Issue #8943: [Tracker] Nightly test failure in (rawhide) test_http_kdc_proxy.py::TestHttpKdcProxy - freeipa

freeipa

#8943 [Tracker] Nightly test failure in (rawhide) test_http_kdc_proxy.py::TestHttpKdcProxy

Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.

The nightly test test_http_kdc_proxy.py::TestHttpKdcProxy is failing in rawhide, see for instance PR #1076 with the following logs and report:
- TestHttpKdcProxy::test_access_blocked_on_client_without_kdcproxy[ipa]
- TestHttpKdcProxy::test_access_blocked_on_client_without_kdcproxy[ad]
- TestHttpKdcProxy::test_ipa_user_login_on_client_with_kdcproxy
- TestHttpKdcProxy::test_ad_user_login_on_client_with_kdcproxy[True]
- TestHttpKdcProxy::test_ad_user_login_on_client_with_kdcproxy[False]
- TestHttpKdcProxy::test_kdcproxy_handles_small_packets_from_ad

The failure is similar for all the above tests, in a call to firewall-cmd:

self = <ipatests.test_integration.test_http_kdc_proxy.TestHttpKdcProxy object at 0x7f7bbb760820>
mh = <pytest_multihost.plugin.MultihostFixture object at 0x7f7bbb9cc520>

    @pytest.fixture()
    def restrict_network_for_client(self, mh):
        fw_rules_allow = [
            ['OUTPUT', '-p', 'udp', '--dport', '53', '-j', 'ACCEPT'],
            ['OUTPUT', '-p', 'tcp', '--dport', '80', '-j', 'ACCEPT'],
            ['OUTPUT', '-p', 'tcp', '--dport', '443', '-j', 'ACCEPT'],
            ['OUTPUT', '-p', 'tcp', '--sport', '22', '-j', 'ACCEPT']]
        fw = Firewall(self.client)
>       fw.prepend_passthrough_rules(fw_rules_allow)

test_integration/test_http_kdc_proxy.py:83: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
pytest_ipa/integration/firewall.py:274: in prepend_passthrough_rules
    self.firewall.prepend_passthrough_rules(rules, ipv)
pytest_ipa/integration/firewall.py:212: in prepend_passthrough_rules
    self.passthrough_rule(["-I", rule[0], str(i)] + rule[1:], ipv)
pytest_ipa/integration/firewall.py:189: in passthrough_rule
    self.host.run_command(args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <ipatests.pytest_ipa.integration.host.Host client1.ipa.test (client)>
argv = ['firewall-cmd', '--direct', '--passthrough', 'ipv6', '-I', 'OUTPUT', ...]
set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True
cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0

    def run_command(self, argv, set_env=True, stdin_text=None,
                    log_stdout=True, raiseonerr=True,
                    cwd=None, bg=False, encoding='utf-8', ok_returncode=0):
        """Wrapper around run_command to log stderr on raiseonerr=True

        :param ok_returncode: return code considered to be correct,
                              you can pass an integer or sequence of integers
        """
        result = super().run_command(
            argv, set_env=set_env, stdin_text=stdin_text,
            log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
            encoding=encoding
        )
        # in FIPS mode SSH may print noise to stderr, remove the string
        # "FIPS mode initialized" + optional newline.
        result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes)
        try:
            result_ok = result.returncode in ok_returncode
        except TypeError:
            result_ok = result.returncode == ok_returncode
        if not result_ok and raiseonerr:
            result.log.error('stderr: %s', result.stderr_text)
>           raise subprocess.CalledProcessError(
                result.returncode, argv,
                result.stdout_text, result.stderr_text
            )
E           subprocess.CalledProcessError: Command '['firewall-cmd', '--direct', '--passthrough', 'ipv6', '-I', 'OUTPUT', '1', '-p', 'udp', '--dport', '53', '-j', 'ACCEPT']' returned non-zero exit status 13.

pytest_ipa/integration/host.py:202: CalledProcessError
 -----------------------------Captured stderr setup------------------------------ 
ipa: ERROR: stderr: Error: COMMAND_FAILED: INVALID_IPV: 'ipv6' is not a valid backend or is unavailable

It seems the issue was introduced with the update of firewalld package to 1.0.0-1.fc35.

Opened https://bugzilla.redhat.com/show_bug.cgi?id=1990271 against Fedora/rawhide/firewalld component.

Metadata Update from @frenaud:
- Issue assigned to frenaud

2 years ago

frenaud commented 2 years ago

BZ #1990271 has been fixed in f35 with firewalld-1.0.1-1.fc35.
Issue did not happen any more in rawhide nightly, see green run in PR #1105: report.

Closing the tracker as fixed.

Metadata Update from @frenaud:
- Assignee reset
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8943 [Tracker] Nightly test failure in (rawhide) test_http_kdc_proxy.py::TestHttpKdcProxy Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.

Metadata

tests test-failure tracker

#8943 [Tracker] Nightly test failure in (rawhide) test_http_kdc_proxy.py::TestHttpKdcProxy

Closed: fixed 2 years ago by frenaud. Opened 2 years ago by frenaud.