Bug 1836294
| Summary: | [ansible-freeipa] service disable is not working for kerberos key | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> |
| Component: | ansible-freeipa | Assignee: | Rafael Jeffman <rjeffman> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | rjeffman, twoerner |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ansible-freeipa-0.1.12-2.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 02:46:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
There is an upstream PR for this issue: https://github.com/freeipa/ansible-freeipa/pull/308 The PR has been merged upstream.
Verified
ansible-freeipa-0.1.12-5.el8.noarch
Automation test result:
ansible-freeipa-tests/ansible_freeipa_tests/service_module.py::TestServiceDisable::()::test_service_verify_keytab_after_disable
------------------------------ Captured log call -------------------------------
channel.py 1212 DEBUG [chan 71] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 71] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 71 opened.
transport.py 318 INFO RUN ['ipactl', 'status']
transport.py 519 DEBUG RUN ['ipactl', 'status']
channel.py 1212 DEBUG [chan 71] Sesch channel 71 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG ipa: INFO: The ipactl command was successful
transport.py 563 DEBUG Directory Service: RUNNING
transport.py 563 DEBUG krb5kdc Service: RUNNING
transport.py 563 DEBUG kadmin Service: RUNNING
transport.py 563 DEBUG named Service: RUNNING
transport.py 563 DEBUG httpd Service: RUNNING
transport.py 563 DEBUG ipa-custodia Service: RUNNING
transport.py 563 DEBUG pki-tomcatd Service: RUNNING
transport.py 563 DEBUG ipa-otpd Service: RUNNING
transport.py 563 DEBUG ipa-dnskeysyncd Service: RUNNING
channel.py 1212 DEBUG [chan 71] EOF received (71)
channel.py 1212 DEBUG [chan 71] EOF sent (71)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 72] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 72] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 72 opened.
transport.py 318 INFO RUN ['kinit', 'admin']
transport.py 519 DEBUG RUN ['kinit', 'admin']
channel.py 1212 DEBUG [chan 72] Sesch channel 72 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG Password for admin:
channel.py 1212 DEBUG [chan 72] EOF received (72)
channel.py 1212 DEBUG [chan 72] EOF sent (72)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 73] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 73] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 73 opened.
transport.py 318 INFO RUN ['ipa', 'service-add', '28newservice/master.ipadomain.test']
transport.py 519 DEBUG RUN ['ipa', 'service-add', '28newservice/master.ipadomain.test']
channel.py 1212 DEBUG [chan 73] Sesch channel 73 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG -----------------------------------------------------------------
transport.py 563 DEBUG Added service "28newservice/master.ipadomain.test"
transport.py 563 DEBUG -----------------------------------------------------------------
transport.py 563 DEBUG Principal name: 28newservice/master.ipadomain.test
transport.py 563 DEBUG Principal alias: 28newservice/master.ipadomain.test
transport.py 563 DEBUG Managed by: master.ipadomain.test
channel.py 1212 DEBUG [chan 73] EOF received (73)
channel.py 1212 DEBUG [chan 73] EOF sent (73)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 74] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 74] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 74 opened.
transport.py 318 INFO RUN ['ipa-getkeytab', '-s', 'master.ipadomain.test', '-p', '28newservice/master.ipadomain.test', '-k', '/etc/httpd/conf/ipa.keytab']
transport.py 519 DEBUG RUN ['ipa-getkeytab', '-s', 'master.ipadomain.test', '-p', '28newservice/master.ipadomain.test', '-k', '/etc/httpd/conf/ipa.keytab']
channel.py 1212 DEBUG [chan 74] Sesch channel 74 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG Keytab successfully retrieved and stored in: /etc/httpd/conf/ipa.keytab
channel.py 1212 DEBUG [chan 74] EOF received (74)
channel.py 1212 DEBUG [chan 74] EOF sent (74)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 75] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 75] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 75 opened.
transport.py 318 INFO RUN ['kinit', 'admin']
transport.py 519 DEBUG RUN ['kinit', 'admin']
channel.py 1212 DEBUG [chan 75] Sesch channel 75 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG Password for admin:
channel.py 1212 DEBUG [chan 75] EOF received (75)
channel.py 1212 DEBUG [chan 75] EOF sent (75)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 76] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 76] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 76 opened.
