ca:user-add fails intermittently about xipki HOT 11 CLOSED

karaf.log
ca_2023.06.22_0.log

from xipki.

As in the ca*.log,

... INFO: CaManagerQueryExecutor.addUser() added user 'vnfpsi'
... ERROR: HttpMgmtServlet.doPost() CaMgmtException: ...: user 'vnfpsi ' does not exist

in the command causer-add, an extra space of the use name is added. Thus the CA cannot find the user.

from xipki.

We are not adding space after username.
This was the command executed:
#ca:user-add --name vnfpsi

One more observation:
If we try add a same user twice, space is seen after the username in the error returned:
karaf@root()> ca:user-add --name san
Password:*****
added user san
karaf@root()> ca:user-add --name san
Password:*****
Error executing command: could not add user san, error: user named 'san ' already exists

from xipki.

In the log file, the space after the real user name is appended by the log. (This is a bug).

In you case, you first execute ca:use-add to add the user to the user table in the database, then execute ca:causer-add to bind a user with a given CA.

According to the ca*.log, the error occurred in the command ca:causer-add, the CA can not find the user added before.

My questions here are:

1. Is this error reproducable? Does it happen to all causer-add commands, or only 1 of x executions?
2. Once this error occurs, please check the database whether the table TUSER contains this user?

from xipki.

1.Is this error reproducable? Does it happen to all causer-add commands, or only 1 of x executions?

As in the above attached karaf.log you can see 5 instances of this error being reproduced, it doesn't happen every time add user is triggered, but sporadically this issue can be seen.

2.Once this error occurs, please check the database whether the table TUSER contains this user?

when this issue occurs, user is present in database.

from xipki.

From the ca*.log, I can find the following log lines:

2023.06.22-08:49:32.994 ... -1 INFO: CaManagerQueryExecutor.addUser() added user 'vnfpsi'
2023.06.22-08:49:33.278 ...-10 INFO: CaManagerQueryExecutor.addUserToCa() added user '(id=27, name=vnfpsi)' to CA '(id=1, name=ztsauto3)': permission: 511; profile: all
2023.06.22-11:30:28.772 ...-7 INFO: CaManagerQueryExecutor.addUser() added user 'vnfpsi'
2023.06.22-11:30:28.965 ...-8 ERROR: HttpMgmtServlet.doPost() CaMgmtException: org.xipki.ca.api.mgmt.CaMgmtException: user 'vnfpsi ' does not exist
2023.06.22-11:36:14.328 ...-5 ERROR: HttpMgmtServlet.doPost() CaMgmtException: org.xipki.ca.api.mgmt.CaMgmtException: could not remove vnfpsi from CA ztsauto3
2023.06.22-11:54:00.672 ...-5 INFO: CaManagerQueryExecutor.addUser() added user 'vnfpsi'
2023.06.22-11:54:00.971 ...-9 INFO: CaManagerQueryExecutor.addUserToCa() added user '(id=36, name=vnfpsi)' to CA '(id=1, name=ztsauto3)': permission: 511; profile: all
2023.06.22-13:33:32.571 ...-7 INFO: CaManagerQueryExecutor.addUser() added user 'vnfpsi'
2023.06.22-13:33:32.777 ...-1 INFO: CaManagerQueryExecutor.addUserToCa() added user '(id=38, name=vnfpsi)' to CA '(id=1, name=ztsauto3)': permission: 511; profile: all

The user vnfpsi was added multiple times. 1) Did you remove the user before adding it again? 2) Do you use cluster of databases?

from xipki.

1. Did you remove the user before adding it again?
   yes! you can find it in the karaf.log and ca*.log logs for every corresponding add user triggered with same name , deletion of user has been triggered every time beforehand.
   

2. Do you use cluster of databases?
   yes! we use mariadb with master-slave mode. There is 1 master and 2 slaves. Xipiki application performs read/write to mariadb via maxscale service.

from xipki.

Xipki is checking for if user exists while add user is triggered , it's clearly showing user doesn't exist and it has thrown error instead of adding the user. If user doesn't exist, it should add the user instead of throwing error. It seems like some issue with error handling, can this be an improvement?

from xipki.

@xipki , can you please provide some update for this issue?

from xipki.

According to the log, the command user-add finished successfully. But the command causer-add failed. Since you use cluster, one reason may be the database instances do not have the same dataset. The user has been added to the table TUSER of one instance, but you try to read data from other database instance which does not contain the user just added.

So once you get the error in the command causer-add, try to execute it again after several seconds. If this error still occurs, try then the command ca:user-info. If you get error that the user does not exist, try to check all clustered instances whether the given user exists in the table TUSER.

from xipki.

Close this issue due to inactivity. Please re-open if needed.

from xipki.