report.html

Report generated on 04-Sep-2019 at 23:48:15 by pytest-html v1.22.0

Environment

Packages {'pytest': '3.9.3', 'py': '1.7.0', 'pluggy': '0.8.1'}
Platform Linux-5.2.8-200.fc30.x86_64-x86_64-with-fedora-30-Thirty
Plugins {'metadata': '1.8.0', 'html': '1.22.0', 'sourceorder': '0.5', 'multihost': '3.0'}
Python 3.7.4

Summary

10 tests ran in 881.16 seconds.

10 passed, 0 skipped, 0 failed, 0 errors, 0 expected failures, 0 unexpected passes

Results

Result Test Duration Links
Passed test_integration/test_advise.py::TestAdvice::()::test_invalid_advice 1.15
---------------------------- Captured stdout setup -----------------------------
<ipatests.pytest_ipa.integration.config.Config object at 0x7fde72e96f50>
---------------------------- Captured stderr setup -----------------------------
[ipatests.pytest_ipa.integration.host.Host.master.cmd30] Allow PTR sync: TRUE [ipatests.pytest_ipa.integration.host.Host.master.cmd30] IPA DNS servers: master.ipa.test [ipatests.pytest_ipa.integration.host.Host.master.cmd30] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] [ipatests.pytest_ipa.integration.host.Host.master.cmd31] RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] [ipatests.pytest_ipa.integration.host.Host.master.cmd31] ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists [ipatests.pytest_ipa.integration.host.Host.master.cmd31] Exit code: 1 ipa: WARNING: ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists
------------------------------ Captured log setup ------------------------------
__init__.py 267 INFO Preparing host client0.ipa.test transport.py 1760 INFO Connected (version 2.0, client OpenSSH_8.0) transport.py 247 DEBUG Authenticating with private RSA key using user root transport.py 1760 INFO Authentication (publickey) successful! transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 558 DEBUG -bash: line 1: cd: /ipatests: No such file or directory transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding client0.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests sftp.py 158 INFO [chan 1] Opened sftp connection (server version 3) transport.py 301 DEBUG STAT / transport.py 312 INFO MKDIR /ipatests transport.py 293 INFO WRITE /ipatests/env.sh __init__.py 267 INFO Preparing host master.ipa.test transport.py 1760 INFO Connected (version 2.0, client OpenSSH_8.0) transport.py 247 DEBUG Authenticating with private RSA key using user root transport.py 1760 INFO Authentication (publickey) successful! transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 558 DEBUG -bash: line 1: cd: /ipatests: No such file or directory transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding master.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests sftp.py 158 INFO [chan 1] Opened sftp connection (server version 3) transport.py 301 DEBUG STAT / transport.py 312 INFO MKDIR /ipatests transport.py 293 INFO WRITE /ipatests/env.sh __init__.py 261 INFO Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/errors to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/access to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaserver-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaserver-uninstall.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaclient-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipareplica-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipareplica-conncheck.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipareplica-ca-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaserver-kra-install.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipa-custodia.audit.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/iparestore.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/ipabackup.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/kadmind.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/krb5kdc.log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/httpd/error_log to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/pki/ to list of logs to collect __init__.py 261 INFO Adding master.ipa.test:/var/log/audit/audit.log to list of logs to collect transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding master.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests transport.py 293 INFO WRITE /ipatests/env.sh transport.py 301 DEBUG STAT /etc/hostname transport.py 301 DEBUG STAT /ipatests/file_backup/etc transport.py 301 DEBUG STAT /ipatests/file_backup transport.py 301 DEBUG STAT /ipatests transport.py 312 INFO MKDIR /ipatests/file_backup transport.py 312 INFO MKDIR /ipatests/file_backup/etc transport.py 318 INFO RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 513 DEBUG RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /etc/hostname transport.py 318 INFO RUN ['hostname', 'master.ipa.test'] transport.py 513 DEBUG RUN ['hostname', 'master.ipa.test'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN hostname > '/ipatests/backup_hostname' transport.py 513 DEBUG RUN hostname > '/ipatests/backup_hostname' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] transport.py 513 DEBUG RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] transport.py 558 DEBUG Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:42517 0.0.0.0:* users:(("rpc.statd",pid=1994,fd=9)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=1602,fd=7)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=1993,fd=5),("systemd",pid=1,fd=102)) transport.py 558 DEBUG udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=505,fd=5)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:41783 0.0.0.0:* transport.py 558 DEBUG udp UNCONN 0 0 127.0.0.1:898 0.0.0.0:* users:(("rpc.statd",pid=1994,fd=5)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:58777 [::]:* transport.py 558 DEBUG udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=1993,fd=7),("systemd",pid=1,fd=104)) transport.py 558 DEBUG udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=505,fd=6)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:46109 [::]:* users:(("rpc.statd",pid=1994,fd=11)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:52527 0.0.0.0:* users:(("rpc.statd",pid=1994,fd=10)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=1993,fd=4),("systemd",pid=1,fd=101)) transport.py 558 DEBUG tcp LISTEN 0 64 0.0.0.0:35253 0.0.0.0:* transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=553,fd=3)) transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.79:22 192.168.121.52:42866 users:(("sshd",pid=16348,fd=5),("sshd",pid=16346,fd=5)) transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.79:696 192.168.121.1:2049 transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.79:22 192.168.121.1:44704 users:(("sshd",pid=15767,fd=5),("sshd",pid=15758,fd=5)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=1993,fd=6),("systemd",pid=1,fd=103)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=553,fd=4)) transport.py 558 DEBUG tcp LISTEN 0 64 [::]:35039 [::]:* transport.py 558 DEBUG tcp LISTEN 0 128 [::]:52965 [::]:* users:(("rpc.statd",pid=1994,fd=12)) transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] transport.py 513 DEBUG RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] transport.py 558 DEBUG Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port transport.py 217 DEBUG Exit code: 0 transport.py 301 DEBUG STAT /bin/systemctl transport.py 318 INFO RUN ['systemctl', 'stop', 'httpd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'httpd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done transport.py 513 DEBUG RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'unmask', 'firewalld'] transport.py 513 DEBUG RUN ['systemctl', 'unmask', 'firewalld'] transport.py 558 DEBUG Removed /etc/systemd/system/firewalld.service. transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'enable', 'firewalld'] transport.py 513 DEBUG RUN ['systemctl', 'enable', 'firewalld'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'start', 'firewalld'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'firewalld'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse'] transport.py 513 DEBUG RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse'] transport.py 558 DEBUG Checking DNS domain ipa.test, please wait ... transport.py 558 DEBUG Checking DNS domain ipa.test., please wait ... transport.py 558 DEBUG Checking DNS domain 121.168.192.in-addr.arpa., please wait ... transport.py 558 DEBUG Reverse zone 121.168.192.in-addr.arpa. will be created transport.py 558 DEBUG Synchronizing time transport.py 558 DEBUG No SRV records of NTP servers found and no NTP server or pool address was provided. transport.py 558 DEBUG Attempting to sync time with chronyc. transport.py 558 DEBUG Process chronyc waitsync failed to sync time! transport.py 558 DEBUG Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network. transport.py 558 DEBUG Checking DNS domain ipa.test, please wait ... transport.py 558 DEBUG transport.py 558 DEBUG The log file for this installation can be found in /var/log/ipaserver-install.log transport.py 558 DEBUG ============================================================================== transport.py 558 DEBUG This program will set up the FreeIPA Server. transport.py 558 DEBUG Version 4.9.0.dev transport.py 558 DEBUG transport.py 558 DEBUG This includes: transport.py 558 DEBUG * Configure a stand-alone CA (dogtag) for certificate management transport.py 558 DEBUG * Configure the NTP client (chronyd) transport.py 558 DEBUG * Create and configure an instance of Directory Server transport.py 558 DEBUG * Create and configure a Kerberos Key Distribution Center (KDC) transport.py 558 DEBUG * Configure Apache (httpd) transport.py 558 DEBUG * Configure DNS (bind) transport.py 558 DEBUG * Configure the KDC to enable PKINIT transport.py 558 DEBUG transport.py 558 DEBUG Warning: skipping DNS resolution of host master.ipa.test transport.py 558 DEBUG Checking DNS forwarders, please wait ... transport.py 558 DEBUG Using reverse zone(s) 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG The IPA Master Server will be configured with: transport.py 558 DEBUG Hostname: master.ipa.test transport.py 558 DEBUG IP address(es): 192.168.121.79 transport.py 558 DEBUG Domain name: ipa.test transport.py 558 DEBUG Realm name: IPA.TEST transport.py 558 DEBUG transport.py 558 DEBUG The CA will be configured with: transport.py 558 DEBUG Subject DN: CN=Certificate Authority,O=IPA.TEST transport.py 558 DEBUG Subject base: O=IPA.TEST transport.py 558 DEBUG Chaining: self-signed transport.py 558 DEBUG transport.py 558 DEBUG BIND DNS server will be configured to serve IPA domain with: transport.py 558 DEBUG Forwarders: 192.168.121.1 transport.py 558 DEBUG Forward policy: only transport.py 558 DEBUG Reverse zone(s): 121.168.192.in-addr.arpa. transport.py 558 DEBUG transport.py 558 DEBUG Disabled p11-kit-proxy transport.py 558 DEBUG Using default chrony configuration. transport.py 558 DEBUG Warning: IPA was unable to sync time with chrony! transport.py 558 DEBUG Time synchronization is required for IPA to work correctly transport.py 558 DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds transport.py 558 DEBUG [1/44]: creating directory server instance transport.py 558 DEBUG transport.py 558 DEBUG Starting installation... transport.py 558 DEBUG Created symlink /etc/systemd/system/multi-user.target.wants/dirsrv@IPA-TEST.service → /usr/lib/systemd/system/dirsrv@.service. transport.py 558 DEBUG Opening SELinux policy "//etc/selinux/targeted/policy/policy.31" transport.py 558 DEBUG Successfully opened SELinux policy "//etc/selinux/targeted/policy/policy.31" transport.py 558 DEBUG Allocate local instance <class 'lib389.DirSrv'> with ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket transport.py 558 DEBUG [2/44]: configure autobind for root transport.py 558 DEBUG [3/44]: stopping directory server transport.py 558 DEBUG [4/44]: updating configuration in dse.ldif transport.py 558 DEBUG [5/44]: starting directory server transport.py 558 DEBUG [6/44]: adding default schema transport.py 558 DEBUG [7/44]: enabling memberof plugin transport.py 558 DEBUG [8/44]: enabling winsync plugin transport.py 558 DEBUG [9/44]: configure password logging transport.py 558 DEBUG [10/44]: configuring replication version plugin transport.py 558 DEBUG [11/44]: enabling IPA enrollment plugin transport.py 558 DEBUG [12/44]: configuring uniqueness plugin transport.py 558 DEBUG [13/44]: configuring uuid plugin transport.py 558 DEBUG [14/44]: configuring modrdn plugin transport.py 558 DEBUG [15/44]: configuring DNS plugin transport.py 558 DEBUG [16/44]: enabling entryUSN plugin transport.py 558 DEBUG [17/44]: configuring lockout plugin transport.py 558 DEBUG [18/44]: configuring topology plugin transport.py 558 DEBUG [19/44]: creating indices transport.py 558 DEBUG [20/44]: enabling referential integrity plugin transport.py 558 DEBUG [21/44]: configuring certmap.conf transport.py 558 DEBUG [22/44]: configure new location for managed entries transport.py 558 DEBUG [23/44]: configure dirsrv ccache and keytab transport.py 558 DEBUG [24/44]: enabling SASL mapping fallback transport.py 558 DEBUG [25/44]: restarting directory server transport.py 558 DEBUG [26/44]: adding sasl mappings to the directory transport.py 558 DEBUG [27/44]: adding default layout transport.py 558 DEBUG [28/44]: adding delegation layout transport.py 558 DEBUG [29/44]: creating container for managed entries transport.py 558 DEBUG [30/44]: configuring user private groups transport.py 558 DEBUG [31/44]: configuring netgroups from hostgroups transport.py 558 DEBUG [32/44]: creating default Sudo bind user transport.py 558 DEBUG [33/44]: creating default Auto Member layout transport.py 558 DEBUG [34/44]: adding range check plugin transport.py 558 DEBUG [35/44]: creating default HBAC rule allow_all transport.py 558 DEBUG [36/44]: adding entries for topology management transport.py 558 DEBUG [37/44]: initializing group membership transport.py 558 DEBUG [38/44]: adding master entry transport.py 558 DEBUG [39/44]: initializing domain level transport.py 558 DEBUG [40/44]: configuring Posix uid/gid generation transport.py 558 DEBUG [41/44]: adding replication acis transport.py 558 DEBUG [42/44]: activating sidgen plugin transport.py 558 DEBUG [43/44]: activating extdom plugin transport.py 558 DEBUG [44/44]: configuring directory to start on boot transport.py 558 DEBUG Done configuring directory server (dirsrv). transport.py 558 DEBUG Configuring Kerberos KDC (krb5kdc) transport.py 558 DEBUG [1/10]: adding kerberos container to the directory transport.py 558 DEBUG [2/10]: configuring KDC transport.py 558 DEBUG [3/10]: initialize kerberos container transport.py 558 DEBUG [4/10]: adding default ACIs transport.py 558 DEBUG [5/10]: creating a keytab for the directory transport.py 558 DEBUG [6/10]: creating a keytab for the machine transport.py 558 DEBUG [7/10]: adding the password extension to the directory transport.py 558 DEBUG [8/10]: creating anonymous principal transport.py 558 DEBUG [9/10]: starting the KDC transport.py 558 DEBUG [10/10]: configuring KDC to start on boot transport.py 558 DEBUG Done configuring Kerberos KDC (krb5kdc). transport.py 558 DEBUG Configuring kadmin transport.py 558 DEBUG [1/2]: starting kadmin transport.py 558 DEBUG [2/2]: configuring kadmin to start on boot transport.py 558 DEBUG Done configuring kadmin. transport.py 558 DEBUG Configuring ipa-custodia transport.py 558 DEBUG [1/5]: Making sure custodia container exists transport.py 558 DEBUG [2/5]: Generating ipa-custodia config file transport.py 558 DEBUG [3/5]: Generating ipa-custodia keys transport.py 558 DEBUG [4/5]: starting ipa-custodia transport.py 558 DEBUG [5/5]: configuring ipa-custodia to start on boot transport.py 558 DEBUG Done configuring ipa-custodia. transport.py 558 DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes transport.py 558 DEBUG [1/29]: configuring certificate server instance transport.py 558 DEBUG [2/29]: Add ipa-pki-wait-running transport.py 558 DEBUG [3/29]: reindex attributes transport.py 558 DEBUG [4/29]: exporting Dogtag certificate store pin transport.py 558 DEBUG [5/29]: stopping certificate server instance to update CS.cfg transport.py 558 DEBUG [6/29]: backing up CS.cfg transport.py 558 DEBUG [7/29]: disabling nonces transport.py 558 DEBUG [8/29]: set up CRL publishing transport.py 558 DEBUG [9/29]: enable PKIX certificate path discovery and validation transport.py 558 DEBUG [10/29]: starting certificate server instance transport.py 558 DEBUG [11/29]: configure certmonger for renewals transport.py 558 DEBUG [12/29]: requesting RA certificate from CA transport.py 558 DEBUG [13/29]: setting audit signing renewal to 2 years transport.py 558 DEBUG [14/29]: restarting certificate server transport.py 558 DEBUG [15/29]: publishing the CA certificate transport.py 558 DEBUG [16/29]: adding RA agent as a trusted user transport.py 558 DEBUG [17/29]: authorizing RA to modify profiles transport.py 558 DEBUG [18/29]: authorizing RA to manage lightweight CAs transport.py 558 DEBUG [19/29]: Ensure lightweight CAs container exists transport.py 558 DEBUG [20/29]: configure certificate renewals transport.py 558 DEBUG [21/29]: Configure HTTP to proxy connections transport.py 558 DEBUG [22/29]: restarting certificate server transport.py 558 DEBUG [23/29]: updating IPA configuration transport.py 558 DEBUG [24/29]: enabling CA instance transport.py 558 DEBUG [25/29]: migrating certificate profiles to LDAP transport.py 558 DEBUG [26/29]: importing IPA certificate profiles transport.py 558 DEBUG [27/29]: adding default CA ACL transport.py 558 DEBUG [28/29]: adding 'ipa' CA entry transport.py 558 DEBUG [29/29]: configuring certmonger renewal for lightweight CAs transport.py 558 DEBUG Done configuring certificate server (pki-tomcatd). transport.py 558 DEBUG Configuring directory server (dirsrv) transport.py 558 DEBUG [1/3]: configuring TLS for DS instance transport.py 558 DEBUG [2/3]: adding CA certificate entry transport.py 558 DEBUG [3/3]: restarting directory server transport.py 558 DEBUG Done configuring directory server (dirsrv). transport.py 558 DEBUG Configuring ipa-otpd transport.py 558 DEBUG [1/2]: starting ipa-otpd transport.py 558 DEBUG [2/2]: configuring ipa-otpd to start on boot transport.py 558 DEBUG Done configuring ipa-otpd. transport.py 558 DEBUG Configuring the web interface (httpd) transport.py 558 DEBUG [1/21]: stopping httpd transport.py 558 DEBUG [2/21]: backing up ssl.conf transport.py 558 DEBUG [3/21]: disabling nss.conf transport.py 558 DEBUG [4/21]: configuring mod_ssl certificate paths transport.py 558 DEBUG [5/21]: setting mod_ssl protocol list transport.py 558 DEBUG [6/21]: configuring mod_ssl log directory transport.py 558 DEBUG [7/21]: disabling mod_ssl OCSP transport.py 558 DEBUG [8/21]: adding URL rewriting rules transport.py 558 DEBUG [9/21]: configuring httpd transport.py 558 DEBUG [10/21]: setting up httpd keytab transport.py 558 DEBUG [11/21]: configuring Gssproxy transport.py 558 DEBUG [12/21]: setting up ssl transport.py 558 DEBUG [13/21]: configure certmonger for renewals transport.py 558 DEBUG [14/21]: publish CA cert transport.py 558 DEBUG [15/21]: clean up any existing httpd ccaches transport.py 558 DEBUG [16/21]: configuring SELinux for httpd transport.py 558 DEBUG [17/21]: create KDC proxy config transport.py 558 DEBUG [18/21]: enable KDC proxy transport.py 558 DEBUG [19/21]: starting httpd transport.py 558 DEBUG [20/21]: configuring httpd to start on boot transport.py 558 DEBUG [21/21]: enabling oddjobd transport.py 558 DEBUG Done configuring the web interface (httpd). transport.py 558 DEBUG Configuring Kerberos KDC (krb5kdc) transport.py 558 DEBUG [1/1]: installing X509 Certificate for PKINIT transport.py 558 DEBUG Done configuring Kerberos KDC (krb5kdc). transport.py 558 DEBUG Applying LDAP updates transport.py 558 DEBUG Upgrading IPA:. Estimated time: 1 minute 30 seconds transport.py 558 DEBUG [1/11]: stopping directory server transport.py 558 DEBUG [2/11]: saving configuration transport.py 558 DEBUG [3/11]: disabling listeners transport.py 558 DEBUG [4/11]: enabling DS global lock transport.py 558 DEBUG [5/11]: disabling Schema Compat transport.py 558 DEBUG [6/11]: starting directory server transport.py 558 DEBUG [7/11]: updating schema transport.py 558 DEBUG [8/11]: upgrading server transport.py 558 DEBUG [9/11]: stopping directory server transport.py 558 DEBUG [10/11]: restoring configuration transport.py 558 DEBUG [11/11]: starting directory server transport.py 558 DEBUG Done. transport.py 558 DEBUG Restarting the KDC transport.py 558 DEBUG Configuring DNS (named) transport.py 558 DEBUG [1/12]: generating rndc key file transport.py 558 DEBUG [2/12]: adding DNS container transport.py 558 DEBUG [3/12]: setting up our zone transport.py 558 DEBUG [4/12]: setting up reverse zone transport.py 558 DEBUG [5/12]: setting up our own record transport.py 558 DEBUG [6/12]: setting up records for other masters transport.py 558 DEBUG [7/12]: adding NS record to the zones transport.py 558 DEBUG [8/12]: setting up kerberos principal transport.py 558 DEBUG [9/12]: setting up named.conf transport.py 558 DEBUG [10/12]: setting up server configuration transport.py 558 DEBUG [11/12]: configuring named to start on boot transport.py 558 DEBUG [12/12]: changing resolv.conf to point to ourselves transport.py 558 DEBUG Done configuring DNS (named). transport.py 558 DEBUG Restarting the web server to pick up resolv.conf changes transport.py 558 DEBUG Configuring DNS key synchronization service (ipa-dnskeysyncd) transport.py 558 DEBUG [1/7]: checking status transport.py 558 DEBUG [2/7]: setting up bind-dyndb-ldap working directory transport.py 558 DEBUG [3/7]: setting up kerberos principal transport.py 558 DEBUG [4/7]: setting up SoftHSM transport.py 558 DEBUG [5/7]: adding DNSSEC containers transport.py 558 DEBUG [6/7]: creating replica keys transport.py 558 DEBUG [7/7]: configuring ipa-dnskeysyncd to start on boot transport.py 558 DEBUG Done configuring DNS key synchronization service (ipa-dnskeysyncd). transport.py 558 DEBUG Restarting ipa-dnskeysyncd transport.py 558 DEBUG Restarting named transport.py 558 DEBUG Updating DNS system records transport.py 558 DEBUG Configuring client side components transport.py 558 DEBUG Using existing certificate '/etc/ipa/ca.crt'. transport.py 558 DEBUG Client hostname: master.ipa.test transport.py 558 DEBUG Realm: IPA.TEST transport.py 558 DEBUG DNS Domain: ipa.test transport.py 558 DEBUG IPA Server: master.ipa.test transport.py 558 DEBUG BaseDN: dc=ipa,dc=test transport.py 558 DEBUG Configured sudoers in /etc/authselect/user-nsswitch.conf transport.py 558 DEBUG Configured /etc/sssd/sssd.conf transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub transport.py 558 DEBUG SSSD enabled transport.py 558 DEBUG Configured /etc/openldap/ldap.conf transport.py 558 DEBUG Configured /etc/ssh/ssh_config transport.py 558 DEBUG Configured /etc/ssh/sshd_config transport.py 558 DEBUG Configuring ipa.test as NIS domain. transport.py 558 DEBUG Client configuration complete. transport.py 558 DEBUG The ipa-client-install command was successful transport.py 558 DEBUG This program will set up FreeIPA client. transport.py 558 DEBUG Version 4.9.0.dev transport.py 558 DEBUG transport.py 558 DEBUG transport.py 558 DEBUG The ipa-server-install command was successful transport.py 558 DEBUG transport.py 558 DEBUG ============================================================================== transport.py 558 DEBUG Setup complete transport.py 558 DEBUG transport.py 558 DEBUG Next steps: transport.py 558 DEBUG 1. You must make sure these network ports are open: transport.py 558 DEBUG TCP Ports: transport.py 558 DEBUG * 80, 443: HTTP/HTTPS transport.py 558 DEBUG * 389, 636: LDAP/LDAPS transport.py 558 DEBUG * 88, 464: kerberos transport.py 558 DEBUG * 53: bind transport.py 558 DEBUG UDP Ports: transport.py 558 DEBUG * 88, 464: kerberos transport.py 558 DEBUG * 53: bind transport.py 558 DEBUG * 123: ntp transport.py 558 DEBUG transport.py 558 DEBUG 2. You can now obtain a kerberos ticket using the command: 'kinit admin' transport.py 558 DEBUG This ticket will allow you to use the IPA tools (e.g., ipa user-add) transport.py 558 DEBUG and the web user interface. transport.py 558 DEBUG transport.py 558 DEBUG Be sure to back up the CA certificates stored in /root/cacert.p12 transport.py 558 DEBUG These files are required to create replicas. The password for these transport.py 558 DEBUG files is the Directory Manager password transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns'] transport.py 513 DEBUG RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns'] transport.py 558 DEBUG success transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns', '--permanent'] transport.py 513 DEBUG RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns', '--permanent'] transport.py 558 DEBUG success transport.py 217 DEBUG Exit code: 0 tasks.py 300 INFO Set LDAP debug level transport.py 318 INFO RUN ['ldapmodify', '-x', '-D', 'cn=Directory Manager', '-w', 'Secret.123'] transport.py 513 DEBUG RUN ['ldapmodify', '-x', '-D', 'cn=Directory Manager', '-w', 'Secret.123'] transport.py 558 DEBUG modifying entry "cn=config" transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] transport.py 513 DEBUG RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] transport.py 513 DEBUG RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding master.ipa.test:/var/log/sssd to list of logs to collect transport.py 301 DEBUG STAT /bin/systemctl transport.py 318 INFO RUN ['systemctl', 'stop', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 513 DEBUG RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 558 DEBUG removed '/var/lib/sss/db/config.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_ipa.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_ipa.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/sssd.ldb' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 558 DEBUG removed '/var/lib/sss/mc/group' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 558 DEBUG removed '/var/lib/sss/mc/passwd' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'start', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnszone-mod', 'ipa.test', '--default-ttl', '1', '--ttl', '1'] transport.py 513 DEBUG RUN ['ipa', 'dnszone-mod', 'ipa.test', '--default-ttl', '1', '--ttl', '1'] transport.py 558 DEBUG ipa: WARNING: Service named-pkcs11.service requires restart on IPA server <all IPA DNS servers> to apply configuration changes. transport.py 558 DEBUG Zone name: ipa.test. transport.py 558 DEBUG Active zone: TRUE transport.py 558 DEBUG Authoritative nameserver: master.ipa.test. transport.py 558 DEBUG Administrator e-mail address: hostmaster.ipa.test. transport.py 558 DEBUG SOA serial: 1567640529 transport.py 558 DEBUG SOA refresh: 3600 transport.py 558 DEBUG SOA retry: 900 transport.py 558 DEBUG SOA expire: 1209600 transport.py 558 DEBUG SOA minimum: 3600 transport.py 558 DEBUG Time to live: 1 transport.py 558 DEBUG Default time to live: 1 transport.py 558 DEBUG Allow query: any; transport.py 558 DEBUG Allow transfer: none; transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'client0.ipa.test.'] transport.py 513 DEBUG RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'client0.ipa.test.'] transport.py 558 DEBUG ipa: ERROR: client0.ipa.test.: DNS resource record not found transport.py 217 DEBUG Exit code: 2 transport.py 318 INFO RUN ['ipa', 'dnsrecord-add', 'ipa.test', 'client0.ipa.test.', '--a-rec', '192.168.121.86'] transport.py 513 DEBUG RUN ['ipa', 'dnsrecord-add', 'ipa.test', 'client0.ipa.test.', '--a-rec', '192.168.121.86'] transport.py 558 DEBUG Record name: client0 transport.py 558 DEBUG A record: 192.168.121.86 transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'master.ipa.test.'] transport.py 513 DEBUG RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'master.ipa.test.'] transport.py 558 DEBUG Record name: master transport.py 558 DEBUG A record: 192.168.121.79 transport.py 558 DEBUG SSHFP record: 1 1 8919BCCCFF07B1DCE9CB286730F7DCE1820368B4, 1 2 2C502B38C6217B6869C0CCF264C1C393AC2D3A464A259BE1B57F3779 614A95D0, 3 1 1993BB1316B2FA9D151AE38388EE75C4C3065EE1, 3 2 C2AA561E7137C226BC824D04B2A50F6813E6497197FBB9E2529B89F5 048E34D1, 4 1 E433213FCC7B6790AF3622DC118692D6D7A27B4A, 4 2 BD097537018A2A13D6FF15D6C65439B998A02CB6B12FB5EF3ACBD8D2 46F23CEE transport.py 217 DEBUG Exit code: 0 tasks.py 1259 INFO Installing client <Host master.ipa.test (master)> on <Host client0.ipa.test (client)> __init__.py 261 INFO Adding client0.ipa.test:/var/log/ipaclient-install.log to list of logs to collect transport.py 318 INFO RUN ['true'] transport.py 513 DEBUG RUN ['true'] transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding client0.ipa.test:/ipatests/env.sh to list of logs to collect transport.py 301 DEBUG STAT /ipatests transport.py 293 INFO WRITE /ipatests/env.sh transport.py 301 DEBUG STAT /etc/hostname transport.py 301 DEBUG STAT /ipatests/file_backup/etc transport.py 301 DEBUG STAT /ipatests/file_backup transport.py 301 DEBUG STAT /ipatests transport.py 312 INFO MKDIR /ipatests/file_backup transport.py 312 INFO MKDIR /ipatests/file_backup/etc transport.py 318 INFO RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 513 DEBUG RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /etc/hostname transport.py 318 INFO RUN ['hostname', 'client0.ipa.test'] transport.py 513 DEBUG RUN ['hostname', 'client0.ipa.test'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN hostname > '/ipatests/backup_hostname' transport.py 513 DEBUG RUN hostname > '/ipatests/backup_hostname' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] transport.py 513 DEBUG RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] transport.py 558 DEBUG Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=1601,fd=7)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2011,fd=5),("systemd",pid=1,fd=79)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:48441 0.0.0.0:* transport.py 558 DEBUG udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=501,fd=5)) transport.py 558 DEBUG udp UNCONN 0 0 0.0.0.0:36647 0.0.0.0:* users:(("rpc.statd",pid=2012,fd=9)) transport.py 558 DEBUG udp UNCONN 0 0 127.0.0.1:916 0.0.0.0:* users:(("rpc.statd",pid=2012,fd=5)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=2011,fd=7),("systemd",pid=1,fd=81)) transport.py 558 DEBUG udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=501,fd=6)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:46425 [::]:* users:(("rpc.statd",pid=2012,fd=11)) transport.py 558 DEBUG udp UNCONN 0 0 [::]:52638 [::]:* transport.py 558 DEBUG tcp LISTEN 0 64 0.0.0.0:39947 0.0.0.0:* transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:34669 0.0.0.0:* users:(("rpc.statd",pid=2012,fd=10)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2011,fd=4),("systemd",pid=1,fd=78)) transport.py 558 DEBUG tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=539,fd=3)) transport.py 558 DEBUG tcp ESTAB 0 0 192.168.121.86:22 192.168.121.52:51928 users:(("sshd",pid=16346,fd=5),("sshd",pid=16344,fd=5)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=2011,fd=6),("systemd",pid=1,fd=80)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:47441 [::]:* users:(("rpc.statd",pid=2012,fd=12)) transport.py 558 DEBUG tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=539,fd=4)) transport.py 558 DEBUG tcp LISTEN 0 64 [::]:46871 [::]:* transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] transport.py 513 DEBUG RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] transport.py 558 DEBUG Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnsconfig-mod', '--allow-sync-ptr=true'] transport.py 513 DEBUG RUN ['ipa', 'dnsconfig-mod', '--allow-sync-ptr=true'] transport.py 558 DEBUG Allow PTR sync: TRUE transport.py 558 DEBUG IPA DNS servers: master.ipa.test transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] transport.py 513 DEBUG RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] transport.py 558 DEBUG ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists transport.py 217 DEBUG Exit code: 1 tasks.py 146 WARNING ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists transport.py 318 INFO RUN ['ipa-client-install', '--domain', 'ipa.test', '--realm', 'IPA.TEST', '-p', 'admin', '-w', 'Secret.123', '--server', 'master.ipa.test', '-U'] transport.py 513 DEBUG RUN ['ipa-client-install', '--domain', 'ipa.test', '--realm', 'IPA.TEST', '-p', 'admin', '-w', 'Secret.123', '--server', 'master.ipa.test', '-U'] transport.py 558 DEBUG Client hostname: client0.ipa.test transport.py 558 DEBUG Realm: IPA.TEST transport.py 558 DEBUG DNS Domain: ipa.test transport.py 558 DEBUG IPA Server: master.ipa.test transport.py 558 DEBUG BaseDN: dc=ipa,dc=test transport.py 558 DEBUG Synchronizing time transport.py 558 DEBUG No SRV records of NTP servers found and no NTP server or pool address was provided. transport.py 558 DEBUG Attempting to sync time with chronyc. transport.py 558 DEBUG Process chronyc waitsync failed to sync time! transport.py 558 DEBUG Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network. transport.py 558 DEBUG Successfully retrieved CA cert transport.py 558 DEBUG Subject: CN=Certificate Authority,O=IPA.TEST transport.py 558 DEBUG Issuer: CN=Certificate Authority,O=IPA.TEST transport.py 558 DEBUG Valid From: 2019-09-04 23:35:48 transport.py 558 DEBUG Valid Until: 2039-09-04 23:35:48 transport.py 558 DEBUG transport.py 558 DEBUG Enrolled in IPA realm IPA.TEST transport.py 558 DEBUG Created /etc/ipa/default.conf transport.py 558 DEBUG Configured sudoers in /etc/authselect/user-nsswitch.conf transport.py 558 DEBUG Configured /etc/sssd/sssd.conf transport.py 558 DEBUG Configured /etc/krb5.conf for IPA realm IPA.TEST transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG Hostname (client0.ipa.test) does not have A/AAAA record. transport.py 558 DEBUG Failed to update DNS records. transport.py 558 DEBUG Missing A/AAAA record(s) for host client0.ipa.test: 192.168.121.86. transport.py 558 DEBUG Missing reverse record(s) for address(es): 192.168.121.86. transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub transport.py 558 DEBUG Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub transport.py 558 DEBUG Could not update DNS SSHFP records. transport.py 558 DEBUG SSSD enabled transport.py 558 DEBUG Configured /etc/openldap/ldap.conf transport.py 558 DEBUG Configured /etc/ssh/ssh_config transport.py 558 DEBUG Configured /etc/ssh/sshd_config transport.py 558 DEBUG Configuring ipa.test as NIS domain. transport.py 558 DEBUG Client configuration complete. transport.py 558 DEBUG The ipa-client-install command was successful transport.py 558 DEBUG This program will set up FreeIPA client. transport.py 558 DEBUG Version 4.9.0.dev transport.py 558 DEBUG transport.py 558 DEBUG transport.py 558 DEBUG Using default chrony configuration. transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] transport.py 513 DEBUG RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] transport.py 513 DEBUG RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] transport.py 217 DEBUG Exit code: 0 __init__.py 261 INFO Adding client0.ipa.test:/var/log/sssd to list of logs to collect transport.py 301 DEBUG STAT /bin/systemctl transport.py 318 INFO RUN ['systemctl', 'stop', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 513 DEBUG RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 558 DEBUG removed '/var/lib/sss/db/config.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_ipa.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_ipa.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/sssd.ldb' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 558 DEBUG removed '/var/lib/sss/mc/group' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 558 DEBUG removed '/var/lib/sss/mc/passwd' transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['systemctl', 'start', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'invalid-advise-param'] transport.py 513 DEBUG RUN ['ipa-advise', 'invalid-advise-param'] transport.py 558 DEBUG invalid 'advice': No instructions are available for 'invalid-advise-param'. See the list of available configuration by invoking the ipa-advise command with no argument. transport.py 558 DEBUG The ipa-advise command failed. transport.py 217 DEBUG Exit code: 1
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_FreeBSDNSSPAM 1.55
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-freebsd-nss-pam-ldapd'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-freebsd-nss-pam-ldapd'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a FreeBSD system with nss-pam-ldapd. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages transport.py 558 DEBUG pkg_add -r nss-pam-ldapd curl transport.py 558 DEBUG transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG curl -k https://master.ipa.test/ipa/config/ca.crt > /usr/local/etc/ipa.crt transport.py 558 DEBUG # Configure nsswitch.conf transport.py 558 DEBUG sed -i '' -e 's/^passwd:/passwd: files ldap/' /etc/nsswitch.conf transport.py 558 DEBUG sed -i '' -e 's/^group:/group: files ldap/' /etc/nsswitch.conf transport.py 558 DEBUG transport.py 558 DEBUG # Configure PAM stack for the sshd service transport.py 558 DEBUG cat > /etc/pam.d/sshd << EOF transport.py 558 DEBUG # PAM configuration for the "sshd" service transport.py 558 DEBUG # transport.py 558 DEBUG transport.py 558 DEBUG # auth transport.py 558 DEBUG auth sufficient pam_opie.so no_warn no_fake_prompts transport.py 558 DEBUG auth requisite pam_opieaccess.so no_warn allow_local transport.py 558 DEBUG #auth sufficient pam_krb5.so no_warn try_first_pass transport.py 558 DEBUG #auth sufficient pam_ssh.so no_warn try_first_pass transport.py 558 DEBUG auth sufficient /usr/local/lib/pam_ldap.so no_warn transport.py 558 DEBUG auth required pam_unix.so no_warn try_first_pass transport.py 558 DEBUG transport.py 558 DEBUG # account transport.py 558 DEBUG account required pam_nologin.so transport.py 558 DEBUG #account required pam_krb5.so transport.py 558 DEBUG account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user transport.py 558 DEBUG account required pam_login_access.so transport.py 558 DEBUG account required pam_unix.so transport.py 558 DEBUG transport.py 558 DEBUG # session transport.py 558 DEBUG #session optional pam_ssh.so want_agent transport.py 558 DEBUG session required pam_permit.so transport.py 558 DEBUG transport.py 558 DEBUG # password transport.py 558 DEBUG #password sufficient pam_krb5.so no_warn try_first_pass transport.py 558 DEBUG password required pam_unix.so no_warn try_first_pass transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Add automated start of nslcd to /etc/rc.conf transport.py 558 DEBUG echo 'nslcd_enable="YES" transport.py 558 DEBUG nslcd_debug="NO"' >> /etc/rc.conf transport.py 558 DEBUG # Configure nslcd.conf: transport.py 558 DEBUG echo "uid nslcd transport.py 558 DEBUG gid nslcd transport.py 558 DEBUG uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG scope sub transport.py 558 DEBUG base group cn=groups,cn=compat,dc=ipa,dc=test transport.py 558 DEBUG base passwd cn=users,cn=compat,dc=ipa,dc=test transport.py 558 DEBUG base shadow cn=users,cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ssl start_tls transport.py 558 DEBUG tls_cacertfile /usr/local/etc/ipa.crt transport.py 558 DEBUG " > /usr/local/etc/nslcd.conf transport.py 558 DEBUG # Configure ldap.conf: transport.py 558 DEBUG echo "uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ssl start_tls transport.py 558 DEBUG tls_cacert /usr/local/etc/ipa.crt"> /usr/local/etc/ldap.conf transport.py 558 DEBUG # Restart nslcd transport.py 558 DEBUG /usr/local/etc/rc.d/nslcd restart transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_GenericNSSPAM 1.64
