Bug 1373359

Summary: ipa-certupdate fails with "CA is not configured"
Product: Red Hat Enterprise Linux 7 Reporter: Jan Cholasta <jcholast>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: frenaud, lmiksik, mbabinsk, pvoborni, rcritten
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-11.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 06:02:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
console output
none
console output with verification steps none

Description Jan Cholasta 2016-09-06 05:48:15 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/6288

With a CA-less ipa server, ipa-certupdate always fails with the following error:

{{{
$ ipa-certupdate
trying https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json
Forwarding 'ca_is_enabled' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
Forwarding 'ca_find/1' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
CA is not configured
The ipa-certupdate command failed.
}}}


The code is calling ca_find but not catching the exception returned because the CA is not configured.

Comment 5 Kaleem 2016-09-09 07:35:54 UTC
Still i see same error message with ipa-server-4.4.0-10.el7.x86_64.

Please find the attachment for console output.

Comment 6 Kaleem 2016-09-09 07:38:58 UTC
Created attachment 1199296 [details]
console output

Comment 7 Florence Blanc-Renaud 2016-09-09 13:02:27 UTC
On master branch, commit 08b768313020c45bfa82d67cd214afabf605f4b3 introduced a regression and overwrote the fix (on ipa-4-4, commit 99b0db0ebf090c9f60078e9ca9bf2aba665635f5).

I'm making a new fix.

Comment 10 Kaleem 2016-09-13 12:53:15 UTC
Verified.

IPA Version:
============
[root@dhcp207-129 ~]# rpm -q ipa-server
ipa-server-4.4.0-11.el7.x86_64
[root@dhcp207-129 ~]# 

Please find the attached console output for verification.

Comment 11 Kaleem 2016-09-13 12:55:27 UTC
Created attachment 1200486 [details]
console output with verification steps

Comment 13 errata-xmlrpc 2016-11-04 06:02:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html