Discussion:
[Freeipa-users] FreeIPA 4.3.1 ipa-replica-install wrong exit code?
Diogenes S. Jesus
2017-02-22 23:17:23 UTC
Permalink
We are ansible-playbooking FreeIPA and we don't want to care about if
freeipa is installed, we just want to ignore errors if it already is - but
for that the exit code is relevant.
Either the return code is wrong in the code or in the manual - according to
the manual, it should be 3, but it's currently 1.


***@ipa02:~$ sudo -i
***@ipa02:~# http_proxy='' https_proxy='' ipa-replica-install
--dirsrv-cert-file=/etc/ssl/private/ipa02.dev.pfx
--http-cert-file=/etc/ssl/private/ipa02.dev.pfx --dirsrv-pin=export
--http-pin=export
ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA server is
already configured on this system.
If you want to reinstall the IPA server, please uninstall it first using
'ipa-server-install --uninstall'.
ipa.ipapython.install.cli.install_tool(Replica): ERROR The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information

***@ipa02:~# echo $?
1

***@ipa02:~# cat /var/log/ipareplica-install.log
2017-02-22T22:49:45Z DEBUG Logging to /var/log/ipareplica-install.log
2017-02-22T22:49:45Z DEBUG ipa-replica-install was invoked with arguments
[] and options: {'no_dns_sshfp': None, 'skip_schema_check': None,
'setup_kra': None, 'ip_addresses': None, 'mkhomedir': None, 'no_pkinit':
None, 'http_cert_files': ['/etc/ssl/private/ipa02.dev.pfx'], 'no_ntp':
None, 'verbose': False, 'no_forwarders': None, 'keytab': None,
'ssh_trust_dns': None, 'domain_name': None, 'http_cert_name': None,
'dirsrv_cert_files': ['/etc/ssl/private/ipa02.dev.pfx'],
'no_dnssec_validation': None, 'no_reverse': None, 'pkinit_cert_files':
None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None,
'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None,
'dirsrv_config_file': None, 'forwarders': None, 'pkinit_cert_name': None,
'setup_ca': None, 'realm_name': None, 'skip_conncheck': None, 'no_ssh':
None, 'dirsrv_cert_name': None, 'quiet': False, 'server': None,
'setup_dns': None, 'host_name': None, 'log_file': None, 'reverse_zones':
None, 'allow_zone_overlap': None}
2017-02-22T22:49:45Z DEBUG IPA version 4.3.1
2017-02-22T22:49:45Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-02-22T22:49:45Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-02-22T22:49:45Z DEBUG httpd is configured
2017-02-22T22:49:45Z DEBUG kadmin is configured
2017-02-22T22:49:45Z DEBUG dirsrv is configured
2017-02-22T22:49:45Z DEBUG pki-tomcatd is not configured
2017-02-22T22:49:45Z DEBUG install is not configured
2017-02-22T22:49:45Z DEBUG krb5kdc is configured
2017-02-22T22:49:45Z DEBUG ntpd is configured
2017-02-22T22:49:45Z DEBUG named is not configured
2017-02-22T22:49:45Z DEBUG ipa_memcached is configured
2017-02-22T22:49:45Z DEBUG filestore has files
2017-02-22T22:49:45Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in
execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line
318, in run
cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
308, in run
self.validate()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
317, in validate
for nothing in self._validator():
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
564, in _configure
next(validator)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line
63, in _install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 1650, in main
promote_check(self)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 375, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 397, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 952, in promote_check
sys.exit("IPA server is already configured on this system.\n"

2017-02-22T22:49:45Z DEBUG The ipa-replica-install command failed,
exception: SystemExit: IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first using
'ipa-server-install --uninstall'.
2017-02-22T22:49:45Z ERROR IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first using
'ipa-server-install --uninstall'.
2017-02-22T22:49:45Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information

------

For those looking for a workaround meanwhile do:

python -c 'import sys; from ipaserver.install.installutils import
is_ipa_configured; sys.exit(is_ipa_configured())'


As proposed here: https://fedorahosted.org/freeipa/ticket/4884

Dio
Martin Basti
2017-02-23 07:30:46 UTC
Permalink
Post by Diogenes S. Jesus
We are ansible-playbooking FreeIPA and we don't want to care about if
freeipa is installed, we just want to ignore errors if it already is -
but for that the exit code is relevant.
Either the return code is wrong in the code or in the manual -
according to the manual, it should be 3, but it's currently 1.
--dirsrv-cert-file=/etc/ssl/private/ipa02.dev.pfx
--http-cert-file=/etc/ssl/private/ipa02.dev.pfx --dirsrv-pin=export
--http-pin=export
ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA server is
already configured on this system.
If you want to reinstall the IPA server, please uninstall it first
using 'ipa-server-install --uninstall'.
ipa.ipapython.install.cli.install_tool(Replica): ERROR The
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
1
2017-02-22T22:49:45Z DEBUG Logging to /var/log/ipareplica-install.log
2017-02-22T22:49:45Z DEBUG ipa-replica-install was invoked with
None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': None,
['/etc/ssl/private/ipa02.dev.pfx'], 'no_ntp': None, 'verbose': False,
'no_forwarders': None, 'keytab': None, 'ssh_trust_dns': None,
['/etc/ssl/private/ipa02.dev.pfx'], 'no_dnssec_validation': None,
'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False,
'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None,
'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None,
'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': None,
'realm_name': None, 'skip_conncheck': None, 'no_ssh': None,
None, 'host_name': None, 'log_file': None, 'reverse_zones': None,
'allow_zone_overlap': None}
2017-02-22T22:49:45Z DEBUG IPA version 4.3.1
2017-02-22T22:49:45Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-02-22T22:49:45Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-02-22T22:49:45Z DEBUG httpd is configured
2017-02-22T22:49:45Z DEBUG kadmin is configured
2017-02-22T22:49:45Z DEBUG dirsrv is configured
2017-02-22T22:49:45Z DEBUG pki-tomcatd is not configured
2017-02-22T22:49:45Z DEBUG install is not configured
2017-02-22T22:49:45Z DEBUG krb5kdc is configured
2017-02-22T22:49:45Z DEBUG ntpd is configured
2017-02-22T22:49:45Z DEBUG named is not configured
2017-02-22T22:49:45Z DEBUG ipa_memcached is configured
2017-02-22T22:49:45Z DEBUG filestore has files
2017-02-22T22:49:45Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171,
in execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py",
line 318, in run
cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 308, in run
self.validate()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 317, in validate
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 564, in _configure
next(validator)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py",
line 63, in _install
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 1650, in main
promote_check(self)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 375, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 397, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 952, in promote_check
sys.exit("IPA server is already configured on this system.\n"
2017-02-22T22:49:45Z DEBUG The ipa-replica-install command failed,
exception: SystemExit: IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first
using 'ipa-server-install --uninstall'.
2017-02-22T22:49:45Z ERROR IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first
using 'ipa-server-install --uninstall'.
2017-02-22T22:49:45Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
------
python -c 'import sys; from ipaserver.install.installutils import
is_ipa_configured; sys.exit(is_ipa_configured())'
As proposed here: https://fedorahosted.org/freeipa/ticket/4884
Dio
Hello,

return code 1 is expected for already installed server. Return code 3 on
replica is somehow special it doesn't mean that replica is already
installed but more or less issues that may happen during replica
installation.

If you think that we should return an extra return code for "IPA already
installed", please file a RFE ticket.
https://fedorahosted.org/freeipa/newticket

