See https://fedorahosted.org/freeipa/ticket/5269
Profile creation is failing because the profile apparently goes missing in between the initial commit of its configuration and disabling the profile.
Actually, this issue is possibly resolvable entirely on IPA side - it is an earlier delete event that is being processed during the (re)creation of a profile.
A spurious commit in createProfileRaw can be avoided though.
attachment pki-ftweedal-0057-Extract-LDAPControl-search-function-to-LDAPUtil.patch
attachment pki-ftweedal-0058-Add-LDAPPostReadControl-class.patch
attachment pki-ftweedal-0059-Avoid-profile-race-conditions-by-tracking-entryUSN.patch
attachment pki-ftweedal-0060-Handle-LDAPProfileSubsystem-delete-then-recreate-rac.patch
attachment pki-ftweedal-0061-Ensure-config-store-commits-refresh-file-based-profi.patch
NOTE: Per conversations in IRC, this ticket is slated to be fixed as patches to Dogtag 10.2.6 on Fedora 22, 23, (and 24 until such time as it is upgraded to 10.3). The fixes will be checked into the master branch where they will also be picked up by Dogtag 10.3 and later releases.
Per discussions in the Dogtag 10.3 Triage meeting of 01/06/2016: priority medium
Fixed.
master:
41717cb774f53e30caf7a57c2e07526445bf0988 Ensure config store commits refresh file-based profile data 0af4a9393ce38216689e9afe17514b9441784133 Handle LDAPProfileSubsystem delete-then-recreate races 81af68d3e3b1a89f799693e7f7ecda59f57abfe4 Avoid profile race conditions by tracking entryUSN 2bd89f148b4b347fc80285ec521d2af0299da746 Add LDAPPostReadControl class d272cec2614a4a45abd3fdbf7139dbd52b3275ae Extract LDAPControl search function to LDAPUtil
DOGTAG_10_2_BRANCH:
1c9cbd12275d2899dca423d89ddf3578a572a226 Ensure config store commits refresh file-based profile data 7957c8097d56f1ea905ffe7c689f3a3284ece0e1 Handle LDAPProfileSubsystem delete-then-recreate races 2cb2e9c8df06a7fdb2fed11e2973c03483024bc0 Avoid profile race conditions by tracking entryUSN 6371ea5cd0abf64ab755b8d7b410c879f5051936 Add LDAPPostReadControl class 6ed6230c9bed4e2619467b7f9f422a52b07295b8 Extract LDAPControl search function to LDAPUtil
DOGTAG_10_2_6_BRANCH:
7356d2f1f2f459179e39f56bcfd7f647a8753775 Ensure config store commits refresh file-based profile data 18a5ae673e5ee02a8f4815f7f86961e1470965db Handle LDAPProfileSubsystem delete-then-recreate races 5f4d02dd5b0463d51a19dcfdb07dacd2315a8b47 Avoid profile race conditions by tracking entryUSN 67d993f2965199ebe997d3ae57e6e5cab35f96f6 Add LDAPPostReadControl class 56e9aa90ddd0f584b2353db7e922900e226b6dca Extract LDAPControl search function to LDAPUtil
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.2.x
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2259
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.