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-generic-linux-nss-pam-ldapd'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-generic-linux-nss-pam-ldapd'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with nss-pam-ldapd. This set of transport.py 558 DEBUG # instructions is targeted for linux systems that do not include the transport.py 558 DEBUG # authconfig utility. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages using your system's package manager. E.g: transport.py 558 DEBUG apt-get -y install curl openssl libnss-ldapd libpam-ldapd nslcd transport.py 558 DEBUG transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure ldap.conf. Set the value of TLS_CACERTDIR to transport.py 558 DEBUG # /etc/openldap/cacerts. Make sure that the location of ldap.conf file transport.py 558 DEBUG # matches your system's configuration. transport.py 558 DEBUG echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf transport.py 558 DEBUG transport.py 558 DEBUG # Configure nsswitch.conf. Append ldap to the lines beginning with transport.py 558 DEBUG # passwd and group. transport.py 558 DEBUG grep "^passwd.*ldap" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| ldap|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG grep "^group.*ldap" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^group/s|$| ldap|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure PAM. Configuring the PAM stack differs on particular transport.py 558 DEBUG # distributions. The resulting PAM stack should look like this: transport.py 558 DEBUG cat > /etc/pam.conf << EOF transport.py 558 DEBUG auth required pam_env.so transport.py 558 DEBUG auth sufficient pam_unix.so nullok try_first_pass transport.py 558 DEBUG auth requisite pam_succeed_if.so uid >= 500 quiet transport.py 558 DEBUG auth sufficient pam_ldap.so use_first_pass transport.py 558 DEBUG auth required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG account required pam_unix.so broken_shadow transport.py 558 DEBUG account sufficient pam_localuser.so transport.py 558 DEBUG account sufficient pam_succeed_if.so uid < 500 quiet transport.py 558 DEBUG account [default=bad success=ok user_unknown=ignore] pam_ldap.so transport.py 558 DEBUG account required pam_permit.so transport.py 558 DEBUG transport.py 558 DEBUG password requisite pam_cracklib.so try_first_pass retry=3 type= transport.py 558 DEBUG password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok transport.py 558 DEBUG password sufficient pam_ldap.so use_authtok transport.py 558 DEBUG password required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG session optional pam_keyinit.so revoke transport.py 558 DEBUG session required pam_limits.so transport.py 558 DEBUG session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid transport.py 558 DEBUG session required pam_unix.so transport.py 558 DEBUG session optional pam_ldap.so transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Configure nslcd.conf: transport.py 558 DEBUG cat > /etc/nslcd.conf << EOF transport.py 558 DEBUG uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Configure pam_ldap.conf: transport.py 558 DEBUG cat > /etc/pam_ldap.conf << EOF transport.py 558 DEBUG uri ldap://master.ipa.test transport.py 558 DEBUG base cn=compat,dc=ipa,dc=test transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Stop nscd and restart nslcd transport.py 558 DEBUG service nscd stop && service nslcd restart transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_GenericSSSDBefore19 1.38
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-generic-linux-sssd-before-1-9'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-generic-linux-sssd-before-1-9'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with an old version of SSSD transport.py 558 DEBUG # (1.5-1.8) as a FreeIPA client. This set of instructions is targeted transport.py 558 DEBUG # for linux systems that do not include the authconfig utility. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages using your system's package manager. E.g: transport.py 558 DEBUG apt-get -y install sssd curl openssl transport.py 558 DEBUG transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure ldap.conf. Set the value of TLS_CACERTDIR to transport.py 558 DEBUG # /etc/openldap/cacerts. Make sure that the location of ldap.conf file transport.py 558 DEBUG # matches your system's configuration. transport.py 558 DEBUG echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf transport.py 558 DEBUG transport.py 558 DEBUG # Configure nsswitch.conf. Append sss to the lines beginning with passwd transport.py 558 DEBUG # and group. transport.py 558 DEBUG grep "^passwd.*sss" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| sss|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG grep "^group.*sss" /etc/nsswitch.conf transport.py 558 DEBUG if [ $? -ne 0 ] ; then sed -i '/^group/s|$| sss|' /etc/nsswitch.conf ; fi transport.py 558 DEBUG transport.py 558 DEBUG # Configure PAM. Configuring the PAM stack differs on particular transport.py 558 DEBUG # distributions. The resulting PAM stack should look like this: transport.py 558 DEBUG cat > /etc/pam.conf << EOF transport.py 558 DEBUG auth required pam_env.so transport.py 558 DEBUG auth sufficient pam_unix.so nullok try_first_pass transport.py 558 DEBUG auth requisite pam_succeed_if.so uid >= 500 quiet transport.py 558 DEBUG auth sufficient pam_sss.so use_first_pass transport.py 558 DEBUG auth required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG account required pam_unix.so broken_shadow transport.py 558 DEBUG account sufficient pam_localuser.so transport.py 558 DEBUG account sufficient pam_succeed_if.so uid < 500 quiet transport.py 558 DEBUG account [default=bad success=ok user_unknown=ignore] pam_sss.so transport.py 558 DEBUG account required pam_permit.so transport.py 558 DEBUG transport.py 558 DEBUG password requisite pam_cracklib.so try_first_pass retry=3 type= transport.py 558 DEBUG password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok transport.py 558 DEBUG password sufficient pam_sss.so use_authtok transport.py 558 DEBUG password required pam_deny.so transport.py 558 DEBUG transport.py 558 DEBUG session optional pam_keyinit.so revoke transport.py 558 DEBUG session required pam_limits.so transport.py 558 DEBUG session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid transport.py 558 DEBUG session required pam_unix.so transport.py 558 DEBUG session optional pam_sss.so transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG transport.py 558 DEBUG # Configure SSSD transport.py 558 DEBUG cat > /etc/sssd/sssd.conf << EOF transport.py 558 DEBUG [sssd] transport.py 558 DEBUG services = nss, pam transport.py 558 DEBUG config_file_version = 2 transport.py 558 DEBUG domains = default transport.py 558 DEBUG re_expression = (?P<name>.+) transport.py 558 DEBUG transport.py 558 DEBUG [domain/default] transport.py 558 DEBUG cache_credentials = True transport.py 558 DEBUG id_provider = ldap transport.py 558 DEBUG auth_provider = ldap transport.py 558 DEBUG ldap_uri = ldap://master.ipa.test transport.py 558 DEBUG ldap_search_base = cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG chmod 0600 /etc/sssd/sssd.conf transport.py 558 DEBUG transport.py 558 DEBUG # Start SSSD transport.py 558 DEBUG service sssd start transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_RedHatNSS 1.42
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-redhat-nss-ldap'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-redhat-nss-ldap'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with nss-ldap as a FreeIPA transport.py 558 DEBUG # client. This set of instructions is targeted for platforms that transport.py 558 DEBUG # include the authconfig utility, which are all Red Hat based platforms. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages via yum transport.py 558 DEBUG yum install -y curl openssl nss_ldap authconfig transport.py 558 DEBUG transport.py 558 DEBUG # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was transport.py 558 DEBUG # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not transport.py 558 DEBUG # be able to interoperate with IPA server 3.x. transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Use the authconfig to configure nsswitch.conf and the PAM stack transport.py 558 DEBUG authconfig --updateall --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://master.ipa.test --ldapbasedn=cn=compat,dc=ipa,dc=test transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_RedHatNSSPAM 1.58
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-redhat-nss-pam-ldapd'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-redhat-nss-pam-ldapd'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with nss-pam-ldapd as a FreeIPA transport.py 558 DEBUG # client. This set of instructions is targeted for platforms that transport.py 558 DEBUG # include the authconfig utility, which are all Red Hat based platforms. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages via yum transport.py 558 DEBUG yum install -y curl openssl nss-pam-ldapd pam_ldap authconfig transport.py 558 DEBUG transport.py 558 DEBUG # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was transport.py 558 DEBUG # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not transport.py 558 DEBUG # be able to interoperate with IPA server 3.x. transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Use the authconfig to configure nsswitch.conf and the PAM stack transport.py 558 DEBUG authconfig --updateall --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://master.ipa.test --ldapbasedn=cn=compat,dc=ipa,dc=test transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_RedHatSSSDBefore19 1.48
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config-redhat-sssd-before-1-9'] transport.py 513 DEBUG RUN ['ipa-advise', 'config-redhat-sssd-before-1-9'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for configuring a system with an old version of SSSD transport.py 558 DEBUG # (1.5-1.8) as a FreeIPA client. This set of instructions is targeted transport.py 558 DEBUG # for platforms that include the authconfig utility, which are all Red transport.py 558 DEBUG # Hat based platforms. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Schema Compatibility plugin has not been configured on this server. To transport.py 558 DEBUG # configure it, run "ipa-adtrust-install --enable-compat" transport.py 558 DEBUG # Install required packages via yum transport.py 558 DEBUG yum install -y sssd authconfig curl openssl transport.py 558 DEBUG transport.py 558 DEBUG # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was transport.py 558 DEBUG # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not transport.py 558 DEBUG # be able to interoperate with IPA server 3.x. transport.py 558 DEBUG # Please note that this script assumes /etc/openldap/cacerts as the transport.py 558 DEBUG # default CA certificate location. If this value is different on your transport.py 558 DEBUG # system the script needs to be modified accordingly. transport.py 558 DEBUG # Download the CA certificate of the IPA server transport.py 558 DEBUG mkdir -p -m 755 /etc/openldap/cacerts transport.py 558 DEBUG curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG # Generate hashes for the openldap library transport.py 558 DEBUG command -v cacertdir_rehash transport.py 558 DEBUG if [ $? -ne 0 ] ; then transport.py 558 DEBUG curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; transport.py 558 DEBUG chmod 755 ./cacertdir_rehash ; transport.py 558 DEBUG ./cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG else transport.py 558 DEBUG cacertdir_rehash /etc/openldap/cacerts/ ; transport.py 558 DEBUG fi transport.py 558 DEBUG transport.py 558 DEBUG # Use the authconfig to configure nsswitch.conf and the PAM stack transport.py 558 DEBUG authconfig --updateall --enablesssd --enablesssdauth transport.py 558 DEBUG transport.py 558 DEBUG # Configure SSSD transport.py 558 DEBUG cat > /etc/sssd/sssd.conf << EOF transport.py 558 DEBUG [sssd] transport.py 558 DEBUG services = nss, pam transport.py 558 DEBUG config_file_version = 2 transport.py 558 DEBUG domains = default transport.py 558 DEBUG re_expression = (?P<name>.+) transport.py 558 DEBUG transport.py 558 DEBUG [domain/default] transport.py 558 DEBUG cache_credentials = True transport.py 558 DEBUG id_provider = ldap transport.py 558 DEBUG auth_provider = ldap transport.py 558 DEBUG ldap_uri = ldap://master.ipa.test transport.py 558 DEBUG ldap_search_base = cn=compat,dc=ipa,dc=test transport.py 558 DEBUG ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt transport.py 558 DEBUG transport.py 558 DEBUG EOF transport.py 558 DEBUG chmod 0600 /etc/sssd/sssd.conf transport.py 558 DEBUG transport.py 558 DEBUG # Start SSSD transport.py 558 DEBUG service sssd start transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_enable_admins_sudo 1.33
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'enable_admins_sudo'] transport.py 513 DEBUG RUN ['ipa-advise', 'enable_admins_sudo'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for enabling HBAC and unauthenticated SUDO for members of transport.py 558 DEBUG # the admins group. transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Check whether the credential cache is not empty transport.py 558 DEBUG klist transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Credential cache is empty" >&2 transport.py 558 DEBUG echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if ipa hbacrule-show admins_sudo > /dev/null 2>&1 transport.py 558 DEBUG then transport.py 558 DEBUG echo HBAC rule admins_sudo already exists transport.py 558 DEBUG else transport.py 558 DEBUG # Create the HBAC rule for sudo transport.py 558 DEBUG err=$(ipa hbacrule-add --hostcat=all --desc "Allow admins to run sudo on all hosts" admins_sudo 2>&1) transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to add hbac rule: ${err}" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG ipa hbacrule-add-user --groups=admins admins_sudo transport.py 558 DEBUG ipa hbacrule-add-service --hbacsvcs=sudo admins_sudo transport.py 558 DEBUG fi transport.py 558 DEBUG if ipa sudorule-show admins_all > /dev/null 2>&1 transport.py 558 DEBUG then transport.py 558 DEBUG echo SUDO rule admins_all already exists transport.py 558 DEBUG else transport.py 558 DEBUG # Create the SUDO rule for the admins group transport.py 558 DEBUG err=$(ipa sudorule-add --desc "Allow admins to run any command on any host" --hostcat=all --cmdcat=all admins_all 2>&1) transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to add sudo rule: ${err}" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG ipa sudorule-add-user --groups=admins admins_all transport.py 558 DEBUG fi transport.py 217 DEBUG Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_config_server_for_smart_card_auth 143.61
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config_server_for_smart_card_auth'] transport.py 513 DEBUG RUN ['ipa-advise', 'config_server_for_smart_card_auth'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for enabling Smart Card authentication on a single transport.py 558 DEBUG # FreeIPA server. Includes Apache configuration, enabling PKINIT on KDC transport.py 558 DEBUG # and configuring WebUI to accept Smart Card auth requests. To enable transport.py 558 DEBUG # the feature in the whole topology you have to run the script on each transport.py 558 DEBUG # master transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG if [ "$(id -u)" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "This script has to be run as root user" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG SC_CA_CERTS=$@ transport.py 558 DEBUG if [ -z "$SC_CA_CERTS" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG if [ ! -f "$ca_cert" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Invalid CA certificate filename: $ca_cert" >&2 transport.py 558 DEBUG echo "Please check that the path exists and is a valid file" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG done transport.py 558 DEBUG # Check whether the credential cache is not empty transport.py 558 DEBUG klist transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Credential cache is empty" >&2 transport.py 558 DEBUG echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Check whether the host is IPA master transport.py 558 DEBUG ipa server-find $(hostname -f) transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "This script can be run on IPA master only" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # make sure bind-utils are installed so that we can dig for ipa-ca transport.py 558 DEBUG # records transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi bind-utils > /dev/null transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR install -y bind-utils transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to install bind-utils" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # make sure ipa-ca records are resolvable, otherwise error out and transport.py 558 DEBUG # instruct transport.py 558 DEBUG # the user to update the DNS infrastructure transport.py 558 DEBUG ipaca_records=$(dig +short ipa-ca.ipa.test) transport.py 558 DEBUG if [ -z "$ipaca_records" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Can not resolve ipa-ca records for ${domain_name}" >&2 transport.py 558 DEBUG echo "Please make sure to update your DNS infrastructure with " >&2 transport.py 558 DEBUG echo "ipa-ca record pointing to IP addresses of IPA CA masters" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # look for the OCSP directive in ssl.conf transport.py 558 DEBUG # if it is present, switch it on transport.py 558 DEBUG # if it is absent, append it to the end of VirtualHost section transport.py 558 DEBUG if grep -q 'SSLOCSPEnable ' /etc/httpd/conf.d/ssl.conf transport.py 558 DEBUG then transport.py 558 DEBUG sed -i.ipabkp -r 's/^#*[[:space:]]*SSLOCSPEnable[[:space:]]+(on|off)$/SSLOCSPEnable on/' /etc/httpd/conf.d/ssl.conf transport.py 558 DEBUG else transport.py 558 DEBUG sed -i.ipabkp '/<\/VirtualHost>/i SSLOCSPEnable on' /etc/httpd/conf.d/ssl.conf transport.py 558 DEBUG fi transport.py 558 DEBUG # finally restart apache transport.py 558 DEBUG systemctl restart httpd.service transport.py 558 DEBUG # store the OCSP upgrade state transport.py 558 DEBUG /usr/bin/python3 -c 'from ipaserver.install import sysupgrade; sysupgrade.set_upgrade_state("httpd", "ocsp_enabled", True)' transport.py 558 DEBUG # check whether PKINIT is configured on the master transport.py 558 DEBUG if ipa-pkinit-manage status | grep -q 'enabled' transport.py 558 DEBUG then transport.py 558 DEBUG echo "PKINIT already enabled" transport.py 558 DEBUG else transport.py 558 DEBUG ipa-pkinit-manage enable transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to issue PKINIT certificates to local KDC" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG fi transport.py 558 DEBUG # Enable OK-AS-DELEGATE flag on the HTTP principal transport.py 558 DEBUG # This enables smart card login to WebUI transport.py 558 DEBUG output=$(ipa service-mod HTTP/$(hostname -f) --ok-to-auth-as-delegate=True 2>&1) transport.py 558 DEBUG if [ "$?" -ne "0" -a -z "$(echo $output | grep 'no modifications')" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to set OK_AS_AUTH_AS_DELEGATE flag on HTTP principal" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Allow Apache to access SSSD IFP transport.py 558 DEBUG /usr/bin/python3 -c "import SSSDConfig; from ipaclient.install.client import sssd_enable_ifp; from ipaplatform.paths import paths; c = SSSDConfig.SSSDConfig(); c.import_config(); sssd_enable_ifp(c, allow_httpd=True); c.write(paths.SSSD_CONF)" transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to modify SSSD config" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Restart sssd transport.py 558 DEBUG systemctl restart sssd transport.py 558 DEBUG mkdir -p /etc/sssd/pki transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C transport.py 558 DEBUG cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem transport.py 558 DEBUG done transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG ipa-cacert-manage install $ca_cert -t CT,C,C transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to install external CA certificate to IPA" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG done transport.py 558 DEBUG ipa-certupdate transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to update IPA CA certificate database" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG systemctl restart krb5kdc.service transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to restart KDC. Please restart the service manually." >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['mktemp'] transport.py 513 DEBUG RUN ['mktemp'] transport.py 558 DEBUG /tmp/tmp.xXl4sRdNx4 transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /tmp/tmp.xXl4sRdNx4 transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config_server_for_smart_card_auth'] transport.py 513 DEBUG RUN ['ipa-advise', 'config_server_for_smart_card_auth'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for enabling Smart Card authentication on a single transport.py 558 DEBUG # FreeIPA server. Includes Apache configuration, enabling PKINIT on KDC transport.py 558 DEBUG # and configuring WebUI to accept Smart Card auth requests. To enable transport.py 558 DEBUG # the feature in the whole topology you have to run the script on each transport.py 558 DEBUG # master transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG if [ "$(id -u)" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "This script has to be run as root user" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG SC_CA_CERTS=$@ transport.py 558 DEBUG if [ -z "$SC_CA_CERTS" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG if [ ! -f "$ca_cert" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Invalid CA certificate filename: $ca_cert" >&2 transport.py 558 DEBUG echo "Please check that the path exists and is a valid file" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG done transport.py 558 DEBUG # Check whether the credential cache is not empty transport.py 558 DEBUG klist transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Credential cache is empty" >&2 transport.py 558 DEBUG echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Check whether the host is IPA master transport.py 558 DEBUG ipa server-find $(hostname -f) transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "This script can be run on IPA master only" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # make sure bind-utils are installed so that we can dig for ipa-ca transport.py 558 DEBUG # records transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi bind-utils > /dev/null transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR install -y bind-utils transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to install bind-utils" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # make sure ipa-ca records are resolvable, otherwise error out and transport.py 558 DEBUG # instruct transport.py 558 DEBUG # the user to update the DNS infrastructure transport.py 558 DEBUG ipaca_records=$(dig +short ipa-ca.ipa.test) transport.py 558 DEBUG if [ -z "$ipaca_records" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Can not resolve ipa-ca records for ${domain_name}" >&2 transport.py 558 DEBUG echo "Please make sure to update your DNS infrastructure with " >&2 transport.py 558 DEBUG echo "ipa-ca record pointing to IP addresses of IPA CA masters" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # look for the OCSP directive in ssl.conf transport.py 558 DEBUG # if it is present, switch it on transport.py 558 DEBUG # if it is absent, append it to the end of VirtualHost section transport.py 558 DEBUG if grep -q 'SSLOCSPEnable ' /etc/httpd/conf.d/ssl.conf transport.py 558 DEBUG then transport.py 558 DEBUG sed -i.ipabkp -r 's/^#*[[:space:]]*SSLOCSPEnable[[:space:]]+(on|off)$/SSLOCSPEnable on/' /etc/httpd/conf.d/ssl.conf transport.py 558 DEBUG else transport.py 558 DEBUG sed -i.ipabkp '/<\/VirtualHost>/i SSLOCSPEnable on' /etc/httpd/conf.d/ssl.conf transport.py 558 DEBUG fi transport.py 558 DEBUG # finally restart apache transport.py 558 DEBUG systemctl restart httpd.service transport.py 558 DEBUG # store the OCSP upgrade state transport.py 558 DEBUG /usr/bin/python3 -c 'from ipaserver.install import sysupgrade; sysupgrade.set_upgrade_state("httpd", "ocsp_enabled", True)' transport.py 558 DEBUG # check whether PKINIT is configured on the master transport.py 558 DEBUG if ipa-pkinit-manage status | grep -q 'enabled' transport.py 558 DEBUG then transport.py 558 DEBUG echo "PKINIT already enabled" transport.py 558 DEBUG else transport.py 558 DEBUG ipa-pkinit-manage enable transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to issue PKINIT certificates to local KDC" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG fi transport.py 558 DEBUG # Enable OK-AS-DELEGATE flag on the HTTP principal transport.py 558 DEBUG # This enables smart card login to WebUI transport.py 558 DEBUG output=$(ipa service-mod HTTP/$(hostname -f) --ok-to-auth-as-delegate=True 2>&1) transport.py 558 DEBUG if [ "$?" -ne "0" -a -z "$(echo $output | grep 'no modifications')" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to set OK_AS_AUTH_AS_DELEGATE flag on HTTP principal" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Allow Apache to access SSSD IFP transport.py 558 DEBUG /usr/bin/python3 -c "import SSSDConfig; from ipaclient.install.client import sssd_enable_ifp; from ipaplatform.paths import paths; c = SSSDConfig.SSSDConfig(); c.import_config(); sssd_enable_ifp(c, allow_httpd=True); c.write(paths.SSSD_CONF)" transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to modify SSSD config" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Restart sssd transport.py 558 DEBUG systemctl restart sssd transport.py 558 DEBUG mkdir -p /etc/sssd/pki transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C transport.py 558 DEBUG cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem transport.py 558 DEBUG done transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG ipa-cacert-manage install $ca_cert -t CT,C,C transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to install external CA certificate to IPA" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG done transport.py 558 DEBUG ipa-certupdate transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to update IPA CA certificate database" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG systemctl restart krb5kdc.service transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to restart KDC. Please restart the service manually." >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['mktemp'] transport.py 513 DEBUG RUN ['mktemp'] transport.py 558 DEBUG /tmp/tmp.ohJeVotRSw transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /tmp/tmp.ohJeVotRSw transport.py 318 INFO RUN ['sh', '/tmp/tmp.ohJeVotRSw', '/tmp/tmp.xXl4sRdNx4'] transport.py 513 DEBUG RUN ['sh', '/tmp/tmp.ohJeVotRSw', '/tmp/tmp.xXl4sRdNx4'] transport.py 558 DEBUG Ticket cache: KCM:0 transport.py 558 DEBUG Default principal: admin@IPA.TEST transport.py 558 DEBUG transport.py 558 DEBUG Valid starting Expires Service principal transport.py 558 DEBUG 09/04/2019 23:43:52 09/05/2019 23:43:52 krbtgt/IPA.TEST@IPA.TEST transport.py 558 DEBUG -------------------- transport.py 558 DEBUG 1 IPA server matched transport.py 558 DEBUG -------------------- transport.py 558 DEBUG Server name: master.ipa.test transport.py 558 DEBUG Min domain level: 1 transport.py 558 DEBUG Max domain level: 1 transport.py 558 DEBUG ---------------------------- transport.py 558 DEBUG Number of entries returned 1 transport.py 558 DEBUG ---------------------------- transport.py 558 DEBUG The ipa-pkinit-manage command was successful transport.py 558 DEBUG PKINIT already enabled transport.py 558 DEBUG The ipa-cacert-manage command was successful transport.py 558 DEBUG Installing CA certificate, please wait transport.py 558 DEBUG Verified CN=example.test transport.py 558 DEBUG CA certificate successfully installed transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG The ipa-certupdate command was successful transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-f', '/tmp/tmp.ohJeVotRSw'] transport.py 513 DEBUG RUN ['rm', '-f', '/tmp/tmp.ohJeVotRSw'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-f', '/tmp/tmp.xXl4sRdNx4'] transport.py 513 DEBUG RUN ['rm', '-f', '/tmp/tmp.xXl4sRdNx4'] transport.py 217 DEBUG Exit code: 0 transport.py 284 DEBUG READ /etc/sssd/sssd.conf
Passed test_integration/test_advise.py::TestAdvice::()::test_advice_config_client_for_smart_card_auth 23.52
------------------------------ Captured log call -------------------------------
transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config_client_for_smart_card_auth'] transport.py 513 DEBUG RUN ['ipa-advise', 'config_client_for_smart_card_auth'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for enabling Smart Card authentication on a single transport.py 558 DEBUG # FreeIPA client. Configures Smart Card daemon, set the system-wide transport.py 558 DEBUG # trust store and configures SSSD to allow smart card logins to desktop transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG if [ "$(id -u)" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "This script has to be run as root user" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG SC_CA_CERTS=$@ transport.py 558 DEBUG if [ -z "$SC_CA_CERTS" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG if [ ! -f "$ca_cert" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Invalid CA certificate filename: $ca_cert" >&2 transport.py 558 DEBUG echo "Please check that the path exists and is a valid file" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG done transport.py 558 DEBUG # Check whether the credential cache is not empty transport.py 558 DEBUG klist transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Credential cache is empty" >&2 transport.py 558 DEBUG echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi pam_pkcs11 > /dev/null transport.py 558 DEBUG if [ "$?" -eq "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR remove -y pam_pkcs11 || exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Could not remove pam_pkcs11 package" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # authconfig often complains about missing dconf, install it explicitly transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi opensc dconf > /dev/null transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR install -y opensc dconf transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Could not install OpenSC package" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi krb5-pkinit-openssl > /dev/null transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR install -y krb5-pkinit-openssl transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to install Kerberos client PKINIT extensions." >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG systemctl start pcscd.service pcscd.socket && systemctl enable pcscd.service pcscd.socket transport.py 558 DEBUG if modutil -dbdir /etc/pki/nssdb -list | grep -q OpenSC transport.py 558 DEBUG then transport.py 558 DEBUG echo "OpenSC PKCS#11 module already configured" transport.py 558 DEBUG else transport.py 558 DEBUG echo "" | modutil -dbdir /etc/pki/nssdb -add "OpenSC" -libfile /usr/lib64/opensc-pkcs11.so transport.py 558 DEBUG fi transport.py 558 DEBUG mkdir -p /etc/sssd/pki transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C transport.py 558 DEBUG cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem transport.py 558 DEBUG done transport.py 558 DEBUG ipa-certupdate transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to update IPA CA certificate database" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG authselect enable-feature with-smartcard transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to configure Smart Card authentication in SSSD" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Set pam_cert_auth=True in /etc/sssd/sssd.conf transport.py 558 DEBUG /usr/bin/python3 -c 'from SSSDConfig import SSSDConfig; c = SSSDConfig(); c.import_config(); c.set("pam", "pam_cert_auth", "True"); c.write()' transport.py 558 DEBUG systemctl restart sssd.service transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['mktemp'] transport.py 513 DEBUG RUN ['mktemp'] transport.py 558 DEBUG /tmp/tmp.iDdT0VFpAN transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /tmp/tmp.iDdT0VFpAN transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['ipa-advise', 'config_client_for_smart_card_auth'] transport.py 513 DEBUG RUN ['ipa-advise', 'config_client_for_smart_card_auth'] transport.py 558 DEBUG #!/bin/sh transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG # Instructions for enabling Smart Card authentication on a single transport.py 558 DEBUG # FreeIPA client. Configures Smart Card daemon, set the system-wide transport.py 558 DEBUG # trust store and configures SSSD to allow smart card logins to desktop transport.py 558 DEBUG # ---------------------------------------------------------------------- transport.py 558 DEBUG if [ "$(id -u)" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "This script has to be run as root user" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG SC_CA_CERTS=$@ transport.py 558 DEBUG if [ -z "$SC_CA_CERTS" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG if [ ! -f "$ca_cert" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Invalid CA certificate filename: $ca_cert" >&2 transport.py 558 DEBUG echo "Please check that the path exists and is a valid file" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG done transport.py 558 DEBUG # Check whether the credential cache is not empty transport.py 558 DEBUG klist transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Credential cache is empty" >&2 transport.py 558 DEBUG echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi pam_pkcs11 > /dev/null transport.py 558 DEBUG if [ "$?" -eq "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR remove -y pam_pkcs11 || exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Could not remove pam_pkcs11 package" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # authconfig often complains about missing dconf, install it explicitly transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi opensc dconf > /dev/null transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR install -y opensc dconf transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Could not install OpenSC package" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG if which yum >/dev/null transport.py 558 DEBUG then transport.py 558 DEBUG PKGMGR=yum transport.py 558 DEBUG else transport.py 558 DEBUG PKGMGR=dnf transport.py 558 DEBUG fi transport.py 558 DEBUG rpm -qi krb5-pkinit-openssl > /dev/null transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG $PKGMGR install -y krb5-pkinit-openssl transport.py 558 DEBUG fi transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to install Kerberos client PKINIT extensions." >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG systemctl start pcscd.service pcscd.socket && systemctl enable pcscd.service pcscd.socket transport.py 558 DEBUG if modutil -dbdir /etc/pki/nssdb -list | grep -q OpenSC transport.py 558 DEBUG then transport.py 558 DEBUG echo "OpenSC PKCS#11 module already configured" transport.py 558 DEBUG else transport.py 558 DEBUG echo "" | modutil -dbdir /etc/pki/nssdb -add "OpenSC" -libfile /usr/lib64/opensc-pkcs11.so transport.py 558 DEBUG fi transport.py 558 DEBUG mkdir -p /etc/sssd/pki transport.py 558 DEBUG for ca_cert in $SC_CA_CERTS transport.py 558 DEBUG do transport.py 558 DEBUG certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C transport.py 558 DEBUG cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem transport.py 558 DEBUG done transport.py 558 DEBUG ipa-certupdate transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to update IPA CA certificate database" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG authselect enable-feature with-smartcard transport.py 558 DEBUG if [ "$?" -ne "0" ] transport.py 558 DEBUG then transport.py 558 DEBUG echo "Failed to configure Smart Card authentication in SSSD" >&2 transport.py 558 DEBUG exit 1 transport.py 558 DEBUG fi transport.py 558 DEBUG # Set pam_cert_auth=True in /etc/sssd/sssd.conf transport.py 558 DEBUG /usr/bin/python3 -c 'from SSSDConfig import SSSDConfig; c = SSSDConfig(); c.import_config(); c.set("pam", "pam_cert_auth", "True"); c.write()' transport.py 558 DEBUG systemctl restart sssd.service transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin@IPA.TEST: transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['mktemp'] transport.py 513 DEBUG RUN ['mktemp'] transport.py 558 DEBUG /tmp/tmp.fmeKw42YiX transport.py 217 DEBUG Exit code: 0 transport.py 293 INFO WRITE /tmp/tmp.fmeKw42YiX transport.py 318 INFO RUN ['sh', '/tmp/tmp.fmeKw42YiX', '/tmp/tmp.iDdT0VFpAN'] transport.py 513 DEBUG RUN ['sh', '/tmp/tmp.fmeKw42YiX', '/tmp/tmp.iDdT0VFpAN'] transport.py 558 DEBUG Ticket cache: KCM:0 transport.py 558 DEBUG Default principal: admin@IPA.TEST transport.py 558 DEBUG transport.py 558 DEBUG Valid starting Expires Service principal transport.py 558 DEBUG 09/04/2019 23:46:22 09/05/2019 23:46:22 krbtgt/IPA.TEST@IPA.TEST transport.py 558 DEBUG Last metadata expiration check: 0:08:13 ago on Wed 04 Sep 2019 11:38:10 PM UTC. transport.py 558 DEBUG Package dconf-0.32.0-1.fc30.x86_64 is already installed. transport.py 558 DEBUG Dependencies resolved. transport.py 558 DEBUG ================================================================================ transport.py 558 DEBUG Package Architecture Version Repository Size transport.py 558 DEBUG ================================================================================ transport.py 558 DEBUG Installing: transport.py 558 DEBUG opensc x86_64 0.19.0-6.fc30 fedora 1.1 M transport.py 558 DEBUG Installing dependencies: transport.py 558 DEBUG pcsc-lite-ccid x86_64 1.4.31-1.fc30 updates 309 k transport.py 558 DEBUG pcsc-lite x86_64 1.8.25-1.fc30 fedora 92 k transport.py 558 DEBUG pcsc-lite-libs x86_64 1.8.25-1.fc30 fedora 29 k transport.py 558 DEBUG transport.py 558 DEBUG Transaction Summary transport.py 558 DEBUG ================================================================================ transport.py 558 DEBUG Install 4 Packages transport.py 558 DEBUG transport.py 558 DEBUG Total download size: 1.5 M transport.py 558 DEBUG Installed size: 5.9 M transport.py 558 DEBUG Downloading Packages: transport.py 558 DEBUG (1/4): pcsc-lite-ccid-1.4.31-1.fc30.x86_64.rpm 1.1 MB/s | 309 kB 00:00 transport.py 558 DEBUG (2/4): pcsc-lite-1.8.25-1.fc30.x86_64.rpm 205 kB/s | 92 kB 00:00 transport.py 558 DEBUG (3/4): pcsc-lite-libs-1.8.25-1.fc30.x86_64.rpm 113 kB/s | 29 kB 00:00 transport.py 558 DEBUG (4/4): opensc-0.19.0-6.fc30.x86_64.rpm 638 kB/s | 1.1 MB 00:01 transport.py 558 DEBUG -------------------------------------------------------------------------------- transport.py 558 DEBUG Total 658 kB/s | 1.5 MB 00:02 transport.py 558 DEBUG Running transaction check transport.py 558 DEBUG Transaction check succeeded. transport.py 558 DEBUG Running transaction test transport.py 558 DEBUG Transaction test succeeded. transport.py 558 DEBUG Running transaction transport.py 558 DEBUG Preparing : 1/1 transport.py 558 DEBUG Installing : pcsc-lite-libs-1.8.25-1.fc30.x86_64 1/4 transport.py 558 DEBUG Installing : pcsc-lite-1.8.25-1.fc30.x86_64 2/4 transport.py 558 DEBUG Running scriptlet: pcsc-lite-1.8.25-1.fc30.x86_64 2/4 transport.py 558 DEBUG Installing : pcsc-lite-ccid-1.4.31-1.fc30.x86_64 3/4 transport.py 558 DEBUG Running scriptlet: pcsc-lite-ccid-1.4.31-1.fc30.x86_64 3/4 transport.py 558 DEBUG Installing : opensc-0.19.0-6.fc30.x86_64 4/4 transport.py 558 DEBUG Running scriptlet: opensc-0.19.0-6.fc30.x86_64 4/4 transport.py 558 DEBUG Verifying : pcsc-lite-ccid-1.4.31-1.fc30.x86_64 1/4 transport.py 558 DEBUG Verifying : opensc-0.19.0-6.fc30.x86_64 2/4 transport.py 558 DEBUG Verifying : pcsc-lite-1.8.25-1.fc30.x86_64 3/4 transport.py 558 DEBUG Verifying : pcsc-lite-libs-1.8.25-1.fc30.x86_64 4/4 transport.py 558 DEBUG transport.py 558 DEBUG Installed: transport.py 558 DEBUG opensc-0.19.0-6.fc30.x86_64 pcsc-lite-ccid-1.4.31-1.fc30.x86_64 transport.py 558 DEBUG pcsc-lite-1.8.25-1.fc30.x86_64 pcsc-lite-libs-1.8.25-1.fc30.x86_64 transport.py 558 DEBUG transport.py 558 DEBUG Complete! transport.py 558 DEBUG Last metadata expiration check: 0:08:22 ago on Wed 04 Sep 2019 11:38:10 PM UTC. transport.py 558 DEBUG Package krb5-pkinit-1.17-14.fc30.x86_64 is already installed. transport.py 558 DEBUG Dependencies resolved. transport.py 558 DEBUG Nothing to do. transport.py 558 DEBUG Complete! transport.py 558 DEBUG transport.py 558 DEBUG WARNING: Performing this operation while the browser is running could cause transport.py 558 DEBUG corruption of your security databases. If the browser is currently running, transport.py 558 DEBUG you should exit browser before continuing this operation. Type transport.py 558 DEBUG 'q <enter>' to abort, or <enter> to continue: transport.py 558 DEBUG transport.py 558 DEBUG WARNING: Manually adding a module while p11-kit is enabled could cause transport.py 558 DEBUG duplicate module registration in your security database. It is suggested transport.py 558 DEBUG to configure the module through p11-kit configuration file instead. transport.py 558 DEBUG transport.py 558 DEBUG Type 'q <enter>' to abort, or <enter> to continue: transport.py 558 DEBUG ERROR: Failed to add module "OpenSC". Probable cause : "Unknown PKCS #11 error.". transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG Systemwide CA database updated. transport.py 558 DEBUG The ipa-certupdate command was successful transport.py 558 DEBUG Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. transport.py 558 DEBUG transport.py 558 DEBUG - with-smartcard is selected, make sure smartcard authentication is enabled in sssd.conf: transport.py 558 DEBUG - set "pam_cert_auth = True" in [pam] section transport.py 558 DEBUG transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-f', '/tmp/tmp.fmeKw42YiX'] transport.py 513 DEBUG RUN ['rm', '-f', '/tmp/tmp.fmeKw42YiX'] transport.py 217 DEBUG Exit code: 0 transport.py 318 INFO RUN ['rm', '-f', '/tmp/tmp.iDdT0VFpAN'] transport.py 513 DEBUG RUN ['rm', '-f', '/tmp/tmp.iDdT0VFpAN'] transport.py 217 DEBUG Exit code: 0