Bug 1853284
Summary: | [ansible-freeipa] Replica deployment is failing due to pkcs12 info have been changed. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> |
Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.3 | CC: | pcech |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | 8.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ansible-freeipa-0.1.12-4.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 02:46:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Varun Mylaraiah
2020-07-02 11:05:14 UTC
Here is the upstream PR: https://github.com/freeipa/ansible-freeipa/pull/313 Verified: ansible-freeipa-0.1.12-4.el8.noarch ansible_freeipa_tests/test_idm_deploy_replica.py::TestReplica15::test_with_specified_server -------------------------------- live log call --------------------------------- [paramiko.transport] INFO Connected (version 2.0, client OpenSSH_8.0) [paramiko.transport] INFO Authentication (publickey) successful! [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipactl', 'status'] [paramiko.transport] INFO Connected (version 2.0, client OpenSSH_8.0) [paramiko.transport] INFO Authentication (publickey) successful! [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/master.hosts [paramiko.transport.sftp] INFO [chan 0] Opened sftp connection (server version 3) [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT install-server.yaml [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/master.hosts', 'install-server.yaml'] 2020-07-10T07:36:05 [pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipactl', 'status'] [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/replicas.hosts [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT install-replicas.yaml [pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/replicas.hosts', 'install-replicas.yaml'] PASSED Complete log ============== ------------------------------ Captured log call ------------------------------- transport.py 1819 DEBUG starting thread (client mode): 0x640df760 transport.py 1819 DEBUG Local version/idstring: SSH-2.0-paramiko_2.7.1 transport.py 1819 DEBUG Remote version/idstring: SSH-2.0-OpenSSH_8.0 transport.py 1819 INFO Connected (version 2.0, client OpenSSH_8.0) transport.py 1819 DEBUG kex algos:['curve25519-sha256', 'curve25519-sha256', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha256', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1'] server key:['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ssh-ed25519'] client encrypt:['aes256-gcm', 'chacha20-poly1305', 'aes256-ctr', 'aes256-cbc', 'aes128-gcm', 'aes128-ctr', 'aes128-cbc'] server encrypt:['aes256-gcm', 'chacha20-poly1305', 'aes256-ctr', 'aes256-cbc', 'aes128-gcm', 'aes128-ctr', 'aes128-cbc'] client mac:['hmac-sha2-256-etm', 'hmac-sha1-etm', 'umac-128-etm', 'hmac-sha2-512-etm', 'hmac-sha2-256', 'hmac-sha1', 'umac-128', 'hmac-sha2-512'] server mac:['hmac-sha2-256-etm', 'hmac-sha1-etm', 'umac-128-etm', 'hmac-sha2-512-etm', 'hmac-sha2-256', 'hmac-sha1', 'umac-128', 'hmac-sha2-512'] client compress:['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] server lang:[''] kex follows?False transport.py 1819 DEBUG Kex agreed: curve25519-sha256 transport.py 1819 DEBUG HostKey agreed: ssh-ed25519 transport.py 1819 DEBUG Cipher agreed: aes128-ctr transport.py 1819 DEBUG MAC agreed: hmac-sha2-256 transport.py 1819 DEBUG Compression agreed: none transport.py 1819 DEBUG kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256> transport.py 1819 DEBUG Switch to new keys ... transport.py 245 DEBUG Authenticating with private RSA key using user root transport.py 1819 DEBUG userauth is OK transport.py 1819 INFO Authentication (publickey) successful! channel.py 1212 DEBUG [chan 0] Max packet in: 32768 bytes transport.py 1819 DEBUG Received global request "hostkeys-00" transport.py 1819 DEBUG Rejecting "hostkeys-00" global request from server. transport.py 1819 DEBUG Debug msg: b'/root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding' channel.py 1212 DEBUG [chan 0] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 0 opened. transport.py 318 INFO RUN ['ipactl', 'status'] transport.py 519 DEBUG RUN ['ipactl', 'status'] channel.py 1212 DEBUG [chan 0] Sesch channel 0 request ok transport.py 563 DEBUG Activate the web console with: systemctl enable --now cockpit.socket transport.py 563 DEBUG transport.py 563 DEBUG This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ transport.py 563 DEBUG To register this system, run: insights-client --register transport.py 563 DEBUG transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory transport.py 563 DEBUG -bash: line 4: ipactl: command not found channel.py 1212 DEBUG [chan 0] EOF received (0) channel.py 1212 DEBUG [chan 0] EOF sent (0) transport.py 217 DEBUG Exit code: 127 transport.py 1819 DEBUG starting thread (client mode): 0x6307e8e0 transport.py 1819 DEBUG Local version/idstring: SSH-2.0-paramiko_2.7.1 transport.py 1819 DEBUG Remote version/idstring: SSH-2.0-OpenSSH_8.0 transport.py 1819 INFO Connected (version 2.0, client OpenSSH_8.0) transport.py 1819 DEBUG kex algos:['curve25519-sha256', 