It seems that despite fasjson.stg.fedoraproject.org itself is reachable, it's unable to reach IPA/ldap backend when requesting a cert (when using fasjson-client) Example (reproduced multiple times yesterday and again today) :
fasjson-client
Generating CSR... Uploading CSR for signature... Error: could not sign the CSR (400: cannot connect to 'ldapi://%2Fvar%2Frun%2Fslapd-STG-FEDORAPROJECT-ORG.socket': , {'message': "cannot connect to 'ldapi://%2Fvar%2Frun%2Fslapd-STG-FEDORAPROJECT-ORG.socket': ", 'code': 907, 'source': 'RPC'}).
First error I got was different though (but same result : no CSR processed at all :
Error: could not sign the CSR (400: Configured time limit exceeded, {'message': 'Configured time limit exceeded', 'code': 4214, 'source': 'RPC'}).
Metadata Update from @humaton: - Issue tagged with: medium-gain, medium-trouble, ops
Just tried again $now and it worked fine :
+] 20201207-09:42 centos-cert -> Forcing kinit to obtain valid kerberos ticket : Password for centos_cbs_user1@STG.FEDORAPROJECT.ORG: Generating CSR... Uploading CSR for signature... Certificate generated, signed and written to /root/.centos-centos_cbs_user1.crt [+] 20201207-09:42 centos-cert -> Concatenating cert to ~/.centos.cert [+] 20201207-09:42 centos-cert -> Verifying if TLS cert is still valid ... [+] 20201207-09:42 centos-cert -> [SUCCESS] Your TLS cert is still valid for [730] days
Worth still verifying what was the root cause .. wondering if that was due to some scripts stopping service for a backup ?
Metadata Update from @smooge: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: authentication, staging
I need timestamps for when this happened to see if I can find the root cause in ipa01.stg.iad2.fedoraproject.org
I have looked at the logs since 2020-12-01 and there is nothing showing up in slapd logs until 2020-12-07 when the indexes were rebuilt to fix the FasIRCNic index. After that there are entries for restarts and such but all normal.
Metadata Update from @smooge: - Issue assigned to smooge
Nothing in logs for last 24 hours so whatever caused this seems to have fixed itself and left no trace.
Metadata Update from @smooge: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Issue status updated to: Open (was: Closed)
Issue status updated to: Closed (was: Open) Issue close_status updated to: Fixed
Log in to comment on this ticket.