Bug 1846352
| Summary: | cannot issue certs with multiple IP addresses corresponding to different hosts | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Fraser Tweedale <ftweedal> | ||||
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 8.2 | CC: | arajendr, fcami, frenaud, ipa-qe, ksiddiqu, myusuf, rcritten, tscherf | ||||
| Target Milestone: | rc | Keywords: | TestCaseProvided | ||||
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-4.8.7-7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 1846349 | Environment: | |||||
| Last Closed: | 2020-11-04 02:51:04 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1846349 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Fraser Tweedale
2020-06-11 12:33:34 UTC
Pull request (master branch): https://github.com/freeipa/freeipa/pull/4810 Hi Fraser, The PR at https://github.com/freeipa/freeipa/pull/4810 is closed and the backport to ipa-4-8 is closed too: https://github.com/freeipa/freeipa/pull/4843 Should this bug be in POST like https://bugzilla.redhat.com/show_bug.cgi?id=1846349 with the same commit information? François, yes it should be POST. Moving it now. Thank you.
master:
68ada5f (HEAD) fix iPAddress cert issuance for >1 host/service
ipa-4-8:
1285001 (HEAD) fix iPAddress cert issuance for >1 host/service
ipa-4-6:
233c49afb4a5ed4a50b247b222a477b926a17e38 (HEAD) fix iPAddress cert issuance for >1 host/service
Test added upstream in ipatests/test_xmlrpc/test_cert_request_ip_address.py::TestTwoHostsTwoIPAddresses. Adding TestCaseProvided keyword. Created attachment 1710926 [details]
report.html
version:
ipa-server-4.8.7-8.module+el8.3.0+7513+a375844a.x86_64
api.env:
{'api_version': '2.239',
'basedn': ipapython.dn.DN('dc=testrelm,dc=test'),
'bin': '/usr/lib/python3.6/site-packages/ipatests',
'ca_agent_install_port': None,
'ca_agent_port': 443,
'ca_ee_install_port': None,
'ca_ee_port': 443,
'ca_host': 'master.testrelm.test',
'ca_install_port': None,
'ca_port': 80,
'certmonger_wait_timeout': 300,
'conf': '/root/.ipa/cli.conf',
'conf_default': '/root/.ipa/default.conf',
'confdir': '/root/.ipa',
'config_loaded': True,
'container_accounts': ipapython.dn.DN('cn=accounts'),
'container_adtrusts': ipapython.dn.DN('cn=ad,cn=trusts'),
'container_applications': ipapython.dn.DN('cn=applications,cn=configs,cn=policies'),
'container_automember': ipapython.dn.DN('cn=automember,cn=etc'),
'container_automount': ipapython.dn.DN('cn=automount'),
'container_ca': ipapython.dn.DN('cn=cas,cn=ca'),
'container_ca_renewal': ipapython.dn.DN('cn=ca_renewal,cn=ipa,cn=etc'),
'container_caacl': ipapython.dn.DN('cn=caacls,cn=ca'),
'container_certmap': ipapython.dn.DN('cn=certmap'),
'container_certmaprules': ipapython.dn.DN('cn=certmaprules,cn=certmap'),
'container_certprofile': ipapython.dn.DN('cn=certprofiles,cn=ca'),
'container_cifsdomains': ipapython.dn.DN('cn=ad,cn=etc'),
'container_configs': ipapython.dn.DN('cn=configs,cn=policies'),
'container_custodia': ipapython.dn.DN('cn=custodia,cn=ipa,cn=etc'),
'container_deleteuser': ipapython.dn.DN('cn=deleted users,cn=accounts,cn=provisioning'),
'container_dna': ipapython.dn.DN('cn=dna,cn=ipa,cn=etc'),
'container_dna_posix_ids': ipapython.dn.DN('cn=posix-ids,cn=dna,cn=ipa,cn=etc'),
'container_dns': ipapython.dn.DN('cn=dns'),
'container_dnsservers': ipapython.dn.DN('cn=servers,cn=dns'),
'container_group': ipapython.dn.DN('cn=groups,cn=accounts'),
'container_hbac': ipapython.dn.DN('cn=hbac'),
'container_hbacservice': ipapython.dn.DN('cn=hbacservices,cn=hbac'),
'container_hbacservicegroup': ipapython.dn.DN('cn=hbacservicegroups,cn=hbac'),
'container_host': ipapython.dn.DN('cn=computers,cn=accounts'),
'container_hostgroup': ipapython.dn.DN('cn=hostgroups,cn=accounts'),
'container_locations': ipapython.dn.DN('cn=locations,cn=etc'),
'container_masters': ipapython.dn.DN('cn=masters,cn=ipa,cn=etc'),
'container_netgroup': ipapython.dn.DN('cn=ng,cn=alt'),
'container_otp': ipapython.dn.DN('cn=otp'),
'container_permission': ipapython.dn.DN('cn=permissions,cn=pbac'),
'container_policies': ipapython.dn.DN('cn=policies'),
'container_policygroups': ipapython.dn.DN('cn=policygroups,cn=configs,cn=policies'),
'container_policylinks': ipapython.dn.DN('cn=policylinks,cn=configs,cn=policies'),
