Bug 1728153

Summary: [ansible-freeipa] ipa-client installation failing while using OTP option with Cluster deployment
Product: Red Hat Enterprise Linux 8 Reporter: Varun Mylaraiah <mvarun>
Component: ansible-freeipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.1Keywords: TestBlocker
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-freeipa-0.1.6-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-05 21:08:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Varun Mylaraiah 2019-07-09 07:43:39 UTC 
Description of problem:
[ansible-freeipa] ipa-client installation failing while using OTP option with Cluster deployment

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.4-2.el8.noarch
ipa-server-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.x86_64
ipa-client-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.x86_64


Console output
==============

Steps to Reproduce:
# cat inventory/hosts.cluster
[ipaserver]
ipaserver.test.local
 
[ipaserver:vars]
ipadm_password=Secret123
ipaserver_setup_dns=yes
ipaserver_auto_forwarders=yes
ipaserver_no_firewalld=no
 
[ipaclients]
ipaclient1.test.local
 
[ipaclients:vars]
ipaclient_use_otp=yes
 
[ipa:children]
ipaserver
ipaclients
 
[ipa:vars]
ipaadmin_password=Secret123
ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL
 
  
# cat install-cluster.yml
---
- name: Install IPA servers
  hosts: ipaserver
  become: true
 
  roles:
  - role: ipaserver
    state: present
 
- name: Install IPA clients
  hosts: ipaclients
  become: true
 
  roles:
  - role: ipaclient
    state: present

TASK [ipaclient : Install - Get One-Time Password for client enrollment] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:113
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1562645945.2200475-240694402009577 `" && echo ansible-tmp-1562645945.2200475-240694402009577="` echo /root/.ansible/tmp/ansible-tmp-1562645945.2200475-240694402009577 `" ) && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<unknown> Attempting python interpreter discovery
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'/usr/bin/python3.6 && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
Using module file /usr/share/ansible/roles/ipaclient/library/ipaclient_get_facts.py
<ipaserver.test.local> PUT /root/.ansible/tmp/ansible-local-9073y5cgnrod/tmp30lqwdce TO /root/.ansible/tmp/ansible-tmp-1562645945.2200475-240694402009577/AnsiballZ_ipaclient_get_facts.py
<ipaserver.test.local> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d '[ipaserver.test.local]'
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1562645945.2200475-240694402009577/ /root/.ansible/tmp/ansible-tmp-1562645945.2200475-240694402009577/AnsiballZ_ipaclient_get_facts.py && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d -tt ipaserver.test.local '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-avibtolxabpnblorhfzmnheefvaenlee ; /usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1562645945.2200475-240694402009577/AnsiballZ_ipaclient_get_facts.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532 `" && echo ansible-tmp-1562645946.4243703-278201326680532="` echo /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532 `" ) && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> PUT /tmp/tmp_9dytavy/ccache TO /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/ccache
<ipaserver.test.local> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d '[ipaserver.test.local]'
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/ /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/ccache && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
Using module file /usr/share/ansible/roles/ipaclient/library/ipaclient_get_otp.py
<ipaserver.test.local> PUT /root/.ansible/tmp/ansible-local-9073y5cgnrod/tmpku942pj3 TO /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/AnsiballZ_ipaclient_get_otp.py
<ipaserver.test.local> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d '[ipaserver.test.local]'
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d ipaserver.test.local '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/ /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/AnsiballZ_ipaclient_get_otp.py && sleep 0'"'"''
<ipaserver.test.local> rc=0, stdout and stderr censored due to no log
<ipaserver.test.local> ESTABLISH SSH CONNECTION FOR USER: None
<ipaserver.test.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/30376f136d -tt ipaserver.test.local '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-lbeldqauonaiacmyteskqezshzinwkys ; /usr/libexec/platform-@@@python /root/.ansible/tmp/ansible-tmp-1562645946.4243703-278201326680532/AnsiballZ_ipaclient_get_otp.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<ipaserver.test.local> rc=1, stdout and stderr censored due to no log
<ipaserver.test.local> Failed to connect to the host via ssh: <error censored due to no log>
fatal: [ipaclient1.test.local -> ipaserver.test.local]: FAILED! => {
    "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
    "changed": false
}
...ignoring
 
