#8387 Nightly test failure in test_integration/test_fips::TestInstallFIPS in ipa-replica-install
Opened 5 months ago by frenaud. Modified 3 months ago

Issue

The nightly test test_integration/test_fips.py::TestInstallFIPS is failing while installing ipa replica, in the pkispawn step:

cls = <class 'ipatests.test_integration.test_fips.TestInstallFIPS'>
mh = <pytest_multihost.plugin.MultihostFixture object at 0x7f0f4da1e940>

    @classmethod
    def install(cls, mh):
        super(TestInstallFIPS, cls).install(mh)
        # sanity check
        for host in cls.get_all_hosts():
            assert host.is_fips_mode
            assert fips.is_fips_enabled(host)
        # patch named-pkcs11 crypto policy
        # see RHBZ#1772111
        for host in [cls.master] + cls.replicas:
            host.run_command(
                [
                    "sed",
                    "-i",
                    "-E",
                    "s/RSAMD5;//g",
                    "/etc/crypto-policies/back-ends/bind.config",
                ]
            )
        # master with CA, KRA, DNS+DNSSEC
        tasks.install_master(cls.master, setup_dns=True, setup_kra=True)
        # replica with CA, KRA, DNS
>       tasks.install_replica(
            cls.master,
            cls.replicas[0],
            setup_dns=True,
            setup_ca=True,
            setup_kra=True,
        )

test_integration/test_fips.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
pytest_ipa/integration/tasks.py:455: in install_replica
    result = replica.run_command(args, raiseonerr=raiseonerr,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <ipatests.pytest_ipa.integration.host.Host replica0.ipa.test (replica)>
argv = ['ipa-replica-install', '--admin-password', 'Secret.123', '--password', 'Secret.123', '-U', ...]
set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True
cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0

    def run_command(self, argv, set_env=True, stdin_text=None,
                    log_stdout=True, raiseonerr=True,
                    cwd=None, bg=False, encoding='utf-8', ok_returncode=0):
        """Wrapper around run_command to log stderr on raiseonerr=True

        :param ok_returncode: return code considered to be correct,
                              you can pass an integer or sequence of integers
        """
        result = super().run_command(
            argv, set_env=set_env, stdin_text=stdin_text,
            log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
            encoding=encoding
        )
        # in FIPS mode SSH may print noise to stderr, remove the string
        # "FIPS mode initialized" + optional newline.
        result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes)
        try:
            result_ok = result.returncode in ok_returncode
        except TypeError:
            result_ok = result.returncode == ok_returncode
        if not result_ok and raiseonerr:
            result.log.error('stderr: %s', result.stderr_text)
>           raise subprocess.CalledProcessError(
                result.returncode, argv,
                result.stdout_text, result.stderr_text
            )
E           subprocess.CalledProcessError: Command '['ipa-replica-install', '--admin-password', 'Secret.123', '--password', 'Secret.123', '-U', '--setup-ca', '--setup-kra', '--setup-dns', '--forwarder', '192.168.122.1', '--ip-address', '192.168.122.55', '--realm', 'IPA.TEST', '--domain', 'ipa.test']' returned non-zero exit status 1.

pytest_ipa/integration/host.py:200: CalledProcessError

Please see the logs in PR #257, in the test report.


The latest runs were green on:
- fedora-previous (logs from 2020-07-17)
- fedora-latest (logs from 2020-07-16)
- testing-fedora (logs from 2020-07-12)
- fedora-previous-ipa-4-8 (logs from 2020-07-11)

Waiting for recent logs with fedora-latest-ipa-4-8 and fedora-rawhide. If they are clean, we'll be able to close this issue.

Green runs on fedora-latest-ipa-4-8 (logs from 2020-07-25)

Login to comment on this ticket.

Metadata