Issue #1454: pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is failing - dogtagpki

dogtagpki

#1454 pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is failing

Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by rpattath.

pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is
failing

Steps to Reproduce:

1. pkispawn master CA
2. pkispawn clone CA
3. pkidestroy clone CA
4. pkispawn clone CA using the same base DN used in step 2
5. clone CA's inf has pki_ds_remove_data=True

Actual results:

pkispawn is failing

Expected results:

pkispawn clone CA should be successful

Additional info:

a part of log messages in clone CA debug log

[root@sparks ~]# cat /var/log/pki/clone1/ca/debug | grep "30/Jun/2015:14:23:03"
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LdapAuthInfo: password ok: store
in memory cache
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LdapAuthInfo: init ends
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: init: before makeConnection
errorIfDown is false
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: makeConnection: errorIfDown
false
[30/Jun/2015:14:23:03][Finalizer]: Destroying LdapBoundConnFactory(DBSubsystem)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: Established LDAP connection
using basic authentication to host sparks.idmqe.lab.eng.bos.redhat.com port
1901 as cn=Database Manager
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: initializing with mininum 3 and
maximum 15 connections to host sparks.idmqe.lab.eng.bos.redhat.com port 1901,
secure connection, false, authentication type 1
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: increasing minimum connections
by 3
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: new total available connections
3
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: new number of connections 3
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: In
LdapBoundConnFactory::getConn()
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: masterConn is connected: true
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: getConn: conn is connected true
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: getConn: mNumConns now 2
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS:
param=preop.internaldb.post_ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file =
/usr/share/pki/ca/conf/vlv.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file copy to
/var/lib/pki/clone1/ca/conf/vlv.ldif
[30/Jun/2015:14:23:03][Finalizer]: Destroying LdapBoundConnFactory(DirAclAuthz)
[30/Jun/2015:14:23:03][Finalizer]: Destroying LdapBoundConnFactory(UGSubsystem)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): LDAP Errors in
importing /var/lib/pki/clone1/ca/conf/vlv.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInvalidCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInValidCertsNotBefore-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allNonRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCaCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCaCerts-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCerts-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidOrRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caAll-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceled-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caComplete-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPending-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejected-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allCerts-clone1Index, cn=allCerts-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allExpiredCerts-clone1Index, cn=allExpiredCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInvalidCerts-clone1Index, cn=allInvalidCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInValidCertsNotBefore-clone1Index,
cn=allInValidCertsNotBefore-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allNonRevokedCerts-clone1Index,
cn=allNonRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCaCerts-clone1Index, cn=allRevokedCaCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCerts-clone1Index, cn=allRevokedCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCertsNotAfter-clone1Index,
cn=allRevokedCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedExpiredCerts-clone1Index,
cn=allRevokedExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCaCerts-clone1Index,
cn=allRevokedOrRevokedExpiredCaCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCerts-clone1Index,
cn=allRevokedOrRevokedExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCerts-clone1Index, cn=allValidCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCertsNotAfter-clone1Index,
cn=allValidCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidOrRevokedCerts-clone1Index,
cn=allValidOrRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caAll-clone1Index, cn=caAll-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceled-clone1Index, cn=caCanceled-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledEnrollment-clone1Index,
cn=caCanceledEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRenewal-clone1Index, cn=caCanceledRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRevocation-clone1Index,
cn=caCanceledRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caComplete-clone1Index, cn=caComplete-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteEnrollment-clone1Index,
cn=caCompleteEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRenewal-clone1Index, cn=caCompleteRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRevocation-clone1Index,
cn=caCompleteRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caEnrollment-clone1Index, cn=caEnrollment-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPending-clone1Index, cn=caPending-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingEnrollment-clone1Index,
cn=caPendingEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRenewal-clone1Index, cn=caPendingRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRevocation-clone1Index,
cn=caPendingRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejected-clone1Index, cn=caRejected-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedEnrollment-clone1Index,
cn=caRejectedEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRenewal-clone1Index, cn=caRejectedRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRevocation-clone1Index,
cn=caRejectedRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRenewal-clone1Index, cn=caRenewal-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRevocation-clone1Index, cn=caRevocation-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file =
/usr/share/pki/ca/conf/vlvtasks.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file copy to
/var/lib/pki/clone1/ca/conf/vlvtasks.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): LDAP Errors in
importing /var/lib/pki/clone1/ca/conf/vlvtasks.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=index1160589769, cn=index, cn=tasks,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: Checking wait_dn
cn=index1160589769, cn=index, cn=tasks, cn=config
[30/Jun/2015:14:23:04][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:05][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:06][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:07][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:08][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:09][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:10][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:11][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:12][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))

jmagne commented 8 years ago

OK: After some experimentation this is what I found.

This problem happens if you create the clone, destroy it, and then immediately try to re-create the exact same clone with the same deployment.cfg file.

This fails during the ldif importation process, specifically the vlv.index file. This happens shortly after replication. When this importation fails, the ldap server can no longer be contacted by the CA clone being installed. We get a bunch of these:

Still checking wait_dn 'cn=index1160589769, cn=index, cn=tasks, cn=config' (netscape.ldap.LDAPException: failed to connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))

I found a condition in the DS logs that might be important:

07/Jul/2015:20:35:16 -0400] - ldbm: Bringing pki-ca-ldap offline...
[07/Jul/2015:20:35:16 -0400] - ldbm: removing 'pki-ca-ldap'.
[07/Jul/2015:20:35:16 -0400] - Destructor for instance pki-ca-ldap called
[07/Jul/2015:20:35:19 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=pki-ca is going offline; disabling replication
[07/Jul/2015:20:35:20 -0400] NSMMReplicationPlugin - agmt="cn=cloneAgreement1-sparks.idmqe.lab.eng.bos.redhat.com-clone1" (sparks:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.
[07/Jul/2015:20:35:20 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database

It looks like some condition has been found and the server is going down, but in our case it never really comes back.

I have found a workaround for this that seems to work every time.

After doing the pkidestroy on the first clone, simply restart the DS server.
Try the clone again and it works flawlessly.

My theory is that after a clone is destroyed, something is out of sync with the previous replication agreement that shows up when the exact same agreement is attempted again. If we restart the DS server, things get cleared up and then the subsequent cloning operation is fine.

Further digging would be needed to figure out exactly what is going on here.

mharmsen commented 8 years ago

For the purposes of Dogtag 10.2, the following PKI TRAC Ticket was filed:

PKI TRAC Ticket #1486 - Document workaround for 1454 in 'pkispawn' man page

Metadata Update from @rpattath:
- Issue set to the milestone: UNTRIAGED

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3334

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

UNTRIAGED

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1237312

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

Cloning

proposedmilestone

None

dogtagpki

Source Code

#1454 pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is failing Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by rpattath.

Metadata

#1454 pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is failing

Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by rpattath.