Description of problem: I'm seeing some errors intermittently for ipa cert-request commands in some test automation. :: [ BEGIN ] :: Request the csr into IPA :: actually running 'ipa cert-request --add --principal=EXAMPLEvm-idm-024/vm-idm-024.testrelm.test /tmp/tmp.5Exq9RxnJS/vm-idm-024.testrelm.test-cert-req.csr' ipa: ERROR: Operations error: :: [ FAIL ] :: Request the csr into IPA (Expected 0, got 1) This seems to be happening on both IPA servers and clients but, not consistently that I can tell so far. Also, this is being seen in upgrade testing so the hosts were running RHEL7.0 initially and then upgraded to 7.1. Version-Release number of selected component (if applicable): ipa-server-4.1.0-16.el7.x86_64 389-ds-base-1.3.3.1-13.el7.x86_64 How reproducible: Steps to Reproduce: 1. install IPA master, replica, and client on RHEL7.0 2. upgrade master, then replica, then client. 3. in between upgrades, run ipa cert-request like this: cat > /tmp/test_master.conf <<EOF [ req ] default_bits = 2048 default_keyfile = /tmp/test_master.key distinguished_name = test_key_file prompt = no output_password = .. [ test_key_file ] C = US ST = CA L = SFO O = RedHat Technology OU = RedHat IT CN = $(hostname) EOF openssl req -new -config /tmp/test_master.conf -out /tmp/test_master.csr ipa cert-request --add --principal=EXAMPLE$(hostname -s)/$(hostname) /tmp/test_master.csr In some cases, this is run multiple times as it's run in between updates. So far I've been unable to reproduce manually. Actual results: Operations error. Expected results: new cert requested for principal. Additional info: /var/log/messages: Feb 3 02:00:11 vm-idm-024 server: 02:00:11,236 DEBUG (org.jboss.resteasy.core.SynchronousDispatcher:60) - PathInfo: /certs/search /var/log/httpd/access_log: <IP> - - [03/Feb/2015:02:00:13 +0530] "POST https://vm-idm-024.testrelm.test:443/ca/agent/ca/displayBySerial HTTP/1.1" 200 10773 <IP> - - [03/Feb/2015:02:00:14 +0530] "POST https://vm-idm-024.testrelm.test:443/ca/agent/ca/doRevoke HTTP/1.1" 200 260 <IP> - - [03/Feb/2015:02:00:15 +0530] "POST https://vm-idm-024.testrelm.test:443/ca/eeca/ca/profileSubmitSSLClient HTTP/1.1" 200 1662 <IP> - admin@TESTRELM.TEST [03/Feb/2015:02:00:12 +0530] "POST /ipa/json HTTP/1.1" 200 163 /var/log/httpd/error_log: [Tue Feb 03 02:00:06.313176 2015] [:error] [pid 32614] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: host_del((u'bz955698-1.testrelm.test',), continue=False, updatedns=False, version=u'2.112'): SUCCESS [Tue Feb 03 02:00:11.027551 2015] [:error] [pid 32613] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS [Tue Feb 03 02:00:11.463991 2015] [:error] [pid 32614] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: cert_find(max_serial_number=2000, exactly=False, all=False, raw=False, version=u'2.112'): SUCCESS [Tue Feb 03 02:00:12.761424 2015] [:error] [pid 32613] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: ping(): SUCCESS [Tue Feb 03 02:00:19.042124 2015] [:error] [pid 32614] ipa: INFO: [jsonserver_kerb] admin@TESTRELM.TEST: cert_request(u'-----BEGIN CERTIFICATE RE QUEST-----\\nMIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQwwCgYDVQQH\\ nEwNTRk8xGjAYBgNVBAoTEVJlZEhhdCBUZWNobm9sb2d5MRIwEAYDVQQLEwlSZWRI\\nYXQgSVQxITA fBgNVBAMTGHZtLWlkbS0wMjQudGVzdHJlbG0udGVzdDCCASIwDQYJ\\nKoZIhvcNAQEBBQADggEPADC CAQoCggEBAMYzlxzFiAJnvclb9X0LEB0rOWxWacJq\\nOYOSdynXW14Fo/uhNJzWDs8HU8/NvO0gPJG NzNi283zzZHpioFuEHf3WjLK48w4g\\nHvMDtDajJ5xPRv+GaqNjMXSkMq18BOZDO5PS8iyI2G2dsnE /sltbC1Q7acIcRIvH\\nrU5qT15fpyOeasKGHRkO/7fQxDHofqgBJFb7Nc4E2IJWKNijR6VtI6P7SGh mL2l8\\ndpvLrYlKmxBWMkRjeRtpDykqFeRICjzWX5QuTjq52DFirgpWrcpitiQvBWE7Fs42\\nGO75 72XLu1QUeusPkdc3bKx2EHmaPM+2FjwuWWnEwWVbD2VHCDfv0OMCAwEAAaAA\\nMA0GCSqGSIb3DQEB BQUAA4IBAQBbt3bqUeIBFFAxELkdQiFt8kDKKz3dqRN7ej4v\\nTYnnlDVV9ZwiV+V9K2gbvzmfXXQ6 B7o9MZK4qMcTw2PcdhUbjUFU35bGe2TALCwC\\nPqx+zMIp+Kj5jLPuGj/chuv6aOsHO3I4gwbjorfe Jat8Gv/XomB2MTPpfVIbpPTQ\\nk3t9ChlfJhwjr5NQyHEMyY9TVxT9TRADv8eyRUrEsqtmJ3+v1eK0 cb9rpir1dPg1\\nO3BV5SXhtFC1Eve+8zpZeTwJb8/rYn/iUI3Gl5TI4PgI2iyIkM6cAjwVtKGoIjqb \\nt6ymcJzLe0Q94NJLZJgX5P34PsK1kEORRM1ZPvTrRS8CDyuZ\\n-----END CERTIFICATE REQUEST-----', principal=u'EXAMPLEvm-idm-024/vm-idm-024.testrelm.test', request_type=u'pkcs10', add=True, version=u'2.112'): DatabaseError
Metadata Update from @nhosoi: - Issue set to the milestone: 1.3.6.0
I don't think this issue is valid anymore, closing.
Metadata Update from @firstyear: - Custom field component reset (from Security - SSL) - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1532
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: invalid)
Login to comment on this ticket.