#717 Proxy error while getting status when spawning CA
Closed: Fixed None Opened 9 years ago by pviktori.

When installing FreeIPA on Fedora (updates-testing), sometimes /usr/sbin/pkispawn -s CA fails with the following error (from /var/log/pki/pki-ca-spawn.20130830154223.log):

...
2013-08-30 15:43:54 pkispawn    : INFO     ... generating 'pki.deployment.security_databases'
2013-08-30 15:43:54 pkispawn    : INFO     ....... generating '/etc/pki/pki-tomcat/password.conf'
2013-08-30 15:43:54 pkispawn    : INFO     ....... generating '/etc/pki/pki-tomcat/pfile'
2013-08-30 15:43:54 pkispawn    : INFO     ....... modifying '/etc/pki/pki-tomcat/password.conf'
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chmod 660 /etc/pki/pki-tomcat/password.conf
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chown 497:497 /etc/pki/pki-tomcat/password.conf
2013-08-30 15:43:54 pkispawn    : INFO     ....... executing 'certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile'
2013-08-30 15:43:54 pkispawn    : INFO     ....... modifying '/etc/pki/pki-tomcat/alias/cert8.db'
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chmod 600 /etc/pki/pki-tomcat/alias/cert8.db
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chown 497:497 /etc/pki/pki-tomcat/alias/cert8.db
2013-08-30 15:43:54 pkispawn    : INFO     ....... modifying '/etc/pki/pki-tomcat/alias/key3.db'
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chmod 600 /etc/pki/pki-tomcat/alias/key3.db
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chown 497:497 /etc/pki/pki-tomcat/alias/key3.db
2013-08-30 15:43:54 pkispawn    : INFO     ....... modifying '/etc/pki/pki-tomcat/alias/secmod.db'
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chmod 600 /etc/pki/pki-tomcat/alias/secmod.db
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chown 497:497 /etc/pki/pki-tomcat/alias/secmod.db
2013-08-30 15:43:54 pkispawn    : INFO     ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it with '1024' random bytes
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chmod 660 /etc/pki/pki-tomcat/ca/noise
2013-08-30 15:43:54 pkispawn    : DEBUG    ........... chown 497:497 /etc/pki/pki-tomcat/ca/noise
2013-08-30 15:43:54 pkispawn    : INFO     ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h 'internal' -n 'Server-Cert cert-pki-ca' -s 'cn=vm-194.idm.lab.eng.brq.redhat.com,o=2013-08-30 15:43:54' -m 0 -v 12 -c 'cn=vm-194.idm.lab.eng.brq.redhat.com,o=2013-08-30 15:43:54' -t 'CTu,CTu,CTu' -z /etc/pki/pki-tomcat/ca/noise -f /etc/pki/pki-tomcat/pfile -x > /dev/null 2>&1'
2013-08-30 15:43:55 pkispawn    : INFO     ....... rm -f /etc/pki/pki-tomcat/ca/noise
2013-08-30 15:43:55 pkispawn    : INFO     ....... rm -f /etc/pki/pki-tomcat/pfile
2013-08-30 15:43:55 pkispawn    : INFO     ... configuring 'pki.deployment.configuration'
2013-08-30 15:43:55 pkispawn    : INFO     ....... mkdir -p /root/.dogtag/pki-tomcat/ca
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chmod 755 /root/.dogtag/pki-tomcat/ca
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chown 0:0 /root/.dogtag/pki-tomcat/ca
2013-08-30 15:43:55 pkispawn    : INFO     ....... generating '/root/.dogtag/pki-tomcat/ca/password.conf'
2013-08-30 15:43:55 pkispawn    : INFO     ....... modifying '/root/.dogtag/pki-tomcat/ca/password.conf'
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf
2013-08-30 15:43:55 pkispawn    : INFO     ....... generating '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
2013-08-30 15:43:55 pkispawn    : INFO     ....... modifying '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chown 497:497 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
2013-08-30 15:43:55 pkispawn    : INFO     ....... executing 'certutil -N -d /tmp/tmp-vKKcbA -f /root/.dogtag/pki-tomcat/ca/password.conf'
2013-08-30 15:43:55 pkispawn    : INFO     ....... ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service
2013-08-30 15:43:55 pkispawn    : DEBUG    ........... chown -h 497:497 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service
2013-08-30 15:43:55 pkispawn    : INFO     ....... executing 'systemctl start pki-tomcatd@pki-tomcat.service'
2013-08-30 15:43:55 pkispawn    : DEBUG    ....... Error Type: ProxyError
2013-08-30 15:43:55 pkispawn    : DEBUG    ....... Error Message: Cannot connect to proxy. Socket error: [Errno 111] Connection refused.
2013-08-30 15:43:55 pkispawn    : DEBUG    .......   File "/usr/sbin/pkispawn", line 374, in main
    rv = instance.spawn()
  File "/usr/lib/python2.7/site-packages/pki/deployment/configuration.py", line 98, in spawn
    status = util.instance.wait_for_startup(60)
  File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py", line 1023, in wait_for_startup
    status = self.get_instance_status()
  File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py", line 1007, in get_instance_status
    response = client.getStatus()
  File "/usr/lib/python2.7/site-packages/pki/system.py", line 91, in getStatus
    self.connection.subsystem + '/getStatus')
  File "/usr/lib/python2.7/site-packages/pki/client.py", line 54, in get
    headers=headers)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 347, in get
    return self.request('GET', url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 335, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 438, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 292, in send
    timeout=timeout
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 459, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 314, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib64/python2.7/httplib.py", line 973, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.7/httplib.py", line 1007, in _send_request
    self.endheaders(body)
  File "/usr/lib64/python2.7/httplib.py", line 969, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 829, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 791, in send
    self.connect()
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 110, in connect
    raise ProxyError('Cannot connect to proxy. Socket error: %s.' % e)

I am uncertain what platform was used for this ticket?

This exact same stack trace was seen on Fedora 19 (jmagne@redhat.com) when attempting to install a TPS subsystem.

IIRC, development may have been using Fedora 18, so perhaps there is an issue with the version of 'python-urllib3' on Fedora 18 versus Fedora 19?

Additional information:

* Fedora 18:
  # rpm -q --whatprovides /usr/lib/python2.7/site-packages/urllib3/connectionpool.py
  python-urllib3-1.5-6.fc18.noarch

* Fedora 19:
  # rpm -q --whatprovides /usr/lib/python2.7/site-packages/urllib3/connectionpool.py
  python-urllib3-1.7-3.fc19.noarch

Yes, this is Fedora 19. Sorry for the omission.

Downgrading the python-urllib3 resolved this issue for me.

# yum downgrade python-urllib3 python-requests -y

This actually downgrades to the very version in the F18:

 ---> Package python-requests.noarch 0:1.1.0-4.fc19 will be a downgrade
 ---> Package python-requests.noarch 0:1.2.3-5.fc19 will be erased
 ---> Package python-urllib3.noarch 0:1.5-6.fc19 will be a downgrade
 ---> Package python-urllib3.noarch 0:1.7-3.fc19 will be erased

To ssh://vakwetu@git.fedorahosted.org/git/pki.git
8f0218b..04b71d1 master -> master

To ssh://vakwetu@git.fedorahosted.org/git/pki.git
ec05160..c017f30 DOGTAG_10_0_BRANCH -> DOGTAG_10_0_BRANCH

Metadata Update from @pviktori:
- Issue assigned to vakwetu
- Issue set to the milestone: 10.0.5

5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1286

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata