Bug 1417647 - [Regression] IPA configuration fails during setup with cert error
Summary: [Regression] IPA configuration fails during setup with cert error
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: GA
: 5.7.2
Assignee: Joe Vlcek
QA Contact: luke couzens
URL:
Whiteboard: black:ldap:auth
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-30 14:07 UTC by luke couzens
Modified: 2017-02-07 04:47 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-06 22:38:19 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:


Attachments (Terms of Use)

Description luke couzens 2017-01-30 14:07:25 UTC
Description of problem:Cert error found while trying to setup ipa configuration through appliance console. This same test works as expected on 5.7.0.17


Version-Release number of selected component (if applicable):5.7.1.0


How reproducible:100%


Steps to Reproduce:
1.SSH to appliance
2.run appliance_console
3.Configure option 14 'configure external authentication'
4.Fill out required details

Actual results:Setup fails due to certificate error


Expected results:IPA configure successfully


Additional info:
Two pastebins showing errors, First time I ran this through I retrieve a cert but its expired, Second time it uses the previously retrieved cert but fails to verify its talking to an IPA server.

http://pastebin.test.redhat.com/450354
http://pastebin.test.redhat.com/450352

Comment 3 Joe Vlcek 2017-02-03 15:27:06 UTC
Luke,

Can you please PM me the access details to the machine displaying this failure?

Thank you! JoeV

Comment 4 Joe Vlcek 2017-02-03 20:03:52 UTC
Using cfme-vsphere-5.7.0.17-1.x86_64.vsphere.ova today (2017-02-03) I have
successfully configured External Auth / IPA without encountering the reported
failure.

JoeV

Comment 5 luke couzens 2017-02-06 14:19:00 UTC
I think this seems to be a sporadic bug, I can't seem to reproduce this on a 5.7.1 build successfully though was able to on Friday last week. Joe and I have had a quick bluejeans to discuss this and both agree that it is most likely to do with some network connectivity issues during setup. 

I propose we downgrade this from blocker status and we potentially look at a way to improve error reporting during ipa setup specifically to do with network issues.

Comment 6 Joe Vlcek 2017-02-06 22:38:19 UTC
In researching this today I believe the appliance_console is already
doing a fine job of properly indicating the source of the problem.

"Peer's Certificate has expired."

This indicates that the certificates need to be renewed.

This issue is well described here: http://www.freeipa.org/page/IPA_2x_Certificate_Renewal

Luke, I think the appliance_console is already doing a fine job of
indicating the configuration issue.

I don't think this is a bug.

I am going to close it as NOTABUG. If you feel differently please provide
more information or connect with me to discuss.

Thank you!

JoeV


Note You need to log in before you can comment on or make changes to this bug.