RosaLinux Bugzilla – Attachment 5537 Details for
Bug 11491
ipa-server не устанавливается
EN
|
RU
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ipasrv2_log.txt
ipasrv2_log.txt (text/plain), 101.65 KB, created by
Dmitry Postnikov
on 2021-10-05 15:14:53 MSK
(
hide
)
Description:
ipasrv2_log.txt
Filename:
MIME Type:
Creator:
Dmitry Postnikov
Created:
2021-10-05 15:14:53 MSK
Size:
101.65 KB
patch
obsolete
> DNS Administrators >adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > DNS Servers >add description: > DNS Servers >adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Service Administrators >add description: > Service Administrators >adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Automount Administrators >add description: > Automount Administrators >adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Netgroups Administrators >add description: > Netgroups Administrators >adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Certificate Administrators >add description: > Certificate Administrators >adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Replication Administrators >add description: > Replication Administrators >add member: > cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom >adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Host Enrollment >add description: > Host Enrollment >adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Administrators >add description: > Stage User Administrators >adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > nestedgroup >add cn: > Stage User Provisioning >add description: > Stage User Provisioning >adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Add Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Read Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Remove Replication Agreements >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Modify DNA Range >add ipapermissiontype: > SYSTEM >add member: > cn=Replication Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > nsContainer >add cn: > virtual operations >adding new entry "cn=virtual operations,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Retrieve Certificates from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=testipa,dc=dom" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=testipa,dc=dom" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Request Certificates from a different host >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=testipa,dc=dom" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Get Certificates status from the CA >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=testipa,dc=dom" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Revoke Certificate >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=testipa,dc=dom" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add objectClass: > top > groupofnames > ipapermission >add cn: > Certificate Remove Hold >add member: > cn=Certificate Administrators,cn=privileges,cn=pbac,dc=testipa,dc=dom >adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=testipa,dc=dom" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __add_delegation_layout 0.48 sec >2021-10-05T12:07:10Z DEBUG [26/41]: creating container for managed entries >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpop06zldk', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectClass: > nsContainer > top >add cn: > Managed Entries >adding new entry "cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > Templates >adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectClass: > nsContainer > top >add cn: > Definitions >adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __managed_entries 0.03 sec >2021-10-05T12:07:10Z DEBUG [27/41]: configuring user private groups >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpk6yv81ld', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > UPG Template >add mepRDNAttr: > cn >add mepStaticAttr: > objectclass: posixgroup > objectclass: ipaobject > ipaUniqueId: autogenerate >add mepMappedAttr: > cn: $uid > gidNumber: $uidNumber > description: User private group for $uid >adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectclass: > extensibleObject >add cn: > UPG Definition >add originScope: > cn=users,cn=accounts,dc=testipa,dc=dom >add originFilter: > (&(objectclass=posixAccount)(!(description=__no_upg__))) >add managedBase: > cn=groups,cn=accounts,dc=testipa,dc=dom >add managedTemplate: > cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=dom >adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __user_private_groups 0.03 sec >2021-10-05T12:07:10Z DEBUG [28/41]: configuring netgroups from hostgroups >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpsuv8d988', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectclass: > mepTemplateEntry >add cn: > NGP HGP Template >add mepRDNAttr: > cn >add mepStaticAttr: > ipaUniqueId: autogenerate > objectclass: ipanisnetgroup > objectclass: ipaobject > nisDomainName: testipa.dom >add mepMappedAttr: > cn: $cn > memberHost: $dn > description: ipaNetgroup $cn >adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectclass: > extensibleObject >add cn: > NGP Definition >add originScope: > cn=hostgroups,cn=accounts,dc=testipa,dc=dom >add originFilter: > objectclass=ipahostgroup >add managedBase: > cn=ng,cn=alt,dc=testipa,dc=dom >add managedTemplate: > cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=testipa,dc=dom >adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __host_nis_groups 0.03 sec >2021-10-05T12:07:10Z DEBUG [29/41]: creating default Sudo bind user >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp4vu3odb4', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectclass: > account > simplesecurityobject >add uid: > sudo >add userPassword: > XXXXXXXX >add passwordExpirationTime: > 20380119031407Z >add nsIdleTimeout: > 0 >adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __add_sudo_binduser 0.06 sec >2021-10-05T12:07:10Z DEBUG [30/41]: creating default Auto Member layout >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpzerlh15t', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add nsslapd-pluginConfigArea: > cn=automember,cn=etc,dc=testipa,dc=dom >modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsContainer >add cn: > automember >adding new entry "cn=automember,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Hostgroup >add autoMemberScope: > cn=computers,cn=accounts,dc=testipa,dc=dom >add autoMemberFilter: > objectclass=ipaHost >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectclass: > autoMemberDefinition >add cn: > Group >add autoMemberScope: > cn=users,cn=accounts,dc=testipa,dc=dom >add autoMemberFilter: > objectclass=posixAccount >add autoMemberGroupingAttr: > member:dn >adding new entry "cn=Group,cn=automember,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __add_automember_config 0.07 sec >2021-10-05T12:07:10Z DEBUG [31/41]: adding range check plugin >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpmbp7ypi0', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA Range-Check >add nsslapd-pluginpath: > libipa_range_check >add nsslapd-plugininitfunc: > ipa_range_check_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_range_check_version >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA Range-Check plugin >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=testipa,dc=dom >adding new entry "cn=IPA Range-Check,cn=plugins,cn=config" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __add_range_check_plugin 0.04 sec >2021-10-05T12:07:10Z DEBUG [32/41]: creating default HBAC rule allow_all >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp9u_ulxz_', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_all >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add servicecategory: > all >add ipaenabledflag: > TRUE >add description: > Allow all users to access any host from any host >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=testipa,dc=dom" >modify complete > >add objectclass: > ipaassociation > ipahbacrule >add cn: > allow_systemd-user >add accessruletype: > allow >add usercategory: > all >add hostcategory: > all >add memberService: > cn=systemd-user,cn=hbacservices,cn=hbac,dc=testipa,dc=dom >add ipaenabledflag: > TRUE >add description: > Allow pam_systemd to run user@.service to create a system user session >add ipauniqueid: > autogenerate >adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv add_hbac 0.06 sec >2021-10-05T12:07:10Z DEBUG [33/41]: adding entries for topology management >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp89twltdo', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectclass: > top > nsContainer >add cn: > topology >adding new entry "cn=topology,cn=ipa,cn=etc,dc=testipa,dc=dom" >modify complete > >add objectclass: > top > iparepltopoconf >add ipaReplTopoConfRoot: > dc=testipa,dc=dom >add nsDS5ReplicatedAttributeList: > (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsDS5ReplicatedAttributeListTotal: > (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount >add nsds5ReplicaStripAttrs: > modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp >add cn: > domain >adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG step duration: dirsrv __add_topology_entries 0.03 sec >2021-10-05T12:07:10Z DEBUG [34/41]: initializing group membership >2021-10-05T12:07:10Z DEBUG Starting external process >2021-10-05T12:07:10Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpkqgc6a2n', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:10Z DEBUG Process finished, return code=0 >2021-10-05T12:07:10Z DEBUG stdout=add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=testipa,dc=dom >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1633435608, cn=memberof task, cn=tasks, cn=config" >modify complete > > >2021-10-05T12:07:10Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:10Z DEBUG Waiting for memberof task to complete. >2021-10-05T12:07:11Z DEBUG step duration: dirsrv init_memberof 1.04 sec >2021-10-05T12:07:11Z DEBUG [35/41]: adding master entry >2021-10-05T12:07:11Z DEBUG Starting external process >2021-10-05T12:07:11Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmp8b18x89k', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:11Z DEBUG Process finished, return code=0 >2021-10-05T12:07:11Z DEBUG stdout=add objectclass: > top > nsContainer > ipaReplTopoManagedServer > ipaConfigObject > ipaSupportedDomainLevelConfig >add cn: > dc1.testipa.dom >add ipaReplTopoManagedSuffix: > dc=testipa,dc=dom >add ipaMinDomainLevel: > 1 >add ipaMaxDomainLevel: > 1 >adding new entry "cn=dc1.testipa.dom,cn=masters,cn=ipa,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:11Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:11Z DEBUG step duration: dirsrv __add_master_entry 0.03 sec >2021-10-05T12:07:11Z DEBUG [36/41]: initializing domain level >2021-10-05T12:07:11Z DEBUG Starting external process >2021-10-05T12:07:11Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmps_grm2u3', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:11Z DEBUG Process finished, return code=0 >2021-10-05T12:07:11Z DEBUG stdout=add objectClass: > top > nsContainer > ipaDomainLevelConfig >add ipaDomainLevel: > 1 >adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:11Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:11Z DEBUG step duration: dirsrv __set_domain_level 0.03 sec >2021-10-05T12:07:11Z DEBUG [37/41]: configuring Posix uid/gid generation >2021-10-05T12:07:11Z DEBUG Starting external process >2021-10-05T12:07:11Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpcob_kef_', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:11Z DEBUG Process finished, return code=0 >2021-10-05T12:07:11Z DEBUG stdout=add objectclass: > top > extensibleObject >add cn: > Posix IDs >add dnaType: > uidNumber > gidNumber >add dnaNextValue: > 1870800000 >add dnaMaxValue: > 1870999999 >add dnaMagicRegen: > -1 >add dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject)) >add dnaScope: > dc=testipa,dc=dom >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testipa,dc=dom >add dnaExcludeScope: > cn=provisioning,dc=testipa,dc=dom >adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Subordinate IDs >add dnaType: > ipasubuidnumber > ipasubgidnumber >add dnaNextValue: > 2147483648 >add dnaMaxValue: > 4294836224 >add dnaMagicRegen: > -1 >add dnaFilter: > (objectClass=ipaSubordinateId) >add dnaScope: > dc=testipa,dc=dom >add dnaThreshold: > 500 >add dnaSharedCfgDN: > cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=testipa,dc=dom >add dnaExcludeScope: > cn=provisioning,dc=testipa,dc=dom >add dnaInterval: > 65536 >adding new entry "cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >replace nsslapd-pluginEnabled: > on >modifying entry "cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > > >2021-10-05T12:07:11Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:11Z DEBUG step duration: dirsrv __config_uidgid_gen 0.07 sec >2021-10-05T12:07:11Z DEBUG [38/41]: adding replication acis >2021-10-05T12:07:11Z DEBUG Starting external process >2021-10-05T12:07:11Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpfji6d249', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:11Z DEBUG Process finished, return code=0 >2021-10-05T12:07:11Z DEBUG stdout=add aci: > (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "*")(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=mapping tree,cn=config" >modify complete > >add aci: > (targetattr = "dnaNextRange || dnaNextValue || dnaMaxValue")(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr = "nsslapd-readonly")(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add aci: > (targetattr = "*")(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=testipa,dc=dom";) >modifying entry "cn=tasks,cn=config" >modify complete > > >2021-10-05T12:07:11Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:11Z DEBUG step duration: dirsrv __add_replication_acis 0.13 sec >2021-10-05T12:07:11Z DEBUG [39/41]: activating sidgen plugin >2021-10-05T12:07:12Z DEBUG Starting external process >2021-10-05T12:07:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmprrpwtzwu', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:12Z DEBUG Process finished, return code=0 >2021-10-05T12:07:12Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > IPA SIDGEN >add nsslapd-pluginpath: > libipa_sidgen >add nsslapd-plugininitfunc: > ipa_sidgen_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_sidgen_postop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat, Inc. >add nsslapd-plugindescription: > IPA SIDGEN post operation >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=testipa,dc=dom >adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config" >modify complete > > >2021-10-05T12:07:12Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:12Z DEBUG step duration: dirsrv _add_sidgen_plugin 0.14 sec >2021-10-05T12:07:12Z DEBUG [40/41]: activating extdom plugin >2021-10-05T12:07:12Z DEBUG Starting external process >2021-10-05T12:07:12Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpo2i3tip7', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:12Z DEBUG Process finished, return code=0 >2021-10-05T12:07:12Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_extdom_extop >add nsslapd-pluginpath: > libipa_extdom_extop >add nsslapd-plugininitfunc: > ipa_extdom_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_extdom_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support resolving IDs in trusted domains to names and back >add nsslapd-plugin-depends-on-type: > database >add nsslapd-basedn: > dc=testipa,dc=dom >adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config" >modify complete > > >2021-10-05T12:07:12Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:12Z DEBUG step duration: dirsrv _add_extdom_plugin 0.04 sec >2021-10-05T12:07:12Z DEBUG [41/41]: configuring directory to start on boot >2021-10-05T12:07:12Z DEBUG Starting external process >2021-10-05T12:07:12Z DEBUG args=['/bin/systemctl', 'is-enabled', 'dirsrv@TESTIPA-DOM.service'] >2021-10-05T12:07:12Z DEBUG Process finished, return code=0 >2021-10-05T12:07:12Z DEBUG stdout=enabled > >2021-10-05T12:07:12Z DEBUG stderr= >2021-10-05T12:07:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:12Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:12Z DEBUG Starting external process >2021-10-05T12:07:12Z DEBUG args=['/bin/systemctl', 'disable', 'dirsrv@TESTIPA-DOM.service'] >2021-10-05T12:07:12Z DEBUG Process finished, return code=0 >2021-10-05T12:07:12Z DEBUG stdout= >2021-10-05T12:07:12Z DEBUG stderr=Removed /etc/systemd/system/dirsrv.target.wants/dirsrv@TESTIPA-DOM.service. >Removed /etc/systemd/system/multi-user.target.wants/dirsrv@TESTIPA-DOM.service. > >2021-10-05T12:07:12Z DEBUG step duration: dirsrv __enable 0.80 sec >2021-10-05T12:07:12Z DEBUG Done configuring directory server (dirsrv). >2021-10-05T12:07:12Z DEBUG service duration: dirsrv 24.86 sec >2021-10-05T12:07:12Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:12Z DEBUG Starting external process >2021-10-05T12:07:12Z DEBUG args=['/usr/bin/keyctl', 'get_persistent', '@s', '0'] >2021-10-05T12:07:12Z DEBUG Process finished, return code=0 >2021-10-05T12:07:12Z DEBUG stdout=845135086 > >2021-10-05T12:07:12Z DEBUG stderr= >2021-10-05T12:07:12Z DEBUG Enabling persistent keyring CCACHE >2021-10-05T12:07:12Z DEBUG Starting external process >2021-10-05T12:07:12Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=3 >2021-10-05T12:07:13Z DEBUG stdout=inactive > >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:13Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/bin/systemctl', 'stop', 'krb5kdc.service'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout= >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG Stop of krb5kdc.service complete >2021-10-05T12:07:13Z DEBUG Configuring Kerberos KDC (krb5kdc) >2021-10-05T12:07:13Z DEBUG [1/10]: adding kerberos container to the directory >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpqz05r7bw', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=add objectClass: > krbContainer > top >add cn: > kerberos >adding new entry "cn=kerberos,dc=testipa,dc=dom" >modify complete > >add cn: > TESTIPA.DOM >add objectClass: > top > krbrealmcontainer > krbticketpolicyaux >add krbSubTrees: > dc=testipa,dc=dom >add krbSearchScope: > 2 >add krbSupportedEncSaltTypes: > aes256-cts:normal > aes256-cts:special > aes128-cts:normal > aes128-cts:special > aes128-sha2:normal > aes128-sha2:special > aes256-sha2:normal > aes256-sha2:special > camellia128-cts-cmac:normal > camellia128-cts-cmac:special > camellia256-cts-cmac:normal > camellia256-cts-cmac:special >add krbMaxTicketLife: > 86400 >add krbMaxRenewableAge: > 604800 >add krbDefaultEncSaltTypes: > aes256-cts:special > aes128-cts:special >adding new entry "cn=TESTIPA.DOM,cn=kerberos,dc=testipa,dc=dom" >modify complete > >add objectClass: > top > nsContainer > krbPwdPolicy >add krbMinPwdLife: > 3600 >add krbPwdMinDiffChars: > 0 >add krbPwdMinLength: > 8 >add krbPwdHistoryLength: > 0 >add krbMaxPwdLife: > 7776000 >add krbPwdMaxFailure: > 6 >add krbPwdFailureCountInterval: > 60 >add krbPwdLockoutDuration: > 600 >adding new entry "cn=global_policy,cn=TESTIPA.DOM,cn=kerberos,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:13Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:13Z DEBUG step duration: krb5kdc __add_krb_container 0.03 sec >2021-10-05T12:07:13Z DEBUG [2/10]: configuring KDC >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' >2021-10-05T12:07:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/etc/krb5.conf' >2021-10-05T12:07:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa-server' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa-server' doesn't exist >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/etc/krb5.conf.d/freeipa' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/etc/krb5.conf.d/freeipa' doesn't exist >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/bin/klist', '-V'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=Kerberos 5 version 1.18.2 > >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc' >2021-10-05T12:07:13Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/sbin/selinuxenabled'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=1 >2021-10-05T12:07:13Z DEBUG stdout= >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG step duration: krb5kdc __configure_instance 0.06 sec >2021-10-05T12:07:13Z DEBUG [3/10]: initialize kerberos container >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['kdb5_util', 'create', '-s', '-r', 'TESTIPA.DOM', '-x', 'ipa-setup-override-restrictions'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=Loading random data >Initializing database '/var/kerberos/krb5kdc/principal' for realm 'TESTIPA.DOM', >master key name 'K/M@TESTIPA.DOM' >You will be prompted for the database Master Password. >It is important that you NOT FORGET this password. >Enter KDC database master key: >Re-enter KDC database master key to verify: > >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG step duration: krb5kdc __init_ipa_kdb 0.18 sec >2021-10-05T12:07:13Z DEBUG [4/10]: adding default ACIs >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpsqcw2q8z', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=add aci: > (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";) > (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";) > (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";) >modifying entry "dc=testipa,dc=dom" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) >modifying entry "cn=etc,dc=testipa,dc=dom" >modify complete > >add aci: > (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) >modifying entry "cn=ipa,cn=etc,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) > (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";) > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";) > (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) > (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";) >modifying entry "cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=testipa,dc=dom")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) >modifying entry "cn=services,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=services,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";) >modifying entry "cn=computers,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) > (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";) >modifying entry "cn=computers,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=testipa,dc=dom")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=testipa,dc=dom";) >modifying entry "cn=computers,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "member")(targetfilter = "(objectclass=ipaUserGroup)")(version 3.0; acl "Allow member managers to modify members of user groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) >modifying entry "cn=groups,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr = "member")(targetfilter = "(objectclass=ipaHostGroup)")(version 3.0; acl "Allow member managers to modify members of host groups"; allow (write) userattr = "memberManager#USERDN" or userattr = "memberManager#GROUPDN";) >modifying entry "cn=hostgroups,cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";) >modifying entry "cn=accounts,dc=testipa,dc=dom" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";) > (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";) > (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=testipa,dc=dom")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";) >modifying entry "dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:13Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:13Z DEBUG step duration: krb5kdc __add_default_acis 0.07 sec >2021-10-05T12:07:13Z DEBUG [5/10]: creating a keytab for the directory >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey ldap/dc1.testipa.dom@TESTIPA.DOM', '-x', 'ipa-setup-override-restrictions'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=Authenticating as principal user/admin@TESTIPA.DOM with password. >Principal "ldap/dc1.testipa.dom@TESTIPA.DOM" created. > >2021-10-05T12:07:13Z DEBUG stderr=No policy specified for ldap/dc1.testipa.dom@TESTIPA.DOM; defaulting to no policy > >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/dirsrv/ds.keytab ldap/dc1.testipa.dom@TESTIPA.DOM', '-x', 'ipa-setup-override-restrictions'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=Authenticating as principal user/admin@TESTIPA.DOM with password. >Entry for principal ldap/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab. > >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG step duration: krb5kdc __create_ds_keytab 0.23 sec >2021-10-05T12:07:13Z DEBUG [6/10]: creating a keytab for the machine >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey host/dc1.testipa.dom@TESTIPA.DOM', '-x', 'ipa-setup-override-restrictions'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=Authenticating as principal user/admin@TESTIPA.DOM with password. >Principal "host/dc1.testipa.dom@TESTIPA.DOM" created. > >2021-10-05T12:07:13Z DEBUG stderr=No policy specified for host/dc1.testipa.dom@TESTIPA.DOM; defaulting to no policy > >2021-10-05T12:07:13Z DEBUG Backing up system configuration file '/etc/krb5.keytab' >2021-10-05T12:07:13Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist >2021-10-05T12:07:13Z DEBUG Starting external process >2021-10-05T12:07:13Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'ktadd -k /etc/krb5.keytab host/dc1.testipa.dom@TESTIPA.DOM', '-x', 'ipa-setup-override-restrictions'] >2021-10-05T12:07:13Z DEBUG Process finished, return code=0 >2021-10-05T12:07:13Z DEBUG stdout=Authenticating as principal user/admin@TESTIPA.DOM with password. >Entry for principal host/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes128-cts-hmac-sha256-128 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type aes256-cts-hmac-sha384-192 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/dc1.testipa.dom@TESTIPA.DOM with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab. > >2021-10-05T12:07:13Z DEBUG stderr= >2021-10-05T12:07:13Z DEBUG importing all plugin modules in ipaserver.plugins... >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.aci >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.automember >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.automount >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.baseldap >2021-10-05T12:07:13Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.baseuser >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.batch >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.ca >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.caacl >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.cert >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.certmap >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.certprofile >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.config >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.delegation >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.dns >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.dogtag >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.group >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.hbac >2021-10-05T12:07:13Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.hbactest >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.host >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.idrange >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.idviews >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.internal >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.join >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.location >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.migration >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.misc >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.netgroup >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.otp >2021-10-05T12:07:13Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.otptoken >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.passwd >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.permission >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.ping >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.pkinit >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.privilege >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.rabase >2021-10-05T12:07:13Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.role >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.schema >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.selfservice >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.server >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.serverrole >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.serverroles >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.service >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.session >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.stageuser >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.subid >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.sudo >2021-10-05T12:07:13Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.sudorule >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.topology >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.trust >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.user >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.vault >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.virtual >2021-10-05T12:07:13Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.whoami >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2021-10-05T12:07:13Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.dns >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2021-10-05T12:07:13Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2021-10-05T12:07:17Z DEBUG Created connection context.ldap2_139948225480256 >2021-10-05T12:07:17Z DEBUG raw: idrange_show('TESTIPA.DOM_id_range', version='2.243') >2021-10-05T12:07:17Z DEBUG idrange_show('TESTIPA.DOM_id_range', rights=False, all=False, raw=False, version='2.243') >2021-10-05T12:07:17Z DEBUG flushing ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket from SchemaCache >2021-10-05T12:07:17Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f483c963a90> >2021-10-05T12:07:17Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update' >2021-10-05T12:07:17Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG --------------------------------------------- >2021-10-05T12:07:17Z DEBUG Initial value >2021-10-05T12:07:17Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG objectClass: >2021-10-05T12:07:17Z DEBUG top >2021-10-05T12:07:17Z DEBUG groupOfNames >2021-10-05T12:07:17Z DEBUG nestedGroup >2021-10-05T12:07:17Z DEBUG ipaobject >2021-10-05T12:07:17Z DEBUG ipahostgroup >2021-10-05T12:07:17Z DEBUG description: >2021-10-05T12:07:17Z DEBUG IPA server hosts >2021-10-05T12:07:17Z DEBUG cn: >2021-10-05T12:07:17Z DEBUG ipaservers >2021-10-05T12:07:17Z DEBUG ipaUniqueID: >2021-10-05T12:07:17Z DEBUG c41b2d88-25d4-11ec-a74a-08002747e0bc >2021-10-05T12:07:17Z DEBUG --------------------------------------------- >2021-10-05T12:07:17Z DEBUG Final value after applying updates >2021-10-05T12:07:17Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG objectClass: >2021-10-05T12:07:17Z DEBUG top >2021-10-05T12:07:17Z DEBUG groupOfNames >2021-10-05T12:07:17Z DEBUG nestedGroup >2021-10-05T12:07:17Z DEBUG ipaobject >2021-10-05T12:07:17Z DEBUG ipahostgroup >2021-10-05T12:07:17Z DEBUG description: >2021-10-05T12:07:17Z DEBUG IPA server