Description of problem: Version-Release number of selected component: anaconda-22.20.1-1 The following was filed automatically by anaconda: anaconda 22.20.1-1 exception report Traceback (most recent call first): File "/usr/lib64/python2.7/site-packages/pyanaconda/kickstart.py", line 569, in execute rc = iutil.execWithRedirect("realm", argv)[0] File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 112, in doConfiguration ksdata.realm.execute(storage, ksdata, instClass) File "/usr/lib64/python2.7/threading.py", line 766, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 238, in run threading.Thread.run(self, *args, **kwargs) TypeError: 'int' object has no attribute '__getitem__' Additional info: addons: com_redhat_kdump cmdline: /usr/bin/python2 /sbin/anaconda cmdline_file: method=http://dl.fedoraproject.org/pub/alt/stage/22_Alpha_TC7/Server/x86_64/os/ ks=file:/fedora0.ks console=tty0 console=ttyS0,115200 executable: /sbin/anaconda hashmarkername: anaconda kernel: 4.0.0-0.rc1.git0.1.fc22.x86_64 product: Fedora" release: Cannot get release name. type: anaconda version: Fedora
Created attachment 996350 [details] File: anaconda-tb
Created attachment 996351 [details] File: anaconda.log
Created attachment 996352 [details] File: dnf.log
Created attachment 996353 [details] File: dnf.rpm.log
Created attachment 996354 [details] File: environ
Created attachment 996355 [details] File: ks.cfg
Created attachment 996356 [details] File: lsblk_output
Created attachment 996357 [details] File: nmcli_dev_list
Created attachment 996358 [details] File: os_info
Created attachment 996359 [details] File: program.log
Created attachment 996360 [details] File: storage.log
Created attachment 996361 [details] File: syslog
Created attachment 996362 [details] File: ifcfg.log
Created attachment 996363 [details] File: packaging.log
Failure occurred testing kickstart with realm join. I am able to join successfully after a kickstart but, not when realm is included in ks.cfg. Something to note (not sure if it's related though) is that when I do successfully join an IPA domain using realmd after kickstart, I do have to install python-sssdconfig. [root@fedora0 ~]# realm join -v --one-time-password=MyPassword example.test * Resolving: _ldap._tcp.example.test * Performing LDAP DSE lookup on: 192.168.122.201 * Successfully discovered: example.test * Required files: /usr/sbin/ipa-client-install, /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd * LANG=C /usr/sbin/ipa-client-install --domain example.test --realm EXAMPLE.TEST --mkhomedir --enable-dns-updates --unattended --force-join --password MyPassword --force-ntpd There was a problem importing one of the required Python modules. The error was: No module named SSSDConfig ! Running ipa-client-install failed realm: Couldn't join realm: Running ipa-client-install failed [root@fedora0 ~]# dnf -y install python-sssdconfig Using metadata from Sat Feb 28 03:46:08 2015 Dependencies resolved. ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Installing: python-sssdconfig noarch 1.12.4-2.fc22 updates-testing 96 k Transaction Summary ======================================================================================================= Install 1 Package Total download size: 96 k Installed size: 219 k Downloading Packages: python-sssdconfig-1.12.4-2.fc22.noarch.rpm 13 kB/s | 96 kB 00:07 ------------------------------------------------------------------------------------------------------- Total 1.5 kB/s | 96 kB 01:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : python-sssdconfig-1.12.4-2.fc22.noarch 1/1 Verifying : python-sssdconfig-1.12.4-2.fc22.noarch 1/1 Installed: python-sssdconfig.noarch 1.12.4-2.fc22 Complete! [root@fedora0 ~]# realm join -v --one-time-password=MyPassword example.test * Resolving: _ldap._tcp.example.test * Performing LDAP DSE lookup on: 192.168.122.201 * Successfully discovered: example.test * Required files: /usr/sbin/ipa-client-install, /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd * LANG=C /usr/sbin/ipa-client-install --domain example.test --realm EXAMPLE.TEST --mkhomedir --enable-dns-updates --unattended --force-join --password MyPassword --force-ntpd Discovery was successful! Hostname: fedora0.example.test Realm: EXAMPLE.TEST DNS Domain: example.test IPA Server: vm1.example.test BaseDN: dc=example,dc=test Synchronizing time with KDC... Downloading the CA certificate via HTTP, this is INSECURE Successfully retrieved CA cert Subject: CN=Certificate Authority,O=EXAMPLE.TEST Issuer: CN=Certificate Authority,O=EXAMPLE.TEST Valid From: Wed Feb 11 23:46:12 2015 UTC Valid Until: Sun Feb 11 23:46:12 2035 UTC Enrolled in IPA realm EXAMPLE.TEST Created /etc/ipa/default.conf New SSSD config will be created Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.TEST trying https://vm1.example.test/ipa/json Forwarding 'ping' to json server 'https://vm1.example.test/ipa/json' Forwarding 'ca_is_enabled' to json server 'https://vm1.example.test/ipa/json' Systemwide CA database updated. Added CA certificates to the default NSS database. DNS server record set to: fedora0.example.test -> 192.168.122.30 Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://vm1.example.test/ipa/json' SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring example.test as NIS domain. Client configuration complete. * /usr/bin/systemctl enable sssd.service * /usr/bin/systemctl restart sssd.service * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service * Successfully enrolled machine in realm [root@fedora0 ~]# id admin uid=252400000(admin) gid=252400000(admins) groups=252400000(admins) [root@fedora0 ~]#
I forgot to mention that this was seen running the kickstart via virt-install. I don't think that affects things but, it's more information. qemu-img create -f qcow2 -o preallocation=metadata $DISKIMAGE 8G virt-install --connect=qemu:///system \ --network=bridge:virbr0 \ --initrd-inject=/tmp/${VMNAME}.ks \ --extra-args="ks=file:/${VMNAME}.ks $EXTRAARGS" \ --name=$VMNAME \ --disk path=$DISKIMAGE,format=qcow2,size=8 \ --ram 1024 \ --vcpus=1 \ --check-cpu \ --hvm \ --location=$OSIMG \ --nographics with ${VMNAME}.ks being the ks.cfg included from comment #6.
This is the Fedora Release Alpha Criteria that I think applies to this bug: https://fedoraproject.org/wiki/Fedora_22_Alpha_Release_Criteria#Remote_authentication
Discussed at today's blocker review meeting [1]. This bug was accepted as Alpha Blocker - This bug is a clear violation of the Alpha criterion: "It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain." http://meetbot.fedoraproject.org/fedora-blocker-review/2015-03-02/
python-blivet-1.0.1-1.fc22, anaconda-22.20.2-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/anaconda-22.20.2-1.fc22,python-blivet-1.0.1-1.fc22
Package python-blivet-1.0.1-1.fc22, anaconda-22.20.2-1.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing python-blivet-1.0.1-1.fc22 anaconda-22.20.2-1.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-3110/anaconda-22.20.2-1.fc22,python-blivet-1.0.1-1.fc22 then log in and leave karma (feedback).
anaconda-22.20.3-1.fc22, python-blivet-1.0.2-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/python-blivet-1.0.2-1.fc22,anaconda-22.20.3-1.fc22
So the updates previously submitted (#c20 and #c21) were unpushed because of major problems caused by the new python-blivet. However, looking through the changelogs, nothing in python-blivet 1.0.1 is actually needed to fix an Alpha blocker. The important fixes were in anaconda-22.20.2. Looking through the anaconda 22.20.1 -> 22.20.2 changes, I don't see anything that requires blivet 1.0.1 either. So I believe all we need for Alpha - currently, at least - is an update containing anaconda-22.20.2-1.fc22 (note: *NOT* 22.20.3) and no blivet update. I have tested a live compose with blivet 1.0 and anaconda 22.20.2 and it worked fine. If we then find further blockers in anaconda we would have to revert the commits that adjusted to blivet 1.0.1 or create a new branch starting from 22.20.2, and if we found further blockers in blivet we would have to create a branch from 1.0.0. But both of those seem perfectly possible, right? We don't need any builds-to-obsolete-old-builds or epoch bumps or anything awkward like that.
anaconda-22.20.2-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/anaconda-22.20.2-1.fc22
Package anaconda-22.20.2-1.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-22.20.2-1.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-3284/anaconda-22.20.2-1.fc22 then log in and leave karma (feedback).
This looks like it's fixed. Using same test as above with RC3: From anaconda.log: 16:21:48,840 INFO anaconda: /sbin/anaconda 22.20.2-1 From program.log: 16:25:29,353 INFO program: Running... realm join --install /mnt/sysimage --verbose --one-time-password=MyPassword example.test 16:25:46,172 INFO program: * Resolving: _ldap._tcp.example.test 16:25:46,177 INFO program: * Performing LDAP DSE lookup on: 192.168.122.201 16:25:46,177 INFO program: * Successfully discovered: example.test 16:25:46,177 INFO program: * Assuming packages are installed 16:25:46,177 INFO program: * LANG=C /usr/sbin/ipa-client-install --domain example.test --realm EXAMPLE.TEST --mkhomedir --enable-dns-updates --unattended --force-join --password MyPassword --force-ntpd 16:25:46,178 INFO program: Discovery was successful! 16:25:46,178 INFO program: Hostname: fedora0.example.test 16:25:46,178 INFO program: Realm: EXAMPLE.TEST 16:25:46,178 INFO program: DNS Domain: example.test 16:25:46,178 INFO program: IPA Server: vm1.example.test 16:25:46,178 INFO program: BaseDN: dc=example,dc=test 16:25:46,178 INFO program: Synchronizing time with KDC... 16:25:46,179 INFO program: Downloading the CA certificate via HTTP, this is INSECURE 16:25:46,179 INFO program: Successfully retrieved CA cert 16:25:46,179 INFO program: Subject: CN=Certificate Authority,O=EXAMPLE.TEST 16:25:46,179 INFO program: Issuer: CN=Certificate Authority,O=EXAMPLE.TEST 16:25:46,179 INFO program: Valid From: Wed Feb 11 23:46:12 2015 UTC 16:25:46,179 INFO program: Valid Until: Sun Feb 11 23:46:12 2035 UTC 16:25:46,179 INFO program: 16:25:46,180 INFO program: Enrolled in IPA realm EXAMPLE.TEST 16:25:46,180 INFO program: Created /etc/ipa/default.conf 16:25:46,180 INFO program: New SSSD config will be created 16:25:46,180 INFO program: Configured sudoers in /etc/nsswitch.conf 16:25:46,180 INFO program: Configured /etc/sssd/sssd.conf 16:25:46,180 INFO program: Configured /etc/krb5.conf for IPA realm EXAMPLE.TEST 16:25:46,180 INFO program: trying https://vm1.example.test/ipa/json 16:25:46,181 INFO program: Forwarding 'ping' to json server 'https://vm1.example.test/ipa/json' 16:25:46,181 INFO program: Forwarding 'ca_is_enabled' to json server 'https://vm1.example.test/ipa/json' 16:25:46,181 INFO program: Systemwide CA database updated. 16:25:46,181 INFO program: Added CA certificates to the default NSS database. 16:25:46,181 INFO program: DNS server record set to: fedora0.example.test -> 192.168.122.30 16:25:46,181 INFO program: Forwarding 'host_mod' to json server 'https://vm1.example.test/ipa/json' 16:25:46,181 INFO program: SSSD enabled 16:25:46,182 INFO program: Configured /etc/openldap/ldap.conf 16:25:46,182 INFO program: Unable to find 'admin' user with 'getent passwd admin'! 16:25:46,182 INFO program: Unable to reliably detect configuration. Check NSS setup manually. 16:25:46,182 INFO program: NTP enabled 16:25:46,182 INFO program: Configured /etc/ssh/ssh_config 16:25:46,182 INFO program: Configured /etc/ssh/sshd_config 16:25:46,182 INFO program: Configuring example.test as NIS domain. 16:25:46,183 INFO program: Client configuration complete. 16:25:46,183 INFO program: 16:25:46,183 INFO program: * /usr/bin/systemctl enable sssd.service 16:25:46,183 INFO program: * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service 16:25:46,183 INFO program: Running in chroot, ignoring request. 16:25:46,183 INFO program: * Successfully enrolled machine in realm [root@fedora0 anaconda]# id admin uid=252400000(admin) gid=252400000(admins) groups=252400000(admins) Looks good. I'll give karma too.
anaconda-22.20.2-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.