Hi list,
I have noticed the following failures in our Travis CI during server
installation phase:
https://paste.fedoraproject.org/531238/84902361/
After inspecting ipaclient-install.log the following error can be observed:
"""
2017-01-20T08:47:51Z DEBUG Verifying that master.ipa.test (realm
IPA.TEST) is an IPA server
2017-01-20T08:47:51Z DEBUG Init LDAP connection to:
ldap://master.ipa.test:389
2017-01-20T08:47:51Z DEBUG Error checking LDAP: Connect error: TLS error
-12286:Cannot communicate securely with peer: no common encryption
algorithm(s).
2017-01-20T08:47:51Z WARNING Skip master.ipa.test: cannot verify if this
is an IPA server
2017-01-20T08:47:51Z DEBUG Discovery result: UNKNOWN_ERROR; server=None,
domain=ipa.test, kdc=master.ipa.test, basedn=None
"""
Digging deeper into the issue reveals that it is caused by recent
addition of nss-3.28.1-1.2.fc25.x86_64 (since the installation works
fine using older 3.27.0-1.3.fc25 package). I was unable to find this
build in Bodhi so it seems that it was pushed to updates-testing
directly, probably as a security update.
Should I open a bugzilla against NSS so that the maintainers know about
this issue? Or is it caused on FreeIPA side and we need to update our
codebase?
Interestingly, a packaging bug[1] prevented me to downgrade to working
version, so after update we are left with unusable environment with no
easy way to revert to a working configuration. In the meanwhile I advise
you to disable updates-testing on F25 altogether until the issue is
resolved. I will also prepare and test a new Docker Image for Travis
that will (hopefully) restore CI to working state.
[1] https://paste.fedoraproject.org/531240/49028321/
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
