Bug 1354381

Summary: ipa trust-add with raw option gives internal error.
Product: Red Hat Enterprise Linux 7 Reporter: Sudhir Menon <sumenon>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: jcholast, pvoborni, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 05:57:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sudhir Menon 2016-07-11 08:23:58 UTC 
Description of problem:ipa trust-add with raw option gives internal error.

Version-Release number of selected component (if applicable):
ipa-server-dns-4.4.0-1.el7.noarch
ipa-server-trust-ad-4.4.0-1.el7.x86_64
ipa-server-4.4.0-1.el7.x86_64

How reproducible: Always

Steps to Reproduce:
1. install ipa-server
2. run ipa-adtrust-install
3. now establish external trust with --raw option

Actual results:
[root@server samba]# ipa trust-add --type='ad' --range-type='ipa-ad-trust' --two-way=true --external=true  --raw
Realm name: pne.qe
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
ipa: ERROR: an internal error has occurred

===cat /var/log/httpd/error_log===
[Mon Jul 11 13:43:28.568276 2016] [:error] [pid 15623] ipa: INFO: [jsonserver_kerb] admin: trust_add/1(u'pne.qe', trust_type=u'ad', realm_admin=u'administrator', realm_passwd=u'********', range_type=u'ipa-ad-trust', bidirectional=True, external=True, all=True, raw=True, version=u'2.210'): KeyError
[Mon Jul 11 13:43:36.015919 2016] [:error] [pid 15624] ipa: INFO: [jsonserver_kerb] admin: trust_find/1(None, version=u'2.210'): SUCCESS
[Mon Jul 11 13:44:40.087057 2016] [:error] [pid 15623] ipa: INFO: [jsonserver_kerb] admin: trust_del/1((u'pne.qe',), version=u'2.210'): SUCCESS
[Mon Jul 11 13:46:29.644247 2016] [:error] [pid 15624] ipa: ERROR: non-public: KeyError: 'ipanttrusttype'
[Mon Jul 11 13:46:29.644275 2016] [:error] [pid 15624] Traceback (most recent call last):
[Mon Jul 11 13:46:29.644287 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 352, in wsgi_execute
[Mon Jul 11 13:46:29.644289 2016] [:error] [pid 15624]     result = self.Command[name](*args, **options)
[Mon Jul 11 13:46:29.644291 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
[Mon Jul 11 13:46:29.644294 2016] [:error] [pid 15624]     return self.__do_call(*args, **options)
[Mon Jul 11 13:46:29.644296 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
[Mon Jul 11 13:46:29.644298 2016] [:error] [pid 15624]     ret = self.run(*args, **options)
[Mon Jul 11 13:46:29.644299 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run
[Mon Jul 11 13:46:29.644301 2016] [:error] [pid 15624]     return self.execute(*args, **options)
[Mon Jul 11 13:46:29.644303 2016] [:error] [pid 15624]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/trust.py", line 767, in execute
[Mon Jul 11 13:46:29.644305 2016] [:error] [pid 15624]     result['result']['ipanttrusttype'][0], attributes)]
[Mon Jul 11 13:46:29.644307 2016] [:error] [pid 15624] KeyError: 'ipanttrusttype'

Expected results:
Although the trust gets established properly without any issues, we need to fix the internal error displayed on the console.

Additional info:
Comment 2 Petr Vobornik 2016-07-12 15:48:43 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6059
Comment 3 Jan Cholasta 2016-07-21 11:02:03 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/2234a774416309a44aecb84f27e6cf4c6a1a990f
Comment 5 Sudhir Menon 2016-07-25 14:28:21 UTC 
Traceback message is no more seen in httpd/error log, also there is no error on the console.

Verified using ipa-server-trust-ad-4.4.0-3.el7.x86_64

[root@vm92 httpd]# ipa trust-add --type='ad' --range-type='ipa-ad-trust' --two-way=true --external=true  --raw
Realm name: pne.qe
Active Directory domain administrator: Administrator
Active Directory domain administrator's password: 
-----------------------------------------------
Added Active Directory trust for realm "pne.qe"
-----------------------------------------------
  cn: pne.qe
  ipantflatname: PNE
  ipanttrusteddomainsid: S-1-5-21-3912719521-1967590360-1136226524

===/var/log/httpd/error_log===
[Mon Jul 25 19:50:54.639589 2016] [:error] [pid 19782] ipa: INFO: Checking DNS domain pne.qe., please wait ...
[Mon Jul 25 19:51:00.137490 2016] [:error] [pid 19782] ipa: INFO: [jsonserver_kerb] admin: dnsforwardzone_add/1(u'pne.qe', idnsforwarders=(u'10.65.210.95',), idnsforwardpolicy=u'only', version=u'2.211'): SUCCESS
[Mon Jul 25 19:55:25.704703 2016] [:error] [pid 19783] ipa: INFO: [jsonserver_kerb] admin: trust_add/1(u'pne.qe', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', range_type=u'ipa-ad-trust', bidirectional=True, external=True, raw=True, version=u'2.211'): SUCCESS
Comment 6 Martin Babinsky 2016-09-21 15:25:17 UTC 
*** Bug 1266080 has been marked as a duplicate of this bug. ***
Comment 8 errata-xmlrpc 2016-11-04 05:57:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html