report.html

Report generated on 21-Jul-2019 at 14:50:25 by pytest-html v1.20.0

Environment

Packages {'pytest': '4.4.1', 'py': '1.8.0', 'pluggy': '0.9.0'}
Platform Linux-5.1.0-0.rc7.git4.1.fc31.x86_64-x86_64-with-fedora-31-Rawhide
Plugins {'metadata': '1.8.0', 'html': '1.20.0', 'sourceorder': '0.5', 'multihost': '3.0'}
Python 3.7.3

Summary

2 tests ran in 137.56 seconds.

0 passed, 0 skipped, 2 failed, 0 errors, 0 expected failures, 0 unexpected passes

Results

Result Test Duration Links
Failed test_integration/test_external_ca.py::TestMultipleExternalCA::test_master_install_ca1 94.67
self = <ipatests.test_integration.test_external_ca.TestMultipleExternalCA object at 0x7f5757961080>

def test_master_install_ca1(self):
install_server_external_ca_step1(self.master)
# Sign CA, transport it to the host and get ipa a root ca paths.
root_ca_fname1 = tempfile.mkdtemp(suffix='root_ca.crt', dir=paths.TMP)
ipa_ca_fname1 = tempfile.mkdtemp(suffix='ipa_ca.crt', dir=paths.TMP)

ipa_csr = self.master.get_file_contents(paths.ROOT_IPA_CSR)

external_ca = ExternalCA()
root_ca = external_ca.create_ca(cn='RootCA1')
ipa_ca = external_ca.sign_csr(ipa_csr)
self.master.put_file_contents(root_ca_fname1, root_ca)
self.master.put_file_contents(ipa_ca_fname1, ipa_ca)
# Step 2 of ipa-server-install.
install_server_external_ca_step2(self.master, ipa_ca_fname1,
> root_ca_fname1)

test_integration/test_external_ca.py:449:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test_integration/test_external_ca.py:93: in install_server_external_ca_step2
cmd = host.run_command(args, raiseonerr=raiseonerr)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)>
argv = ['ipa-server-install', '-U', '-r', 'IPA.TEST', '-a', 'Secret.123', ...]
set_env = True, stdin_text = None, log_stdout = True, raiseonerr = True
cwd = None, bg = False, encoding = 'utf-8'

def run_command(self, argv, set_env=True, stdin_text=None,
log_stdout=True, raiseonerr=True,
cwd=None, bg=False, encoding='utf-8'):
# Wrap run_command to log stderr on raiseonerr=True
result = super().run_command(
argv, set_env=set_env, stdin_text=stdin_text,
log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
encoding=encoding
)
if result.returncode and raiseonerr:
result.log.error('stderr: %s', result.stderr_text)
raise subprocess.CalledProcessError(
result.returncode, argv,
> result.stdout_text, result.stderr_text
)
E subprocess.CalledProcessError: Command '['ipa-server-install', '-U', '-r', 'IPA.TEST', '-a', 'Secret.123', '-p', 'Secret.123', '--external-cert-file', '/tmp/tmpkkolvwpripa_ca.crt', '--external-cert-file', '/tmp/tmphl6bazodroot_ca.crt']' returned non-zero exit status 1.

