How to reproduce: TestInstallWithCA1
Steps: 1. install master: (from output of the tests)
[ipa.ipatests.pytest_plugins.integration.host.Host.master.ParamikoTransport] RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret123', '-a', 'Secret123', '--domain-level=1', '-U']
Full log: https://pastebin.com/u5F5LtBQ (too long to paste here)
Short version:
ipa: ERROR Reverse DNS resolution of address 192.168.118.101 (master.ipa.test) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) ipa.ipaserver.install.krainstance.KRAInstance: CRITICAL Failed to configure KRA instance: Command '/usr/sbin/pkispawn -s KRA -f /tmp/tmpJKLSDJ' returned non-zero exit status 1 ipa.ipaserver.install.krainstance.KRAInstance: CRITICAL See the installation logs and the following files/directories for more information: ipa.ipaserver.install.krainstance.KRAInstance: CRITICAL /var/log/pki/pki-tomcat ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR KRA configuration failed. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
<img alt="replica1.tar.gz" src="/freeipa/issue/raw/eaab6edda3f3cddd93b40118d131013ed6613044e65691642c8eba0f743671f7-replica1.tar.gz" /> <img alt="master.tar.gz" src="/freeipa/issue/raw/bf26b0f2cd7e47cb8f9593d46cd62326f29c0f698d06c3aa1ac0614a4d33d318-master.tar.gz" />
This may be related to: #7008 and #6995
Seen similar issue also in "test_line_topology_with_ca_kra" test during ipa-replica-install with --setup-ca and --setup-kra. In this case 2nd replica fails. Previous servers installed with --setup-kra too.
ipareplica-install:
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 617, in main replica_install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 390, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1478, in install kra.install(api, config, options) File "/usr/lib/python2.7/site-packages/ipaserver/install/kra.py", line 116, in install promote=promote) File "/usr/lib/python2.7/site-packages/ipaserver/install/krainstance.py", line 135, in configure_instance self.start_creation(runtime=120) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/krainstance.py", line 289, in __spawn_instance tmp_agent_pwd) File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 148, in spawn_instance self.handle_setup_error(e) File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 386, in handle_setup_error raise RuntimeError("%s configuration failed." % self.subsystem) 2017-06-08T08:38:44Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: KRA configuration failed. 2017-06-08T08:38:44Z ERROR KRA configuration failed. 2017-06-08T08:38:44Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Attaching logs:
ticket7013_ipareplica-install ticket7013_kradebug ticket7013_pkikraspawn ticket7013_testoutput
Topology in the logs:
vm-058-148 = master vm-058-148 <= vm-058-229 - replica 1 vm-058-229 <= vm-181 - replica 2
<img alt="ticket7013_testoutput" src="/freeipa/issue/raw/85978fd86cafe4cb73197fcf2b9b3984ff5b61bf4cd7629a2f28223ecd715edf-ticket7013_testoutput" />
<img alt="ticket7013_pkikraspawn" src="/freeipa/issue/raw/85564173a923962c9fd9706e59cf09fd3901f6e987f60641c3d8df32fb8aded0-ticket7013_pkikraspawn" />
<img alt="ticket7013_kradebug" src="/freeipa/issue/raw/54a2020dc77b5faecc4af2f409777bd506025c5020ba9dd2a8dbd39dfa839fd5-ticket7013_kradebug" />
<img alt="ticket7013_ipareplica-install.tar.gz" src="/freeipa/issue/raw/66f642555c75ea4386d2bf080eed82cf3708b6a2d29bf34f356644bb3161aa47-ticket7013_ipareplica-install.tar.gz" />
I've added the logs from master and replica1 into the description
Metadata Update from @fbarreto: - Issue assigned to fbarreto
I was not able to reproduce with the scenario in ticket7013_testoutput: - install master with --setup-dns --setup-kra - install client on replica1 with --server=master - install replica on replica1 with --setup-ca --setup-kra - install client on replica1 with server=replica1 - install replica on replica2 with --setup-ca --setup-kra
Which versions of IPA and PKI are you using? On my topology, no issue with freeipa from master gitb43dab8 and pki-core 10.4.7-1.fc25
Metadata Update from @fbarreto: - Assignee reset
I do not have the same vm that I ran the tests and got this result, however running again using IPA and PKI versions:
[root@master ~]# dnf list pki-core pki-core.src 10.4.7-1.fc25 group_freeipa-freeipa-master [root@master ~]# ipa --version VERSION: 4.5.90.dev201706231322+git3f59721, API_VERSION: 2.228
I got this output: http://pastebin.test.redhat.com/497362 which looks the same problem to me. Please, tell me if I'm wrong.
Metadata Update from @tkrizek: - Issue assigned to tkrizek
This seems to be the same issue as #7041. In the kra-install log, there's
KDC has no support for encryption type
Since the issue is a race condition, it'd explain why it can't be reproduced consistently. In the vagrant environment, I was able to reproduce it on a first try.
Metadata Update from @tkrizek: - Assignee reset
Closing as dup of #7041
Metadata Update from @pvoborni: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.