#6088 test_installation.py tests involving KRA installation on replicas fail in domain level 0
Closed: Fixed None Opened 7 years ago by mbabinsk.

When running test_installation.py CI test suite in domain level, the following test fail repeatedly:

test_integration.test_installation.TestInstallWithCA1.test_replica1_ipa_kra_install
test_integration.test_installation.TestInstallWithCA1.test_replica2_with_ca_kra_install
test_integration.test_installation.TestInstallWithCA2.test_replica0_with_ca_kra_dns_install
test_integration.test_installation.TestInstallWithCA2.test_replica1_ipa_kra_install
test_integration.test_installation.TestInstallWithCA2.test_replica2_ipa_kra_install
test_integration.test_installation.TestInstallWithCA_DNS1.test_replica1_ipa_kra_install
test_integration.test_installation.TestInstallWithCA_DNS1.test_replica2_with_ca_kra_install
test_integration.test_installation.TestInstallWithCA_DNS2.test_replica0_with_ca_kra_dns_install
test_integration.test_installation.TestInstallWithCA_DNS2.test_replica1_ipa_kra_install
test_integration.test_installation.TestInstallWithCA_DNS2.test_replica2_ipa_kra_install

The failures are caused by incorrect handling of KRA installation on replicas in domain level 0. Either there is an attempt to install a KRA using a replica file from KRA-less master:

[2016-07-15T01:47:28Z ipa.ipatests.test_integration.host.Host.vm-058-077.ParamikoTransport] <INFO>: RUN ['ipa-kra-install', '-U', '-p', 'Secret123', '/root/ipatests/replica-info.gpg']
[2016-07-15T01:47:28Z ipa.ipatests.test_integration.host.Host.vm-058-077.cmd22] <DEBUG>: RUN ['ipa-kra-install', '-U', '-p', 'Secret123', '/root/ipatests/replica-info.gpg']
[2016-07-15T01:47:33Z ipa.ipatests.test_integration.host.Host.vm-058-077.cmd22] <DEBUG>: Missing KRA certificates, please create a new replica file.
[2016-07-15T01:47:33Z ipa.ipatests.test_integration.host.Host.vm-058-077.cmd22] <DEBUG>: The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information
ipa: ERROR: Exit code: 1
[2016-07-15T01:47:33Z ipa.ipatests.test_integration.host.Host.vm-058-077.cmd22] <ERROR>: Exit code: 1

or there is an incorrectly executed installation of first KRA instance on a replica, where replica file is passed while not needed:

[2016-07-15T02:12:10Z ipa.ipatests.test_integration.host.Host.vm-058-145.cmd18] <DEBUG>: RUN ['ipa-kra-install', '-p', 'Secret123', '-U', '/root/ipatests/replica-info.gpg']
[2016-07-15T02:12:12Z ipa.ipatests.test_integration.host.Host.vm-058-145.cmd18] <DEBUG>: Too many parameters provided. No replica file is required.
[2016-07-15T02:12:12Z ipa.ipatests.test_integration.host.Host.vm-058-145.cmd18] <DEBUG>: The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information
ipa: ERROR: Exit code: 1
[2016-07-15T02:12:12Z ipa.ipatests.test_integration.host.Host.vm-058-145.cmd18] <ERROR>: Exit code: 1

We should fix these false negative as soon as time permits.


master:

  • 84ca1fc CI: extend replication layouts tests with KRA
  • 11d7b77 CI: use --setup-kra with replica installation
  • 9408085 CI: Disable KRA install tests on DL0

Backport to 4.4 soon

ipa-4-4:

  • bf79998 CI: extend replication layouts tests with KRA
  • 7bb2742 CI: use --setup-kra with replica installation
  • c036dda CI: Disable KRA install tests on DL0

Metadata Update from @mbabinsk:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4.3

7 years ago

Login to comment on this ticket.

Metadata