freeipa

Clone
Source Code
GIT

#5512 test_vault.py FAILED
Closed: Fixed None Opened 8 years ago by lslebodn.

Closed: Fixed
Reopen Issue

Tests on replica failed.

freeipa-server-4.2.3.201512051753GITd96b840-0.fc23.x86_64

test_integration/test_vault.py::TestInstallKRA::test_create_and_retrieve_vault_master 
PASSED
test_integration/test_vault.py::TestInstallKRA::test_create_and_retrieve_vault_replica_without_kra FAILED
test_integration/test_vault.py::TestInstallKRA::test_create_and_retrieve_vault_replica_with_kra 
FAILED
test_integration/test_vault.py::TestInstallKRA::test_create_and_retrieve_vault_after_kra_uninstall_on_replica 
FAILED

error log
TESTOUT.log

Tested F22, master

[Tue Dec 08 15:10:34.485365 2015] [wsgi:error] [pid 18287] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_show(u'ci_test_vault_replica_without_kra', rights=False, shared=False, all=False, raw=False, version=u'2.161', no_members=False): SUCCESS
[Tue Dec 08 15:10:35.548212 2015] [wsgi:error] [pid 18274] ipa: ERROR: non-public: IOError: [Errno 2] No such file or directory
[Tue Dec 08 15:10:35.548234 2015] [wsgi:error] [pid 18274] Traceback (most recent call last):
[Tue Dec 08 15:10:35.548237 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 350, in wsgi_execute
[Tue Dec 08 15:10:35.548238 2015] [wsgi:error] [pid 18274]     result = self.Command[name](*args, **options)
[Tue Dec 08 15:10:35.548239 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
[Tue Dec 08 15:10:35.548241 2015] [wsgi:error] [pid 18274]     ret = self.run(*args, **options)
[Tue Dec 08 15:10:35.548242 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 764, in run
[Tue Dec 08 15:10:35.548243 2015] [wsgi:error] [pid 18274]     return self.execute(*args, **options)
[Tue Dec 08 15:10:35.548245 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/vault.py", line 1472, in execute
[Tue Dec 08 15:10:35.548246 2015] [wsgi:error] [pid 18274]     transport_cert = kra_client.system_certs.get_transport_cert()
[Tue Dec 08 15:10:35.548247 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/pki/__init__.py", line 298, in handler
[Tue Dec 08 15:10:35.548249 2015] [wsgi:error] [pid 18274]     return fn_call(inst, *args, **kwargs)
[Tue Dec 08 15:10:35.548250 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/pki/systemcert.py", line 52, in get_transport_cert
[Tue Dec 08 15:10:35.548251 2015] [wsgi:error] [pid 18274]     response = self.connection.get(url, self.headers)
[Tue Dec 08 15:10:35.548253 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/pki/client.py", line 41, in wrapper
[Tue Dec 08 15:10:35.548254 2015] [wsgi:error] [pid 18274]     return func(self, *args, **kwargs)
[Tue Dec 08 15:10:35.548255 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/pki/client.py", line 136, in get
[Tue Dec 08 15:10:35.548257 2015] [wsgi:error] [pid 18274]     data=payload)
[Tue Dec 08 15:10:35.548258 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 477, in get
[Tue Dec 08 15:10:35.548259 2015] [wsgi:error] [pid 18274]     return self.request('GET', url, **kwargs)
[Tue Dec 08 15:10:35.548261 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 465, in request
[Tue Dec 08 15:10:35.548262 2015] [wsgi:error] [pid 18274]     resp = self.send(prep, **send_kwargs)
[Tue Dec 08 15:10:35.548263 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 573, in send
[Tue Dec 08 15:10:35.548265 2015] [wsgi:error] [pid 18274]     r = adapter.send(request, **kwargs)
[Tue Dec 08 15:10:35.548266 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 370, in send
[Tue Dec 08 15:10:35.548267 2015] [wsgi:error] [pid 18274]     timeout=timeout
[Tue Dec 08 15:10:35.548269 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 544, in urlopen
[Tue Dec 08 15:10:35.548274 2015] [wsgi:error] [pid 18274]     body=body, headers=headers)
[Tue Dec 08 15:10:35.548275 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 341, in _make_request
[Tue Dec 08 15:10:35.548276 2015] [wsgi:error] [pid 18274]     self._validate_conn(conn)
[Tue Dec 08 15:10:35.548278 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 761, in _validate_conn
[Tue Dec 08 15:10:35.548279 2015] [wsgi:error] [pid 18274]     conn.connect()
[Tue Dec 08 15:10:35.548280 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py", line 238, in connect
[Tue Dec 08 15:10:35.548282 2015] [wsgi:error] [pid 18274]     ssl_version=resolved_ssl_version)
[Tue Dec 08 15:10:35.548283 2015] [wsgi:error] [pid 18274]   File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py", line 277, in ssl_wrap_socket
[Tue Dec 08 15:10:35.548284 2015] [wsgi:error] [pid 18274]     context.load_cert_chain(certfile, keyfile)
[Tue Dec 08 15:10:35.548286 2015] [wsgi:error] [pid 18274] IOError: [Errno 2] No such file or directory

