First off thanks to everyone who makes FreeIPA. Its an awesome product that we love.
We're working at breaking our application up into micro services and using docker containers and deployment automation. As part of this I have a deploy user in IPA and a rundeck server that performs tasks as this user. However, we need this user to be part of the local docker hosts "docker" group. Is this something I have to do manually per host? Is it possible to create a docker IPA group that will substitute for the local docker group and do it all in IPA? Our IPA version is 4.4. The servers are Centos 7.2 and the clients are ubuntu 16.04 LTS.
Thanks for the insight, references and help,
Jeff
On 13 Feb 2018, at 21:04, Jeff Goddard via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
First off thanks to everyone who makes FreeIPA. Its an awesome product that we love.
We're working at breaking our application up into micro services and using docker containers and deployment automation. As part of this I have a deploy user in IPA and a rundeck server that performs tasks as this user. However, we need this user to be part of the local docker hosts "docker" group. Is this something I have to do manually per host? Is it possible to create a docker IPA group that will substitute for the local docker group and do it all in IPA? Our IPA version is 4.4. The servers are Centos 7.2 and the clients are ubuntu 16.04 LTS.
Thanks for the insight, references and help,
I’m afraid the answer is ‘possible in general, but not with the versions you are running’, see https://sourceware.org/glibc/wiki/Proposals/GroupMerging and https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/
I’m afraid the answer is ‘possible in general, but not with the versions you are running’, see https://sourceware.org/glibc/wiki/Proposals/GroupMerging and https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/
Jakub Our use case for group merge functionality is very much as Jeff describeds above. Have been digging around looking for definitive requirements and proper configuration. What are the required freeipa/sssd, RHEL and glibc versions for group merging functionality? Our IdM servers are RHEL 7.4, freeipa 4.5, sssd 1.16 and client's are mix of RHEL 6.9, 7.2 and 7.4. Thank you
On Fri, Jul 20, 2018 at 09:55:37AM -0000, David McDaniel via FreeIPA-users wrote:
I’m afraid the answer is ‘possible in general, but not with the versions you are running’, see https://sourceware.org/glibc/wiki/Proposals/GroupMerging and https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/
Jakub Our use case for group merge functionality is very much as Jeff describeds above. Have been digging around looking for definitive requirements and proper configuration. What are the required freeipa/sssd, RHEL and glibc versions for group merging functionality? Our IdM servers are RHEL 7.4, freeipa 4.5, sssd 1.16 and client's are mix of RHEL 6.9, 7.2 and 7.4. Thank you
glibc should support this since 7.4: https://bugzilla.redhat.com/show_bug.cgi?id=1298975
Jeff Goddard via FreeIPA-users wrote:
First off thanks to everyone who makes FreeIPA. Its an awesome product that we love.
We're working at breaking our application up into micro services and using docker containers and deployment automation. As part of this I have a deploy user in IPA and a rundeck server that performs tasks as this user. However, we need this user to be part of the local docker hosts "docker" group. Is this something I have to do manually per host? Is it possible to create a docker IPA group that will substitute for the local docker group and do it all in IPA? Our IPA version is 4.4. The servers are Centos 7.2 and the clients are ubuntu 16.04 LTS.
Thanks for the insight, references and help,
SSSD can do group merging, https://sgallagh.wordpress.com/2016/01/28/remote-group-merging-for-fedora/
I don't know if your distributions have the right packages to do so.
