#8520 Nightly test failure in freeipa for acme with certbot with pki-master-latest (acme ldap schema missing)
Closed: fixed 4 days ago by frenaud. Opened 3 months ago by amore.

The nightly tests for freeipa (using the repo pki-master-latest) failed with
LDAP add failed: netscape.ldap.LDAPException: error result (65); unknown object class "acmeNonce"

See the PR 439
with the logs

Logs on master for acme


Logs on the master for the corresponding call master-acme

2020-09-28 13:23:46 [ajp-nio-127.0.0.1-8009-exec-4] SEVERE: Servlet.service() for servlet [ACME] in context with path [/acme] threw exception
org.jboss.resteasy.spi.UnhandledException: java.lang.Exception: LDAP add failed: netscape.ldap.LDAPException: error result (65); unknown object class "acmeNonce"

at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:78)
at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:222)
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:179)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:422)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:431)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.Exception: LDAP add failed: netscape.ldap.LDAPException: error result (65); unknown object class "acmeNonce"

at org.dogtagpki.acme.database.LDAPDatabase.ldapAdd(LDAPDatabase.java:906)
at org.dogtagpki.acme.database.LDAPDatabase.addNonce(LDAPDatabase.java:259)
at org.dogtagpki.acme.server.ACMEEngine.createNonce(ACMEEngine.java:514)
at org.dogtagpki.acme.server.ACMENewNonceService.createNonce(ACMENewNonceService.java:52)
at org.dogtagpki.acme.server.ACMENewNonceService.headNewNonce(ACMENewNonceService.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
... 53 more

Caused by: netscape.ldap.LDAPException: error result (65); unknown object class "acmeNonce"

at netscape.ldap.LDAPConnection.checkMsg(Unknown Source)
at netscape.ldap.LDAPConnection.add(Unknown Source)
at netscape.ldap.LDAPConnection.add(Unknown Source)
at netscape.ldap.LDAPConnection.add(Unknown Source)
at org.dogtagpki.acme.database.LDAPDatabase.ldapAdd(LDAPDatabase.java:904)
... 66 more

Installed versions
pki-acme-10.10.0-0.1.alpha1.20200925212028UTC.040b5657.fc32.noarch

Opened a corresponding issue on dogtagpki side: #3214

This is due to expected changes in ACME in dogtag to do global enablement. The first upstream dogtag PR for this is https://github.com/dogtagpki/pki/pull/562

Changes are needed in IPA for this and will be tracked in https://pagure.io/freeipa/issue/8524

Metadata Update from @frenaud:
- Issue tagged with: test-failure, tests

2 months ago

master:

  • 790b765 ipatests: call the CALess install method to generate the CA
  • 89fddb0 ipatests: Configure a replica in TestACMEwithExternalCA
  • 7030651 ipatests: Clean up existing ACME registration and certs
  • 3a9fc01 ipatests: configure MDStoreDir for mod_md ACME test
  • e6489dc ipatests: honor class inheritance in TestACMEwithExternalCA
  • 75e3803 ipatests: Increase timeout for ACME in gating.yaml
  • b6004cf ipatests: Bump PR-CI templates

ipa-4-9:

  • 3cd6b81 ipatests: call the CALess install method to generate the CA
  • de5baf8 ipatests: Configure a replica in TestACMEwithExternalCA
  • 5d286e7 ipatests: Clean up existing ACME registration and certs
  • b474b26 ipatests: configure MDStoreDir for mod_md ACME test
  • 75ad575 ipatests: honor class inheritance in TestACMEwithExternalCA
  • 17f293e ipatests: Increase timeout for ACME in gating.yaml
  • a3c5c71 ipatests: Bump PR-CI templates

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 days ago

Login to comment on this ticket.

Metadata