transport.py 318 INFO RUN ['ipa', 'service-find', '28newservice/master.ipadomain.test']
transport.py 519 DEBUG RUN ['ipa', 'service-find', '28newservice/master.ipadomain.test']
channel.py 1212 DEBUG [chan 76] Sesch channel 76 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG -----------------
transport.py 563 DEBUG 1 service matched
transport.py 563 DEBUG -----------------
transport.py 563 DEBUG Principal name: 28newservice/master.ipadomain.test
transport.py 563 DEBUG Principal alias: 28newservice/master.ipadomain.test
transport.py 563 DEBUG Keytab: True
transport.py 563 DEBUG ----------------------------
transport.py 563 DEBUG Number of entries returned 1
transport.py 563 DEBUG ----------------------------
channel.py 1212 DEBUG [chan 76] EOF received (76)
channel.py 1212 DEBUG [chan 76] EOF sent (76)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 77] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 77] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 77 opened.
transport.py 318 INFO RUN ['kdestroy', '-A']
transport.py 519 DEBUG RUN ['kdestroy', '-A']
channel.py 1212 DEBUG [chan 77] Sesch channel 77 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py 1212 DEBUG [chan 77] EOF received (77)
channel.py 1212 DEBUG [chan 77] EOF sent (77)
transport.py 217 DEBUG Exit code: 0
transport.py 293 INFO WRITE inventory/service.hosts
sftp.py 158 DEBUG [chan 0] open(b'inventory/service.hosts', 'wb')
sftp.py 158 DEBUG [chan 0] open(b'inventory/service.hosts', 'wb') -> 00000000
sftp.py 158 DEBUG [chan 0] close(00000000)
transport.py 329 INFO PUT service_module.yml
sftp.py 158 DEBUG [chan 0] open(b'service_module.yml', 'wb')
sftp.py 158 DEBUG [chan 0] open(b'service_module.yml', 'wb') -> 00000000
sftp.py 158 DEBUG [chan 0] close(00000000)
sftp.py 158 DEBUG [chan 0] stat(b'service_module.yml')
channel.py 1212 DEBUG [chan 14] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 14] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 14 opened.
transport.py 318 INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/service.hosts', 'service_module.yml']
transport.py 519 DEBUG RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/service.hosts', 'service_module.yml']
channel.py 1212 DEBUG [chan 14] Sesch channel 14 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG ansible-playbook 2.9.11
transport.py 563 DEBUG config file = /root/ansible.cfg
transport.py 563 DEBUG configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py 563 DEBUG ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py 563 DEBUG executable location = /usr/bin/ansible-playbook
transport.py 563 DEBUG python version = 3.6.8 (default, Jun 26 2020, 12:10:09) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
transport.py 563 DEBUG Using /root/ansible.cfg as config file
transport.py 563 DEBUG
transport.py 563 DEBUG PLAYBOOK: service_module.yml ***************************************************
transport.py 563 DEBUG 1 plays in service_module.yml
transport.py 563 DEBUG
transport.py 563 DEBUG PLAY [Playbook to ensure service is disabled.] *********************************
transport.py 563 DEBUG
transport.py 563 DEBUG TASK [Gathering Facts] *********************************************************
transport.py 563 DEBUG task path: /root/service_module.yml:2
transport.py 563 DEBUG ok: [master.ipadomain.test]
transport.py 563 DEBUG META: ran handlers
transport.py 563 DEBUG
transport.py 563 DEBUG TASK [Get Domain from server name] *********************************************
transport.py 563 DEBUG task path: /root/service_module.yml:6
transport.py 563 DEBUG ok: [master.ipadomain.test] => {"ansible_facts": {"ipaserver_domain": "ipadomain.test"}, "changed": false}
transport.py 563 DEBUG
transport.py 563 DEBUG TASK [Get Realm from server name] **********************************************
transport.py 563 DEBUG task path: /root/service_module.yml:9
transport.py 563 DEBUG ok: [master.ipadomain.test] => {"ansible_facts": {"ipaserver_realm": "IPADOMAIN.TEST"}, "changed": false}
transport.py 563 DEBUG
transport.py 563 DEBUG TASK [ipaservice] **************************************************************
transport.py 563 DEBUG task path: /root/service_module.yml:12
transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true}
transport.py 563 DEBUG META: ran handlers
transport.py 563 DEBUG META: ran handlers
transport.py 563 DEBUG
transport.py 563 DEBUG PLAY RECAP *********************************************************************
transport.py 563 DEBUG master.ipadomain.test : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
transport.py 563 DEBUG
channel.py 1212 DEBUG [chan 14] EOF received (14)
channel.py 1212 DEBUG [chan 14] EOF sent (14)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 78] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 78] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 78 opened.
