On 11/27/2016 11:38 PM, Jochen Hein wrote:
Jochen Hein <[email protected]> writes:
2016-11-27T21:07:26Z DEBUG The ipa-replica-install command failed, exception: HTTPError:
406 Client Error: Failed to validate message: No recipient matched the provided
key["Failed: [ValueError('Multibackend cannot be initialized with no backends. If
you are seeing this error when trying to use default_backend() please try uninstalling
and reinstalling cryptography.',)]"]
2016-11-27T21:07:26Z ERROR 406 Client Error: Failed to validate message: No recipient
matched the provided key["Failed: [ValueError('Multibackend cannot be initialized
with no backends. If you are seeing this error when trying to use default_backend()
please try uninstalling and reinstalling cryptography.',)]"]
2016-11-27T21:07:26Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
Any idea what's wrong?
Around that time the pki on the old master has this:
0.Thread-17 - [27/Nov/2016:22:06:47 MEZ] [8] [3] Publishing: Could not
publish certificate serial number 0x1a. Error Failed to publish using
rule: No rules enabled
Debug has:
[27/Nov/2016:22:06:47][Thread-17]: RunListeners:: Queue: 1 noSingleRequest
[27/Nov/2016:22:06:47][Thread-17]: getRequest mRequests=1
mSearchForRequests=false
[27/Nov/2016:22:06:47][Thread-17]: getRequest getting request: 29
[27/Nov/2016:22:06:47][Thread-17]: In LdapBoundConnFactory::getConn()
[27/Nov/2016:22:06:47][Thread-17]: masterConn is connected: true
[27/Nov/2016:22:06:47][Thread-17]: getConn: conn is connected true
[27/Nov/2016:22:06:47][Thread-17]: getConn: mNumConns now 4
[27/Nov/2016:22:06:47][Thread-17]: returnConn: mNumConns now 5
[27/Nov/2016:22:06:47][Thread-17]: getRequest request 29 found
[27/Nov/2016:22:06:47][Thread-17]: getRequest mRequests=0
mSearchForRequests=false done
[27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener =
com.netscape.cms.listeners.CertificateIssuedListener
[27/Nov/2016:22:06:47][Thread-17]: CertificateIssuedListener: accept 29
[27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener =
com.netscape.ca.CRLIssuingPoint$RevocationRequestListener
[27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener =
com.netscape.cmscore.ldap.LdapRequestListener
[27/Nov/2016:22:06:47][Thread-17]: LdapRequestListener handling publishing for
enrollment request id 29
[27/Nov/2016:22:06:47][Thread-17]: Checking publishing for request 29
[27/Nov/2016:22:06:47][Thread-17]: In PublisherProcessor::publishCert
[27/Nov/2016:22:06:47][Thread-17]: Publishing: can't find publishing
rule,exiting routine.
[27/Nov/2016:22:06:47][Thread-17]: PublishProcessor::publishCert : Failed to
publish using rule: No rules enabled
[27/Nov/2016:22:06:47][Thread-17]: RunListeners: IRequestListener =
com.netscape.cms.listeners.CertificateRevokedListener
[27/Nov/2016:22:06:47][Thread-17]: RunListeners: mRequest = 29
[27/Nov/2016:22:06:47][Thread-17]: updatePublishingStatus
mSavePublishingCounter: 3 mSavePublishingStatus: 200
[27/Nov/2016:22:06:47][Thread-17]: RunListeners: noQueue SingleRequest
[27/Nov/2016:22:06:47][Thread-17]: RequestRepository: setPublishingStatus
mBaseDN: ou=ca,ou=requests,o=ipaca status: -1
[27/Nov/2016:22:06:47][Thread-17]: In LdapBoundConnFactory::getConn()
[27/Nov/2016:22:06:47][Thread-17]: masterConn is connected: true
[27/Nov/2016:22:06:47][Thread-17]: getConn: conn is connected true
[27/Nov/2016:22:06:47][Thread-17]: getConn: mNumConns now 4
[27/Nov/2016:22:06:47][Thread-17]: returnConn: mNumConns now 5
[27/Nov/2016:22:06:47][Thread-17]: Number of publishing threads: 0
Maybe something in dogtag is missing?
Jochen
Hi Jochen,
can you please check the version of python-cryptography on master and
replica? I remember there used to be problem with pre-0.9 versions
breaking Custodia.
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
