Bug 1935123
| Summary: | [ansible-freepa] ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab returned 7) [rhel-8.5.0] | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | RHEL Program Management Team <pgm-rhel-tools> | |
| Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> | |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.4 | CC: | lmiksik, mvarun, pcech, twoerner | |
| Target Milestone: | rc | Keywords: | Regression, TestBlocker, Triaged | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | ansible-freeipa-0.3.6-1.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | 1931381 | |||
| : | 1973169 (view as bug list) | Environment: | ||
| Last Closed: | 2021-11-09 18:45:36 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1931381 | |||
| Bug Blocks: | 1973169 | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4268 |
Verified: ansible-freeipa-0.3.6-3.el8.noarch ipa-server-4.9.3-1.module+el8.5.0+10565+ae980a94.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.5 Beta (Ootpa) Passed ansible_freeipa_tests/client/test_idm_deploy_client.py::TestClientTC07::()::test_specified_server_otp ------------------------------ Captured log call ------------------------------- channel.py 1212 DEBUG [chan 5] Max packet in: 32768 bytes channel.py 1212 DEBUG [chan 5] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 5 opened. transport.py 318 INFO RUN ['ipactl', 'status'] transport.py 519 DEBUG RUN ['ipactl', 'status'] channel.py 1212 DEBUG [chan 5] Sesch channel 5 request ok transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory transport.py 563 DEBUG Directory Service: RUNNING transport.py 563 DEBUG krb5kdc Service: RUNNING transport.py 563 DEBUG kadmin Service: RUNNING transport.py 563 DEBUG named Service: RUNNING transport.py 563 DEBUG httpd Service: RUNNING transport.py 563 DEBUG ipa-custodia Service: RUNNING transport.py 563 DEBUG pki-tomcatd Service: RUNNING transport.py 563 DEBUG ipa-otpd Service: RUNNING transport.py 563 DEBUG ipa-dnskeysyncd Service: RUNNING transport.py 563 DEBUG ipa: INFO: The ipactl command was successful channel.py 1212 DEBUG [chan 5] EOF received (5) channel.py 1212 DEBUG [chan 5] EOF sent (5) transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE inventory/clients.hosts sftp.py 158 DEBUG [chan 0] open(b'inventory/clients.hosts', 'wb') sftp.py 158 DEBUG [chan 0] open(b'inventory/clients.hosts', 'wb') -> 00000000 sftp.py 158 DEBUG [chan 0] close(00000000) transport.py 329 INFO PUT install-clients.yaml sftp.py 158 DEBUG [chan 0] open(b'install-clients.yaml', 'wb') sftp.py 158 DEBUG [chan 0] open(b'install-clients.yaml', 'wb') -> 00000000 sftp.py 158 DEBUG [chan 0] close(00000000) sftp.py 158 DEBUG [chan 0] stat(b'install-clients.yaml') channel.py 1212 DEBUG [chan 12] Max packet in: 32768 bytes channel.py 1212 DEBUG [chan 12] Max packet out: 32768 bytes transport.py 1819 DEBUG Secsh channel 12 opened. transport.py 318 INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/clients.hosts', 'install-clients.yaml'] transport.py 519 DEBUG RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/clients.hosts', 'install-clients.yaml'] channel.py 1212 DEBUG [chan 12] Sesch channel 12 request ok transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory transport.py 563 DEBUG ansible-playbook 2.9.22 transport.py 563 DEBUG config file = /etc/ansible/ansible.cfg transport.py 563 DEBUG configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] transport.py 563 DEBUG ansible python module location = /usr/lib/python3.6/site-packages/ansible transport.py 563 DEBUG executable location = /usr/bin/ansible-playbook transport.py 563 DEBUG python version = 3.6.8 (default, May 4 2021, 11:14:36) [GCC 8.4.1 20210423 (Red Hat 8.4.1-2)] transport.py 563 DEBUG Using /etc/ansible/ansible.cfg as config file transport.py 563 DEBUG Skipping callback 'actionable', as we already have a stdout callback. transport.py 563 DEBUG Skipping callback 'counter_enabled', as we already have a stdout callback. transport.py 563 DEBUG transport.py 563 DEBUG PLAYBOOK: install-clients.yaml ************************************************* transport.py 563 DEBUG 1 plays in install-clients.yaml transport.py 563 DEBUG transport.py 563 DEBUG PLAY [Playbook to configure IPA clients] *************************************** transport.py 563 DEBUG transport.py 563 DEBUG TASK [Gathering Facts] ********************************************************* transport.py 563 DEBUG task path: /root/install-clients.yaml:2 transport.py 563 DEBUG ok: [client1.ipadomain.test] transport.py 563 DEBUG META: ran handlers transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Import variables specific to distribution] ******************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4 transport.py 563 DEBUG ok: [client1.ipadomain.test] => (item=/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml) => {"ansible_facts": {"ipaclient_packages": ["@idm:DL1/client"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/RedHat-8.yml"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install IPA client] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:12 transport.py 563 DEBUG included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for client1.ipadomain.test transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} transport.py 563 DEBUG transport.py 563 DEBUG TASK [Install - Set ipaclient_servers] ***************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:10 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [Install - Set ipaclient_servers from cluster inventory] ****************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:15 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Check that either principal or keytab is set] ****** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:21 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Set default principal if no keytab is given] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:25 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - IPA client