test_acme_service_not_yet_enabled
test_enable_acme_service
test_disable_acme_service
error with
E subprocess.CalledProcessError: Command '['curl', '--fail', 'https://ipa-ca.ipa.test/acme/directory']' returned non-zero exit status 6.
(6 means "Couldn't resolve host. The given remote host was not resolved.")
test_certbot_register
test_certbot_certonly_standalone
E subprocess.CalledProcessError: Command '['certbot', '--server', 'https://ipa-ca.ipa.test/acme/directory', 'certonly', '--domain', 'client0.ipa.test', '--standalone']' returned non-zero exit status 1.
test_certbot_revoke
> raise IOError('File %r could not be read' % filename) E OSError: File '/etc/letsencrypt/live/client0.ipa.test/cert.pem' could not be read
test_certbot_dns
E subprocess.CalledProcessError: Command '['certbot', '--server', 'https://ipa-ca.ipa.test/acme/directory', 'certonly', '--non-interactive', '--domain', 'client0.ipa.test', '--preferred-challenges', 'dns', '--manual', '--manual-public-ip-logging-ok', '--manual-auth-hook', '/usr/libexec/ipa/acme/certbot-dns-ipa', '--manual-cleanup-hook', '/usr/libexec/ipa/acme/certbot-dns-ipa']' returned non-zero exit status 1. pytest_ipa/integration/host.py:200: CalledProcessError ------------------------------Captured stderr call------------------------------ ipa: ERROR: stderr: Use of --manual-public-ip-logging-ok is deprecated. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
test_mod_md
E subprocess.CalledProcessError: Command '['curl', 'https://client0.ipa.test']' returned non-zero exit status 60.
(60 means 'Peer certificate cannot be authenticated with known CA certificates")
Metadata Update from @mpolovka: - Issue tagged with: test-failure, tests
Many of these failures seem to be DNS related:
As pointed out, return value 6 is DNS lookup failure.
Lookup of the IPA server failed:
ipa: ERROR: stderr: Saving debug log to /var/log/letsencrypt/letsencrypt.log An unexpected error occurred: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='ipa-ca.ipa.test', port=443): Max retries exceeded with url: /acme/directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f070e265760>: Failed to establish a new connection: [Errno -2] Name or service not known')) Please see the logfiles in /var/log/letsencrypt for more details.
2021-02-06 10:35:44,345:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7fd948d7a580> and installer None 2021-02-06 10:35:44,345:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None 2021-02-06 10:35:44,345:WARNING:certbot.util:Invalid email address: exit.
Because registration failed, this failed.
Failed because the previous test failed (because registration failed).
Failed because unregistered which suggests that registration indeed failed and was not caught.
Also seems DNS related:
Unsuccessful in contacting ACME server at https://ipa-ca.ipa.test/acme/directory.
So I think at best what we can do is condition some of the tests on whether certbot registration was successful and skip as xfail or some other status.
The DNS issues are probably related to the way PRCI sets up the networking. @wladich is investigating, see PR #5474
Another failure observed [testing_ipa-4.9_latest] Nightly PR #711, logs
Another failure observed [testing_ipa-4.9_latest] Nightly PR #741, logs
Failures observed: [testing_ipa-4.9_latest] Nightly PR #756 , logs
Test does not fail any more: - testing_master_pki: PR 777, Report - testing_master_latest: PR 770, Report - testing_ipa-4-9_latest: PR 771, Report - testing_ipa-4-9_previous: PR 773, Report
Was fixed with https://github.com/freeipa/freeipa/pull/5474
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.