Bug 1417647 - [Regression] IPA configuration fails during setup with cert error
Summary: [Regression] IPA configuration fails during setup with cert error
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.7.2
Assignee: Joe Vlcek
QA Contact: luke couzens
Whiteboard: black:ldap:auth
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-30 14:07 UTC by luke couzens
Modified: 2017-02-07 04:47 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-02-06 22:38:19 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:

Attachments (Terms of Use)

Description luke couzens 2017-01-30 14:07:25 UTC
Description of problem:Cert error found while trying to setup ipa configuration through appliance console. This same test works as expected on

Version-Release number of selected component (if applicable):

How reproducible:100%

Steps to Reproduce:
1.SSH to appliance
2.run appliance_console
3.Configure option 14 'configure external authentication'
4.Fill out required details

Actual results:Setup fails due to certificate error

Expected results:IPA configure successfully

Additional info:
Two pastebins showing errors, First time I ran this through I retrieve a cert but its expired, Second time it uses the previously retrieved cert but fails to verify its talking to an IPA server.


Comment 3 Joe Vlcek 2017-02-03 15:27:06 UTC

Can you please PM me the access details to the machine displaying this failure?

Thank you! JoeV

Comment 4 Joe Vlcek 2017-02-03 20:03:52 UTC
Using cfme-vsphere- today (2017-02-03) I have
successfully configured External Auth / IPA without encountering the reported


Comment 5 luke couzens 2017-02-06 14:19:00 UTC
I think this seems to be a sporadic bug, I can't seem to reproduce this on a 5.7.1 build successfully though was able to on Friday last week. Joe and I have had a quick bluejeans to discuss this and both agree that it is most likely to do with some network connectivity issues during setup. 

I propose we downgrade this from blocker status and we potentially look at a way to improve error reporting during ipa setup specifically to do with network issues.

Comment 6 Joe Vlcek 2017-02-06 22:38:19 UTC
In researching this today I believe the appliance_console is already
doing a fine job of properly indicating the source of the problem.

"Peer's Certificate has expired."

This indicates that the certificates need to be renewed.

This issue is well described here: http://www.freeipa.org/page/IPA_2x_Certificate_Renewal

Luke, I think the appliance_console is already doing a fine job of
indicating the configuration issue.

I don't think this is a bug.

I am going to close it as NOTABUG. If you feel differently please provide
more information or connect with me to discuss.

Thank you!


Note You need to log in before you can comment on or make changes to this bug.