Bug 1728153
Summary: | [ansible-freeipa] ipa-client installation failing while using OTP option with Cluster deployment | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> |
Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.1 | Keywords: | TestBlocker |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ansible-freeipa-0.1.6-1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-05 21:08:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Varun Mylaraiah
2019-07-09 07:43:39 UTC
Fixed upstream: https://github.com/freeipa/ansible-freeipa/commit/1fa1468b852f629104c6149a060a103bc89028b1 Verified # rpm -qa ansible-freeipa ansible-freeipa-0.1.6-2.el8.noarch # cat inventory/hosts.cluster [ipaserver] ipaserver2.test.local [ipaserver:vars] ipadm_password=<xxxxxxxxxxxxx> ipaserver_setup_dns=yes ipaserver_auto_forwarders=yes ipaserver_no_firewalld=no [ipaclients] ipaclient1.test.local [ipaclients:vars] ipaclient_use_otp=yes [ipa:children] ipaserver ipaclients [ipa:vars] ipaadmin_password=<xxxxxxxxxx> ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL # cat install-cluster.yml --- - name: Install IPA servers hosts: ipaserver become: true roles: - role: ipaserver state: present - name: Install IPA clients hosts: ipaclients become: true roles: - role: ipaclient state: present # ansible-playbook -vv -i inventory/hosts.cluster install-cluster.yml ansible-playbook 2.8.2 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.6/site-packages/ansible executable location = /usr/local/bin/ansible-playbook python version = 3.6.8 (default, Jul 3 2019, 10:59:07) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] No config file found; using defaults PLAYBOOK: install-cluster.yml *************************************************************************************** 2 plays in install-cluster.yml PLAY [Install IPA servers] ****************************************************************************************** TASK [Gathering Facts] ********************************************************************************************** task path: /root/install-cluster.yml:2 ok: [ipaserver2.test.local] META: ran handlers TASK [ipaserver : Import variables specific to distribution] ******************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:4 ok: [ipaserver2.test.local] => (item=/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml) => {"ansible_facts": {"ipaserver_packages": ["@idm:DL1/server"], "ipaserver_packages_adtrust": ["@idm:DL1/adtrust"], "ipaserver_packages_dns": ["@idm:DL1/dns"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"} TASK [ipaserver : Install IPA server] ******************************************************************************* task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:12 included: /usr/share/ansible/roles/ipaserver/tasks/install.yml for ipaserver2.test.local TASK [ipaserver : Install - Ensure that IPA server packages are installed] ****************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:5 ok: [ipaserver2.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] ********************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:10 ok: [ipaserver2.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] ****************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:16 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : include_tasks] ************************************************************************************ task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:27 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Server installation test] *************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:33 ok: [ipaserver2.test.local] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_file": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_file": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_file": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver2.test.local", "idmax": 1583799999, "idstart": 1583600000, "ipa_python_version": 40800, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false} TASK [ipaserver : Install - Master password creation] *************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:110 changed: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} TASK [ipaserver : Install - Use new master password] **************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:117 ok: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaserver : Install - Server preparation] ********************************************************************* task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:125 changed: [ipaserver2.test.local] => {"_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": ["2620:52:0:1038:5054:ff:fe50:407", "10.16.56.74"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.19.42.41", "10.11.5.19", "10.5.30.160"], "ip_addresses": ["2620:52:0:1038:5054:ff:fe50:407", "10.16.56.74"], "no_dnssec_validation": false, "reverse_zones": [], "subject_base": "O=TEST.LOCAL"} TASK [ipaserver : Install - Setup NTP] ****************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:169 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup DS] ******************************************************************************* task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:176 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup KRB] ****************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:205 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup custodia] ************************************************************************* task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:232 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup CA] ******************************************************************************* task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:238 changed: [ipaserver2.test.local] => {"changed": true, "csr_generated": false} TASK [ipaserver : Copy /root/ipa.csr to "ipaserver2.test.local-ipa.csr"] ******************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:278 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup otpd] ***************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:287 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup HTTP] ***************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:293 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup KRA] ****************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:325 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup DNS] ****************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:336 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Setup ADTRUST] ************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:353 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Set DS password] ************************************************************************ task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:368 changed: [ipaserver2.test.local] => {"changed": true} TASK [Install - Setup client] *************************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:385 TASK [ipaclient : Import variables specific to distribution] ******************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4 ok: [ipaserver2.test.local] => (item=/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml) => {"ansible_facts": {"ipaclient_packages": ["@idm:DL1/client"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"} TASK [ipaclient : Install IPA client] ******************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:12 included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for ipaserver2.test.local TASK [ipaclient : Install - Ensure that IPA client packages are installed] ****************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4 ok: [ipaserver2.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [ipaclient : Install - Set ipaclient_servers] ****************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:13 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ******************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:18 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check that either principal or keytab is set] ******************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:24 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set default principal if no keytab is given] ******************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:28 ok: [ipaserver2.test.local] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} TASK [ipaclient : Install - IPA client test] ************************************************************************ task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:33 ok: [ipaserver2.test.local] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver2.test.local", "ipa_python_version": 40800, "kdc": "ipaserver2.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver2.test.local"], "sssd": true} TASK [ipaclient : Install - Cleanup leftover ccache] **************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:58 ok: [ipaserver2.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Install - Configure NTP] ************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:63 ok: [ipaserver2.test.local] => {"changed": false} TASK [ipaclient : Install - Disable One-Time Password for on_master] ************************************************ task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:75 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ********************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:80 ok: [ipaserver2.test.local] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": false} TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] ************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:90 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Keytab or password is required for otp] ************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:105 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:113 skipping: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Report error for OTP generation] ******************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:133 skipping: [ipaserver2.test.local] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ****************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:139 skipping: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Check if principal and keytab are set] ************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:157 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check if one of password or keytabs are set] ******************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:161 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ****************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:169 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Backup and set hostname] **************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:182 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Join IPA] ******************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:187 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ********************************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:209 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ********************************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:214 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ********************************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:217 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure IPA default.conf] ************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:229 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure SSSD] ************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:238 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaclient : Install - Configure krb5 for IPA realm] *********************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:255 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ******************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:269 changed: [ipaserver2.test.local] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"} TASK [ipaclient : Install - Fix IPA ca] ***************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:277 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Create IPA NSS database] **************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:287 changed: [ipaserver2.test.local] => {"ca_enabled_ra": true, "changed": true} TASK [ipaclient : Install - Configure SSH and SSHD] ***************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:313 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaclient : Install - Configure automount] ******************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:321 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaclient : Install - Configure firefox] ********************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:327 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure NIS] ************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:332 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] ********************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:350 skipping: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Cleanup leftover ccache] ************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:356 ok: [ipaserver2.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Uninstall IPA client] ***************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:16 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Enable IPA] ***************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:400 changed: [ipaserver2.test.local] => {"changed": true} TASK [ipaserver : Install - Cleanup root IPA cache] ***************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:407 ok: [ipaserver2.test.local] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"} TASK [ipaserver : Install - Configure firewalld] ******************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:413 changed: [ipaserver2.test.local] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.345048", "end": "2019-07-28 07:05:34.320870", "rc": 0, "start": "2019-07-28 07:05:33.975822", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Install - Configure firewalld runtime] ************************************************************ task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:425 changed: [ipaserver2.test.local] => {"changed": true, "cmd": ["firewall-cmd", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.383868", "end": "2019-07-28 07:05:35.113084", "rc": 0, "start": "2019-07-28 07:05:34.729216", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Uninstall IPA server] ***************************************************************************** task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:16 skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY [Install IPA clients] ****************************************************************************************** TASK [Gathering Facts] ********************************************************************************************** task path: /root/install-cluster.yml:10 ok: [ipaclient1.test.local] META: ran handlers TASK [ipaclient : Import variables specific to distribution] ******************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4 ok: [ipaclient1.test.local] => (item=/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml) => {"ansible_facts": {"ipaclient_packages": ["@idm:DL1/client"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"} TASK [ipaclient : Install IPA client] ******************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:12 included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for ipaclient1.test.local TASK [ipaclient : Install - Ensure that IPA client packages are installed] ****************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4 ok: [ipaclient1.