Nightly test failure (PKI) in test_integration/test_ipahealthcheck.py::TestIpaHealthCheck test_human_output test_ipa_healthcheck_after_certupdate test_dogtag_ca_check_exists test_ipa_healthcheck_no_errors test_ipa_healthcheck_no_errors_with_overrides These tests are failing in latest PKI build. see PR #3391 with the following: logs report
Test scenario: - enable PKI nightly build repo with dnf copr enable -y @pki/master which provides PKI 11.5 - install ipa packages with dnf install -y freeipa-server - install ipa server with embedded CA ipa-server-install --domain ipa.test --realm IPA.TEST -a Secret123 -p Secret123 -U - run ipa-healthcheck
dnf copr enable -y @pki/master
dnf install -y freeipa-server
ipa-server-install --domain ipa.test --realm IPA.TEST -a Secret123 -p Secret123 -U
ipa-healthcheck fails in the following check:
RUN ['ipa-healthcheck', '--output-type', 'human', '--failures-only'] Invalid IP address fe80::3e80:50f:91b0:d4b9 for master.ipa.test.: cannot use link-local IP address fe80::3e80:50f:91b0:d4b9 ERROR: ipahealthcheck.dogtag.ca.DogtagCertsConfigCheck.caSigningCert cert-pki-ca: Certificate ca.signing.cert not found in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg ERROR: ipahealthcheck.dogtag.ca.DogtagCertsConfigCheck.ocspSigningCert cert-pki-ca: Certificate ca.ocsp_signing.cert not found in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg ERROR: ipahealthcheck.dogtag.ca.DogtagCertsConfigCheck.Server-Cert cert-pki-ca: Certificate ca.sslserver.cert not found in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg ERROR: ipahealthcheck.dogtag.ca.DogtagCertsConfigCheck.subsystemCert cert-pki-ca: Certificate ca.subsystem.cert not found in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg ERROR: ipahealthcheck.dogtag.ca.DogtagCertsConfigCheck.auditSigningCert cert-pki-ca: Certificate ca.audit_signing.cert not found in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg Exit code: 1
The test is using ipa-healthcheck 0.16.2.
The patch freeipa-healthcheck #e556edc Skip DogtagCertsConfigCheck for PKI versions >= 11.5.0 fixes the issue, already reported at https://github.com/freeipa/freeipa-healthcheck/issues/317. Not released yet in ipa-healthcheck (latest version is 0.16-2 and does not provide the fix).
We need to wait for a new release of freeipa-healthcheck.
Metadata Update from @frenaud: - Issue tagged with: tracker
I'll backport the patches to F40 and rawhide.
rawhide is done F40: https://bodhi.fedoraproject.org/updates/FEDORA-2024-36e4b6e681
The F40 build passed autoqa and has been submitted to stable.
build for f39: https://bodhi.fedoraproject.org/updates/FEDORA-2024-0c4887a7aa currently in testing
The latest testing_master_pki build is failing to install for an unrelated reason.
Going back a couple of weeks to https://github.com/freeipa-pr-ci2/freeipa/pull/3498 the noted test failures are: Test failures
I think we can mark this as resolved.
@rcritten agreed, as the test was green last week: http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/56c2b084-ea2c-11ee-b3f4-fa163e19a40b/report.html?sort=result
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.