The nightly tests detected a regression when using the nightly build of pki master branch. Failing test: test_integration/test_acme.py::TestACMEPrune::test_prune_cert_manual The regression was seen with PR #2434, with the following logs and report:
Test scenario: - expire cert by moving date past expiry of acme cert - check that the certificate issued for the client - ipa cert-find --subject client_hostname
client_hostname
Actual output:
E subprocess.CalledProcessError: Command '['ipa', 'cert-find', '--subject', 'client0.ipa.test']' returned non-zero exit status 1. pytest_ipa/integration/host.py:202: CalledProcessError ------------------------------Captured stderr call------------------------------ ipa: ERROR: stderr: ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (500)
Metadata Update from @amore: - Issue tagged with: test-failure, tests
The CA is not logging to debug after the time switch. Only March 13 entries exist in the log so we can't see the details on why the request failed. The catalina log in June is reporting the 500 though, but that just confirms that the CA failed the request, not the why.
Perhaps try an explicit restart of pki-tomcat@pki-tomcatd, if not ipactl restart, after moving time.
Reproduced in testing_master_pki , report
Reproduced in [testing_master_pki] , report
@myusuf Could you please look into this.
It looks like time is jumping backwards twice (or not returning to current time). I can't tell exactly where. test_prune_cert_cron is jumping back to Tue Jan 24 05:51:27 AM, before the certificates were issued, which is likely why the authentication is failing.
test_prune_cert_manual (passing) jumped forward to Sun Jul 23 07:48:51 AM UTC 2023.
The issue now also happens in rawhide, see PR #2755, with the release of pki 11.4.3
master:
ipa-4-10:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.