The nightly test test_ipahealthcheck.py::TestIpaHealthCheck::test_ipahealthcheck_ds_encryption is failing in fedora 37 when the repo updates-testing is enabled and 389-ds-base-2.2.4-1 is installed.
test_ipahealthcheck.py::TestIpaHealthCheck::test_ipahealthcheck_ds_encryption
389-ds-base-2.2.4-1
dsconf slapd-IPA-TEST security set --tls-protocol-min=TLS1.0
The command exits on error with:
Error: name 'log' is not defined Exit code: 1
Test output:
self = <ipatests.test_integration.test_ipahealthcheck.TestIpaHealthCheck object at 0x7f762e1350d0> restart_service = <function restart_service.<locals>._stop_service at 0x7f762ecafec0> @pytest.fixture def modify_tls(self, restart_service): """ Fixture to modify DS tls version to TLS1.0 using dsconf tool and revert back to the default TLS1.2 """ instance = realm_to_serverid(self.master.domain.realm) cmd = ["systemctl", "restart", "dirsrv@{}".format(instance)] # The crypto policy must be set to LEGACY otherwise 389ds # combines crypto policy amd minSSLVersion and removes # TLS1.0 on fedora>=33 as the DEFAULT policy forbids TLS1.0 self.master.run_command(['update-crypto-policies', '--set', 'LEGACY']) > self.master.run_command( [ "dsconf", "slapd-{}".format(instance), "security", "set", "--tls-protocol-min=TLS1.0", ] ) test_integration/test_ipahealthcheck.py:1197: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)> argv = ['dsconf', 'slapd-IPA-TEST', 'security', 'set', '--tls-protocol-min=TLS1.0'] set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True cwd = None, bg = False, encoding = 'utf-8', ok_returncode = 0 def run_command(self, argv, set_env=True, stdin_text=None, log_stdout=True, raiseonerr=True, cwd=None, bg=False, encoding='utf-8', ok_returncode=0): """Wrapper around run_command to log stderr on raiseonerr=True :param ok_returncode: return code considered to be correct, you can pass an integer or sequence of integers """ result = super().run_command( argv, set_env=set_env, stdin_text=stdin_text, log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg, encoding=encoding ) # in FIPS mode SSH may print noise to stderr, remove the string # "FIPS mode initialized" + optional newline. result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes) try: result_ok = result.returncode in ok_returncode except TypeError: result_ok = result.returncode == ok_returncode if not result_ok and raiseonerr: result.log.error('stderr: %s', result.stderr_text) > raise subprocess.CalledProcessError( result.returncode, argv, result.stdout_text, result.stderr_text ) E subprocess.CalledProcessError: Command '['dsconf', 'slapd-IPA-TEST', 'security', 'set', '--tls-protocol-min=TLS1.0']' returned non-zero exit status 1. pytest_ipa/integration/host.py:202: CalledProcessError -----------------------------Captured stderr setup------------------------------ ipa: ERROR: stderr:
Link to the nightly PR: #2222 Link to logs
The issue has already been reported on 389-ds side: 389ds #5539 and the fix is available on the 389-ds-base-2.2 branch (12c14ed) but needs a new upstream release
Metadata Update from @frenaud: - Issue tagged with: tracker
Issue can be closed, 389-ds released 2.2.6 with the fix (https://bodhi.fedoraproject.org/updates/FEDORA-2023-6b79d79829)
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.