-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipahealthcheck.ds.backends failure #163
Comments
@edewata it's failing on Fedora 33. What version of python3-lib389 and freeipa-healthcheck are installed? This error originates within python3-lib389. |
|
It works for me with python3-lib389-1.4.4.5-1.fc33 but fails afterward. @mreynolds389 looks like something in lib389. |
More specifically, it passes in 1.4.4.5 and fails in 1.4.4.7. I didn't test 1.4.4.6. |
It looks like it's doing this for each backend: o=ipaca, dc=example,dc=test and cn=changelog with only the last one actually being reported up within healthcheck |
Could the |
Once 0.7 hits stable (soon) it will because it defaults to --failures-only. Or you can pass in --failures-only. Mark has an idea what the problem may be. |
@edewata have you tried python3-lib389-1.4.4.8 to see if it addresses the failure? It works for me. |
I have built Then restarted the CI tests: It's still failing:
|
Ok, @mreynolds389 would you like me to create a 389 ticket to track this? |
This does not look like a DS bug at this time. This error would suggest the mapping tree entry for cn=changelog was not created, or the the cn=changelog backend was not initialized. So the error is saying there is no backend, so this is most likely a config issue. Is there a system I can look at where this is failing so I can confirm what is really going on? |
The ipa-healthcheck has been failing due to this issue: freeipa/freeipa-healthcheck#163 The ipa-healthcheck test has temporarily been disabled to allow the remaining IPA tests to pass.
The ipa-healthcheck has been failing due to this issue: freeipa/freeipa-healthcheck#163 The ipa-healthcheck test has temporarily been disabled to allow other IPA tests to pass.
@rcritten Any idea about this? The test is defined in IPA, not in PKI: PKI does not create |
The ipa-healthcheck has been failing due to this issue: freeipa/freeipa-healthcheck#163 The ipa-healthcheck test has temporarily been disabled to allow other IPA tests to pass.
I'm not sure how the IPA integration test impacts this. You aren't running it AFAICT, you're running ipa-healthcheck directly, at least based on your PR. This particular failure is from late November. Is it still happening? I wasn't able to reproduce it on a fresh F32 install. |
We used to be calling If IPA does not see this problem, maybe we should just remove the above lines permanently from PKI CI, and let |
I'd at the very least suggest running it before the IPA tests. There is no assurance in the tests that the resulting server is in any sort of sane state (though that would be ideal). |
The issue is still happening but only when @389ds/389-ds-base-nightly copr repo is enabled. See for instance PR #625: test_replica_promotion_TestHiddenReplicaPromotion. DS access logs shows that ipa-healthcheck is performing a search equivalent to |
Just for the record, |
This particular error ("No object exists given the filter criteria cn=changelog") was fixed in 389ds/389-ds-base#4159 back in October and is in 1.4.4.6 and up. If I revert this fix then I can reproduce the exact same problem you are seeing. So I can not explain why it is still failing for Endi, except that he is accidentally testing the wrong build or wrong version of lib389? Unfortunately I found another bug in DS heathcheck where "list" objects, like Backends, are not processed correctly. That is unrelated to this ticket though, but this particular issue/error has been fixed in the latest version of lib389 (1.4.4.6 and up). If you are reproducing this on a system with 1.4.4.6, or higher, please provide me the details so I can log into the system and confirm what is really going on. Thanks! |
PKI CI uses the latest DS packages from Fedora updates. Here's what was used today:
I'd suggest adding an IPA CI test to test |
On stock F33 I can reproduce this error (plus a couple about file ownership related to systemd-resolvd). I also have python3-lib389-1.4.4.9-1.fc33.noarch |
The ipa-healthcheck has been failing due to this issue: freeipa/freeipa-healthcheck#163 The ipa-healthcheck test has temporarily been disabled to allow other IPA tests to pass.
This is now fixed upstream in 389-ds-base. Thanks @flo-renaud for providing me a system that was showing the problem! |
@rcritten the issue can be closed, not reproduced any more in the nightlies using 389-ds-base-1.4.3.21-1.fc32.x86_64 / 389-ds-base-1.4.4.13-2.fc33.x86_64 |
Cloned from https://pagure.io/freeipa/issue/8568
The
ipa-healthcheck
reported an error which caused PKI CI to fail:https://github.com/dogtagpki/pki/pull/3372/checks?check_run_id=1364905815
(click View raw logs)
The text was updated successfully, but these errors were encountered: