#48201 ipa cert-request --add operations error
Closed: wontfix 6 years ago Opened 8 years ago by nhosoi.

Description of problem:

I'm seeing some errors intermittently for ipa cert-request commands in some
test automation.

:: [  BEGIN   ] :: Request the csr into IPA :: actually running 'ipa
cert-request --add --principal=EXAMPLEvm-idm-024/vm-idm-024.testrelm.test
/tmp/tmp.5Exq9RxnJS/vm-idm-024.testrelm.test-cert-req.csr'
ipa: ERROR: Operations error:
:: [   FAIL   ] :: Request the csr into IPA (Expected 0, got 1)

This seems to be happening on both IPA servers and clients but, not
consistently that I can tell so far.  Also, this is being seen in upgrade
testing so the hosts were running RHEL7.0 initially and then upgraded to 7.1.

Version-Release number of selected component (if applicable):

ipa-server-4.1.0-16.el7.x86_64
389-ds-base-1.3.3.1-13.el7.x86_64

How reproducible:

Steps to Reproduce:
1.  install IPA master, replica, and client on RHEL7.0
2.  upgrade master, then replica, then client.
3.  in between upgrades, run ipa cert-request like this:

cat > /tmp/test_master.conf <<EOF
[ req ]
default_bits = 2048
default_keyfile = /tmp/test_master.key
distinguished_name = test_key_file
prompt = no
output_password = ..

[ test_key_file ]
C = US
ST = CA
L = SFO
O = RedHat Technology
OU = RedHat IT
CN = $(hostname)
EOF

openssl req -new -config /tmp/test_master.conf -out /tmp/test_master.csr
ipa cert-request --add --principal=EXAMPLE$(hostname -s)/$(hostname)
/tmp/test_master.csr

In some cases, this is run multiple times as it's run in between updates.  So
far I've been unable to reproduce manually.

Actual results:
Operations error.

Expected results:
new cert requested for principal.

Additional info:

/var/log/messages:
Feb  3 02:00:11 vm-idm-024 server: 02:00:11,236 DEBUG
(org.jboss.resteasy.core.SynchronousDispatcher:60) - PathInfo: /certs/search

/var/log/httpd/access_log:
<IP> - - [03/Feb/2015:02:00:13 +0530] "POST
https://vm-idm-024.testrelm.test:443/ca/agent/ca/displayBySerial HTTP/1.1" 200
10773
<IP> - - [03/Feb/2015:02:00:14 +0530] "POST
https://vm-idm-024.testrelm.test:443/ca/agent/ca/doRevoke HTTP/1.1" 200 260
<IP> - - [03/Feb/2015:02:00:15 +0530] "POST
https://vm-idm-024.testrelm.test:443/ca/eeca/ca/profileSubmitSSLClient
HTTP/1.1" 200 1662
<IP> - admin@TESTRELM.TEST [03/Feb/2015:02:00:12 +0530] "POST /ipa/json
HTTP/1.1" 200 163

/var/log/httpd/error_log:
[Tue Feb 03 02:00:06.313176 2015] [:error] [pid 32614] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: host_del((u'bz955698-1.testrelm.test',),
continue=False, updatedns=False, version=u'2.112'): SUCCESS
[Tue Feb 03 02:00:11.027551 2015] [:error] [pid 32613] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Tue Feb 03 02:00:11.463991 2015] [:error] [pid 32614] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: cert_find(max_serial_number=2000,
exactly=False, all=False, raw=False, version=u'2.112'): SUCCESS
[Tue Feb 03 02:00:12.761424 2015] [:error] [pid 32613] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS
[Tue Feb 03 02:00:19.042124 2015] [:error] [pid 32614] ipa: INFO:
[jsonserver_kerb] admin@TESTRELM.TEST: cert_request(u'-----BEGIN CERTIFICATE RE
QUEST-----\\nMIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQwwCgYDVQQH\\
nEwNTRk8xGjAYBgNVBAoTEVJlZEhhdCBUZWNobm9sb2d5MRIwEAYDVQQLEwlSZWRI\\nYXQgSVQxITA
fBgNVBAMTGHZtLWlkbS0wMjQudGVzdHJlbG0udGVzdDCCASIwDQYJ\\nKoZIhvcNAQEBBQADggEPADC
CAQoCggEBAMYzlxzFiAJnvclb9X0LEB0rOWxWacJq\\nOYOSdynXW14Fo/uhNJzWDs8HU8/NvO0gPJG
NzNi283zzZHpioFuEHf3WjLK48w4g\\nHvMDtDajJ5xPRv+GaqNjMXSkMq18BOZDO5PS8iyI2G2dsnE
/sltbC1Q7acIcRIvH\\nrU5qT15fpyOeasKGHRkO/7fQxDHofqgBJFb7Nc4E2IJWKNijR6VtI6P7SGh
mL2l8\\ndpvLrYlKmxBWMkRjeRtpDykqFeRICjzWX5QuTjq52DFirgpWrcpitiQvBWE7Fs42\\nGO75
72XLu1QUeusPkdc3bKx2EHmaPM+2FjwuWWnEwWVbD2VHCDfv0OMCAwEAAaAA\\nMA0GCSqGSIb3DQEB
BQUAA4IBAQBbt3bqUeIBFFAxELkdQiFt8kDKKz3dqRN7ej4v\\nTYnnlDVV9ZwiV+V9K2gbvzmfXXQ6
B7o9MZK4qMcTw2PcdhUbjUFU35bGe2TALCwC\\nPqx+zMIp+Kj5jLPuGj/chuv6aOsHO3I4gwbjorfe
Jat8Gv/XomB2MTPpfVIbpPTQ\\nk3t9ChlfJhwjr5NQyHEMyY9TVxT9TRADv8eyRUrEsqtmJ3+v1eK0
cb9rpir1dPg1\\nO3BV5SXhtFC1Eve+8zpZeTwJb8/rYn/iUI3Gl5TI4PgI2iyIkM6cAjwVtKGoIjqb
\\nt6ymcJzLe0Q94NJLZJgX5P34PsK1kEORRM1ZPvTrRS8CDyuZ\\n-----END CERTIFICATE
REQUEST-----', principal=u'EXAMPLEvm-idm-024/vm-idm-024.testrelm.test',
request_type=u'pkcs10', add=True, version=u'2.112'): DatabaseError

Metadata Update from @nhosoi:
- Issue set to the milestone: 1.3.6.0

7 years ago

I don't think this issue is valid anymore, closing.

Metadata Update from @firstyear:
- Custom field component reset (from Security - SSL)
- Issue close_status updated to: invalid
- Issue status updated to: Closed (was: Open)

6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1532

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: invalid)

3 years ago

Login to comment on this ticket.

Metadata