'curve25519-sha256', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha256', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1'] server key:['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ssh-ed25519'] client encrypt:['aes256-gcm', 'chacha20-poly1305', 'aes256-ctr', 'aes256-cbc', 'aes128-gcm', 'aes128-ctr', 'aes128-cbc'] server encrypt:['aes256-gcm', 'chacha20-poly1305', 'aes256-ctr', 'aes256-cbc', 'aes128-gcm', 'aes128-ctr', 'aes128-cbc'] client mac:['hmac-sha2-256-etm', 'hmac-sha1-etm', 'umac-128-etm', 'hmac-sha2-512-etm', 'hmac-sha2-256', 'hmac-sha1', 'umac-128', 'hmac-sha2-512'] server mac:['hmac-sha2-256-etm', 'hmac-sha1-etm', 'umac-128-etm', 'hmac-sha2-512-etm', 'hmac-sha2-256', 'hmac-sha1', 'umac-128', 'hmac-sha2-512'] client compress:['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] server lang:[''] kex follows?False transport.py 1819 DEBUG Kex agreed: curve25519-sha256 transport.py 1819 DEBUG HostKey agreed: ssh-ed25519 transport.py 1819 DEBUG Cipher agreed: aes128-ctr transport.py 1819 DEBUG MAC agreed: hmac-sha2-256 transport.py 1819 DEBUG Compression agreed: none transport.py 1819 DEBUG kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256> transport.py 1819 DEBUG Switch to new keys ... transport.py 245 DEBUG Authenticating with private RSA key using user root transport.py 1819 DEBUG userauth is OK transport.py 1819 INFO Authentication (publickey) successful! transport.py 293 INFO WRITE inventory/master.hosts channel.py 1212 DEBUG [chan 0] Max packet in: 32768 bytes transport.py 1819 DEBUG Received global request "hostkeys-00" transport.py 1819 DEBUG Rejecting "hostkeys-00" global request from server. transport.py 1819 DEBUG Debug msg: b'/root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding' channel.py 1212 DEBUG [chan 0] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 0 opened. channel.py 1212 DEBUG [chan 0] Sesch channel 0 request ok sftp.py 158 INFO [chan 0] Opened sftp connection (server version 3) sftp.py 158 DEBUG [chan 0] open(b'inventory/master.hosts', 'wb') sftp.py 158 DEBUG [chan 0] open(b'inventory/master.hosts', 'wb') -> 00000000 sftp.py 158 DEBUG [chan 0] close(00000000) transport.py 329 INFO PUT install-server.yaml sftp.py 158 DEBUG [chan 0] open(b'install-server.yaml', 'wb') sftp.py 158 DEBUG [chan 0] open(b'install-server.yaml', 'wb') -> 00000000 sftp.py 158 DEBUG [chan 0] close(00000000) sftp.py 158 DEBUG [chan 0] stat(b'install-server.yaml') channel.py 1212 DEBUG [chan 1] Max packet in: 32768 bytes channel.py 1212 DEBUG [chan 1] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 1 opened. transport.py 318 INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/master.hosts', 'install-server.yaml'] transport.py 519 DEBUG RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/master.hosts', 'install-server.yaml'] channel.py 1212 DEBUG [chan 1] Sesch channel 1 request ok transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory transport.py 563 DEBUG ansible-playbook 2.9.10 transport.py 563 DEBUG config file = /root/ansible.cfg transport.py 563 DEBUG configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules'] transport.py 563 DEBUG ansible python module location = /usr/lib/python3.6/site-packages/ansible transport.py 563 DEBUG executable location = /usr/bin/ansible-playbook transport.py 563 DEBUG python version = 3.6.8 (default, Jun 26 2020, 12:10:09) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] transport.py 563 DEBUG Using /root/ansible.cfg as config file transport.py 563 DEBUG transport.py 563 DEBUG PLAYBOOK: install-server.yaml ************************************************** transport.py 563 DEBUG 1 plays in install-server.yaml transport.py 563 DEBUG transport.py 563 DEBUG PLAY [Playbook to configure IPA servers] *************************************** transport.py 563 DEBUG transport.py 563 DEBUG TASK [Gathering Facts] ********************************************************* transport.py 563 DEBUG task path: /root/install-server.yaml:2 transport.py 563 DEBUG ok: [master.ipadomain.test] transport.py 563 DEBUG META: ran handlers transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Import variables specific to distribution] ******************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:4 transport.py 563 DEBUG ok: [master.ipadomain.test] => (item=/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml) => {"ansible_facts": {"ipaserver_packages": ["@idm:DL1/server"], "ipaserver_packages_adtrust": ["@idm:DL1/adtrust"], "ipaserver_packages_dns": ["@idm:DL1/dns"], "ipaserver_packages_firewalld": ["firewalld"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install IPA server] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:12 transport.py 563 DEBUG included: /usr/share/ansible/roles/ipaserver/tasks/install.yml for master.ipadomain.test transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:5 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true, "msg": "", "rc": 0, "results": ["Module idm:DL1/server installed.", "Installed: pki-base-java-10.9.0-0.4.module+el8.3.0+7178+12af6fad.noarch", "Installed: pki-ca-10.9.0-0.4.module+el8.3.0+7178+12af6fad.noarch", "Installed: pki-kra-10.9.0-0.4.module+el8.3.0+7178+12af6fad.noarch", "Installed: pki-server-10.9.0-0.4.module+el8.3.0+7178+12af6fad.noarch", "Installed: pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch", "Installed: pki-servlet-engine-1:9.0.30-.......} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:10 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.x86_64", "Installed: ldns-1.7.0-21.el8.x86_64", "Installed: bind-pkcs11-32:9.11.20-3.el8.x86_64", "Installed: ipa-server-dns-4.8.7-4.module+el8.3.0+7221+eedbd403.noarch", "Installed: bind-pkcs11-libs-32:9.11.20-3.el8.x86_64", "Installed: bind-pkcs11-utils-32:9.11.20-3.el8.x86_64", "Installed: opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64", "Installed: opencryptoki-3.14.0-5.el8.x86_64", "Installed: opencryptoki-icsftok-3.14.0-5.el8.x86_64", "Installed: opencryptoki-libs-3.14.0-5.el8.x86_64", "Installed: sqlite-3.26.0-10.el8.x86_64", "Installed: bind-32:9.11.20-3.el8.x86_64"]} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:16 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Ensure that firewall packages installed] *********** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:22 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:28 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": {"ActiveEnterTimestamp": "Fri 2020-07-10 03:28:35 EDT", "ActiveEnterTimestampMonotonic": "167978948", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "sysinit.target basic.target dbus.service system.slice......} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : include_tasks] *********************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:40 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Server installation test] ************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:46 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "ipadomain.test", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "master.ipadomain.test", "idmax": 281999999, "idstart": 281800000, "ipa_python_version": 40807, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "IPADOMAIN.TEST", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Master password creation] ************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:123 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Use new master password] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:130 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Server preparation] ******************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:138 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"_ca_subject": "CN=Certificate Authority,O=IPADOMAIN.TEST", "_subject_base": "O=IPADOMAIN.TEST", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=IPADOMAIN.TEST", "changed": true, "dns_ip_addresses": ["10.0.155.246"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.11.5.19"], "ip_addresses": ["10.0.155.246"], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=IPADOMAIN.TEST"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup NTP] ***************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:182 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup DS] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:189 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup KRB] ***************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:218 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup custodia] ************************************ transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:245 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup CA] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:251 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true, "csr_generated": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Copy /root/ipa.csr to "master.ipadomain.test-ipa.csr"] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:292 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup otpd] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:301 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup HTTP] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:307 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup KRA] ***************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:339 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup DNS] ***************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:350 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Setup ADTRUST] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:367 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Set DS password] *********************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:382 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [Install - Setup client] ************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:399 transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Import variables specific to distribution] ******************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4 transport.py 563 DEBUG ok: [master.ipadomain.test] => (item=/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml) => {"ansible_facts": {"ipaclient_packages": ["@idm:DL1/client"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install