hosts >2021-10-05T12:07:17Z DEBUG cn: >2021-10-05T12:07:17Z DEBUG ipaservers >2021-10-05T12:07:17Z DEBUG ipaUniqueID: >2021-10-05T12:07:17Z DEBUG c41b2d88-25d4-11ec-a74a-08002747e0bc >2021-10-05T12:07:17Z DEBUG [] >2021-10-05T12:07:17Z DEBUG Updated 0 >2021-10-05T12:07:17Z DEBUG Done >2021-10-05T12:07:17Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG --------------------------------------------- >2021-10-05T12:07:17Z DEBUG Initial value >2021-10-05T12:07:17Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG objectClass: >2021-10-05T12:07:17Z DEBUG top >2021-10-05T12:07:17Z DEBUG groupOfNames >2021-10-05T12:07:17Z DEBUG nestedGroup >2021-10-05T12:07:17Z DEBUG ipaobject >2021-10-05T12:07:17Z DEBUG ipahostgroup >2021-10-05T12:07:17Z DEBUG description: >2021-10-05T12:07:17Z DEBUG IPA server hosts >2021-10-05T12:07:17Z DEBUG cn: >2021-10-05T12:07:17Z DEBUG ipaservers >2021-10-05T12:07:17Z DEBUG ipaUniqueID: >2021-10-05T12:07:17Z DEBUG c41b2d88-25d4-11ec-a74a-08002747e0bc >2021-10-05T12:07:17Z DEBUG add: 'fqdn=dc1.testipa.dom,cn=computers,cn=accounts,dc=testipa,dc=dom' to member, current value [] >2021-10-05T12:07:17Z DEBUG add: updated value ['fqdn=dc1.testipa.dom,cn=computers,cn=accounts,dc=testipa,dc=dom'] >2021-10-05T12:07:17Z DEBUG --------------------------------------------- >2021-10-05T12:07:17Z DEBUG Final value after applying updates >2021-10-05T12:07:17Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG objectClass: >2021-10-05T12:07:17Z DEBUG top >2021-10-05T12:07:17Z DEBUG groupOfNames >2021-10-05T12:07:17Z DEBUG nestedGroup >2021-10-05T12:07:17Z DEBUG ipaobject >2021-10-05T12:07:17Z DEBUG ipahostgroup >2021-10-05T12:07:17Z DEBUG description: >2021-10-05T12:07:17Z DEBUG IPA server hosts >2021-10-05T12:07:17Z DEBUG cn: >2021-10-05T12:07:17Z DEBUG ipaservers >2021-10-05T12:07:17Z DEBUG ipaUniqueID: >2021-10-05T12:07:17Z DEBUG c41b2d88-25d4-11ec-a74a-08002747e0bc >2021-10-05T12:07:17Z DEBUG member: >2021-10-05T12:07:17Z DEBUG fqdn=dc1.testipa.dom,cn=computers,cn=accounts,dc=testipa,dc=dom >2021-10-05T12:07:17Z DEBUG [(2, 'member', ['fqdn=dc1.testipa.dom,cn=computers,cn=accounts,dc=testipa,dc=dom'])] >2021-10-05T12:07:17Z DEBUG Updated 1 >2021-10-05T12:07:17Z DEBUG update_entry modlist [(2, 'member', [b'fqdn=dc1.testipa.dom,cn=computers,cn=accounts,dc=testipa,dc=dom'])] >2021-10-05T12:07:17Z DEBUG Done >2021-10-05T12:07:17Z DEBUG LDAP update duration: /usr/share/ipa/updates/20-ipaservers_hostgroup.update 0.029 sec >2021-10-05T12:07:17Z DEBUG Destroyed connection context.ldap2_139948225480256 >2021-10-05T12:07:17Z DEBUG step duration: krb5kdc __create_host_keytab 4.25 sec >2021-10-05T12:07:17Z DEBUG [7/10]: adding the password extension to the directory >2021-10-05T12:07:17Z DEBUG Starting external process >2021-10-05T12:07:17Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpdfl2kcnq', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:17Z DEBUG Process finished, return code=0 >2021-10-05T12:07:17Z DEBUG stdout=add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_pwd_extop >add nsslapd-pluginpath: > libipa_pwd_extop >add nsslapd-plugininitfunc: > ipapwd_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginbetxn: > on >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_pwd_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=testipa,dc=dom >adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" >modify complete > > >2021-10-05T12:07:17Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:17Z DEBUG step duration: krb5kdc __add_pwd_extop_module 0.03 sec >2021-10-05T12:07:17Z DEBUG [8/10]: creating anonymous principal >2021-10-05T12:07:17Z DEBUG Starting external process >2021-10-05T12:07:17Z DEBUG args=['/usr/sbin/kadmin.local', '-q', 'addprinc -randkey WELLKNOWN/ANONYMOUS@TESTIPA.DOM', '-x', 'ipa-setup-override-restrictions'] >2021-10-05T12:07:18Z DEBUG Process finished, return code=0 >2021-10-05T12:07:18Z DEBUG stdout=Authenticating as principal user/admin@TESTIPA.DOM with password. >Principal "WELLKNOWN/ANONYMOUS@TESTIPA.DOM" created. > >2021-10-05T12:07:18Z DEBUG stderr=No policy specified for WELLKNOWN/ANONYMOUS@TESTIPA.DOM; defaulting to no policy > >2021-10-05T12:07:18Z DEBUG Starting external process >2021-10-05T12:07:18Z DEBUG args=['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmpqnj4cirg', '-H', 'ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket', '-Y', 'EXTERNAL'] >2021-10-05T12:07:18Z DEBUG Process finished, return code=0 >2021-10-05T12:07:18Z DEBUG stdout=add objectclass: > ipaAllowedOperations >add aci: > (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Allow to retrieve keytab keys of the anonymous user"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";) >add ipaAllowedToPerform;read_keys: > cn=ipaservers,cn=hostgroups,cn=accounts,dc=testipa,dc=dom >modifying entry "krbPrincipalName=WELLKNOWN/ANONYMOUS@TESTIPA.DOM,cn=TESTIPA.DOM,cn=kerberos,dc=testipa,dc=dom" >modify complete > > >2021-10-05T12:07:18Z DEBUG stderr=ldap_initialize( ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket/??base ) >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 > >2021-10-05T12:07:18Z DEBUG step duration: krb5kdc add_anonymous_principal 0.21 sec >2021-10-05T12:07:18Z DEBUG [9/10]: starting the KDC >2021-10-05T12:07:18Z DEBUG Starting external process >2021-10-05T12:07:18Z DEBUG args=['/bin/systemctl', 'start', 'krb5kdc.service'] >2021-10-05T12:07:18Z DEBUG Process finished, return code=0 >2021-10-05T12:07:18Z DEBUG stdout= >2021-10-05T12:07:18Z DEBUG stderr= >2021-10-05T12:07:18Z DEBUG Starting external process >2021-10-05T12:07:18Z DEBUG args=['/bin/systemctl', 'is-active', 'krb5kdc.service'] >2021-10-05T12:07:18Z DEBUG Process finished, return code=0 >2021-10-05T12:07:18Z DEBUG stdout=active > >2021-10-05T12:07:18Z DEBUG stderr= >2021-10-05T12:07:18Z DEBUG Start of krb5kdc.service complete >2021-10-05T12:07:18Z DEBUG step duration: krb5kdc __start_instance 0.18 sec >2021-10-05T12:07:18Z DEBUG [10/10]: configuring KDC to start on boot >2021-10-05T12:07:18Z DEBUG Starting external process >2021-10-05T12:07:18Z DEBUG args=['/bin/systemctl', 'is-enabled', 'krb5kdc.service'] >2021-10-05T12:07:18Z DEBUG Process finished, return code=1 >2021-10-05T12:07:18Z DEBUG stdout=disabled > >2021-10-05T12:07:18Z DEBUG stderr= >2021-10-05T12:07:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:18Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:18Z DEBUG Starting external process >2021-10-05T12:07:18Z DEBUG args=['/bin/systemctl', 'unmask', 'krb5kdc.service'] >2021-10-05T12:07:19Z DEBUG Process finished, return code=0 >2021-10-05T12:07:19Z DEBUG stdout= >2021-10-05T12:07:19Z DEBUG stderr= >2021-10-05T12:07:19Z DEBUG Starting external process >2021-10-05T12:07:19Z DEBUG args=['/bin/systemctl', 'disable', 'krb5kdc.service'] >2021-10-05T12:07:19Z DEBUG Process finished, return code=0 >2021-10-05T12:07:19Z DEBUG stdout= >2021-10-05T12:07:19Z DEBUG stderr= >2021-10-05T12:07:19Z DEBUG step duration: krb5kdc __enable 1.58 sec >2021-10-05T12:07:19Z DEBUG Done configuring Kerberos KDC (krb5kdc). >2021-10-05T12:07:19Z DEBUG service duration: krb5kdc 6.85 sec >2021-10-05T12:07:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2021-10-05T12:07:19Z DEBUG Configuring kadmin >2021-10-05T12:07:19Z DEBUG [1/2]: starting kadmin >2021-10-05T12:07:19Z DEBUG Starting external process >2021-10-05T12:07:19Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] >2021-10-05T12:07:19Z DEBUG Process finished, return code=3 >2021-10-05T12:07:19Z DEBUG stdout=inactive > >2021-10-05T12:07:19Z DEBUG stderr= >2021-10-05T12:07:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:19Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:19Z DEBUG Starting external process >2021-10-05T12:07:19Z DEBUG args=['/bin/systemctl', 'restart', 'kadmin.service'] >2021-10-05T12:07:20Z DEBUG Process finished, return code=0 >2021-10-05T12:07:20Z DEBUG stdout= >2021-10-05T12:07:20Z DEBUG