[root@vm-058-167 ~]# export SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf [root@vm-058-167 ~]# /usr/libexec/ipa/ipa-dnskeysync-replica ipa : DEBUG Kerberos principal: ipa-dnskeysyncd/vm-058-167.ipa.test.com ipa : DEBUG Initializing principal ipa-dnskeysyncd/vm-058-167.ipa.test.com using keytab /etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa : DEBUG using ccache /tmp/ipa-dnskeysync-replica.ccache ipa : DEBUG Attempt 1/5: success ipa : DEBUG Got TGT ipa : DEBUG Connecting to LDAP ipa : DEBUG Connected ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2Fvar%2Frun%2Fslapd-DOM-058-195-IPA-TEST-COM.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f25493fbdd0> ipa : DEBUG master keys in local HSM: set([]) ipa : DEBUG master keys in LDAP HSM: set(['0x933205a497246d93b11e9406377ed85e']) ipa : DEBUG new master keys in LDAP HSM: set(['0x933205a497246d93b11e9406377ed85e']) Traceback (most recent call last): File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 161, in <module> ldap2replica_master_keys_sync(log, ldapkeydb, localhsm) File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 75, in ldap2replica_master_keys_sync assert unwrapping_key is not None, "Local HSM does not contain suitable unwrapping key for master key 0x%s" % hexlify(mkey_id) AssertionError: Local HSM does not contain suitable unwrapping key for master key 0x933205a497246d93b11e9406377ed85e
We need to get a reproducer for this issue. Also, it would be good to watch out for changes in SoftHSM and openssl packages, these are probable culprits.
triage notes:
mbasti: failing randomly, I haven't been able to reproduce it, the last jenkins run was successful
Metadata Update from @mkubik: - Issue assigned to pspacek - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.