IPA client] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:12 transport.py 563 DEBUG included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for master.ipadomain.test transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} transport.py 563 DEBUG transport.py 563 DEBUG TASK [Install - Set ipaclient_servers] ***************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:13 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [Install - Set ipaclient_servers from cluster inventory] ****************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:18 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Check that either principal or keytab is set] ****** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:24 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Set default principal if no keytab is given] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:28 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - IPA client test] *********************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:33 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"basedn": "dc=ipadomain,dc=test", "changed": false, "client_already_configured": false, "client_domain": "ipadomain.test", "dnsok": false, "domain": "ipadomain.test", "hostname": "master.ipadomain.test", "ipa_python_version": 40807, "kdc": "master.ipadomain.test", "ntp_pool": null, "ntp_servers": null, "realm": "IPADOMAIN.TEST", "servers": ["master.ipadomain.test"], "sssd": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Cleanup leftover ccache] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:59 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure NTP] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:64 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:76 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:81 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:86 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:96 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Keytab or password is required for getting otp] **** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:112 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:120 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Report error for OTP generation] ******************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:139 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Store the previously obtained OTP] ***************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:145 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Store predefined OTP in admin_password] ********************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:154 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Check if principal and keytab are set] ************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:170 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:174 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Purge IPADOMAIN.TEST from host keytab] ************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:182 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Backup and set hostname] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:195 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Join IPA] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:200 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : fail] ******************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:222 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : fail] ******************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:227 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : fail] ******************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:230 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure IPA default.conf] ************************ transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:242 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure SSSD] ************************************ transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:251 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:273 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:287 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"ca_enabled": true, "changed": true, "subject_base": "O=IPADOMAIN.TEST"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Fix IPA ca] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:295 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Create IPA NSS database] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:305 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"ca_enabled_ra": true, "changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure SSH and SSHD] **************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:336 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure automount] ******************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:344 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure firefox] ********************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:350 