Nightly test failure in pki-fedora/test_integration/test_backup_and_restore in [testing_master_pki] Nightly , see for instance PR #1154
Two tests are failing for ipa cert-find with error : ipa: ERROR: stderr: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)
1 : TestBackupAndRestoreWithKRA::test_full_backup_restore_with_vault report logs
2: TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault report , logs
Same failure reproduced in : PR 1154 1 : [testing_master_pki] test_forced_client_enrolment during report, logs 2 : [testing_master_pki] test_webui_cert report 3 : [testing_master_pki] test_backup_and_restore_TestBackupAndRestoreWithReplica report
Metadata Update from @frenaud: - Issue tagged with: test-failure
More details: - the test is using the pki nightly copr https://copr.fedorainfracloud.org/coprs/g/pki/master/ which contains nightly builds of pki master branch. - PKI recently switched to JSON as the default message format (https://github.com/dogtagpki/pki/commit/2c2876a59d1ef20c476143e7cea140c4d32601c4), that may explain the issue.
@ckelley ipa cert-find is internally communicating with Dogtag, still using the XML format, but it seems the response is sent using the JSON format (from pki ca/debug.log):
2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: Searching for certificates 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: PKIService: Request class: CertSearchRequest 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: PKIService: Request format: application/xml 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: PKIService: XML request: <?xml version='1.0' encoding='UTF-8'?> <CertSearchRequest><serialNumberRangeInUse>true</serialNumberRangeInUse><subjectInUse>false</subjectInUse><matchExactly>false</matchExactly><revokedByInUse>false</revokedByInUse><revokedOnInUse>false</revokedOnInUse><revocationReasonInUse>false</revocationReasonInUse><issuedByInUse>false</issuedByInUse><issuedOnInUse>false</issuedOnInUse><validNotBeforeInUse>false</validNotBeforeInUse><validNotAfterInUse>false</validNotAfterInUse><validityLengthInUse>false</validityLengthInUse><certTypeInUse>false</certTypeInUse></CertSearchRequest> 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: Search filter: (certstatus=*) 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: Searching ou=certificateRepository, ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: filter: (certStatus=*) 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=14,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: Search results: 14 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: Searching ou=certificateRepository, ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: filter: (certStatus=*) 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=1,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=2,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=3,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=4,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=5,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=6,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=7,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=8,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=9,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=10,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=11,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=12,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=13,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: DBVirtualList: dn: cn=14,ou=certificateRepository,ou=ca,o=ipaca 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: PKIService: Response format: application/json 2021-09-06 04:21:07 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: PKIService: Response class: CertDataInfos
Is it something we need to change in IPA code? I'm surprised that the answer is JSON when the request is using XML.
@frenaud hmm I think this might help explain some problems we've been seeing ourselves, I'll look into it.
@frenaud I hope that the fix is simple, we modify the HTTP request in ipa cert-find to specifically request that XML is returned, so we revert to the original behaviour. In the future we will need to modify this method call to allow it to work with JSON.
ipa cert-find
https://github.com/freeipa/freeipa/pull/6014
Metadata Update from @fcami: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6014 - Issue assigned to ckelley
Metadata Update from @ckelley: - Custom field changelog adjusted to Make Dogtag return XML for ipa cert-find
master:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-9:
Login to comment on this ticket.