freeipa

Clone
Source Code
GIT

#8653 Nightly test failure in test_integration/test_upgrade.py::TestUpgrade::()::test_kra_detection
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by mpolovka.

Closed: fixed
Reopen Issue

test_integration/test_upgrade.py::TestUpgrade::()::test_kra_detection fails in [testing_ipa-4.6] with following reason:

E           subprocess.CalledProcessError: Command '['ipa-server-upgrade']' returned non-zero exit status 1.

furthermore

ipa: ERROR: stderr: Update complete
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
CRL tree already moved
[Verifying that CA proxy configuration is correct]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: Command '/bin/systemctl start pki-tomcatd@pki-tomcat.service' returned non-zero exit status 1.
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information

/var/log/ipaupgrade.log is not captured, however, runner log shows:

Jan 10 16:21:12 master.ipa.test systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Jan 10 16:21:12 master.ipa.test pkidaemon[22957]: WARNING:  Symbolic link '/var/lib/pki/pki-tomcat/kra/alias' does NOT exist!
Jan 10 16:21:12 master.ipa.test pkidaemon[22957]: INFO:  Attempting to create '/var/lib/pki/pki-tomcat/kra/alias' -> '/var/lib/pki/pki-tomcat/alias' . . .
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ln: failed to create symbolic link '/var/lib/pki/pki-tomcat/kra/alias': Permission denied
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR:  Failed to create '/var/lib/pki/pki-tomcat/kra/alias' -> '/var/lib/pki/pki-tomcat/alias'!
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: WARNING:  Symbolic link '/var/lib/pki/pki-tomcat/kra/registry' does NOT exist!
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: INFO:  Attempting to create '/var/lib/pki/pki-tomcat/kra/registry' -> '/etc/sysconfig/pki/tomcat/pki-tomcat' . . .
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ln: failed to create symbolic link '/var/lib/pki/pki-tomcat/kra/registry': Permission denied
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR:  Failed to create '/var/lib/pki/pki-tomcat/kra/registry' -> '/etc/sysconfig/pki/tomcat/pki-tomcat'!
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: WARNING:  Symbolic link '/var/lib/pki/pki-tomcat/kra/logs' does NOT exist!
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: INFO:  Attempting to create '/var/lib/pki/pki-tomcat/kra/logs' -> '/var/log/pki/pki-tomcat/kra' . . .
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR:  Failed making '/var/lib/pki/pki-tomcat/kra/logs' -> '/var/log/pki/pki-tomcat/kra' since target '/var/log/pki/pki-tomcat/kra' does NOT exist!
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: WARNING:  Symbolic link '/var/lib/pki/pki-tomcat/kra/conf' does NOT exist!
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: INFO:  Attempting to create '/var/lib/pki/pki-tomcat/kra/conf' -> '/etc/pki/pki-tomcat/kra' . . .
Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR:  Failed making '/var/lib/pki/pki-tomcat/kra/conf' -> '/etc/pki/pki-tomcat/kra' since target '/etc/pki/pki-tomcat/kra' does NOT exist!
Jan 10 16:21:13 master.ipa.test audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=pki-tomcatd@pki-tomcat comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jan 10 16:21:13 master.ipa.test systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1
Jan 10 16:21:13 master.ipa.test systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
Jan 10 16:21:13 master.ipa.test systemd[1]: pki-tomcatd@pki-tomcat.service: Unit entered failed state.
Jan 10 16:21:13 master.ipa.test systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.

PR640, full logs, runner journal

This is a known issue in dogtagpki and the test will have to be adapted: https://github.com/dogtagpki/pki/issues/3397
Please see the table listing the pki versions that show the issue. On ipa-4-6 branch we can simply skip the test (it would fail on fedora 27 and also on RHEL 7.9).
On ipa-4-8 and ipa-4-9 the test is already skipped.

Metadata Update from @frenaud:
- Issue assigned to frenaud
3 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5424
3 years ago

After a second thought, I decided to change the test scenario and validate the API kra.is_installed(). This makes the test independant from pki behavior re. issue https://github.com/dogtagpki/pki/issues/3397

master:

  • 6e0634b ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection

ipa-4-8:

  • 35be925 ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
3 years ago

ipa-4-9:

  • 0db2896 ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection

ipa-4-6:

  • 46a4e93 ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection

Login to comment on this ticket.

Metadata

tests test-failure

None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/5424
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.