test] *********************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:30 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"basedn": "dc=ipadomain,dc=test", "changed": false, "client_already_configured": false, "client_domain": "ipadomain.test", "dnsok": true, "domain": "ipadomain.test", "hostname": "client1.ipadomain.test", "ipa_python_version": 40903, "kdc": "master.ipadomain.test", "ntp_pool": null, "ntp_servers": null, "realm": "IPADOMAIN.TEST", "servers": ["master.ipadomain.test"], "sssd": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Cleanup leftover ccache] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:56 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure NTP] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:61 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:73 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:78 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:83 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"ca_crt_exists": false, "changed": false, "krb5_conf_ok": false, "krb5_keytab_ok": false, "ping_test_ok": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:93 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Keytab or password is required for getting otp] **** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:109 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:113 transport.py 563 DEBUG changed: [client1.ipadomain.test -> master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Report error for OTP generation] ******************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:132 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Store the previously obtained OTP] ***************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:138 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Store predefined OTP in admin_password] ********************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:147 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Check if principal and keytab are set] ************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:163 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:167 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Purge IPADOMAIN.TEST from host keytab] ************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:175 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true, "cmd": ["/usr/sbin/ipa-rmkeytab", "-k", "/etc/krb5.keytab", "-r", "IPADOMAIN.TEST"], "delta": "0:00:00.005580", "end": "2021-06-20 18:40:55.351867", "failed_when_result": false, "msg": "non-zero return code", "rc": 7, "start": "2021-06-20 18:40:55.346287", "stderr": "Failed to set cursor 'No such file or directory'", "stderr_lines": ["Failed to set cursor 'No such file or directory'"], "stdout": "", "stdout_lines": []} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Backup and set hostname] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:192 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Join IPA] ****************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:197 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"already_joined": false, "changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : fail] ******************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:219 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : fail] ******************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:224 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : fail] ******************************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:227 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure IPA default.conf] ************************ transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:239 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure SSSD] ************************************ transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:248 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:270 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:284 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"ca_enabled": true, "changed": true, "subject_base": "O=IPADOMAIN.TEST"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Fix IPA ca] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:292 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Create IPA NSS database] *************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:302 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"ca_enabled_ra": true, "changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure SSH and SSHD] **************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:333 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure automount] ******************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:341 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure firefox] ********************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:347 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Configure NIS] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:353 transport.py 563 DEBUG changed: [client1.ipadomain.test] => {"changed": true} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:371 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Cleanup leftover ccache] ************************************* transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:377 transport.py 563 DEBUG ok: [client1.ipadomain.test] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} transport.py 563 DEBUG transport.py 563 DEBUG TASK [ipaclient : Uninstall IPA client] **************************************** transport.py 563 DEBUG task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:16 transport.py 563 DEBUG skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"} transport.py 563 DEBUG META: ran handlers transport.py 563 DEBUG META: ran handlers transport.py 563 DEBUG transport.py 563 DEBUG PLAY RECAP ********************************************************************* transport.py 563 DEBUG client1.ipadomain.test : ok=23 changed=12 unreachable=0 failed=0 skipped=18 rescued=0 ignored=0