This is no test issue, vault feature is broken

f22, master, domain level 0, 1 error

[2015-12-08T17:16:57Z ipa.ipatests.test_integration.host.Host.master.cmd27] <DEBUG>: RUN ['ipa', 'vault-archive', 'ci_test_vault_master', '--password', 'password', '--data', 'SSBsb3ZlIENJIHRlc3RzCg==']
[2015-12-08T17:17:00Z ipa.ipatests.test_integration.host.Host.master.cmd27] <DEBUG>: ipa: ERROR: an internal error has occurred




[Tue Dec 08 17:16:53.241963 2015] [wsgi:error] [pid 4018] ipa: INFO: [jsonserver_session] admin@IPA.TEST: ping(): SUCCESS
[Tue Dec 08 17:16:53.783770 2015] [wsgi:error] [pid 4017] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_add_internal(u'ci_test_vault_master', ipavaulttype=u'symmetric', ipavaultsalt='x\\xadVg\\x02/\\xfa}
\\xb7\\x1b+\\xa9\\xa8\\xeb\\xea1', shared=False, all=False, raw=False, version=u'2.161', no_members=False): SUCCESS
[Tue Dec 08 17:16:53.835363 2015] [wsgi:error] [pid 4018] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_show(u'ci_test_vault_master', rights=False, shared=False, all=False, raw=False, version=u'2.161', n
o_members=False): SUCCESS
[Tue Dec 08 17:16:53.879485 2015] [wsgi:error] [pid 4017] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_show(u'ci_test_vault_master', rights=False, shared=False, all=False, raw=False, version=u'2.161', no_members=False): SUCCESS
[Tue Dec 08 17:16:54.214355 2015] [wsgi:error] [pid 4018] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vaultconfig_show(all=False, raw=False, version=u'2.161'): SUCCESS
[Tue Dec 08 17:16:54.802547 2015] [wsgi:error] [pid 4017] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_retrieve_internal(u'ci_test_vault_master', shared=False, session_key='.\\xf5\\xf2\\xe5\\xfc\\x85\\x0bW\\xe4\\xdf1\\xf1m\\r\\n\\xf1,\\xd0#r\\x9d\\x0b\\x18_\\xcd\\xee\\xe6\\x10\\x11\\xa2\\\\!Q\\x9b7\\x01\\xb3\\xd2N7\\xc3T\\x8a]\\xbd\\xadu\\xd3\\x9f\\xa2\\'\\xbf\\xc2\\xa6|\\x10\\xc3\\xef\\xc3t\\xc8\\xcb\\xb9\\xd2\\x92\\x01\\xd77?\\xa3\\x06@B\\xea\\x89\\xf2\\x87\\xde6\\xdd\\xd5\\x9dxU\\xad\\x9dE\\xc6\\x1b\\x9e\\xb4\\xae\\xd1$\\xdb\\x9d\\x8cx\\x8d <\\xd2r\\xaeD\\xcf\\xc3\\xf5\\x10g\\xa8I|WI~\\xb5%\\x1c\\xf2\\x06\\xa8&%\\xde\\x07U\\x10D\\x84\\xd1\\x1d\\xa7\\x82-\\xa1\\x11\\xe8\\x85\\rK\\xd8~`i\\x89\\x19*\\x1b\\x17\\xe3\\xdbClt\\xb8\\xb32tM\\xcc\\xb2z}n\\xe8/\\t\\xdb\\x1e\\x91\\xf3\\xb1`\\x8a\\xc7\\xdc#\\xd5l\\xce\\x1a\\xfb\\xd13\\xffA\\x9b\\xf6\\xf0Z\\xe9\\xc1\\xf28\\xdd\\x8fc\\xe75\\xc8\\xe0ho\\xf4\\\\m\\x97\\x07:\\x847\\x02F\\xa3y\\xd6B\\x9al7\\x92d\\x8f\\x94\\x95\\x9an\\xfc\\xd4\\xc6n\\xc4\\x1fvb\\r\\xe2^N\\x1f\\xb2\\xf7/\\x8b"K;>R\\xdcI\\xc1\\xa7\\xef)', all=False, raw=False, version=u'2.161'): NotFound
