From c64030a357401467d74e77d610d3bc268412220d Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Tue, 16 Oct 2018 13:58:00 -0400

Subject: [PATCH] Remove the authselect profile warning if sssd was not

 configured.

On a plain uninstall there should not be a bunch of confusing

warning/error messages.

Related to https://pagure.io/freeipa/issue/7729

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

Reviewed-By: Christian Heimes <cheimes@redhat.com>

---

 ipatests/test_integration/test_authselect.py | 1 -

 1 file changed, 1 deletion(-)

diff --git a/ipatests/test_integration/test_authselect.py b/ipatests/test_integration/test_authselect.py

index 5eb3fdbf02..5ce56fa21e 100644

--- a/ipatests/test_integration/test_authselect.py

+++ b/ipatests/test_integration/test_authselect.py

@@ -136,7 +136,6 @@ def test_uninstall_client_no_preconfigured_profile(self):

         # by default

         result = self._uninstall_client()

         assert result.returncode == 0

-        assert self.msg_warn_uninstall in result.stderr_text

         check_authselect_profile(self.client, default_profile)

     def test_install_client_preconfigured_profile(self):

From ec5e821f05cbc20517af6c9578e813f1963a9e8c Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Wed, 10 Oct 2018 14:07:33 -0400

Subject: [PATCH] Fix misleading errors during client install rollback

Some incorrect errors are possible if a client installation

fails and a configuration rollback is required.

These include:

1. Unconfigured automount client failed: CalledProcessError(Command

['/usr/sbin/ipa-client-automount', '--uninstall', '--debug']

returned non-zero exit status 1: '')

Caused by check_client_configuration() not returning the correct

return value (2).

2. WARNING: Unable to revert to the pre-installation state ('authconfig'

tool has been deprecated in favor of 'authselect'). The default sssd

profile will be used instead.

The authconfig arguments would have been: authconfig --disableldap

--disablekrb5 --disablesssdauth --disablemkhomedir

If installation fails before SSSD is configured there is no state

to roll back to. Detect this condition.

3. An error occurred while removing SSSD's cache.Please remove the

cache manually by executing sssctl cache-remove -o.

Again, if SSSD is not configured yet then there is no cache to

remove. Also correct the missing space after the period.

https://pagure.io/freeipa/issue/7729

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

Reviewed-By: Christian Heimes <cheimes@redhat.com>

---

 ipaclient/install/client.py                   | 18 ++++++-----

 ipalib/util.py                                |  5 +++-

 ipaplatform/redhat/authconfig.py              |  2 +-

 .../test_replica_promotion.py                 | 30 +++++++++++++++++++

 4 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py

index 0dcd1ec744..05255fe61b 100644

--- a/ipaclient/install/client.py

+++ b/ipaclient/install/client.py

@@ -3284,13 +3284,14 @@ def uninstall(options):

     remove_file(paths.SSSD_MC_GROUP)

     remove_file(paths.SSSD_MC_PASSWD)

-    try:

-        run([paths.SSSCTL, "cache-remove", "-o", "--stop", "--start"])

-    except Exception:

-        logger.info(

-            "An error occurred while removing SSSD's cache."

-            "Please remove the cache manually by executing "

-            "sssctl cache-remove -o.")

+    if was_sssd_installed:

+        try:

+            run([paths.SSSCTL, "cache-remove", "-o", "--stop", "--start"])

+        except Exception:

+            logger.info(

+                "An error occurred while removing SSSD's cache."

+                "Please remove the cache manually by executing "

+                "sssctl cache-remove -o.")

     if ipa_domain:

         sssd_domain_ldb = "cache_" + ipa_domain + ".ldb"

@@ -3354,7 +3355,8 @@ def uninstall(options):

     # SSSD was not installed before our installation, and no other domains

     # than IPA are configured in sssd.conf - make sure config file is removed

-    elif not was_sssd_installed and not was_sssd_configured:

+    elif not was_sssd_installed and not was_sssd_configured \

+            and os.path.exists(paths.SSSD_CONF):

         try:

             os.rename(paths.SSSD_CONF, paths.SSSD_CONF_DELETED)

         except OSError:

diff --git a/ipalib/util.py b/ipalib/util.py

index 3e8fab49d6..68857baec7 100644

--- a/ipalib/util.py

+++ b/ipalib/util.py

@@ -1125,11 +1125,14 @@ def ensure_krbcanonicalname_set(ldap, entry_attrs):

 def check_client_configuration():

     """

     Check if IPA client is configured on the system.