pytest_ipa/integration/host.py:120: CalledProcessError
---------------------------- Captured stdout setup -----------------------------
<ipatests.pytest_ipa.integration.config.Config object at 0x7f5759f4f780> ------------------------------ Captured log setup ------------------------------
__init__.py 267 INFO Preparing host master.ipa.test transport.py 1746 INFO Connected (version 2.0, client OpenSSH_8.0) transport.py 247 DEBUG Authenticating with private RSA key using user root transport.py 1746 INFO Authentication (publickey) successful! transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 558 DEBUG -bash: line 1: cd: /ipatests: No such file or directory transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding master.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests sftp.py 158 INFO [chan 1] Opened sftp connection (server version 3) transport.py 301 DEBUG STAT / transport.py 312 INFO MKDIR /ipatests transport.py 293 INFO WRITE /ipatests/env.sh----------------------------- Captured stderr call -----------------------------
[ipatests.pytest_ipa.integration.host.Host.master.cmd16] Using reverse zone(s) 121.168.192.in-addr.arpa. [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [ipatests.pytest_ipa.integration.host.Host.master.cmd16] The IPA Master Server will be configured with: [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Hostname: master.ipa.test [ipatests.pytest_ipa.integration.host.Host.master.cmd16] IP address(es): 192.168.121.219 [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Domain name: ipa.test [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Realm name: IPA.TEST [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [ipatests.pytest_ipa.integration.host.Host.master.cmd16] The CA will be configured with: [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Subject DN: CN=Certificate Authority,O=IPA.TEST [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Subject base: O=IPA.TEST [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Chaining: externally signed [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [ipatests.pytest_ipa.integration.host.Host.master.cmd16] BIND DNS server will be configured to serve IPA domain with: [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Forwarders: 192.168.121.1 [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Forward policy: only [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Reverse zone(s): 121.168.192.in-addr.arpa. [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Disabled p11-kit-proxy [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Configuring ipa-custodia [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [1/5]: Making sure custodia container exists [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [2/5]: Generating ipa-custodia config file [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [3/5]: Generating ipa-custodia keys [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [4/5]: starting ipa-custodia [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [5/5]: configuring ipa-custodia to start on boot [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Done configuring ipa-custodia. [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [1/30]: configuring certificate server instance [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp94664q3f'] returned non-zero exit status 1: '') [ipatests.pytest_ipa.integration.host.Host.master.cmd16] See the installation logs and the following files/directories for more information: [ipatests.pytest_ipa.integration.host.Host.master.cmd16] /var/log/pki/pki-tomcat [ipatests.pytest_ipa.integration.host.Host.master.cmd16] [error] RuntimeError: CA configuration failed. [ipatests.pytest_ipa.integration.host.Host.master.cmd16] CA configuration failed. [ipatests.pytest_ipa.integration.host.Host.master.cmd16] The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information [ipatests.pytest_ipa.integration.host.Host.master.cmd16] Exit code: 1 ipa: ERROR: stderr: Checking DNS domain ipa.test., please wait ... Checking DNS domain 121.168.192.in-addr.arpa., please wait ... Checking DNS domain 121.168.192.in-addr.arpa., please wait ... Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp94664q3f'] returned non-zero exit status 1: '') See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat CA configuration failed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information ------------------------------ Captured log call -------------------------------
