Description of problem: IPA UI starts dropping "Enknown Error" / error when the IPA record in /etc/hosts changes. Typically it doesn't happen to change IP addres of IPA host in /etc/hosts but UI should count with it and drops proper error message. Version-Release number of selected component (if applicable): freeipa-server-4.1.2-1.fc21 How reproducible: Always Steps to Reproduce: 1. Set /etc/hosts like following: 192.168.123.123 ipa.mydomain.test ipa 2. Configure IPA server (via ipa-server-install) 3. start ipa server: systemctl start ipa 4. start your browser (firefox for example) and insert url of ipa server: ipa.mydomain.test 5. login as "admin", click, click, click, ... 6. change the record in /etc/hosts like this: 192.168.123.111 ipa.mydomain.test ipa 7. go back to your browser and "click, click, click" will raise the "Unknown Error" and won't let any action anymore Actual results: Title: Unknown Error Body: error Expected results: Proper error message Note: Full recovery would be nice to have but I suspect it can't happen because of other services re-configuration and other related action that would be non-trivial or not possible. Additional info: Ensure that you have no other device running on IP addresses mentioned above (or change them according your needs).
Is it still the same instance of FreeIPA server on 192.168.123.111 and 192.168.123.123? I.e., has only the IP address changed and server was not re installed? Does UI work if you hard reload the page (ctrl+F5)? I suspect that it happens because of failed ajax call. Whatever the root cause is, it should be reported in a more pleasant way.
Hello, Petr, my apologize for the late repsonse, I had issues with VM... To your question: yes, it is the very same instance: just run the server, open browser, ligin, click, update /etc/hosts, back to browser and click -> Unknown Error. If I reload the page, I'll get "unable to connect" because there is no hostname related to IP obviously (correct behavior). When I try to touch real IP address it redirrects me to hostname which fails with same "Unable to connect" error. Touching the real IP address via curl shows me "301 - moved permanently". Now, when I change /etc/hosts back to the original values and restart the browser, I get "Secure Connection Failed" (Error code: sec_error_reused_issuer_and_serial) with hostname.
When I change the hostname in /etc/hosts it works well - that's weird in case of previous changes related to IP.
Petr/Ales - can you please assess if this is a real bug in the FreeIPA? If yes, let us create an upstream ticket. If not, let's just close it.
sec_error_reused_issuer_and_serial error is provided if one uses different certificates for the same domain name, e.g., if ipa server was reinstalled or one is switching between two testing IPA servers. One has to remove CA certificate or certificate exception and clear cache(or restart browser) to get rid of it. In any case, IPA web ui should detect communication issue in AJAX call and print appropriate error message instead of "Unknown error".
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4821
This message is a reminder that Fedora 21 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '21'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 21 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
It is not planned to be fixed in any upcoming FreeIPA releases.
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b18a35145df92522ae990e020513d1a77e311493
Will be fixed in IPA 4.5
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
Fixed in freeipa-4.5.1-1.fc27
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'.
This message is a reminder that Fedora 27 is nearing its end of life. On 2018-Nov-30 Fedora will stop maintaining and issuing updates for Fedora 27. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '27'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 27 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 27 changed to end-of-life (EOL) status on 2018-11-30. Fedora 27 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.