Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1353927 - pkispawn calls dnsdomainname even if it does not rpm-require hostname
Summary: pkispawn calls dnsdomainname even if it does not rpm-require hostname
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 7.3
Assignee: RHCS Maintainers
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-08 12:37 UTC by Jan Pazdziora
Modified: 2016-11-04 05:26 UTC (History)
2 users (show)

Fixed In Version: pki-core-10.3.3-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 05:26:06 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2396 normal SHIPPED_LIVE pki-core bug fix and enhancement update 2016-11-03 13:55:03 UTC

Description Jan Pazdziora 2016-07-08 12:37:46 UTC
Description of problem:

Running ipa-server-install in container / on minimal installation fails with

  [2/31]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpD4KOGu' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL   /var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    CA configuration failed.
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Version-Release number of selected component (if applicable):

pki-server-10.3.3-3.el7.noarch

How reproducible:

Deterministic.

Steps to Reproduce:
1. Run ipa-server-install on system / in container where package hostname is not installed.

Actual results:

ipa-server-install fails.

In the ipaserver-install.log, there is

2016-07-08T12:30:43Z DEBUG Starting external process
2016-07-08T12:30:43Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpD4KOGu
2016-07-08T12:30:43Z DEBUG Process finished, return code=1
2016-07-08T12:30:43Z DEBUG stdout=
2016-07-08T12:30:43Z DEBUG stderr=Traceback (most recent call last):
  File "/usr/sbin/pkispawn", line 802, in <module>
    main(sys.argv)
  File "/usr/sbin/pkispawn", line 92, in main
    dnsdomainname = subprocess.check_output(["dnsdomainname"])
  File "/usr/lib64/python2.7/subprocess.py", line 568, in check_output
    process = Popen(stdout=PIPE, *popenargs, **kwargs)
  File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1327, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

2016-07-08T12:30:43Z CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpD4KOGu' returned non-zero exit status 1
2016-07-08T12:30:43Z CRITICAL See the installation logs and the following files/directories for more information:
2016-07-08T12:30:43Z CRITICAL   /var/log/pki/pki-tomcat
2016-07-08T12:30:43Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation

Expected results:

If pkispawn calls dnsdomainname unconditionally, it should require rpm to get it installed.

Additional info:

Comment 2 Matthew Harmsen 2016-07-11 15:50:21 UTC
Upstream ticket:
https://fedorahosted.org/pki/ticket/2401

Comment 3 Matthew Harmsen 2016-07-11 18:50:13 UTC
Checked into 'master':
* 74182c05460e19c7b9aeb3fadb13f0135e33a58a

Comment 5 Sumedh Sidhaye 2016-08-22 05:11:30 UTC
hostname package has been added to the dependency list for pki-core.

Here is the deplist for older pki-server:

[root@ssidhaye-pki-tests-devel ~]# yum deplist pki-server
Loaded plugins: langpacks, search-disabled-repos
Repository RHCS9 is listed more than once in the configuration
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
package: pki-server.noarch 10.2.6-12.el7pki
  dependency: /bin/bash
   provider: bash.x86_64 4.2.46-19.el7
  dependency: /bin/sh
   provider: bash.x86_64 4.2.46-19.el7
  dependency: /usr/bin/python
   provider: python.x86_64 2.7.5-34.el7
  dependency: java-headless >= 1:1.7.0
   provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.65-3.b17.el7
   provider: java-1.7.0-openjdk-headless.x86_64 1:1.7.0.91-2.6.2.3.el7
  dependency: net-tools
   provider: net-tools.x86_64 2.0-0.17.20131004git.el7
  dependency: nuxwdog-client-java >= 1.0.1-11
   provider: nuxwdog-client-java.x86_64 1.0.3-2.el7
  dependency: openldap-clients
   provider: openldap-clients.x86_64 2.4.40-8.el7
  dependency: pki-base = 10.2.6-12.el7pki
   provider: pki-base.noarch 10.2.6-12.el7pki
  dependency: pki-tools = 10.2.6-12.el7pki
   provider: pki-tools.x86_64 10.2.6-12.el7pki
  dependency: policycoreutils
   provider: policycoreutils.x86_64 2.2.5-20.el7
  dependency: policycoreutils-python
   provider: policycoreutils-python.x86_64 2.2.5-20.el7
  dependency: python(abi) = 2.7
   provider: python.x86_64 2.7.5-34.el7
  dependency: selinux-policy-targeted >= 3.12.1-153
   provider: selinux-policy-targeted.noarch 3.13.1-60.el7
  dependency: shadow-utils
   provider: shadow-utils.x86_64 2:4.1.5.1-18.el7
  dependency: systemd-units
   provider: systemd.x86_64 219-19.el7
  dependency: tomcat >= 7.0.54
   provider: tomcat.noarch 7.0.54-2.el7_1
  dependency: tomcatjss >= 7.1.0-6
   provider: tomcatjss.noarch 7.1.2-1.el7
  dependency: velocity
   provider: velocity.noarch 1.7-10.el7

Here is the deplist for latest pki-server:

[root@auto-hv-02-guest01 ~]# yum deplist pki-server
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
package: pki-server.noarch 10.3.3-5.el7
  dependency: /bin/sh
   provider: bash.x86_64 4.2.46-20.el7_2
  dependency: /usr/bin/python
   provider: python.x86_64 2.7.5-48.el7
  dependency: hostname
   provider: hostname.x86_64 3.13-3.el7
  dependency: java-1.8.0-openjdk-headless
   provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.102-0.b14.el7
  dependency: net-tools
   provider: net-tools.x86_64 2.0-0.17.20131004git.el7
  dependency: nuxwdog-client-java >= 1.0.1-11
   provider: nuxwdog-client-java.x86_64 1.0.3-5.el7
  dependency: openldap-clients
   provider: openldap-clients.x86_64 2.4.40-12.el7
  dependency: pki-base = 10.3.3-5.el7
   provider: pki-base.noarch 10.3.3-5.el7
  dependency: pki-base-java = 10.3.3-5.el7
   provider: pki-base-java.noarch 10.3.3-5.el7
  dependency: pki-tools = 10.3.3-5.el7
   provider: pki-tools.x86_64 10.3.3-5.el7
  dependency: policycoreutils
   provider: policycoreutils.x86_64 2.5-6.2.el7
  dependency: policycoreutils-python
   provider: policycoreutils-python.x86_64 2.5-6.2.el7
  dependency: python(abi) = 2.7
   provider: python.x86_64 2.7.5-48.el7
  dependency: python-ldap
   provider: python-ldap.x86_64 2.4.15-2.el7
  dependency: python-lxml
   provider: python-lxml.x86_64 3.2.1-4.el7
  dependency: selinux-policy-targeted >= 3.12.1-153
   provider: selinux-policy-targeted.noarch 3.13.1-93.el7
  dependency: shadow-utils
   provider: shadow-utils.x86_64 2:4.1.5.1-24.el7
  dependency: systemd-units
   provider: systemd.x86_64 219-26.el7
  dependency: tomcat >= 7.0.69
   provider: tomcat.noarch 7.0.69-8.el7
  dependency: tomcatjss >= 7.1.2-2
   provider: tomcatjss.noarch 7.1.2-3.el7
  dependency: velocity
   provider: velocity.noarch 1.7-10.el7
[root@auto-hv-02-guest01 ~]#

Hence marking this as verified.

Comment 7 errata-xmlrpc 2016-11-04 05:26:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html


Note You need to log in before you can comment on or make changes to this bug.