Bug 2175767

Summary: [ansible-freeipa] ipaclient should provide option to enable subid in /etc/nsswitch.conf
Product: Red Hat Enterprise Linux 9 Reporter: Thomas Woerner <twoerner>
Component: ansible-freeipaAssignee: Denis Karpelevich <dkarpele>
Status: CLOSED ERRATA QA Contact: Varun Mylaraiah <mvarun>
Severity: unspecified Docs Contact: Filip Hanzelka <fhanzelk>
Priority: unspecified    
Version: 9.3CC: dkarpele, fhanzelk, gfialova, ipa-qe, mvarun, rjeffman
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-freeipa-1.10.0-1.el9 Doc Type: Enhancement
Doc Text:
.The `ipaclient` role now allows configuring user subID ranges on the IdM level With this update, the `ipaclient` `ansible-freeipa` role provides the `ipaclient_subid` option, using which you can configure subID ranges on the Identity Management (IdM) level. Without the new option set explicitly to `true`, the `ipaclient` role keeps the default behavior and installs the client without subID ranges configured for IdM users. Previously, the role configured the `sssd` `authselect` profile that in turn customized the `/etc/nsswitch.conf` file. The subID database did not use IdM and relied only on the local files of `/etc/subuid` and `/etc/subgid`.
 Story Points: ---
Clone Of: 2175766 Environment:
Last Closed: 2023-11-07 08:25:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2175766    
Bug Blocks:    

Description Thomas Woerner 2023-03-06 13:37:15 UTC 
+++ This bug was initially created as a clone of Bug #2175766 +++

Description of problem:
ipaclient should provide an option allowing to configure subid managed at IPA level.
Currently, ipaclient configures the sssd profile which in turns customizes /etc/nsswitch.conf but the subid database does not use IPA and relies only on the local files /etc/subuid and /etc/subgid.

This is the ansible-freeipa implementation.

Version-Release number of selected component (if applicable):
ansible-freeipa-1.9.2

Additional info:
FreeIPA issue: https://pagure.io/freeipa/issue/9159
ipa bug: https://bugzilla.redhat.com/show_bug.cgi?id=2068088
Comment 1 Thomas Woerner 2023-03-06 13:39:26 UTC 
Upstream PR: https://github.com/freeipa/ansible-freeipa/pull/974
Comment 6 Varun Mylaraiah 2023-04-20 03:04:01 UTC 
Verified

ansible-core-2.14.2-4.el9.x86_64
ansible-freeipa-1.10.0-1.el9.noarch

Passed	ansible_freeipa_tests/client/test_idm_deploy_client.py::TestClientTC28::test_nss_setup

