Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-76752

Failed to start the pki service after enabling Nuxwdog

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • dogtag-pki
    • None
    • No
    • None
    • rhel-sst-idm-cs
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Automation test failure : 
      test_bug_1732981_pkiserver_status_with_nuxwdog_enable

      What is the impact of this issue to you?

      nuxwdog can not be enabled in RHEL 10

      Please provide the package NVR for which the bug is seen:

      idm-pki-ca noarch 11.6.0-0.3.alpha2.el9 rhel-9.6-AppStream 2.1 M
      2025-01-22T17:40:23 idm-pki-kra noarch 11.6.0-0.3.alpha2.el9
      389-ds-base-2.6.0-2.el9.x86_64

      CTC2 compose : 

      http://download.devel.redhat.com/rhel-9/nightly/RHEL-9/RHEL-9.6.0-20250121.2/compose/

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. Create pki-tomcat instance using interactive installation
      2. systemctl stop pki-tomcatd@pki-tomcat.service
      3. Make a copy of password file
      4. rm -f /var/lib/pki/pki-tomcat/conf/password.conf
      5. systemctl start pki-tomcatd-nuxwdog@pki-tomcat.service

      Expected results

      Should prompt for passwords and then the pki-tomcatd-nuxwdog should be enabled and active.

      Actual results

      Not asking for password prompts and is failing with following error in journelctl logs :

      ░░ 
      ░░ A start job for unit pki-tomcatd-nuxwdog@pki-tomcat.service has begun execution.
      ░░ 
      ░░ The job identifier is 2865.
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7391]: keyctl_search: Required key not available
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 systemd-ask-password[7392]: Failed to query password: No such device or address
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]: Traceback (most recent call last):
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:   File "/usr/bin/pki-server-nuxwdog", line 145, in <module>
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:     entered_pass = subprocess.check_output(cmd_ask_password)
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:   File "/usr/lib64/python3.12/subprocess.py", line 466, in check_output
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:     return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:   File "/usr/lib64/python3.12/subprocess.py", line 571, in run
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]:     raise CalledProcessError(retcode, process.args,
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 pki-server-nuxwdog[7390]: subprocess.CalledProcessError: Command '['systemd-ask-password', '[pki-tomcat] Please provide the password for internal:']' returned non-zero exit status 1.
      Jan 29 04:56:46 skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38 systemd[1]: pki-tomcatd-nuxwdog@pki-tomcat.service: Control process exited, code=exited, status=1/FAILURE
      ░░ Subject: Unit process exited

       

       

      pki-server status output :

      [root@vm-10-0-185-81 ~]# pki-server status
        Instance ID: pki-tomcat
        Active: False
        Nuxwdog Enabled: True
        Unsecure Port: 8080
        Secure Port: 8443
        Tomcat Port: 8005

        CA Subsystem:
          SD Manager:          True
          SD Name:             hosted.upshift.rdu2.redhat.com Security Domain
          SD Registration URL: https://vm-10-0-185-81.hosted.upshift.rdu2.redhat.com:8443
          Enabled:             True
          Unsecure URL:        http://skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38:8080/ca/ee/ca
          Secure Agent URL:    https://skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38:8443/ca/agent/ca
          Secure EE URL:       https://skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38:8443/ca/ee/ca
          Secure Admin URL:    https://skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38:8443/ca/services
          PKI Console URL:     https://skhandel-1mt-rhel-10.0-20250127.0-21113-2025-01-29-09-38:8443/ca

              rhcs-maint RHCS Maintenance
              skhande shalini khandelwal
              RHCS Maintenance RHCS Maintenance
              IdM CS QE IdM CS QE
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: