Bug 2132989

Summary: ansible-freeipa Replica Install Setup DNS fails [rhel-8.6.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: ansible-freeipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.5CC: ftrivino, mjurasek, mvarun, rjeffman
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: ansible-freeipa-1.6.3-2.el8_6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2120415 Environment:
Last Closed: 2022-10-25 09:34:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2120415    
Bug Blocks:    

Comment 4 Varun Mylaraiah 2022-10-13 09:57:39 UTC 
Verified

ansible-2.9.27-1.el8ae.noarch
ansible-freeipa-1.6.3-2.el8_6.noarch

Passed	ansible_freeipa_tests/replica/test_idm_deploy_replica.py::TestReplicaWithDNS::test_replica_with_dns
 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Replica preparation] ******************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:151
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"_add_to_ipaservers": true, "_ca_enabled": true, "_ca_file": "/etc/ipa/ca.crt", "_ca_subject": "CN=Certificate Authority,O=IPADOMAIN.TEST", "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_http_ca_cert": null, "_http_pkcs12_info": null, "_kra_enabled": false, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "_subject_base": "O=IPADOMAIN.TEST", "_top_dir": "/tmp/tmpvmu4h1s1ipa", "adtrust_netbios_name": "IPADOMAIN", "adtrust_reset_netbios_name": false, "ccache": "/tmp/krbcctn_i585e/ccache", "changed": true, "config_ca_host_name": "master.ipadomain.test", "config_ips": ["10.0.195.162"], "config_kra_host_name": "master.ipadomain.test", "config_master_host_name": "master.ipadomain.test", "config_setup_ca": false, "dns_ip_addresses": ["10.0.195.162"], "dns_reverse_zones": [], "forward_policy": "only", "installer_ccache": "/tmp/tmpr4a80wde", "no_dnssec_validation": true, "rid_base": 1000, "secondary_rid_base": 100000000, "subject_base": "O=IPADOMAIN.TEST"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Add to ipaservers] ********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:207
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Create dirman password] ***************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:219
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Set dirman password] ******************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:225
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 ok: [replica1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup certmonger] *********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:231
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Install CA certs] *********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:235
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true, "config_ca_host_name": "master.ipadomain.test", "config_master_host_name": "master.ipadomain.test"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup DS] *****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:277
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true, "ds_ca_subject": "CN=Certificate Authority,O=IPADOMAIN.TEST", "ds_suffix": "dc=ipadomain,dc=test"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Create IPA conf] **********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:321
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup KRB] ****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:360
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true, "config_master_host_name": "master.ipadomain.test"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Create override IPA conf] *************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:379
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - DS enable SSL] ************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:421
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup http] ***************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:442
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Create original IPA conf again] *******************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:463
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup otpd] ***************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:503
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup custodia] ***********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:520
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup CA] *****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:541
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - KRB enable SSL] ***********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:570
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - DS apply updates] *********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:588
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup kra] ****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:609
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 skipping: [replica1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Restart KDC] **************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:649
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Custodia import dm password] **********************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:666
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Promote SSSD] *************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:688
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Promote openldap.conf] ****************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:701
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup DNS] ****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:714
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Setup adtrust] ************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:738
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Enable IPA] ***************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:762
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 changed: [replica1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Install - Cleanup root IPA cache] ***************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:779
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 ok: [replica1.ipadomain.test] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Cleanup temporary files] ************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/install.yml:786
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 ok: [replica1.ipadomain.test] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 ok: [replica1.ipadomain.test] => (item=/etc/ipa/.tmp_pkcs12_http) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 ok: [replica1.ipadomain.test] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 TASK [ipareplica : Uninstall IPA replica] **************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 task path: /usr/share/ansible/roles/ipareplica/tasks/main.yml:23
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 skipping: [replica1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 META: ran handlers
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 META: ran handlers
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 PLAY RECAP *********************************************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 replica1.ipadomain.test    : ok=56   changed=37   unreachable=0    failed=0    skipped=28   rescued=0    ignored=0   
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:563 
DEBUG    paramiko.transport:channel.py:1212 [chan 8] EOF received (8)
DEBUG    paramiko.transport:channel.py:1212 [chan 8] EOF sent (8)
DEBUG    pytest_multihost.host.Host.ansible.cmd8:transport.py:217 Exit code: 0



Based on the test result, marking the bug Verified
Comment 9 errata-xmlrpc 2022-10-25 09:34:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7130