------------------------------ Captured log call -------------------------------
INFO     pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['ipactl', 'status']
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:519 RUN ['ipactl', 'status']
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 ipa: INFO: The ipactl command was successful
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 Directory Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 krb5kdc Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 kadmin Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 named Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 httpd Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 ipa-custodia Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 pki-tomcatd Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 ipa-otpd Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:563 ipa-dnskeysyncd Service: RUNNING
DEBUG    pytest_multihost.host.Host.master.cmd23:transport.py:217 Exit code: 0
INFO     pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:397 RUN ['/usr/bin/rpm', '-q', 'ansible-freeipa']
DEBUG    pytest_multihost.host.Host.ansible.cmd95:transport.py:519 RUN ['/usr/bin/rpm', '-q', 'ansible-freeipa']
DEBUG    pytest_multihost.host.Host.ansible.cmd95:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory
DEBUG    pytest_multihost.host.Host.ansible.cmd95:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory
DEBUG    pytest_multihost.host.Host.ansible.cmd95:transport.py:563 ansible-freeipa-1.10.0-1.el9.noarch
DEBUG    pytest_multihost.host.Host.ansible.cmd95:transport.py:217 Exit code: 0
INFO     pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:433 PUT inventory/clients.hosts
DEBUG    pytest_multihost.host.Host.ansible.cmd96:transport.py:519 RUN ['tee', 'inventory/clients.hosts']
DEBUG    pytest_multihost.host.Host.ansible.cmd96:transport.py:217 Exit code: 0
INFO     pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:433 PUT install-clients.yaml
DEBUG    pytest_multihost.host.Host.ansible.cmd97:transport.py:519 RUN ['tee', 'install-clients.yaml']
DEBUG    pytest_multihost.host.Host.ansible.cmd97:transport.py:217 Exit code: 0
INFO     pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:397 RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/clients.hosts', 'install-clients.yaml']
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:519 RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/clients.hosts', 'install-clients.yaml']
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ansible-playbook [core 2.14.2]
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   config file = /etc/ansible/ansible.cfg
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   ansible python module location = /usr/lib/python3.11/site-packages/ansible
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   executable location = /usr/bin/ansible-playbook
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   python version = 3.11.2 (main, Feb 16 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3.11)
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   jinja version = 3.1.2
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563   libyaml = True
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 Using /etc/ansible/ansible.cfg as config file
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 Skipping callback 'default', as we already have a stdout callback.
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 Skipping callback 'minimal', as we already have a stdout callback.
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 Skipping callback 'oneline', as we already have a stdout callback.
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 PLAYBOOK: install-clients.yaml *************************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 1 plays in install-clients.yaml
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 PLAY [Playbook to configure IPA clients] ***************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [Gathering Facts] *********************************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /root/install-clients.yaml:2
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test]
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Import variables specific to distribution] *******************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:4
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => (item=/usr/share/ansible/roles/ipaclient/vars/default.yml) => {"ansible_facts": {"ipaclient_packages": ["ipa-client", "python3-libselinux"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaclient/vars/default.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaclient/vars/default.yml"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install IPA client] ******************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:19
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 included: /usr/share/ansible/roles/ipaclient/tasks/install.yml for client1.ipadomain.test
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Ensure that IPA client packages are installed] *****
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:4
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Set ipaclient_servers] *****************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:10
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ******
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:15
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Check that either password or keytab is set] *******
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:21
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Set default principal if no keytab is given] *******
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:26
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Fail on missing ipaclient_domain and ipaserver_domain] ***
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:36
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Fail on missing ipaclient_servers] *****************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:41
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure DNS resolver] ****************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:46
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - IPA client test] ***********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:52
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"basedn": "dc=ipadomain,dc=test", "changed": false, "client_already_configured": false, "client_domain": "ipadomain.test", "dnsok": true, "domain": "ipadomain.test", "hostname": "client1.ipadomain.test", "ipa_python_version": 41001, "kdc": "replica1.ipadomain.test,master.ipadomain.test", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "IPADOMAIN.TEST", "servers": ["replica1.ipadomain.test"], "sssd": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Cleanup leftover ccache] ***************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:82
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure NTP] *************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:87
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"changed": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] ***
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:99
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Disable One-Time Password for on_master] ***********
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:104
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ********
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:109
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"ca_crt_exists": false, "changed": false, "krb5_conf_ok": false, "krb5_keytab_ok": false, "ping_test_ok": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] ***
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:119
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Keytab or password is required for getting otp] ****
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:137
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Create temporary file for keytab] ******************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:142
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Copy keytab to server temporary file] **************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:151
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Get One-Time Password for client enrollment] *******
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:159
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Report error for OTP generation] *******************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:169
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Store the previously obtained OTP] *****************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:175
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Remove keytab temporary file] **********************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:182
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Store predefined OTP in admin_password] **********************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:189
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Check if principal and keytab are set] *************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:207
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Check if one of password or keytabs are set] *******
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:212
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - From host keytab, purge IPADOMAIN.TEST] ************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:220
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Backup and set hostname] ***************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:237
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Create temporary krb5 configuration] ***************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:242
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"changed": false, "krb_name": "/tmp/tmp4jw0d4b2"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Join IPA] ******************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:251
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"already_joined": false, "changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : The krb5 configuration is not correct] ***********************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:279
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : IPA test failed] *********************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:285
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Fail due to missing ca.crt file] *****************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:289
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure IPA default.conf] ************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:303
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure SSSD] ************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:312
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ******
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:334
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"ca_enabled": true, "changed": true, "subject_base": "O=IPADOMAIN.TEST"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Fix IPA ca] ****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:343
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Create IPA NSS database] ***************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:354
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"ca_enabled_ra": true, "changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure SSH and SSHD] ****************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:388
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure automount] *******************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:396
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure firefox] *********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:402
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure NIS] *************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:408
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Remove temporary krb5.conf] **********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:414
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true, "path": "/tmp/tmp4jw0d4b2", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure krb5 for IPA realm] **********************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:420
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Configure certmonger] ******************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:434
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] ***
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:444
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Cleanup leftover ccache] *************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:450
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Remove temporary krb5.conf] **********************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:455
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 ok: [client1.ipadomain.test] => {"changed": false, "path": "/tmp/tmp4jw0d4b2", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Remove temporary krb5.conf backup] ***************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/install.yml:461
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 changed: [client1.ipadomain.test] => {"changed": true, "path": "/tmp/tmp4jw0d4b2.ipabkp", "state": "absent"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 TASK [ipaclient : Uninstall IPA client] ****************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 task path: /usr/share/ansible/roles/ipaclient/tasks/main.yml:23
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 skipping: [client1.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 PLAY RECAP *********************************************************************
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 client1.ipadomain.test     : ok=24   changed=13   unreachable=0    failed=0    skipped=28   rescued=0    ignored=0   
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:563 
DEBUG    pytest_multihost.host.Host.ansible.cmd98:transport.py:217 Exit code: 0
INFO     pytest_multihost.host.Host.client1.OpenSSHTransport:transport.py:397 RUN grep "subid:" /etc/nsswitch.conf
DEBUG    pytest_multihost.host.Host.client1.cmd8:transport.py:519 RUN grep "subid:" /etc/nsswitch.conf
DEBUG    pytest_multihost.host.Host.client1.cmd8:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory
DEBUG    pytest_multihost.host.Host.client1.cmd8:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory
DEBUG    pytest_multihost.host.Host.client1.cmd8:transport.py:563 subid:      sss
DEBUG    pytest_multihost.host.Host.client1.cmd8:transport.py:217 Exit code: 0
INFO     pytest_multihost.host.Host.client1:util.py:79 The source "sss" for the database "subid" found in /etc/nsswitch.conf.
INFO     pytest_multihost.host.Host.client1.OpenSSHTransport:transport.py:397 RUN grep "sudoers:" /etc/nsswitch.conf
DEBUG    pytest_multihost.host.Host.client1.cmd9:transport.py:519 RUN grep "sudoers:" /etc/nsswitch.conf
DEBUG    pytest_multihost.host.Host.client1.cmd9:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory
DEBUG    pytest_multihost.host.Host.client1.cmd9:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory
ERROR    pytest_multihost.host.Host.client1.cmd9:transport.py:214 Exit code: 1
INFO     pytest_multihost.host.Host.client1:util.py:85 The database "sudoers" wasn't found in /etc/nsswitch.conf as expected.
Comment 11 errata-xmlrpc 2023-11-07 08:25:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6354
Comment 12 Red Hat Bugzilla 2024-03-08 04:25:27 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days