-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-8.8.0
-
None
-
Moderate
-
rhel-sst-idm-cs
-
ssg_idm
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
In IPA domain has both RHEL 8 and RHEL 9 servers.
Following error occurs when using RHEL8 ipa-healthcheck
% ipa-healthcheck --verbose --debug --failures-only --check ClonesConnectivyAndDataCheck --source pki.server.healthcheck.clones.connectivity_and_data
...
Calling check <pki.server.healthcheck.clones.connectivity_and_data.ClonesConnectivyAndDataCheck object at 0x7f815a2d0e80>
Entering ClonesConnectivityCheck : pki-tomcat
...
https://rhel9.example.com:443 "POST /ca/rest/certs/search?size=3 HTTP/1.1" 200 316
Internal server error 'Link'
[
{
"source": "pki.server.healthcheck.clones.connectivity_and_data",
"check": "ClonesConnectivyAndDataCheck",
"result": "ERROR",
...
"kw":
}
]
However, running the same command on RHEL9 have no error.
This check essentially get 3 certificates using something similar to
kinit admin
JSON_REQUEST='{ }'
curl -v -b ~/cookiejar -c ~/cookiejar --negotiate -u : -H "Content-Type:application/json" -H "Accept:application/json" -H Referer:https://$IPA_SERVER/ipa ${JSON_REQUEST:+-d "$JSON_REQUEST"} https://$IPA_SERVER/ca/rest/certs/search?size=3 | jq
Using above command on RHEL 8, there is a `Link` attribute like:
{
...
"entries": [
{
"id": "0x1",
"SubjectDN": "CN=Certificate Authority,O=EXAMPLE.COM",
"IssuerDN": "CN=Certificate Authority,O=EXAMPLE.COM,
...
"Link":
},
...
}
On RHEL 9, no `Link` attribute:
{
...
"entries": [
,
...
This cause the following code to have exception
class CertRequestInfoCollection(object):
...
@classmethod
def from_json(cls, json_value):
""" Populate object from JSON input """
ret = cls()
cert_req_infos = json_value['entries']
if not isinstance(cert_req_infos, list):
ret.cert_request_info_list.append(
CertRequestInfo.from_json(cert_req_infos))
else:
for cert_info in cert_req_infos:
ret.cert_request_info_list.append(
CertRequestInfo.from_json(cert_info))
links = json_value['Link'] <#### KeyError: 'Link'
if not isinstance(links, list):
ret.links.append(pki.Link.from_json(links))
else:
for link in links:
ret.links.append(pki.Link.from_json(link))
return ret
Thus the error message
Internal server error 'Link'
Version-Release number of selected component (if applicable):
python3-idm-pki-10.14.3-1.module+el8.8.0+18059+6d4394a9.noarch
ipa-healthcheck-0.12-1.module+el8.8.0+17582+6bf5bf91.noarch
How reproducible:
Always from RHEL 8 IPA server to query RHEL9 IPA server
Steps to Reproduce:
0. IPA domain has both RHEL 8 server and RHEL 9 server, both are CA
1. On RHEL 8, run
ipa-healthcheck --verbose --debug --failures-only --check ClonesConnectivyAndDataCheck --source pki.server.healthcheck.clones.connectivity_and_data
Actual results:
Error message:
Internal server error 'Link'
Expected results:
No error
Additional info:
- is duplicated by
-
-
- New
-
- external trackers