rob
this is ipaclient-install.log
2019-06-11T04:45:38Z DEBUG Logging to /var/log/ipaclient-install.log 2019-06-11T04:45:38Z DEBUG ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': False, 'ip_addresses': None, 'configure_firefox': False, 'realm_name': 'SHS.DC', 'force_ntpd': False, 'on_master': True, 'no_nisdomain': False, 'ssh_trust_dns': False, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'shs.dc', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': None, 'enable_dns_updates': False, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': ['ipa-irvlt01.shs.dc'], 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': True, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': 'ipa-irvlt01.shs.dc', 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': False, 'log_file': None, 'uninstall': False} 2019-06-11T04:45:38Z DEBUG IPA version 4.6.4-10.el7.centos.3 2019-06-11T04:45:38Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2019-06-11T04:45:38Z DEBUG Starting external process 2019-06-11T04:45:38Z DEBUG args=/usr/sbin/selinuxenabled 2019-06-11T04:45:38Z DEBUG Process finished, return code=1 2019-06-11T04:45:38Z DEBUG stdout= 2019-06-11T04:45:38Z DEBUG stderr= 2019-06-11T04:45:38Z WARNING Using existing certificate '/etc/ipa/ca.crt'. 2019-06-11T04:45:38Z DEBUG [IPA Discovery] 2019-06-11T04:45:38Z DEBUG Starting IPA discovery with domain=shs.dc, servers=['ipa-irvlt01.shs.dc'], hostname=ipa-irvlt01.shs.dc 2019-06-11T04:45:38Z DEBUG Server and domain forced 2019-06-11T04:45:38Z DEBUG [Kerberos realm search] 2019-06-11T04:45:38Z DEBUG Kerberos realm forced 2019-06-11T04:45:38Z DEBUG [LDAP server check] 2019-06-11T04:45:38Z DEBUG Verifying that ipa-irvlt01.shs.dc (realm SHS.DC) is an IPA server 2019-06-11T04:45:38Z DEBUG Init LDAP connection to: ldap://ipa-irvlt01.shs.dc:389 2019-06-11T04:45:38Z DEBUG Search LDAP server for IPA base DN 2019-06-11T04:45:38Z DEBUG Check if naming context 'dc=shs,dc=dc' is for IPA 2019-06-11T04:45:38Z DEBUG Naming context 'dc=shs,dc=dc' is a valid IPA context 2019-06-11T04:45:38Z DEBUG Search for (objectClass=krbRealmContainer) in dc=shs,dc=dc (sub) 2019-06-11T04:45:38Z DEBUG Found: cn=SHS.DC,cn=kerberos,dc=shs,dc=dc 2019-06-11T04:45:38Z DEBUG Discovery result: Success; server=ipa-irvlt01.shs.dc, domain=shs.dc, kdc=ipa-irvlt01.shs.dc, basedn=dc=shs,dc=dc 2019-06-11T04:45:38Z DEBUG Validated servers: ipa-irvlt01.shs.dc 2019-06-11T04:45:38Z DEBUG will use discovered domain: shs.dc 2019-06-11T04:45:38Z DEBUG Using servers from command line, disabling DNS discovery 2019-06-11T04:45:38Z DEBUG will use provided server: ipa-irvlt01.shs.dc 2019-06-11T04:45:38Z DEBUG will use discovered realm: SHS.DC 2019-06-11T04:45:38Z DEBUG will use discovered basedn: dc=shs,dc=dc 2019-06-11T04:45:38Z INFO Client hostname: ipa-irvlt01.shs.dc 2019-06-11T04:45:38Z DEBUG Hostname source: Provided as option 2019-06-11T04:45:38Z INFO Realm: SHS.DC 2019-06-11T04:45:38Z DEBUG Realm source: Discovered from LDAP DNS records in ipa-irvlt01.shs.dc 2019-06-11T04:45:38Z INFO DNS Domain: shs.dc 2019-06-11T04:45:38Z DEBUG DNS Domain source: Forced 2019-06-11T04:45:38Z INFO IPA Server: ipa-irvlt01.shs.dc 2019-06-11T04:45:38Z DEBUG IPA Server source: Provided as option 2019-06-11T04:45:38Z INFO BaseDN: dc=shs,dc=dc 2019-06-11T04:45:38Z DEBUG BaseDN source: From IPA server ldap://ipa-irvlt01.shs.dc:389 2019-06-11T04:45:38Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2019-06-11T04:45:38Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2019-06-11T04:45:38Z INFO Skipping synchronizing time with NTP server. 