Attachment 1478095 Details for Bug 1596629 – Console_Output _for Verification of Scenario

Console_Output _for Verification of Scenario

BZ_verified_1596629.txt (text/plain), 23.96 KB, created by Nikhil Dehadrai on 2018-08-23 08:11:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nikhil Dehadrai

Created: 2018-08-23 08:11:27 UTC

Size: 23.96 KB

patch

obsolete

>Standard Output
>Class Setup
>0
>Listing RPMS
>Disabling Firewall
>service_control Running: [systemctl stop firewalld]
>service_control Running: [systemctl disable firewalld]
>Setting hostname
>Setting /etc/hosts
>Setting up RNGD
>yum install output in /tmp/qe_pytest_yum_output.20180813133903
>Sleeping for [3] seconds
>service_control Running: [systemctl enable rngd]
>service_control Running: [systemctl stop rngd]
>service_control Running: [systemctl start rngd]
>service_control Running: [systemctl status rngd]
>service_control STDOUT: â rngd.service - Hardware RNG Entropy Gatherer Daemon
>   Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled)
>   Active: active (running) since Mon 2018-08-13 09:39:13 EDT; 116ms ago
> Main PID: 10800 (rngd)
>   CGroup: /system.slice/rngd.service
>           ââ10800 /sbin/rngd -f -r /dev/urandom
>
>Aug 13 09:39:13 master.testrelm.test systemd[1]: Started Hardware RNG Entropy Gatherer Daemon.
>Aug 13 09:39:13 master.testrelm.test rngd[10800]: Initalizing available sources
>Aug 13 09:39:13 master.testrelm.test rngd[10800]: Failed to init entropy source 1: TPM RNG Device
>Aug 13 09:39:13 master.testrelm.test rngd[10800]: Enabling RDRAND rng support
> 
>TIME: 13:39:14
>Installing required packages
>yum install output in /tmp/qe_pytest_yum_output.20180813133914
>TIME: 13:39:25
>Installing IPA Server on machine [master.testrelm.test]
>RUNCMD: /usr/sbin/ipa-server-install --setup-dns --forwarder 10.x.x.x --domain testrelm.test --realm TESTRELM.TEST --admin-password Secret123 --ds-password Secret123 -U --reverse-zone x.x.x.in-addr.arpa. --allow-zone-overlap --setup-kra --domain-level=0
>STDOUT: 
>The log file for this installation can be found in /var/log/ipaserver-install.log
>==============================================================================
>This program will set up the IPA Server.
>
>This includes:
>  * Configure a stand-alone CA (dogtag) for certificate management
>  * Configure the Network Time Daemon (ntpd)
>  * Create and configure an instance of Directory Server
>  * Create and configure a Kerberos Key Distribution Center (KDC)
>  * Configure Apache (httpd)
>  * Configure KRA (dogtag) for secret management
>  * Configure DNS (bind)
>
>WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
>in favor of ntpd
>
>Warning: skipping DNS resolution of host master.testrelm.test
>Checking DNS domain testrelm.test., please wait ...
>Checking DNS forwarders, please wait ...
>Using reverse zone(s) 169.16.172.in-addr.arpa.
>
>The IPA Master Server will be configured with:
>Hostname:       master.testrelm.test
>IP address(es): 172.x.x.x
>Domain name:    testrelm.test
>Realm name:     TESTRELM.TEST
>
>BIND DNS server will be configured to serve IPA domain with:
>Forwarders:       10.x.x.x
>Forward policy:   only
>Reverse zone(s):  x.x.x.in-addr.arpa.
>
>Configuring NTP daemon (ntpd)
>  [1/4]: stopping ntpd
>  [2/4]: writing configuration
>  [3/4]: configuring ntpd to start on boot
>  [4/4]: starting ntpd
>Done configuring NTP daemon (ntpd).