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure NIS] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:355 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:373 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Cleanup leftover ccache] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:379 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Uninstall IPA client] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:16 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Enable IPA] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:414 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Cleanup root IPA cache] **************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:421 transport.py 563 DEBUG ok: [master.ipadomain.test] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Configure firewalld] ******************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:427 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.367099", "end": "2020-07-10 03:36:01.437760", "rc": 0, "start": "2020-07-10 03:36:01.070661", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Install - Configure firewalld runtime] *********************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:439 transport.py 563 DEBUG changed: [master.ipadomain.test] => {"changed": true, "cmd": ["firewall-cmd", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.330382", "end": "2020-07-10 03:36:02.215763", "rc": 0, "start": "2020-07-10 03:36:01.885381", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Cleanup temporary files] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/install.yml:453 transport.py 563 DEBUG ok: [master.ipadomain.test] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent"} transport.py 563 DEBUG ok: [master.ipadomain.test] => (item=/etc/ipa/.tmp_pkcs12_http) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent"} transport.py 563 DEBUG ok: [master.ipadomain.test] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaserver : Uninstall IPA server] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaserver/tasks/main.yml:16 transport.py 563 DEBUG skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG META: ran handlers transport.py 563 DEBUG META: ran handlers transport.py 563 DEBUG transport.py 563 DEBUG PLAY RECAP ********************************************************************* transport.py 563 DEBUG master.ipadomain.test : ok=40 changed=22 unreachable=0 failed=0 skipped=31 rescued=0 ignored=0 transport.py 563 DEBUG channel.py 1212 DEBUG [chan 1] EOF received (1) channel.py 1212 DEBUG [chan 1] EOF sent (1) transport.py 217 DEBUG Exit code: 0 channel.py 1212 DEBUG [chan 1] Max packet in: 32768 bytes channel.py 1212 DEBUG [chan 1] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 1 opened. transport.py 318 INFO RUN ['ipactl', 'status'] transport.py 519 DEBUG RUN ['ipactl', 'status'] channel.py 1212 DEBUG [chan 1] Sesch channel 1 request ok transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory transport.py 563 DEBUG Directory Service: RUNNING transport.py 563 DEBUG krb5kdc Service: RUNNING transport.py 563 DEBUG kadmin Service: RUNNING transport.py 563 DEBUG named Service: RUNNING transport.py 563 DEBUG httpd Service: RUNNING transport.py 563 DEBUG ipa-custodia Service: RUNNING transport.py 563 DEBUG pki-tomcatd Service: RUNNING transport.py 563 DEBUG ipa-otpd Service: RUNNING transport.py 563 DEBUG ipa-dnskeysyncd Service: RUNNING transport.py 563 DEBUG ipa: INFO: The ipactl command was successful channel.py 1212 DEBUG [chan 1] EOF received (1) channel.py 1212 DEBUG [chan 1] EOF sent (1) transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE inventory/replicas.hosts sftp.py 158 DEBUG [chan 0] open(b'inventory/replicas.hosts', 'wb') sftp.py 158 DEBUG [chan 0] open(b'inventory/replicas.hosts', 'wb') -> 00000000 sftp.py 158 DEBUG [chan 0] close(00000000) transport.py 329 INFO PUT install-replicas.yaml sftp.py 158 DEBUG [chan 0] open(b'install-replicas.yaml', 'wb') sftp.py 158 DEBUG [chan 0] open(b'install-replicas.yaml', 'wb') -> 00000000 sftp.py 158 DEBUG [chan 0] close(00000000) sftp.py 158 DEBUG [chan 0] stat(b'install-replicas.yaml') channel.py 1212 DEBUG [chan 2] Max packet in: 32768 bytes channel.py 1212 DEBUG [chan 2] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 2 opened. transport.py 318 INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/replicas.hosts', 'install-replicas.yaml'] transport.py 519 DEBUG RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/replicas.hosts', 'install-replicas.yaml'] channel.py 1212 DEBUG [chan 2] Sesch channel 2 request ok transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory* * * * * * transport.py 563 DEBUG transport.py 563 DEBUG PLAY RECAP ********************************************************************* transport.py 563 DEBUG replica1.ipadomain.test : ok=54 changed=36 unreachable=0 failed=0 skipped=28 rescued=0 ignored=0 transport.py 563 DEBUG channel.py 1212 DEBUG [chan 2] EOF received (2) channel.py 1212 DEBUG [chan 2] EOF sent (2) transport.py 217 DEBUG Exit code: 0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:4663 |