#8565 Remove duplication in pkispawn exception output
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by rcritten.

If the CA fails to deply a number of duplicate errors, in various formats, are displayed, eg:

Installation failed: 'CA'


2020-10-30T20:12:52Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
ERROR: KeyError: 'CA'
  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 661, in spawn
    deployer.join_domain()
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 314, in join_domain
    sd_subsystem = self.domain_info.subsystems['CA']


2020-10-30T20:12:52Z CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp7gq2lozi'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\nERROR: KeyError: \'CA\'\n  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main\n    scriptlet.spawn(deployer)\n  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 661, in spawn\n    deployer.join_domain()\n  File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 314, in join_domain\n    sd_subsystem = self.domain_info.subsystems[\'CA\']\n\n')
2020-10-30T20:12:52Z CRITICAL See the installation logs and the following files/directories for more information:
2020-10-30T20:12:52Z CRITICAL   /var/log/pki/pki-tomcat
2020-10-30T20:12:52Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 188, in spawn_instance
    ipautil.run(args, nolog=nolog_list)
  File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 598, in run
    p.returncode, arg_string, output_log, error_log
ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp7gq2lozi'] returned non-zero exit status 1: 'Notice: Trust flag u is set automatically if the private key is present.\nERROR: KeyError: \'CA\'\n  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 562, in main\n    scriptlet.spawn(deployer)\n  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 661, in spawn\n    deployer.join_domain()\n  File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 314, in join_domain\n    sd_subsystem = self.domain_info.subsystems[\'CA\']\n\n')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 603, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 589, in run_step
    method()
  File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 596, in __spawn_instance
    nolog_list=nolog_list
  File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 190, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 423, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.

2020-10-30T20:12:52Z DEBUG   [error] RuntimeError: CA configuration failed.
2020-10-30T20:12:52Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
2020-10-30T20:12:52Z DEBUG   File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 746, in run_script
    return_value = main_function()

  File "/sbin/ipa-ca-install", line 307, in main
    install(safe_options, options)

  File "/sbin/ipa-ca-install", line 273, in install
    install_replica(safe_options, options)

  File "/sbin/ipa-ca-install", line 210, in install_replica
    ca.install(True, config, options, custodia=custodia)

  File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 270, in install
    install_step_0(standalone, replica_config, options, custodia=custodia)

  File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 355, in install_step_0
    pki_config_override=options.pki_config_override,

  File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 480, in configure_instance
    self.start_creation(runtime=runtime)

  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 603, in start_creation
    run_step(full_msg, method)

  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 589, in run_step
    method()

  File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 596, in __spawn_instance
    nolog_list=nolog_list

  File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 190, in spawn_instance
    self.handle_setup_error(e)

  File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 423, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)

2020-10-30T20:12:52Z DEBUG The ipa-ca-install command failed, exception: RuntimeError: CA configuration failed.

Some of this is badly formatted because the pkispawn exception is in stderr.

I'd propose that in ipaserver/install/dogtaginstance.py::handle_setup_error there is no need to log the exception since it is logged already at least once. This will also provide less confusing information to a user.

When raising the RuntimeError() I think it should follow PEP https://www.python.org/dev/peps/pep-0409/ and use the "from" syntax to just raise the new error so the crappy traceback isn't displayed twice.


master:

  • ea58c75 Suppress error message if the CRL directory doesn't exist
  • c0e6342 Don't double-report any errors from pki-spawn failures

ipa-4-9:

  • 584151d Suppress error message if the CRL directory doesn't exist
  • f1e12c7 Don't double-report any errors from pki-spawn failures

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata