[Freeipa-users] Traceback starting pki-cad - ca.subsystem.certreq missing?
German Parente
gparente at redhat.com
Tue Mar 1 08:18:34 UTC 2016
Hi Fraser,
thanks for the workaround. As I have a customer who hit this bug, I have created BZ 1313207 to trace this issue in the case.
Regards,
German.
----- Original Message -----
> From: "Fraser Tweedale" <ftweedal at redhat.com>
> To: "Ian Pilcher" <arequipeno at gmail.com>, "Natxo Asenjo" <natxo.asenjo at gmail.com>
> Cc: freeipa-users at redhat.com
> Sent: Tuesday, March 1, 2016 6:34:01 AM
> Subject: Re: [Freeipa-users] Traceback starting pki-cad - ca.subsystem.certreq missing?
>
> On Mon, Feb 22, 2016 at 06:42:04PM +0100, Natxo Asenjo wrote:
> > On Sat, Feb 20, 2016 at 5:58 PM, Ian Pilcher <arequipeno at gmail.com> wrote:
> >
> > > I am running IPA 3.0.0 on CentOS 6 (32-bit x86), and I am getting a
> > > traceback every time pki-cad starts:
> > >
> > > Traceback (most recent call last):
> > > File "/usr/sbin/pki-server", line 89, in <module>
> > > cli.execute(sys.argv)
> > > File "/usr/sbin/pki-server", line 84, in execute
> > > super(PKIServerCLI, self).execute(args)
> > > File "/usr/lib/python2.6/site-packages/pki/cli.py", line 195, in
> > > execute
> > > module.execute(module_args)
> > > File "/usr/lib/python2.6/site-packages/pki/server/cli/upgrade.py", line
> > > 103, in execute
> > > scriptlet.execute()
> > > File "/usr/lib/python2.6/site-packages/pki/server/upgrade/__init__.py",
> > > line 50, in execute
> > > cert = self.subsystem.get_system_cert('subsystem')
> > > File "/usr/lib/python2.6/site-packages/pki/server/__init__.py", line
> > > 93,
> > > in get_system_cert
> > > cert['request'] = base64.b64decode(self.config['%s.%s.certreq' %
> > > (self.prefix, tag)])
> > > KeyError: 'ca.subsystem.certreq'
> > > Starting pki-ca: [ OK ]
> > >
> > > As you can see, the daemon does still start successfully, and the
> > > traceback doesn't appear in any of the pki-cad logs.
> > >
> > >
> > yes, I see this too after the last round of updates. Curiously enough, just
> > on one of the kdcs, the other does not have this traceback.
> >
> > Both are centos 6.7 fully patched, 32 bits.
> >
> You can resolve the issue by stopping pki-cad, adding
> 'ca.subsystem.certreq=' (empty value) to CS.cfg, then restarting
> pki-cad. AFAICT the absense of the certreq field will not cause any
> problems.
>
> I'm still investigating what caused the 'ca.subsystem.certreq'
> config to disappear from CS.cfg in the first place.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
More information about the Freeipa-users
mailing list