[Tue Dec 08 17:16:56.523753 2015] [wsgi:error] [pid 4018] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vaultconfig_show(all=False, raw=False, version=u'2.161'): SUCCESS
[Tue Dec 08 17:16:58.584990 2015] [wsgi:error] [pid 4017] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_archive_internal(u'ci_test_vault_master', shared=False, session_key=',,\\xb5\\x16*\\x1b\\xe1\\x8e\\xdc\\x0e\\x87\\xc1j\\xe6\\xd5.E\\xca\\x83\\xa4TJ\\xe3c\\rFDp\\xbf\\xc2ga\\xd2\\x91^\\x9f\\x9d\\xeb\\xf6\\xd7\\x0c@;\\xfc\\xe0A\\x92\\xba\\x8c\\x03\\x03\\xddj\\xff\\x1eg\\xa6\\x1a\\x1cVjEw\\xd1\\xff\\xe5\\x89\\x8br\\x03l\\t\\x07P-G;QCf|wL\\xbeS\\xec\\xf1 \\xb6~\\x946\\xe8\\xc7\\t\\xf4\\xc7\\x91%\\x89\\xf9\\xb8\\x88\\x8b!\\xebA^\\xa5(,\\x88\\xdf\\xe4\\xe7s\\x85~\\x07y\\xe6\\x9a\\xc8\\x8f\\x193\\xbc+\\xfe|cGaY\\x84\\x86\\t:\\x90\\xb6.y\\x86G:\\xc5\\x0e\\xbf\\x8f~o\\x9f\\xc5;z\\xad\\x8bI\\xd2\\xa3\\x06\\x15x\\xac\\x89\\xe8\\xedR"\\x06^V\\xcb\\xaaJ\\xc4,\\x1c\\xea\\xc07p\\xa9\\xd0,pQ\\x81\\xf2\\xe5\\x1cy\\xec=7\\xd8\\x04\\xc4\\xa0W\\x04\\xe6\\xdb\\xc4=\\xd5\\x9d\\x80\\x1d\\xe80\\x91F\\xeaa\\x1a\\xdf\\'\\xd2^\\x03\\x95\\x91\\xbb +K\\x13c\\xces\\xba\\x98\\xd6\\x1f>\\'\\xa6\\x1c\\xc6\\x94N\\xbd\\xec\\\\6z\\x89\\xc8\\x9b\\xbc\\x93|PJ:', vault_data="\\x90\\xdfc\\xfd\\xa9)\\x84\\x9d&\\xc3#\\x8e=\\x18\\xbd\\x92\\xa9\\xec'=B\\x1a\\x88A\\xbd\\xb7X\\xd7\\xfa\\xa3(\\xf3\\xfb\\xbb\\xfaK\\x1a,\\xe9\\xeb\\xc8m\\xec\\x91l\\xd8\\x14\\x82S\\xc1\\x91x\\x9e}aN\\xb6\\xc2B\\x94\\x90\\x9fE\\xd8\\t\\xbc\\xad\\xf8\\x07Y\\xbep-zn\\xda_\\xe8\\xfe\\x9e\\x8b\\xe0o\\xdd\\xdc\\x94.\\x03L\\xd7fJn\\x14\\x8ave\\xee\\xf9/\\x1d\\xcavuY\\xac\\xc01Z\\x11.\\xb1\\x7f!+,\\xd0\\x1f;\\x16\\xed\\xe0[\\x06\\x90\\r \\x80\\x9b D\\xba\\x94d\\x95z\\xf6\\xa5\\x88\\x06\\xe2\\xee\\xabO\\x12\\xbdn\\xfdlQ\\x98\\xda", nonce='\\xf6\\xc94|1\\xc3\\xd7\\xc2', all=False, raw=False, version=u'2.161'): SUCCESS
[Tue Dec 08 17:17:00.127633 2015] [wsgi:error] [pid 4018] ipa: INFO: [jsonserver_session] admin@IPA.TEST: ping(): SUCCESS
[Tue Dec 08 17:17:00.174487 2015] [wsgi:error] [pid 4017] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_show(u'ci_test_vault_master', rights=False, shared=False, all=False, raw=False, version=u'2.161', no_members=False): SUCCESS
[Tue Dec 08 17:17:00.221646 2015] [wsgi:error] [pid 4018] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vault_show(u'ci_test_vault_master', rights=False, shared=False, all=False, raw=False, version=u'2.161', no_members=False): SUCCESS
