search

pki-bot / pki-issues-final

0 stars 0 forks source link

pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is failing #1442

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #1454. Originally filed by rpattath (@rpattath) on 2015-07-01 18:56:17:

pkispawn clone CA using existing base DN and pki_ds_remove_data=True in inf is failing

Steps to Reproduce:

1. pkispawn master CA
2. pkispawn clone CA
3. pkidestroy clone CA
4. pkispawn clone CA using the same base DN used in step 2
5. clone CA's inf has pki_ds_remove_data=True

Actual results:

pkispawn is failing

Expected results:

pkispawn clone CA should be successful

Additional info:

a part of log messages in clone CA debug log

[root@sparks ~]# cat /var/log/pki/clone1/ca/debug | grep "30/Jun/2015:14:23:03"
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LdapAuthInfo: password ok: store
in memory cache
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LdapAuthInfo: init ends
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: init: before makeConnection
errorIfDown is false
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: makeConnection: errorIfDown
false
[30/Jun/2015:14:23:03][Finalizer]: Destroying LdapBoundConnFactory(DBSubsystem)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: Established LDAP connection
using basic authentication to host sparks.idmqe.lab.eng.bos.redhat.com port
1901 as cn=Database Manager
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: initializing with mininum 3 and
maximum 15 connections to host sparks.idmqe.lab.eng.bos.redhat.com port 1901,
secure connection, false, authentication type 1
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: increasing minimum connections
by 3
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: new total available connections
3
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: new number of connections 3
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: In
LdapBoundConnFactory::getConn()
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: masterConn is connected: true
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: getConn: conn is connected true
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: getConn: mNumConns now 2
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS:
param=preop.internaldb.post_ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file =
/usr/share/pki/ca/conf/vlv.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file copy to
/var/lib/pki/clone1/ca/conf/vlv.ldif
[30/Jun/2015:14:23:03][Finalizer]: Destroying LdapBoundConnFactory(DirAclAuthz)
[30/Jun/2015:14:23:03][Finalizer]: Destroying LdapBoundConnFactory(UGSubsystem)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): LDAP Errors in
importing /var/lib/pki/clone1/ca/conf/vlv.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInvalidCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInValidCertsNotBefore-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allNonRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCaCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCaCerts-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCerts-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidOrRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caAll-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceled-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caComplete-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPending-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejected-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRevocation-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRenewal-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allCerts-clone1Index, cn=allCerts-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allExpiredCerts-clone1Index, cn=allExpiredCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInvalidCerts-clone1Index, cn=allInvalidCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allInValidCertsNotBefore-clone1Index,
cn=allInValidCertsNotBefore-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allNonRevokedCerts-clone1Index,
cn=allNonRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCaCerts-clone1Index, cn=allRevokedCaCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCerts-clone1Index, cn=allRevokedCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedCertsNotAfter-clone1Index,
cn=allRevokedCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedExpiredCerts-clone1Index,
cn=allRevokedExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCaCerts-clone1Index,
cn=allRevokedOrRevokedExpiredCaCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allRevokedOrRevokedExpiredCerts-clone1Index,
cn=allRevokedOrRevokedExpiredCerts-clone1, cn=pki-ca-ldap, cn=ldbm database,
cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCerts-clone1Index, cn=allValidCerts-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidCertsNotAfter-clone1Index,
cn=allValidCertsNotAfter-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=allValidOrRevokedCerts-clone1Index,
cn=allValidOrRevokedCerts-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caAll-clone1Index, cn=caAll-clone1, cn=pki-ca-ldap, cn=ldbm
database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to connect
to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceled-clone1Index, cn=caCanceled-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledEnrollment-clone1Index,
cn=caCanceledEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRenewal-clone1Index, cn=caCanceledRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCanceledRevocation-clone1Index,
cn=caCanceledRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caComplete-clone1Index, cn=caComplete-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteEnrollment-clone1Index,
cn=caCompleteEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRenewal-clone1Index, cn=caCompleteRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caCompleteRevocation-clone1Index,
cn=caCompleteRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caEnrollment-clone1Index, cn=caEnrollment-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPending-clone1Index, cn=caPending-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingEnrollment-clone1Index,
cn=caPendingEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRenewal-clone1Index, cn=caPendingRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caPendingRevocation-clone1Index,
cn=caPendingRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejected-clone1Index, cn=caRejected-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedEnrollment-clone1Index,
cn=caRejectedEnrollment-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRenewal-clone1Index, cn=caRejectedRenewal-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRejectedRevocation-clone1Index,
cn=caRejectedRevocation-clone1, cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRenewal-clone1Index, cn=caRenewal-clone1, cn=pki-ca-ldap,
cn=ldbm database, cn=plugins, cn=config:netscape.ldap.LDAPException: failed to
connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=caRevocation-clone1Index, cn=caRevocation-clone1,
cn=pki-ca-ldap, cn=ldbm database, cn=plugins,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file =
/usr/share/pki/ca/conf/vlvtasks.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): ldif file copy to
/var/lib/pki/clone1/ca/conf/vlvtasks.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: importLDIFS(): LDAP Errors in
importing /var/lib/pki/clone1/ca/conf/vlvtasks.ldif
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: LDAPUtil:importLDIF: exception
in adding entry cn=index1160589769, cn=index, cn=tasks,
cn=config:netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91)
[30/Jun/2015:14:23:03][http-bio-30002-exec-3]: Checking wait_dn
cn=index1160589769, cn=index, cn=tasks, cn=config
[30/Jun/2015:14:23:04][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:05][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:06][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:07][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:08][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:09][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:10][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:11][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
[30/Jun/2015:14:23:12][http-bio-30002-exec-3]: Still checking wait_dn
'cn=index1160589769, cn=index, cn=tasks, cn=config'
(netscape.ldap.LDAPException: failed to connect to server
ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))
pki-bot commented 3 years ago

