The nightly test test_http_kdc_proxy.py::TestHttpKdcProxy is failing in rawhide, see for instance PR #1076 with the following logs and report: - TestHttpKdcProxy::test_access_blocked_on_client_without_kdcproxy[ipa] - TestHttpKdcProxy::test_access_blocked_on_client_without_kdcproxy[ad] - TestHttpKdcProxy::test_ipa_user_login_on_client_with_kdcproxy - TestHttpKdcProxy::test_ad_user_login_on_client_with_kdcproxy[True] - TestHttpKdcProxy::test_ad_user_login_on_client_with_kdcproxy[False] - TestHttpKdcProxy::test_kdcproxy_handles_small_packets_from_ad
test_http_kdc_proxy.py::TestHttpKdcProxy
TestHttpKdcProxy::test_access_blocked_on_client_without_kdcproxy[ipa]
TestHttpKdcProxy::test_access_blocked_on_client_without_kdcproxy[ad]
TestHttpKdcProxy::test_ipa_user_login_on_client_with_kdcproxy
TestHttpKdcProxy::test_ad_user_login_on_client_with_kdcproxy[True]
TestHttpKdcProxy::test_ad_user_login_on_client_with_kdcproxy[False]
TestHttpKdcProxy::test_kdcproxy_handles_small_packets_from_ad
The failure is similar for all the above tests, in a call to firewall-cmd:
firewall-cmd
self = <ipatests.test_integration.test_http_kdc_proxy.TestHttpKdcProxy object at 0x7f7bbb760820> mh = <pytest_multihost.plugin.MultihostFixture object at 0x7f7bbb9cc520> @pytest.fixture() def restrict_network_for_client(self, mh): fw_rules_allow = [ ['OUTPUT', '-p', 'udp', '--dport', '53', '-j', 'ACCEPT'], ['OUTPUT', '-p', 'tcp', '--dport', '80', '-j', 'ACCEPT'], ['OUTPUT', '-p', 'tcp', '--dport', '443', '-j', 'ACCEPT'], ['OUTPUT', '-p', 'tcp', '--sport', '22', '-j', 'ACCEPT']] fw = Firewall(self.client) > fw.prepend_passthrough_rules(fw_rules_allow) test_integration/test_http_kdc_proxy.py:83: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pytest_ipa/integration/firewall.py:274: in prepend_passthrough_rules self.firewall.prepend_passthrough_rules(rules, ipv) pytest_ipa/integration/firewall.py:212: in prepend_passthrough_rules self.passthrough_rule(["-I", rule[0], str(i)] + rule[1:], ipv) pytest_ipa/integration/firewall.py:189: in passthrough_rule self.host.run_command(args) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <ipatests.pytest_ipa.integration.host.Host client1.ipa.test (client)> argv = ['firewall-cmd', '--direct', '--passthrough', 'ipv6', '-I', 'OUTPUT', ...] set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0 def run_command(self, argv, set_env=True, stdin_text=None, log_stdout=True, raiseonerr=True, cwd=None, bg=False, encoding='utf-8', ok_returncode=0): """Wrapper around run_command to log stderr on raiseonerr=True :param ok_returncode: return code considered to be correct, you can pass an integer or sequence of integers """ result = super().run_command( argv, set_env=set_env, stdin_text=stdin_text, log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg, encoding=encoding ) # in FIPS mode SSH may print noise to stderr, remove the string # "FIPS mode initialized" + optional newline. result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes) try: result_ok = result.returncode in ok_returncode except TypeError: result_ok = result.returncode == ok_returncode if not result_ok and raiseonerr: result.log.error('stderr: %s', result.stderr_text) > raise subprocess.CalledProcessError( result.returncode, argv, result.stdout_text, result.stderr_text ) E subprocess.CalledProcessError: Command '['firewall-cmd', '--direct', '--passthrough', 'ipv6', '-I', 'OUTPUT', '1', '-p', 'udp', '--dport', '53', '-j', 'ACCEPT']' returned non-zero exit status 13. pytest_ipa/integration/host.py:202: CalledProcessError -----------------------------Captured stderr setup------------------------------ ipa: ERROR: stderr: Error: COMMAND_FAILED: INVALID_IPV: 'ipv6' is not a valid backend or is unavailable
It seems the issue was introduced with the update of firewalld package to 1.0.0-1.fc35.
Opened https://bugzilla.redhat.com/show_bug.cgi?id=1990271 against Fedora/rawhide/firewalld component.
Metadata Update from @frenaud: - Issue assigned to frenaud
BZ #1990271 has been fixed in f35 with firewalld-1.0.1-1.fc35. Issue did not happen any more in rawhide nightly, see green run in PR #1105: report.
Closing the tracker as fixed.
Metadata Update from @frenaud: - Assignee reset - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.