The nightly test test_server_del is failing on rawhide with pki-server-10.11.0-0.1.alpha1.fc35.noarch. See PR #921 with the following logs and report:
test_server_del
self = <ipatests.test_integration.test_server_del.TestServerDel object at 0x7f3fd52a0490> def test_ignore_topology_disconnect_replica1(self): """ tests that removal of replica1 with '--ignore-topology-disconnect' destroys master for good """ check_master_removal( self.client, self.replica1.hostname, ignore_topology_disconnect=True ) # reinstall the replica tasks.uninstall_master(self.replica1) > tasks.install_replica(self.master, self.replica1, setup_ca=True) test_integration/test_server_del.py:184: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pytest_ipa/integration/tasks.py:512: in install_replica result = replica.run_command(args, raiseonerr=raiseonerr, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <ipatests.pytest_ipa.integration.host.Host replica1.ipa.test (replica)> argv = ['ipa-replica-install', '--admin-password', 'Secret.123', '--password', 'Secret.123', '-U', ...] set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0 def run_command(self, argv, set_env=True, stdin_text=None, log_stdout=True, raiseonerr=True, cwd=None, bg=False, encoding='utf-8', ok_returncode=0): """Wrapper around run_command to log stderr on raiseonerr=True :param ok_returncode: return code considered to be correct, you can pass an integer or sequence of integers """ result = super().run_command( argv, set_env=set_env, stdin_text=stdin_text, log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg, encoding=encoding ) # in FIPS mode SSH may print noise to stderr, remove the string # "FIPS mode initialized" + optional newline. result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes) try: result_ok = result.returncode in ok_returncode except TypeError: result_ok = result.returncode == ok_returncode if not result_ok and raiseonerr: result.log.error('stderr: %s', result.stderr_text) > raise subprocess.CalledProcessError( result.returncode, argv, result.stdout_text, result.stderr_text ) E subprocess.CalledProcessError: Command '['ipa-replica-install', '--admin-password', 'Secret.123', '--password', 'Secret.123', '-U', '--setup-ca', '--ip-address', '192.168.122.65', '--realm', 'IPA.TEST', '--domain', 'ipa.test', '--dirsrv-config-file', '/ipatests/ipatests_dse.ldif']' returned non-zero exit status 1. pytest_ipa/integration/host.py:202: CalledProcessError ------------------------------Captured stderr call------------------------------ ipa: WARNING: ipa: ERROR: DNS zone with name "122.168.192.in-addr.arpa." already exists ipa: ERROR: stderr: Lookup failed: Preferred host replica1.ipa.test does not provide DNS. Reverse DNS resolution of address 192.168.122.26 (master.ipa.test) failed. Clients may not function properly. Please check your DNS setup. (Note that this check queries IPA DNS directly and ignores /etc/hosts.) Replica DNS records could not be added on master: Insufficient access: Insufficient 'add' privilege to add the entry 'idnsname=replica1,idnsname=ipa.test.,cn=dns,dc=ipa,dc=test'. Custodia uses 'master.ipa.test' as master peer. Failed to configure CA instance See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat CA configuration failed. The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
Test scenario: - install first server - install replica - uninstall replica - re-install replica
The test is failing in a call to pkispawn, with an error trying to add the entry "uid=CA-replica1.ipa.test-8443,ou=People,o=ipaca" (entry already exists).
Companion issue on pki side: https://github.com/dogtagpki/pki/issues/3544
Fix verified with dogtag-pki-base-11.1.0-0.1.alpha1.20211102190529UTC.ec45bb54.fc36.noarch which is available in the copr repo @pki/master. Reinstallation of the replica now succeeds.
pki fixed the issue with commit ec45bb5, we are now waiting for a new pki release in Fedora rawhide with the fix.
The test is now passing in rawhide, see PR #1351 with the following report - using dogtag-pki-server-11.1.0-0.1.alpha2.fc36.noarch
dogtag-pki-server-11.1.0-0.1.alpha2.fc36.noarch
But still failing in fedora 35, see PR #1356(https://github.com/freeipa-pr-ci2/freeipa/pull/1356) with the following report - using dogtag-pki-server-11.0.0-1.fc35.noarch
dogtag-pki-server-11.0.0-1.fc35.noarch
The fix has been backported from Rawhide to F35: https://bodhi.fedoraproject.org/updates/FEDORA-2021-e37cdfc41d
On Tue, 7 Dec 2021 at 08:55, Florence Blanc-Renaud pagure@pagure.io wrote:
frenaud added a new comment to an issue you are following: ` The test is now passing in rawhide, see PR #[1351]( https://github.com/freeipa-pr-ci2/freeipa/pull/1351) with the following [report]( http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/170bf27e-54fc-11ec-a379-fa163e472ef6/report.html) - usingdogtag-pki-server-11.1.0-0.1.alpha2.fc36.noarch` But still failing in fedora 35, see PR #1356( https://github.com/freeipa-pr-ci2/freeipa/pull/1356) with the following report - using dogtag-pki-server-11.0.0-1.fc35.noarch `` To reply, visit the link below or just reply to this email https://pagure.io/freeipa/issue/8865
frenaud added a new comment to an issue you are following: ` The test is now passing in rawhide, see PR #[1351]( https://github.com/freeipa-pr-ci2/freeipa/pull/1351) with the following [report]( http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/170bf27e-54fc-11ec-a379-fa163e472ef6/report.html) - usingdogtag-pki-server-11.1.0-0.1.alpha2.fc36.noarch`
` The test is now passing in rawhide, see PR #[1351]( https://github.com/freeipa-pr-ci2/freeipa/pull/1351) with the following [report]( http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/170bf27e-54fc-11ec-a379-fa163e472ef6/report.html) - using
But still failing in fedora 35, see PR #1356( https://github.com/freeipa-pr-ci2/freeipa/pull/1356) with the following report - using dogtag-pki-server-11.0.0-1.fc35.noarch ``
To reply, visit the link below or just reply to this email https://pagure.io/freeipa/issue/8865
@ckelley thanks for the new build. The scenario is now successful with dogtag-pki-server-11.0.2-1.fc35.noarch. I added a comment + positive karma to the bodhi update.
Failures observed in testing_master_latest PR #1433 report
Metadata Update from @sumedhs: - Issue untagged with: test-failure, tracker
Metadata Update from @frenaud: - Issue tagged with: test-failure, tracker
master:
ipa-4-9:
Issue can be closed, PRCI nightly tests don't see the issue any more.
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.