Bug 1251561
| Summary: | ipa vault-add Unknown option: ipavaultpublickey | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Scott Poore <spoore> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | drieden, ksiddiqu, pvoborni, rcritten, tbabej |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.2.0-5.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 12:05:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Scott Poore
2015-08-07 17:27:39 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5195 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/7d7ffb62526595433412633c05af5af7909124c8 ipa-4-2: https://fedorahosted.org/freeipa/changeset/dc0d4f73200065c209eb007a3be3ebd3d3b6dd64 FYI, I'm also seeing this:
[root@master ~]# ipa vault-add vname --type asymmetric --public-key="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2Ld6QaroYiTZtclece+iLzjDQh/D01CFWfJK1c3A8gftC+OVyDk1Rrffm3xkj4OOxWCfKgBr3KLX5OXbxaTJ8yBeX/5L/Euky3evbhbD5yETOyepfIEi8AIesQfmaUwfEwQlzBoDJcthLHPRhc5pFNJAq9rSVI2x2k3oORIC+3kvqm4NKaq8tvIjeuMDeHryJlG9o02CQOMUNnpzkr5uUskiId91r7ra+lxzXHthLM32IgUkXwWs1grrA0nVFkFPIJ8655JlKYTW11NfHeUrV9ITvxYI9DcYAF/ZcWvSF8TUisu0oOoxjXRIP4L3slEGSC37nNs0Swb/xl1zVgOrwIDAQAB"
ipa: ERROR: non-public: UnicodeDecodeError: 'utf8' codec can't decode byte 0x82 in position 1: invalid start byte
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 129, in execute
result = self.Command[_name](*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 443, in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1109, in run
return self.forward(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/plugins/vault.py", line 674, in forward
self.api.Command.vault_archive(*args, **opts)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 443, in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1109, in run
return self.forward(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/plugins/vault.py", line 999, in forward
public_key = vault['ipavaultpublickey'][0].encode('utf-8')
UnicodeDecodeError: 'utf8' codec can't decode byte 0x82 in position 1: invalid start byte
ipa: ERROR: an internal error has occurred
From /var/log/httpd/error_log:
[Thu Aug 13 11:40:43.336940 2015] [:error] [pid 16042] ipa: INFO: [jsonserver_session] admin: vault_add_internal(u'vname', ipavaulttype=u'asymmetric', ipavaultpublickey='0\\x82\\x01"0\\r\\x06\\t*\\x86H\\x86\\xf7\\r\\x01\\x01\\x01\\x05\\x00\\x03\\x82\\x01\\x0f\\x000\\x82\\x01\\n\\x02\\x82\\x01\\x01\\x00\\x9bb\\xdd\\xe9\\x06\\xab\\xa1\\x88\\x93f\\xd7%y\\xc7\\xbe\\x88\\xbc\\xe3\\r\\x08\\x7f\\x0fMB\\x15g\\xc9+W7\\x03\\xc8\\x1f\\xb4/\\x8eW \\xe4\\xd5\\x1a\\xdf~m\\xf1\\x92>\\x0e;\\x15\\x82|\\xa8\\x01\\xafr\\x8b_\\x93\\x97o\\x16\\x93\\'\\xcc\\x81y\\x7f\\xf9/\\xf1.\\x93-\\xde\\xbd\\xb8[\\x0f\\x9c\\x84L\\xec\\x9e\\xa5\\xf2\\x04\\x8b\\xc0\\x08z\\xc4\\x1f\\x99\\xa50|L\\x10\\x970h\\x0c\\x97-\\x84\\xb1\\xcfF\\x179\\xa4SI\\x02\\xafkIR6\\xc7i7\\xa0\\xe4H\\x0b\\xed\\xe4\\xbe\\xa9\\xb84\\xa6\\xaa\\xf2\\xdb\\xc8\\x8d\\xeb\\x8c\\r\\xe1\\xeb\\xc8\\x99F\\xf6\\x8d6\\t\\x03\\x8cP\\xd9\\xe9\\xceJ\\xf9\\xb9K$\\x88\\x87}\\xd6\\xbe\\xebk\\xe9q\\xcdq\\xed\\x84\\xb37\\xd8\\x88\\x14\\x91|\\x16\\xb3X+\\xac\\r\\'TY\\x05<\\x82|\\xeb\\x9eI\\x94\\xa6\\x13[]M|w\\x94\\xad_HN\\xfcX#\\xd0\\xdc`\\x01\\x7fe\\xc5\\xafH_\\x13R+.\\xd2\\x83\\xa8\\xc65\\xd1 \\xfe\\x0b\\xde\\xc9D\\x19 \\xb7\\xeesl\\xd1,\\x1b\\xff\\x19u\\xcdX\\x0e\\xaf\\x02\\x03\\x01\\x00\\x01', shared=False, all=False, raw=False, version=u'2.148', no_members=False): SUCCESS
And this is the version of IPA:
ipa-server-4.2.0-4.el7.x86_64