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [ipaclient : Install - Set ipaclient_servers] ****************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:13 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ******************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:18 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check that either principal or keytab is set] ******************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:24 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set default principal if no keytab is given] ******************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:28 ok: [ipaclient1.test.local] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} TASK [ipaclient : Install - IPA client test] ************************************************************************ task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:33 ok: [ipaclient1.test.local] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": true, "domain": "test.local", "hostname": "ipaclient1.test.local", "ipa_python_version": 40800, "kdc": "ipaserver2.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver2.test.local"], "sssd": true} TASK [ipaclient : Install - Cleanup leftover ccache] **************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:58 ok: [ipaclient1.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Install - Configure NTP] ************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:63 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Disable One-Time Password for on_master] ************************************************ task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:75 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ********************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:80 ok: [ipaclient1.test.local] => {"ca_crt_exists": false, "changed": false, "krb5_conf_ok": false, "krb5_keytab_ok": false, "ping_test_ok": false} TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] ************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:90 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Keytab or password is required for otp] ************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:105 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:113 changed: [ipaclient1.test.local -> ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} TASK [ipaclient : Install - Report error for OTP generation] ******************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:133 skipping: [ipaclient1.test.local] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ****************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:139 ok: [ipaclient1.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Check if principal and keytab are set] ************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:157 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check if one of password or keytabs are set] ******************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:161 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ****************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:169 changed: [ipaclient1.test.local] => {"changed": true, "cmd": ["/usr/sbin/ipa-rmkeytab", "-k", "/etc/krb5.keytab", "-r", "TEST.LOCAL"], "delta": "0:00:00.003335", "end": "2019-07-28 07:06:00.175196", "failed_when_result": false, "msg": "non-zero return code", "rc": 3, "start": "2019-07-28 07:06:00.171861", "stderr": "Failed to open keytab '/etc/krb5.keytab': No such file or directory", "stderr_lines": ["Failed to open keytab '/etc/krb5.keytab': No such file or directory"], "stdout": "", "stdout_lines": []} TASK [ipaclient : Install - Backup and set hostname] **************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:182 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Join IPA] ******************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:187 changed: [ipaclient1.test.local] => {"already_joined": false, "changed": true} TASK [ipaclient : fail] ********************************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:209 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ********************************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:214 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ********************************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:217 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure IPA default.conf] ************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:229 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Configure SSSD] ************************************************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:238 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Configure krb5 for IPA realm] *********************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:255 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ******************************************* task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:269 changed: [ipaclient1.test.local] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"} TASK [ipaclient : Install - Fix IPA ca] ***************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:277 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Create IPA NSS database] **************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:287 changed: [ipaclient1.test.local] => {"ca_enabled_ra": true, "changed": true} TASK [ipaclient : Install - Configure SSH and SSHD] ***************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:313 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Configure automount] ******************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:321 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Configure firefox] ********************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:327 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure NIS] ************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:332 changed: [ipaclient1.test.local] => {"changed": true} TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] ********************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:350 ok: [ipaclient1.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Cleanup leftover ccache] ************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:356 ok: [ipaclient1.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Uninstall IPA client] ***************************************************************************** task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:16 skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************************************************** ipaclient1.test.local : ok=24 changed=13 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 ipaserver2.test.local : ok=37 changed=20 unreachable=0 failed=0 skipped=29 rescued=0 ignored=0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3418 |