Bug 2014658

Summary: certificate operations fail with Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1)
Product: [Fedora] Fedora Reporter: Rob Crittenden <rcritten>
Component: freeipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 35CC: abokovoy, awilliam, ftrivino, ipa-maint, jcholast, jhrozek, mhjacks, mpitt, pvoborni, rcritten, robatino, ssorce, twoerner
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: AcceptedBlocker
Fixed In Version: freeipa-4.9.7-2.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 00:55:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1891955    

Description Rob Crittenden 2021-10-15 18:16:27 UTC 
Description of problem:

pki-ca recently dropped its dependency on jaxb which it used to provide an XML-based RPC. It switched to using JSON only.

IPA in Fedora still relies on the XML API. 

This was addressed in freeIPA upstream in https://pagure.io/freeipa/issue/8980 but is currently unreleased.

This patch needs to be backported to Fedora.

master: d43b513927d6dd0a12464dd24287ce40ccaf33e4
ipa-4-9: bbda3590bb20a2915261f2fd9b8a8e0b169f93f4

Version-Release number of selected component (if applicable):

freeipa-server-4.9.7-1.fc35
dogtag-pki-ca-11.0.0-1.fc35.noarch
Comment 1 Fedora Blocker Bugs Application 2021-10-15 18:33:23 UTC 
Proposed as a Blocker for 35-final by Fedora user abbra using the blocker tracking app because:

 Dogtag PKI did reduce own Java dependencies and dropped support for XML-RPC interface. This broke installation of FreeIPA CA, enabled by default. This violates Fedora Server release criteria.

A fix is available upstream (mentioned in the bug) and needs just a rebuild of Fedora package 'freeipa'.
Comment 2 Alexander Bokovoy 2021-10-15 18:37:01 UTC 
Details reported in https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/YQFBNRTBEXBW6XCNIO422PUCXFVJE2EZ/#YQFBNRTBEXBW6XCNIO422PUCXFVJE2EZ
Comment 3 Fedora Update System 2021-10-15 19:13:19 UTC 
FEDORA-2021-e930bd54b2 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-e930bd54b2
Comment 4 Fedora Update System 2021-10-15 20:52:22 UTC 
FEDORA-2021-e930bd54b2 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-e930bd54b2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-e930bd54b2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Adam Williamson 2021-10-16 19:26:03 UTC 
+3 in https://pagure.io/fedora-qa/blocker-review/issue/553 , marking accepted.
Comment 6 Alexander Bokovoy 2021-10-18 12:10:42 UTC 
*** Bug 2015102 has been marked as a duplicate of this bug. ***
Comment 7 Fedora Update System 2021-10-21 00:55:03 UTC 
FEDORA-2021-e930bd54b2 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.