The nightly test test_installation_TestInstallWithCA1 is failing on fedora 38. See PR #3673 with the following logs and report:
test_installation_TestInstallWithCA1
RUN ['ipa-kra-install', '-U', '-p', 'Secret.123'] Lookup failed: Preferred host replica1.ipa.test does not provide KRA. Custodia uses 'replica0.ipa.test' as master peer. HSM is not supported in PKI version 11.3.1 The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information Exit code: 1
The KRA installation fails even though there is no HSM setup.
While I agree that f38 is already EOL, the code is making unnecessary checks when there is no HSM.
The file ipaserver/install/kra.py contains the following code in install_check:
if replica_config is not None: (token_name, token_library) = ca.lookup_hsm_configuration(api) ca.hsm_validator(token_name, token_library, options.token_password)
which calls hsm_validator even when no HSM is setup. The fix can either call ca.hsm_validator only when token_name, token_library are not None or modify hsm_validator to return early if HSM is not setup.
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/7346
master:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.