessError: Command '['stat', '-c', '%U:%G:%a', '/var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-ipaca.ldif']' returned non-zero exit status 1.

Test scenario:
- install IPA server with an embedded CA
- call ipa-backup
- uninstall the server
- call ipa-restore
- ensure that there is a file /var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-ipaca.ldif

The ipa-backup command does not backup the ipaca backend (it only picks the userRoot backend):

ipaserver.install.ipa_backup: INFO: Backing up userRoot in IPA-TEST to LDIF
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/sbin/dsctl', 'IPA-TEST', 'db2ldif', '--replication', 'userRoot', '/var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-userRoot.ldif']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=db2ldif successful

ipapython.ipautil: DEBUG: stderr=ldiffile: /var/lib/dirsrv/slapd-IPA-TEST/ldif/IPA-TEST-userRoot.ldif

ipaserver.install.ipa_backup: INFO: Backing up IPA-TEST
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/sbin/dsctl', 'IPA-TEST', 'db2bak', '/var/lib/dirsrv/slapd-IPA-TEST/bak/IPA-TEST']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=db2bak successful

This is because the code relies on the presence of /var/lib/dirsrv/slapd-IPA-TEST/db/ipaca but this file does not exist any more with LMDB:
https://pagure.io/freeipa/blob/3645543670562f9c7c0b9ac04721f146844e07de/f/ipaserver/install/ipa_backup.py#_338-344

            if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
                              instance):
                if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
                                  (instance, 'ipaca')):
                    self.db2ldif(instance, 'ipaca', online=options.online)
                self.db2ldif(instance, 'userRoot', online=options.online)
                self.db2bak(instance, online=options.online)

The code needs to find another mechanism to check if the ipaca backend exists.


FYI:
If you need to detect the presence of ipaca backend, I suggest to use the same method that we use in 389ds CI tests (both for bdb and lmdb database) :
Run 'dbscan -L /var/lib/dirsrv/slapd-IPA-TEST/db' and check that /var/lib/dirsrv/slapd-IPA-TEST/db/ipaca/ is in the output

FYI: lib389 has an utility function to help doing that:
from lib389.cli_ctl.dblib import run_dbscan
output = run_dbscan(['-L', '/var/lib/dirsrv/slapd-supplier1/db'])
assert '/var/lib/dirsrv/slapd-supplier1/db/userroot/' in output

If you want to check the database files permission, the files to checks are:
/var/lib/dirsrv/slapd-IPA-TEST/db/data.mdb
/var/lib/dirsrv/slapd-IPA-TEST/db/INFO.mdb
/var/lib/dirsrv/slapd-IPA-TEST/db/lock.mdb

Metadata Update from @frenaud:
- Issue assigned to frenaud

a year ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7192

a year ago

master:

  • 677d308 ipa-backup: adapt for 389ds switch to LMDB

ipa-4-11:

  • 22ec636 ipa-backup: adapt for 389ds switch to LMDB

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Log in to comment on this ticket.

Metadata