Bug 1145333

Summary: ipa-ldap-updater fails with org.fedorahosted.certmonger.request.bad_arg: Unrecognized property name.
Product: [Fedora] Fedora Reporter: Lukas Bezdicka <lbezdick>
Component: freeipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: abokovoy, mkosek, pviktori, pvoborni, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-4.1.1-2.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-25 03:07:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Bezdicka 2014-09-22 20:48:22 UTC 
Description of problem:
ipa-ldap-updater -u -d

ipa: DEBUG: stderr=
ipa.ipaserver.install.plugins.ca_renewal_master.update_ca_renewal_master: DEBUG: found certmonger request for ipaCert
ipa: DEBUG: Starting external process
ipa: DEBUG: args='/bin/systemctl' 'is-active' 'certmonger.service'
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=active

ipa: DEBUG: stderr=
ipa: ERROR: Upgrade failed with org.fedorahosted.certmonger.request.bad_arg: Unrecognized property name.
ipa: DEBUG: Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 145, in __upgrade
    self.modified = (ld.update(self.files, ordered=True) or
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 874, in update
    updates = api.Backend.updateclient.update(POST_UPDATE, self.dm_password, self.ldapi, self.live_run)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py", line 123, in update
    (restart, apply_now, res) = self.run(update.name, **kw)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py", line 143, in run
    return self.Updater[method](**kw)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1399, in __call__
    return self.execute(**options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/ca_renewal_master.py", line 63, in execute
    ca_name = certmonger.get_request_value(request_id, 'ca_name')
  File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 169, in get_request_value
    return request.prop_if.Get(DBUS_CM_REQUEST_IF, directive)
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
    message, timeout)
DBusException: org.fedorahosted.certmonger.request.bad_arg: Unrecognized property name.

ipa: DEBUG:   duration: 4 seconds
ipa: DEBUG:   [8/10]: stopping directory server

Version-Release number of selected component (if applicable):
freeipa-server-4.0.3-1.fc21.x86_64


Actual results:


Expected results:


Additional info:
[root@usata ~]# gdbus  introspect -r -y -o / --only-properties -d org.fedorahosted.certmonger | grep dogtag-ipa-renew-agent
                readonly s nickname = 'dogtag-ipa-renew-agent';
                readwrite s external-helper = '/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit';
Comment 1 Rob Crittenden 2014-09-22 21:05:39 UTC 
Interesting. This should be fixed by https://bugzilla.redhat.com/show_bug.cgi?id=1141331 specifically in 4.0.3-1.
Comment 2 Lukas Bezdicka 2014-09-23 09:38:09 UTC 
Changing:
  File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/ca_renewal_master.py", line 63, in execute

-    ca_name = certmonger.get_request_value(request_id, 'ca_name')
+    ca_name = certmonger.get_request_value(request_id, 'nickname')

works as noted in output of dbus search.
Comment 3 Rob Crittenden 2014-09-23 13:15:02 UTC 
I believe this is ticket https://fedorahosted.org/freeipa/ticket/4547

A more complete patch can be found at http://www.redhat.com/archives/freeipa-devel/2014-September/msg00368.html
Comment 4 Martin Kosek 2014-09-23 14:41:24 UTC 
Rob is correct, we have just fixed in upstream git.
Comment 5 Martin Kosek 2014-09-23 14:42:05 UTC 
Upstream fixes:

master:
f680a63158d172042c91537a1cb7f6f53766e2ad Fix certmonger code causing the ca_renewal_master update plugin to fail

ipa-4-1:
1a327cf42929919219c2f0bfa9b48eb2d0b039f4 Fix certmonger code causing the ca_renewal_master update plugin to fail

ipa-4-0:
26188d7610170ff2fb89b12cd63a0c698a2381cb Fix certmonger code causing the ca_renewal_master update plugin to fail
Comment 6 Fedora Update System 2014-10-23 08:32:30 UTC 
freeipa-4.1.0-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/freeipa-4.1.0-2.fc21
Comment 7 Fedora Update System 2014-10-23 16:22:12 UTC 
Package freeipa-4.1.0-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-4.1.0-2.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-13547/freeipa-4.1.0-2.fc21
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2014-11-21 13:55:50 UTC 
freeipa-4.1.1-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/freeipa-4.1.1-2.fc21
Comment 9 Fedora Update System 2014-11-25 03:07:02 UTC 
freeipa-4.1.1-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.