tripleo-ci-centos-8-standalone-on-multinode-ipa/tripleo-ci-centos-8-ovb-3ctlr_1comp_1supp-featureset039-master failing while configuring FreeIPA server with RuntimeError: CA configuration failed.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Sandeep Yadav |
Bug Description
tripleo-
~~~
2020-11-01 01:24:56.641717 | primary | TASK [ipa-multinode : configure FreeIPA] *******
2020-11-01 01:24:56.642024 | primary | Sunday 01 November 2020 01:24:56 +0000 (0:00:01.056) 0:01:59.048 *******
2020-11-01 01:27:34.964988 | primary | fatal: [subnode-1]: FAILED! => {
2020-11-01 01:27:34.965301 | primary | "changed": true,
2020-11-01 01:27:34.965323 | primary | "cmd": "ipa-server-install --realm OOO.TEST --ds-password fce953182041145
2020-11-01 01:27:34.965340 | primary | "delta": "0:02:37.730238",
2020-11-01 01:27:34.965379 | primary | "end": "2020-11-01 01:27:34.908269",
2020-11-01 01:27:34.965400 | primary | "rc": 1,
2020-11-01 01:27:34.965410 | primary | "start": "2020-11-01 01:24:57.178031"
2020-11-01 01:27:34.965415 | primary | }
2020-11-01 01:27:34.965439 | primary |
2020-11-01 01:27:34.965448 | primary | STDOUT:
2020-11-01 01:27:34.965453 | primary |
2020-11-01 01:27:34.965459 | primary |
.
.
2020-11-01 01:27:34.966288 | primary | Failed to configure CA instance: CalledProcessEr
2020-11-01 01:27:34.966318 | primary | See the installation logs and the following files/directories for more information:
~~~
https:/
~~~
Installing CA into /var/lib/
Installation failed: Server unreachable due to SSL error: [SSL: WRONG_VERSION_
2020-11-
ERROR: Exception: Server unreachable due to SSL error: [SSL: WRONG_VERSION_
File "/usr/lib/
scriptlet.
File "/usr/lib/
request_
File "/usr/lib/
raise Exception('Server unreachable due to SSL error: %s' % reason) from exc
2020-11-
~~~
Another example:
tags: | removed: promotion-blocker |
tags: | added: pro |
tags: |
added: promotion-blocker removed: pro |
Changed in tripleo: | |
assignee: | nobody → Ade Lee (alee-3) |
Changed in tripleo: | |
assignee: | Ade Lee (alee-3) → Ronelle Landy (rlandy) |
status: | Triaged → In Progress |
Changed in tripleo: | |
assignee: | Ronelle Landy (rlandy) → Sagi (Sergey) Shnaidman (sshnaidm) |
Changed in tripleo: | |
assignee: | Sagi (Sergey) Shnaidman (sshnaidm) → Ronelle Landy (rlandy) |
summary: |
- tripleo-ci-centos-8-standalone-on-multinode-ipa is failing while + tripleo-ci-centos-8-standalone-on-multinode-ipa/tripleo-ci- + centos-8-ovb-3ctlr_1comp_1supp-featureset039-master failing while configuring FreeIPA server with RuntimeError: CA configuration failed. |
Changed in tripleo: | |
status: | Fix Released → In Progress |
tags: | removed: promotion-blocker |
This seems to be related to a recent RHEL change spotted by bandini and lmiccini [1] that probably deprecates old TLS versions in java. Quoting the bz:
"" 8.0-openjdk- 1:1.8.0. 272.b10- 1.el8_2. x86_64 -> Breaks FreeIPA install 8.0-openjdk- devel-1: 1.8.0.265. b01-0.el8_ 2.x86_64 -> Works correctly with FreeIPA install
java-1.
java-1.
if rpm -q --queryformat '%{version}' java-1.8.0-openjdk |grep "1.8.0.272"; then dnf downgrade -y java-1.8.0-openjdk java-1. 8.0-openjdk- headless; fi
The installation of freeipa proceeded normally (java-1. 8.0-openjdk- 1.8.0.265. b01-0.el8_ 2.x86_64 is what we downgraded to)
""
[1] https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1892216