freeipa

Clone
Source Code
GIT

#9330 Nightly test failure (testing_master_pki): TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault
Closed: fixed 2 years ago by frenaud. Opened 2 years ago by amore.

Closed: fixed
Reopen Issue

Issue

The nightly tests detected a regression when using the nightly build of pki master branch.
Failing test:
test_integration/test_backup_and_restore.py::TestBackupReinstallRestoreWithKRA::test_full_backup_reinstall_restore_with_vault

The regression was seen with PR #2434, with the following logs and report:

Test scenario:
backup, uninstall, reinstall, restore
- install ipa server with kra
- create vault, archive secret, retrieve secret
- create backup
- uninstall ipa-server
- re-install ipa-server

ipa-server uninstall is failing with error:

DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd76:transport.py:557 failed to uninstall CA instance CalledProcessError(Command ['/usr/sbin/pkidestroy', '-i', 'pki-tomcat', '-s', 'CA', '--log-file', '/var/log/pki/pki-ca-destroy.20230215154243.log'] returned non-zero exit status 1: 'WARNING: Unable to unregister CA subsystem from security domain: POST /ca/agent/ca/updateDomainXML HTTP/1.0\nHost: master.ipa.test:8443\nContent-Length: 83\nContent-Type: application/x-www-form-urlencoded\n\nname=CA+master.ipa.test+443&type=CA&host=master.ipa.test&sport=443&operation=removeport: 8443\nenabled TLS_AES_128_GCM_SHA256 \ndisabled TLS_CHACHA20_POLY1305_SHA256 \t(not FIPS)\nenabled TLS_AES_256_GCM_SHA384 \nenabled TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \nenabled TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ndisabled TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\t(not FIPS)\ndisabled TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\t(not FIPS)\nenabled TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \nenabled TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \nenabled TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \nenabled TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \nenabled TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \nenabled TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \nenabled TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \nenabled TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \nenabled TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \nenabled TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ndisabled TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDHE_ECDSA_WITH_RC4_128_SHA \t(disabled by default)\ndisabled TLS_ECDHE_RSA_WITH_RC4_128_SHA \t(disabled by default)\nenabled TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ndisabled TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \t(not FIPS)\ndisabled TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 \t(disabled by default)\nenabled TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ndisabled TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 \t(disabled by default)\nenabled TLS_DHE_RSA_WITH_AES_128_CBC_SHA \ndisabled TLS_DHE_DSS_WITH_AES_128_CBC_SHA \t(disabled by default)\nenabled TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \ndisabled TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 \t(disabled by default)\ndisabled TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \t(disabled by default)\ndisabled TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA \t(disabled by default)\nenabled TLS_DHE_RSA_WITH_AES_256_CBC_SHA \ndisabled TLS_DHE_DSS_WITH_AES_256_CBC_SHA \t(disabled by default)\nenabled TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \ndisabled TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 \t(disabled by default)\ndisabled TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \t(disabled by default)\ndisabled TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA \t(disabled by default)\ndisabled TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_DHE_DSS_WITH_RC4_128_SHA \t(disabled by default)\ndisabled TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDH_RSA_WITH_AES_128_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDH_RSA_WITH_AES_256_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDH_ECDSA_WITH_RC4_128_SHA \t(disabled by default)\ndisabled TLS_ECDH_RSA_WITH_RC4_128_SHA \t(disabled by default)\nenabled TLS_RSA_WITH_AES_128_GCM_SHA256 \nenabled TLS_RSA_WITH_AES_256_GCM_SHA384 \nenabled TLS_RSA_WITH_AES_128_CBC_SHA \nenabled TLS_RSA_WITH_AES_128_CBC_SHA256 \ndisabled TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \t(disabled by default)\nenabled TLS_RSA_WITH_AES_256_CBC_SHA \nenabled TLS_RSA_WITH_AES_256_CBC_SHA256 \ndisabled TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_SEED_CBC_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_3DES_EDE_CBC_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_RC4_128_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_RC4_128_MD5 \t(disabled by default)\ndisabled TLS_DHE_RSA_WITH_DES_CBC_SHA \t(disabled by default)\ndisabled TLS_DHE_DSS_WITH_DES_CBC_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_DES_CBC_SHA \t(disabled by default)\ndisabled TLS_ECDHE_ECDSA_WITH_NULL_SHA \t(disabled by default)\ndisabled TLS_ECDHE_RSA_WITH_NULL_SHA \t(disabled by default)\ndisabled TLS_ECDH_RSA_WITH_NULL_SHA \t(disabled by default)\ndisabled TLS_ECDH_ECDSA_WITH_NULL_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_NULL_SHA \t(disabled by default)\ndisabled TLS_RSA_WITH_NULL_SHA256 \t(disabled by default)\ndisabled TLS_RSA_WITH_NULL_MD5 \t(disabled by default)\naddr=\'master.ipa.test\'\nfamily=\'2\'\nIP=\'192.168.122.7\'\nexit after PR_Connect with error -5961:\nWARNING: To unregister manually:\nWARNING: $ pki -U https://master.ipa.test:8443 -n <admin> securitydomain-host-del "CA master.ipa.test 443"\nERROR: Cannot update domain using agent port\nERROR: Exception: Cannot update domain using agent port\n File "/usr/lib/python3.11/site-packages/pki/server/pkidestroy.py", line 255, in main\n scriptlet.destroy(deployer)\n File "/usr/lib/python3.11/site-packages/pki/server/deployment/scriptlets/initialization.py", line 220, in destroy\n deployer.security_domain.deregister(instance, subsystem)\n File "/usr/lib/python3.11/site-packages/pki/server/deployment/pkihelper.py", line 2241, in deregister\n raise Exception("Cannot update domain using agent port")\n\n')

Metadata Update from @amore:
- Issue tagged with: test-failure, tracker
2 years ago

Companion issue reported against pki: https://github.com/dogtagpki/pki/issues/4329

Reproduced in testing_master_pki , report

Reproduced in testing_master_pki , report

Reproduced in testing_master_pki , report

Reproduced in testing_master_pki , report

Reproduced in testing_master_pki , report

Reproduced in testing_master_pki , report

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2214933
2 years ago

Issue linked to bug 2214933

Metadata Update from @frenaud:
- Issue assigned to frenaud
2 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6881
- Issue untagged with: tracker
2 years ago

master:

  • 67a33e5 Uninstaller: uninstall PKI before shutting down services
  • 6c84ae5 Detection of PKI subsystem

ipa-4-10:

  • f93a6d3 Uninstaller: uninstall PKI before shutting down services
  • b9a07b1 Detection of PKI subsystem

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
2 years ago

Log in to comment on this ticket.

Metadata

test-failure

None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/6881
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.