The nightly test test_ipahealthcheck failed in PR #341 when running ipa-healtcheck. See the report and the test logs.
test_ipahealthcheck
Test scenario: install the KRA on a master (fedora 32 with updates-testing enabled + the nightly copr for PKI) run ipa-healthcheck --output-type json --failures-only
The output contains ERROR messages:
INFO ipatests.pytest_ipa.integration.host.Host.master.IPAOpenSSHTransport:transport.py:391 RUN ['ipa-healthcheck', '--output-type', 'json', '--failures-only'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:513 RUN ['ipa-healthcheck', '--output-type', 'json', '--failures-only'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 [ DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 { DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "source": "pki.server.healthcheck.meta.csconfig", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "check": "KRADogtagCertsConfigCheck", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "result": "ERROR", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "uuid": "6c6bc8f1-889f-420e-a61c-09a52dca5962", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "when": "20200810015730Z", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "duration": "0.052823", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "kw": { DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "key": "kra_sslserver", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "nickname": "Server-Cert cert-pki-ca", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "directive": "kra.sslserver.cert", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "configfile": "/var/lib/pki/pki-tomcat/kra/conf/CS.cfg", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "msg": "Certificate 'Server-Cert cert-pki-ca' does not match the value of kra.sslserver.cert in /var/lib/pki/pki-tomcat/kra/conf/CS.cfg" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 } DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 }, DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 { DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "source": "pki.server.healthcheck.meta.csconfig", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "check": "KRADogtagCertsConfigCheck", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "result": "ERROR", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "uuid": "be72cfed-e710-4457-ad1f-3d84497d9a13", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "when": "20200810015730Z", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "duration": "0.101471", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "kw": { DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "key": "kra_subsystem", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "nickname": "subsystemCert cert-pki-ca", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "directive": "kra.subsystem.cert", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "configfile": "/var/lib/pki/pki-tomcat/kra/conf/CS.cfg", DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 "msg": "Certificate 'subsystemCert cert-pki-ca' does not match the value of kra.subsystem.cert in /var/lib/pki/pki-tomcat/kra/conf/CS.cfg" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 } DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 } DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:557 ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd202:transport.py:217 Exit code: 1
Hi Flo,
Thanks for filing the ticket. Seems like this issue occurs only in KRA installation. Note that this healthcheck has been there since Jan 2020. Did something change recently in IPA scripts that configures KRA?
Metadata Update from @dmoluguw: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
Metadata Update from @dmoluguw: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1869893
Hi @dmoluguw I don't recall any change in ipa-kra-install. The test was added a while ago, but we had a set of different issues during the server install when using @pki copr repo that probably masked the issue for a while.
Seems like the issue was with pki-core and not healthcheck.
This issue has been fixed in master (10.10): https://github.com/dogtagpki/pki/pull/536
Closing this as fixed
Metadata Update from @dmoluguw: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3319
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.