TASK [ipaclient : Install - Report error for OTP generation] ********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:133
fatal: [ipaclient1.test.local]: FAILED! => {
    "msg": "ipaclient_get_otp module failed : Host 'ipaclient1.test.local' does not have corresponding DNS A/AAAA record"
}
 
TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] **********************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:349
skipping: [ipaclient1.test.local] => {
    "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
    "changed": false
}
 
TASK [ipaclient : Cleanup leftover ccache]
Comment 1 Thomas Woerner 2019-07-11 17:23:54 UTC 
Fixed upstream: https://github.com/freeipa/ansible-freeipa/commit/1fa1468b852f629104c6149a060a103bc89028b1
Comment 3 Varun Mylaraiah 2019-07-29 06:02:46 UTC 
Verified 
# rpm -qa ansible-freeipa
ansible-freeipa-0.1.6-2.el8.noarch

# cat inventory/hosts.cluster
[ipaserver]
ipaserver2.test.local
 
[ipaserver:vars]
ipadm_password=<xxxxxxxxxxxxx>
ipaserver_setup_dns=yes
ipaserver_auto_forwarders=yes
ipaserver_no_firewalld=no
 
[ipaclients]
ipaclient1.test.local
 
[ipaclients:vars]
ipaclient_use_otp=yes
 
[ipa:children]
ipaserver
ipaclients
 
[ipa:vars]
ipaadmin_password=<xxxxxxxxxx>
ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL


# cat install-cluster.yml 
---
- name: Install IPA servers
  hosts: ipaserver
  become: true
 
  roles:
  - role: ipaserver
    state: present
 
- name: Install IPA clients
  hosts: ipaclients
  become: true
 
  roles:
  - role: ipaclient
    state: present

# ansible-playbook -vv -i inventory/hosts.cluster install-cluster.yml 
ansible-playbook 2.8.2
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.6.8 (default, Jul  3 2019, 10:59:07) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]
No config file found; using defaults

PLAYBOOK: install-cluster.yml ***************************************************************************************
2 plays in install-cluster.yml

PLAY [Install IPA servers] ******************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
task path: /root/install-cluster.yml:2
ok: [ipaserver2.test.local]
META: ran handlers

TASK [ipaserver : Import variables specific to distribution] ********************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:4
ok: [ipaserver2.test.local] => (item=/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml) => {"ansible_facts": {"ipaserver_packages": ["@idm:DL1/server"], "ipaserver_packages_adtrust": ["@idm:DL1/adtrust"], "ipaserver_packages_dns": ["@idm:DL1/dns"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"}

TASK [ipaserver : Install IPA server] *******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:12
included: /usr/share/ansible/roles/ipaserver/tasks/install.yml for ipaserver2.test.local

TASK [ipaserver : Install - Ensure that IPA server packages are installed] ******************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:5
ok: [ipaserver2.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] **********************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:10
ok: [ipaserver2.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] ******************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:16
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : include_tasks] ************************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:27
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Server installation test] ***************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:33
ok: [ipaserver2.test.local] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_file": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_file": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_file": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver2.test.local", "idmax": 1583799999, "idstart": 1583600000, "ipa_python_version": 40800, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false}

TASK [ipaserver : Install - Master password creation] ***************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:110
changed: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [ipaserver : Install - Use new master password] ****************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:117
ok: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaserver : Install - Server preparation] *********************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:125
changed: [ipaserver2.test.local] => {"_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": ["2620:52:0:1038:5054:ff:fe50:407", "10.16.56.74"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.19.42.41", "10.11.5.19", "10.5.30.160"], "ip_addresses": ["2620:52:0:1038:5054:ff:fe50:407", "10.16.56.74"], "no_dnssec_validation": false, "reverse_zones": [], "subject_base": "O=TEST.LOCAL"}

TASK [ipaserver : Install - Setup NTP] ******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:169
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup DS] *******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:176
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup KRB] ******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:205
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup custodia] *************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:232
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup CA] *******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:238
changed: [ipaserver2.test.local] => {"changed": true, "csr_generated": false}

TASK [ipaserver : Copy /root/ipa.csr to "ipaserver2.test.local-ipa.csr"] ********************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:278
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup otpd] *****************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:287
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup HTTP] *****************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:293
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup KRA] ******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:325
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup DNS] ******************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:336
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Setup ADTRUST] **************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:353
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Set DS password] ************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:368
changed: [ipaserver2.test.local] => {"changed": true}

TASK [Install - Setup client] ***************************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:385

TASK [ipaclient : Import variables specific to distribution] ********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4
ok: [ipaserver2.test.local] => (item=/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml) => {"ansible_facts": {"ipaclient_packages": ["@idm:DL1/client"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"}

TASK [ipaclient : Install IPA client] *******************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:12
included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for ipaserver2.test.local

TASK [ipaclient : Install - Ensure that IPA client packages are installed] ******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4
ok: [ipaserver2.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaclient : Install - Set ipaclient_servers] ******************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:13
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] *******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:18
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Check that either principal or keytab is set] *******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:24
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Set default principal if no keytab is given] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:28
ok: [ipaserver2.test.local] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false}

TASK [ipaclient : Install - IPA client test] ************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:33
ok: [ipaserver2.test.local] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver2.test.local", "ipa_python_version": 40800, "kdc": "ipaserver2.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver2.test.local"], "sssd": true}

TASK [ipaclient : Install - Cleanup leftover ccache] ****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:58
ok: [ipaserver2.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"}

TASK [ipaclient : Install - Configure NTP] **************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:63
ok: [ipaserver2.test.local] => {"changed": false}

TASK [ipaclient : Install - Disable One-Time Password for on_master] ************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:75
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] *********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:80
ok: [ipaserver2.test.local] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": false}

TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] **************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:90
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Keytab or password is required for otp] *************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:105
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Get One-Time Password for client enrollment] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:113
skipping: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaclient : Install - Report error for OTP generation] ********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:133
skipping: [ipaserver2.test.local] => {}

TASK [ipaclient : Install - Store the previously obtained OTP] ******************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:139
skipping: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaclient : Install - Check if principal and keytab are set] **************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:157
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Check if one of password or keytabs are set] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:161
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ******************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:169
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Backup and set hostname] ****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:182
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Join IPA] *******************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:187
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : fail] *********************************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:209
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : fail] *********************************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:214
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : fail] *********************************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:217
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Configure IPA default.conf] *************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:229
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Configure SSSD] *************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:238
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure krb5 for IPA realm] ***********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:255
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] *******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:269
changed: [ipaserver2.test.local] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"}

TASK [ipaclient : Install - Fix IPA ca] *****************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:277
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Create IPA NSS database] ****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:287
changed: [ipaserver2.test.local] => {"ca_enabled_ra": true, "changed": true}

TASK [ipaclient : Install - Configure SSH and SSHD] *****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:313
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure automount] ********************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:321
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure firefox] **********************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:327
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Configure NIS] **************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:332
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] **********************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:350
skipping: [ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaclient : Cleanup leftover ccache] **************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:356
ok: [ipaserver2.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"}

TASK [ipaclient : Uninstall IPA client] *****************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:16
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Enable IPA] *****************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:400
changed: [ipaserver2.test.local] => {"changed": true}

TASK [ipaserver : Install - Cleanup root IPA cache] *****************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:407
ok: [ipaserver2.test.local] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"}

TASK [ipaserver : Install - Configure firewalld] ********************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:413
changed: [ipaserver2.test.local] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.345048", "end": "2019-07-28 07:05:34.320870", "rc": 0, "start": "2019-07-28 07:05:33.975822", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]}

TASK [ipaserver : Install - Configure firewalld runtime] ************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:425
changed: [ipaserver2.test.local] => {"changed": true, "cmd": ["firewall-cmd", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.383868", "end": "2019-07-28 07:05:35.113084", "rc": 0, "start": "2019-07-28 07:05:34.729216", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]}

TASK [ipaserver : Uninstall IPA server] *****************************************************************************
task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:16
skipping: [ipaserver2.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers

PLAY [Install IPA clients] ******************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
task path: /root/install-cluster.yml:10
ok: [ipaclient1.test.local]
META: ran handlers