stderr= >2021-10-05T12:07:20Z DEBUG Starting external process >2021-10-05T12:07:20Z DEBUG args=['/bin/systemctl', 'is-active', 'kadmin.service'] >2021-10-05T12:07:20Z DEBUG Process finished, return code=0 >2021-10-05T12:07:20Z DEBUG stdout=active > >2021-10-05T12:07:20Z DEBUG stderr= >2021-10-05T12:07:20Z DEBUG Restart of kadmin.service complete >2021-10-05T12:07:20Z DEBUG step duration: kadmin __start 0.16 sec >2021-10-05T12:07:20Z DEBUG [2/2]: configuring kadmin to start on boot >2021-10-05T12:07:20Z DEBUG Starting external process >2021-10-05T12:07:20Z DEBUG args=['/bin/systemctl', 'is-enabled', 'kadmin.service'] >2021-10-05T12:07:20Z DEBUG Process finished, return code=1 >2021-10-05T12:07:20Z DEBUG stdout=disabled > >2021-10-05T12:07:20Z DEBUG stderr= >2021-10-05T12:07:20Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:20Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:20Z DEBUG Starting external process >2021-10-05T12:07:20Z DEBUG args=['/bin/systemctl', 'unmask', 'kadmin.service'] >2021-10-05T12:07:20Z DEBUG Process finished, return code=0 >2021-10-05T12:07:20Z DEBUG stdout= >2021-10-05T12:07:20Z DEBUG stderr= >2021-10-05T12:07:20Z DEBUG Starting external process >2021-10-05T12:07:20Z DEBUG args=['/bin/systemctl', 'disable', 'kadmin.service'] >2021-10-05T12:07:21Z DEBUG Process finished, return code=0 >2021-10-05T12:07:21Z DEBUG stdout= >2021-10-05T12:07:21Z DEBUG stderr= >2021-10-05T12:07:21Z DEBUG step duration: kadmin __enable 1.67 sec >2021-10-05T12:07:21Z DEBUG Done configuring kadmin. >2021-10-05T12:07:21Z DEBUG service duration: kadmin 1.85 sec >2021-10-05T12:07:21Z DEBUG Custodia client for '<CustodiaModes.FIRST_MASTER: 'Custodia on first master'>' with promotion no. >2021-10-05T12:07:21Z DEBUG Custodia uses LDAPI. >2021-10-05T12:07:21Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:21Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2021-10-05T12:07:21Z DEBUG Configuring ipa-custodia >2021-10-05T12:07:21Z DEBUG [1/5]: Making sure custodia container exists >2021-10-05T12:07:21Z DEBUG importing all plugin modules in ipaserver.plugins... >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.aci >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.automember >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.automount >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.baseldap >2021-10-05T12:07:21Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.baseuser >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.batch >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.ca >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.caacl >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.cert >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.certmap >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.certprofile >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.config >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.delegation >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.dns >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.dnsserver >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.dogtag >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.domainlevel >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.group >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.hbac >2021-10-05T12:07:21Z DEBUG ipaserver.plugins.hbac is not a valid plugin module >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.hbacrule >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvc >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.hbactest >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.host >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.hostgroup >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.idrange >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.idviews >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.internal >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.join >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.ldap2 >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.location >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.migration >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.misc >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.netgroup >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.otp >2021-10-05T12:07:21Z DEBUG ipaserver.plugins.otp is not a valid plugin module >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.otpconfig >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.otptoken >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.passwd >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.permission >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.ping >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.pkinit >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.privilege >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.pwpolicy >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.rabase >2021-10-05T12:07:21Z DEBUG ipaserver.plugins.rabase is not a valid plugin module >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.radiusproxy >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.realmdomains >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.role >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.schema >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.selfservice >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.server >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.serverrole >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.serverroles >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.service >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.servicedelegation >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.session >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.stageuser >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.subid >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.sudo >2021-10-05T12:07:21Z DEBUG ipaserver.plugins.sudo is not a valid plugin module >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.sudocmd >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.sudorule >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.topology >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.trust >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.user >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.vault >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.virtual >2021-10-05T12:07:21Z DEBUG ipaserver.plugins.virtual is not a valid plugin module >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.whoami >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.plugins.xmlserver >2021-10-05T12:07:21Z DEBUG importing all plugin modules in ipaserver.install.plugins... >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.adtrust >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.dns >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.fix_kra_people_entry >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_changelog_maxage >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_nis >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_pwpolicy >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_referint >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_services >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_unhashed_password >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness >2021-10-05T12:07:21Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt >2021-10-05T12:07:25Z DEBUG Created connection context.ldap2_139948234241456 >2021-10-05T12:07:25Z DEBUG raw: idrange_show('TESTIPA.DOM_id_range', version='2.243') >2021-10-05T12:07:25Z DEBUG idrange_show('TESTIPA.DOM_id_range', rights=False, all=False, raw=False, version='2.243') >2021-10-05T12:07:25Z DEBUG flushing ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket from SchemaCache >2021-10-05T12:07:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-TESTIPA-DOM.