Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1260663
Description of problem: During automated execution of ipa-backup/restore feature, following two crashes seen. backtrace: :ipautil.py:373:run:CalledProcessError: Command ''/usr/libexec/ipa/ipa-dnskeysync-replica'' returned non-zero exit status 1 : :Traceback (most recent call last): : File "/usr/libexec/ipa/ipa-dnskeysyncd", line 112, in <module> : while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search): : File "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 405, in syncrepl_poll : self.syncrepl_refreshdone() : File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 113, in syncrepl_refreshdone : self.hsm_replica_sync() : File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 170, in hsm_replica_sync : ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA]) : File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 373, in run : raise CalledProcessError(p.returncode, arg_string, stdout) :CalledProcessError: Command ''/usr/libexec/ipa/ipa-dnskeysync-replica'' returned non-zero exit status 1 : :Local variables in innermost frame: :p_in: None :nolog: () :suplementary_groups: [] :preexec_fn: None :arg_string: "'/usr/libexec/ipa/ipa-dnskeysync-replica'" :stdout: '' :p_out: -1 :p_err: -1 :runas: None :stdin: None :skip_output: False :timeout: None :capture_output: True :p: <subprocess.Popen object at 0x6107f10> :stderr: 'ipa: WARNING: session memcached servers not running\nipa : DEBUG Kerberos principal: ipa-dnskeysyncd/cloud-qe-3.testrelm.test\nipa : DEBUG Initializing principal ipa-dnskeysyncd/cloud-qe-3.testrelm.test using keytab /etc/ipa/dnssec/ipa-dnskeysyncd.keytab\nipa : DEBUG using ccache /tmp/ipa-dnskeysync-replica.ccache\nipa : DEBUG Attempt 1/5: success\nipa : DEBUG Got TGT\nipa : DEBUG Connecting to LDAP\nipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_46913424\nipa : DEBUG Connected\nTraceback (most recent call last):\n File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 171, in <module>\n open(paths.DNSSEC_SOFTHSM_PIN).read())\n File "/usr/lib/python2.7/site-packages/ipapython/dnssec/localhsm.py", line 97, in __init__\n self.p11 = _ipap11helper.P11_Helper(slot, pin, library)\n_ipap11helper.Error: Error at log in: 0xa0\n\nException AttributeError: "\'LocalHSM\' object has no attribute \'p11\'" in <bound method LocalHSM.__del__ of <ipapython.dnssec.localhsm.LocalHSM object at 0x47f1090>> ignored\n' :raiseonerr: True :env: {'LANG': 'en_US.UTF-8', 'SHELL': '/sbin/nologin', 'KRB5CCNAME': '/tmp/ipa-dnskeysyncd.ccache', 'LOGNAME': 'ods', 'USER': 'ods', 'SOFTHSM2_CONF': '/etc/ipa/dnssec/softhsm2.conf', 'PATH': '/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin', 'HOME': '//var/lib/softhsm'} :cwd: None :args: ['/usr/libexec/ipa/ipa-dnskeysync-replica'] And backtrace: :localhsm.py:97:__init__:Error: Error at log in: 0xa0 : : :Traceback (most recent call last): : File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 171, in <module> : open(paths.DNSSEC_SOFTHSM_PIN).read()) : File "/usr/lib/python2.7/site-packages/ipapython/dnssec/localhsm.py", line 97, in __init__ : self.p11 = _ipap11helper.P11_Helper(slot, pin, library) :Error: Error at log in: 0xa0 : : :Local variables in innermost frame: :slot: 0 :self: <ipapython.dnssec.localhsm.LocalHSM object at 0x47f1090> :library: '/usr/lib64/pkcs11/libsofthsm2.so' :pin: 'OGIfVEsRqtgbB6vQuWMzjcCcDedA1K' Version-Release number of selected component (if applicable): [root@dhcp207-229 ~]# rpm -q ipa-server ipa-server-4.2.0-8.el7.x86_64 [root@dhcp207-229 ~]# How reproducible: Always Steps to reproduce: 1. server install 2. backup 3. server uninstall 4. server install 5. restore Because server is installed, directory /var/lib/ipa/dnssec/tokens/ contains current tokens. Restore adds there new tokens, but unfortunately old tokens are not removed, new tokens are just added into directory, and this cause issues with login. Actual results: Crashes of ipa-dnskeysync-replica observed Expected results: No crash during ipa-restore process. Additional info:
master:
ipa-4-2:
Metadata Update from @mbasti: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.2.2
Login to comment on this ticket.