[Pkg-freeipa-devel] Bug#898543: Bug#898543: nss-pem available
Harry Coin
harrycoin at aol.com
Wed Oct 7 20:59:08 BST 2020
On 10/7/20 2:31 PM, Timo Aaltonen wrote:
> On 7.10.2020 19.11, Harry Coin wrote:
>> On Fri, 25 Sep 2020 11:46:16 +0300 Timo Aaltonen <tjaalton at debian.org>
>> wrote:
>>>
>>> Hi,
>>>
>>> This bug shouldn't happen anymore, as nss-pem is used. There's another
>>> bug (970880) preventing server install right now though.
>>>
>>> --
>>> t
>>>
>>>
>> File
>> "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py",
>> line 484, in configure_instance
>> self.start_creation(runtime=runtime)
>> File "/usr/lib/python3/dist-packages/ipaserver/install/service.py",
>> line 606, in start_creation
>> run_step(full_msg, method)
>> File "/usr/lib/python3/dist-packages/ipaserver/install/service.py",
>> line 592, in run_step
>> method()
>> File
>> "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py",
>> line 880, in __request_ra_certificate
>> reqId = certmonger.request_and_wait_for_cert(
>> File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py",
>> line 409, in request_and_wait_for_cert
>> raise RuntimeError(
>>
>> 2020-10-07T14:45:28Z DEBUG The ipa-server-install command failed,
>> exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE:
>> Error 35 connecting to
>> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
>> SSL connect error.)
>> 2020-10-07T14:45:28Z ERROR Certificate issuance failed (CA_UNREACHABLE:
>> Error 35 connecting to
>> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
>> SSL connect error.)
>> 2020-10-07T14:45:28Z ERROR The ipa-server-install command failed. See
>> /var/log/ipaserver-install.log for more information
>>
>> ...
>>
>> [11/30]: starting certificate server instance
>> [12/30]: configure certmonger for renewals
>> [13/30]: requesting RA certificate from CA
>> [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE:
>> Error 35 connecting to
>> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
>> SSL connect error.)
>>
>> _______________________________________________
>> Pkg-freeipa-devel mailing list
>> Pkg-freeipa-devel at alioth-lists.debian.net
>> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-freeipa-devel
>>
>>
>
> No need to post it here, as I said 970880 is the other bug. Upstream
> is looking at it.
>
This was from a build on ubuntu-groovy. I suspected the cause was a
race condition since the immediate prior step lauches over a dozen
dogtag processes that eventually all end but not before the failing step
begins and then times out.
-HC
More information about the Pkg-freeipa-devel
mailing list