On 12.01.2016 12:24, Jan Cholasta wrote:
Jan 12 12:31:43 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: Connected Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: replica pub keys in LDAP: set(['0xf5edad67436d0ed36b75c3a70216fa43', '0x7164a931484d505f1e249e3dcbc313e2']) Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: replica pub keys in SoftHSM: set(['0xf5edad67436d0ed36b75c3a70216fa43', '0x7164a931484d505f1e249e3dcbc313e2', '0x28e302ae6b6ee7e9284cd5f6 Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: new replica keys in LDAP: set([]) Jan 12 12:31:44 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[31178]: obsolete replica keys in local HSM: set(['0x28e302ae6b6ee7e9284cd5f61aadbbe7']) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: Traceback (most recent call last): Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/libexec/ipa/ipa-ods-exporter", line 664, in <module> Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: ldap2master_replica_keys_sync(log, ldapkeydb, localhsm) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/libexec/ipa/ipa-ods-exporter", line 321, in ldap2master_replica_keys_sync Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: localhsm.replica_pubkeys_wrap[key_id]['ipk11wrap'] = False Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/lib/python2.7/site-packages/ipapython/dnssec/localhsm.py", line 65, in __setitem__ Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: return self.p11.set_attribute(self.handle, attrs_name2id[key], value) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: File "/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line 1661, in set_attribute Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: sizeof(CK_ATTRIBUTE))) Jan 12 12:31:44 master.ipa.test ipa-ods-exporter[31178]: TypeError: an integer is required Jan 12 12:31:44 master.ipa.test systemd[1]: ipa-ods-exporter.service: Main process exited, code=exited, status=1/FAILUREOn 12.1.2016 12:17, Martin Basti wrote:On 12.01.2016 10:19, Jan Cholasta wrote:On 12.1.2016 09:32, Martin Basti wrote:On 07.01.2016 14:13, Jan Cholasta wrote:On 7.1.2016 09:50, Jan Cholasta wrote:Hi, the attached patch ports the _ipap11helper module to python-cffi. Combined with my patch 536 [1], this makes ipapython architecture independent.Updated patch attached.I tried to run DNSSEC tests and it failed unexpectedly:Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:ConnectedJan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:replica pub keys in LDAP: set(['0x51df7c70b9869a7dd2bbd27335dba3f8', '0xd8538e634797420ca86cda420234443c'])Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]: replica pub keys in SoftHSM: set(['0x51df7c70b9869a7dd2bbd27335dba3f8','0x1f7241a64d69ced6c0a14f6999410c59'])Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:new replica keys in LDAP: set(['0xd8538e634797420ca86cda420234443c'])Jan 12 08:28:06 master.ipa.test /usr/libexec/ipa/ipa-ods-exporter[8667]:label=dnssec-replica:replica1.ipa.test., id=d8538e634797420ca86cda420234443c, data=30820122300d06092a864886f70d01010105Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: Traceback (mostrecent call last): Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File "/usr/libexec/ipa/ipa-ods-exporter", line 664, in <module> Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: ldap2master_replica_keys_sync(log, ldapkeydb, localhsm) Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File "/usr/libexec/ipa/ipa-ods-exporter", line 313, in ldap2master_replica_keys_sync Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: localhsm.import_public_key(new_key_ldap, new_key_ldap['ipapublickey']) Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File "/usr/lib/python2.7/site-packages/ipapython/dnssec/localhsm.py", line 173, in import_public_key Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: h = self.p11.import_public_key(**params) Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: File"/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line 1498, inimport_public_key Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: pkey = d2i_PUBKEY(NULL, data_ptr, data_length) Jan 12 08:28:06 master.ipa.test ipa-ods-exporter[8667]: TypeError: 'int(*)(EVP_PKEY *, unsigned char * *)' expects 2 arguments, got 3 Jan 12 08:28:06 master.ipa.test systemd[1]: ipa-ods-exporter.service: Main process exited, code=exited, status=1/FAILURE Jan 12 08:28:06 master.ipa.test systemd[1]: ipa-ods-exporter.service: Unit entered failed state. Jan 12 08:28:06 master.ipa.test systemd[1]: ipa-ods-exporter.service: Failed with result 'exit-code'. I haven't seen any other errorsUpdated patch attached. Added a patch which replaces calls to libcrypto with calls to python-cryptography.[ipa.ipatests.test_integration.host.Host.master.cmd10] Done configuring DNS (named). [ipa.ipatests.test_integration.host.Host.master.cmd10] Configuring DNS key synchronization service (ipa-dnskeysyncd) [ipa.ipatests.test_integration.host.Host.master.cmd10] [1/7]: checking status [ipa.ipatests.test_integration.host.Host.master.cmd10] [2/7]: setting up bind-dyndb-ldap working directory [ipa.ipatests.test_integration.host.Host.master.cmd10] [3/7]: setting up kerberos principal [ipa.ipatests.test_integration.host.Host.master.cmd10] [4/7]: setting up SoftHSM [ipa.ipatests.test_integration.host.Host.master.cmd10] [5/7]: adding DNSSEC containers [ipa.ipatests.test_integration.host.Host.master.cmd10] [6/7]: creating replica keys [ipa.ipatests.test_integration.host.Host.master.cmd10] [error] Error: export_RSA_public_key: internal error: EVP_PKEY_set1_RSA failed [ipa.ipatests.test_integration.host.Host.master.cmd10] ipa.ipapython.install.cli.install_tool(Server): ERROR export_RSA_public_key: internal error: EVP_PKEY_set1_RSA failed [ipa.ipatests.test_integration.host.Host.master.cmd10] ipa.ipapython.install.cli.install_tool(Server): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information [ipa.ipatests.test_integration.host.Host.master.cmd10] Exit code: 1 ipa-server-install.log .... File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 436, in run_step method() File"/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py",line 342, in __setup_replica_keys public_key_blob = p11.export_public_key(public_key_handle) File "/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line 1275, in export_public_key return self._export_RSA_public_key(object) File "/usr/lib/python2.7/site-packages/ipapython/p11helper.py", line 1240, in _export_RSA_public_key raise Error("export_RSA_public_key: internal error: " 2016-01-12T11:00:29Z DEBUG The ipa-server-install command failed, exception: Error: export_RSA_public_key: internal error: EVP_PKEY_set1_RSA failed 2016-01-12T11:00:29Z ERROR export_RSA_public_key: internal error: EVP_PKEY_set1_RSA failedUpdated patch 538 attached.
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