transport.py 318 INFO RUN ['kinit', 'admin']
transport.py 519 DEBUG RUN ['kinit', 'admin']
channel.py 1212 DEBUG [chan 78] Sesch channel 78 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG Password for admin:
channel.py 1212 DEBUG [chan 78] EOF received (78)
channel.py 1212 DEBUG [chan 78] EOF sent (78)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 79] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 79] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 79 opened.
transport.py 318 INFO RUN ['ipa', 'service-find', '28newservice/master.ipadomain.test']
transport.py 519 DEBUG RUN ['ipa', 'service-find', '28newservice/master.ipadomain.test']
channel.py 1212 DEBUG [chan 79] Sesch channel 79 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG -----------------
transport.py 563 DEBUG 1 service matched
transport.py 563 DEBUG -----------------
transport.py 563 DEBUG Principal name: 28newservice/master.ipadomain.test
transport.py 563 DEBUG Principal alias: 28newservice/master.ipadomain.test
transport.py 563 DEBUG Keytab: False
transport.py 563 DEBUG ----------------------------
transport.py 563 DEBUG Number of entries returned 1
transport.py 563 DEBUG ----------------------------
channel.py 1212 DEBUG [chan 79] EOF received (79)
channel.py 1212 DEBUG [chan 79] EOF sent (79)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 80] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 80] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 80 opened.
transport.py 318 INFO RUN ['kdestroy', '-A']
transport.py 519 DEBUG RUN ['kdestroy', '-A']
channel.py 1212 DEBUG [chan 80] Sesch channel 80 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py 1212 DEBUG [chan 80] EOF received (80)
channel.py 1212 DEBUG [chan 80] EOF sent (80)
transport.py 217 DEBUG Exit code: 0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:4663 |
Description of problem: In ansible-freeipa service module, disabled is not working for kerberos key Version-Release number of selected component (if applicable): ansible-freeipa-0.1.10-1.el8.noarch Steps to Reproduce: On Master ======== [root@master ~]# ipa-getkeytab -s master.ipadomain.test -p myservce21/master.ipadomain.test -k /etc/httpd/conf/ipa.keytab Keytab successfully retrieved and stored in: /etc/httpd/conf/ipa.keytab [root@master ~]# ipa service-show myservce21/master.ipadomain.test Principal name: myservce21/master.ipadomain.test Principal alias: myservce21/master.ipadomain.test Keytab: True Managed by: master.ipadomain.test On Controller ========== --- - name: Playbook to manage IPA service. hosts: ipaserver become: true gather_facts: false tasks: - name: Get Domain from server name set_fact: ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}" - name: Get Realm from server name set_fact: ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}" # Ensure testing service - ipaservice: ipaadmin_password: <xxxxx> name: "{{'myservce21/master.' + ipaserver_domain + '@' + ipaserver_realm }}" state: disabled [root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts 02_2.yaml ansible-playbook 2.9.7 config file = /root/ansible.cfg configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.6.8 (default, Apr 3 2020, 16:09:51) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] Using /root/ansible.cfg as config file PLAYBOOK: 02_2.yaml *********************************************************************** 1 plays in 02_2.yaml PLAY [Playbook to manage IPA service.] **************************************************** META: ran handlers TASK [Get Domain from server name] ******************************************************** task path: /root/02_2.yaml:8 ok: [master.ipadomain.test] => {"ansible_facts": {"ipaserver_domain": "ipadomain.test"}, "changed": false} TASK [Get Realm from server name] ********************************************************* task path: /root/02_2.yaml:11 ok: [master.ipadomain.test] => {"ansible_facts": {"ipaserver_realm": "IPADOMAIN.TEST"}, "changed": false} TASK [ipaservice] ************************************************************************* task path: /root/02_2.yaml:15 ok: [master.ipadomain.test] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false} META: ran handlers META: ran handlers PLAY RECAP ******************************************************************************** master.ipadomain.test : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 On Master ========= ipa service-show myservce21/master.ipadomain.test Principal name: myservce21/master.ipadomain.test Principal alias: myservce21/master.ipadomain.test Keytab: True Managed by: master.ipadomain.test Actual results: Key tab is not disabled after running playbook Expected results: Keytab should be disabled Additional info: [root@master ~]# ipa service-disable myservce21/master.ipadomain.test ------------------------------------------------------------------ Disabled service "myservce21/master.ipadomain.test" ------------------------------------------------------------------ [root@master ~]# ipa service-show myservce21/master.ipadomain.test Principal name: myservce21/master.ipadomain.test Principal alias: myservce21/master.ipadomain.test Keytab: False Managed by: master.ipadomain.test