__init__.py 261 INFO Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/errors to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/access to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaserver-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaserver-uninstall.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaclient-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipareplica-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipareplica-conncheck.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipareplica-ca-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaserver-kra-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipa-custodia.audit.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/iparestore.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipabackup.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/kadmind.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/krb5kdc.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/httpd/error_log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/pki/ to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/audit/audit.log to list of logs to collect transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding master.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests transport.py 293 INFO WRITE /ipatests/env.sh transport.py 301 DEBUG STAT /etc/hostname transport.py 301 DEBUG STAT /ipatests/file_backup/etc transport.py 301 DEBUG STAT /ipatests/file_backup transport.py 301 DEBUG STAT /ipatests transport.py 312 INFO MKDIR /ipatests/file_backup transport.py 312 INFO MKDIR /ipatests/file_backup/etc transport.py 318 INFO RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 513 DEBUG RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /etc/hostname transport.py 318 INFO RUN ['hostname', 'master.ipa.test'] transport.py 513 DEBUG RUN ['hostname', 'master.ipa.test'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN hostname > '/ipatests/backup_hostname' transport.py 513 DEBUG RUN hostname > '/ipatests/backup_hostname' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] transport.py 513 DEBUG RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] transport.py 558 DEBUG Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port transport.py 558 DEBUG udp UNCONN 0 0 127.0.0.1:922 0.0.0.0:* users:(("rpc.statd",pid=2018,fd=5)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:58267 0.0.0.0:* users:(("rpc.statd",pid=2018,fd=9)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:38254 0.0.0.0:* transport.py 558 DEBUG udp UNCONN 0 0 192.168.121.219%eth0:68 0.0.0.0:* users:(("NetworkManager",pid=1578,fd=20)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2017,fd=5),("systemd",pid=1,fd=81)) transport.py 558 DEBUG udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=527,fd=5)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:55995 [::]:* transport.py 558 DEBUG udp UNCONN 0 0 [::]:46630 [::]:* users:(("rpc.statd",pid=2018,fd=11)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=2017,fd=7),("systemd",pid=1,fd=83)) transport.py 558 DEBUG udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=527,fd=6)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:53447 0.0.0.0:* users:(("rpc.statd",pid=2018,fd=10)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2017,fd=4),("systemd",pid=1,fd=80)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=571,fd=3)) transport.py 558 DEBUG tcp LISTEN 0 64 0.0.0.0:40987 0.0.0.0:* transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:49588 52.219.72.194:80 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:49586 52.219.72.194:80 transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.219:22 192.168.121.73:48092 users:(("sshd",pid=12697,fd=5),("sshd",pid=12592,fd=5)) transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:42078 52.219.74.158:80 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:49576 52.219.72.194:80 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:58452 141.219.188.21:80 transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.219:908 192.168.121.1:2049 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:42076 52.219.74.158:80 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:55164 152.19.134.145:443 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:58668 141.219.188.21:443 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:58454 141.219.188.21:80 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:58670 141.219.188.21:443 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:42080 52.219.74.158:80 transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:55170 152.19.134.145:443 transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.219:22 192.168.121.1:59468 users:(("sshd",pid=2145,fd=5),("sshd",pid=2143,fd=5)) transport.py 558 DEBUG tcp TIME-WAIT 0 0 192.168.121.219:55162 152.19.134.145:443 transport.py 558 DEBUG tcp LISTEN 0 128 [::]:40297 [::]:* users:(("rpc.statd",pid=2018,fd=12)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=2017,fd=6),("systemd",pid=1,fd=82)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=571,fd=4)) transport.py 558 DEBUG tcp LISTEN 0 64 [::]:37115 [::]:* transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] transport.py 513 DEBUG RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] transport.py 558 DEBUG Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port transport.py 217 DEBUG Exit code: 0 transport.py 301 DEBUG STAT /bin/systemctl transport.py 318 INFO RUN ['systemctl', 'stop', 'httpd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'httpd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done transport.py 513 DEBUG RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'unmask', 'firewalld'] transport.py 513 DEBUG RUN ['systemctl', 'unmask', 'firewalld'] transport.py 558 DEBUG Removed /etc/systemd/system/firewalld.service. transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'enable', 'firewalld'] transport.py 513 DEBUG RUN ['systemctl', 'enable', 'firewalld'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'start', 'firewalld'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'firewalld'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse', '--external-ca'] transport.py 513 DEBUG RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse', '--external-ca'] transport.py 558 DEBUG Checking DNS domain ipa.test, please wait ... transport.py 558 DEBUG Checking DNS domain ipa.test., please wait ... transport.py 558 DEBUG Checking DNS domain 121.168.192.in-addr.arpa., please wait ... transport.py 558 DEBUG Reverse zone 121.168.192.in-addr.arpa. will be created transport.py 558 DEBUG Synchronizing time transport.py 558 DEBUG No SRV records of NTP servers found and no NTP server or pool address was provided. transport.py 558 DEBUG Attempting to sync time with chronyc. transport.py 558 DEBUG Process chronyc waitsync failed to sync time! transport.py 558 DEBUG Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network. transport.py 558 DEBUG Checking DNS domain ipa.test, please wait ... transport.py 558 DEBUG transport.py 558 DEBUG The log file for this installation can be found in /var/log/ipaserver-install.log transport.py 558 DEBUG ============================================================================== transport.py 558 DEBUG This program will set up the FreeIPA Server. transport.py 558 DEBUG Version 4.9.0.dev transport.py 558 DEBUG transport.py 558 DEBUG This includes: transport.py 558 DEBUG * Configure a stand-alone CA (dogtag) for certificate management transport.py 558 DEBUG * Configure the NTP client (chronyd) transport.py 558 DEBUG * Create and configure an instance of Directory Server transport.py 558 DEBUG * Create and configure a Kerberos Key Distribution Center (KDC) transport.py 558 DEBUG * Configure Apache (httpd) transport.py 558 DEBUG * Configure DNS (bind) transport.py 558 DEBUG * Configure the KDC to enable PKINIT transport.py 558 DEBUG transport.py 558 DEBUG Warning: skipping DNS resolution of host master.ipa.test transport.py 558 DEBUG Checking DNS forwarders, please wait ... transport.py 558 DEBUG Using reverse zone(s) 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG The IPA Master Server will be configured with: transport.py 558 DEBUG Hostname: master.ipa.test transport.py 558 DEBUG IP address(es): 192.168.121.219 transport.py 558 DEBUG Domain name: ipa.test transport.py 558 DEBUG Realm name: IPA.TEST transport.py 558 DEBUG transport.py 558 DEBUG The CA will be configured with: transport.py 558 DEBUG Subject DN: CN=Certificate Authority,O=IPA.TEST transport.py 558 DEBUG Subject base: O=IPA.TEST transport.py 558 DEBUG Chaining: externally signed (two-step installation) transport.py 558 DEBUG transport.py 558 DEBUG BIND DNS server will be configured to serve IPA domain with: transport.py 558 DEBUG Forwarders: 192.168.121.1 transport.py 558 DEBUG Forward policy: only transport.py 558 DEBUG Reverse zone(s): 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG Disabled p11-kit-proxy transport.py 558 DEBUG Using default chrony configuration. transport.py 558 DEBUG Warning: IPA was unable to sync time with chrony! transport.py 558 DEBUG Time synchronization is required for IPA to work correctly transport.py 558 DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds transport.py 558 DEBUG [1/44]: creating directory server instance transport.py 558 DEBUG transport.py 558 DEBUG Starting installation... transport.py 558 DEBUG Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@IPA-TEST.service → /usr/lib/systemd/system/dirsrv@.service. transport.py 558 DEBUG Opening SELinux policy "//etc/selinux/targeted/policy/policy.31" transport.py 558 DEBUG Successfully opened SELinux policy "//etc/selinux/targeted/policy/policy.31" transport.py 558 DEBUG Allocate local instance <class 'lib389.DirSrv'> with ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket transport.py 558 DEBUG [2/44]: configure autobind for root transport.py 558 DEBUG [3/44]: stopping directory server transport.py 558 DEBUG [4/44]: updating configuration in dse.ldif transport.py 558 DEBUG [5/44]: starting directory server transport.py 558 DEBUG [6/44]: adding default schema transport.py 558 DEBUG [7/44]: enabling memberof plugin transport.py 558 DEBUG [8/44]: enabling winsync plugin transport.py 558 DEBUG [9/44]: configure password logging transport.py 558 DEBUG [10/44]: configuring replication version plugin transport.py 558 DEBUG [11/44]: enabling IPA enrollment plugin transport.py 558 DEBUG [12/44]: configuring uniqueness plugin transport.py 558 DEBUG [13/44]: configuring uuid plugin transport.py 558 DEBUG [14/44]: configuring modrdn plugin transport.py 558 DEBUG [15/44]: configuring DNS plugin transport.py 558 DEBUG [16/44]: enabling entryUSN plugin transport.py 558 DEBUG [17/44]: configuring lockout plugin transport.py 558 DEBUG [18/44]: configuring topology plugin transport.py 558 DEBUG [19/44]: creating indices transport.py 558 DEBUG [20/44]: enabling referential integrity plugin transport.py 558 DEBUG [21/44]: configuring certmap.conf transport.py 558 DEBUG [22/44]: configure new location for managed entries transport.py 558 DEBUG [23/44]: configure dirsrv ccache and keytab transport.py 558 DEBUG [24/44]: enabling SASL mapping fallback transport.py 558 DEBUG [25/44]: restarting directory server transport.py 558 DEBUG [26/44]: adding sasl mappings to the directory transport.py 558 DEBUG [27/44]: adding default layout transport.py 558 DEBUG [28/44]: adding delegation layout transport.py 558 DEBUG [29/44]: creating container for managed entries transport.py 558 DEBUG [30/44]: configuring user private groups transport.py 558 DEBUG [31/44]: configuring netgroups from hostgroups transport.py 558 DEBUG [32/44]: creating default Sudo bind user transport.py 558 DEBUG [33/44]: creating default Auto Member layout transport.py 558 DEBUG [34/44]: adding range check plugin transport.py 558 DEBUG [35/44]: creating default HBAC rule allow_all transport.py 558 DEBUG [36/44]: adding entries for topology management transport.py 558 DEBUG [37/44]: initializing group membership transport.py 558 DEBUG [38/44]: adding master entry transport.py 558 DEBUG [39/44]: initializing domain level transport.py 558 DEBUG [40/44]: configuring Posix uid/gid generation transport.py 558 DEBUG [41/44]: adding replication acis transport.py 558 DEBUG [42/44]: activating sidgen plugin transport.py 558 DEBUG [43/44]: activating extdom plugin transport.py 558 DEBUG [44/44]: configuring directory to start on boot transport.py 558 DEBUG Done configuring directory server (dirsrv). transport.py 558 DEBUG Configuring Kerberos KDC (krb5kdc) transport.py 558 DEBUG [1/10]: adding kerberos container to the directory transport.py 558 DEBUG [2/10]: configuring KDC transport.py 558 DEBUG [3/10]: initialize kerberos container transport.py 558 DEBUG [4/10]: adding default ACIs transport.py 558 DEBUG [5/10]: creating a keytab for the directory transport.py 558 DEBUG [6/10]: creating a keytab for the machine transport.py 558 DEBUG [7/10]: adding the password extension to the directory transport.py 558 DEBUG [8/10]: creating anonymous principal transport.py 558 DEBUG [9/10]: starting the KDC transport.py 558 DEBUG [10/10]: configuring KDC to start on boot transport.py 558 DEBUG Done configuring Kerberos KDC (krb5kdc). transport.py 558 DEBUG Configuring kadmin transport.py 558 DEBUG [1/2]: starting kadmin transport.py 558 DEBUG [2/2]: configuring kadmin to start on boot transport.py 558 DEBUG Done configuring kadmin. transport.py 558 DEBUG Configuring ipa-custodia transport.py 558 DEBUG [1/5]: Making sure custodia container exists transport.py 558 DEBUG [2/5]: Generating ipa-custodia config file transport.py 558 DEBUG [3/5]: Generating ipa-custodia keys transport.py 558 DEBUG [4/5]: starting ipa-custodia transport.py 558 DEBUG [5/5]: configuring ipa-custodia to start on boot transport.py 558 DEBUG Done configuring ipa-custodia. transport.py 558 DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes transport.py 558 DEBUG [1/10]: configuring certificate server instance transport.py 558 DEBUG The ipa-server-install command was successful transport.py 558 DEBUG The next step is to get /root/ipa.csr signed by your CA and re-run /usr/sbin/ipa-server-install as: transport.py 558 DEBUG /usr/sbin/ipa-server-install --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns'] transport.py 513 DEBUG RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns'] transport.py 