#8550 Uninstallation of server with KRA diplays error but proceeds successfully (unable to access security domain)
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by fcami.

testing_master_testing Nightly PR #481 failed at installing KRA at 'ipa-server-install', '--uninstall', '-U'

2020-10-18 03:41:44 ERROR: unable to access security domain. Continuing .. HTTPSConnectionPool(host='master.ipa.test', port=443): Max retries exceeded with url: /ca/rest/securityDomain/domainInfo (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f7095d6afa0>: Failed to establish a new connection: [Errno 111] Connection refused')) 
2020-10-18 03:41:44 WARNING: this 'KRA' entry will NOT be deleted from security domain 'IPA'!
2020-10-18 03:41:44 WARNING: security domain 'IPA' may be offline or unreachable!
2020-10-18 03:41:44 ERROR: subprocess.CalledProcessError:  Command '['/usr/bin/sslget', '-n', 'subsystemCert cert-pki-ca', '-p', '5Iz^j3t1B/F$Qk(M*d.O+M9G;N-5,0X/hfW;vx(JQ', '-d', '/etc/pki/pki-tomcat/alias', '-e', 'name="/var/lib/pki/pki-tomcat"&type=KRA&list=kraList&host=master.ipa.test&sport=443&ncsport=443&adminsport=443&agentsport=443&operation=remove', '-v', '-r', '/ca/agent/ca/updateDomainXML', 'master.ipa.test:443']' returned non-zero exit status 6.!
2020-10-18 03:43:17 ERROR: CalledProcessError: Command '['systemctl', 'start', 'pki-tomcatd@pki-tomcat.service']' returned non-zero exit status 1.
  File "/usr/lib/python3.8/site-packages/pki/server/pkidestroy.py", line 261, in main
    scriptlet.destroy(deployer)
  File "/usr/lib/python3.8/site-packages/pki/server/deployment/scriptlets/finalization.py", line 90, in destroy
    instance.start()
  File "/usr/lib/python3.8/site-packages/pki/server/__init__.py", line 261, in start
    subprocess.check_call(cmd)
  File "/usr/lib64/python3.8/subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)

DS version: 389-ds-base-1.4.3.13-1.fc32.x86_64

This is similar to https://pagure.io/freeipa/issue/7642


Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1902173

3 years ago

Metadata Update from @rcritten:
- Issue assigned to rcritten

3 years ago

master:

  • 62521ed Change CA profile migration message from info to debug
  • daf2ca3 Use the new API introduced in PKI 10.8
  • 928ab51 ipactl: support script status 3, program is not running
  • 1870c93 Ensure IPA is running (ideally) before uninstalling the KRA
  • ed21787 Add exit status to the ipactl man page
  • 8082a2d ipatests: Handle non-zero return code in test_ipactl_scenario_check

ipa-4-9:

  • b99bc2d Change CA profile migration message from info to debug
  • 4d26ce5 Use the new API introduced in PKI 10.8
  • ddb5414 ipactl: support script status 3, program is not running
  • 87ede26 Ensure IPA is running (ideally) before uninstalling the KRA
  • 302f937 Add exit status to the ipactl man page
  • 00226ad ipatests: Handle non-zero return code in test_ipactl_scenario_check

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

master:

  • 5e49910 ipatests: error message check in uninstall log for KRA

ipa-4-9:

  • 6b25cd3 ipatests: error message check in uninstall log for KRA

Login to comment on this ticket.

Metadata