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f483c57c5b0> >2021-10-05T12:07:25Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update' >2021-10-05T12:07:25Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=dom >2021-10-05T12:07:25Z DEBUG --------------------------------------------- >2021-10-05T12:07:25Z DEBUG Initial value >2021-10-05T12:07:25Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=dom >2021-10-05T12:07:25Z DEBUG objectClass: >2021-10-05T12:07:25Z DEBUG nsContainer >2021-10-05T12:07:25Z DEBUG top >2021-10-05T12:07:25Z DEBUG cn: >2021-10-05T12:07:25Z DEBUG custodia >2021-10-05T12:07:25Z DEBUG --------------------------------------------- >2021-10-05T12:07:25Z DEBUG Final value after applying updates >2021-10-05T12:07:25Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=dom >2021-10-05T12:07:25Z DEBUG objectClass: >2021-10-05T12:07:25Z DEBUG nsContainer >2021-10-05T12:07:25Z DEBUG top >2021-10-05T12:07:25Z DEBUG cn: >2021-10-05T12:07:25Z DEBUG custodia >2021-10-05T12:07:25Z DEBUG [] >2021-10-05T12:07:25Z DEBUG Updated 0 >2021-10-05T12:07:25Z DEBUG Done >2021-10-05T12:07:25Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=dom >2021-10-05T12:07:25Z DEBUG --------------------------------------------- >2021-10-05T12:07:25Z DEBUG Initial value >2021-10-05T12:07:25Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=dom >2021-10-05T12:07:25Z DEBUG objectClass: >2021-10-05T12:07:25Z DEBUG nsContainer >2021-10-05T12:07:25Z DEBUG top >2021-10-05T12:07:25Z DEBUG cn: >2021-10-05T12:07:25Z DEBUG dogtag >2021-10-05T12:07:25Z DEBUG --------------------------------------------- >2021-10-05T12:07:25Z DEBUG Final value after applying updates >2021-10-05T12:07:25Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=testipa,dc=dom >2021-10-05T12:07:25Z DEBUG objectClass: >2021-10-05T12:07:25Z DEBUG nsContainer >2021-10-05T12:07:25Z DEBUG top >2021-10-05T12:07:25Z DEBUG cn: >2021-10-05T12:07:25Z DEBUG dogtag >2021-10-05T12:07:25Z DEBUG [] >2021-10-05T12:07:25Z DEBUG Updated 0 >2021-10-05T12:07:25Z DEBUG Done >2021-10-05T12:07:25Z DEBUG LDAP update duration: /usr/share/ipa/updates/73-custodia.update 0.008 sec >2021-10-05T12:07:25Z DEBUG Destroyed connection context.ldap2_139948234241456 >2021-10-05T12:07:25Z DEBUG step duration: ipa-custodia __create_container 4.15 sec >2021-10-05T12:07:25Z DEBUG [2/5]: Generating ipa-custodia config file >2021-10-05T12:07:25Z DEBUG step duration: ipa-custodia __config_file 0.00 sec >2021-10-05T12:07:25Z DEBUG [3/5]: Generating ipa-custodia keys >2021-10-05T12:07:26Z DEBUG step duration: ipa-custodia __gen_keys 0.36 sec >2021-10-05T12:07:26Z DEBUG [4/5]: starting ipa-custodia >2021-10-05T12:07:26Z DEBUG Starting external process >2021-10-05T12:07:26Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] >2021-10-05T12:07:26Z DEBUG Process finished, return code=3 >2021-10-05T12:07:26Z DEBUG stdout=inactive > >2021-10-05T12:07:26Z DEBUG stderr= >2021-10-05T12:07:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:26Z DEBUG Starting external process >2021-10-05T12:07:26Z DEBUG args=['/bin/systemctl', 'restart', 'ipa-custodia.service'] >2021-10-05T12:07:27Z DEBUG Process finished, return code=0 >2021-10-05T12:07:27Z DEBUG stdout= >2021-10-05T12:07:27Z DEBUG stderr= >2021-10-05T12:07:27Z DEBUG Starting external process >2021-10-05T12:07:27Z DEBUG args=['/bin/systemctl', 'is-active', 'ipa-custodia.service'] >2021-10-05T12:07:27Z DEBUG Process finished, return code=0 >2021-10-05T12:07:27Z DEBUG stdout=active > >2021-10-05T12:07:27Z DEBUG stderr= >2021-10-05T12:07:27Z DEBUG Restart of ipa-custodia.service complete >2021-10-05T12:07:27Z DEBUG step duration: ipa-custodia __start 1.62 sec >2021-10-05T12:07:27Z DEBUG [5/5]: configuring ipa-custodia to start on boot >2021-10-05T12:07:27Z DEBUG Starting external process >2021-10-05T12:07:27Z DEBUG args=['/bin/systemctl', 'is-enabled', 'ipa-custodia.service'] >2021-10-05T12:07:27Z DEBUG Process finished, return code=1 >2021-10-05T12:07:27Z DEBUG stdout=disabled > >2021-10-05T12:07:27Z DEBUG stderr= >2021-10-05T12:07:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:27Z DEBUG Starting external process >2021-10-05T12:07:27Z DEBUG args=['/bin/systemctl', 'unmask', 'ipa-custodia.service'] >2021-10-05T12:07:28Z DEBUG Process finished, return code=0 >2021-10-05T12:07:28Z DEBUG stdout= >2021-10-05T12:07:28Z DEBUG stderr= >2021-10-05T12:07:28Z DEBUG Starting external process >2021-10-05T12:07:28Z DEBUG args=['/bin/systemctl', 'disable', 'ipa-custodia.service'] >2021-10-05T12:07:29Z DEBUG Process finished, return code=0 >2021-10-05T12:07:29Z DEBUG stdout= >2021-10-05T12:07:29Z DEBUG stderr= >2021-10-05T12:07:29Z DEBUG step duration: ipa-custodia __enable 1.60 sec >2021-10-05T12:07:29Z DEBUG Done configuring ipa-custodia. >2021-10-05T12:07:29Z DEBUG service duration: ipa-custodia 7.75 sec >2021-10-05T12:07:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2021-10-05T12:07:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2021-10-05T12:07:29Z DEBUG update_entry modlist [(2, 'ipacertificatesubjectbase', [b'O=TESTIPA.DOM'])] >2021-10-05T12:07:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' >2021-10-05T12:07:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' >2021-10-05T12:07:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >2021-10-05T12:07:29Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes >2021-10-05T12:07:29Z DEBUG [1/28]: configuring certificate server instance >2021-10-05T12:07:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >2021-10-05T12:07:29Z DEBUG Contents of pkispawn configuration file (/tmp/tmp2y20r0lg): >[CA] >pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert >pki_admin_cert_request_type = pkcs10 >pki_admin_dualkey = False >pki_admin_email = root@localhost >pki_admin_name = admin >pki_admin_nickname = ipa-ca-agent >pki_admin_password = XXXXXXXX >pki_admin_subject_dn = cn=ipa-ca-agent,O=TESTIPA.DOM >pki_admin_uid = admin >pki_ajp_host_ipv4 = 127.0.0.1 >pki_ajp_host_ipv6 = ::1 >pki_ajp_secret = 0Dfkt0RAOcpNpf7uRcN04NdAvoRvzWFjYxr0BZyfGgj1 >pki_audit_group = pkiaudit >pki_audit_signing_key_algorithm = SHA256withRSA >pki_audit_signing_key_size = 2048 >pki_audit_signing_key_type = rsa >pki_audit_signing_nickname = auditSigningCert cert-pki-ca >pki_audit_signing_signing_algorithm = SHA256withRSA >pki_audit_signing_subject_dn = cn=CA Audit,O=TESTIPA.DOM >pki_audit_signing_token = internal >pki_backup_keys = True >pki_backup_password = XXXXXXXX >pki_ca_hostname = dc1.testipa.dom >pki_ca_port = 443 >pki_ca_signing_cert_path = /etc/pki/pki-tomcat/external_ca.cert >pki_ca_signing_csr_path = /root/ipa.csr >pki_ca_signing_key_algorithm = SHA256withRSA >pki_ca_signing_key_size = 3072 >pki_ca_signing_key_type = rsa >pki_ca_signing_nickname = caSigningCert cert-pki-ca >pki_ca_signing_record_create = True >pki_ca_signing_serial_number = 1 >pki_ca_signing_signing_algorithm = SHA256withRSA >pki_ca_signing_subject_dn = CN=Certificate Authority,O=TESTIPA.DOM >pki_ca_signing_token = internal >pki_ca_starting_crl_number = 0 >pki_cert_chain_nickname = caSigningCert External CA >pki_cert_chain_path = /etc/pki/pki-tomcat/external_ca_chain.cert >pki_client_admin_cert_p12 = /root/ca-agent.p12 >pki_client_database_password = >pki_client_database_purge = True >pki_client_dir = /root/.dogtag/pki-tomcat >pki_client_pkcs12_password = XXXXXXXX >pki_configuration_path = /etc/pki >pki_default_ocsp_uri = http://ipa-ca.testipa.dom/ca/ocsp >pki_dns_domainname = testipa.dom >pki_ds_base_dn = o=ipaca >pki_ds_bind_dn = cn=Directory Manager >pki_ds_database = ipaca >pki_ds_hostname = dc1.testipa.dom >pki_ds_ldap_port = 389 >pki_ds_ldaps_port = 636 >pki_ds_password = XXXXXXXX >pki_ds_remove_data = True >pki_ds_secure_connection = False >pki_ds_secure_connection_ca_nickname = Directory Server CA certificate >pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt >pki_enable_proxy = True >pki_existing = False >pki_external = False >pki_external_pkcs12_password = >pki_external_pkcs12_path = >pki_external_step_two = False >pki_group = pkiuser >pki_hostname = dc1.testipa.dom >pki_hsm_enable = False >pki_hsm_libfile = >pki_hsm_modulename = >pki_import_admin_cert = False >pki_instance_configuration_path = /etc/pki/pki-tomcat >pki_instance_name = pki-tomcat >pki_issuing_ca = https://dc1.testipa.dom:443 >pki_issuing_ca_hostname = dc1.testipa.dom >pki_issuing_ca_https_port = 443 >pki_issuing_ca_uri = https://dc1.testipa.dom:443 >pki_master_crl_enable = True >pki_ocsp_signing_key_algorithm = SHA256withRSA >pki_ocsp_signing_key_size = 2048 >pki_ocsp_signing_key_type = rsa >pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca >pki_ocsp_signing_signing_algorithm = SHA256withRSA >pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=TESTIPA.DOM >pki_ocsp_signing_token = internal >pki_pkcs12_password = >pki_pkcs12_path = >pki_profiles_in_ldap = True >pki_random_serial_numbers_enable = False >pki_replica_number_range_end = 100 >pki_replica_number_range_start = 1 >pki_replication_password = >pki_request_number_range_end = 10000000 >pki_request_number_range_start = 1 >pki_restart_configured_instance = False >pki_san_for_server_cert = >pki_san_inject = False >pki_security_domain_hostname = dc1.testipa.dom >pki_security_domain_https_port = 443 >pki_security_domain_name = IPA >pki_security_domain_password = XXXXXXXX >pki_security_domain_user = admin >pki_self_signed_token = internal >pki_serial_number_range_end = 10000000 >pki_serial_number_range_start = 1 >pki_server_database_password = XXXXXXXX >pki_share_db = False >pki_skip_configuration = False >pki_skip_ds_verify = False >pki_skip_installation = False >pki_skip_sd_verify = False >pki_sslserver_key_algorithm = SHA256withRSA >pki_sslserver_key_size = 2048 >pki_sslserver_key_type = rsa >pki_sslserver_nickname = Server-Cert cert-pki-ca >pki_sslserver_subject_dn = cn=dc1.testipa.dom,O=TESTIPA.DOM >pki_sslserver_token = internal >pki_status_request_timeout = 15 >pki_subordinate = False >pki_subordinate_create_new_security_domain = False >pki_subsystem = CA >pki_subsystem_key_algorithm = SHA256withRSA >pki_subsystem_key_size = 2048 >pki_subsystem_key_type = rsa >pki_subsystem_nickname = subsystemCert cert-pki-ca >pki_subsystem_subject_dn = cn=CA Subsystem,O=TESTIPA.DOM >pki_subsystem_token = internal >pki_subsystem_type = ca >pki_theme_enable = True >pki_theme_server_dir = /usr/share/pki/common-ui >pki_token_name = internal >pki_user = pkiuser > > >2021-10-05T12:07:29Z DEBUG Starting external process >2021-10-05T12:07:29Z DEBUG args=['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp2y20r0lg'] >2021-10-05T12:09:45Z DEBUG Process finished, return code=1 >2021-10-05T12:09:45Z DEBUG stdout=Installation log: /var/log/pki/pki-ca-spawn.20211005150730.log >Loading deployment configuration from /tmp/tmp2y20r0lg. >Installing CA into /var/lib/pki/pki-tomcat. > >Installation failed: [Errno 2] No such file or directory: 'pki-server' > > >2021-10-05T12:09:45Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present. >ERROR: FileNotFoundError: [Errno 2] No such file or directory: 'pki-server' > File "/usr/lib/python3.8/site-packages/pki/server/pkispawn.py", line 562, in main > scriptlet.spawn(deployer) > File "/usr/lib/python3.8/site-packages/pki/server/deployment/scriptlets/configuration.py", line 915, in spawn > deployer.backup_keys(instance, subsystem) > File "/usr/lib/python3.8/site-packages/pki/server/deployment/__init__.py", line 337, in backup_keys > subprocess.run(cmd, check=True) > File "/usr/lib64/python3.8/subprocess.py", line 493, in run > with Popen(*popenargs, **kwargs) as process: > File "/usr/lib64/python3.8/subprocess.py", line 858, in __init__ > self._execute_child(args, executable, preexec_fn, close_fds, > File "/usr/lib64/python3.8/subprocess.py", line 1704, in _execute_child > raise child_exception_type(errno_num, err_msg, err_filename) > > >2021-10-05T12:09:45Z CRITICAL Failed to configure CA instance >2021-10-05T12:09:45Z CRITICAL See the installation logs and the following files/directories for more information: >2021-10-05T12:09:45Z CRITICAL /var/log/pki/pki-tomcat >2021-10-05T12:09:45Z DEBUG Traceback (most recent call last): > File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 635, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 621, in run_step > method() > File "/usr/lib/python3.8/site-packages/ipaserver/install/cainstance.py", line 626, in __spawn_instance > DogtagInstance.spawn_instance( > File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 211, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 563, in handle_setup_error > raise RuntimeError( >RuntimeError: CA configuration failed. > >2021-10-05T12:09:45Z DEBUG [error] RuntimeError: CA configuration failed. >2021-10-05T12:09:45Z DEBUG Removing /root/.dogtag/pki-tomcat/ca >2021-10-05T12:09:45Z DEBUG File "/usr/lib/python3.8/site-packages/ipapython/admintool.py", line 180, in execute > return_value = self.run() > File "/usr/lib/python3.8/site-packages/ipapython/install/cli.py", line 342, in run > return cfgr.run() > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 360, in run > return self.execute() > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 386, in execute > for rval in self._executor(): > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 431, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 421, in __runner > step() > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 418, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 655, in _configure > next(executor) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 431, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 518, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 515, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 421, in __runner > step() > File "/usr/lib/python3.8/site-packages/ipapython/install/core.py", line 418, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.8/site-packages/six.py", line 719, in reraise > raise value > File "/usr/lib/python3.8/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.8/site-packages/ipapython/install/common.py", line 65, in _install > for unused in self._installer(self.parent): > File "/usr/lib/python3.8/site-packages/ipaserver/install/server/__init__.py", line 575, in main > master_install(self) > File "/usr/lib/python3.8/site-packages/ipaserver/install/server/install.py", line 275, in decorated > func(installer) > File "/usr/lib/python3.8/site-packages/ipaserver/install/server/install.py", line 909, in install > ca.install_step_0(False, None, options, custodia=custodia) > File "/usr/lib/python3.8/site-packages/ipaserver/install/ca.py", line 338, in install_step_0 > ca.configure_instance( > File "/usr/lib/python3.8/site-packages/ipaserver/install/cainstance.py", line 502, in configure_instance > self.start_creation(runtime=runtime) > File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 635, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.8/site-packages/ipaserver/install/service.py", line 621, in run_step > method() > File "/usr/lib/python3.8/site-packages/ipaserver/install/cainstance.py", line 626, in __spawn_instance > DogtagInstance.spawn_instance( > File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 211, in spawn_instance > self.handle_setup_error(e) > File "/usr/lib/python3.8/site-packages/ipaserver/install/dogtaginstance.py", line 563, in handle_setup_error > raise RuntimeError( > >2021-10-05T12:09:45Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA configuration failed. >2021-10-05T12:09:45Z ERROR CA configuration failed. >2021-10-05T12:09:45Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information >dc1 ~ #
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5537">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11491
:
5508
|
5509
|
5519
|
5520
| 5537