[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates flo-renaud commented: """ I updated the patch for renewal lock with a new fix. The timeout needs to be increased, but the lock may also happen because the renewal scripts are run by certmonger during the cert request and should not (for instance for http cert the renewal script restarts httpd while the service is not completely configured). """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259803269 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates jcholast commented: """ Turns out the request does not time out in certmonger, but the 60 seconds wait in `request_and_wait_for_cert()` it too short. """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259692618 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates dkupka commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/7462adec13c5b25b6868d2863dc38062c97d0ff7 https://fedorahosted.org/freeipa/changeset/808b1436b4158cb6f926ac2b5bd0979df6ea7e9f """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259687145 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates flo-renaud commented: """ Thanks Fraser! The patch for renewal lock file deletion is available at https://github.com/freeipa/freeipa/pull/229 """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259678689 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ Well I couldn't wait 'til tomorrow so I checked just then. I could not reproduce the issue :) """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259675725 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ @jcholast sure, especially if it is related to renewal locks or some other tangential matter. ( @flo-renaud I have not yet confirmed the cause; will get to it tomorrow ) """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259673472 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates jcholast commented: """ Can we fix this in a separate PR to unblock the merge of this one? """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259671468 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates flo-renaud commented: """ Hi Fraser, can you check if the renewal lock was released after the last uninstallation? The file /var/run/ipa/renewal.lock should display something like ``` cat /var/run/ipa/renewal.lock [lock] locked = 0 ``` If it is showing instead that the lock is taken, then the install will fail on timeout. I wonder whether I should clean this file at the beginning of the installation, to avoid this specific issue. """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259630260 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ Although there are conflicts with `master`, there are problems when the patches are rebased. Server installation (CA-ful) fails when requesting the RA certificate. ``` 2016-11-10T04:58:02Z DEBUG [16/30]: requesting RA certificate from CA 2016-11-10T04:58:02Z DEBUG Starting external process 2016-11-10T04:58:02Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs -out /var/lib/ipa/tmpyozdnw 2016-11-10T04:58:02Z DEBUG Process finished, return code=0 2016-11-10T04:58:02Z DEBUG stdout= 2016-11-10T04:58:02Z DEBUG stderr= 2016-11-10T04:58:03Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1) 2016-11-10T04:58:08Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:13Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:18Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:23Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:28Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:33Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:38Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:43Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:48Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:53Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:58Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:59:03Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 397, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 387, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 830, in __request_ra_certificate post_command='renew_ra_cert') File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 312, in request_and_wait_for_cert state = wait_for_request(reqId, timeout=60) File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 601, in wait_for_request raise RuntimeError("request timed out") RuntimeError: request timed out ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259603552 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#219][comment] Refactor installer code requesting certificates
URL: https://github.com/freeipa/freeipa/pull/219 Title: #219: Refactor installer code requesting certificates frasertweedale commented: """ Although there are no conflicts with `master`, there are problems when the patches are rebased. Server installation (CA-ful) fails when requesting the RA certificate. ``` 2016-11-10T04:58:02Z DEBUG [16/30]: requesting RA certificate from CA 2016-11-10T04:58:02Z DEBUG Starting external process 2016-11-10T04:58:02Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs -out /var/lib/ipa/tmpyozdnw 2016-11-10T04:58:02Z DEBUG Process finished, return code=0 2016-11-10T04:58:02Z DEBUG stdout= 2016-11-10T04:58:02Z DEBUG stderr= 2016-11-10T04:58:03Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_CERT', variant_level=1) 2016-11-10T04:58:08Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:13Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:18Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:23Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:28Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:33Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:38Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:43Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:48Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:53Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:58:58Z DEBUG certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1) 2016-11-10T04:59:03Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 397, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 387, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 830, in __request_ra_certificate post_command='renew_ra_cert') File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 312, in request_and_wait_for_cert state = wait_for_request(reqId, timeout=60) File "/usr/lib/python2.7/site-packages/ipapython/certmonger.py", line 601, in wait_for_request raise RuntimeError("request timed out") RuntimeError: request timed out ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/219#issuecomment-259603552 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code