[Freeipa-users] Traceback starting pki-cad - ca.subsystem.certreq missing?
Fraser Tweedale
ftweedal at redhat.com
Tue Mar 1 05:34:01 UTC 2016
On Mon, Feb 22, 2016 at 06:42:04PM +0100, Natxo Asenjo wrote:
> On Sat, Feb 20, 2016 at 5:58 PM, Ian Pilcher <arequipeno at gmail.com> wrote:
>
> > I am running IPA 3.0.0 on CentOS 6 (32-bit x86), and I am getting a
> > traceback every time pki-cad starts:
> >
> > Traceback (most recent call last):
> > File "/usr/sbin/pki-server", line 89, in <module>
> > cli.execute(sys.argv)
> > File "/usr/sbin/pki-server", line 84, in execute
> > super(PKIServerCLI, self).execute(args)
> > File "/usr/lib/python2.6/site-packages/pki/cli.py", line 195, in execute
> > module.execute(module_args)
> > File "/usr/lib/python2.6/site-packages/pki/server/cli/upgrade.py", line
> > 103, in execute
> > scriptlet.execute()
> > File "/usr/lib/python2.6/site-packages/pki/server/upgrade/__init__.py",
> > line 50, in execute
> > cert = self.subsystem.get_system_cert('subsystem')
> > File "/usr/lib/python2.6/site-packages/pki/server/__init__.py", line 93,
> > in get_system_cert
> > cert['request'] = base64.b64decode(self.config['%s.%s.certreq' %
> > (self.prefix, tag)])
> > KeyError: 'ca.subsystem.certreq'
> > Starting pki-ca: [ OK ]
> >
> > As you can see, the daemon does still start successfully, and the
> > traceback doesn't appear in any of the pki-cad logs.
> >
> >
> yes, I see this too after the last round of updates. Curiously enough, just
> on one of the kdcs, the other does not have this traceback.
>
> Both are centos 6.7 fully patched, 32 bits.
>
You can resolve the issue by stopping pki-cad, adding
'ca.subsystem.certreq=' (empty value) to CS.cfg, then restarting
pki-cad. AFAICT the absense of the certreq field will not cause any
problems.
I'm still investigating what caused the 'ca.subsystem.certreq'
config to disappear from CS.cfg in the first place.
More information about the Freeipa-users
mailing list