[Tue Dec 08 17:17:00.298119 2015] [wsgi:error] [pid 4017] ipa: INFO: [jsonserver_session] admin@IPA.TEST: vaultconfig_show(all=False, raw=False, version=u'2.161'): SUCCESS
[Tue Dec 08 17:17:01.315467 2015] [wsgi:error] [pid 4018] ipa: ERROR: non-public: PKIException: Unauthorized request.  Recovery request not approved.
[Tue Dec 08 17:17:01.315482 2015] [wsgi:error] [pid 4018] Traceback (most recent call last):
[Tue Dec 08 17:17:01.315484 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 350, in wsgi_execute
[Tue Dec 08 17:17:01.315485 2015] [wsgi:error] [pid 4018]     result = self.Command[name](*args, **options)
[Tue Dec 08 17:17:01.315487 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
[Tue Dec 08 17:17:01.315489 2015] [wsgi:error] [pid 4018]     ret = self.run(*args, **options)
[Tue Dec 08 17:17:01.315490 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 764, in run
[Tue Dec 08 17:17:01.315492 2015] [wsgi:error] [pid 4018]     return self.execute(*args, **options)
[Tue Dec 08 17:17:01.315493 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/ipalib/plugins/vault.py", line 2017, in execute
[Tue Dec 08 17:17:01.315495 2015] [wsgi:error] [pid 4018]     wrapped_session_key)
[Tue Dec 08 17:17:01.315496 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/pki/__init__.py", line 298, in handler
[Tue Dec 08 17:17:01.315498 2015] [wsgi:error] [pid 4018]     return fn_call(inst, *args, **kwargs)
[Tue Dec 08 17:17:01.315499 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/pki/key.py", line 914, in retrieve_key
[Tue Dec 08 17:17:01.315500 2015] [wsgi:error] [pid 4018]     key = self.retrieve_key_data(request)
[Tue Dec 08 17:17:01.315502 2015] [wsgi:error] [pid 4018]   File "/usr/lib/python2.7/site-packages/pki/__init__.py", line 317, in handler
[Tue Dec 08 17:17:01.315504 2015] [wsgi:error] [pid 4018]     raise pki_exception
[Tue Dec 08 17:17:01.315505 2015] [wsgi:error] [pid 4018] PKIException: Unauthorized request.  Recovery request not approved.

The only issue with F23 and IPA 4.2.3 I found, is that sleep 30 sec is not enough for KRA subsystem.

Raising timeout cause that all tests passes, thus this is not IPA issue.

However I found bug on master branch, there was missing RA certificate, which causes that vault-* commands did not work. Patch was sent.

Moving to 4.3 given that it's only in master branch.

master:

  • bf9a34f Install RA cert during replica promotion

Metadata Update from @lslebodn:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.3
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.