Nightly test failure in rawhide during CA installation

[pki-bot]

This issue was migrated from Pagure Issue #3203. Originally filed by frenaud (@flo-renaud) on 2020-08-10 04:24:56:

• Closed at 2020-08-24 15:22:22 as fixed
• Assigned to nobody

---

The nightly test test_installation_TestInstallCA failed in rawhide during the CA installation. See PR #336 with the following report and logs:

cls = <class 'ipatests.test_integration.test_installation.TestInstallCA'>
mh = <pytest_multihost.plugin.MultihostFixture object at 0x7f23a806af70>

    @classmethod
    def install(cls, mh):
>       tasks.install_master(cls.master, setup_dns=False)

test_integration/test_installation.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
pytest_ipa/integration/tasks.py:326: in install_master
    result = host.run_command(args, raiseonerr=raiseonerr,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)>
argv = ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', ...]
set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True
cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0

    def run_command(self, argv, set_env=True, stdin_text=None,
                    log_stdout=True, raiseonerr=True,
                    cwd=None, bg=False, encoding='utf-8', ok_returncode=0):
        """Wrapper around run_command to log stderr on raiseonerr=True
    
        :param ok_returncode: return code considered to be correct,
                              you can pass an integer or sequence of integers
        """
        result = super().run_command(
            argv, set_env=set_env, stdin_text=stdin_text,
            log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
            encoding=encoding
        )
        # in FIPS mode SSH may print noise to stderr, remove the string
        # "FIPS mode initialized" + optional newline.
        result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes)
        try:
            result_ok = result.returncode in ok_returncode
        except TypeError:
            result_ok = result.returncode == ok_returncode
        if not result_ok and raiseonerr:
            result.log.error('stderr: %s', result.stderr_text)
>           raise subprocess.CalledProcessError(
                result.returncode, argv,
                result.stdout_text, result.stderr_text
            )
E           subprocess.CalledProcessError: Command '['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U']' returned non-zero exit status 1.

pytest_ipa/integration/host.py:200: CalledProcessError
 -----------------------------Captured stderr setup------------------------------ 
ipa: ERROR: stderr: Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpdy1j9jnm'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\n/usr/lib/python3.9/site-packages/urllib3/connection.py:377: SubjectAltNameWarning: Certificate for master.ipa.test has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)\n  warnings.warn(\n')
See the installation logs and the following files/directories for more information:
  /var/log/pki/pki-tomcat
CA configuration failed.
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

The PKI logs show many errors related to NoClassDefFoundError:

2020-08-08 17:22:26 [main] WARN: RESTEASY002145: NoClassDefFoundError: Unable to load builtin provider org.jboss.resteasy.plugins.providers.jaxb.XmlJAXBContextFinder from jar:file:/usr/share/java/resteasy/resteasy-jaxb-provider.jar!/META-INF/services/javax.ws.rs.ext.Providers

and the journal:

Aug 08 17:22:11 master.ipa.test systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Aug 08 17:22:13 master.ipa.test pki-server[26420]: javax.xml.bind.JAXBException
Aug 08 17:22:13 master.ipa.test pki-server[26420]:  - with linked exception:
Aug 08 17:22:13 master.ipa.test pki-server[26420]: [java.lang.ClassNotFoundException: com.sun.xml.internal.bind.v2.ContextFactory]
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at javax.xml.bind.ContextFinder.newInstance(ContextFinder.java:241)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at javax.xml.bind.ContextFinder.find(ContextFinder.java:477)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:656)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:599)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at com.netscape.certsrv.client.ClientConfig.<clinit>(ClientConfig.java:52)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at com.netscape.cmstools.cli.MainCLI.<init>(MainCLI.java:89)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:723)
Aug 08 17:22:13 master.ipa.test pki-server[26420]: Caused by: java.lang.ClassNotFoundException: com.sun.xml.internal.bind.v2.ContextFactory
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at javax.xml.bind.ContextFinder.safeLoadClass(ContextFinder.java:594)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         at javax.xml.bind.ContextFinder.newInstance(ContextFinder.java:239)
Aug 08 17:22:13 master.ipa.test pki-server[26420]:         ... 6 more
Aug 08 17:22:14 master.ipa.test java[26420]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
Aug 08 17:22:14 master.ipa.test pki-server[26420]: ---------------
Aug 08 17:22:14 master.ipa.test pki-server[26420]: Export complete
Aug 08 17:22:14 master.ipa.test pki-server[26420]: ---------------
Aug 08 17:22:16 master.ipa.test systemd[1]: Started PKI Tomcat Server pki-tomcat.
Aug 08 17:22:16 master.ipa.test audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=pki-tomcatd@pki-tomcat comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Aug 08 17:22:16 master.ipa.test server[26520]: Java virtual machine used: /usr/lib/jvm/jre-openjdk/bin/java
Aug 08 17:22:16 master.ipa.test server[26520]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/lib/java/commons-daemon.jar
Aug 08 17:22:16 master.ipa.test server[26520]: main class used: org.apache.catalina.startup.Bootstrap
Aug 08 17:22:16 master.ipa.test server[26520]: flags used: -Dcom.redhat.fips=false
Aug 08 17:22:16 master.ipa.test server[26520]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager     -Djava.security.manager     -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy
Aug 08 17:22:16 master.ipa.test server[26520]: arguments used: start
Aug 08 17:22:19 master.ipa.test java[26520]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock
Aug 08 17:22:20 master.ipa.test server[26520]: WARNING: Some of the specified [protocols] are not supported by the SSL engine and have been skipped: [[TLSv1, TLSv1.1]]

This error is blocking testing of FreeIPA in rawhide.

[pki-bot]

Comment from cipherboy (@cipherboy) at 2020-08-24 15:21:50

This should be resolved in F33+. Note that current rawhide has a broken compose since this was fixed there. All COPR repo packages should have been rebuilt.

[pki-bot]

Comment from cipherboy (@cipherboy) at 2020-08-24 15:21:51

Metadata Update from @cipherboy:

• Custom field component adjusted to None
• Custom field feature adjusted to None
• Custom field origin adjusted to None
• Custom field proposedmilestone adjusted to None
• Custom field proposedpriority adjusted to None
• Custom field reviewer adjusted to None
• Custom field type adjusted to None
• Custom field version adjusted to None

[pki-bot]

Comment from cipherboy (@cipherboy) at 2020-08-24 15:22:23

Metadata Update from @cipherboy:

• Issue close_status updated to: fixed
• Issue status updated to: Closed (was: Open)