test_integration/test_upgrade.py::TestUpgrade::()::test_kra_detection fails in [testing_ipa-4.6] with following reason:
[testing_ipa-4.6]
E subprocess.CalledProcessError: Command '['ipa-server-upgrade']' returned non-zero exit status 1.
furthermore
ipa: ERROR: stderr: Update complete Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] CRL tree already moved [Verifying that CA proxy configuration is correct] IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: Command '/bin/systemctl start pki-tomcatd@pki-tomcat.service' returned non-zero exit status 1. The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
/var/log/ipaupgrade.log is not captured, however, runner log shows:
/var/log/ipaupgrade.log
Jan 10 16:21:12 master.ipa.test systemd[1]: Starting PKI Tomcat Server pki-tomcat... Jan 10 16:21:12 master.ipa.test pkidaemon[22957]: WARNING: Symbolic link '/var/lib/pki/pki-tomcat/kra/alias' does NOT exist! Jan 10 16:21:12 master.ipa.test pkidaemon[22957]: INFO: Attempting to create '/var/lib/pki/pki-tomcat/kra/alias' -> '/var/lib/pki/pki-tomcat/alias' . . . Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ln: failed to create symbolic link '/var/lib/pki/pki-tomcat/kra/alias': Permission denied Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR: Failed to create '/var/lib/pki/pki-tomcat/kra/alias' -> '/var/lib/pki/pki-tomcat/alias'! Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: WARNING: Symbolic link '/var/lib/pki/pki-tomcat/kra/registry' does NOT exist! Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: INFO: Attempting to create '/var/lib/pki/pki-tomcat/kra/registry' -> '/etc/sysconfig/pki/tomcat/pki-tomcat' . . . Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ln: failed to create symbolic link '/var/lib/pki/pki-tomcat/kra/registry': Permission denied Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR: Failed to create '/var/lib/pki/pki-tomcat/kra/registry' -> '/etc/sysconfig/pki/tomcat/pki-tomcat'! Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: WARNING: Symbolic link '/var/lib/pki/pki-tomcat/kra/logs' does NOT exist! Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: INFO: Attempting to create '/var/lib/pki/pki-tomcat/kra/logs' -> '/var/log/pki/pki-tomcat/kra' . . . Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR: Failed making '/var/lib/pki/pki-tomcat/kra/logs' -> '/var/log/pki/pki-tomcat/kra' since target '/var/log/pki/pki-tomcat/kra' does NOT exist! Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: WARNING: Symbolic link '/var/lib/pki/pki-tomcat/kra/conf' does NOT exist! Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: INFO: Attempting to create '/var/lib/pki/pki-tomcat/kra/conf' -> '/etc/pki/pki-tomcat/kra' . . . Jan 10 16:21:13 master.ipa.test pkidaemon[22957]: ERROR: Failed making '/var/lib/pki/pki-tomcat/kra/conf' -> '/etc/pki/pki-tomcat/kra' since target '/etc/pki/pki-tomcat/kra' does NOT exist! Jan 10 16:21:13 master.ipa.test audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=pki-tomcatd@pki-tomcat comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Jan 10 16:21:13 master.ipa.test systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1 Jan 10 16:21:13 master.ipa.test systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. Jan 10 16:21:13 master.ipa.test systemd[1]: pki-tomcatd@pki-tomcat.service: Unit entered failed state. Jan 10 16:21:13 master.ipa.test systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.
PR640, full logs, runner journal
This is a known issue in dogtagpki and the test will have to be adapted: https://github.com/dogtagpki/pki/issues/3397 Please see the table listing the pki versions that show the issue. On ipa-4-6 branch we can simply skip the test (it would fail on fedora 27 and also on RHEL 7.9). On ipa-4-8 and ipa-4-9 the test is already skipped.
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5424
After a second thought, I decided to change the test scenario and validate the API kra.is_installed(). This makes the test independant from pki behavior re. issue https://github.com/dogtagpki/pki/issues/3397
master:
ipa-4-8:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-9:
ipa-4-6:
Login to comment on this ticket.