tripleo

[CI][CS9][Master] featureset039 "Cannot read password while getting initial credentials"

Bug #1963545 reported by Dariusz Smigiel
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Critical
Unassigned
tripleo yoga-2

Bug Description

Test run of tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039 started failing on 2022-03-03 06:11:49 [1] with message indicating issues with generating ipa_prep.sh file.

In log we can see "Internal Server Error" when trying to run step "add nova host manager role" [2].

ipa is failing on: [3]

'/usr/bin/kinit', '-n', '-c', '/run/ipa/ccaches/armor_56683', '-X', 'X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt', '-X', 'X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem'] returned non-zero exit status 1: 'kinit: Cannot read password while getting initial credentials\\n')

[1]: https://logserver.rdoproject.org/17/831617/2/openstack-check/tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039/3f70bd7/job-output.txt
[2]: https://logserver.rdoproject.org/17/831617/2/openstack-check/tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039/3f70bd7/logs/supplemental/home/cloud-user/ipa_prep.sh.log.txt.gz
[3]: https://logserver.rdoproject.org/17/831617/2/openstack-check/tripleo-ci-centos-9-ovb-3ctlr_1comp_1supp-featureset039/3f70bd7/logs/supplemental/var/log/httpd/error_log.gz

Ronelle Landy (rlandy)
summary: - [CI][CS9][Master] "Cannot read password while getting initial
- credentials"
+ [CI][CS9][Master] featureset039 "Cannot read password while getting
+ initial credentials"
Revision history for this message
Ronelle Landy (rlandy) wrote :

Workaround: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/832309

Revision history for this message
Dariusz Smigiel (smigiel-dariusz) wrote :

The workaround is merged. For now, it's recommended way of keeping older version of openssl until it won't get fixed there.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-quickstart-extras (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/834036

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
Dariusz Smigiel (smigiel-dariusz) wrote :

The issue which was solved doesn't have a correct solution yet.
It might be tricky and it's not clear when solution will be available. IPA server does not work correctly under latest openssl. Due to that, it's recommended to keep pinned version of openssl to known working one.

Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2057471

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-quickstart-extras (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/834036
Committed: https://opendev.org/openstack/tripleo-quickstart-extras/commit/f2379876d144d21bc5b626645030afbb56ebb243
Submitter: "Zuul (22348)"
Branch: master

commit f2379876d144d21bc5b626645030afbb56ebb243
Author: Dariusz Smigiel <email address hidden>
Date: Wed Mar 16 08:19:59 2022 -0700

    Added comment to revert in a future

    The issue which was solved doesn't have a correct solution yet.
    It might be tricky and it's not clear when solution will be
    available.
    IPA server does not work correctly under latest openssl.
    Due to that, it's recommended to keep pinned version of
    openssl to known working one.

    Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2057471
    Closes-Bug: 1963545
    Change-Id: Ie037697098d53b8c1c49fa5e6679e244e92ac768

Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.