Martin
Standa Laznicka
2017-02-23 08:25:18 UTC
Permalink
Post by Martin Basti
Post by Diogenes S. Jesus
We are ansible-playbooking FreeIPA and we don't want to care about if
freeipa is installed, we just want to ignore errors if it already is
- but for that the exit code is relevant.
Either the return code is wrong in the code or in the manual -
according to the manual, it should be 3, but it's currently 1.
--dirsrv-cert-file=/etc/ssl/private/ipa02.dev.pfx
--http-cert-file=/etc/ssl/private/ipa02.dev.pfx --dirsrv-pin=export
--http-pin=export
ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA server is
already configured on this system.
If you want to reinstall the IPA server, please uninstall it first
using 'ipa-server-install --uninstall'.
ipa.ipapython.install.cli.install_tool(Replica): ERROR The
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
1
2017-02-22T22:49:45Z DEBUG Logging to /var/log/ipareplica-install.log
2017-02-22T22:49:45Z DEBUG ipa-replica-install was invoked with
None, 'setup_kra': None, 'ip_addresses': None, 'mkhomedir': None,
['/etc/ssl/private/ipa02.dev.pfx'], 'no_ntp': None, 'verbose': False,
'no_forwarders': None, 'keytab': None, 'ssh_trust_dns': None,
['/etc/ssl/private/ipa02.dev.pfx'], 'no_dnssec_validation': None,
'no_reverse': None, 'pkinit_cert_files': None, 'unattended': False,
'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None,
'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None,
'forwarders': None, 'pkinit_cert_name': None, 'setup_ca': None,
'realm_name': None, 'skip_conncheck': None, 'no_ssh': None,
'dirsrv_cert_name': None, 'quiet': False, 'server': None,
'setup_dns': None, 'host_name': None, 'log_file': None,
'reverse_zones': None, 'allow_zone_overlap': None}
2017-02-22T22:49:45Z DEBUG IPA version 4.3.1
2017-02-22T22:49:45Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-02-22T22:49:45Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-02-22T22:49:45Z DEBUG httpd is configured
2017-02-22T22:49:45Z DEBUG kadmin is configured
2017-02-22T22:49:45Z DEBUG dirsrv is configured
2017-02-22T22:49:45Z DEBUG pki-tomcatd is not configured
2017-02-22T22:49:45Z DEBUG install is not configured
2017-02-22T22:49:45Z DEBUG krb5kdc is configured
2017-02-22T22:49:45Z DEBUG ntpd is configured
2017-02-22T22:49:45Z DEBUG named is not configured
2017-02-22T22:49:45Z DEBUG ipa_memcached is configured
2017-02-22T22:49:45Z DEBUG filestore has files
2017-02-22T22:49:45Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171,
in execute
return_value = self.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py",
line 318, in run
cfgr.run()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 308, in run
self.validate()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 317, in validate
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 564, in _configure
next(validator)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File
"/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line
63, in _install
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 1650, in main
promote_check(self)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 375, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 397, in decorated
func(installer)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/replicainstall.py",
line 952, in promote_check
sys.exit("IPA server is already configured on this system.\n"
2017-02-22T22:49:45Z DEBUG The ipa-replica-install command failed,
exception: SystemExit: IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first
using 'ipa-server-install --uninstall'.
2017-02-22T22:49:45Z ERROR IPA server is already configured on this system.
If you want to reinstall the IPA server, please uninstall it first
using 'ipa-server-install --uninstall'.
2017-02-22T22:49:45Z ERROR The ipa-replica-install command failed.
See /var/log/ipareplica-install.log for more information
------
python -c 'import sys; from ipaserver.install.installutils import
is_ipa_configured; sys.exit(is_ipa_configured())'
As proposed here: https://fedorahosted.org/freeipa/ticket/4884
Dio
Hello,
return code 1 is expected for already installed server. Return code 3
on replica is somehow special it doesn't mean that replica is already
installed but more or less issues that may happen during replica
installation.
If you think that we should return an extra return code for "IPA
already installed", please file a RFE ticket.
https://fedorahosted.org/freeipa/newticket
Martin
Hello,

Thank you for raising your concern. The documentation there is quite
puzzling from what I see, it should say that 3 is returned when the host
with such a hostname already exists in the topology or when the remote
server has a replication agreement to this host (the doc is completely
wrong there). This does not imply replica is already installed on the
given server.

While I was going through the code, I found quite some more cases where
3 would be returned. So my advice is - check whether the returned value
is not 0. I believe we should deprecate rval 3 as it is bound to only
cause more confusion. If the installation failed, you need to go
checking the logs anyway, right?

HTH,
Standa

Loading...