ipa-replica-prepare
# ipa-replica-prepare -p '<dm_password>' <replica_fqdn> -d --ip-address 192.168.122.70 Generating key. This may take a few moments... DEBUG: The ipa-replica-prepare command failed, exception: RuntimeError: Certificate issuance failed ERROR: Certificate issuance failed ERROR: The ipa-replica-prepare command failed.
The debug output obtained using Martin Basti's patch is attached. Generally, it says: "Profile caIPAserviceCert Not Found"
attachment replica_prepare_debug_output.txt
Can you please provide CA debug log?
Reported: https://fedorahosted.org/pki/ticket/2453
Old (the same?) related issue: https://fedorahosted.org/pki/ticket/1702
What is the exactly pki-ca package version involved?
Also, where does the CI script triggering the defect live?
It is not captured here, but the issue was that PKI incorrectly announces that it si ready when in fact it is not.
Reproduction step, on faster machine:
I haven't had any success reproducing.
Oleg, could you please attach the whole log file /var/log/pki/pki-tomcat/ca/debug and confirm the exact pki-ca package version involved?
attachment debug
The pki-ca version is pki-ca-10.3.5-4.fc24.noarch
The debug log from master is attached
Workaround for the CI tests:
master:
#6374 was closed as duplicate of this ticket
Metadata Update from @ofayans: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.5 backlog
So was 6820
Metadata Update from @stlaz: - Issue close_status updated to: None
Attaching a new "debug" log file as the old one is gone. For the record: increasing time.sleep to 45 (in tasks.py) did not help in my local test environment. <img alt="debug" src="/freeipa/issue/raw/files/676096fbe5199d5bb95877ebb5b257a1420195f1ca12b2df2fa610fe4f50ae99-debug" />
Metadata Update from @mreznik: - Custom field component reset - Custom field external_tracker reset - Custom field rhbz reset - Custom field test_case reset - Custom field test_coverage reset - Custom field tester reset - Custom field type reset - Issue set to the milestone: None (was: FreeIPA 4.5 backlog)
@mreznik how often does it behave this way (45s won't help)?
@pvoborni sorry, missed the question. Tried couple of times. Sometimes even 90s won't help (but sometimes yes).
From triage:
@ftweedal in which dogtag version is it fixed?
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.6
Metadata Update from @mbasti: - Assignee reset
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)
Metadata Update from @tdudlak: - Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.6.3)
FreeIPA 4.6.3 has been released, moving to FreeIPA 4.6.4 milestone
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.6.4)
Domain level 0 is now deprecated, closing.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.