+

+    Hardcode return code to avoid recursive imports

     """

     if (not os.path.isfile(paths.IPA_DEFAULT_CONF) or

             not os.path.isdir(paths.IPA_CLIENT_SYSRESTORE) or

             not os.listdir(paths.IPA_CLIENT_SYSRESTORE)):

-        raise ScriptError('IPA client is not configured on this system')

+        raise ScriptError('IPA client is not configured on this system',

+                          2)  # CLIENT_NOT_CONFIGURED

 def check_principal_realm_in_trust_namespace(api_instance, *keys):

diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py

index ab3775e9e9..e456d9ec6e 100644

--- a/ipaplatform/redhat/authconfig.py

+++ b/ipaplatform/redhat/authconfig.py

@@ -141,7 +141,7 @@ def configure(self, sssd, mkhomedir, statestore, sudo=True):

     def unconfigure(

         self, fstore, statestore, was_sssd_installed, was_sssd_configured

     ):

-        if not statestore.has_state('authselect'):

+        if not statestore.has_state('authselect') and was_sssd_installed:

             logger.warning(

                 "WARNING: Unable to revert to the pre-installation state "

                 "('authconfig' tool has been deprecated in favor of "

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py

index 265cbfb139..7803c34dcc 100644

--- a/ipatests/test_integration/test_replica_promotion.py

+++ b/ipatests/test_integration/test_replica_promotion.py

@@ -207,6 +207,36 @@ def test_upcase_client_domain(self):

         assert(result1.returncode == 0), (

             'Failed to promote the client installed with the upcase domain name')

+    def test_client_rollback(self):

+        """Test that bogus error msgs are not in output on rollback.

+

+           FIXME: including in this suite to avoid setting up a

+                  master just to test a client install failure. If

+                  a pure client install suite is added this can be

+                  moved.

+

+           Ticket https://pagure.io/freeipa/issue/7729

+        """

+        client = self.replicas[0]

+

+        # Cleanup previous run

+        client.run_command(['ipa-server-install',

+                            '--uninstall', '-U'], raiseonerr=False)

+

+        result = client.run_command(['ipa-client-install', '-U',

+                                     '--server', self.master.hostname,

+                                     '--domain', client.domain.name,

+                                     '-w', 'foo'], raiseonerr=False)

+

+        assert(result.returncode == 1)

+

+        assert("Unconfigured automount client failed" not in

+               result.stdout_text)

+

+        assert("WARNING: Unable to revert" not in result.stdout_text)

+

+        assert("An error occurred while removing SSSD" not in

+               result.stdout_text)

 class TestRenewalMaster(IntegrationTest):

From db960e32f155412c34807e204add4858090d3e94 Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Tue, 16 Oct 2018 14:07:25 -0400

Subject: [PATCH] Collect the client and server uninstall logs in tests

When running the integration tests capture the uninstallation

logs as well as the installation logs.

Reviewed-By: Christian Heimes <cheimes@redhat.com>

---

 ipatests/pytest_ipa/integration/tasks.py | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py

index f0c61381b6..620ed28c96 100644

--- a/ipatests/pytest_ipa/integration/tasks.py

+++ b/ipatests/pytest_ipa/integration/tasks.py

@@ -69,11 +69,12 @@ def setup_server_logs_collecting(host):

     # IPA install logs

     host.collect_log(paths.IPASERVER_INSTALL_LOG)

+    host.collect_log(paths.IPASERVER_UNINSTALL_LOG)

     host.collect_log(paths.IPACLIENT_INSTALL_LOG)

+    host.collect_log(paths.IPACLIENT_UNINSTALL_LOG)

     host.collect_log(paths.IPAREPLICA_INSTALL_LOG)

     host.collect_log(paths.IPAREPLICA_CONNCHECK_LOG)

     host.collect_log(paths.IPAREPLICA_CA_INSTALL_LOG)

-    host.collect_log(paths.IPACLIENT_INSTALL_LOG)

     host.collect_log(paths.IPASERVER_KRA_INSTALL_LOG)

     host.collect_log(paths.IPA_CUSTODIA_AUDIT_LOG)