2019-06-11T04:45:38Z DEBUG Backing up system configuration file '/etc/sssd/sssd.conf' 2019-06-11T04:45:38Z DEBUG -> Not backing up - '/etc/sssd/sssd.conf' doesn't exist 2019-06-11T04:45:38Z INFO New SSSD config will be created 2019-06-11T04:45:38Z DEBUG Backing up system configuration file '/etc/nsswitch.conf' 2019-06-11T04:45:38Z DEBUG Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index' 2019-06-11T04:45:38Z INFO Configured sudoers in /etc/nsswitch.conf 2019-06-11T04:45:38Z INFO Configured /etc/sssd/sssd.conf 2019-06-11T04:45:38Z DEBUG Initializing principal host/ipa-irvlt01.shs.dc@SHS.DC using keytab /etc/krb5.keytab 2019-06-11T04:45:38Z DEBUG using ccache /etc/ipa/.dns_ccache 2019-06-11T04:45:38Z DEBUG Attempt 1/5: success 2019-06-11T04:45:39Z DEBUG Starting external process 2019-06-11T04:45:39Z DEBUG args=/usr/bin/certutil -d dbm:/tmp/tmp1H6ZBB -N -f /tmp/tmp1H6ZBB/pwdfile.txt -f /tmp/tmp1H6ZBB/pwdfile.txt 2019-06-11T04:45:39Z DEBUG Process finished, return code=0 2019-06-11T04:45:39Z DEBUG stdout= 2019-06-11T04:45:39Z DEBUG stderr= 2019-06-11T04:45:39Z DEBUG Starting external process 2019-06-11T04:45:39Z DEBUG args=/usr/bin/certutil -d dbm:/tmp/tmp1H6ZBB -A -n CA certificate 1 -t C,, -a -f /tmp/tmp1H6ZBB/pwdfile.txt 2019-06-11T04:45:39Z DEBUG Process finished, return code=0 2019-06-11T04:45:39Z DEBUG stdout= 2019-06-11T04:45:39Z DEBUG stderr= 2019-06-11T04:45:39Z DEBUG failed to find session_cookie in persistent storage for principal 'host/ipa-irvlt01.shs.dc@SHS.DC' 2019-06-11T04:45:39Z INFO trying https://ipa-irvlt01.shs.dc/ipa/json 2019-06-11T04:45:39Z DEBUG New HTTP connection (ipa-irvlt01.shs.dc) 2019-06-11T04:45:39Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=zphJ%2fK0SiVFciLi5miiMyVf9e%2bVC903nL7WJinO9KOq2EvJEiRAObdEzdFRHCRUUU%2fjE2qEuNUiCYugrYyxDt9lA1s%2fTuzRyab8O%2bH3Y6qtHhbHqT6YgFzITDgd6KO5nBYn%2bMldFekKQGnJxUy%2bRo%2faiswX9U3HEHZuAsmfQuaZjeYUNc7oFSskwCufHmm1GpW7Sew8fassrz9S1q6V1rPaa8J8JvSvpKXZeu%2fD0vOU%3d;path=/ipa;httponly;secure;']' 2019-06-11T04:45:39Z DEBUG storing cookie 'ipa_session=MagBearerToken=zphJ%2fK0SiVFciLi5miiMyVf9e%2bVC903nL7WJinO9KOq2EvJEiRAObdEzdFRHCRUUU%2fjE2qEuNUiCYugrYyxDt9lA1s%2fTuzRyab8O%2bH3Y6qtHhbHqT6YgFzITDgd6KO5nBYn%2bMldFekKQGnJxUy%2bRo%2faiswX9U3HEHZuAsmfQuaZjeYUNc7oFSskwCufHmm1GpW7Sew8fassrz9S1q6V1rPaa8J8JvSvpKXZeu%2fD0vOU%3d;' for principal host/ipa-irvlt01.shs.dc@SHS.DC 2019-06-11T04:45:39Z DEBUG Created connection context.rpcclient_140569694939728 2019-06-11T04:45:39Z INFO [try 1]: Forwarding 'schema' to json server 'https://ipa-irvlt01.shs.dc/ipa/json' 2019-06-11T04:45:39Z DEBUG HTTP connection keep-alive (ipa-irvlt01.shs.dc) 2019-06-11T04:45:39Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']' 2019-06-11T04:45:39Z DEBUG storing cookie 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;' for principal host/ipa-irvlt01.shs.dc@SHS.DC 2019-06-11T04:45:39Z DEBUG Destroyed connection context.rpcclient_140569694939728 2019-06-11T04:45:39Z DEBUG importing all plugin modules in ipaclient.remote_plugins.schema$5131ac65... 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.remote_plugins.schema$5131ac65.plugins 2019-06-11T04:45:39Z DEBUG importing all plugin modules in ipaclient.plugins... 