WIth #3005 and #3007 fixed, I'm running into another Python 3-related issue in external CA installation:
2018-04-30 15:52:07 pkispawn : INFO ....... BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc 2018-04-30 15:52:07 pkispawn : INFO ....... loading caSigningCert External CA certificate 2018-04-30 15:52:07 pki.nssdb : DEBUG Command: certutil -L -d /var/lib/pki/pki-tomcat/alias -f /tmp/tmptv77qn7u/password.txt -n caSigningCert External CA -a 2018-04-30 15:52:07 pkispawn : DEBUG ....... Error Type: TypeError 2018-04-30 15:52:07 pkispawn : DEBUG ....... Error Message: Object of type 'bytes' is not JSON serializable 2018-04-30 15:52:07 pkispawn : DEBUG ....... File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 534, in main scriptlet.spawn(deployer) File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 1038, in spawn json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) File "/usr/lib64/python3.6/json/__init__.py", line 238, in dumps **kw).encode(obj) File "/usr/lib64/python3.6/json/encoder.py", line 199, in encode chunks = self.iterencode(o, _one_shot=True) File "/usr/lib64/python3.6/json/encoder.py", line 257, in iterencode return _iterencode(o, 0) File "/usr/lib/python3.6/site-packages/pki/encoder.py", line 92, in default return json.JSONEncoder.default(self, o) File "/usr/lib64/python3.6/json/encoder.py", line 180, in default o.__class__.__name__)
data
(Pdb) pp vars(data) {'adminCertRequest': 'MIICjTC...', 'adminCertRequestType': 'pkcs10', 'adminEmail': 'root@localhost', 'adminName': 'admin', 'adminPassword': '...', 'adminProfileID': 'caAdminCert', 'adminSubjectDN': 'cn=ipa-ca-agent,O=IPA.EXAMPLE', 'adminUID': 'admin', 'backupFile': '/etc/pki/pki-tomcat/alias/ca_backup_keys.p12', 'backupKeys': 'true', 'backupPassword': '...', 'baseDN': 'o=ipaca', 'bindDN': 'cn=Directory Manager', 'bindpwd': '...', 'createNewDB': 'true', 'createSigningCertRecord': 'true', 'database': 'ipaca', 'dsHost': 'master.ipa.example', 'dsPort': '389', 'external': True, 'generateServerCert': 'true', 'generateSubsystemCert': 'true', 'hierarchy': 'join', 'importAdminCert': 'false', 'isClone': 'false', 'issuingCA': 'External CA', 'pin': 'sBvvU28w4rhDnmXdshN0', 'removeData': 'true', 'replicationPassword': '', 'secureConn': 'false', 'securityDomainName': 'IPA', 'securityDomainType': 'newdomain', 'sharedDB': 'false', 'signingCertSerialNumber': '1', 'standAlone': False, 'startingCRLNumber': '0', 'subsystemName': 'CA master.ipa.example 8443', 'systemCerts': [<pki.system.SystemCertData object at 0x7fbf211f0d68>, <pki.system.SystemCertData object at 0x7fbf2117e860>, <pki.system.SystemCertData object at 0x7fbf2117e6a0>, <pki.system.SystemCertData object at 0x7fbf2117e438>, <pki.system.SystemCertData object at 0x7fbf2117e518>], 'systemCertsImported': False, 'token': 'Internal Key Storage Token'}
pki.system.SystemCertData
(Pdb) pp vars(data.systemCerts[0]) {'cert': b'-----BEGIN CERTIFICATE-----\nMIIDHzCCAg...', 'keyAlgorithm': 'SHA256withRSA', 'keySize': '2048', 'keyType': 'rsa', 'nickname': 'caSigningCert cert-pki-ca', 'signingAlgorithm': 'SHA256withRSA', 'subjectDN': 'CN=Certificate ' 'Authority,O=IPA.EXAMPLE', 'tag': 'signing', 'token': 'Internal Key Storage Token'}
As you can see, the cert attribute is bytes. Looks like the JSON encoder is unable to handle that case.
cert
Metadata Update from @cheimes: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
https://review.gerrithub.io/#/c/dogtagpki/pki/+/409517
Metadata Update from @cheimes: - Issue assigned to cheimes
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue set to the milestone: 10.6.1 (was: 10.6)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3126
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.