558 DEBUG success transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns', '--permanent'] transport.py 513 DEBUG RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns', '--permanent'] transport.py 558 DEBUG success transport.py 217 DEBUG Exit code: 0 transport.py 284 DEBUG READ /root/ipa.csr transport.py 293 INFO WRITE /tmp/tmphl6bazodroot_ca.crt transport.py 293 INFO WRITE /tmp/tmpkkolvwpripa_ca.crt transport.py 318 INFO RUN ['ipa-server-install', '-U', '-r', 'IPA.TEST', '-a', 'Secret.123', '-p', 'Secret.123', '--external-cert-file', '/tmp/tmpkkolvwpripa_ca.crt', '--external-cert-file', '/tmp/tmphl6bazodroot_ca.crt'] transport.py 513 DEBUG RUN ['ipa-server-install', '-U', '-r', 'IPA.TEST', '-a', 'Secret.123', '-p', 'Secret.123', '--external-cert-file', '/tmp/tmpkkolvwpripa_ca.crt', '--external-cert-file', '/tmp/tmphl6bazodroot_ca.crt'] transport.py 558 DEBUG Checking DNS domain ipa.test., please wait ... transport.py 558 DEBUG Checking DNS domain 121.168.192.in-addr.arpa., please wait ... transport.py 558 DEBUG Checking DNS domain 121.168.192.in-addr.arpa., please wait ... transport.py 558 DEBUG transport.py 558 DEBUG The log file for this installation can be found in /var/log/ipaserver-install.log transport.py 558 DEBUG ============================================================================== transport.py 558 DEBUG This program will set up the FreeIPA Server. transport.py 558 DEBUG Version 4.9.0.dev transport.py 558 DEBUG transport.py 558 DEBUG This includes: transport.py 558 DEBUG * Configure a stand-alone CA (dogtag) for certificate management transport.py 558 DEBUG * Configure the NTP client (chronyd) transport.py 558 DEBUG * Create and configure an instance of Directory Server transport.py 558 DEBUG * Create and configure a Kerberos Key Distribution Center (KDC) transport.py 558 DEBUG * Configure Apache (httpd) transport.py 558 DEBUG * Configure DNS (bind) transport.py 558 DEBUG * Configure the KDC to enable PKINIT transport.py 558 DEBUG transport.py 558 DEBUG Warning: skipping DNS resolution of host master.ipa.test transport.py 558 DEBUG Checking DNS forwarders, please wait ... transport.py 558 DEBUG Using reverse zone(s) 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG The IPA Master Server will be configured with: transport.py 558 DEBUG Hostname: master.ipa.test transport.py 558 DEBUG IP address(es): 192.168.121.219 transport.py 558 DEBUG Domain name: ipa.test transport.py 558 DEBUG Realm name: IPA.TEST transport.py 558 DEBUG transport.py 558 DEBUG The CA will be configured with: transport.py 558 DEBUG Subject DN: CN=Certificate Authority,O=IPA.TEST transport.py 558 DEBUG Subject base: O=IPA.TEST transport.py 558 DEBUG Chaining: externally signed transport.py 558 DEBUG transport.py 558 DEBUG BIND DNS server will be configured to serve IPA domain with: transport.py 558 DEBUG Forwarders: 192.168.121.1 transport.py 558 DEBUG Forward policy: only transport.py 558 DEBUG Reverse zone(s): 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG Disabled p11-kit-proxy transport.py 558 DEBUG Configuring ipa-custodia transport.py 558 DEBUG [1/5]: Making sure custodia container exists transport.py 558 DEBUG [2/5]: Generating ipa-custodia config file transport.py 558 DEBUG [3/5]: Generating ipa-custodia keys transport.py 558 DEBUG [4/5]: starting ipa-custodia transport.py 558 DEBUG [5/5]: configuring ipa-custodia to start on boot transport.py 558 DEBUG Done configuring ipa-custodia. transport.py 558 DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes transport.py 558 DEBUG [1/30]: configuring certificate server instance transport.py 558 DEBUG Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp94664q3f'] returned non-zero exit status 1: '') transport.py 558 DEBUG See the installation logs and the following files/directories for more information: transport.py 558 DEBUG /var/log/pki/pki-tomcat transport.py 558 DEBUG [error] RuntimeError: CA configuration failed. transport.py 558 DEBUG CA configuration failed. transport.py 558 DEBUG The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information transport.py 217 DEBUG Exit code: 1 host.py 117 ERROR stderr: Checking DNS domain ipa.test., please wait ... Checking DNS domain 121.168.192.in-addr.arpa., please wait ... Checking DNS domain 121.168.192.in-addr.arpa., please wait ... Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp94664q3f'] returned non-zero exit status 1: '') See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat CA configuration failed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
Failed test_integration/test_external_ca.py::TestMultipleExternalCA::test_master_install_ca2 3.52
self = <ipatests.test_integration.test_external_ca.TestMultipleExternalCA object at 0x7f57566e2da0>

def test_master_install_ca2(self):
root_ca_fname2 = tempfile.mkdtemp(suffix='root_ca.crt', dir=paths.TMP)
ipa_ca_fname2 = tempfile.mkdtemp(suffix='ipa_ca.crt', dir=paths.TMP)

self.master.run_command([
> paths.IPA_CACERT_MANAGE, 'renew', '--external-ca'])

test_integration/test_external_ca.py:462:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <ipatests.pytest_ipa.integration.host.Host master.ipa.test (master)>
argv = ['/usr/sbin/ipa-cacert-manage', 'renew', '--external-ca'], set_env = True
stdin_text = None, log_stdout = True, raiseonerr = True, cwd = None, bg = False
encoding = 'utf-8'

def run_command(self, argv, set_env=True, stdin_text=None,
log_stdout=True, raiseonerr=True,
cwd=None, bg=False, encoding='utf-8'):
# Wrap run_command to log stderr on raiseonerr=True
result = super().run_command(
argv, set_env=set_env, stdin_text=stdin_text,
log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
encoding=encoding
)
if result.returncode and raiseonerr:
result.log.error('stderr: %s', result.stderr_text)
raise subprocess.CalledProcessError(
result.returncode, argv,
> result.stdout_text, result.stderr_text
)
E subprocess.CalledProcessError: Command '['/usr/sbin/ipa-cacert-manage', 'renew', '--external-ca']' returned non-zero exit status 1.

