Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipa cert-request --add operations error #1532

Closed
389-ds-bot opened this issue Sep 12, 2020 · 3 comments
Closed

ipa cert-request --add operations error #1532

389-ds-bot opened this issue Sep 12, 2020 · 3 comments
Labels
closed: not a bug Migration flag - Issue
Milestone
1.3.6.0

Comments

@389-ds-bot
Copy link

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/48201

Description of problem:

I'm seeing some errors intermittently for ipa cert-request commands in some
test automation.

:: [  BEGIN   ] :: Request the csr into IPA :: actually running 'ipa
cert-request --add --principal=EXAMPLEvm-idm-024/vm-idm-024.testrelm.test
/tmp/tmp.5Exq9RxnJS/vm-idm-024.testrelm.test-cert-req.csr'
ipa: ERROR: Operations error:
:: [   FAIL   ] :: Request the csr into IPA (Expected 0, got 1)

This seems to be happening on both IPA servers and clients but, not
consistently that I can tell so far.  Also, this is being seen in upgrade
testing so the hosts were running RHEL7.0 initially and then upgraded to 7.1.

Version-Release number of selected component (if applicable):

ipa-server-4.1.0-16.el7.x86_64
389-ds-base-1.3.3.1-13.el7.x86_64

How reproducible:

Steps to Reproduce:
1.  install IPA master, replica, and client on RHEL7.0
2.  upgrade master, then replica, then client.
3.  in between upgrades, run ipa cert-request like this:

cat > /tmp/test_master.conf <<EOF
[ req ]
default_bits = 2048
default_keyfile = /tmp/test_master.key
distinguished_name = test_key_file
prompt = no
output_password = ..

[ test_key_file ]
C = US
ST = CA
L = SFO
O = RedHat Technology
OU = RedHat IT
CN = $(hostname)
EOF

openssl req -new -config /tmp/test_master.conf -out /tmp/test_master.csr
ipa cert-request --add --principal=EXAMPLE$(hostname -s)/$(hostname)
/tmp/test_master.csr

In some cases, this is run multiple times as it's run in between updates.  So
far I've been unable to reproduce manually.

Actual results:
Operations error.

Expected results:
new cert requested for principal.

Additional info:

/var/log/messages:
Feb  3 02:00:11 vm-idm-024 server: 02:00:11,236 DEBUG
(org.jboss.resteasy.core.SynchronousDispatcher:60) - PathInfo: /certs/search

/var/log/httpd/access_log:
<IP> - - [03/Feb/2015:02:00:13 +0530] "POST
https://vm-idm-024.testrelm.test:443/ca/agent/ca/displayBySerial HTTP/1.1" 200
10773
<IP> - - [03/Feb/2015:02:00:14 +0530] "POST
https://vm-idm-024.testrelm.test:443/ca/agent/ca/doRevoke HTTP/1.1" 200 260
<IP> - - [03/Feb/2015:02:00:15 +0530] "POST
https://vm-idm-024.testrelm.test:443/ca/eeca/ca/profileSubmitSSLClient
HTTP/1.1" 200 1662
<IP> - admin@TESTRELM.TEST [03/Feb/2015:02:00:12 +0530] "POST /ipa/json
HTTP/1.1" 200 163

/var/log/httpd/error_log:
[Tue Feb 03 02:00:06.313176 2015] [:error] [pid 32614] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: host_del((u'bz955698-1.testrelm.test',),
continue=False, updatedns=False, version=u'2.112'): SUCCESS
[Tue Feb 03 02:00:11.027551 2015] [:error] [pid 32613] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Tue Feb 03 02:00:11.463991 2015] [:error] [pid 32614] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: cert_find(max_serial_number=2000,
exactly=False, all=False, raw=False, version=u'2.112'): SUCCESS
[Tue Feb 03 02:00:12.761424 2015] [:error] [pid 32613] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Tue Feb 03 02:00:19.042124 2015] [:error] [pid 32614] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: cert_request(u'-----BEGIN CERTIFICATE RE
QUEST-----\\nMIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQwwCgYDVQQH\\
nEwNTRk8xGjAYBgNVBAoTEVJlZEhhdCBUZWNobm9sb2d5MRIwEAYDVQQLEwlSZWRI\\nYXQgSVQxITA
fBgNVBAMTGHZtLWlkbS0wMjQudGVzdHJlbG0udGVzdDCCASIwDQYJ\\nKoZIhvcNAQEBBQADggEPADC
CAQoCggEBAMYzlxzFiAJnvclb9X0LEB0rOWxWacJq\\nOYOSdynXW14Fo/uhNJzWDs8HU8/NvO0gPJG
NzNi283zzZHpioFuEHf3WjLK48w4g\\nHvMDtDajJ5xPRv+GaqNjMXSkMq18BOZDO5PS8iyI2G2dsnE
/sltbC1Q7acIcRIvH\\nrU5qT15fpyOeasKGHRkO/7fQxDHofqgBJFb7Nc4E2IJWKNijR6VtI6P7SGh
mL2l8\\ndpvLrYlKmxBWMkRjeRtpDykqFeRICjzWX5QuTjq52DFirgpWrcpitiQvBWE7Fs42\\nGO75
72XLu1QUeusPkdc3bKx2EHmaPM+2FjwuWWnEwWVbD2VHCDfv0OMCAwEAAaAA\\nMA0GCSqGSIb3DQEB
BQUAA4IBAQBbt3bqUeIBFFAxELkdQiFt8kDKKz3dqRN7ej4v\\nTYnnlDVV9ZwiV+V9K2gbvzmfXXQ6
B7o9MZK4qMcTw2PcdhUbjUFU35bGe2TALCwC\\nPqx+zMIp+Kj5jLPuGj/chuv6aOsHO3I4gwbjorfe
Jat8Gv/XomB2MTPpfVIbpPTQ\\nk3t9ChlfJhwjr5NQyHEMyY9TVxT9TRADv8eyRUrEsqtmJ3+v1eK0
cb9rpir1dPg1\\nO3BV5SXhtFC1Eve+8zpZeTwJb8/rYn/iUI3Gl5TI4PgI2iyIkM6cAjwVtKGoIjqb
\\nt6ymcJzLe0Q94NJLZJgX5P34PsK1kEORRM1ZPvTrRS8CDyuZ\\n-----END CERTIFICATE
REQUEST-----', principal=u'EXAMPLEvm-idm-024/vm-idm-024.testrelm.test',
request_type=u'pkcs10', add=True, version=u'2.112'): DatabaseError
@389-ds-bot 389-ds-bot added the closed: not a bug Migration flag - Issue label Sep 12, 2020
@389-ds-bot 389-ds-bot added this to the 1.3.6.0 milestone Sep 12, 2020
@389-ds-bot
Copy link
Author

Comment from nhosoi (@nhosoi) at 2017-02-11 22:59:31

Metadata Update from @nhosoi:

  • Issue set to the milestone: 1.3.6.0

@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-05-10 01:06:47

I don't think this issue is valid anymore, closing.

@389-ds-bot
Copy link
Author

Comment from firstyear (@Firstyear) at 2017-05-10 01:07:00

Metadata Update from @Firstyear:

  • Custom field component reset (from Security - SSL)
  • Issue close_status updated to: invalid
  • Issue status updated to: Closed (was: Open)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: not a bug Migration flag - Issue
Projects
None yet
Milestone
1.3.6.0
Development

No branches or pull requests
1 participant
@389-ds-bot