Bug 1596629
| Summary: | ipa-replica-install --setup-kra broken on DL0 with latest version | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Nikhil Dehadrai <ndehadra> | ||||
| Component: | pki-core | Assignee: | Alexander Bokovoy <abokovoy> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | ||||
| Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> | ||||
| Priority: | high | ||||||
| Version: | 7.6 | CC: | abokovoy, cpelland, frenaud, ftweedal, mharmsen, msauton, nsoman, pvoborni, rcritten, tdudlak, tscherf | ||||
| Target Milestone: | rc | Keywords: | Regression, ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | pki-core-10.5.9-5.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1614837 (view as bug list) | Environment: | |||||
| Last Closed: | 2018-10-30 11:07:14 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1614837 | ||||||
| Attachments: |
|
||||||
|
Description
Nikhil Dehadrai
2018-06-29 10:28:17 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7627 Bug analysis ------------ Valid bug: yes Regression: yes Regression introduction: 389-ds-base-1.3.7 with the 389-ds patch for https://pagure.io/389-ds-base/issue/49599 Affected versions: RHEL 7.6 Use cases (reproduction steps): * install replica with KRA in domain level 0: ** install ipa server in dl 0 with ca and kra (--domain-level 0 --setup-kra) ** prepare replica with ipa-replica-prepare ** install replica with ipa-replica-install --setup-ca --setup-kra /path/to/replica-file Cause: pkispawn is failing when configuring the replication for CA. During repl setup, pkispawn is reading the attribute nsds5replicaLastInitStatus in cn=masterAgreement1-$hostname-pki-tomcat,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config in order to find the replication status. The new format (in 389-ds-base-1.3.7) for this attribute is "Error (0) Total update succeeded" but pkispawn is expecting "0 Total update succeeded" (see https://github.com/dogtagpki/pki/blob/DOGTAG_10_5_BRANCH/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java#L2028). Consequence: ipa-server-install fails in pkispawn step. Workaround: None Due to the above analysis, I am moving this issue to pki-core component. I sent two pull requests for master and 10.5 branches: https://github.com/dogtagpki/pki/pull/20 and https://github.com/dogtagpki/pki/pull/21 Please review and commit. We need this fixed pretty fast. Thanks Alexander; patches merged: master: 8147769f8bc8a41afa77dfcd97464dc736d61935 DOGTAG_10_5_BRANCH: 151ecf63106425cada104d141a81722570ba2b28 I guess we need to collect some ACKs and then someone (Matt?) will build a build. Hello, is there something i can do to unblock this issue? Looks like this is already merged and available in 10.6.5. ipa-server: ipa-4.6.4.5.el7 Verified that the ipa-replica-installation with KRA at DL0 is successful and the error mentioned in bug is no more observed. Thus marking the status of bug to 'VERIFIED'. Created attachment 1478095 [details]
Console_Output _for Verification of Scenario
Console_Output _for Verification of Scenario
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 |