TASK [ipaclient : Import variables specific to distribution] ********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4
ok: [ipaclient1.test.local] => (item=/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml) => {"ansible_facts": {"ipaclient_packages": ["@idm:DL1/client"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"}

TASK [ipaclient : Install IPA client] *******************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:12
included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for ipaclient1.test.local

TASK [ipaclient : Install - Ensure that IPA client packages are installed] ******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4
ok: [ipaclient1.test.local] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaclient : Install - Set ipaclient_servers] ******************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:13
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] *******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:18
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Check that either principal or keytab is set] *******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:24
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Set default principal if no keytab is given] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:28
ok: [ipaclient1.test.local] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false}

TASK [ipaclient : Install - IPA client test] ************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:33
ok: [ipaclient1.test.local] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": true, "domain": "test.local", "hostname": "ipaclient1.test.local", "ipa_python_version": 40800, "kdc": "ipaserver2.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver2.test.local"], "sssd": true}

TASK [ipaclient : Install - Cleanup leftover ccache] ****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:58
ok: [ipaclient1.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"}

TASK [ipaclient : Install - Configure NTP] **************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:63
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Disable One-Time Password for on_master] ************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:75
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] *********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:80
ok: [ipaclient1.test.local] => {"ca_crt_exists": false, "changed": false, "krb5_conf_ok": false, "krb5_keytab_ok": false, "ping_test_ok": false}

TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] **************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:90
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Keytab or password is required for otp] *************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:105
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Get One-Time Password for client enrollment] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:113
changed: [ipaclient1.test.local -> ipaserver2.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [ipaclient : Install - Report error for OTP generation] ********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:133
skipping: [ipaclient1.test.local] => {}

TASK [ipaclient : Install - Store the previously obtained OTP] ******************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:139
ok: [ipaclient1.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaclient : Install - Check if principal and keytab are set] **************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:157
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Check if one of password or keytabs are set] ********************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:161
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ******************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:169
changed: [ipaclient1.test.local] => {"changed": true, "cmd": ["/usr/sbin/ipa-rmkeytab", "-k", "/etc/krb5.keytab", "-r", "TEST.LOCAL"], "delta": "0:00:00.003335", "end": "2019-07-28 07:06:00.175196", "failed_when_result": false, "msg": "non-zero return code", "rc": 3, "start": "2019-07-28 07:06:00.171861", "stderr": "Failed to open keytab '/etc/krb5.keytab': No such file or directory", "stderr_lines": ["Failed to open keytab '/etc/krb5.keytab': No such file or directory"], "stdout": "", "stdout_lines": []}

TASK [ipaclient : Install - Backup and set hostname] ****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:182
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Join IPA] *******************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:187
changed: [ipaclient1.test.local] => {"already_joined": false, "changed": true}

TASK [ipaclient : fail] *********************************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:209
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : fail] *********************************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:214
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : fail] *********************************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:217
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Configure IPA default.conf] *************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:229
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure SSSD] *************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:238
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure krb5 for IPA realm] ***********************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:255
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] *******************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:269
changed: [ipaclient1.test.local] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"}

TASK [ipaclient : Install - Fix IPA ca] *****************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:277
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Create IPA NSS database] ****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:287
changed: [ipaclient1.test.local] => {"ca_enabled_ra": true, "changed": true}

TASK [ipaclient : Install - Configure SSH and SSHD] *****************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:313
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure automount] ********************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:321
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Configure firefox] **********************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:327
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaclient : Install - Configure NIS] **************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:332
changed: [ipaclient1.test.local] => {"changed": true}

TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] **********************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:350
ok: [ipaclient1.test.local] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaclient : Cleanup leftover ccache] **************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:356
ok: [ipaclient1.test.local] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"}

TASK [ipaclient : Uninstall IPA client] *****************************************************************************
task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:16
skipping: [ipaclient1.test.local] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers

PLAY RECAP **********************************************************************************************************
ipaclient1.test.local      : ok=24   changed=13   unreachable=0    failed=0    skipped=15   rescued=0    ignored=0   
ipaserver2.test.local      : ok=37   changed=20   unreachable=0    failed=0    skipped=29   rescued=0    ignored=0
Comment 5 errata-xmlrpc 2019-11-05 21:08:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3418