#33857 – Проблема с установкой реплики

Bug 33857 - Проблема с установкой реплики

Summary: Проблема с установкой реплики

Status:	CLOSED WORKSFORME

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	freeipa-server (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 normal
Assignee:	Stanislav Levin
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-09-07 14:34 MSK by Sergey Novikov
Modified:	2017-11-22 20:01 MSK (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergey Novikov 2017-09-07 14:34:16 MSK

При попытке создания реплики FreeIPA сервера возникает такая ошибка:
2017-09-07T10:18:16Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
    for nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1687, in main
    promote(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 377, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1442, in promote
    custodia.create_replica(config.master_host_name)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 86, in create_replica
    realm=self.realm)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 580, in create_instance
    self.start_creation("Configuring %s" % self.service_name)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 102, in __import_ra_key
    cli = CustodiaClient(self.fqdn, self.master_host_name, self.realm)
  File "/usr/lib/python2.7/site-packages/ipapython/secrets/client.py", line 61, in __init__
    requests.packages.urllib3.disable_warnings()

2017-09-07T10:18:16Z DEBUG The ipa-replica-install command failed, exception: AttributeError: 'module' object has no attribute 'packages'
2017-09-07T10:18:16Z ERROR 'module' object has no attribute 'packages'

После обновления модуля requests:
python-module-pip
pip install --upgrade requests

Ошибка меняется на:
 [3/5]: Importing RA Key
  [error] SSLError: HTTPSConnectionPool(host='dcpve01.ipatest.ipalocal', port=443): Max retries exceeded with url: /ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--XOlOsw (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    HTTPSConnectionPool(host='dcpve01.ipatest.ipalocal', port=443): Max retries exceeded with url: /ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--XOlOsw (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

После установки модуля с сертификатами и добавления сертификата FreeIPA в доверенные:
apt-get install python-module-certifi
cat /etc/ipa/ca.crt >> /usr/lib/python2.7/site-packages/certifi/cacert.pem

Ошибка меняется на:

[3/5]: Importing RA Key
  [error] HTTPError: 403 Client Error: Forbidden for url: https://dcpve01.ipatest.ipalocal/ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--VvQAiAlHPQ
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    403 Client Error: Forbidden for url: https://dcpve01.ipatest.ipalocal/ipa/keys/ra/ipaCert?type=kem&value=eyJhbGciOiJSU0EtT0FFU--длинный-ключ--VvQAiAlHPQ

ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Comment 1 Mikhail Efremov 2017-11-22 20:01:53 MSK

Должно быть давно исправлено.