FYI: [root@master ~]# ipa vault-add --type=symmetric vname_symmetric --public-key="$(cat public.pem |grep -v -- "----"|tr -d '[\n\r]')" New password: Verify password: ipa: ERROR: Unknown option: ipavaultpublickey The issue in comment 5 is bug 1251561. Comment 6 will be also fixed with patch in comment 3. Sorry, in comment 7 I meant bug 1245225 *** Bug 1253498 has been marked as a duplicate of this bug. *** Note that the fix validates that: - options password and password-file can be used only with symmetric vault - options public-key and public-key-file can be used only with asymmetric vault I.e. the the "unknown option" error appeared because the usage was not correct. Therefore expected result from comment one is: "validation error is displayed". Verified Version :; ipa-server-4.2.0-5.el7.x86_64 Results :: [root@rhel7-8 yum.repos.d]# ipa-kra-install Directory Manager password: =================================================================== This program will setup Dogtag KRA for the IPA Server. Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes 6 seconds [1/7]: configuring KRA instance [2/7]: add RA user to KRA agent group [3/7]: restarting KRA [4/7]: configure certmonger for renewals [5/7]: configure certificate renewals [6/7]: configure HTTP to proxy connections [7/7]: add vault container Done configuring KRA server (pki-tomcatd). Restarting the directory server The ipa-kra-install command was successful [root@rhel7-8 yum.repos.d]# openssl genrsa -out private.pem 2048 Generating RSA private key, 2048 bit long modulus ...........+++ ................................+++ e is 65537 (0x10001) [root@rhel7-8 yum.repos.d]# openssl rsa -in private.pem -out public.pem -pubout writing RSA key [root@rhel7-8 yum.repos.d]# PUBKEYBLOB=$(cat public.pem |base64) [root@rhel7-8 yum.repos.d]# ipa vault-add myvault --type=asymmetric --public-key="$PUBKEYBLOB" --------------------- Added vault "myvault" --------------------- Vault name: myvault Type: asymmetric Public key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyUmx6ZHpMdTFpeEUzQ2dGUGFnYQpnUGxZby9Vc3c0OE1ZbCtwR2hNTm9OOWUrRE4yTFVhd2NMY294R283NmU2TVYxc3ZFWStydDZpck84ZWFVTXpwCmdzNHpqd1RkdFBkTEZxaHR4Wm1wTjVrRDBqWnpNTlVpQVdMV1UwSE5FendvK2lEczI1NHgvUGlxd3J5ZlhGNVIKbEZIQ3MvNHB3eHNXUzNNU0h2emU0T050bDl5eU1vWS83VzNvZnZwNmtVUloxSzk5MzZobFprci8yZ090WVdiZwpJbm4vZ2tXQVRJNXliVnovRVk5dFBEaFFURThXMkpxZHB6TkVmOFpUeExVM3N4NjJKeHM5YWVpdUp6OGh5Q25oCm9meWEzdmhZVGQ1ZCtkRlM5UGxvcmdSZzNqcVRLRUl1Z29GSTZYeXN5a2NuVGRubHVqeEh3d01nd3VsWVVreFgKOVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== Owner users: admin Vault user: admin [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --public-key="$PUBKEYBLOB" ipa: ERROR: Public key can be specified only for asymmetric vault [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --type=symmetric --public-key="$PUBKEYBLOB" ipa: ERROR: Public key can be specified only for asymmetric vault [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --type=standard --public-key="$PUBKEYBLOB" ipa: ERROR: Public key can be specified only for asymmetric vault [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --type=asymmetric --password="test" ipa: ERROR: Password can be specified only for symmetric vault [root@rhel7-8 yum.repos.d]# echo test > /tmp/password_file [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --type=asymmetric --password-file=/tmp/password_file ipa: ERROR: Password can be specified only for symmetric vault [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --password-file=/tmp/password_file ipa: ERROR: Password can be specified only for symmetric vault [root@rhel7-8 yum.repos.d]# ipa vault-add myvault1 --password=passworde ipa: ERROR: Password can be specified only for symmetric vault [root@rhel7-8 yum.repos.d]# ipa vault-add vname --type asymmetric --public-key="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRlzdzLu1ixE3CgFPagagPlYo/Usw48MYl+pGhMNoN9e+DN2LUawcLcoxGo76e6MV1svEY+rt6irO8eaUMzpgs4zjwTdtPdLFqhtxZmpN5kD0jZzMNUiAWLWU0HNEzwo+iDs254x/PiqwryfXF5RlFHCs/4pwxsWS3MSHvze4ONtl9yyMoY/7W3ofvp6kURZ1K9936hlZkr/2gOtYWbgInn/gkWATI5ybVz/EY9tPDhQTE8W2JqdpzNEf8ZTxLU3sx62Jxs9aeiuJz8hyCnhofya3vhYTd5d+dFS9PlorgRg3jqTKEIugoFI6XysykcnTdnlujxHwwMgwulYUkxX9QIDAQAB" ipa: ERROR: invalid 'ipavaultpublickey': Invalid or unsupported vault public key: Could not unserialize key data. *** Bug 1253455 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |