Bug 2183820
| Summary: | [ansible-freeipa] The group module throws an error while adding members for an external group. | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> | |
| Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> | |
| Status: | CLOSED ERRATA | QA Contact: | Varun Mylaraiah <mvarun> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.8 | CC: | ftrivino | |
| Target Milestone: | rc | Keywords: | Triaged | |
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | ansible-freeipa-1.10.0-1.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2183822 (view as bug list) | Environment: | ||
| Last Closed: | 2023-11-14 15:26:32 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2174310, 2183822 | |||
Upstream PR: https://github.com/freeipa/ansible-freeipa/pull/1072 Verified ansible-2.9.27-1.el8ae.noarch ansible-freeipa-1.10.0-1.el8.noarch Passed ansible_freeipa_tests/group/test_group.py::TestExternalGroupWithMembers::test_add_group_member_to_externalgroup ------------------------------ Captured log call ------------------------------- INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['ipactl', 'status'] DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:519 RUN ['ipactl', 'status'] DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 ipa: INFO: The ipactl command was successful DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 Directory Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 krb5kdc Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 kadmin Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 named Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 httpd Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 ipa-custodia Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 pki-tomcatd Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 ipa-otpd Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:563 ipa-dnskeysyncd Service: RUNNING DEBUG pytest_multihost.host.Host.master.cmd68:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['yum', 'remove', 'ipa-server-ad', '-y'] DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:519 RUN ['yum', 'remove', 'ipa-server-ad', '-y'] DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 No match for argument: ipa-server-ad DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 No packages marked for removal. DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 Dependencies resolved. DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 Nothing to do. DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:563 Complete! DEBUG pytest_multihost.host.Host.master.cmd69:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['kinit', 'admin'] DEBUG pytest_multihost.host.Host.master.cmd70:transport.py:519 RUN ['kinit', 'admin'] DEBUG pytest_multihost.host.Host.master.cmd70:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd70:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd70:transport.py:563 Password for admin: DEBUG pytest_multihost.host.Host.master.cmd70:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['ipa', 'group-add', '51externaltestgroup', '--external'] DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:519 RUN ['ipa', 'group-add', '51externaltestgroup', '--external'] DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:563 --------------------------------- DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:563 Added group "51externaltestgroup" DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:563 --------------------------------- DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:563 Group name: 51externaltestgroup DEBUG pytest_multihost.host.Host.master.cmd71:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['ipa', 'group-add', '52externaltestgroup', '--external'] DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:519 RUN ['ipa', 'group-add', '52externaltestgroup', '--external'] DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:563 --------------------------------- DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:563 Added group "52externaltestgroup" DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:563 --------------------------------- DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:563 Group name: 52externaltestgroup DEBUG pytest_multihost.host.Host.master.cmd72:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:433 PUT inventory/group.hosts DEBUG pytest_multihost.host.Host.ansible.cmd41:transport.py:519 RUN ['tee', 'inventory/group.hosts'] DEBUG pytest_multihost.host.Host.ansible.cmd41:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:433 PUT group_module.yml DEBUG pytest_multihost.host.Host.ansible.cmd42:transport.py:519 RUN ['tee', 'group_module.yml'] DEBUG pytest_multihost.host.Host.ansible.cmd42:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.ansible.OpenSSHTransport:transport.py:397 RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/group.hosts', 'group_module.yml'] DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:519 RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/group.hosts', 'group_module.yml'] DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 ansible-playbook 2.9.27 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 config file = /etc/ansible/ansible.cfg DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 ansible python module location = /usr/lib/python3.6/site-packages/ansible DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 executable location = /usr/bin/ansible-playbook DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 python version = 3.6.8 (default, Jan 23 2023, 22:31:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Using /etc/ansible/ansible.cfg as config file DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'actionable', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'counter_enabled', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'debug', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'dense', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'dense', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'full_skip', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'json', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'minimal', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'null', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'oneline', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'selective', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'skippy', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'stderr', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'unixy', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 Skipping callback 'yaml', as we already have a stdout callback. DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 PLAYBOOK: group_module.yml ***************************************************** DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 1 plays in group_module.yml DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 PLAY [Playbook to ensure members are added to the external group (without trust-ad) Bug#2183820/Bug#2183822] *** DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 TASK [Gathering Facts] ********************************************************* DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 task path: /root/group_module.yml:2 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 ok: [master.ipadomain.test] DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 META: ran handlers DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 TASK [ipagroup] **************************************************************** DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 task path: /root/group_module.yml:8 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 changed: [master.ipadomain.test] => {"changed": true} DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 META: ran handlers DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 META: ran handlers DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 PLAY RECAP ********************************************************************* DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 master.ipadomain.test : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:563 DEBUG pytest_multihost.host.Host.ansible.cmd43:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['kinit', 'admin'] DEBUG pytest_multihost.host.Host.master.cmd73:transport.py:519 RUN ['kinit', 'admin'] DEBUG pytest_multihost.host.Host.master.cmd73:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd73:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd73:transport.py:563 Password for admin: DEBUG pytest_multihost.host.Host.master.cmd73:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['ipa', 'group-show', '51externaltestgroup', '--all'] DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:519 RUN ['ipa', 'group-show', '51externaltestgroup', '--all'] DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 dn: cn=51externaltestgroup,cn=groups,cn=accounts,dc=ipadomain,dc=test DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 Group name: 51externaltestgroup DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 Member users: gmm_user01, gmm_user02 DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 Member groups: 52externaltestgroup, gmm_group01 DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 ipauniqueid: 95472136-dea3-11ed-b228-fa163ee87b3b DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:563 objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, ipaexternalgroup DEBUG pytest_multihost.host.Host.master.cmd74:transport.py:217 Exit code: 0 INFO pytest_multihost.host.Host.master.OpenSSHTransport:transport.py:397 RUN ['kdestroy', '-A'] DEBUG pytest_multihost.host.Host.master.cmd75:transport.py:519 RUN ['kdestroy', '-A'] DEBUG pytest_multihost.host.Host.master.cmd75:transport.py:563 bash: line 1: cd: /root/multihost_tests: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd75:transport.py:563 bash: line 2: /root/multihost_tests/env.sh: No such file or directory DEBUG pytest_multihost.host.Host.master.cmd75:transport.py:217 Exit code: 0 *** Bug 2174309 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6926 |
Description of problem: While using the ansible-freeipa group module to add members for an external group, I noticed an error [1], but the members were still added. However, when I tested it on the CLI, I did not encounter any errors. Even though the ipa-server-ad was not installed during the CLI testing, no error messages appeared. However, when I attempted to add members using ansible-freeipa, I received an error message. [1]Error: Cannot perform external member validation without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA on the serve [root@ansible ~]# rpm -qa ansible-freeipa ansible-freeipa-1.9.2-1.el8 Steps to Reproduce: ================ CLI Console output: ================ [root@master ~]# rpm -qa ipa-server-trust-ad [root@master ~]# [root@master ~]# ipa group-add testgroup02 ------------------------- Added group "testgroup02" ------------------------- Group name: testgroup02 GID: 1834400014 [root@master ~]# ipa group-add 02externaltestgroup --external --------------------------------- Added group "02externaltestgroup" --------------------------------- Group name: 02externaltestgroup [root@master ~]# ipa group-add-member 02externaltestgroup --group=testgroup02 Group name: 02externaltestgroup Member groups: testgroup02 ------------------------- Number of members added 1 ------------------------- [root@master ~]# ipa group-show 02externaltestgroup --all dn: cn=02externaltestgroup,cn=groups,cn=accounts,dc=ipadomain,dc=test Group name: 02externaltestgroup Member groups: testgroup02 ipauniqueid: f915df96-cf9d-11ed-b09c-fa163ede193d objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, ipaexternalgroup ======================= anisble-freeipa console output ======================= [root@master ~]# rpm -qa ipa-server-trust-ad [root@master ~]# ipa group-add testgroup01 ------------------------- Added group "testgroup01" ------------------------- Group name: testgroup01 GID: 1078400013 [root@master ~]# ipa group-add 01externaltestgroup --external --------------------------------- Added group "01externaltestgroup" --------------------------------- Group name: 01externaltestgroup [root@ansible ~]# cat extergroupmembers.yaml --- - name: Playbook to ensure a group member is present hosts: ipaserver become: true tasks: # add group member - ipagroup: ipaadmin_password: Secret.123 name: 01externaltestgroup action: member group: - testgroup01 # ansible-playbook -v -i inventory/group.hosts extergroupmembers.yaml Using /root/ansible.cfg as config file PLAY [Playbook to ensure a group member is present] ************************************************************* TASK [Gathering Facts] ****************************************************************************************** ok: [master.ipadomain.test] TASK [ipagroup] ************************************************************************************************* fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "group_add_member: 01externaltestgroup: Cannot perform external member validation without Samba 4 support installed. Make sure you have installed server-trust-ad sub-package of IPA on the server"} PLAY RECAP ****************************************************************************************************** master.ipadomain.test : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 Additional info: https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/group.py#L629