pytest_ipa/integration/host.py:120: CalledProcessError
----------------------------- Captured stderr call -----------------------------
[ipatests.pytest_ipa.integration.host.Host.master.cmd16] stderr: Checking DNS domain ipa.test., please wait ... Checking DNS domain 121.168.192.in-addr.arpa., please wait ... Checking DNS domain 121.168.192.in-addr.arpa., please wait ... Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmp94664q3f'] returned non-zero exit status 1: '') See the installation logs and the following files/directories for more information: /var/log/pki/pki-tomcat CA configuration failed. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information [ipatests.pytest_ipa.integration] Collecting logs from: master.ipa.test [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['mktemp'] [ipatests.pytest_ipa.integration.host.Host.master.cmd17] RUN ['mktemp'] [ipatests.pytest_ipa.integration.host.Host.master.cmd17] /tmp/tmp.pHiQD9N8nH [ipatests.pytest_ipa.integration.host.Host.master.cmd17] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['tar', 'cJvf', '/tmp/tmp.pHiQD9N8nH', '--ignore-failed-read', '/ipatests/env.sh', '/var/log/dirsrv/slapd-IPA-TEST/errors', '/var/log/dirsrv/slapd-IPA-TEST/access', '/var/log/ipaserver-install.log', '/var/log/ipaserver-uninstall.log', '/var/log/ipaclient-install.log', '/var/log/ipaclient-uninstall.log', '/var/log/ipareplica-install.log', '/var/log/ipareplica-conncheck.log', '/var/log/ipareplica-ca-install.log', '/var/log/ipaserver-kra-install.log', '/var/log/ipa-custodia.audit.log', '/var/log/ipaclient-uninstall.log', '/var/log/iparestore.log', '/var/log/ipabackup.log', '/var/log/kadmind.log', '/var/log/krb5kdc.log', '/var/log/httpd/error_log', '/var/log/pki/', '/var/log/audit/audit.log', '/ipatests/env.sh'] [ipatests.pytest_ipa.integration.host.Host.master.cmd18] RUN ['tar', 'cJvf', '/tmp/tmp.pHiQD9N8nH', '--ignore-failed-read', '/ipatests/env.sh', '/var/log/dirsrv/slapd-IPA-TEST/errors', '/var/log/dirsrv/slapd-IPA-TEST/access', '/var/log/ipaserver-install.log', '/var/log/ipaserver-uninstall.log', '/var/log/ipaclient-install.log', '/var/log/ipaclient-uninstall.log', '/var/log/ipareplica-install.log', '/var/log/ipareplica-conncheck.log', '/var/log/ipareplica-ca-install.log', '/var/log/ipaserver-kra-install.log', '/var/log/ipa-custodia.audit.log', '/var/log/ipaclient-uninstall.log', '/var/log/iparestore.log', '/var/log/ipabackup.log', '/var/log/kadmind.log', '/var/log/krb5kdc.log', '/var/log/httpd/error_log', '/var/log/pki/', '/var/log/audit/audit.log', '/ipatests/env.sh'] [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: Removing leading `/' from member names [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: Removing leading `/' from hard link targets [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipaserver-uninstall.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipaclient-install.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipaclient-uninstall.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipareplica-install.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipareplica-conncheck.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipareplica-ca-install.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipaserver-kra-install.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipaclient-uninstall.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/iparestore.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/ipabackup.log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] tar: /var/log/httpd/error_log: Warning: Cannot stat: No such file or directory [ipatests.pytest_ipa.integration.host.Host.master.cmd18] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] READ /tmp/tmp.pHiQD9N8nH [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['rm', '-f', '/tmp/tmp.pHiQD9N8nH'] [ipatests.pytest_ipa.integration.host.Host.master.cmd19] RUN ['rm', '-f', '/tmp/tmp.pHiQD9N8nH'] [ipatests.pytest_ipa.integration.host.Host.master.cmd19] Exit code: 0 [ipatests.pytest_ipa.integration] Collecting journal from: master.ipa.test [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['journalctl', '--since', '-1h'] [ipatests.pytest_ipa.integration.host.Host.master.cmd20] RUN ['journalctl', '--since', '-1h'] [ipatests.pytest_ipa.integration.host.Host.master.cmd20] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['/usr/sbin/ipa-cacert-manage', 'renew', '--external-ca'] [ipatests.pytest_ipa.integration.host.Host.master.cmd21] RUN ['/usr/sbin/ipa-cacert-manage', 'renew', '--external-ca'] [ipatests.pytest_ipa.integration.host.Host.master.cmd21] CA certificate is not tracked by certmonger [ipatests.pytest_ipa.integration.host.Host.master.cmd21] The ipa-cacert-manage command failed. [ipatests.pytest_ipa.integration.host.Host.master.cmd21] Exit code: 1 ipa: ERROR: stderr: CA certificate is not tracked by certmonger The ipa-cacert-manage command failed. ------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['/usr/sbin/ipa-cacert-manage', 'renew', '--external-ca'] transport.py 513 DEBUG RUN ['/usr/sbin/ipa-cacert-manage', 'renew', '--external-ca'] transport.py 558 DEBUG CA certificate is not tracked by certmonger transport.py 558 DEBUG The ipa-cacert-manage command failed. transport.py 217 DEBUG Exit code: 1 host.py 117 ERROR stderr: CA certificate is not tracked by certmonger The ipa-cacert-manage command failed.