#7752 ipa client throws http.client.ResponseNotReady error
Closed: fixed 2 years ago Opened 2 years ago by ftweedal.

Clone of https://bugzilla.redhat.com/show_bug.cgi?id=1639890

Description of problem:

While requesting a certificate from an IPA client, I am seeing the following error:

[root@rhel-2 certs]# openssl req -new -newkey rsa:2048 -keyout ipauser1.key -nodes -out ipauser1.csr -subj '/CN=ipauser1'
Generating a RSA private key
.......................................................+++++
............................+++++
writing new private key to 'ipauser1.key'
-----


[root@rhel-2 certs]# ipa cert-request ipauser1.csr --principal=ipauser1 --certificate-out=ipauser1.crt
ipa: ERROR: non-public: ResponseNotReady: Request-sent
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipalib/backend.py", line 141, in execute
    return self.Command[_name](*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 801, in run
    return self.forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/cert.py", line 56, in forward
    result = super(CertRetrieveOverride, self).forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 824, in forward
    *args, **kw)
  File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 1144, in forward
    return self._call_command(command, params)
  File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 1120, in _call_command
    return command(*params)
  File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 1274, in _call
    return self.__request(name, args)
  File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 1241, in __request
    verbose=self.__verbose >= 3,
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1154, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 712, in single_request
    response = h.getresponse()
  File "/usr/lib64/python3.6/http/client.py", line 1321, in getresponse
    raise ResponseNotReady(self.__state)
http.client.ResponseNotReady: Request-sent
ipa: ERROR: an internal error has occurred


Version-Release number of selected component (if applicable):
ipa-client-4.7.0-5.el8+1821+bae8e9a4.x86_64
python3-libs-3.6.6-13.el8.x86_64
[root@rhel-2 certs]# 


How reproducible:
Unknown.  So far only happened the first time I tried to request a cert successfully.

Steps to Reproduce:
1.  Setup IPA server and client
2.  Add ipauser1 user
3.  openssl req -new -newkey rsa:2048 -keyout ipauser1.key -nodes -out ipauser1.csr -subj '/CN=ipauser1'
4.  ipa cert-request ipauser1.csr --principal=ipauser1 --certificate-out=ipauser1.crt


Actual results:
Shows error above.

Expected results:
no error and writes cert to ipauser1.crt file.

Steps to Reproduce

This issue can be forcibly reproduced:

  1. on client, authenticate and issue an IPA command (e.g. ipa user-find)
  2. on server, forcibly delete the current user's session cache from /run/ipa/ccaches
  3. issue another command. It will fail. Observer that the server sent a 401 response, then the client throws an error and the request fails at the server with a 500 status.

Metadata Update from @ftweedal:
- Issue assigned to ftweedal

2 years ago

Metadata Update from @ftweedal:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2517

2 years ago

master:

  • b8007e1 rpc: always read response

ipa-4-6:

  • a877dbe rpc: always read response

ipa-4-7:

  • 4c0e7d6 rpc: always read response

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

master:

  • 0c2530e ipatests: Test to check that ResponseNotReady error is not displayed when user session cache is deleted

ipa-4-9:

  • 2aa7799 ipatests: Test to check that ResponseNotReady error is not displayed when user session cache is deleted

Login to comment on this ticket.

Metadata