>Configuring directory server (dirsrv). Estimated time: 30 seconds
>  [1/44]: creating directory server instance
>  [2/44]: enabling ldapi
>  [3/44]: configure autobind for root
>  [4/44]: stopping directory server
>  [5/44]: updating configuration in dse.ldif
>  [6/44]: starting directory server
>  [7/44]: adding default schema
>  [8/44]: enabling memberof plugin
>  [9/44]: enabling winsync plugin
>  [10/44]: configuring replication version plugin
>  [11/44]: enabling IPA enrollment plugin
>  [12/44]: configuring uniqueness plugin
>  [13/44]: configuring uuid plugin
>  [14/44]: configuring modrdn plugin
>  [15/44]: configuring DNS plugin
>  [16/44]: enabling entryUSN plugin
>  [17/44]: configuring lockout plugin
>  [18/44]: configuring topology plugin
>  [19/44]: creating indices
>  [20/44]: enabling referential integrity plugin
>  [21/44]: configuring certmap.conf
>  [22/44]: configure new location for managed entries
>  [23/44]: configure dirsrv ccache
>  [24/44]: enabling SASL mapping fallback
>  [25/44]: restarting directory server
>  [26/44]: adding sasl mappings to the directory
>  [27/44]: adding default layout
>  [28/44]: adding delegation layout
>  [29/44]: creating container for managed entries
>  [30/44]: configuring user private groups
>  [31/44]: configuring netgroups from hostgroups
>  [32/44]: creating default Sudo bind user
>  [33/44]: creating default Auto Member layout
>  [34/44]: adding range check plugin
>  [35/44]: creating default HBAC rule allow_all
>  [36/44]: adding entries for topology management
>  [37/44]: initializing group membership
>  [38/44]: adding master entry
>  [39/44]: initializing domain level
>  [40/44]: configuring Posix uid/gid generation
>  [41/44]: adding replication acis
>  [42/44]: activating sidgen plugin
>  [43/44]: activating extdom plugin
>  [44/44]: configuring directory to start on boot
>Done configuring directory server (dirsrv).
>Configuring Kerberos KDC (krb5kdc)
>  [1/10]: adding kerberos container to the directory
>  [2/10]: configuring KDC
>  [3/10]: initialize kerberos container
>  [4/10]: adding default ACIs
>  [5/10]: creating a keytab for the directory
>  [6/10]: creating a keytab for the machine
>  [7/10]: adding the password extension to the directory
>  [8/10]: creating anonymous principal
>  [9/10]: starting the KDC
>  [10/10]: configuring KDC to start on boot
>Done configuring Kerberos KDC (krb5kdc).
>Configuring kadmin
>  [1/2]: starting kadmin 
>  [2/2]: configuring kadmin to start on boot
>Done configuring kadmin.
>Configuring ipa-custodia
>  [1/5]: Making sure custodia container exists
>  [2/5]: Generating ipa-custodia config file
>  [3/5]: Generating ipa-custodia keys
>  [4/5]: starting ipa-custodia 
>  [5/5]: configuring ipa-custodia to start on boot
>Done configuring ipa-custodia.
>Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
>  [1/28]: configuring certificate server instance
>  [2/28]: exporting Dogtag certificate store pin
>  [3/28]: stopping certificate server instance to update CS.cfg
>  [4/28]: backing up CS.cfg
>  [5/28]: disabling nonces
>  [6/28]: set up CRL publishing
>  [7/28]: enable PKIX certificate path discovery and validation
>  [8/28]: starting certificate server instance
>  [9/28]: configure certmonger for renewals
>  [10/28]: requesting RA certificate from CA
>  [11/28]: setting audit signing renewal to 2 years
>  [12/28]: restarting certificate server
>  [13/28]: publishing the CA certificate
>  [14/28]: adding RA agent as a trusted user
>  [15/28]: authorizing RA to modify profiles
>  [16/28]: authorizing RA to manage lightweight CAs
>  [17/28]: Ensure lightweight CAs container exists
>  [18/28]: configure certificate renewals
>  [19/28]: configure Server-Cert certificate renewal
>  [20/28]: Configure HTTP to proxy connections
>  [21/28]: restarting certificate server
>  [22/28]: updating IPA configuration
>  [23/28]: enabling CA instance
>  [24/28]: migrating certificate profiles to LDAP
>  [25/28]: importing IPA certificate profiles
>  [26/28]: adding default CA ACL
>  [27/28]: adding 'ipa' CA entry
>  [28/28]: configuring certmonger renewal for lightweight CAs
>Done configuring certificate server (pki-tomcatd).
>Configuring directory server (dirsrv)
>  [1/3]: configuring TLS for DS instance
>  [2/3]: adding CA certificate entry
>  [3/3]: restarting directory server
>Done configuring directory server (dirsrv).
>Configuring ipa-otpd
>  [1/2]: starting ipa-otpd 
>  [2/2]: configuring ipa-otpd to start on boot
>Done configuring ipa-otpd.
>Configuring the web interface (httpd)
>  [1/22]: stopping httpd
>  [2/22]: setting mod_nss port to 443
>  [3/22]: setting mod_nss cipher suite
>  [4/22]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
>  [5/22]: setting mod_nss password file
>  [6/22]: enabling mod_nss renegotiate
>  [7/22]: disabling mod_nss OCSP
>  [8/22]: adding URL rewriting rules
>  [9/22]: configuring httpd
>  [10/22]: setting up httpd keytab
>  [11/22]: configuring Gssproxy
>  [12/22]: setting up ssl
>  [13/22]: configure certmonger for renewals
>  [14/22]: importing CA certificates from LDAP
>  [15/22]: publish CA cert
>  [16/22]: clean up any existing httpd ccaches
>  [17/22]: configuring SELinux for httpd
>  [18/22]: create KDC proxy config
>  [19/22]: enable KDC proxy
>  [20/22]: starting httpd
>  [21/22]: configuring httpd to start on boot
>  [22/22]: enabling oddjobd
>Done configuring the web interface (httpd).
>Applying LDAP updates
>Upgrading IPA:. Estimated time: 1 minute 30 seconds
>  [1/10]: stopping directory server
>  [2/10]: saving configuration
>  [3/10]: disabling listeners
>  [4/10]: enabling DS global lock
>  [5/10]: disabling Schema Compat
>  [6/10]: starting directory server
>  [7/10]: upgrading server
>  [8/10]: stopping directory server
>  [9/10]: restoring configuration
>  [10/10]: starting directory server
>Done.
>Restarting the KDC
>Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes
>  [1/10]: configuring KRA instance
>  [2/10]: create KRA agent
>  [3/10]: enabling ephemeral requests
>  [4/10]: restarting KRA
>  [5/10]: configure certmonger for renewals
>  [6/10]: configure certificate renewals
>  [7/10]: configure HTTP to proxy connections
>  [8/10]: add vault container
>  [9/10]: apply LDAP updates
>  [10/10]: enabling KRA instance
>Done configuring KRA server (pki-tomcatd).
>Restarting the directory server
>Configuring DNS (named)
>  [1/12]: generating rndc key file
>  [2/12]: adding DNS container
>  [3/12]: setting up our zone
>  [4/12]: setting up reverse zone
>  [5/12]: setting up our own record
>  [6/12]: setting up records for other masters
>  [7/12]: adding NS record to the zones
>  [8/12]: setting up kerberos principal
>  [9/12]: setting up named.conf
>  [10/12]: setting up server configuration
>  [11/12]: configuring named to start on boot
>  [12/12]: changing resolv.conf to point to ourselves
>Done configuring DNS (named).
>Restarting the web server to pick up resolv.conf changes
>Configuring DNS key synchronization service (ipa-dnskeysyncd)
>  [1/7]: checking status
>  [2/7]: setting up bind-dyndb-ldap working directory
>  [3/7]: setting up kerberos principal
>  [4/7]: setting up SoftHSM
>  [5/7]: adding DNSSEC containers
>  [6/7]: creating replica keys
>  [7/7]: configuring ipa-dnskeysyncd to start on boot
>Done configuring DNS key synchronization service (ipa-dnskeysyncd).
>Restarting ipa-dnskeysyncd
>Restarting named
>Updating DNS system records
>Configuring client side components
>
>
>==============================================================================
>Setup complete
>
>Next steps:
>	1. You must make sure these network ports are open:
>		TCP Ports:
>		  * 80, 443: HTTP/HTTPS
>		  * 389, 636: LDAP/LDAPS
>		  * 88, 464: kerberos
>		  * 53: bind
>		UDP Ports:
>		  * 88, 464: kerberos
>		  * 53: bind
>		  * 123: ntp
>
>	2. You can now obtain a kerberos ticket using the command: 'kinit admin'
>	   This ticket will allow you to use the IPA tools (e.g., ipa user-add)
>	   and the web user interface.
>
>Be sure to back up the CA certificates stored in /root/cacert.p12
>These files are required to create replicas. The password for these
>files is the Directory Manager password
>
>STDERR: Using existing certificate '/etc/ipa/ca.crt'.
>Client hostname: master.testrelm.test
>Realm: TESTRELM.TEST
>DNS Domain: testrelm.test
>IPA Server: master.testrelm.test
>BaseDN: dc=testrelm,dc=test
>Skipping synchronizing time with NTP server.
>New SSSD config will be created
>Configured sudoers in /etc/nsswitch.conf
>Configured /etc/sssd/sssd.conf
>trying https://master.testrelm.test/ipa/json
>[try 1]: Forwarding 'schema' to json server 'https://master.testrelm.test/ipa/json'
>trying https://master.testrelm.test/ipa/session/json
>[try 1]: Forwarding 'ping' to json server 'https://master.testrelm.test/ipa/session/json'
>[try 1]: Forwarding 'ca_is_enabled' to json server 'https://master.testrelm.test/ipa/session/json'
>Systemwide CA database updated.
>Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
>Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
>Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
>[try 1]: Forwarding 'host_mod' to json server 'https://master.testrelm.test/ipa/session/json'
>SSSD enabled
>Configured /etc/openldap/ldap.conf
>Configured /etc/ssh/ssh_config
>Configured /etc/ssh/sshd_config
>Configuring testrelm.test as NIS domain.
>Client configuration complete.
>The ipa-client-install command was successful
>
>TIME: 13:46:10
>('Master: ', 'master.testrelm.test')
> master.testrelm.test is installed on domain-level 0 
>('REPLICA: ', 'replica.testrelm.test')
>
>Checking IPA server package whether installed on REPLICA
>
>Checking whether ipa-server package installed on replica.testrelm.test
>['/usr/bin/rpm', '-q', 'ipa-server']
>
>ipa-server package found on replica.testrelm.test, running tests
>SETUPDNSREVNET = False
>Listing RPMS
>Disabling Firewall
>service_control Running: [systemctl stop firewalld]
>service_control Running: [systemctl disable firewalld]
>Setting hostname
>Setting /etc/hosts
>Setting up RNGD
>yum install output in /tmp/qe_pytest_yum_output.20180813134612
>Sleeping for [3] seconds
>service_control Running: [systemctl enable rngd]
>service_control Running: [systemctl stop rngd]
>service_control Running: [systemctl start rngd]
>service_control Running: [systemctl status rngd]
>service_control STDOUT: â rngd.service - Hardware RNG Entropy Gatherer Daemon
>   Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled)
>   Active: active (running) since Mon 2018-08-13 09:46:23 EDT; 120ms ago
> Main PID: 10812 (rngd)
>   CGroup: /system.slice/rngd.service
>           ââ10812 /sbin/rngd -f -r /dev/urandom
>
>Aug 13 09:46:23 replica.testrelm.test systemd[1]: Started Hardware RNG Entropy Gatherer Daemon.
>Aug 13 09:46:23 replica.testrelm.test rngd[10812]: Initalizing available sources
>Aug 13 09:46:23 replica.testrelm.test rngd[10812]: Failed to init entropy source 1: TPM RNG Device
>Aug 13 09:46:23 replica.testrelm.test rngd[10812]: Enabling RDRAND rng support
> 
>resolv.conf: nameserver 172.16.169.48
>TIME: 13:46:23
>Installing required packages
>yum install output in /tmp/qe_pytest_yum_output.20180813134623
>Ticket cache: KEYRING:persistent:0:0
>Default principal: admin@TESTRELM.TEST
>
>Valid starting       Expires              Service principal
>08/13/2018 09:46:34  08/14/2018 09:46:34  krbtgt/TESTRELM.TEST@TESTRELM.TEST
>
>Domain Level is 0 so we have to use prepare files
>TIME: 13:46:35
>RUNCMD: ipa-replica-prepare -p Secret123 --ip-address 172.16.169.9 --reverse-zone 169.16.172.in-addr.arpa. replica.testrelm.test
>Creating Replica Prepare file for Replica machine [replica.testrelm.test] from [master.testrelm.test]
>STDOUT: This can be safely interrupted (Ctrl+C)
>
>STDERR: Checking DNS domain 169.16.172.in-addr.arpa., please wait ...
>Reverse zone 169.16.172.in-addr.arpa. will not be used: DNS zone 169.16.172.in-addr.arpa. already exists in DNS and is handled by server(s): master.testrelm.test.
>Preparing replica for replica.testrelm.test from master.testrelm.test
>Creating SSL certificate for the Directory Server
>Creating SSL certificate for the dogtag Directory Server
>Saving dogtag Directory Server port
>Creating SSL certificate for the Web Server
>Exporting RA certificate
>Retrieving CA certificates
>Copying additional files
>Finalizing configuration
>Packaging replica information into /var/lib/ipa/replica-info-replica.testrelm.test.gpg
>Adding DNS records for replica.testrelm.test
>Waiting for replica.testrelm.test. A or AAAA record to be resolvable
>The ipa-replica-prepare command was successful
>
>TIME: 13:47:39
>Sleeping for [5] seconds
>resolv.conf: nameserver 172.16.169.48
>TIME: 13:47:44
>Installing Replica on server [replica.testrelm.test]
>RUNCMD: /usr/sbin/ipa-replica-install -U --setup-dns --forwarder 10.x.x.x --setup-ca --setup-kra --admin-password Secret123 --password Secret123 /var/lib/ipa/replica-info-replica.testrelm.test.gpg
>STDOUT: WARNING: conflicting time&date synchronization service 'chronyd' will
>be disabled in favor of ntpd
>
>Checking DNS forwarders, please wait ...
>Run connection check to master
>Connection check OK
>Configuring NTP daemon (ntpd)
>  [1/4]: stopping ntpd
>  [2/4]: writing configuration
>  [3/4]: configuring ntpd to start on boot
>  [4/4]: starting ntpd
>Done configuring NTP daemon (ntpd).
>Configuring directory server (dirsrv). Estimated time: 30 seconds
>  [1/41]: creating directory server instance
>  [2/41]: enabling ldapi
>  [3/41]: configure autobind for root
>  [4/41]: stopping directory server
>  [5/41]: updating configuration in dse.ldif
>  [6/41]: starting directory server
>  [7/41]: adding default schema
>  [8/41]: enabling memberof plugin
>  [9/41]: enabling winsync plugin
>  [10/41]: configuring replication version plugin
>  [11/41]: enabling IPA enrollment plugin
>  [12/41]: configuring uniqueness plugin
>  [13/41]: configuring uuid plugin
>  [14/41]: configuring modrdn plugin
>  [15/41]: configuring DNS plugin
>  [16/41]: enabling entryUSN plugin
>  [17/41]: configuring lockout plugin
>  [18/41]: configuring topology plugin
>  [19/41]: creating indices
>  [20/41]: enabling referential integrity plugin
>  [21/41]: configuring certmap.conf
>  [22/41]: configure new location for managed entries
>  [23/41]: configure dirsrv ccache
>  [24/41]: enabling SASL mapping fallback
>  [25/41]: restarting directory server
>  [26/41]: creating DS keytab
>  [27/41]: ignore time skew for initial replication
>  [28/41]: setting up initial replication
>Starting replication, please wait until this has completed.