'container_privilege': ipapython.dn.DN('cn=privileges,cn=pbac'),
'container_radiusproxy': ipapython.dn.DN('cn=radiusproxy'),
'container_ranges': ipapython.dn.DN('cn=ranges,cn=etc'),
'container_realm_domains': ipapython.dn.DN('cn=Realm Domains,cn=ipa,cn=etc'),
'container_rolegroup': ipapython.dn.DN('cn=roles,cn=accounts'),
'container_roles': ipapython.dn.DN('cn=roles,cn=policies'),
'container_s4u2proxy': ipapython.dn.DN('cn=s4u2proxy,cn=etc'),
'container_selinux': ipapython.dn.DN('cn=usermap,cn=selinux'),
'container_service': ipapython.dn.DN('cn=services,cn=accounts'),
'container_stageuser': ipapython.dn.DN('cn=staged users,cn=accounts,cn=provisioning'),
'container_sudocmd': ipapython.dn.DN('cn=sudocmds,cn=sudo'),
'container_sudocmdgroup': ipapython.dn.DN('cn=sudocmdgroups,cn=sudo'),
'container_sudorule': ipapython.dn.DN('cn=sudorules,cn=sudo'),
'container_sysaccounts': ipapython.dn.DN('cn=sysaccounts,cn=etc'),
'container_topology': ipapython.dn.DN('cn=topology,cn=ipa,cn=etc'),
'container_trusts': ipapython.dn.DN('cn=trusts'),
'container_user': ipapython.dn.DN('cn=users,cn=accounts'),
'container_vault': ipapython.dn.DN('cn=vaults,cn=kra'),
'container_views': ipapython.dn.DN('cn=views,cn=accounts'),
'container_virtual': ipapython.dn.DN('cn=virtual operations,cn=etc'),
'context': 'cli',
'debug': False,
'delegate': False,
'dogtag_version': 10,
'domain': 'testrelm.test',
'dot_ipa': '/root/.ipa',
'enable_ra': True,
'env_confdir': None,
'fallback': False,
'fips_mode': False,
'force_schema_check': False,
'home': '/root',
'host': 'master.testrelm.test',
'http_timeout': 30,
'in_server': False,
'in_tree': True,
'interactive': True,
'ipalib': '/usr/lib/python3.6/site-packages/ipalib',
'jsonrpc_uri': 'https://master.testrelm.test/ipa/json',
'kinit_lifetime': None,
'ldap_uri': 'ldapi://%2Frun%2Fslapd-TESTRELM-TEST.socket',
'log': '/root/.ipa/log/cli.log',
'logdir': '/root/.ipa/log',
'mode': 'developer',
'mount_ipa': '/ipa/',
'nss_dir': '/root/.ipa/nssdb',
'plugins_on_demand': True,
'prompt_all': False,
'ra_plugin': 'dogtag',
'realm': 'TESTRELM.TEST',
'recommended_max_agmts': 4,
'replication_wait_timeout': 300,
'rpc_protocol': 'jsonrpc',
'script': '/usr/lib/python3.6/site-packages/ipatests/-c',
'server': 'master.testrelm.test',
'site_packages': '/usr/lib/python3.6/site-packages',
'skip_version_check': False,
'startup_timeout': 120,
'startup_traceback': False,
'tls_ca_cert': '/root/.ipa/ca.crt',
'tls_version_max': None,
'tls_version_min': None,
'validate_api': False,
'verbose': 0,
'version': '4.8.7',
'wait_for_dns': 0,
'webui_prod': True,
'xmlrpc_uri': 'https://master.testrelm.test/ipa/xml'}
uname: posix.uname_result(sysname='Linux', nodename='master.testrelm.test', release='4.18.0-229.el8.x86_64', version='#1 SMP Thu Jul 30 16:19:22 UTC 2020', machine='x86_64')
euid: 0, egid: 0
working dir: /usr/lib/python3.6/site-packages/ipatests
sys.version: 3.6.8 (default, Jun 26 2020, 12:10:09)
[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
============================= test session starts ==============================
platform linux -- Python 3.6.8, pytest-3.9.1, py-1.5.3, pluggy-0.13.1 -- /usr/libexec/platform-python
cachedir: /home/cloud-user/.pytest_cache
metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-229.el8.x86_64-x86_64-with-redhat-8.3-Ootpa', 'Packages': {'pytest': '3.9.1', 'py': '1.5.3', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.10.0', 'html': '1.22.1', 'multihost': '3.0', 'sourceorder': '0.5'}}
rootdir: /usr/lib/python3.6/site-packages/ipatests, inifile:
plugins: metadata-1.10.0, html-1.22.1, multihost-3.0, sourceorder-0.5
collecting ... collected 2 items
test_xmlrpc/test_cert_request_ip_address.py::TestTwoHostsTwoIPAddresses::test_host_exists PASSED [ 50%]
test_xmlrpc/test_cert_request_ip_address.py::TestTwoHostsTwoIPAddresses::test_issuance PASSED [100%]
---------------- generated xml file: /home/cloud-user/junit.xml ----------------
----------- generated html file: file:///home/cloud-user/report.html -----------
=========================== 2 passed in 2.91 seconds ===========================
Automation passed, Hence marking the bug as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4670 |