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.automember 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.automount 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.ca 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.cert 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.certmap 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.certprofile 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.csrgen 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.dns 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.hbacrule 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.hbactest 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.host 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.idrange 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.internal 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.location 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.migration 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.misc 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.otptoken 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.otptoken_yubikey 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.passwd 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.permission 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.rpcclient 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.server 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.service 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.sudorule 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.topology 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.trust 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.user 2019-06-11T04:45:39Z DEBUG importing plugin module ipaclient.plugins.vault 2019-06-11T04:45:41Z DEBUG found session_cookie in persistent storage for principal 'host/ipa-irvlt01.shs.dc@SHS.DC', cookie: 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d' 2019-06-11T04:45:41Z DEBUG setting session_cookie into context 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;' 2019-06-11T04:45:41Z INFO trying https://ipa-irvlt01.shs.dc/ipa/session/json 2019-06-11T04:45:41Z DEBUG New HTTP connection (ipa-irvlt01.shs.dc) 2019-06-11T04:45:41Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']' 2019-06-11T04:45:41Z DEBUG storing cookie 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;' for principal host/ipa-irvlt01.shs.dc@SHS.DC 2019-06-11T04:45:41Z DEBUG Created connection context.rpcclient_140569419915472 2019-06-11T04:45:41Z DEBUG Try RPC connection 2019-06-11T04:45:41Z INFO [try 1]: Forwarding 'ping' to json server 'https://ipa-irvlt01.shs.dc/ipa/session/json' 2019-06-11T04:45:41Z DEBUG HTTP connection keep-alive (ipa-irvlt01.shs.dc) 2019-06-11T04:45:41Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']' 2019-06-11T04:45:41Z DEBUG storing cookie 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;' for principal host/ipa-irvlt01.shs.dc@SHS.DC 2019-06-11T04:45:41Z INFO [try 1]: Forwarding 'ca_is_enabled' to json server 'https://ipa-irvlt01.shs.dc/ipa/session/json' 2019-06-11T04:45:41Z DEBUG HTTP connection keep-alive (ipa-irvlt01.shs.dc) 2019-06-11T04:45:42Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']' 2019-06-11T04:45:42Z DEBUG storing cookie 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;' for principal host/ipa-irvlt01.shs.dc@SHS.DC 2019-06-11T04:45:42Z DEBUG Starting external process 2019-06-11T04:45:42Z DEBUG args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -N -f /etc/ipa/nssdb/pwdfile.txt -f /etc/ipa/nssdb/pwdfile.txt 2019-06-11T04:45:42Z DEBUG Process finished, return code=0 2019-06-11T04:45:42Z DEBUG stdout= 2019-06-11T04:45:42Z DEBUG stderr= 2019-06-11T04:45:42Z DEBUG retrieving schema for SchemaCache url=ldap://ipa-irvlt01.shs.dc:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fd8de1109e0> 2019-06-11T04:45:42Z DEBUG Adding CA certificates to the IPA NSS database. 2019-06-11T04:45:42Z DEBUG Starting external process 2019-06-11T04:45:42Z DEBUG args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n SHS.DC IPA CA -t CT,C,C -a -f /etc/ipa/nssdb/pwdfile.txt 2019-06-11T04:45:42Z DEBUG Process finished, return code=0 2019-06-11T04:45:42Z DEBUG stdout= 2019-06-11T04:45:42Z DEBUG stderr= 2019-06-11T04:45:42Z DEBUG Starting external process 2019-06-11T04:45:42Z DEBUG args=/usr/bin/update-ca-trust 2019-06-11T04:45:43Z DEBUG Process finished, return code=0 2019-06-11T04:45:43Z DEBUG stdout= 2019-06-11T04:45:43Z DEBUG stderr= 2019-06-11T04:45:43Z INFO Systemwide CA database updated. 2019-06-11T04:45:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub 2019-06-11T04:45:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub 2019-06-11T04:45:43Z INFO Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub 2019-06-11T04:45:43Z INFO [try 1]: Forwarding 'host_mod' to json server 'https://ipa-irvlt01.shs.dc/ipa/session/json' 2019-06-11T04:45:43Z DEBUG HTTP connection keep-alive (ipa-irvlt01.shs.dc) 2019-06-11T04:45:43Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;path=/ipa;httponly;secure;']' 2019-06-11T04:45:43Z DEBUG storing cookie 'ipa_session=MagBearerToken=1nGVPoFymhR22oGqGvFdADWfJ1df9UXJgkiuj2982IFNwwp%2fZG7spCwwkH7z6PZXu19PYEL4PCfr6TQMO9p%2fLYpMPdPNh6ImWyK%2fMy%2b6S1B68xHYR20t98UyJIGAENYUHGJ2DGt1eEL%2bEpNEP2MaeSplo7hm7ILmJTsnbloj7xJ%2bnIZOcx%2bpkUFllHE8jY%2bI6nnwVud7EKY6h8K3rsc7FDDRGZp5%2b0ERgp8wlAeNOTI%3d;' for principal host/ipa-irvlt01.shs.dc@SHS.DC 2019-06-11T04:45:43Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2019-06-11T04:45:43Z DEBUG debug update delete ipa-irvlt01.shs.dc. IN SSHFP show send update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 1 1 8C086D5EB8E07C7FB7C8199337465653FD44157B update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 1 2 16B52DB2A82429E7C3F539D47E50ECFB26C37396F19BEF17498544A2F1A3C596 update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 3 1 4078E00364D16D98110636AFE3987AC8215EE043 update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 3 2 AA040F6C5CF2E406A9B509EC808FC9F7EDCEEFE3C84EB0A88936CF9931C04FBE update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 4 1 CA942C807A76EE65C0286277675B8040C23C5056 update add ipa-irvlt01.shs.dc. 1200 IN SSHFP 4 2 4ED827CF7FDC50CC0A7356A513A1DDAEF85445F087CA5553C98D2FB6519BED88 show send
2019-06-11T04:45:43Z DEBUG Starting external process 2019-06-11T04:45:43Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2019-06-11T04:45:44Z DEBUG Process finished, return code=1 2019-06-11T04:45:44Z DEBUG stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: ipa-irvlt01.shs.dc. 0 ANY SSHFP
2019-06-11T04:45:44Z DEBUG stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55150 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ipa-irvlt01.shs.dc. IN SOA
;; AUTHORITY SECTION: shs.dc. 3600 IN SOA dc-irvwp01.shs.dc. hostmaster.shs.dc. 30567 900 600 86400 3600
;; ADDITIONAL SECTION: dc-irvwp01.shs.dc. 3600 IN A 10.1.64.11
Found zone name: shs.dc The master is: dc-irvwp01.shs.dc start_gssrequest tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server DNS/dc-irvwp01.shs.dc@SHS.DC not found in Kerberos database.
2019-06-11T04:45:44Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1 2019-06-11T04:45:44Z WARNING Could not update DNS SSHFP records. 2019-06-11T04:45:44Z DEBUG Starting external process 2019-06-11T04:45:44Z DEBUG args=/bin/systemctl list-unit-files --full 2019-06-11T04:45:44Z DEBUG Process finished, return code=0 2019-06-11T04:45:44Z DEBUG stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount disabled var-lib-nfs-rpc_pipefs.mount static brandbot.path enabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static session-1.scope static arp-ethers.service disabled auditd.service enabled auth-rpcgss-module.service static autofs.service disabled autovt@.service enabled blk-availability.service disabled brandbot.service static certmonger.service enabled chrony-dnssrv@.service static chrony-wait.service disabled chronyd.service disabled console-getty.service disabled console-shell.service disabled container-getty@.service static cpupower.service disabled crond.service enabled dbus-org.fedoraproject.FirewallD1.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.import1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled dirsrv@.service enabled dm-event.service static dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static ebtables.service disabled emergency.service static firewalld.service enabled fstrim.service static getty@.service enabled gssproxy.service disabled halt-local.service static hsqldb.service disabled htcacheclean.service static httpd.service disabled initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static ipa-custodia.service disabled ipa-dnskeysyncd.service disabled ipa-ods-exporter.service disabled ipa-otpd@.service static ipa.service disabled iprdump.service disabled iprinit.service disabled iprupdate.service disabled irqbalance.service enabled kadmin.service disabled kdump.service disabled kmod-static-nodes.service static kprop.service disabled krb5kdc.service disabled lvm2-lvmetad.service static lvm2-lvmpolld.service static lvm2-monitor.service enabled lvm2-pvscan@.service static messagebus.service static microcode.service enabled NetworkManager-dispatcher.service disabled NetworkManager-wait-online.service disabled NetworkManager.service disabled nfs-blkmap.service disabled nfs-config.service static nfs-idmap.service static nfs-idmapd.service static nfs-lock.service static nfs-mountd.service static nfs-rquotad.service disabled nfs-secure.service static nfs-server.service disabled nfs-utils.service static nfs.service disabled nfslock.service static ntpd.service disabled ntpdate.service disabled oddjobd.service enabled pki-tomcatd-nuxwdog@.service static pki-tomcatd@.service enabled plymouth-halt.service disabled plymouth-kexec.service disabled plymouth-poweroff.service disabled plymouth-quit-wait.service disabled plymouth-quit.service disabled plymouth-read-write.service disabled plymouth-reboot.service disabled plymouth-start.service disabled plymouth-switch-root.service static polkit.service static postfix.service enabled quotaon.service static rc-local.service static rdisc.service disabled rescue.service static rhel-autorelabel-mark.service enabled rhel-autorelabel.service enabled rhel-configure.service enabled rhel-dmesg.service enabled rhel-domainname.service disabled rhel-import-state.service enabled rhel-loadmodules.service enabled rhel-readonly.service enabled rpc-gssd.service static rpc-rquotad.service disabled rpc-statd-notify.service static rpc-statd.service static rpcbind.service enabled rpcgssd.service static rpcidmapd.service static rsyslog.service enabled selinux-policy-migrate-local-changes@.service static serial-getty@.service disabled sshd-keygen.service static sshd.service enabled sshd@.service static sssd-autofs.service indirect sssd-ifp.service static sssd-nss.service indirect sssd-pac.service indirect sssd-pam.service indirect sssd-secrets.service indirect sssd-ssh.service indirect sssd-sudo.service indirect sssd.service disabled systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-bootchart.service disabled systemd-firstboot.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate-resume@.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hwdb-update.service static systemd-hybrid-sleep.service static systemd-importd.service static systemd-initctl.service static systemd-journal-catalog-update.service static systemd-journal-flush.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-machine-id-commit.service static systemd-machined.service static systemd-modules-load.service static systemd-nspawn@.service disabled systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed.service static systemd-readahead-collect.service enabled systemd-readahead-done.service indirect systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-rfkill@.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup-dev.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-done.service static systemd-update-utmp-runlevel.service static systemd-update-utmp.service static systemd-user-sessions.service static systemd-vconsole-setup.service static teamd@.service static tomcat.service disabled tomcat@.service disabled tuned.service enabled usbguard.service enabled vgauthd.service enabled vmtoolsd.service enabled wpa_supplicant.service disabled -.slice static machine.slice static system.slice static user-0.slice static user.slice static dbus.socket static dm-event.socket enabled ipa-ods-exporter.socket disabled ipa-otpd.socket disabled lvm2-lvmetad.socket enabled lvm2-lvmpolld.socket enabled rpcbind.socket enabled sshd.socket disabled sssd-autofs.socket disabled sssd-nss.socket disabled sssd-pac.socket disabled sssd-pam-priv.socket disabled sssd-pam.socket disabled sssd-secrets.socket disabled sssd-ssh.socket disabled sssd-sudo.socket disabled syslog.socket static systemd-initctl.socket static systemd-journald.socket static systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cryptsetup-pre.target static cryptsetup.target static ctrl-alt-del.target disabled default.target enabled dirsrv.target enabled emergency.target static final.target static getty-pre.target static getty.target static graphical.target static halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static iprutils.target disabled kexec.target disabled local-fs-pre.target static local-fs.target static machines.target disabled multi-user.target enabled network-online.target static network-pre.target static network.target static nfs-client.target enabled nss-lookup.target static nss-user-lookup.target static paths.target static pki-tomcatd-nuxwdog.target disabled pki-tomcatd.target disabled poweroff.target disabled printer.target static reboot.target disabled remote-cryptsetup.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpc_pipefs.target static rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target enabled runlevel3.target enabled runlevel4.target enabled runlevel5.target static runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static slices.target static smartcard.target static sockets.target static sound.target static suspend.target static swap.target static sysinit.target static system-update.target static time-sync.target static timers.target static umount.target static chrony-dnssrv@.timer disabled fstrim.timer disabled systemd-readahead-done.timer indirect systemd-tmpfiles-clean.timer static
304 unit files listed.
2019-06-11T04:45:44Z DEBUG stderr= 2019-06-11T04:45:44Z DEBUG Starting external process 2019-06-11T04:45:44Z DEBUG args=/bin/systemctl list-unit-files --full 2019-06-11T04:45:44Z DEBUG Process finished, return code=0 2019-06-11T04:45:44Z DEBUG stdout=UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-fs-nfsd.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount disabled var-lib-nfs-rpc_pipefs.mount static brandbot.path enabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static session-1.scope static arp-ethers.service disabled auditd.service enabled auth-rpcgss-module.service static autofs.service disabled autovt@.service enabled blk-availability.service disabled brandbot.service static certmonger.service enabled chrony-dnssrv@.service static chrony-wait.service disabled chronyd.service disabled console-getty.service disabled console-shell.service disabled container-getty@.service static cpupower.service disabled crond.service enabled dbus-org.fedoraproject.FirewallD1.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.import1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled dirsrv@.service enabled dm-event.service static dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static ebtables.service disabled emergency.service static firewalld.service enabled fstrim.service static getty@.service enabled gssproxy.service disabled halt-local.service static hsqldb.service disabled htcacheclean.service static httpd.service disabled initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static ipa-custodia.service disabled ipa-dnskeysyncd.service disabled ipa-ods-exporter.service disabled ipa-otpd@.service static ipa.service disabled iprdump.service disabled iprinit.service disabled iprupdate.service disabled irqbalance.service enabled kadmin.service disabled kdump.service disabled kmod-static-nodes.service static kprop.service disabled krb5kdc.service disabled lvm2-lvmetad.service static lvm2-lvmpolld.service static lvm2-monitor.service enabled lvm2-pvscan@.service static messagebus.service static microcode.service enabled NetworkManager-dispatcher.service disabled NetworkManager-wait-online.service disabled NetworkManager.service disabled nfs-blkmap.service disabled nfs-config.service static nfs-idmap.service static nfs-idmapd.service static nfs-lock.service static nfs-mountd.service static nfs-rquotad.service disabled nfs-secure.service static nfs-server.service disabled nfs-utils.service static nfs.service disabled nfslock.service static ntpd.service disabled ntpdate.service disabled oddjobd.service enabled pki-tomcatd-nuxwdog@.service static pki-tomcatd@.service enabled plymouth-halt.service disabled plymouth-kexec.service disabled plymouth-poweroff.service disabled plymouth-quit-wait.service disabled plymouth-quit.service disabled plymouth-read-write.service disabled plymouth-reboot.service disabled plymouth-start.service disabled plymouth-switch-root.service static polkit.service static postfix.service enabled quotaon.service static rc-local.service static rdisc.service disabled rescue.service static rhel-autorelabel-mark.service enabled rhel-autorelabel.service enabled rhel-configure.service enabled rhel-dmesg.service enabled rhel-domainname.service disabled rhel-import-state.service enabled rhel-loadmodules.service enabled rhel-readonly.service enabled rpc-gssd.service static rpc-rquotad.service disabled rpc-statd-notify.service static rpc-statd.service static rpcbind.service enabled rpcgssd.service static rpcidmapd.service static rsyslog.service enabled selinux-policy-migrate-local-changes@.service static serial-getty@.service disabled sshd-keygen.service static sshd.service enabled sshd@.service static sssd-autofs.service indirect sssd-ifp.service static sssd-nss.service indirect sssd-pac.service indirect sssd-pam.service indirect sssd-secrets.service indirect sssd-ssh.service indirect sssd-sudo.service indirect sssd.service disabled systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-bootchart.service disabled systemd-firstboot.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate-resume@.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hwdb-update.service static systemd-hybrid-sleep.service static systemd-importd.service static systemd-initctl.service static systemd-journal-catalog-update.service static systemd-journal-flush.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-machine-id-commit.service static systemd-machined.service static systemd-modules-load.service static systemd-nspawn@.service disabled systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed.service static systemd-readahead-collect.service enabled systemd-readahead-done.service indirect systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-rfkill@.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup-dev.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-done.service static systemd-update-utmp-runlevel.service static systemd-update-utmp.service static systemd-user-sessions.service static systemd-vconsole-setup.service static teamd@.service static tomcat.service disabled tomcat@.service disabled tuned.service enabled usbguard.service enabled vgauthd.service enabled vmtoolsd.service enabled wpa_supplicant.service disabled -.slice static machine.slice static system.slice static user-0.slice static user.slice static dbus.socket static dm-event.socket enabled ipa-ods-exporter.socket disabled ipa-otpd.socket disabled lvm2-lvmetad.socket enabled lvm2-lvmpolld.socket enabled rpcbind.socket enabled sshd.socket disabled sssd-autofs.socket disabled sssd-nss.socket disabled sssd-pac.socket disabled sssd-pam-priv.socket disabled sssd-pam.socket disabled sssd-secrets.socket disabled sssd-ssh.socket disabled sssd-sudo.socket disabled syslog.socket static systemd-initctl.socket static systemd-journald.socket static systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cryptsetup-pre.target static cryptsetup.target static ctrl-alt-del.target disabled default.target enabled dirsrv.target enabled emergency.target static final.target static getty-pre.target static getty.target static graphical.target static halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static iprutils.target disabled kexec.target disabled local-fs-pre.target static local-fs.target static machines.target disabled multi-user.target enabled network-online.target static network-pre.target static network.target static nfs-client.target enabled nss-lookup.target static nss-user-lookup.target static paths.target static pki-tomcatd-nuxwdog.target disabled pki-tomcatd.target disabled poweroff.target disabled printer.target static reboot.target disabled remote-cryptsetup.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpc_pipefs.target static rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target enabled runlevel3.target enabled runlevel4.target enabled runlevel5.target static runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static slices.target static smartcard.target static sockets.target static sound.target static suspend.target static swap.target static sysinit.target static system-update.target static time-sync.target static timers.target static umount.target static chrony-dnssrv@.timer disabled fstrim.timer disabled systemd-readahead-done.timer indirect systemd-tmpfiles-clean.timer static
304 unit files listed.
2019-06-11T04:45:44Z DEBUG stderr= 2019-06-11T04:45:44Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2019-06-11T04:45:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2019-06-11T04:45:44Z DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' 2019-06-11T04:45:44Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2019-06-11T04:45:44Z DEBUG Starting external process 2019-06-11T04:45:44Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd 2019-06-11T04:45:44Z DEBUG Process finished, return code=6 2019-06-11T04:45:44Z DEBUG stdout= 2019-06-11T04:45:44Z DEBUG stderr=[Errno 1] Operation not permitted
2019-06-11T04:45:44Z WARNING Installation failed. As this is IPA server, changes will not be rolled back. 2019-06-11T04:45:44Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run return cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 364, in run return self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 389, in execute for rval in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 3632, in main install(self) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2353, in install _install(options) File "/usr/lib/python2.7/site-packages/ipaclient/install/client.py", line 2869, in _install statestore=statestore) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/tasks.py", line 224, in modify_nsswitch_pam_stack auth_config.execute() File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/authconfig.py", line 96, in execute raise ScriptError("Failed to execute authconfig command")
2019-06-11T04:45:44Z DEBUG The ipa-client-install command failed, exception: ScriptError: Failed to execute authconfig command 2019-06-11T04:45:44Z ERROR Failed to execute authconfig command 2019-06-11T04:45:44Z ERROR The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
freeipa-users@lists.fedorahosted.org