Comment from jmagne (@jmagne) at 2015-07-08 02:44:46

OK: After some experimentation this is what I found.

  1. This problem happens if you create the clone, destroy it, and then immediately try to re-create the exact same clone with the same deployment.cfg file.

This fails during the ldif importation process, specifically the vlv.index file. This happens shortly after replication. When this importation fails, the ldap server can no longer be contacted by the CA clone being installed. We get a bunch of these:

Still checking wait_dn 'cn=index1160589769, cn=index, cn=tasks, cn=config' (netscape.ldap.LDAPException: failed to connect to server ldap://sparks.idmqe.lab.eng.bos.redhat.com:1901 (91))

  1. I found a condition in the DS logs that might be important:

07/Jul/2015:20:35:16 -0400] - ldbm: Bringing pki-ca-ldap offline... [07/Jul/2015:20:35:16 -0400] - ldbm: removing 'pki-ca-ldap'. [07/Jul/2015:20:35:16 -0400] - Destructor for instance pki-ca-ldap called [07/Jul/2015:20:35:19 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=pki-ca is going offline; disabling replication [07/Jul/2015:20:35:20 -0400] NSMMReplicationPlugin - agmt="cn=cloneAgreement1-sparks.idmqe.lab.eng.bos.redhat.com-clone1" (sparks:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica. [07/Jul/2015:20:35:20 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database

It looks like some condition has been found and the server is going down, but in our case it never really comes back.

  1. I have found a workaround for this that seems to work every time.

After doing the pkidestroy on the first clone, simply restart the DS server. Try the clone again and it works flawlessly.

My theory is that after a clone is destroyed, something is out of sync with the previous replication agreement that shows up when the exact same agreement is attempted again. If we restart the DS server, things get cleared up and then the subsequent cloning operation is fine.

Further digging would be needed to figure out exactly what is going on here.

pki-bot commented 3 years ago

Comment from mharmsen (@mharmsen) at 2015-07-14 19:43:48

For the purposes of Dogtag 10.2, the following PKI TRAC Ticket was filed:

pki-bot commented 3 years ago

Comment from rpattath (@rpattath) at 2017-02-27 14:08:52

Metadata Update from @rpattath: