Comments (5)
flo-renaud
commented on June 12, 2024
1
Hi @fmarco76
I manually tested with dogtag-pki-ca-11.5.0-1.20240222102149UTC.d8df8dab.fc39.noarch and the issue doesn't happen any more. Thanks!
from pki.
fmarco76
commented on June 12, 2024
@flo-renaud I am trying to reproduce this error using latest version from copr and two containers but I get no error.
For the configuration I am using this scenario: https://github.com/dogtagpki/pki/blob/master/.github/workflows/ipa-clone-test.yml. After set the primary ipa instance and the clone in the secondary container I get:
fmarco76@fedora:~/Projects/upstream/pki$ docker exec primary ipa ca-add subca --subject cn=subca,O=EXAMPLE.COM
------------------
Created CA "subca"
------------------
Name: subca
Authority ID: 94041ba8-0451-4d05-8bb3-8ece448c1150
Subject DN: CN=subca,O=EXAMPLE.COM
Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM
Certificate: MIIEezCCAuOgAwIBAgIBDTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFNUExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MDIxOTEyMjI0N1oXDTQ0MDIxOTEyMTEzMlowJjEUMBIGA1UECgwLRVhBTVBMRS5DT00xDjAMBgNVBAMMBXN1YmNhMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwFzbkSBM9xyc6Dh/UzR7E5VK0/niq/beAIDruC6dgntPlSzZSRIBDc6uj55/9aZ+4Y9ADd4qKA1YA31OeZB+oTtN6V4FV9ner/z8CNedFHecyAhroZ+kojwWPI+DDeWoTvng/AzQe5DVBIKPvM7791z+hBpVpOfpsouj/EFZ7C+9ImlFsWEYLrebC8iHzr98jCN8LUx3uyAIN/Ma04SM/BzSNP1M7ybA8+IgPeDm8KxkuDUBfquD4ywfe47pZBJnb1O/awoO3lS3xyQiGesSsqXTVFJmSt0+W1qe4eF7Fcl/alQe+qA7o1MhL9uRILG8qC9WhAaS66oW13Rp/3yp+D6etLv/dUFc7Das7maV6vEP2iYOJwnZW1al/K8+UAxQV2qULfQ3pXsHQkEi/zJOEDUrNsfWqyRMh3lYLWTai8L9NXi6yiETarL6GuCwX/YOEUDgo2Z8UHAhJm1IXaqvWC3lMQ271JIzVRXfWkpxByNlj0vZhSDT46NS/oUBtkUnAgMBAAGjgaMwgaAwHQYDVR0OBBYEFKxaEdUvqHFEj+rC4e4Ah6cLc0SaMB8GA1UdIwQYMBaAFJqg+3asCRoMmAiNLGJOU0z+5Xz4MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL2lwYS1jYS5leGFtcGxlLmNvbS9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBgQAX5hJXrucQBn+2+844Gpuk2lEb4iu4zfQ2WDW9lvExe3kevWJB2ruFcy5zD4AEkttsR2qwFsYyFoRUfQ+ktwAEVJjrMNLzPaJ99qFLUaIV4077oKlL6x/3Ve0eN0yMPEubm7zCz2udDitYgoslc8MWEIj9SuKoTT3acIRNeFuFIrObIxjgQ1mGZhtmGv29eeSIspOL9E4vHsechaSV4t0rr6rrhfhEEbwo7OXCMALNJR2oVY5+ewQ9EIm2/KjtxRLJmB8YOnLs8tr07HJE4wJ+9fG1G6N3ewl+rQhL+/uoMYJ3jPh1THgi7I/9FkLh4qDh8Lms2/Mzdu9bcoPmw+kxyOP1hlo5GAMh6w65O7d/WQA40QyDIhCxR/D7UwgOltp4Dk/Y5OLX8uc+AL+bySYR0aKS9jBsmO2OIXTxPMo0LelO8xlGaz1SWqATd9jWOnuXfr7ENCDQDFh7iJ8keVun+wwtYFUvuEOOoGpRlvrhSRCaPEn6zgjrRZzARp0srGE=
fmarco76@fedora:~/Projects/upstream/pki$ docker exec secondary ipa ca-find
-------------
2 CAs matched
-------------
Name: ipa
Description: IPA CA
Authority ID: af582b4a-c6e8-4950-84e2-13e295adfb72
Subject DN: CN=Certificate Authority,O=EXAMPLE.COM
Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM
RSN Version: 0
Name: subca
Authority ID: 94041ba8-0451-4d05-8bb3-8ece448c1150
Subject DN: CN=subca,O=EXAMPLE.COM
Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM
----------------------------
Number of entries returned 2
----------------------------
fmarco76@fedora:~/Projects/upstream/pki$ docker exec secondary ipa ca-disable subca
-------------------
Disabled CA "subca"
-------------------
fmarco76@fedora:~/Projects/upstream/pki$ docker exec secondary ipa ca-del subca
------------------
Deleted CA "subca"
------------------
fmarco76@fedora:~/Projects/upstream/pki$ docker exec secondary ipa ca-find
------------
1 CA matched
------------
Name: ipa
Description: IPA CA
Authority ID: af582b4a-c6e8-4950-84e2-13e295adfb72
Subject DN: CN=Certificate Authority,O=EXAMPLE.COM
Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM
RSN Version: 0
----------------------------
Number of entries returned 1
----------------------------
The setup is very similar but the dns is not configure. I tried to add dns configuration but get some problems with docker. Could you verify if the problem is still present and/or the dns is relevant to get the error? Thanks
from pki.
flo-renaud
commented on June 12, 2024
@fmarco76 yes the problem is still present. I did a setup similar to yours (no dns server setup) and the issue is still here.
version: dogtag-pki-ca-11.5.0-0.4.alpha7.20240219105515UTC.2a24da92.fc39.noarch
Did you also setup the CA role on the clone?
from pki.
fmarco76
commented on June 12, 2024
Did you also setup the CA role on the clone?
I tried with and without the ca role with similar results. I'll do a new setup and playing with the parameter to get the error. I would be sure the error is still present before performing additional tests.
from pki.
fmarco76
commented on June 12, 2024
OK @flo-renaud , after several tests I have found how to reproduce the error. The replica is generated differently in the clone workflow. I'll work on this. Thanks
from pki.
Related Issues (20)
- No such command: builddep when building CA Container HOT 1
- Test failures on Fedora 40 HOT 9
- Freeipa: adding subca in loop fails with Non-2xx response from CA REST API: 500 HOT 5
- Intermittent authentication failure
- IPA test_sign_smime_csr_full_principal failed
- Intermittent EST test failure
- dogtag with podman, systemd service inactive (dead) on restart HOT 2
- Log rotation can break ipa-kra-install HOT 1
- Nightly test failure with @pki/master copr repo HOT 16
- Intermittent CertStatusUpdateTask failure
- Intermittent SerialNumberUpdateTask failure
- Occasional 500 errors / ajp_read_header: ajp_ilink_receive failed messages have started appearing
- Guidance Needed: Intermittent Unresponsiveness in Dogtag PKI Web Services in Podman Container Linked to 389ds Undefined Backend Issues HOT 2
- OCSP ansible CI error HOT 1
- IPA server installation with externally-signed CA fails (with @pki/master copr repo) HOT 3
- IPA scenario install / uninstall / install fails with @pki/master repo HOT 1
- IPA KRA install fails on a replica (@pki/master)
- ipa vault-add fails with "Unable to archive key" (@pki/master)
- IPA CA install fails on a replica (@pki/master)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pki.