Bug 1980378
Summary: | 'keyctl_search: Required key not available' message when running 'ipa-healthcheck' | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Maria <mescanfe> |
Component: | pki-core | Assignee: | Endi Sukma Dewata <edewata> |
Status: | CLOSED ERRATA | QA Contact: | PKI QE <bugzilla-pkiqe> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 8.4 | CC: | aakkiang, bthekkep, ckelley, edewata, jlyle, michdavi, micmurph, ndehadra, pcech, prisingh, rcritten, scott.worthington, sigbjorn.lie, skhandel, sumenon, vmishra |
Target Milestone: | beta | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.6-8060020211115121442.7e0b02f6 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-10 13:51:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Maria
2021-07-08 14:12:51 UTC
See upstream issue https://github.com/dogtagpki/pki/issues/3650 Hi, Checking to see if we have an update on this. I have a customer experiencing the same issue after patching. They use this module to forward results to an upstream SIEM: ipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.noarch Mon Oct 25 17:04:14 2021 kernel-4.18.0-305.19.1.el8_4.x86_64 Mon Oct 25 17:04:16 2021 uname -a 4.18.0-305.19.1.el8_4.x86_64 #1 SMP Tue Sep 7 07:07:31 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux [root@<obfuscated ~]# ipa-healthcheck --failures-only keyctl_search: Required key not available Enter password for Internal Key Storage Token: At this prompt if I do not enter a value and just hit enter at this promoted message I get this: [root@<obfuscated> ~]# ipa-healthcheck --failures-only keyctl_search: Required key not available Enter password for Internal Key Storage Token: [] Fixed in v10.12 branch: https://github.com/dogtagpki/pki/commit/d5801380f4b7ac3d7a81e63efbbddd15930b7b2a Hi, We are requesting an update. Is there anything we can provide to assist with this? Hi Mike, the bug is ON_QA waiting to be verified by QE. Marking the bug as FailedQA based on observation pki-ca-10.12.0-0.1.module+el8.6.0+13291+248751b1.noarch pki-server-10.12.0-0.1.module+el8.6.0+13291+248751b1.noarch ipa-healthcheck-0.7-8.module+el8.6.0+13764+6ba37dc8.noarch ipa-server-4.9.8-2.module+el8.6.0+13621+937b8cd9.x86_64 [root@server ~]# ipa-healthcheck --debug --source pki.server.healthcheck.clones.connectivity_and_data Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' Source 'pki.server.healthcheck.clones.connectivity_and_data' not found Just an update, it looks like the problem reported in the original bug description (i.e. password prompt) was fixed, but apparently there's a different issue affecting the healthcheck tool for KRA clones. It's still being investigated. My apologies, I thought I had already restored the state. The healthcheck failure is being tracked in a separate BZ, https://bugzilla.redhat.com/show_bug.cgi?id=2041995 , and is unrelated to your change. You can continue the bug cycle on this one. Removing the FailedQA and moving back to ON_QA. This change didn't fail. A different bug in ipa-healthcheck prevented the pki healthchecks from being run. Just FYI the other pki-healthcheck issue (i.e. not the password prompt) is being addressed in bug #2027470. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: pki-core:10.6 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1851 |