Uploaded image for project: 'Dogtag PKI'
  1. Dogtag PKI
  2. DOGTAG-3929

pkidestroy does not clean up selinux contexts properly in HSM environment for RHCS 10.6

XMLWordPrintable

    • Moderate
    • rhel-idm-cs
    • rc
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • 0

      Description of problem:

      Version-Release number of selected component (if applicable):
      RHEL 8.8 with RHCS 10.6

      How reproducible:
      Easy and repeatable

      Steps to Reproduce:
      1. Setup HSM on a RHEL 8.8
      2. Configure RHCS with all subsystems
      3. Uninstall using pkidestroy
      4. Re-install all subsystems again

      Actual results:

      When you try to re-install the pkispawn fails with the error that file contexts are
      already defined see error below

      deployer.create_selinux_contexts()
      File \"/usr/lib/python3.6/site-packages/pki/server/deployment/_init_.py\", line 4733, in create_selinux_contexts
      config.PKI_CFG_SELINUX_CONTEXT, '', 's0', '')
      File \"/usr/lib/python3.6/site-packages/seobject.py\", line 2473, in add
      self.__add(target, type, ftype, serange, seuser)
      File \"/usr/lib/python3.6/site-packages/seobject.py\", line 2433, in __add
      raise ValueError((\"File context for %s already defined\") % target)", "stderr_lines": ["WARNING: The 'pki_ds_hostname' in [CA] has been deprecated. Use 'pki_ds_url' instead.", "WARNING: The 'pki_ds_ldap_port' in [CA] has been deprecated. Use 'pki_ds_url' instead.", "ERROR: File context for /etc/pki/topology-02-CA(/.)? already defined", "ERROR: ValueError: File context for /etc/pki/topology-02-CA(/.)? already defined", " File \"/usr/lib/python3.6/site-packages/pki/server/pkispawn.py\", line 569, in main", " deployer.spawn()", " File \"/usr/lib/python3.6/site-packages/pki/server/deployment/init.py\", line 4828, in spawn", " scriptlet.spawn(self)", " File \"/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/selinux_setup.py\", line 77, in spawn", " deployer.create_selinux_contexts()", " File \"/usr/lib/python3.6/site-packages/pki/server/deployment/init.py\", line 4733, in create_selinux_contexts", " config.PKI_CFG_SELINUX_CONTEXT, '', 's0', '')", " File \"/usr/lib/python3.6/site-packages/seobject.py\", line 2473, in add", " self.add(target, type, ftype, serange, seuser)", " File \"/usr/lib/python3.6/site-packages/seobject.py\", line 2433, in __add", " raise ValueError((\"File context for %s already defined\") % target)"], "stdout": "Loading deployment configuration from /tmp/test_dir/ca.cfg.
      Installing CA into /var/lib/pki/topology-02-CA.

      Expected results:
      Expected that after pkidestroy cleans up the user can re-install with pkispawn successfully

      Additional info:

              jira-bugzilla-migration RH Bugzilla Integration
              gkimetto@redhat.com Gilbert Kimetto
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: