Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1727184 Details for
Bug 1895435
Adding DISA STIG during OS installation causes 'ipa-server-install' to fail
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
install log from test server
ipaserver-install.log (text/plain), 280.29 KB, created by
aheverle
on 2020-11-06 16:43:02 UTC
(
hide
)
Description:
install log from test server
Filename:
MIME Type:
Creator:
aheverle
Created:
2020-11-06 16:43:02 UTC
Size:
280.29 KB
patch
obsolete
>2020-11-06T16:20:33Z DEBUG Logging to /var/log/ipaserver-install.log >2020-11-06T16:20:33Z DEBUG ipa-server-install was invoked with arguments [] and options: {'unattended': False, 'ip_addresses': None, 'domain_name': None, 'realm_name': None, 'host_name': None, 'ca_cert_files': None, 'domain_level': None, 'setup_adtrust': False, 'setup_kra': False, 'setup_dns': False, 'idstart': None, 'idmax': None, 'no_hbac_allow': False, 'no_pkinit': False, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'dirsrv_cert_files': None, 'http_cert_files': None, 'pkinit_cert_files': None, 'dirsrv_cert_name': None, 'http_cert_name': None, 'pkinit_cert_name': None, 'mkhomedir': False, 'ntp_servers': None, 'ntp_pool': None, 'no_ntp': False, 'force_ntpd': False, 'ssh_trust_dns': False, 'no_ssh': False, 'no_sshd': False, 'no_dns_sshfp': False, 'external_ca': False, 'external_ca_type': None, 'external_ca_profile': None, 'external_cert_files': None, 'subject_base': None, 'ca_subject': None, 'ca_signing_algorithm': None, 'pki_config_override': None, 'allow_zone_overlap': False, 'reverse_zones': None, 'no_reverse': False, 'auto_reverse': False, 'zonemgr': None, 'forwarders': None, 'no_forwarders': False, 'auto_forwarders': False, 'forward_policy': None, 'no_dnssec_validation': False, 'no_host_dns': False, 'enable_compat': False, 'netbios_name': None, 'no_msdcs': False, 'rid_base': None, 'secondary_rid_base': None, 'ignore_topology_disconnect': False, 'ignore_last_of_role': False, 'verbose': False, 'quiet': False, 'log_file': None, 'uninstall': False} >2020-11-06T16:20:33Z DEBUG IPA version 4.8.7-13.module+el8.3.0+8376+0bba7131 >2020-11-06T16:20:33Z DEBUG Searching for an interface of IP address: ::1 >2020-11-06T16:20:33Z DEBUG Testing local IP address: ::1/128 (interface: lo) >2020-11-06T16:20:33Z DEBUG Starting external process >2020-11-06T16:20:33Z DEBUG args=['/usr/sbin/selinuxenabled'] >2020-11-06T16:20:33Z DEBUG Process finished, return code=0 >2020-11-06T16:20:33Z DEBUG stdout= >2020-11-06T16:20:33Z DEBUG stderr= >2020-11-06T16:20:42Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:20:42Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:20:42Z DEBUG httpd is not configured >2020-11-06T16:20:42Z DEBUG kadmin is not configured >2020-11-06T16:20:42Z DEBUG dirsrv is not configured >2020-11-06T16:20:42Z DEBUG pki-tomcatd is not configured >2020-11-06T16:20:42Z DEBUG install is not configured >2020-11-06T16:20:42Z DEBUG krb5kdc is not configured >2020-11-06T16:20:42Z DEBUG named is not configured >2020-11-06T16:20:42Z DEBUG filestore is tracking no files >2020-11-06T16:20:42Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' >2020-11-06T16:20:42Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:20:42Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:20:42Z DEBUG Starting external process >2020-11-06T16:20:42Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] >2020-11-06T16:20:42Z DEBUG Process finished, return code=1 >2020-11-06T16:20:42Z DEBUG stdout= >2020-11-06T16:20:42Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory > >2020-11-06T16:20:42Z DEBUG Starting external process >2020-11-06T16:20:42Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] >2020-11-06T16:20:42Z DEBUG Process finished, return code=3 >2020-11-06T16:20:42Z DEBUG stdout=inactive > >2020-11-06T16:20:42Z DEBUG stderr= >2020-11-06T16:20:46Z DEBUG Check if rhel8.test.co is a primary hostname for localhost >2020-11-06T16:20:46Z DEBUG Primary hostname for localhost: rhel8.test.co >2020-11-06T16:20:46Z DEBUG Search DNS for rhel8.test.co >2020-11-06T16:20:46Z DEBUG Check if rhel8.test.co is not a CNAME >2020-11-06T16:20:46Z DEBUG Check reverse address of 192.168.1.112 >2020-11-06T16:20:46Z DEBUG Found reverse name: rhel8.test.co >2020-11-06T16:20:46Z DEBUG will use host_name: rhel8.test.co > >2020-11-06T16:20:47Z DEBUG read domain_name: test.co > >2020-11-06T16:20:47Z DEBUG read realm_name: TEST.CO > >2020-11-06T16:21:05Z DEBUG Writing configuration file /etc/ipa/default.conf >2020-11-06T16:21:05Z DEBUG [global] >host = rhel8.test.co >basedn = dc=test,dc=co >realm = TEST.CO >domain = test.co >xmlrpc_uri = https://rhel8.test.co/ipa/xml >ldap_uri = ldapi://%2Frun%2Fslapd-TEST-CO.socket >mode = production >enable_ra = True >ra_plugin = dogtag >dogtag_version = 10 > > > >2020-11-06T16:21:05Z DEBUG importing all plugin modules in ipaserver.plugins... >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.aci >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.automember >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.automount >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.baseldap >2020-11-06T16:21:05Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.baseuser >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.batch >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.ca >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.caacl >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.cert >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.certmap >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.certprofile >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.config >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.delegation >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.dns >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.dogtag >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.group >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.hbac >2020-11-06T16:21:05Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.hbactest >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.host >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.idrange >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.idviews >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.internal >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.join >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.location >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.migration >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.misc >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.netgroup >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.otp >2020-11-06T16:21:05Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.otptoken >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.passwd >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.permission >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.ping >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.pkinit >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.privilege >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.rabase >2020-11-06T16:21:05Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.role >2020-11-06T16:21:05Z DEBUG importing plugin module ipaserver.plugins.schema >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.selfservice >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.server >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.serverrole >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.serverroles >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.service >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.session >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.stageuser >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.sudo >2020-11-06T16:21:06Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.sudorule >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.topology >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.trust >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.user >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.vault >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.virtual >2020-11-06T16:21:06Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.whoami >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2020-11-06T16:21:06Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.dns >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2020-11-06T16:21:06Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2020-11-06T16:21:07Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP >2020-11-06T16:21:07Z DEBUG check_port_bindable: bind success: 8443/TCP >2020-11-06T16:21:07Z DEBUG check_port_bindable: Checking IPv4/IPv6 dual stack and TCP >2020-11-06T16:21:07Z DEBUG check_port_bindable: bind success: 8080/TCP >2020-11-06T16:21:07Z DEBUG Name rhel8.test.co resolved to {UnsafeIPAddress('192.168.1.112')} >2020-11-06T16:21:07Z DEBUG Searching for an interface of IP address: 192.168.1.112 >2020-11-06T16:21:07Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) >2020-11-06T16:21:07Z DEBUG Testing local IP address: 192.168.1.112/255.255.255.0 (interface: enp0s3) >2020-11-06T16:21:13Z DEBUG Starting external process >2020-11-06T16:21:13Z DEBUG args=['/usr/sbin/selinuxenabled'] >2020-11-06T16:21:13Z DEBUG Process finished, return code=0 >2020-11-06T16:21:13Z DEBUG stdout= >2020-11-06T16:21:13Z DEBUG stderr= >2020-11-06T16:21:13Z DEBUG Starting external process >2020-11-06T16:21:13Z DEBUG args=['/sbin/restorecon', '/etc/pkcs11/modules/softhsm2.module'] >2020-11-06T16:21:13Z DEBUG Process finished, return code=0 >2020-11-06T16:21:13Z DEBUG stdout= >2020-11-06T16:21:13Z DEBUG stderr= >2020-11-06T16:21:13Z DEBUG Created PKCS#11 module config '/etc/pkcs11/modules/softhsm2.module'. >2020-11-06T16:21:13Z DEBUG Starting external process >2020-11-06T16:21:13Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ntpd.service'] >2020-11-06T16:21:13Z DEBUG Process finished, return code=1 >2020-11-06T16:21:13Z DEBUG stdout= >2020-11-06T16:21:13Z DEBUG stderr=Failed to get unit file state for ntpd.service: No such file or directory > >2020-11-06T16:21:13Z DEBUG Starting external process >2020-11-06T16:21:13Z DEBUG args=['/bin/systemctl', 'is-active', 'ntpd.service'] >2020-11-06T16:21:13Z DEBUG Process finished, return code=3 >2020-11-06T16:21:13Z DEBUG stdout=inactive > >2020-11-06T16:21:13Z DEBUG stderr= >2020-11-06T16:21:13Z DEBUG Search DNS for SRV record of _ntp._udp.None >2020-11-06T16:21:14Z DEBUG DNS record not found: NXDOMAIN >2020-11-06T16:21:14Z INFO Synchronizing time >2020-11-06T16:21:14Z WARNING No SRV records of NTP servers found and no NTP server or pool address was provided. >2020-11-06T16:21:14Z DEBUG Starting external process >2020-11-06T16:21:14Z DEBUG args=['/bin/systemctl', 'enable', 'chronyd.service'] >2020-11-06T16:21:15Z DEBUG Process finished, return code=0 >2020-11-06T16:21:15Z DEBUG stdout= >2020-11-06T16:21:15Z DEBUG stderr= >2020-11-06T16:21:15Z DEBUG Starting external process >2020-11-06T16:21:15Z DEBUG args=['/bin/systemctl', 'restart', 'chronyd.service'] >2020-11-06T16:21:15Z DEBUG Process finished, return code=0 >2020-11-06T16:21:15Z DEBUG stdout= >2020-11-06T16:21:15Z DEBUG stderr= >2020-11-06T16:21:15Z DEBUG Starting external process >2020-11-06T16:21:15Z DEBUG args=['/bin/systemctl', 'is-active', 'chronyd.service'] >2020-11-06T16:21:15Z DEBUG Process finished, return code=0 >2020-11-06T16:21:15Z DEBUG stdout=active > >2020-11-06T16:21:15Z DEBUG stderr= >2020-11-06T16:21:15Z DEBUG Restart of chronyd.service complete >2020-11-06T16:21:15Z INFO Attempting to sync time with chronyc. >2020-11-06T16:21:15Z DEBUG Starting external process >2020-11-06T16:21:15Z DEBUG args=['/usr/bin/chronyc', 'waitsync', '3', '-d'] >2020-11-06T16:21:25Z DEBUG Process finished, return code=0 >2020-11-06T16:21:25Z DEBUG stdout=try: 1, refid: 00000000, correction: 0.000000000, skew: 0.000 >try: 2, refid: A3EDDA13, correction: 0.000015802, skew: 7.682 > >2020-11-06T16:21:25Z DEBUG stderr= >2020-11-06T16:21:25Z INFO Time synchronization was successful. >2020-11-06T16:21:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:21:25Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds >2020-11-06T16:21:25Z DEBUG [1/45]: creating directory server instance >2020-11-06T16:21:25Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:21:25Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:21:25Z DEBUG Running setup with verbose >2020-11-06T16:21:25Z DEBUG START: Starting installation... >2020-11-06T16:21:25Z DEBUG READY: Preparing installation for TEST-CO... >2020-11-06T16:21:25Z DEBUG PASSED: using config settings 999999999 >2020-11-06T16:21:25Z DEBUG PASSED: user / group checking >2020-11-06T16:21:25Z DEBUG PASSED: prefix checking >2020-11-06T16:21:25Z DEBUG list instance not found in /etc/dirsrv/slapd-TEST-CO/dse.ldif: TEST-CO > >2020-11-06T16:21:25Z DEBUG PASSED: instance checking >2020-11-06T16:21:25Z DEBUG INFO: temp root password set to C.Blr0wcxQEtc.i9b5BwY5BYwLbCuBi2h3q6EnjwdMiD26qOqKg9lUuWhEpN0mnwv >2020-11-06T16:21:25Z DEBUG PASSED: root user checking >2020-11-06T16:21:25Z DEBUG PASSED: network avaliability checking >2020-11-06T16:21:25Z DEBUG READY: Beginning installation for TEST-CO... >2020-11-06T16:21:25Z DEBUG ACTION: Creating dse.ldif >2020-11-06T16:21:25Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-TEST-CO/bak >2020-11-06T16:21:25Z DEBUG ACTION: creating /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:25Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-TEST-CO/db >2020-11-06T16:21:25Z DEBUG ACTION: creating /var/lib/dirsrv/slapd-TEST-CO/ldif >2020-11-06T16:21:25Z DEBUG ACTION: creating /var/lock/dirsrv/slapd-TEST-CO >2020-11-06T16:21:25Z DEBUG ACTION: creating /var/log/dirsrv/slapd-TEST-CO >2020-11-06T16:21:25Z DEBUG ACTION: creating /var/run/dirsrv >2020-11-06T16:21:26Z DEBUG CMD: systemctl enable dirsrv@TEST-CO ; STDOUT: ; STDERR: Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@TEST-CO.service â /usr/lib/systemd/system/dirsrv@.service. > >2020-11-06T16:21:26Z DEBUG ACTION: Creating certificate database is /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:26Z DEBUG Allocate <class 'lib389.DirSrv'> with None >2020-11-06T16:21:26Z DEBUG Allocate <class 'lib389.DirSrv'> with rhel8.test.co:389 >2020-11-06T16:21:26Z DEBUG Allocate <class 'lib389.DirSrv'> with rhel8.test.co:389 >2020-11-06T16:21:26Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/slapd-TEST-CO -f /etc/dirsrv/slapd-TEST-CO/pwdfile.txt >2020-11-06T16:21:26Z DEBUG nss output: >2020-11-06T16:21:26Z DEBUG nss cmd: /usr/bin/certutil -N -d /etc/dirsrv/ssca/ -f /etc/dirsrv/ssca//pwdfile.txt >2020-11-06T16:21:26Z DEBUG nss output: >2020-11-06T16:21:27Z DEBUG nss cmd: /usr/bin/certutil -S -n Self-Signed-CA -s CN=ssca.389ds.example.com,O=testing,L=389ds,ST=Queensland,C=AU -x -g 4096 -t CT,, -v 24 -2 --keyUsage certSigning -d /etc/dirsrv/ssca/ -z /etc/dirsrv/ssca//noise.txt -f /etc/dirsrv/ssca//pwdfile.txt >2020-11-06T16:21:30Z DEBUG nss output: Is this a CA certificate [y/N]? >Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]? > >2020-11-06T16:21:30Z DEBUG nss cmd: /usr/bin/certutil -L -n Self-Signed-CA -d /etc/dirsrv/ssca/ -a >2020-11-06T16:21:30Z DEBUG nss cmd: /usr/bin/c_rehash /etc/dirsrv/ssca/ >2020-11-06T16:21:30Z DEBUG CSR subject -> CN=rhel8.test.co,givenName=5ae5524e-6df1-438f-b17c-32c53d050720,O=testing,L=389ds,ST=Queensland,C=AU >2020-11-06T16:21:30Z DEBUG CSR alt_names -> ['rhel8.test.co'] >2020-11-06T16:21:31Z DEBUG nss cmd: /usr/bin/certutil -R --keyUsage digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment --nsCertType sslClient,sslServer --extKeyUsage clientAuth,serverAuth -s CN=rhel8.test.co,givenName=5ae5524e-6df1-438f-b17c-32c53d050720,O=testing,L=389ds,ST=Queensland,C=AU -8 rhel8.test.co -g 4096 -d /etc/dirsrv/slapd-TEST-CO -z /etc/dirsrv/slapd-TEST-CO/noise.txt -f /etc/dirsrv/slapd-TEST-CO/pwdfile.txt -a -o /etc/dirsrv/slapd-TEST-CO/Server-Cert.csr >2020-11-06T16:21:34Z DEBUG nss cmd: /usr/bin/certutil -C -d /etc/dirsrv/ssca/ -f /etc/dirsrv/ssca//pwdfile.txt -v 24 -a -i /etc/dirsrv/slapd-TEST-CO/Server-Cert.csr -o /etc/dirsrv/slapd-TEST-CO/Server-Cert.crt -c Self-Signed-CA >2020-11-06T16:21:35Z DEBUG nss cmd: /usr/bin/c_rehash /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:35Z DEBUG nss cmd: /usr/bin/certutil -A -n Self-Signed-CA -t CT,, -a -i /etc/dirsrv/slapd-TEST-CO/ca.crt -d /etc/dirsrv/slapd-TEST-CO -f /etc/dirsrv/slapd-TEST-CO/pwdfile.txt >2020-11-06T16:21:35Z DEBUG nss cmd: /usr/bin/certutil -A -n Server-Cert -t ,, -a -i /etc/dirsrv/slapd-TEST-CO/Server-Cert.crt -d /etc/dirsrv/slapd-TEST-CO -f /etc/dirsrv/slapd-TEST-CO/pwdfile.txt >2020-11-06T16:21:35Z DEBUG nss cmd: /usr/bin/certutil -V -d /etc/dirsrv/slapd-TEST-CO -n Server-Cert -u YCV >2020-11-06T16:21:36Z DEBUG port 636 already in [389, 636, 3268, 3269, 7389], skipping port relabel >2020-11-06T16:21:36Z DEBUG port 389 already in [389, 636, 3268, 3269, 7389], skipping port relabel >2020-11-06T16:21:36Z DEBUG systemd status -> True >2020-11-06T16:21:36Z DEBUG systemd status -> True >2020-11-06T16:21:36Z DEBUG open(): Connecting to uri ldap://rhel8.test.co:389/ >2020-11-06T16:21:36Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:36Z DEBUG Using external ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:36Z DEBUG Using external ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:36Z DEBUG Using certificate policy 1 >2020-11-06T16:21:36Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 1 >2020-11-06T16:21:36Z DEBUG open(): bound as cn=Directory Manager >2020-11-06T16:21:36Z DEBUG Retrieving entry with [('',)] >2020-11-06T16:21:36Z DEBUG Retrieved entry [dn: >vendorVersion: 389-Directory/1.4.3.8 B2020.218.1542 > >] >2020-11-06T16:21:36Z DEBUG open(): Connecting to uri ldap://rhel8.test.co:389/ >2020-11-06T16:21:36Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:36Z DEBUG Using external ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:36Z DEBUG Using external ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:36Z DEBUG Using certificate policy 1 >2020-11-06T16:21:36Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 1 >2020-11-06T16:21:36Z DEBUG open(): bound as cn=Directory Manager >2020-11-06T16:21:36Z DEBUG Retrieving entry with [('',)] >2020-11-06T16:21:36Z DEBUG Retrieved entry [dn: >vendorVersion: 389-Directory/1.4.3.8 B2020.218.1542 > >] >2020-11-06T16:21:36Z DEBUG cn=config set REPLACE: ('nsslapd-secureport', '636') >2020-11-06T16:21:36Z DEBUG cn=config set REPLACE: ('nsslapd-security', 'on') >2020-11-06T16:21:36Z DEBUG Checking "None" under cn=ldbm database,cn=plugins,cn=config : {'cn': 'userRoot', 'nsslapd-suffix': 'dc=test,dc=co'} >2020-11-06T16:21:36Z DEBUG Using first property cn: userRoot as rdn >2020-11-06T16:21:36Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=dc=test,dc=co)(nsslapd-backend=dc=test,dc=co))) >2020-11-06T16:21:36Z DEBUG _gen_selector filter = (&(&(objectclass=nsMappingTree))(|(cn=userRoot)(nsslapd-backend=userRoot))) >2020-11-06T16:21:36Z DEBUG Validated dn cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2020-11-06T16:21:36Z DEBUG Creating cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2020-11-06T16:21:36Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2020-11-06T16:21:36Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance']} >2020-11-06T16:21:36Z DEBUG updating dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config >2020-11-06T16:21:36Z DEBUG updated dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config with {'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=test,dc=co']} >2020-11-06T16:21:36Z DEBUG Created entry cn=userRoot,cn=ldbm database,cn=plugins,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsBackendInstance'], 'cn': [b'userRoot'], 'nsslapd-suffix': [b'dc=test,dc=co']} >2020-11-06T16:21:36Z DEBUG Checking "None" under cn=mapping tree,cn=config : {'cn': [b'dc=test,dc=co'], 'nsslapd-state': 'backend', 'nsslapd-backend': [b'userRoot']} >2020-11-06T16:21:36Z DEBUG Using first property cn: dc\=test\,dc\=co as rdn >2020-11-06T16:21:36Z DEBUG Validated dn cn=dc\=test\,dc\=co,cn=mapping tree,cn=config >2020-11-06T16:21:36Z DEBUG Creating cn=dc\=test\,dc\=co,cn=mapping tree,cn=config >2020-11-06T16:21:36Z DEBUG updating dn: cn=dc\=test\,dc\=co,cn=mapping tree,cn=config >2020-11-06T16:21:36Z DEBUG updated dn: cn=dc\=test\,dc\=co,cn=mapping tree,cn=config with {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree']} >2020-11-06T16:21:36Z DEBUG updating dn: cn=dc\=test\,dc\=co,cn=mapping tree,cn=config >2020-11-06T16:21:36Z DEBUG updated dn: cn=dc\=test\,dc\=co,cn=mapping tree,cn=config with {'cn': [b'dc=test,dc=co', b'dc\\=test\\,dc\\=co'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} >2020-11-06T16:21:37Z DEBUG Created entry cn=dc\=test\,dc\=co,cn=mapping tree,cn=config : {'objectclass': [b'top', b'extensibleObject', b'nsMappingTree'], 'cn': [b'dc=test,dc=co', b'dc\\=test\\,dc\\=co'], 'nsslapd-state': [b'backend'], 'nsslapd-backend': [b'userRoot']} >2020-11-06T16:21:37Z DEBUG cn=config set REPLACE: ('nsslapd-ldapifilepath', '/var/run/slapd-TEST-CO.socket') >2020-11-06T16:21:37Z DEBUG cn=config set REPLACE: ('nsslapd-ldapilisten', 'on') >2020-11-06T16:21:37Z DEBUG cn=config set REPLACE: ('nsslapd-ldapiautobind', 'on') >2020-11-06T16:21:37Z DEBUG cn=config set REPLACE: ('nsslapd-ldapimaprootdn', 'cn=Directory Manager') >2020-11-06T16:21:37Z DEBUG Adding sasl maps for suffix dc=test,dc=co >2020-11-06T16:21:37Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'rfc 2829 u syntax', 'nsSaslMapRegexString': '^u:\\(.*\\)', 'nsSaslMapBaseDNTemplate': 'dc=test,dc=co', 'nsSaslMapFilterTemplate': '(uid=\\1)'} >2020-11-06T16:21:37Z DEBUG Using first property cn: rfc 2829 u syntax as rdn >2020-11-06T16:21:37Z DEBUG Validated dn cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG Creating cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} >2020-11-06T16:21:37Z DEBUG updating dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG updated dn: cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config with {'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=test,dc=co'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} >2020-11-06T16:21:37Z DEBUG Created entry cn=rfc 2829 u syntax,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'rfc 2829 u syntax'], 'nsSaslMapRegexString': [b'^u:\\(.*\\)'], 'nsSaslMapBaseDNTemplate': [b'dc=test,dc=co'], 'nsSaslMapFilterTemplate': [b'(uid=\\1)']} >2020-11-06T16:21:37Z DEBUG Checking "None" under cn=mapping,cn=sasl,cn=config : {'cn': 'uid mapping', 'nsSaslMapRegexString': '^[^:@]+$', 'nsSaslMapBaseDNTemplate': 'dc=test,dc=co', 'nsSaslMapFilterTemplate': '(uid=&)'} >2020-11-06T16:21:37Z DEBUG Using first property cn: uid mapping as rdn >2020-11-06T16:21:37Z DEBUG Validated dn cn=uid mapping,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG Creating cn=uid mapping,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'objectclass': [b'top', b'nsSaslMapping']} >2020-11-06T16:21:37Z DEBUG updating dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config >2020-11-06T16:21:37Z DEBUG updated dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config with {'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=test,dc=co'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} >2020-11-06T16:21:37Z DEBUG Created entry cn=uid mapping,cn=mapping,cn=sasl,cn=config : {'objectclass': [b'top', b'nsSaslMapping'], 'cn': [b'uid mapping'], 'nsSaslMapRegexString': [b'^[^:@]+$'], 'nsSaslMapBaseDNTemplate': [b'dc=test,dc=co'], 'nsSaslMapFilterTemplate': [b'(uid=&)']} >2020-11-06T16:21:37Z DEBUG cn=config set REPLACE: ('nsslapd-rootpw', '********') >2020-11-06T16:21:37Z DEBUG systemd status -> True >2020-11-06T16:21:37Z DEBUG systemd status -> True >2020-11-06T16:21:40Z DEBUG systemd status -> True >2020-11-06T16:21:40Z DEBUG systemd status -> True >2020-11-06T16:21:44Z DEBUG FINISH: Completed installation for TEST-CO >2020-11-06T16:21:44Z DEBUG Allocate local instance <class 'lib389.DirSrv'> with ldapi://%2fvar%2frun%2fslapd-TEST-CO.socket >2020-11-06T16:21:44Z DEBUG open(): Connecting to uri ldapi://%2fvar%2frun%2fslapd-TEST-CO.socket >2020-11-06T16:21:44Z DEBUG Using dirsrv ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:44Z DEBUG Using external ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:44Z DEBUG Using external ca certificate /etc/dirsrv/slapd-TEST-CO >2020-11-06T16:21:44Z DEBUG Using certificate policy 1 >2020-11-06T16:21:44Z DEBUG ldap.OPT_X_TLS_REQUIRE_CERT = 1 >2020-11-06T16:21:44Z DEBUG open(): bound as cn=Directory Manager >2020-11-06T16:21:44Z DEBUG Retrieving entry with [('',)] >2020-11-06T16:21:44Z DEBUG Retrieved entry [dn: >vendorVersion: 389-Directory/1.4.3.8 B2020.218.1542 > >] >2020-11-06T16:21:44Z DEBUG Checking "None" under None : {'dc': 'test', 'info': 'IPA V2.0'} >2020-11-06T16:21:44Z DEBUG Validated dn dc=test,dc=co >2020-11-06T16:21:44Z DEBUG Creating dc=test,dc=co >2020-11-06T16:21:44Z DEBUG updating dn: dc=test,dc=co >2020-11-06T16:21:44Z DEBUG updated dn: dc=test,dc=co with {'objectclass': [b'top', b'domain', b'pilotObject']} >2020-11-06T16:21:44Z DEBUG updating dn: dc=test,dc=co >2020-11-06T16:21:44Z DEBUG updated dn: dc=test,dc=co with {'dc': [b'test'], 'info': [b'IPA V2.0']} >2020-11-06T16:21:44Z DEBUG Created entry dc=test,dc=co : {'objectclass': [b'top', b'domain', b'pilotObject'], 'dc': [b'test'], 'info': [b'IPA V2.0']} >2020-11-06T16:21:44Z DEBUG completed creating DS instance >2020-11-06T16:21:44Z DEBUG step duration: dirsrv __create_instance 18.84 sec >2020-11-06T16:21:44Z DEBUG [2/45]: configure autobind for root >2020-11-06T16:21:44Z DEBUG Starting external process >2020-11-06T16:21:44Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/root-autobind.ldif', '-H', 'ldapi://%2fvar%2frun%2fslapd-TEST-CO.socket', '-x', '-D', 'cn=Directory Manager', '-y', '/tmp/tmpgr0abu3f'] >2020-11-06T16:21:44Z DEBUG Process finished, return code=0 >2020-11-06T16:21:44Z DEBUG stdout=add objectClass: > extensibleObject > top >add cn: > root-autobind >add uidNumber: > 0 >add gidNumber: > 0 >adding new entry "cn=root-autobind,cn=config" >modify complete > >replace nsslapd-ldapiautobind: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-ldapimaptoentries: > on >modifying entry "cn=config" >modify complete > > >2020-11-06T16:21:44Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-TEST-CO.socket/??base ) > >2020-11-06T16:21:44Z DEBUG step duration: dirsrv __root_autobind 0.08 sec >2020-11-06T16:21:44Z DEBUG [3/45]: tune ldbm plugin >2020-11-06T16:21:44Z DEBUG Starting external process >2020-11-06T16:21:44Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ldbm-tuning.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:44Z DEBUG Process finished, return code=0 >2020-11-06T16:21:44Z DEBUG stdout=replace nsslapd-db-locks: > 50000 >modifying entry "cn=bdb,cn=config,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:44Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:44Z DEBUG step duration: dirsrv __tune_ldbm 0.07 sec >2020-11-06T16:21:44Z DEBUG [4/45]: stopping directory server >2020-11-06T16:21:44Z DEBUG Starting external process >2020-11-06T16:21:44Z DEBUG args=['/bin/systemctl', 'stop', 'dirsrv@TEST-CO.service'] >2020-11-06T16:21:46Z DEBUG Process finished, return code=0 >2020-11-06T16:21:46Z DEBUG stdout= >2020-11-06T16:21:46Z DEBUG stderr= >2020-11-06T16:21:46Z DEBUG Stop of dirsrv@TEST-CO.service complete >2020-11-06T16:21:46Z DEBUG step duration: dirsrv __stop_instance 2.25 sec >2020-11-06T16:21:46Z DEBUG [5/45]: updating configuration in dse.ldif >2020-11-06T16:21:46Z DEBUG Starting external process >2020-11-06T16:21:46Z DEBUG args=['/usr/sbin/selinuxenabled'] >2020-11-06T16:21:46Z DEBUG Process finished, return code=0 >2020-11-06T16:21:46Z DEBUG stdout= >2020-11-06T16:21:46Z DEBUG stderr= >2020-11-06T16:21:46Z DEBUG Starting external process >2020-11-06T16:21:46Z DEBUG args=['/sbin/restorecon', '/etc/dirsrv/slapd-TEST-CO/dse.ldif'] >2020-11-06T16:21:46Z DEBUG Process finished, return code=0 >2020-11-06T16:21:46Z DEBUG stdout= >2020-11-06T16:21:46Z DEBUG stderr= >2020-11-06T16:21:46Z DEBUG step duration: dirsrv __update_dse_ldif 0.10 sec >2020-11-06T16:21:46Z DEBUG [6/45]: starting directory server >2020-11-06T16:21:46Z DEBUG Starting external process >2020-11-06T16:21:46Z DEBUG args=['/bin/systemctl', 'start', 'dirsrv@TEST-CO.service'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout= >2020-11-06T16:21:51Z DEBUG stderr= >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@TEST-CO.service'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=active > >2020-11-06T16:21:51Z DEBUG stderr= >2020-11-06T16:21:51Z DEBUG wait_for_open_ports: localhost [389] timeout 120 >2020-11-06T16:21:51Z DEBUG waiting for port: 389 >2020-11-06T16:21:51Z DEBUG SUCCESS: port: 389 >2020-11-06T16:21:51Z DEBUG Start of dirsrv@TEST-CO.service complete >2020-11-06T16:21:51Z DEBUG Created connection context.ldap2_140498140403920 >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __start_instance 4.75 sec >2020-11-06T16:21:51Z DEBUG [7/45]: adding default schema >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __add_default_schemas 0.01 sec >2020-11-06T16:21:51Z DEBUG [8/45]: enabling memberof plugin >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/memberof-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=replace nsslapd-pluginenabled: > on >add memberofgroupattr: > memberUser >add memberofgroupattr: > memberHost >modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __add_memberof_module 0.06 sec >2020-11-06T16:21:51Z DEBUG [9/45]: enabling winsync plugin >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-winsync-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-winsync >add nsslapd-pluginpath: > libipa_winsync >add nsslapd-plugininitfunc: > ipa_winsync_plugin_init >add nsslapd-pluginDescription: > Allows IPA to work with the DS windows sync feature >add nsslapd-pluginid: > ipa-winsync >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-plugin-depends-on-type: > database >add ipaWinSyncRealmFilter: > (objectclass=krbRealmContainer) >add ipaWinSyncRealmAttr: > cn >add ipaWinSyncNewEntryFilter: > (cn=ipaConfig) >add ipaWinSyncNewUserOCAttr: > ipauserobjectclasses >add ipaWinSyncUserFlatten: > true >add ipaWinsyncHomeDirAttr: > ipaHomesRootDir >add ipaWinsyncLoginShellAttr: > ipaDefaultLoginShell >add ipaWinSyncDefaultGroupAttr: > ipaDefaultPrimaryGroup >add ipaWinSyncDefaultGroupFilter: > (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) >add ipaWinSyncAcctDisable: > both >add ipaWinSyncForceSync: > true >add ipaWinSyncUserAttr: > uidNumber -1 > gidNumber -1 >adding new entry "cn=ipa-winsync,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __add_winsync_module 0.07 sec >2020-11-06T16:21:51Z DEBUG [10/45]: configure password logging >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/pw-logging-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=replace nsslapd-unhashed-pw-switch: > nolog >modifying entry "cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __password_logging 0.05 sec >2020-11-06T16:21:51Z DEBUG [11/45]: configuring replication version plugin >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/version-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Version Replication >add nsslapd-pluginpath: > libipa_repl_version >add nsslapd-plugininitfunc: > repl_version_plugin_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > off >add nsslapd-pluginid: > ipa_repl_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Replication version plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-plugin-depends-on-named: > Multimaster Replication Plugin >adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __config_version_module 0.06 sec >2020-11-06T16:21:51Z DEBUG [12/45]: enabling IPA enrollment plugin >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmjo_0qsp', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_enrollment_extop >add nsslapd-pluginpath: > libipa_enrollment_extop >add nsslapd-plugininitfunc: > ipaenrollment_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_enrollment_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Enroll hosts into the IPA domain >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=test,dc=co >adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __add_enrollment_module 0.06 sec >2020-11-06T16:21:51Z DEBUG [13/45]: configuring uniqueness plugin >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpx_74_sj_', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbPrincipalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=test,dc=co >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=test,dc=co >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbCanonicalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > krbCanonicalName >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=test,dc=co >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=test,dc=co >add uniqueness-across-all-subtrees: > on >adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > netgroup uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=ng,cn=alt,dc=test,dc=co >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipaUniqueID uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > ipaUniqueID >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >add uniqueness-subtrees: > dc=test,dc=co >add uniqueness-exclude-subtrees: > cn=staged users,cn=accounts,cn=provisioning,dc=test,dc=co >add uniqueness-across-all-subtrees: > on >adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > sudorule name uniqueness >add nsslapd-pluginDescription: > Enforce unique attribute values >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add uniqueness-attribute-name: > cn >add uniqueness-subtrees: > cn=sudorules,cn=sudo,dc=test,dc=co >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG step duration: dirsrv __set_unique_attrs 0.07 sec >2020-11-06T16:21:51Z DEBUG [14/45]: configuring uuid plugin >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/uuid-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:51Z DEBUG Process finished, return code=0 >2020-11-06T16:21:51Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA UUID >add nsslapd-pluginpath: > libipa_uuid >add nsslapd-plugininitfunc: > ipauuid_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipauuid_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA UUID plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:51Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:51Z DEBUG Starting external process >2020-11-06T16:21:51Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp8tf4x0s3', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > IPA Unique IDs >add ipaUuidAttr: > ipaUniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (|(objectclass=ipaObject)(objectclass=ipaAssociation)) >add ipaUuidScope: > dc=test,dc=co >add ipaUuidEnforce: > TRUE >adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > IPK11 Unique IDs >add ipaUuidAttr: > ipk11UniqueID >add ipaUuidMagicRegen: > autogenerate >add ipaUuidFilter: > (objectclass=ipk11Object) >add ipaUuidScope: > dc=test,dc=co >add ipaUuidEnforce: > FALSE >adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __config_uuid_module 0.11 sec >2020-11-06T16:21:52Z DEBUG [15/45]: configuring modrdn plugin >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/modrdn-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA MODRDN >add nsslapd-pluginpath: > libipa_modrdn >add nsslapd-plugininitfunc: > ipamodrdn_init >add nsslapd-plugintype: > betxnpostoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipamodrdn_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA MODRDN plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginPrecedence: > 60 >adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpp_z7kz53', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Kerberos Principal Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbPrincipalName >add ipaModRDNsuffix: > @TEST.CO >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=test,dc=co >adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Kerberos Canonical Name >add ipaModRDNsourceAttr: > uid >add ipaModRDNtargetAttr: > krbCanonicalName >add ipaModRDNsuffix: > @TEST.CO >add ipaModRDNfilter: > (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) >add ipaModRDNscope: > dc=test,dc=co >adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __config_modrdn_module 0.11 sec >2020-11-06T16:21:52Z DEBUG [16/45]: configuring DNS plugin >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/ipa-dns-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectclass: > top > nsslapdPlugin > extensibleObject >add cn: > IPA DNS >add nsslapd-plugindescription: > IPA DNS support plugin >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_dns >add nsslapd-plugininitfunc: > ipadns_init >add nsslapd-pluginpath: > libipa_dns.so >add nsslapd-plugintype: > preoperation >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-pluginversion: > 1.0 >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA DNS,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __config_dns_module 0.05 sec >2020-11-06T16:21:52Z DEBUG [17/45]: enabling entryUSN plugin >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/entryusn.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=replace nsslapd-entryusn-global: > on >modifying entry "cn=config" >modify complete > >replace nsslapd-entryusn-import-initval: > next >modifying entry "cn=config" >modify complete > >replace nsslapd-pluginenabled: > on >modifying entry "cn=USN,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __enable_entryusn 0.06 sec >2020-11-06T16:21:52Z DEBUG [18/45]: configuring lockout plugin >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/lockout-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Lockout >add nsslapd-pluginpath: > libipa_lockout >add nsslapd-plugininitfunc: > ipalockout_init >add nsslapd-plugintype: > object >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipalockout_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Lockout plugin >add nsslapd-plugin-depends-on-type: > database >adding new entry "cn=IPA Lockout,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __config_lockout_module 0.05 sec >2020-11-06T16:21:52Z DEBUG [19/45]: configuring topology plugin >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp6k6yujqf', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Topology Configuration >add nsslapd-pluginPath: > libtopology >add nsslapd-pluginInitfunc: > ipa_topo_init >add nsslapd-pluginType: > object >add nsslapd-pluginEnabled: > on >add nsslapd-topo-plugin-shared-config-base: > cn=ipa,cn=etc,dc=test,dc=co >add nsslapd-topo-plugin-shared-replica-root: > dc=test,dc=co > o=ipaca >add nsslapd-topo-plugin-shared-binddngroup: > cn=replication managers,cn=sysaccounts,cn=etc,dc=test,dc=co >add nsslapd-topo-plugin-startup-delay: > 20 >add nsslapd-pluginId: > none >add nsslapd-plugin-depends-on-named: > ldbm database > Multimaster Replication Plugin >add nsslapd-pluginVersion: > 1.0 >add nsslapd-pluginVendor: > none >add nsslapd-pluginDescription: > none >adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __config_topology_module 0.06 sec >2020-11-06T16:21:52Z DEBUG [20/45]: creating indices >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/indices.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add objectClass: > top > nsIndex >add cn: > krbPrincipalName >add nsSystemIndex: > false >add nsIndexType: > eq > sub >add nsMatchingRule: > caseIgnoreIA5Match > caseExactIA5Match >adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > ou >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > carLicense >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > title >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > manager >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > secretary >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > displayname >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add nsIndexType: > sub >modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > uidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > gidnumber >add nsSystemIndex: > false >add nsIndexType: > eq >add nsMatchingRule: > integerOrderingMatch >adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >replace nsIndexType: > eq > pres >modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > fqdn >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add ObjectClass: > top > nsIndex >add cn: > macAddress >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberHost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberUser >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > sourcehost >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberservice >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > managedby >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberallowcmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberdenycmd >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunas >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipasudorunasgroup >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > automountkey >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > automountMapName >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaConfigString >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaEnabledFlag >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaKrbAuthzData >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipakrbprincipalalias >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipauniqueid >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCa >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaMemberCertProfile >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres > sub >adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > userCertificate >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipalocation >add ObjectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > krbCanonicalName >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > serverhostname >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > description >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > l >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > nsOsVersion >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > nsHardwarePlatform >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > nsHostLocation >add objectClass: > top > nsindex >add nssystemindex: > false >add nsindextype: > eq > sub >adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipServicePort >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > accessRuleType >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > hostCategory >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > idnsName >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > ipaCertmapData >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=ipaCertmapData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > altSecurityIdentities >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=altSecurityIdentities,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add cn: > memberManager >add objectClass: > top > nsIndex >add nsSystemIndex: > false >add nsIndexType: > eq > pres >adding new entry "cn=memberManager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __create_indices 0.17 sec >2020-11-06T16:21:52Z DEBUG [21/45]: enabling referential integrity plugin >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/usr/share/ipa/referint-conf.ldif', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=replace nsslapd-pluginenabled: > on >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __add_referint_module 0.05 sec >2020-11-06T16:21:52Z DEBUG [22/45]: configuring certmap.conf >2020-11-06T16:21:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:21:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:21:52Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __certmap_conf 0.00 sec >2020-11-06T16:21:52Z DEBUG [23/45]: configure new location for managed entries >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpl6sk63cc', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=Definitions,cn=Managed Entries,cn=etc,dc=test,dc=co >modifying entry "cn=Managed Entries,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:21:52Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:52Z DEBUG step duration: dirsrv __repoint_managed_entries 0.06 sec >2020-11-06T16:21:52Z DEBUG [24/45]: configure dirsrv ccache and keytab >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/usr/sbin/selinuxenabled'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout= >2020-11-06T16:21:52Z DEBUG stderr= >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/sbin/restorecon', '/etc/systemd/system/dirsrv@TEST-CO.service.d/ipa-env.conf'] >2020-11-06T16:21:52Z DEBUG Process finished, return code=0 >2020-11-06T16:21:52Z DEBUG stdout= >2020-11-06T16:21:52Z DEBUG stderr= >2020-11-06T16:21:52Z DEBUG Starting external process >2020-11-06T16:21:52Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] >2020-11-06T16:21:53Z DEBUG Process finished, return code=0 >2020-11-06T16:21:53Z DEBUG stdout= >2020-11-06T16:21:53Z DEBUG stderr= >2020-11-06T16:21:53Z DEBUG step duration: dirsrv configure_systemd_ipa_env 1.03 sec >2020-11-06T16:21:53Z DEBUG [25/45]: enabling SASL mapping fallback >2020-11-06T16:21:53Z DEBUG Starting external process >2020-11-06T16:21:53Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp64i6cg4b', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:21:53Z DEBUG Process finished, return code=0 >2020-11-06T16:21:53Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: > on >modifying entry "cn=config" >modify complete > > >2020-11-06T16:21:53Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:21:53Z DEBUG step duration: dirsrv __enable_sasl_mapping_fallback 0.06 sec >2020-11-06T16:21:53Z DEBUG [26/45]: restarting directory server >2020-11-06T16:21:53Z DEBUG Destroyed connection context.ldap2_140498140403920 >2020-11-06T16:21:53Z DEBUG Starting external process >2020-11-06T16:21:53Z DEBUG args=['/bin/systemctl', '--system', 'daemon-reload'] >2020-11-06T16:21:54Z DEBUG Process finished, return code=0 >2020-11-06T16:21:54Z DEBUG stdout= >2020-11-06T16:21:54Z DEBUG stderr= >2020-11-06T16:21:54Z DEBUG Starting external process >2020-11-06T16:21:54Z DEBUG args=['/bin/systemctl', 'restart', 'dirsrv@TEST-CO.service'] >2020-11-06T16:22:00Z DEBUG Process finished, return code=0 >2020-11-06T16:22:00Z DEBUG stdout= >2020-11-06T16:22:00Z DEBUG stderr= >2020-11-06T16:22:00Z DEBUG Starting external process >2020-11-06T16:22:00Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@TEST-CO.service'] >2020-11-06T16:22:00Z DEBUG Process finished, return code=0 >2020-11-06T16:22:00Z DEBUG stdout=active > >2020-11-06T16:22:00Z DEBUG stderr= >2020-11-06T16:22:00Z DEBUG wait_for_open_ports: localhost [389] timeout 120 >2020-11-06T16:22:00Z DEBUG waiting for port: 389 >2020-11-06T16:22:00Z DEBUG SUCCESS: port: 389 >2020-11-06T16:22:00Z DEBUG Restart of dirsrv@TEST-CO.service complete >2020-11-06T16:22:00Z DEBUG Starting external process >2020-11-06T16:22:00Z DEBUG args=['/bin/systemctl', 'is-active', 'dirsrv@TEST-CO.service'] >2020-11-06T16:22:00Z DEBUG Process finished, return code=0 >2020-11-06T16:22:00Z DEBUG stdout=active > >2020-11-06T16:22:00Z DEBUG stderr= >2020-11-06T16:22:00Z DEBUG Created connection context.ldap2_140498140403920 >2020-11-06T16:22:00Z DEBUG step duration: dirsrv __restart_instance 6.74 sec >2020-11-06T16:22:00Z DEBUG [27/45]: adding sasl mappings to the directory >2020-11-06T16:22:00Z DEBUG flushing ldapi://%2Frun%2Fslapd-TEST-CO.socket from SchemaCache >2020-11-06T16:22:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-TEST-CO.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fc843d0d2b0> >2020-11-06T16:22:00Z DEBUG step duration: dirsrv __configure_sasl_mappings 0.30 sec >2020-11-06T16:22:00Z DEBUG [28/45]: adding default layout >2020-11-06T16:22:00Z DEBUG Starting external process >2020-11-06T16:22:00Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp_7vtt4tc', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:00Z DEBUG Process finished, return code=0 >2020-11-06T16:22:00Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > accounts >adding new entry "cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > users >adding new entry "cn=users,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > groups >adding new entry "cn=groups,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > services >adding new entry "cn=services,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > computers >adding new entry "cn=computers,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > hostgroups >adding new entry "cn=hostgroups,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > ipservices >adding new entry "cn=ipservices,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer >add cn: > alt >adding new entry "cn=alt,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer >add cn: > ng >adding new entry "cn=ng,cn=alt,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer >add cn: > automount >adding new entry "cn=automount,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer >add cn: > default >adding new entry "cn=default,cn=automount,dc=test,dc=co" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.master >adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=test,dc=co" >modify complete > >add objectClass: > automountMap >add automountMapName: > auto.direct >adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=test,dc=co" >modify complete > >add objectClass: > automount >add automountKey: > /- >add automountInformation: > auto.direct >add description: > /- auto.direct >adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbac >adding new entry "cn=hbac,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservices >adding new entry "cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > hbacservicegroups >adding new entry "cn=hbacservicegroups,cn=hbac,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudo >adding new entry "cn=sudo,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmds >adding new entry "cn=sudocmds,cn=sudo,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudocmdgroups >adding new entry "cn=sudocmdgroups,cn=sudo,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > sudorules >adding new entry "cn=sudorules,cn=sudo,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > etc >adding new entry "cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > locations >adding new entry "cn=locations,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > sysaccounts >adding new entry "cn=sysaccounts,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > ipa >adding new entry "cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > masters >adding new entry "cn=masters,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > replicas >adding new entry "cn=replicas,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > dna >adding new entry "cn=dna,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > posix-ids >adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca_renewal >adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > certificates >adding new entry "cn=certificates,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > custodia >adding new entry "cn=custodia,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > dogtag >adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > s4u2proxy >adding new entry "cn=s4u2proxy,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > ipaKrb5DelegationACL > groupOfPrincipals > top >add cn: > ipa-http-delegation >add memberPrincipal: > HTTP/rhel8.test.co@TEST.CO >add ipaAllowedTarget: > cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=test,dc=co > cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=test,dc=co >adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-ldap-delegation-targets >add memberPrincipal: > ldap/rhel8.test.co@TEST.CO >adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > groupOfPrincipals > top >add cn: > ipa-cifs-delegation-targets >adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > top > person > posixaccount > krbprincipalaux > krbticketpolicyaux > inetuser > ipaobject > ipasshuser >add uid: > admin >add krbPrincipalName: > admin@TEST.CO >add cn: > Administrator >add sn: > Administrator >add uidNumber: > 283400000 >add gidNumber: > 283400000 >add homeDirectory: > /home/admin >add loginShell: > /bin/bash >add gecos: > Administrator >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "uid=admin,cn=users,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add cn: > admins >add description: > Account administrators group >add gidNumber: > 283400000 >add member: > uid=admin,cn=users,cn=accounts,dc=test,dc=co >add nsAccountLock: > FALSE >add ipaUniqueID: > autogenerate >adding new entry "cn=admins,cn=groups,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add description: > Default group for all users >add cn: > ipausers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > posixgroup > ipausergroup > ipaobject >add gidNumber: > 283400002 >add description: > Limited admins who can edit other users >add cn: > editors >add ipaUniqueID: > autogenerate >adding new entry "cn=editors,cn=groups,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > groupOfNames > nestedGroup > ipaobject > ipahostgroup >add description: > IPA server hosts >add cn: > ipaservers >add ipaUniqueID: > autogenerate >adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sshd >add description: > sshd >add ipauniqueid: > autogenerate >adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > ftp >add description: > ftp >add ipauniqueid: > autogenerate >adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su >add description: > su >add ipauniqueid: > autogenerate >adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > login >add description: > login >add ipauniqueid: > autogenerate >adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > su-l >add description: > su with login shell >add ipauniqueid: > autogenerate >adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo >add description: > sudo >add ipauniqueid: > autogenerate >adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > sudo-i >add description: > sudo-i >add ipauniqueid: > autogenerate >adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > systemd-user >add description: > pam_systemd and systemd user@.service >add ipauniqueid: > autogenerate >adding new entry "cn=systemd-user,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm >add description: > gdm >add ipauniqueid: > autogenerate >adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > gdm-password >add description: > gdm-password >add ipauniqueid: > autogenerate >adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipahbacservice > ipaobject >add cn: > kdm >add description: > kdm >add ipauniqueid: > autogenerate >adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=test,dc=co" >modify complete > >add objectClass: > ipaobject > ipahbacservicegroup > nestedGroup > groupOfNames > top >add cn: > Sudo >add ipauniqueid: > autogenerate >add description: > Default group of Sudo related services >add member: > cn=sudo,cn=hbacservices,cn=hbac,dc=test,dc=co > cn=sudo-i,cn=hbacservices,cn=hbac,dc=test,dc=co >adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top > ipaGuiConfig > ipaConfigObject >add ipaUserSearchFields: > uid,givenname,sn,telephonenumber,ou,title >add ipaGroupSearchFields: > cn,description >add ipaSearchTimeLimit: > 2 >add ipaSearchRecordsLimit: > 100 >add ipaHomesRootDir: > /home >add ipaDefaultLoginShell: > /bin/sh >add ipaDefaultPrimaryGroup: > ipausers >add ipaMaxUsernameLength: > 32 >add ipaMaxHostnameLength: > 64 >add ipaPwdExpAdvNotify: > 4 >add ipaGroupObjectClasses: > top > groupofnames > nestedgroup > ipausergroup > ipaobject >add ipaUserObjectClasses: > top > person > organizationalperson > inetorgperson > inetuser > posixaccount > krbprincipalaux > krbticketpolicyaux > ipaobject > ipasshuser >add ipaDefaultEmailDomain: > test.co >add ipaMigrationEnabled: > FALSE >add ipaConfigString: > AllowNThash > KDC:Disable Last Success >add ipaSELinuxUserMapOrder: > guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 >add ipaSELinuxUserMapDefault: > unconfined_u:s0-s0:c0.c1023 >adding new entry "cn=ipaConfig,cn=etc,dc=test,dc=co" >modify complete > >add objectclass: > top > nsContainer >add cn: > cosTemplates >adding new entry "cn=cosTemplates,cn=accounts,dc=test,dc=co" >modify complete > >add description: > Password Policy based on group membership >add objectClass: > top > ldapsubentry > cosSuperDefinition > cosClassicDefinition >add cosTemplateDn: > cn=cosTemplates,cn=accounts,dc=test,dc=co >add cosAttribute: > krbPwdPolicyReference override >add cosSpecifier: > memberOf >adding new entry "cn=Password Policy,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > selinux >adding new entry "cn=selinux,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > usermap >adding new entry "cn=usermap,cn=selinux,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > ranges >adding new entry "cn=ranges,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > top > ipaIDrange > ipaDomainIDRange >add cn: > TEST.CO_id_range >add ipaBaseID: > 283400000 >add ipaIDRangeSize: > 200000 >add ipaRangeType: > ipa-local >adding new entry "cn=TEST.CO_id_range,cn=ranges,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > ca >adding new entry "cn=ca,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > certprofiles >adding new entry "cn=certprofiles,cn=ca,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > caacls >adding new entry "cn=caacls,cn=ca,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > cas >adding new entry "cn=cas,cn=ca,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:00Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:00Z DEBUG step duration: dirsrv __add_default_layout 0.18 sec >2020-11-06T16:22:00Z DEBUG [29/45]: adding delegation layout >2020-11-06T16:22:00Z DEBUG Starting external process >2020-11-06T16:22:00Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp9jlaryrs', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectClass: > top > nsContainer >add cn: > roles >adding new entry "cn=roles,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > pbac >adding new entry "cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > privileges >adding new entry "cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > permissions >adding new entry "cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > helpdesk >add description: > Helpdesk >adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > User Administrators >add description: > User Administrators >adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Group Administrators >add description: > Group Administrators >adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Administrators >add description: > Host Administrators >adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Group Administrators >add description: > Host Group Administrators >adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Delegation Administrator >add description: > Role administration >adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Administrators >add description: > DNS Administrators >adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Servers >add description: > DNS Servers >adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Service Administrators >add description: > Service Administrators >adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Automount Administrators >add description: > Automount Administrators >adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Netgroups Administrators >add description: > Netgroups Administrators >adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Certificate Administrators >add description: > Certificate Administrators >adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Replication Administrators >add description: > Replication Administrators >add member: > cn=admins,cn=groups,cn=accounts,dc=test,dc=co >adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Enrollment >add description: > Host Enrollment >adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Administrators >add description: > Stage User Administrators >adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Provisioning >add description: > Stage User Provisioning >adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Add Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Read Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Remove Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify DNA Range >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer >add cn: > virtual operations >adding new entry "cn=virtual operations,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Retrieve Certificates from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=test,dc=co" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=test,dc=co" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificates from a different host >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=test,dc=co" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Get Certificates status from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=test,dc=co" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Revoke Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=test,dc=co" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "dc=test,dc=co" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Certificate Remove Hold >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=test,dc=co >adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=test,dc=co" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __add_delegation_layout 0.13 sec >2020-11-06T16:22:01Z DEBUG [30/45]: creating container for managed entries >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpe191fabe', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > Templates >adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > >add objectClass: > nsContainer > top >add cn: > Definitions >adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __managed_entries 0.05 sec >2020-11-06T16:22:01Z DEBUG [31/45]: configuring user private groups >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpuf4v2yz8', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > >add objectclass: > extensibleObject >add cn: > UPG Definition >add originScope: > cn=users,cn=accounts,dc=test,dc=co >add originFilter: > (&(objectclass=posixAccount)(!(description=__no_upg__))) >add managedBase: > cn=groups,cn=accounts,dc=test,dc=co >add managedTemplate: > cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=test,dc=co >adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __user_private_groups 0.05 sec >2020-11-06T16:22:01Z DEBUG [32/45]: configuring netgroups from hostgroups >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp8mj3zfsc', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: test.co >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > >add objectclass: > extensibleObject >add cn: > NGP Definition >add originScope: > cn=hostgroups,cn=accounts,dc=test,dc=co >add originFilter: > objectclass=ipahostgroup >add managedBase: > cn=ng,cn=alt,dc=test,dc=co >add managedTemplate: > cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=test,dc=co >adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __host_nis_groups 0.06 sec >2020-11-06T16:22:01Z DEBUG [33/45]: creating default Sudo bind user >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp3i73ccub', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __add_sudo_binduser 0.06 sec >2020-11-06T16:22:01Z DEBUG [34/45]: creating default Auto Member layout >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpjee_5lvv', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=test,dc=co >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=test,dc=co" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Hostgroup >add autoMemberScope: > cn=computers,cn=accounts,dc=test,dc=co >add autoMemberFilter: > objectclass=ipaHost >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=test,dc=co" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Group >add autoMemberScope: > cn=users,cn=accounts,dc=test,dc=co >add autoMemberFilter: > objectclass=posixAccount >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Group,cn=automember,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __add_automember_config 0.06 sec >2020-11-06T16:22:01Z DEBUG [35/45]: adding range check plugin >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpzanghtby', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Range-Check >add nsslapd-pluginpath: > libipa_range_check >add nsslapd-plugininitfunc: > ipa_range_check_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_range_check_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Range-Check plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=test,dc=co >adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __add_range_check_plugin 0.06 sec >2020-11-06T16:22:01Z DEBUG [36/45]: creating default HBAC rule allow_all >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpq7bmlhfa', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=test,dc=co" >modify complete > >add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_systemd-user >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add memberService: > cn=systemd-user,cn=hbacservices,cn=hbac,dc=test,dc=co >add ipaenabledflag: > TRUE >add description: > Allow pam_systemd to run user@.service to create a system user session >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv add_hbac 0.07 sec >2020-11-06T16:22:01Z DEBUG [37/45]: adding entries for topology management >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpbtv085me', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > topology >adding new entry "cn=topology,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add objectclass: > top > iparepltopoconf >add ipaReplTopoConfRoot: > dc=test,dc=co >add nsDS5ReplicatedAttributeList: > (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsDS5ReplicatedAttributeListTotal: > (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsds5ReplicaStripAttrs: > modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp >add cn: > domain >adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG step duration: dirsrv __add_topology_entries 0.06 sec >2020-11-06T16:22:01Z DEBUG [38/45]: initializing group membership >2020-11-06T16:22:01Z DEBUG Starting external process >2020-11-06T16:22:01Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmppx7nkxub', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:01Z DEBUG Process finished, return code=0 >2020-11-06T16:22:01Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=test,dc=co >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1604679685, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2020-11-06T16:22:01Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:01Z DEBUG Waiting for memberof task to complete. >2020-11-06T16:22:02Z DEBUG step duration: dirsrv init_memberof 1.06 sec >2020-11-06T16:22:02Z DEBUG [39/45]: adding master entry >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpngds_6bj', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:02Z DEBUG Process finished, return code=0 >2020-11-06T16:22:02Z DEBUG stdout=add objectclass: > top > nsContainer > ipaReplTopoManagedServer > ipaConfigObject > ipaSupportedDomainLevelConfig >add cn: > rhel8.test.co >add ipaReplTopoManagedSuffix: > dc=test,dc=co >add ipaMinDomainLevel: > 1 >add ipaMaxDomainLevel: > 1 >adding new entry "cn=rhel8.test.co,cn=masters,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:02Z DEBUG step duration: dirsrv __add_master_entry 0.05 sec >2020-11-06T16:22:02Z DEBUG [40/45]: initializing domain level >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpfp0nj52a', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:02Z DEBUG Process finished, return code=0 >2020-11-06T16:22:02Z DEBUG stdout=add objectClass: > top > nsContainer > ipaDomainLevelConfig >add ipaDomainLevel: > 1 >adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:02Z DEBUG step duration: dirsrv __set_domain_level 0.06 sec >2020-11-06T16:22:02Z DEBUG [41/45]: configuring Posix uid/gid generation >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp2argvr6_', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:02Z DEBUG Process finished, return code=0 >2020-11-06T16:22:02Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 283400000 >add dnaMaxValue: > 283599999 >add dnaMagicRegen: > -1 >add dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) >add dnaScope: > dc=test,dc=co >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=test,dc=co >add dnaExcludeScope: > cn=provisioning,dc=test,dc=co >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >replace nsslapd-pluginEnabled: > on >modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:22:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:02Z DEBUG step duration: dirsrv __config_uidgid_gen 0.06 sec >2020-11-06T16:22:02Z DEBUG [42/45]: adding replication acis >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpp2aum41d', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:02Z DEBUG Process finished, return code=0 >2020-11-06T16:22:02Z DEBUG stdout=add aci: > (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=co";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2020-11-06T16:22:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:02Z DEBUG step duration: dirsrv __add_replication_acis 0.07 sec >2020-11-06T16:22:02Z DEBUG [43/45]: activating sidgen plugin >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp1crhqxlx', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:02Z DEBUG Process finished, return code=0 >2020-11-06T16:22:02Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA SIDGEN >add nsslapd-pluginpath: > libipa_sidgen >add nsslapd-plugininitfunc: > ipa_sidgen_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_sidgen_postop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA SIDGEN post operation >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=test,dc=co >adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:22:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:02Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.06 sec >2020-11-06T16:22:02Z DEBUG [44/45]: activating extdom plugin >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp_6310oft', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:02Z DEBUG Process finished, return code=0 >2020-11-06T16:22:02Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_extdom_extop >add nsslapd-pluginpath: > libipa_extdom_extop >add nsslapd-plugininitfunc: > ipa_extdom_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_extdom_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support resolving IDs in trusted domains to names and back >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=test,dc=co >adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:22:02Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:02Z DEBUG step duration: dirsrv _add_extdom_plugin 0.06 sec >2020-11-06T16:22:02Z DEBUG [45/45]: configuring directory to start on boot >2020-11-06T16:22:02Z DEBUG Starting external process >2020-11-06T16:22:02Z DEBUG args=['/bin/systemctl', 'is-enabled', 'dirsrv@TEST-CO.service'] >2020-11-06T16:22:03Z DEBUG Process finished, return code=0 >2020-11-06T16:22:03Z DEBUG stdout=enabled > >2020-11-06T16:22:03Z DEBUG stderr= >2020-11-06T16:22:03Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:03Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:03Z DEBUG Starting external process >2020-11-06T16:22:03Z DEBUG args=['/bin/systemctl', 'disable', 'dirsrv@TEST-CO.service'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout= >2020-11-06T16:22:04Z DEBUG stderr=Removed /etc/systemd/system/multi-user.target.wants/dirsrv@TEST-CO.service. >Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@TEST-CO.service. > >2020-11-06T16:22:04Z DEBUG step duration: dirsrv __enable 1.09 sec >2020-11-06T16:22:04Z DEBUG Done configuring directory server (dirsrv). >2020-11-06T16:22:04Z DEBUG service duration: dirsrv 38.61 sec >2020-11-06T16:22:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/bin/keyctl', 'get_persistent', '@s', '0'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout=1040716174 > >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG Enabling persistent keyring CCACHE >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=3 >2020-11-06T16:22:04Z DEBUG stdout=inactive > >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/bin/systemctl', 'stop', 'krb5kdc.service'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout= >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG Stop of krb5kdc.service complete >2020-11-06T16:22:04Z DEBUG Configuring Kerberos KDC (krb5kdc) >2020-11-06T16:22:04Z DEBUG [1/10]: adding kerberos container to the directory >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmptmx9o2_m', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout=add objectClass: > krbContainer > top >add cn: > kerberos >adding new entry "cn=kerberos,dc=test,dc=co" >modify complete > >add cn: > TEST.CO >add objectClass: > top > krbrealmcontainer > krbticketpolicyaux >add krbSubTrees: > dc=test,dc=co >add krbSearchScope: > 2 >add krbSupportedEncSaltTypes: > aes256-cts:normal > aes256-cts:special > aes128-cts:normal > aes128-cts:special > aes128-sha2:normal > aes128-sha2:special > aes256-sha2:normal > aes256-sha2:special >add krbMaxTicketLife: > 86400 >add krbMaxRenewableAge: > 604800 >add krbDefaultEncSaltTypes: > aes256-cts:special > aes128-cts:special >adding new entry "cn=TEST.CO,cn=kerberos,dc=test,dc=co" >modify complete > >add objectClass: > top > nsContainer > krbPwdPolicy >add krbMinPwdLife: > 3600 >add krbPwdMinDiffChars: > 0 >add krbPwdMinLength: > 8 >add krbPwdHistoryLength: > 0 >add krbMaxPwdLife: > 7776000 >add krbPwdMaxFailure: > 6 >add krbPwdFailureCountInterval: > 60 >add krbPwdLockoutDuration: > 600 >adding new entry "cn=global_policy,cn=TEST.CO,cn=kerberos,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:04Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:04Z DEBUG step duration: krb5kdc __add_krb_container 0.06 sec >2020-11-06T16:22:04Z DEBUG [2/10]: configuring KDC >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' >2020-11-06T16:22:04Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/etc/krb5.conf' >2020-11-06T16:22:04Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa-server' >2020-11-06T16:22:04Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa-server' doesn't exist >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa' >2020-11-06T16:22:04Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa' doesn't exist >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' >2020-11-06T16:22:04Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' >2020-11-06T16:22:04Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' >2020-11-06T16:22:04Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/usr/bin/klist', '-V'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout=Kerberos 5 version 1.18.2 > >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' >2020-11-06T16:22:04Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/usr/sbin/selinuxenabled'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout= >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/sbin/restorecon', '/etc/sysconfig/krb5kdc'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout= >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG step duration: krb5kdc __configure_instance 0.11 sec >2020-11-06T16:22:04Z DEBUG [3/10]: initialize kerberos container >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['kdb5_util', 'create', '-s', '-r', 'TEST.CO', '-x', 'ipa-setup-override-restrictions'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout=Loading random data >Initializing database '/var/kerberos/krb5kdc/principal' for realm 'TEST.CO', >master key name 'K/M@TEST.CO' >You will be prompted for the database Master Password. >It is important that you NOT FORGET this password. >Enter KDC database master key: >Re-enter KDC database master key to verify: > >2020-11-06T16:22:04Z DEBUG stderr= >2020-11-06T16:22:04Z DEBUG step duration: krb5kdc __init_ipa_kdb 0.35 sec >2020-11-06T16:22:04Z DEBUG [4/10]: adding default ACIs >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp53g7tsio', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:04Z DEBUG Process finished, return code=0 >2020-11-06T16:22:04Z DEBUG stdout=add aci: > (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) >modifying entry "dc=test,dc=co" >modify complete > >add aci: > (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) > (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) > (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) >modifying entry "dc=test,dc=co" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) >modifying entry "cn=etc,dc=test,dc=co" >modify complete > >add aci: > (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) >modifying entry "cn=ipa,cn=etc,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) > (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) > (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) >modifying entry "cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=test,dc=co")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) >modifying entry "cn=services,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=services,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) >modifying entry "cn=computers,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=computers,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=test,dc=co")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=test,dc=co";) >modifying entry "cn=computers,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) >modifying entry "cn=groups,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) >modifying entry "cn=hostgroups,cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) >modifying entry "cn=accounts,dc=test,dc=co" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) > (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=test,dc=co")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) >modifying entry "dc=test,dc=co" >modify complete > > >2020-11-06T16:22:04Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:04Z DEBUG step duration: krb5kdc __add_default_acis 0.07 sec >2020-11-06T16:22:04Z DEBUG [5/10]: creating a keytab for the directory >2020-11-06T16:22:04Z DEBUG Starting external process >2020-11-06T16:22:04Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ldap/rhel8.test.co@TEST.CO', '-x', 'ipa-setup-override-restrictions'] >2020-11-06T16:22:05Z DEBUG Process finished, return code=0 >2020-11-06T16:22:05Z DEBUG stdout=Authenticating as principal root/admin@TEST.CO with password. >Principal "ldap/rhel8.test.co@TEST.CO" created. > >2020-11-06T16:22:05Z DEBUG stderr=No policy specified for ldap/rhel8.test.co@TEST.CO; defaulting to no policy > >2020-11-06T16:22:05Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' >2020-11-06T16:22:05Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist >2020-11-06T16:22:05Z DEBUG Starting external process >2020-11-06T16:22:05Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/dirsrv/ds.keytab ldap/rhel8.test.co@TEST.CO', '-x', 'ipa-setup-override-restrictions'] >2020-11-06T16:22:05Z DEBUG Process finished, return code=0 >2020-11-06T16:22:05Z DEBUG stdout=Authenticating as principal root/admin@TEST.CO with password. >Entry for principal ldap/rhel8.test.co@TEST.CO with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/rhel8.test.co@TEST.CO with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/rhel8.test.co@TEST.CO with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/rhel8.test.co@TEST.CO with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/dirsrv/ds.keytab. > >2020-11-06T16:22:05Z DEBUG stderr= >2020-11-06T16:22:05Z DEBUG step duration: krb5kdc __create_ds_keytab 0.66 sec >2020-11-06T16:22:05Z DEBUG [6/10]: creating a keytab for the machine >2020-11-06T16:22:05Z DEBUG Starting external process >2020-11-06T16:22:05Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey host/rhel8.test.co@TEST.CO', '-x', 'ipa-setup-override-restrictions'] >2020-11-06T16:22:05Z DEBUG Process finished, return code=0 >2020-11-06T16:22:05Z DEBUG stdout=Authenticating as principal root/admin@TEST.CO with password. >Principal "host/rhel8.test.co@TEST.CO" created. > >2020-11-06T16:22:05Z DEBUG stderr=No policy specified for host/rhel8.test.co@TEST.CO; defaulting to no policy > >2020-11-06T16:22:05Z DEBUG Backing up system configuration file '/etc/krb5.keytab' >2020-11-06T16:22:05Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist >2020-11-06T16:22:05Z DEBUG Starting external process >2020-11-06T16:22:05Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/krb5.keytab host/rhel8.test.co@TEST.CO', '-x', 'ipa-setup-override-restrictions'] >2020-11-06T16:22:06Z DEBUG Process finished, return code=0 >2020-11-06T16:22:06Z DEBUG stdout=Authenticating as principal root/admin@TEST.CO with password. >Entry for principal host/rhel8.test.co@TEST.CO with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/rhel8.test.co@TEST.CO with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/rhel8.test.co@TEST.CO with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/rhel8.test.co@TEST.CO with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/krb5.keytab. > >2020-11-06T16:22:06Z DEBUG stderr= >2020-11-06T16:22:06Z DEBUG importing all plugin modules in ipaserver.plugins... >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.aci >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.automember >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.automount >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.baseldap >2020-11-06T16:22:06Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.baseuser >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.batch >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.ca >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.caacl >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.cert >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.certmap >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.certprofile >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.config >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.delegation >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.dns >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.dogtag >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.group >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.hbac >2020-11-06T16:22:06Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.hbactest >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.host >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.idrange >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.idviews >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.internal >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.join >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.location >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.migration >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.misc >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.netgroup >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.otp >2020-11-06T16:22:06Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.otptoken >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.passwd >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.permission >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.ping >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.pkinit >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.privilege >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.rabase >2020-11-06T16:22:06Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.role >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.schema >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.selfservice >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.server >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.serverrole >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.serverroles >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.service >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.session >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.stageuser >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.sudo >2020-11-06T16:22:06Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.sudorule >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.topology >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.trust >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.user >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.vault >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.virtual >2020-11-06T16:22:06Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.whoami >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2020-11-06T16:22:06Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.dns >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2020-11-06T16:22:06Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2020-11-06T16:22:07Z DEBUG Created connection context.ldap2_140498106083200 >2020-11-06T16:22:07Z DEBUG Destroyed connection context.ldap2_140498106083200 >2020-11-06T16:22:07Z DEBUG Created connection context.ldap2_140498106083200 >2020-11-06T16:22:07Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' >2020-11-06T16:22:07Z DEBUG flushing ldapi://%2Frun%2Fslapd-TEST-CO.socket from SchemaCache >2020-11-06T16:22:07Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-TEST-CO.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fc841c5f978> >2020-11-06T16:22:07Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG --------------------------------------------- >2020-11-06T16:22:07Z DEBUG Initial value >2020-11-06T16:22:07Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG objectClass: >2020-11-06T16:22:07Z DEBUG top >2020-11-06T16:22:07Z DEBUG groupOfNames >2020-11-06T16:22:07Z DEBUG nestedGroup >2020-11-06T16:22:07Z DEBUG ipaobject >2020-11-06T16:22:07Z DEBUG ipahostgroup >2020-11-06T16:22:07Z DEBUG description: >2020-11-06T16:22:07Z DEBUG IPA server hosts >2020-11-06T16:22:07Z DEBUG cn: >2020-11-06T16:22:07Z DEBUG ipaservers >2020-11-06T16:22:07Z DEBUG ipaUniqueID: >2020-11-06T16:22:07Z DEBUG 32ef25e6-204c-11eb-83cf-080027c0fa15 >2020-11-06T16:22:07Z DEBUG --------------------------------------------- >2020-11-06T16:22:07Z DEBUG Final value after applying updates >2020-11-06T16:22:07Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG objectClass: >2020-11-06T16:22:07Z DEBUG top >2020-11-06T16:22:07Z DEBUG groupOfNames >2020-11-06T16:22:07Z DEBUG nestedGroup >2020-11-06T16:22:07Z DEBUG ipaobject >2020-11-06T16:22:07Z DEBUG ipahostgroup >2020-11-06T16:22:07Z DEBUG description: >2020-11-06T16:22:07Z DEBUG IPA server hosts >2020-11-06T16:22:07Z DEBUG cn: >2020-11-06T16:22:07Z DEBUG ipaservers >2020-11-06T16:22:07Z DEBUG ipaUniqueID: >2020-11-06T16:22:07Z DEBUG 32ef25e6-204c-11eb-83cf-080027c0fa15 >2020-11-06T16:22:07Z DEBUG [] >2020-11-06T16:22:07Z DEBUG Updated 0 >2020-11-06T16:22:07Z DEBUG Done >2020-11-06T16:22:07Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG --------------------------------------------- >2020-11-06T16:22:07Z DEBUG Initial value >2020-11-06T16:22:07Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG objectClass: >2020-11-06T16:22:07Z DEBUG top >2020-11-06T16:22:07Z DEBUG groupOfNames >2020-11-06T16:22:07Z DEBUG nestedGroup >2020-11-06T16:22:07Z DEBUG ipaobject >2020-11-06T16:22:07Z DEBUG ipahostgroup >2020-11-06T16:22:07Z DEBUG description: >2020-11-06T16:22:07Z DEBUG IPA server hosts >2020-11-06T16:22:07Z DEBUG cn: >2020-11-06T16:22:07Z DEBUG ipaservers >2020-11-06T16:22:07Z DEBUG ipaUniqueID: >2020-11-06T16:22:07Z DEBUG 32ef25e6-204c-11eb-83cf-080027c0fa15 >2020-11-06T16:22:07Z DEBUG add: 'fqdn=rhel8.test.co,cn=computers,cn=accounts,dc=test,dc=co' to member, current value [] >2020-11-06T16:22:07Z DEBUG add: updated value ['fqdn=rhel8.test.co,cn=computers,cn=accounts,dc=test,dc=co'] >2020-11-06T16:22:07Z DEBUG --------------------------------------------- >2020-11-06T16:22:07Z DEBUG Final value after applying updates >2020-11-06T16:22:07Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG objectClass: >2020-11-06T16:22:07Z DEBUG top >2020-11-06T16:22:07Z DEBUG groupOfNames >2020-11-06T16:22:07Z DEBUG nestedGroup >2020-11-06T16:22:07Z DEBUG ipaobject >2020-11-06T16:22:07Z DEBUG ipahostgroup >2020-11-06T16:22:07Z DEBUG description: >2020-11-06T16:22:07Z DEBUG IPA server hosts >2020-11-06T16:22:07Z DEBUG cn: >2020-11-06T16:22:07Z DEBUG ipaservers >2020-11-06T16:22:07Z DEBUG ipaUniqueID: >2020-11-06T16:22:07Z DEBUG 32ef25e6-204c-11eb-83cf-080027c0fa15 >2020-11-06T16:22:07Z DEBUG member: >2020-11-06T16:22:07Z DEBUG fqdn=rhel8.test.co,cn=computers,cn=accounts,dc=test,dc=co >2020-11-06T16:22:07Z DEBUG [(2, 'member', ['fqdn=rhel8.test.co,cn=computers,cn=accounts,dc=test,dc=co'])] >2020-11-06T16:22:07Z DEBUG Updated 1 >2020-11-06T16:22:07Z DEBUG Done >2020-11-06T16:22:07Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.180 sec >2020-11-06T16:22:07Z DEBUG Destroyed connection context.ldap2_140498106083200 >2020-11-06T16:22:07Z DEBUG step duration: krb5kdc __create_host_keytab 2.04 sec >2020-11-06T16:22:07Z DEBUG [7/10]: adding the password extension to the directory >2020-11-06T16:22:07Z DEBUG Starting external process >2020-11-06T16:22:07Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp_up2gla3', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:07Z DEBUG Process finished, return code=0 >2020-11-06T16:22:07Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_pwd_extop >add nsslapd-pluginpath: > libipa_pwd_extop >add nsslapd-plugininitfunc: > ipapwd_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginbetxn: > on >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_pwd_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=test,dc=co >adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" >modify complete > > >2020-11-06T16:22:07Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:07Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.05 sec >2020-11-06T16:22:07Z DEBUG [8/10]: creating anonymous principal >2020-11-06T16:22:07Z DEBUG Starting external process >2020-11-06T16:22:07Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey WELLKNOWN/ANONYMOUS@TEST.CO', '-x', 'ipa-setup-override-restrictions'] >2020-11-06T16:22:08Z DEBUG Process finished, return code=0 >2020-11-06T16:22:08Z DEBUG stdout=Authenticating as principal root/admin@TEST.CO with password. >Principal "WELLKNOWN/ANONYMOUS@TEST.CO" created. > >2020-11-06T16:22:08Z DEBUG stderr=No policy specified for WELLKNOWN/ANONYMOUS@TEST.CO; defaulting to no policy > >2020-11-06T16:22:08Z DEBUG Starting external process >2020-11-06T16:22:08Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmphl6jtzsk', '-H', 'ldapi://%2Frun%2Fslapd-TEST-CO.socket', '-Y', 'EXTERNAL'] >2020-11-06T16:22:08Z DEBUG Process finished, return code=0 >2020-11-06T16:22:08Z DEBUG stdout=add objectclass: > ipaAllowedOperations >add aci: > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) >add ipaAllowedToPerform;read_keys: > cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=co >modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@TEST.CO,cn=TEST.CO,cn=kerberos,dc=test,dc=co" >modify complete > > >2020-11-06T16:22:08Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TEST-CO.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2020-11-06T16:22:08Z DEBUG step duration: krb5kdc add_anonymous_principal 0.37 sec >2020-11-06T16:22:08Z DEBUG [9/10]: starting the KDC >2020-11-06T16:22:08Z DEBUG Starting external process >2020-11-06T16:22:08Z DEBUG args=['/bin/systemctl', 'start', 'krb5kdc.service'] >2020-11-06T16:22:08Z DEBUG Process finished, return code=0 >2020-11-06T16:22:08Z DEBUG stdout= >2020-11-06T16:22:08Z DEBUG stderr= >2020-11-06T16:22:08Z DEBUG Starting external process >2020-11-06T16:22:08Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] >2020-11-06T16:22:08Z DEBUG Process finished, return code=0 >2020-11-06T16:22:08Z DEBUG stdout=active > >2020-11-06T16:22:08Z DEBUG stderr= >2020-11-06T16:22:08Z DEBUG Start of krb5kdc.service complete >2020-11-06T16:22:08Z DEBUG step duration: krb5kdc __start_instance 0.46 sec >2020-11-06T16:22:08Z DEBUG [10/10]: configuring KDC to start on boot >2020-11-06T16:22:08Z DEBUG Starting external process >2020-11-06T16:22:08Z DEBUG args=['/bin/systemctl', 'is-enabled', 'krb5kdc.service'] >2020-11-06T16:22:08Z DEBUG Process finished, return code=1 >2020-11-06T16:22:08Z DEBUG stdout=disabled > >2020-11-06T16:22:08Z DEBUG stderr= >2020-11-06T16:22:08Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:08Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:08Z DEBUG Starting external process >2020-11-06T16:22:08Z DEBUG args=['/bin/systemctl', 'disable', 'krb5kdc.service'] >2020-11-06T16:22:09Z DEBUG Process finished, return code=0 >2020-11-06T16:22:09Z DEBUG stdout= >2020-11-06T16:22:09Z DEBUG stderr= >2020-11-06T16:22:09Z DEBUG step duration: krb5kdc __enable 1.10 sec >2020-11-06T16:22:09Z DEBUG Done configuring Kerberos KDC (krb5kdc). >2020-11-06T16:22:09Z DEBUG service duration: krb5kdc 5.28 sec >2020-11-06T16:22:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:09Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:22:09Z DEBUG Configuring kadmin >2020-11-06T16:22:09Z DEBUG [1/2]: starting kadmin >2020-11-06T16:22:09Z DEBUG Starting external process >2020-11-06T16:22:09Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] >2020-11-06T16:22:09Z DEBUG Process finished, return code=3 >2020-11-06T16:22:09Z DEBUG stdout=inactive > >2020-11-06T16:22:09Z DEBUG stderr= >2020-11-06T16:22:09Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:09Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:09Z DEBUG Starting external process >2020-11-06T16:22:09Z DEBUG args=['/bin/systemctl', 'restart', 'kadmin.service'] >2020-11-06T16:22:10Z DEBUG Process finished, return code=0 >2020-11-06T16:22:10Z DEBUG stdout= >2020-11-06T16:22:10Z DEBUG stderr= >2020-11-06T16:22:10Z DEBUG Starting external process >2020-11-06T16:22:10Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] >2020-11-06T16:22:10Z DEBUG Process finished, return code=0 >2020-11-06T16:22:10Z DEBUG stdout=active > >2020-11-06T16:22:10Z DEBUG stderr= >2020-11-06T16:22:10Z DEBUG Restart of kadmin.service complete >2020-11-06T16:22:10Z DEBUG step duration: kadmin __start 0.68 sec >2020-11-06T16:22:10Z DEBUG [2/2]: configuring kadmin to start on boot >2020-11-06T16:22:10Z DEBUG Starting external process >2020-11-06T16:22:10Z DEBUG args=['/bin/systemctl', 'is-enabled', 'kadmin.service'] >2020-11-06T16:22:10Z DEBUG Process finished, return code=1 >2020-11-06T16:22:10Z DEBUG stdout=disabled > >2020-11-06T16:22:10Z DEBUG stderr= >2020-11-06T16:22:10Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:10Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:10Z DEBUG Starting external process >2020-11-06T16:22:10Z DEBUG args=['/bin/systemctl', 'disable', 'kadmin.service'] >2020-11-06T16:22:11Z DEBUG Process finished, return code=0 >2020-11-06T16:22:11Z DEBUG stdout= >2020-11-06T16:22:11Z DEBUG stderr= >2020-11-06T16:22:11Z DEBUG step duration: kadmin __enable 1.11 sec >2020-11-06T16:22:11Z DEBUG Done configuring kadmin. >2020-11-06T16:22:11Z DEBUG service duration: kadmin 1.79 sec >2020-11-06T16:22:11Z DEBUG Custodia client for '<CustodiaModes.FIRST_MASTER: 'Custodia on first master'>' with promotion no. >2020-11-06T16:22:11Z DEBUG Custodia uses LDAPI. >2020-11-06T16:22:11Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:11Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:22:11Z DEBUG Configuring ipa-custodia >2020-11-06T16:22:11Z DEBUG [1/5]: Making sure custodia container exists >2020-11-06T16:22:11Z DEBUG importing all plugin modules in ipaserver.plugins... >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.aci >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.automember >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.automount >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.baseldap >2020-11-06T16:22:11Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.baseuser >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.batch >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.ca >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.caacl >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.cert >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.certmap >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.certprofile >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.config >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.delegation >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.dns >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.dogtag >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.group >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.hbac >2020-11-06T16:22:11Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.hbactest >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.host >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.idrange >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.idviews >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.internal >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.join >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.location >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.migration >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.misc >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.netgroup >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.otp >2020-11-06T16:22:11Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.otptoken >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.passwd >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.permission >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.ping >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.pkinit >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.privilege >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.rabase >2020-11-06T16:22:11Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.role >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.schema >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.selfservice >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.server >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.serverrole >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.serverroles >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.service >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.session >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.stageuser >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.sudo >2020-11-06T16:22:11Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.sudorule >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.topology >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.trust >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.user >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.vault >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.virtual >2020-11-06T16:22:11Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.whoami >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2020-11-06T16:22:11Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.dns >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2020-11-06T16:22:11Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2020-11-06T16:22:12Z DEBUG Created connection context.ldap2_140498073400208 >2020-11-06T16:22:12Z DEBUG Destroyed connection context.ldap2_140498073400208 >2020-11-06T16:22:12Z DEBUG Created connection context.ldap2_140498073400208 >2020-11-06T16:22:12Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' >2020-11-06T16:22:12Z DEBUG flushing ldapi://%2Frun%2Fslapd-TEST-CO.socket from SchemaCache >2020-11-06T16:22:12Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-TEST-CO.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fc8421dd780> >2020-11-06T16:22:12Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=test,dc=co >2020-11-06T16:22:12Z DEBUG --------------------------------------------- >2020-11-06T16:22:12Z DEBUG Initial value >2020-11-06T16:22:12Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=test,dc=co >2020-11-06T16:22:12Z DEBUG objectClass: >2020-11-06T16:22:12Z DEBUG nsContainer >2020-11-06T16:22:12Z DEBUG top >2020-11-06T16:22:12Z DEBUG cn: >2020-11-06T16:22:12Z DEBUG custodia >2020-11-06T16:22:12Z DEBUG --------------------------------------------- >2020-11-06T16:22:12Z DEBUG Final value after applying updates >2020-11-06T16:22:12Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=test,dc=co >2020-11-06T16:22:12Z DEBUG objectClass: >2020-11-06T16:22:12Z DEBUG nsContainer >2020-11-06T16:22:12Z DEBUG top >2020-11-06T16:22:12Z DEBUG cn: >2020-11-06T16:22:12Z DEBUG custodia >2020-11-06T16:22:12Z DEBUG [] >2020-11-06T16:22:12Z DEBUG Updated 0 >2020-11-06T16:22:12Z DEBUG Done >2020-11-06T16:22:12Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,dc=co >2020-11-06T16:22:12Z DEBUG --------------------------------------------- >2020-11-06T16:22:12Z DEBUG Initial value >2020-11-06T16:22:12Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,dc=co >2020-11-06T16:22:12Z DEBUG objectClass: >2020-11-06T16:22:12Z DEBUG nsContainer >2020-11-06T16:22:12Z DEBUG top >2020-11-06T16:22:12Z DEBUG cn: >2020-11-06T16:22:12Z DEBUG dogtag >2020-11-06T16:22:12Z DEBUG --------------------------------------------- >2020-11-06T16:22:12Z DEBUG Final value after applying updates >2020-11-06T16:22:12Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,dc=co >2020-11-06T16:22:12Z DEBUG objectClass: >2020-11-06T16:22:12Z DEBUG nsContainer >2020-11-06T16:22:12Z DEBUG top >2020-11-06T16:22:12Z DEBUG cn: >2020-11-06T16:22:12Z DEBUG dogtag >2020-11-06T16:22:12Z DEBUG [] >2020-11-06T16:22:12Z DEBUG Updated 0 >2020-11-06T16:22:12Z DEBUG Done >2020-11-06T16:22:12Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.168 sec >2020-11-06T16:22:12Z DEBUG Destroyed connection context.ldap2_140498073400208 >2020-11-06T16:22:12Z DEBUG step duration: ipa-custodia __create_container 1.50 sec >2020-11-06T16:22:12Z DEBUG [2/5]: Generating ipa-custodia config file >2020-11-06T16:22:12Z DEBUG step duration: ipa-custodia __config_file 0.00 sec >2020-11-06T16:22:12Z DEBUG [3/5]: Generating ipa-custodia keys >2020-11-06T16:22:13Z DEBUG step duration: ipa-custodia __gen_keys 0.42 sec >2020-11-06T16:22:13Z DEBUG [4/5]: starting ipa-custodia >2020-11-06T16:22:13Z DEBUG Starting external process >2020-11-06T16:22:13Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] >2020-11-06T16:22:13Z DEBUG Process finished, return code=3 >2020-11-06T16:22:13Z DEBUG stdout=inactive > >2020-11-06T16:22:13Z DEBUG stderr= >2020-11-06T16:22:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:13Z DEBUG Starting external process >2020-11-06T16:22:13Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-custodia.service'] >2020-11-06T16:22:14Z DEBUG Process finished, return code=0 >2020-11-06T16:22:14Z DEBUG stdout= >2020-11-06T16:22:14Z DEBUG stderr= >2020-11-06T16:22:14Z DEBUG Starting external process >2020-11-06T16:22:14Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] >2020-11-06T16:22:14Z DEBUG Process finished, return code=0 >2020-11-06T16:22:14Z DEBUG stdout=active > >2020-11-06T16:22:14Z DEBUG stderr= >2020-11-06T16:22:14Z DEBUG Restart of ipa-custodia.service complete >2020-11-06T16:22:14Z DEBUG step duration: ipa-custodia __start 1.00 sec >2020-11-06T16:22:14Z DEBUG [5/5]: configuring ipa-custodia to start on boot >2020-11-06T16:22:14Z DEBUG Starting external process >2020-11-06T16:22:14Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service'] >2020-11-06T16:22:14Z DEBUG Process finished, return code=1 >2020-11-06T16:22:14Z DEBUG stdout=disabled > >2020-11-06T16:22:14Z DEBUG stderr= >2020-11-06T16:22:14Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:14Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:14Z DEBUG Starting external process >2020-11-06T16:22:14Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service'] >2020-11-06T16:22:15Z DEBUG Process finished, return code=0 >2020-11-06T16:22:15Z DEBUG stdout= >2020-11-06T16:22:15Z DEBUG stderr= >2020-11-06T16:22:15Z DEBUG step duration: ipa-custodia __enable 1.10 sec >2020-11-06T16:22:15Z DEBUG Done configuring ipa-custodia. >2020-11-06T16:22:15Z DEBUG service duration: ipa-custodia 4.03 sec >2020-11-06T16:22:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:22:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:22:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:22:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2020-11-06T16:22:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2020-11-06T16:22:15Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >2020-11-06T16:22:15Z DEBUG [1/30]: configuring certificate server instance >2020-11-06T16:22:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2020-11-06T16:22:15Z DEBUG Contents of pkispawn configuration file (/tmp/tmp4gq0n31d): >[CA] >pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert >pki_admin_cert_request_type = pkcs10 >pki_admin_dualkey = False >pki_admin_email = root@localhost >pki_admin_name = admin >pki_admin_nickname = ipa-ca-agent >pki_admin_password = XXXXXXXX >pki_admin_subject_dn = cn=ipa-ca-agent,O=TEST.CO >pki_admin_uid = admin >pki_ajp_secret = 5Zlo2Fq8tG5bu2uAg7TLs0s8S1GzlAXMpqt63kIVKcDA >pki_audit_group = pkiaudit >pki_audit_signing_key_algorithm = SHA256withRSA >pki_audit_signing_key_size = 2048 >pki_audit_signing_key_type = rsa >pki_audit_signing_nickname = auditSigningCert cert-pki-ca >pki_audit_signing_signing_algorithm = SHA256withRSA >pki_audit_signing_subject_dn = cn=CA Audit,O=TEST.CO >pki_audit_signing_token = internal >pki_backup_keys = True >pki_backup_password = XXXXXXXX >pki_ca_hostname = rhel8.test.co >pki_ca_port = 443 >pki_ca_signing_cert_path = /etc/pki/pki-tomcat/external_ca.cert >pki_ca_signing_csr_path = /root/ipa.csr >pki_ca_signing_key_algorithm = SHA256withRSA >pki_ca_signing_key_size = 3072 >pki_ca_signing_key_type = rsa >pki_ca_signing_nickname = caSigningCert cert-pki-ca >pki_ca_signing_record_create = True >pki_ca_signing_serial_number = 1 >pki_ca_signing_signing_algorithm = SHA256withRSA >pki_ca_signing_subject_dn = CN=Certificate Authority,O=TEST.CO >pki_ca_signing_token = internal >pki_ca_starting_crl_number = 0 >pki_cert_chain_nickname = caSigningCert External CA >pki_cert_chain_path = /etc/pki/pki-tomcat/external_ca_chain.cert >pki_client_admin_cert_p12 = /root/ca-agent.p12 >pki_client_database_password = >pki_client_database_purge = True >pki_client_dir = /root/.dogtag/pki-tomcat >pki_client_pkcs12_password = XXXXXXXX >pki_configuration_path = /etc/pki >pki_default_ocsp_uri = http://ipa-ca.test.co/ca/ocsp >pki_dns_domainname = test.co >pki_ds_base_dn = o=ipaca >pki_ds_bind_dn = cn=Directory Manager >pki_ds_database = ipaca >pki_ds_hostname = rhel8.test.co >pki_ds_ldap_port = 389 >pki_ds_ldaps_port = 636 >pki_ds_password = XXXXXXXX >pki_ds_remove_data = True >pki_ds_secure_connection = False >pki_ds_secure_connection_ca_nickname = Directory Server CA certificate >pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt >pki_enable_proxy = True >pki_existing = False >pki_external = False >pki_external_pkcs12_password = >pki_external_pkcs12_path = >pki_external_step_two = False >pki_group = pkiuser >pki_hostname = rhel8.test.co >pki_hsm_enable = False >pki_hsm_libfile = >pki_hsm_modulename = >pki_import_admin_cert = False >pki_instance_configuration_path = /etc/pki/pki-tomcat >pki_instance_name = pki-tomcat >pki_issuing_ca = https://rhel8.test.co:443 >pki_issuing_ca_hostname = rhel8.test.co >pki_issuing_ca_https_port = 443 >pki_issuing_ca_uri = https://rhel8.test.co:443 >pki_master_crl_enable = True >pki_ocsp_signing_key_algorithm = SHA256withRSA >pki_ocsp_signing_key_size = 2048 >pki_ocsp_signing_key_type = rsa >pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >pki_ocsp_signing_signing_algorithm = SHA256withRSA >pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=TEST.CO >pki_ocsp_signing_token = internal >pki_pkcs12_password = >pki_pkcs12_path = >pki_profiles_in_ldap = True >pki_random_serial_numbers_enable = False >pki_replica_number_range_end = 100 >pki_replica_number_range_start = 1 >pki_replication_password = >pki_request_number_range_end = 10000000 >pki_request_number_range_start = 1 >pki_restart_configured_instance = False >pki_san_for_server_cert = >pki_san_inject = False >pki_security_domain_hostname = rhel8.test.co >pki_security_domain_https_port = 443 >pki_security_domain_name = IPA >pki_security_domain_password = XXXXXXXX >pki_security_domain_user = admin >pki_self_signed_token = internal >pki_serial_number_range_end = 10000000 >pki_serial_number_range_start = 1 >pki_server_database_password = XXXXXXXX >pki_share_db = False >pki_skip_configuration = False >pki_skip_ds_verify = False >pki_skip_installation = False >pki_skip_sd_verify = False >pki_ssl_server_token = internal >pki_sslserver_key_algorithm = SHA256withRSA >pki_sslserver_key_size = 2048 >pki_sslserver_key_type = rsa >pki_sslserver_nickname = Server-Cert cert-pki-ca >pki_sslserver_subject_dn = cn=rhel8.test.co,O=TEST.CO >pki_sslserver_token = internal >pki_status_request_timeout = 15 >pki_subordinate = False >pki_subordinate_create_new_security_domain = False >pki_subsystem = CA >pki_subsystem_key_algorithm = SHA256withRSA >pki_subsystem_key_size = 2048 >pki_subsystem_key_type = rsa >pki_subsystem_nickname = subsystemCert cert-pki-ca >pki_subsystem_subject_dn = cn=CA Subsystem,O=TEST.CO >pki_subsystem_token = internal >pki_subsystem_type = ca >pki_theme_enable = True >pki_theme_server_dir = /usr/share/pki/common-ui >pki_token_name = internal >pki_user = pkiuser > > >2020-11-06T16:22:15Z DEBUG Starting external process >2020-11-06T16:22:15Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp4gq0n31d', '--debug'] >2020-11-06T16:22:21Z DEBUG Process finished, return code=1 >2020-11-06T16:22:21Z DEBUG stdout=Loading deployment configuration from /tmp/tmp4gq0n31d. >WARNING: The 'pki_ssl_server_token' in [CA] has been deprecated. Use 'pki_sslserver_token' instead. >Installation log: /var/log/pki/pki-ca-spawn.20201106112216.log >Installing CA into /var/lib/pki/pki-tomcat. > >Installation failed: Command failed: sudo -u pkiuser /usr/lib/jvm/jre-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug > >Please check pkispawn logs in /var/log/pki/pki-ca-spawn.20201106112216.log > >2020-11-06T16:22:21Z DEBUG stderr=INFO: Connecting to LDAP server at ldap://rhel8.test.co:389 >INFO: Connecting to LDAP server at ldap://rhel8.test.co:389 >DEBUG: Installing Maven dependencies: False >INFO: BEGIN spawning CA subsystem in pki-tomcat instance >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Setting up pkiuser group >INFO: Reusing existing pkiuser group with GID 17 >INFO: Setting up pkiuser user >INFO: Reusing existing pkiuser user with UID 17 >DEBUG: Retrieving UID for 'pkiuser' >DEBUG: UID of 'pkiuser' is 17 >DEBUG: Retrieving GID for 'pkiuser' >DEBUG: GID of 'pkiuser' is 17 >INFO: Initialization >INFO: Setting up infrastructure >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat >DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat >DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat >DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca >DEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca >DEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca >DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg >DEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg >DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg >DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg >DEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >DEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >DEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg >INFO: Creating /var/lib/pki/pki-tomcat >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat >INFO: Creating /var/lib/pki/pki-tomcat/ca >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca >INFO: Preparing pki-tomcat instance >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Creating /etc/pki/pki-tomcat >DEBUG: Command: mkdir /etc/pki/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat/password.conf >INFO: Using specified server NSS database password >INFO: Using specified internal database password >INFO: Generating random replication manager password >INFO: Creating /var/log/pki/pki-tomcat >DEBUG: Command: mkdir -p /var/log/pki/pki-tomcat >DEBUG: Command: chmod 770 /var/log/pki/pki-tomcat >DEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat/tomcat.conf >DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf >INFO: Creating /etc/pki/pki-tomcat/server.xml >DEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml >INFO: Creating /etc/pki/pki-tomcat/catalina.properties >DEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties >INFO: Creating /etc/pki/pki-tomcat/ciphers.info >DEBUG: Command: ln -s /usr/share/pki/server/conf/ciphers.info /etc/pki/pki-tomcat/ciphers.info >INFO: Creating /etc/pki/pki-tomcat/context.xml >DEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml >INFO: Creating /etc/pki/pki-tomcat/logging.properties >DEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties >INFO: Creating /etc/sysconfig/pki-tomcat >DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat >INFO: Creating /etc/pki/pki-tomcat/tomcat.conf >DEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf >INFO: Creating /etc/pki/pki-tomcat/web.xml >DEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml >INFO: Creating /etc/pki/pki-tomcat/Catalina >DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost >DEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost >INFO: Deploying ROOT web application >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml >INFO: Deploying /pki web application >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml >INFO: Creating /var/lib/pki/pki-tomcat/lib >DEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib >INFO: Creating /var/lib/pki/pki-tomcat/common >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common >INFO: Creating /var/lib/pki/pki-tomcat/common/lib >DEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib >INFO: Creating /var/lib/pki/pki-tomcat/temp >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp >INFO: Creating /var/lib/pki/pki-tomcat/work >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_ >INFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca >INFO: Creating /var/lib/pki/pki-tomcat/bin >DEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin >DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin >INFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat >DEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat >DEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat >DEBUG: Command: systemctl daemon-reload >INFO: Creating /var/lib/pki/pki-tomcat/conf >DEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf >DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf >INFO: Creating /var/lib/pki/pki-tomcat/logs >DEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs >DEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs >INFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service >DEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service >DEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service >INFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >DEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >INFO: Creating CA subsystem >INFO: Creating /var/log/pki/pki-tomcat/ca >DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca >INFO: Creating /var/log/pki/pki-tomcat/ca/archive >DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive >INFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit >DEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit >INFO: Creating /etc/pki/pki-tomcat/ca >DEBUG: Command: mkdir /etc/pki/pki-tomcat/ca >INFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg >DEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg >INFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg >DEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg >INFO: Creating /var/lib/pki/pki-tomcat/ca/emails >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails >DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob >DEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA >DEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA >DEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html >DEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html >DEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html >DEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA >DEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html >DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html >DEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html >DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt >DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt >DEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt >INFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles >DEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg >DEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg >INFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt >DEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt >INFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile >DEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile >INFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf >DEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf >INFO: Creating /var/lib/pki/pki-tomcat/ca/conf >DEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf >INFO: Creating /var/lib/pki/pki-tomcat/ca/logs >DEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs >INFO: Creating /var/lib/pki/pki-tomcat/ca/registry >DEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >INFO: - user: pkiuser >INFO: - group: pkiuser >INFO: Getting signing cert info from CS.cfg >INFO: Getting ocsp_signing cert info from CS.cfg >INFO: Getting sslserver cert info from CS.cfg >INFO: Getting subsystem cert info from CS.cfg >INFO: Getting audit_signing cert info from CS.cfg >INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Deploying /ca web application >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >INFO: - user: pkiuser >INFO: - group: pkiuser >INFO: Creating /var/lib/pki/pki-tomcat/ca/webapps >DEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps >DEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps >DEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps >INFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps >INFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >INFO: - user: pkiuser >INFO: - group: pkiuser >INFO: Creating password file: /etc/pki/pki-tomcat/pfile >INFO: Updating /etc/pki/pki-tomcat/password.conf >DEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf >DEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf >INFO: Creating /etc/pki/pki-tomcat/alias >DEBUG: Command: mkdir /etc/pki/pki-tomcat/alias >INFO: Creating NSS database: /etc/pki/pki-tomcat/alias >DEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile >DEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias >DEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias >INFO: Removing /etc/pki/pki-tomcat/pfile >DEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile >INFO: Getting signing cert info from CS.cfg >INFO: Getting ocsp_signing cert info from CS.cfg >INFO: Getting sslserver cert info from CS.cfg >INFO: Getting subsystem cert info from CS.cfg >INFO: Getting audit_signing cert info from CS.cfg >INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Creating /root/.dogtag/pki-tomcat/ca >DEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca >DEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca >DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca >INFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf >INFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf >DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf >DEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf >INFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >INFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >DEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >DEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf >DEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias >DEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf >INFO: Creating SELinux contexts >INFO: Generating system keys >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >INFO: - user: pkiuser >INFO: - group: pkiuser >INFO: Configuring subsystem >INFO: Loading instance: pki-tomcat >INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf >INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf >INFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf >INFO: Loading password config: /etc/pki/pki-tomcat/password.conf >INFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat >INFO: - user: pkiuser >INFO: - group: pkiuser >INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Checking existing SSL server cert: Server-Cert cert-pki-ca >DEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmplwmpsk0i/password.txt -n Server-Cert cert-pki-ca -a >INFO: Creating temp SSL server cert for rhel8.test.co >DEBUG: Command: openssl rand -out /tmp/tmpqw116fpz/noise 2048 >DEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpqw116fpz/noise -f /tmp/tmpqw116fpz/password.txt -s cn=rhel8.test.co,o=2020-11-06 11:22:16 -o /tmp/tmpqw116fpz/request.bin >DEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmphu5ffg7s/password.txt -a -i /tmp/tmpriz3bf5h/sslserver.csr -o /tmp/tmpriz3bf5h/sslserver.crt -m 0 -v 12 >DEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmphu5ffg7s/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpriz3bf5h/sslserver.crt -t CTu,CTu,CTu >Notice: Trust flag u is set automatically if the private key is present. >INFO: Creating new security domain >INFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >INFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg >INFO: Removing existing database >DEBUG: Command: sudo -u pkiuser /usr/lib/jvm/jre-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug >Error: Could not find or load main class org.dogtagpki.server.cli.PKIServerCLI >ERROR: CalledProcessError: Command '['sudo', '-u', 'pkiuser', '/usr/lib/jvm/jre-openjdk/bin/java', '-classpath', '/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*', '-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory', '-Dcatalina.base=/var/lib/pki/pki-tomcat', '-Dcatalina.home=/usr/share/tomcat', '-Djava.endorsed.dirs=', '-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp', '-Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties', '-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager', '-Dcom.redhat.fips=false', 'org.dogtagpki.server.cli.PKIServerCLI', 'ca-db-remove', '--force', '--debug']' returned non-zero exit status 1. > File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in main > scriptlet.spawn(deployer) > File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 820, in spawn > subsystem.remove_database(force=True) > File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 945, in remove_database > self.run(cmd, as_current_user=as_current_user) > File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1137, in run > subprocess.run(cmd, check=True) > File "/usr/lib64/python3.6/subprocess.py", line 438, in run > output=stdout, stderr=stderr) > > >2020-11-06T16:22:21Z CRITICAL Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp4gq0n31d', '--debug'] returned non-zero exit status 1: 'INFO: Connecting to LDAP server at ldap://rhel8.test.co:389\nINFO: Connecting to LDAP server at ldap://rhel8.test.co:389\nDEBUG: Installing Maven dependencies: False\nINFO: BEGIN spawning CA subsystem in pki-tomcat instance\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Setting up pkiuser group\nINFO: Reusing existing pkiuser group with GID 17\nINFO: Setting up pkiuser user\nINFO: Reusing existing pkiuser user with UID 17\nDEBUG: Retrieving UID for \'pkiuser\'\nDEBUG: UID of \'pkiuser\' is 17\nDEBUG: Retrieving GID for \'pkiuser\'\nDEBUG: GID of \'pkiuser\' is 17\nINFO: Initialization\nINFO: Setting up infrastructure\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\nINFO: Creating /var/lib/pki/pki-tomcat\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat\nINFO: Creating /var/lib/pki/pki-tomcat/ca\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca\nINFO: Preparing pki-tomcat instance\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Creating /etc/pki/pki-tomcat\nDEBUG: Command: mkdir /etc/pki/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/password.conf\nINFO: Using specified server NSS database password\nINFO: Using specified internal database password\nINFO: Generating random replication manager password\nINFO: Creating /var/log/pki/pki-tomcat\nDEBUG: Command: mkdir -p /var/log/pki/pki-tomcat\nDEBUG: Command: chmod 770 /var/log/pki/pki-tomcat\nDEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\nINFO: Creating /etc/pki/pki-tomcat/server.xml\nDEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml\nINFO: Creating /etc/pki/pki-tomcat/catalina.properties\nDEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties\nINFO: Creating /etc/pki/pki-tomcat/ciphers.info\nDEBUG: Command: ln -s /usr/share/pki/server/conf/ciphers.info /etc/pki/pki-tomcat/ciphers.info\nINFO: Creating /etc/pki/pki-tomcat/context.xml\nDEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml\nINFO: Creating /etc/pki/pki-tomcat/logging.properties\nDEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties\nINFO: Creating /etc/sysconfig/pki-tomcat\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\nINFO: Creating /etc/pki/pki-tomcat/web.xml\nDEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml\nINFO: Creating /etc/pki/pki-tomcat/Catalina\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost\nINFO: Deploying ROOT web application\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml\nINFO: Deploying /pki web application\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml\nINFO: Creating /var/lib/pki/pki-tomcat/lib\nDEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib\nINFO: Creating /var/lib/pki/pki-tomcat/common\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common\nINFO: Creating /var/lib/pki/pki-tomcat/common/lib\nDEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib\nINFO: Creating /var/lib/pki/pki-tomcat/temp\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp\nINFO: Creating /var/lib/pki/pki-tomcat/work\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nINFO: Creating /var/lib/pki/pki-tomcat/bin\nDEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin\nINFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat\nDEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat\nDEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat\nDEBUG: Command: systemctl daemon-reload\nINFO: Creating /var/lib/pki/pki-tomcat/conf\nDEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf\nINFO: Creating /var/lib/pki/pki-tomcat/logs\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs\nINFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\nDEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\nDEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nDEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: Creating CA subsystem\nINFO: Creating /var/log/pki/pki-tomcat/ca\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca\nINFO: Creating /var/log/pki/pki-tomcat/ca/archive\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive\nINFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit\nINFO: Creating /etc/pki/pki-tomcat/ca\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/ca\nINFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg\nDEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg\nINFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg\nDEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg\nINFO: Creating /var/lib/pki/pki-tomcat/ca/emails\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt\nINFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg\nINFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt\nDEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt\nINFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf\nDEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf\nINFO: Creating /var/lib/pki/pki-tomcat/ca/conf\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf\nINFO: Creating /var/lib/pki/pki-tomcat/ca/logs\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs\nINFO: Creating /var/lib/pki/pki-tomcat/ca/registry\nDEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Getting signing cert info from CS.cfg\nINFO: Getting ocsp_signing cert info from CS.cfg\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Deploying /ca web application\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating /var/lib/pki/pki-tomcat/ca/webapps\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps\nINFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating password file: /etc/pki/pki-tomcat/pfile\nINFO: Updating /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf\nINFO: Creating /etc/pki/pki-tomcat/alias\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/alias\nINFO: Creating NSS database: /etc/pki/pki-tomcat/alias\nDEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias\nDEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias\nINFO: Removing /etc/pki/pki-tomcat/pfile\nDEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile\nINFO: Getting signing cert info from CS.cfg\nINFO: Getting ocsp_signing cert info from CS.cfg\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Creating /root/.dogtag/pki-tomcat/ca\nDEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca\nDEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca\nINFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf\nINFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf\nINFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nINFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nDEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nDEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias\nDEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf\nINFO: Creating SELinux contexts\nINFO: Generating system keys\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Configuring subsystem\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Checking existing SSL server cert: Server-Cert cert-pki-ca\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmplwmpsk0i/password.txt -n Server-Cert cert-pki-ca -a\nINFO: Creating temp SSL server cert for rhel8.test.co\nDEBUG: Command: openssl rand -out /tmp/tmpqw116fpz/noise 2048\nDEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpqw116fpz/noise -f /tmp/tmpqw116fpz/password.txt -s cn=rhel8.test.co,o=2020-11-06 11:22:16 -o /tmp/tmpqw116fpz/request.bin\nDEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmphu5ffg7s/password.txt -a -i /tmp/tmpriz3bf5h/sslserver.csr -o /tmp/tmpriz3bf5h/sslserver.crt -m 0 -v 12\nDEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmphu5ffg7s/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpriz3bf5h/sslserver.crt -t CTu,CTu,CTu\nNotice: Trust flag u is set automatically if the private key is present.\nINFO: Creating new security domain\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Removing existing database\nDEBUG: Command: sudo -u pkiuser /usr/lib/jvm/jre-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug\nError: Could not find or load main class org.dogtagpki.server.cli.PKIServerCLI\nERROR: CalledProcessError: Command \'[\'sudo\', \'-u\', \'pkiuser\', \'/usr/lib/jvm/jre-openjdk/bin/java\', \'-classpath\', \'/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*\', \'-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory\', \'-Dcatalina.base=/var/lib/pki/pki-tomcat\', \'-Dcatalina.home=/usr/share/tomcat\', \'-Djava.endorsed.dirs=\', \'-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp\', \'-Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties\', \'-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager\', \'-Dcom.redhat.fips=false\', \'org.dogtagpki.server.cli.PKIServerCLI\', \'ca-db-remove\', \'--force\', \'--debug\']\' returned non-zero exit status 1.\n File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in main\n scriptlet.spawn(deployer)\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 820, in spawn\n subsystem.remove_database(force=True)\n File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 945, in remove_database\n self.run(cmd, as_current_user=as_current_user)\n File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1137, in run\n subprocess.run(cmd, check=True)\n File "/usr/lib64/python3.6/subprocess.py", line 438, in run\n output=stdout, stderr=stderr)\n\n') >2020-11-06T16:22:21Z CRITICAL See the installation logs and the following files/directories for more information: >2020-11-06T16:22:21Z CRITICAL /var/log/pki/pki-tomcat >2020-11-06T16:22:21Z DEBUG Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 195, in spawn_instance > ipautil.run(args, nolog=nolog_list) > File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 598, in run > p.returncode, arg_string, output_log, error_log >ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp4gq0n31d', '--debug'] returned non-zero exit status 1: 'INFO: Connecting to LDAP server at ldap://rhel8.test.co:389\nINFO: Connecting to LDAP server at ldap://rhel8.test.co:389\nDEBUG: Installing Maven dependencies: False\nINFO: BEGIN spawning CA subsystem in pki-tomcat instance\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Setting up pkiuser group\nINFO: Reusing existing pkiuser group with GID 17\nINFO: Setting up pkiuser user\nINFO: Reusing existing pkiuser user with UID 17\nDEBUG: Retrieving UID for \'pkiuser\'\nDEBUG: UID of \'pkiuser\' is 17\nDEBUG: Retrieving GID for \'pkiuser\'\nDEBUG: GID of \'pkiuser\' is 17\nINFO: Initialization\nINFO: Setting up infrastructure\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nDEBUG: Command: mkdir -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nDEBUG: Command: chmod 770 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: cp -p /usr/share/pki/server/etc/default.cfg /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/default.cfg\nDEBUG: Command: touch /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\nDEBUG: Command: chmod 660 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\nDEBUG: Command: chown 17:17 /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg\nINFO: Creating /var/lib/pki/pki-tomcat\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat\nINFO: Creating /var/lib/pki/pki-tomcat/ca\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca\nINFO: Preparing pki-tomcat instance\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Creating /etc/pki/pki-tomcat\nDEBUG: Command: mkdir /etc/pki/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/password.conf\nINFO: Using specified server NSS database password\nINFO: Using specified internal database password\nINFO: Generating random replication manager password\nINFO: Creating /var/log/pki/pki-tomcat\nDEBUG: Command: mkdir -p /var/log/pki/pki-tomcat\nDEBUG: Command: chmod 770 /var/log/pki/pki-tomcat\nDEBUG: Command: chown 17:17 /var/log/pki/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\nINFO: Creating /etc/pki/pki-tomcat/server.xml\nDEBUG: Command: cp /usr/share/pki/server/conf/server.xml /etc/pki/pki-tomcat/server.xml\nINFO: Creating /etc/pki/pki-tomcat/catalina.properties\nDEBUG: Command: ln -s /usr/share/pki/server/conf/catalina.properties /etc/pki/pki-tomcat/catalina.properties\nINFO: Creating /etc/pki/pki-tomcat/ciphers.info\nDEBUG: Command: ln -s /usr/share/pki/server/conf/ciphers.info /etc/pki/pki-tomcat/ciphers.info\nINFO: Creating /etc/pki/pki-tomcat/context.xml\nDEBUG: Command: ln -s /etc/tomcat/context.xml /etc/pki/pki-tomcat/context.xml\nINFO: Creating /etc/pki/pki-tomcat/logging.properties\nDEBUG: Command: ln -s /usr/share/pki/server/conf/logging.properties /etc/pki/pki-tomcat/logging.properties\nINFO: Creating /etc/sysconfig/pki-tomcat\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/sysconfig/pki-tomcat\nINFO: Creating /etc/pki/pki-tomcat/tomcat.conf\nDEBUG: Command: cp /usr/share/pki/server/conf/tomcat.conf /etc/pki/pki-tomcat/tomcat.conf\nINFO: Creating /etc/pki/pki-tomcat/web.xml\nDEBUG: Command: ln -s /etc/tomcat/web.xml /etc/pki/pki-tomcat/web.xml\nINFO: Creating /etc/pki/pki-tomcat/Catalina\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/Catalina/localhost\nINFO: Deploying ROOT web application\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml\nINFO: Deploying /pki web application\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/pki.xml\nINFO: Creating /var/lib/pki/pki-tomcat/lib\nDEBUG: Command: ln -s /usr/share/pki/server/lib /var/lib/pki/pki-tomcat/lib\nINFO: Creating /var/lib/pki/pki-tomcat/common\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/common\nINFO: Creating /var/lib/pki/pki-tomcat/common/lib\nDEBUG: Command: ln -s /usr/share/pki/server/common/lib /var/lib/pki/pki-tomcat/common/lib\nINFO: Creating /var/lib/pki/pki-tomcat/temp\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/temp\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/temp\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/temp\nINFO: Creating /var/lib/pki/pki-tomcat/work\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/_\nINFO: Creating /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/work/Catalina/localhost/ca\nINFO: Creating /var/lib/pki/pki-tomcat/bin\nDEBUG: Command: ln -s /usr/share/tomcat/bin /var/lib/pki/pki-tomcat/bin\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/bin\nINFO: Creating /var/lib/pki/pki-tomcat/pki-tomcat\nDEBUG: Command: ln -s /usr/sbin/tomcat /var/lib/pki/pki-tomcat/pki-tomcat\nDEBUG: Command: chown -h 0:0 /var/lib/pki/pki-tomcat/pki-tomcat\nDEBUG: Command: systemctl daemon-reload\nINFO: Creating /var/lib/pki/pki-tomcat/conf\nDEBUG: Command: ln -s /etc/pki/pki-tomcat /var/lib/pki/pki-tomcat/conf\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/conf\nINFO: Creating /var/lib/pki/pki-tomcat/logs\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat /var/lib/pki/pki-tomcat/logs\nDEBUG: Command: chown -h 17:17 /var/lib/pki/pki-tomcat/logs\nINFO: Creating /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\nDEBUG: Command: ln -s /lib/systemd/system/pki-tomcatd@.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\nDEBUG: Command: chown -h 17:17 /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service\nINFO: Creating /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nDEBUG: Command: cp /usr/share/pki/setup/pkidaemon_registry /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: Creating CA subsystem\nINFO: Creating /var/log/pki/pki-tomcat/ca\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca\nINFO: Creating /var/log/pki/pki-tomcat/ca/archive\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/archive\nINFO: Creating /var/log/pki/pki-tomcat/ca/signedAudit\nDEBUG: Command: mkdir /var/log/pki/pki-tomcat/ca/signedAudit\nINFO: Creating /etc/pki/pki-tomcat/ca\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/ca\nINFO: Creating /etc/pki/pki-tomcat/ca/CS.cfg\nDEBUG: Command: cp /usr/share/pki/ca/conf/CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg\nINFO: Creating /etc/pki/pki-tomcat/ca/registry.cfg\nDEBUG: Command: cp /usr/share/pki/ca/conf/registry.cfg /etc/pki/pki-tomcat/ca/registry.cfg\nINFO: Creating /var/lib/pki/pki-tomcat/ca/emails\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/emails\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJob /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJob\nDEBUG: Command: cp /usr/share/pki/ca/emails/ExpiredUnpublishJobItem /var/lib/pki/pki-tomcat/ca/emails/ExpiredUnpublishJobItem\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_CA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certIssued_RA.html /var/lib/pki/pki-tomcat/ca/emails/certIssued_RA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRequestRejected.html /var/lib/pki/pki-tomcat/ca/emails/certRequestRejected.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_CA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA\nDEBUG: Command: cp /usr/share/pki/ca/emails/certRevoked_RA.html /var/lib/pki/pki-tomcat/ca/emails/certRevoked_RA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1.html /var/lib/pki/pki-tomcat/ca/emails/euJob1.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/euJob1Item.html /var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCerts.html /var/lib/pki/pki-tomcat/ca/emails/publishCerts.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/publishCertsItem.html /var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_CA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA\nDEBUG: Command: cp /usr/share/pki/ca/emails/reqInQueue_RA.html /var/lib/pki/pki-tomcat/ca/emails/reqInQueue_RA.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Item.html /var/lib/pki/pki-tomcat/ca/emails/riq1Item.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/riq1Summary.html /var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Item.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt\nDEBUG: Command: cp /usr/share/pki/ca/emails/rnJob1Summary.txt /var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt\nINFO: Creating /var/lib/pki/pki-tomcat/ca/profiles/ca\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles\nDEBUG: Command: mkdir /var/lib/pki/pki-tomcat/ca/profiles/ca\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/AdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caManualRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/DomainController.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/ECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/ECAdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/acmeServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/acmeServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caOtherCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECserverCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRARouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCECsubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAagentCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCauditSigningCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCcaCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRAserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraStorageCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caRouterCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCkraTransportCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCocspCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCserverCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCsubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCertWithSCT.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAdminCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECAgentServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirPinUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECDualCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserSignedCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECFullCMCUserSignedCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caStorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECServerCertWithSCT.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECServerCertWithSCT.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSimpleCMCUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTPSCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caEncUserCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInstallCACert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTransportCert.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg\nDEBUG: Command: cp /usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg /var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg\nINFO: Creating /etc/pki/pki-tomcat/ca/flatfile.txt\nDEBUG: Command: cp /usr/share/pki/ca/conf/flatfile.txt /etc/pki/pki-tomcat/ca/flatfile.txt\nINFO: Creating /etc/pki/pki-tomcat/ca/adminCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaAdminCert.profile /etc/pki/pki-tomcat/ca/adminCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/caAuditSigningCert.profile /etc/pki/pki-tomcat/ca/caAuditSigningCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/caCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/caCert.profile /etc/pki/pki-tomcat/ca/caCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/caOCSPCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/caOCSPCert.profile /etc/pki/pki-tomcat/ca/caOCSPCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/serverCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaServerCert.profile /etc/pki/pki-tomcat/ca/serverCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/subsystemCert.profile\nDEBUG: Command: cp /usr/share/pki/ca/conf/rsaSubsystemCert.profile /etc/pki/pki-tomcat/ca/subsystemCert.profile\nINFO: Creating /etc/pki/pki-tomcat/ca/proxy.conf\nDEBUG: Command: cp /usr/share/pki/ca/conf/proxy.conf /etc/pki/pki-tomcat/ca/proxy.conf\nINFO: Creating /var/lib/pki/pki-tomcat/ca/conf\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/conf\nINFO: Creating /var/lib/pki/pki-tomcat/ca/logs\nDEBUG: Command: ln -s /var/log/pki/pki-tomcat/ca /var/lib/pki/pki-tomcat/ca/logs\nINFO: Creating /var/lib/pki/pki-tomcat/ca/registry\nDEBUG: Command: ln -s /etc/sysconfig/pki/tomcat/pki-tomcat /var/lib/pki/pki-tomcat/ca/registry\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Getting signing cert info from CS.cfg\nINFO: Getting ocsp_signing cert info from CS.cfg\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Deploying /ca web application\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating /var/lib/pki/pki-tomcat/ca/webapps\nDEBUG: Command: mkdir -p /var/lib/pki/pki-tomcat/ca/webapps\nDEBUG: Command: chmod 770 /var/lib/pki/pki-tomcat/ca/webapps\nDEBUG: Command: chown 17:17 /var/lib/pki/pki-tomcat/ca/webapps\nINFO: Setting up ownerships, permissions, and ACLs on /var/lib/pki/pki-tomcat/ca/webapps\nINFO: Creating /etc/pki/pki-tomcat/Catalina/localhost/ca.xml\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Creating password file: /etc/pki/pki-tomcat/pfile\nINFO: Updating /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chmod 660 /etc/pki/pki-tomcat/password.conf\nDEBUG: Command: chown 17:17 /etc/pki/pki-tomcat/password.conf\nINFO: Creating /etc/pki/pki-tomcat/alias\nDEBUG: Command: mkdir /etc/pki/pki-tomcat/alias\nINFO: Creating NSS database: /etc/pki/pki-tomcat/alias\nDEBUG: Command: certutil -N -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/pfile\nDEBUG: Command: ln -s /etc/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/alias\nDEBUG: Command: ln -s /var/lib/pki/pki-tomcat/alias /var/lib/pki/pki-tomcat/ca/alias\nINFO: Removing /etc/pki/pki-tomcat/pfile\nDEBUG: Command: rm -f /etc/pki/pki-tomcat/pfile\nINFO: Getting signing cert info from CS.cfg\nINFO: Getting ocsp_signing cert info from CS.cfg\nINFO: Getting sslserver cert info from CS.cfg\nINFO: Getting subsystem cert info from CS.cfg\nINFO: Getting audit_signing cert info from CS.cfg\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Creating /root/.dogtag/pki-tomcat/ca\nDEBUG: Command: mkdir -p /root/.dogtag/pki-tomcat/ca\nDEBUG: Command: chmod 755 /root/.dogtag/pki-tomcat/ca\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca\nINFO: Creating password file: /root/.dogtag/pki-tomcat/ca/password.conf\nINFO: Updating /root/.dogtag/pki-tomcat/ca/password.conf\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/password.conf\nDEBUG: Command: chown 0:0 /root/.dogtag/pki-tomcat/ca/password.conf\nINFO: Storing PKCS #12 password in /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nINFO: Updating /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nDEBUG: Command: chmod 660 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nDEBUG: Command: chown 17:17 /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf\nDEBUG: Command: mkdir /root/.dogtag/pki-tomcat/ca/alias\nDEBUG: Command: certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf\nINFO: Creating SELinux contexts\nINFO: Generating system keys\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Configuring subsystem\nINFO: Loading instance: pki-tomcat\nINFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf\nINFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf\nINFO: Loading instance Tomcat config: /etc/pki/pki-tomcat/tomcat.conf\nINFO: Loading password config: /etc/pki/pki-tomcat/password.conf\nINFO: Loading subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Loading subsystem registry: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Loading instance registry: /etc/sysconfig/pki/tomcat/pki-tomcat/pki-tomcat\nINFO: - user: pkiuser\nINFO: - group: pkiuser\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Checking existing SSL server cert: Server-Cert cert-pki-ca\nDEBUG: Command: certutil -L -d /etc/pki/pki-tomcat/alias -f /tmp/tmplwmpsk0i/password.txt -n Server-Cert cert-pki-ca -a\nINFO: Creating temp SSL server cert for rhel8.test.co\nDEBUG: Command: openssl rand -out /tmp/tmpqw116fpz/noise 2048\nDEBUG: Command: certutil -R -d /etc/pki/pki-tomcat/alias -k rsa -g 2048 -z /tmp/tmpqw116fpz/noise -f /tmp/tmpqw116fpz/password.txt -s cn=rhel8.test.co,o=2020-11-06 11:22:16 -o /tmp/tmpqw116fpz/request.bin\nDEBUG: Command: certutil -C -d /etc/pki/pki-tomcat/alias -x -f /tmp/tmphu5ffg7s/password.txt -a -i /tmp/tmpriz3bf5h/sslserver.csr -o /tmp/tmpriz3bf5h/sslserver.crt -m 0 -v 12\nDEBUG: Command: certutil -A -d /etc/pki/pki-tomcat/alias -f /tmp/tmphu5ffg7s/internal_password.txt -n Server-Cert cert-pki-ca -a -i /tmp/tmpriz3bf5h/sslserver.crt -t CTu,CTu,CTu\nNotice: Trust flag u is set automatically if the private key is present.\nINFO: Creating new security domain\nINFO: Storing subsystem config: /var/lib/pki/pki-tomcat/ca/conf/CS.cfg\nINFO: Storing registry config: /var/lib/pki/pki-tomcat/ca/conf/registry.cfg\nINFO: Removing existing database\nDEBUG: Command: sudo -u pkiuser /usr/lib/jvm/jre-openjdk/bin/java -classpath /usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/* -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.redhat.fips=false org.dogtagpki.server.cli.PKIServerCLI ca-db-remove --force --debug\nError: Could not find or load main class org.dogtagpki.server.cli.PKIServerCLI\nERROR: CalledProcessError: Command \'[\'sudo\', \'-u\', \'pkiuser\', \'/usr/lib/jvm/jre-openjdk/bin/java\', \'-classpath\', \'/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/tomcat-servlet-api.jar:/usr/share/pki/ca/webapps/ca/WEB-INF/lib/*:/var/lib/pki/pki-tomcat/common/lib/*:/usr/share/pki/lib/*\', \'-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory\', \'-Dcatalina.base=/var/lib/pki/pki-tomcat\', \'-Dcatalina.home=/usr/share/tomcat\', \'-Djava.endorsed.dirs=\', \'-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp\', \'-Djava.util.logging.config.file=/etc/pki/pki-tomcat/logging.properties\', \'-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager\', \'-Dcom.redhat.fips=false\', \'org.dogtagpki.server.cli.PKIServerCLI\', \'ca-db-remove\', \'--force\', \'--debug\']\' returned non-zero exit status 1.\n File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 575, in main\n scriptlet.spawn(deployer)\n File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 820, in spawn\n subsystem.remove_database(force=True)\n File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 945, in remove_database\n self.run(cmd, as_current_user=as_current_user)\n File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 1137, in run\n subprocess.run(cmd, check=True)\n File "/usr/lib64/python3.6/subprocess.py", line 438, in run\n output=stdout, stderr=stderr)\n\n') > >During handling of the above exception, another exception occurred: > >Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 603, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 589, in run_step > method() > File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 605, in __spawn_instance > nolog_list=nolog_list > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 197, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 520, in handle_setup_error > raise RuntimeError("%s configuration failed." % self.subsystem) >RuntimeError: CA configuration failed. > >2020-11-06T16:22:21Z DEBUG [error] RuntimeError: CA configuration failed. >2020-11-06T16:22:21Z DEBUG Removing /root/.dogtag/pki-tomcat/ca >2020-11-06T16:22:21Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in execute > return_value = self.run() > File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 340, in run > return cfgr.run() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360, in run > return self.execute() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386, in execute > for rval in self._executor(): > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner > step() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655, in _configure > next(executor) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421, in __runner > step() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65, in _install > for unused in self._installer(self.parent): > File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line 569, in main > master_install(self) > File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 276, in decorated > func(installer) > File "/usr/lib/python3.6/site-packages/ipaserver/install/server/install.py", line 892, in install > ca.install_step_0(False, None, options, custodia=custodia) > File "/usr/lib/python3.6/site-packages/ipaserver/install/ca.py", line 355, in install_step_0 > pki_config_override=options.pki_config_override, > File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 482, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 603, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 589, in run_step > method() > File "/usr/lib/python3.6/site-packages/ipaserver/install/cainstance.py", line 605, in __spawn_instance > nolog_list=nolog_list > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 197, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 520, in handle_setup_error > raise RuntimeError("%s configuration failed." % self.subsystem) > >2020-11-06T16:22:21Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. >2020-11-06T16:22:21Z ERROR CA configuration failed. >2020-11-06T16:22:21Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1727184">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1895435
: 1727184