Bug#898543: [Pkg-freeipa-devel] Bug#898543: Bug#898543: nss-pem available
I should have written I built in on groovy dpkg-buildpackage -b -uc and the error was the one on the bug you wrote was related to this one. On October 7, 2020 4:09:22 PM CDT, Timo Aaltonen wrote: >On 7.10.2020 22.59, Harry Coin wrote: >> This was from a build on ubuntu-groovy. I suspected the cause was >a >> race condition since the immediate prior step lauches over a dozen >> dogtag processes that eventually all end but not before the failing >step >> begins and then times out. > >There is no freeipa-server on groovy, and there won't be. And the error > >is different on Debian. > > > >-- >t -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Bug#898543: [Pkg-freeipa-devel] Bug#898543: nss-pem available
On 10/7/20 2:31 PM, Timo Aaltonen wrote: > On 7.10.2020 19.11, Harry Coin wrote: >> On Fri, 25 Sep 2020 11:46:16 +0300 Timo Aaltonen >> wrote: >>> >>> Hi, >>> >>> This bug shouldn't happen anymore, as nss-pem is used. There's another >>> bug (970880) preventing server install right now though. >>> >>> -- >>> t >>> >>> >> File >> "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", >> line 484, in configure_instance >> self.start_creation(runtime=runtime) >> File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", >> line 606, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", >> line 592, in run_step >> method() >> File >> "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", >> line 880, in __request_ra_certificate >> reqId = certmonger.request_and_wait_for_cert( >> File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py", >> line 409, in request_and_wait_for_cert >> raise RuntimeError( >> >> 2020-10-07T14:45:28Z DEBUG The ipa-server-install command failed, >> exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE: >> Error 35 connecting to >> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: >> SSL connect error.) >> 2020-10-07T14:45:28Z ERROR Certificate issuance failed (CA_UNREACHABLE: >> Error 35 connecting to >> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: >> SSL connect error.) >> 2020-10-07T14:45:28Z ERROR The ipa-server-install command failed. See >> /var/log/ipaserver-install.log for more information >> >> ... >> >> [11/30]: starting certificate server instance >> [12/30]: configure certmonger for renewals >> [13/30]: requesting RA certificate from CA >> [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: >> Error 35 connecting to >> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: >> SSL connect error.) >> >> ___ >> Pkg-freeipa-devel mailing list >> pkg-freeipa-de...@alioth-lists.debian.net >> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-freeipa-devel >> >> > > No need to post it here, as I said 970880 is the other bug. Upstream > is looking at it. > This was from a build on ubuntu-groovy. I suspected the cause was a race condition since the immediate prior step lauches over a dozen dogtag processes that eventually all end but not before the failing step begins and then times out. -HC
Bug#898543: [Pkg-freeipa-devel] Bug#898543: Bug#898543: nss-pem available
On 7.10.2020 22.59, Harry Coin wrote: This was from a build on ubuntu-groovy. I suspected the cause was a race condition since the immediate prior step lauches over a dozen dogtag processes that eventually all end but not before the failing step begins and then times out. There is no freeipa-server on groovy, and there won't be. And the error is different on Debian. -- t
Bug#898543: nss-pem available
On Fri, 25 Sep 2020 11:46:16 +0300 Timo Aaltonen wrote: > > Hi, > > This bug shouldn't happen anymore, as nss-pem is used. There's another > bug (970880) preventing server install right now though. > > -- > t > > File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 484, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 606, in start_creation run_step(full_msg, method) File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 592, in run_step method() File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 880, in __request_ra_certificate reqId = certmonger.request_and_wait_for_cert( File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py", line 409, in request_and_wait_for_cert raise RuntimeError( 2020-10-07T14:45:28Z DEBUG The ipa-server-install command failed, exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Error 35 connecting to https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: SSL connect error.) 2020-10-07T14:45:28Z ERROR Certificate issuance failed (CA_UNREACHABLE: Error 35 connecting to https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: SSL connect error.) 2020-10-07T14:45:28Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information ... [11/30]: starting certificate server instance [12/30]: configure certmonger for renewals [13/30]: requesting RA certificate from CA [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Error 35 connecting to https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: SSL connect error.)
Bug#898543: [Pkg-freeipa-devel] Bug#898543: nss-pem available
On 7.10.2020 19.11, Harry Coin wrote: On Fri, 25 Sep 2020 11:46:16 +0300 Timo Aaltonen wrote: Hi, This bug shouldn't happen anymore, as nss-pem is used. There's another bug (970880) preventing server install right now though. -- t File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 484, in configure_instance self.start_creation(runtime=runtime) File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 606, in start_creation run_step(full_msg, method) File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 592, in run_step method() File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 880, in __request_ra_certificate reqId = certmonger.request_and_wait_for_cert( File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py", line 409, in request_and_wait_for_cert raise RuntimeError( 2020-10-07T14:45:28Z DEBUG The ipa-server-install command failed, exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Error 35 connecting to https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: SSL connect error.) 2020-10-07T14:45:28Z ERROR Certificate issuance failed (CA_UNREACHABLE: Error 35 connecting to https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: SSL connect error.) 2020-10-07T14:45:28Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information ... [11/30]: starting certificate server instance [12/30]: configure certmonger for renewals [13/30]: requesting RA certificate from CA [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Error 35 connecting to https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview: SSL connect error.) ___ Pkg-freeipa-devel mailing list pkg-freeipa-de...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-freeipa-devel No need to post it here, as I said 970880 is the other bug. Upstream is looking at it. -- t