>
>Update in progress, 1 seconds elapsed
>Update in progress, 2 seconds elapsed
>Update in progress, 3 seconds elapsed
>Update succeeded
>
>  [29/41]: prevent time skew after initial replication
>  [30/41]: adding sasl mappings to the directory
>  [31/41]: updating schema
>  [32/41]: setting Auto Member configuration
>  [33/41]: enabling S4U2Proxy delegation
>  [34/41]: initializing group membership
>  [35/41]: adding master entry
>  [36/41]: initializing domain level
>  [37/41]: configuring Posix uid/gid generation
>  [38/41]: adding replication acis
>  [39/41]: activating sidgen plugin
>  [40/41]: activating extdom plugin
>  [41/41]: configuring directory to start on boot
>Done configuring directory server (dirsrv).
>Configuring Kerberos KDC (krb5kdc)
>  [1/5]: configuring KDC
>  [2/5]: adding the password extension to the directory
>  [3/5]: creating anonymous principal
>  [4/5]: starting the KDC
>  [5/5]: configuring KDC to start on boot
>Done configuring Kerberos KDC (krb5kdc).
>Configuring kadmin
>  [1/2]: starting kadmin 
>  [2/2]: configuring kadmin to start on boot
>Done configuring kadmin.
>Configuring directory server (dirsrv)
>  [1/3]: configuring TLS for DS instance
>  [2/3]: importing CA certificates from LDAP
>  [3/3]: restarting directory server
>Done configuring directory server (dirsrv).
>Configuring the web interface (httpd)
>  [1/22]: stopping httpd
>  [2/22]: setting mod_nss port to 443
>  [3/22]: setting mod_nss cipher suite
>  [4/22]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
>  [5/22]: setting mod_nss password file
>  [6/22]: enabling mod_nss renegotiate
>  [7/22]: disabling mod_nss OCSP
>  [8/22]: adding URL rewriting rules
>  [9/22]: configuring httpd
>  [10/22]: setting up httpd keytab
>  [11/22]: configuring Gssproxy
>  [12/22]: setting up ssl
>  [13/22]: configure certmonger for renewals
>  [14/22]: importing CA certificates from LDAP
>  [15/22]: publish CA cert
>  [16/22]: clean up any existing httpd ccaches
>  [17/22]: configuring SELinux for httpd
>  [18/22]: create KDC proxy config
>  [19/22]: enable KDC proxy
>  [20/22]: starting httpd
>  [21/22]: configuring httpd to start on boot
>  [22/22]: enabling oddjobd
>Done configuring the web interface (httpd).
>Configuring ipa-otpd
>  [1/2]: starting ipa-otpd 
>  [2/2]: configuring ipa-otpd to start on boot
>Done configuring ipa-otpd.
>Configuring ipa-custodia
>  [1/5]: Making sure custodia container exists
>  [2/5]: Generating ipa-custodia config file
>  [3/5]: Generating ipa-custodia keys
>  [4/5]: starting ipa-custodia 
>  [5/5]: configuring ipa-custodia to start on boot
>Done configuring ipa-custodia.
>Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
>  [1/27]: configuring certificate server instance
>  [2/27]: exporting Dogtag certificate store pin
>  [3/27]: stopping certificate server instance to update CS.cfg
>  [4/27]: backing up CS.cfg
>  [5/27]: disabling nonces
>  [6/27]: set up CRL publishing
>  [7/27]: enable PKIX certificate path discovery and validation
>  [8/27]: starting certificate server instance
>  [9/27]: configure certmonger for renewals
>  [10/27]: importing RA certificate from PKCS #12 file
>  [11/27]: setting audit signing renewal to 2 years
>  [12/27]: restarting certificate server
>  [13/27]: authorizing RA to modify profiles
>  [14/27]: authorizing RA to manage lightweight CAs
>  [15/27]: Ensure lightweight CAs container exists
>  [16/27]: Ensuring backward compatibility
>  [17/27]: configure certificate renewals
>  [18/27]: configure Server-Cert certificate renewal
>  [19/27]: Configure HTTP to proxy connections
>  [20/27]: restarting certificate server
>  [21/27]: updating IPA configuration
>  [22/27]: enabling CA instance
>  [23/27]: migrating certificate profiles to LDAP
>  [24/27]: importing IPA certificate profiles
>  [25/27]: adding default CA ACL
>  [26/27]: adding 'ipa' CA entry
>  [27/27]: configuring certmonger renewal for lightweight CAs
>Done configuring certificate server (pki-tomcatd).
>Applying LDAP updates
>Upgrading IPA:. Estimated time: 1 minute 30 seconds
>  [1/10]: stopping directory server
>  [2/10]: saving configuration
>  [3/10]: disabling listeners
>  [4/10]: enabling DS global lock
>  [5/10]: disabling Schema Compat
>  [6/10]: starting directory server
>  [7/10]: upgrading server
>  [8/10]: stopping directory server
>  [9/10]: restoring configuration
>  [10/10]: starting directory server
>Done.
>Finalize replication settings
>Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes
>  [1/8]: configuring KRA instance
>  [2/8]: enabling ephemeral requests
>  [3/8]: restarting KRA
>  [4/8]: configure certmonger for renewals
>  [5/8]: configure certificate renewals
>  [6/8]: configure HTTP to proxy connections
>  [7/8]: apply LDAP updates
>  [8/8]: enabling KRA instance
>Done configuring KRA server (pki-tomcatd).
>Restarting the directory server
>Restarting the KDC
>Configuring DNS (named)
>  [1/8]: generating rndc key file
>  [2/8]: setting up our own record
>  [3/8]: adding NS record to the zones
>  [4/8]: setting up kerberos principal
>  [5/8]: setting up named.conf
>  [6/8]: setting up server configuration
>  [7/8]: configuring named to start on boot
>  [8/8]: changing resolv.conf to point to ourselves
>Done configuring DNS (named).
>Restarting the web server to pick up resolv.conf changes
>Configuring DNS key synchronization service (ipa-dnskeysyncd)
>  [1/7]: checking status
>  [2/7]: setting up bind-dyndb-ldap working directory
>  [3/7]: setting up kerberos principal
>  [4/7]: setting up SoftHSM
>  [5/7]: adding DNSSEC containers
>  [6/7]: creating replica keys
>  [7/7]: configuring ipa-dnskeysyncd to start on boot
>Done configuring DNS key synchronization service (ipa-dnskeysyncd).
>Restarting ipa-dnskeysyncd
>Restarting named
>Updating DNS system records
>
>Global DNS configuration in LDAP server is empty
>You can use 'dnsconfig-mod' command to set global DNS options that
>would override settings in local named.conf files
>
>Configuring client side components
>
>
>
>STDERR: Using existing certificate '/etc/ipa/ca.crt'.
>Client hostname: replica.testrelm.test
>Realm: TESTRELM.TEST
>DNS Domain: testrelm.test
>IPA Server: replica.testrelm.test
>BaseDN: dc=testrelm,dc=test
>Skipping synchronizing time with NTP server.
>New SSSD config will be created
>Configured sudoers in /etc/nsswitch.conf
>Configured /etc/sssd/sssd.conf
>trying https://replica.testrelm.test/ipa/json
>[try 1]: Forwarding 'schema' to json server 'https://replica.testrelm.test/ipa/json'
>trying https://replica.testrelm.test/ipa/session/json
>[try 1]: Forwarding 'ping' to json server 'https://replica.testrelm.test/ipa/session/json'
>[try 1]: Forwarding 'ca_is_enabled' to json server 'https://replica.testrelm.test/ipa/session/json'
>Systemwide CA database updated.
>Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
>Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
>Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
>[try 1]: Forwarding 'host_mod' to json server 'https://replica.testrelm.test/ipa/session/json'
>SSSD enabled
>Configured /etc/openldap/ldap.conf
>Configured /etc/ssh/ssh_config
>Configured /etc/ssh/sshd_config
>Configuring testrelm.test as NIS domain.
>Client configuration complete.
>The ipa-client-install command was successful
>
>TIME: 13:55:07

Actions: View

Attachments on bug 1596629: 1478095