there is additional info in the bugzilla
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1232819
Description of problem: I did an ipa-server-install, added a few users, then did a full ipa-backup. I then did an ipa-server-install --uninstall followed by an ipa-restore. It worked. I re-kickstarted the system ensuring that the ipa-server package was installed. I then ran the ipa-restore again. This time, the restore failed because /var/log/dirsrv did not exist. In fact, just to point out that directly after kickstart, the dirsrv user and dirsrv group didn't exist yet. They seem to get added when running ipa-restore. I created /var/log/dirsrv, and made it owned by dirsrv:dirsrv but then there was an issue because /var/log/dirsrv/slapd-EECS-YORKU-CA (domain dir) didn't exist. I created it, but then there was an additional issue because the server had a permission denied error when writing to /var/log/dirsrv/slapd-EECS-YORKU-CA (even though they were all owned by dirsrv:dirsrv). This is most certainly an SELinux issue. I rekickstarted the system with SELinux permissive. Again after running ipa-restore, there was the error about /var/log/dirsrv not existing. Again, I created it, and the internal slapd and everything worked. I would certainly expect that ipa-restore is able to complete the restore process without assistance running SELinux in permissive or enforcing mode. (It's surprising because I did notice some SELinux fixes made not that long ago. I would have thought that with the fixes, everything would work.) How reproducible: ipa-server-install ipa-backup re-kickstart ipa-restore
So it seems that the authconfig needs to be run during restore so that PAM changes are applied. This is strange, however. I thought that in the previous Fedoras, SSSD was added to nsswitch and PAM by default. I do not see it there now.
Raising priority.
named-pkcs11 failed to start as well.
(gdb) bt #0 0x00007fae5f665a98 in raise () from /lib64/libc.so.6 #1 0x00007fae5f66772a in abort () from /lib64/libc.so.6 #2 0x00007fae62d6e459 in assertion_failed () #3 0x00007fae622aad6a in isc_assertion_failed () from /lib64/libisc-pkcs11.so.148 #4 0x00007fae622d7d3d in isc_entropy_getdata () from /lib64/libisc-pkcs11.so.148 #5 0x00007fae62d53825 in create_view () #6 0x00007fae62d89735 in load_configuration () #7 0x00007fae62d8b158 in run_server () #8 0x00007fae622cd030 in run () from /lib64/libisc-pkcs11.so.148 #9 0x00007fae60480555 in start_thread () from /lib64/libpthread.so.0 #10 0x00007fae5f732f3d in clone () from /lib64/libc.so.6
master:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.