#4280 When certmonger is still tracking cert in ipa, uninstall fails but error does not indicate this
Closed: Fixed None Opened 10 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1081626

Description of problem:
When running test for bz817080, uninstall failed with
IOError: [Errno 2] No such file or directory:
'/var/lib/certmonger/requests//20140327164857.tmp'

In beta, had gotten error:
ipa         : ERROR    Some certificates may still be tracked by certmonger.
This will cause re-installation to fail.
Start the certmonger service and list the certificates being tracked
 # getcert list
These may be untracked by executing
 # getcert stop-tracking -i <request_id>
for each id in: 20131203201604

# ls -l /var/lib/certmonger/requests/20140327164857*
-rw-------. 1 root root 482 Mar 27 12:50
/var/lib/certmonger/requests/20140327164857

Can uninstall successfully after running  getcert stop-tracking on the certs


Version-Release number of selected component (if applicable):
ipa-server-3.3.3-25.el7.x86_64, certmonger-0.70-2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Follow steps as listed in bz817080


Actual results:
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Unconfiguring CA
Unconfiguring named
Unconfiguring web server
Unexpected error - see /var/log/ipaserver-uninstall.log for details:
IOError: [Errno 2] No such file or directory:
'/var/lib/certmonger/requests//20140327164857.tmp'



Expected results:

Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Unconfiguring CA
Unconfiguring named
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
ipa         : ERROR    Some certificates may still be tracked by certmonger.
This will cause re-installation to fail.
Start the certmonger service and list the certificates being tracked
 # getcert list
These may be untracked by executing
 # getcert stop-tracking -i <request_id>
for each id in: 20131203201604

Additional info:

from /var/log/ipaserver-uninstall.log:
2014-03-27T16:50:54Z DEBUG stderr=
2014-03-27T16:51:02Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 638,
in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 674, in main
    return uninstall()

  File "/usr/sbin/ipa-server-install", line 496, in uninstall
    httpinstance.HTTPInstance(fstore).uninstall()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
line 423, in uninstall
    self.stop_tracking_certificates()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py",
line 453, in stop_tracking_certificates
    db.untrack_server_cert(self.cert_nickname)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 548,
in untrack_server_cert
    certmonger.stop_tracking(self.secdir, nickname=nickname)

  File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 256, in
stop_tracking
    request_id = get_request_id(criteria)

  File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 104, in
get_request_id
    rv = find_request_value('%s/%s' % (REQUEST_DIR, file), key)

  File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 51, in
find_request_value
    fp = open(filename, 'r')

2014-03-27T16:51:02Z DEBUG The ipa-server-install command failed, exception:
IOError: [Errno 2] No such file or directory:
'/var/lib/certmonger/requests//20140327164857.tmp'

Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.

FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.

FreeIPA now comunicates with certmonger using D-Bus. Due to this change certmonger in version >= 0.75.13 is needed.

master:

  • 6d94cdf Use certmonger D-Bus API instead of messing with its files.

ipa-4-1:

  • 78b2a7a Use certmonger D-Bus API instead of messing with its files.

ipa-4-0:

  • ff6e43c Use certmonger D-Bus API instead of messing with its files.

Metadata Update from @mkosek:
- Issue assigned to dkupka
- Issue set to the milestone: FreeIPA 4.0.2

7 years ago

Login to comment on this ticket.

Metadata