report.html

Report generated on 06-Jan-2020 at 13:03:13 by pytest-html v2.0.0

Environment

Packages {'pytest': '5.2.2', 'py': '1.7.0', 'pluggy': '0.13.0'}
Platform Linux-5.3.8-200.fc30.x86_64-x86_64-with-fedora-30-Thirty
Plugins {'metadata': '1.8.0', 'html': '2.0.0', 'sourceorder': '0.5', 'multihost': '3.0'}
Python 3.7.5

Summary

10 tests ran in 695.20 seconds.

10 passed, 0 skipped, 0 failed, 0 errors, 0 expected failures, 0 unexpected passes

Results

Result Test Duration Links
Passed test_integration/test_advise.py::TestAdvice::test_invalid_advice 0.92
-----------------------------Captured stdout setup------------------------------
<ipatests.pytest_ipa.integration.config.Config object at 0x7f80ecd187d0>
-----------------------------Captured stderr setup------------------------------
[ipatests.pytest_ipa.integration.host.Host.client0.cmd7] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['kinit', 'admin'] [ipatests.pytest_ipa.integration.host.Host.master.cmd29] RUN ['kinit', 'admin'] [ipatests.pytest_ipa.integration.host.Host.master.cmd29] Password for admin@IPA.TEST: [ipatests.pytest_ipa.integration.host.Host.master.cmd29] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['ipa', 'dnsconfig-mod', '--allow-sync-ptr=true'] [ipatests.pytest_ipa.integration.host.Host.master.cmd30] RUN ['ipa', 'dnsconfig-mod', '--allow-sync-ptr=true'] [ipatests.pytest_ipa.integration.host.Host.master.cmd30] Allow PTR sync: TRUE [ipatests.pytest_ipa.integration.host.Host.master.cmd30] IPA DNS servers: master.ipa.test [ipatests.pytest_ipa.integration.host.Host.master.cmd30] Exit code: 0 [ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport] RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] [ipatests.pytest_ipa.integration.host.Host.master.cmd31] RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] [ipatests.pytest_ipa.integration.host.Host.master.cmd31] ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists [ipatests.pytest_ipa.integration.host.Host.master.cmd31] Exit code: 1 ipa: WARNING: ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists
-------------------------------Captured log setup-------------------------------
INFO ipatests.pytest_ipa.integration:__init__.py:267 Preparing host client0.ipa.test INFO paramiko.transport:transport.py:1760 Connected (version 2.0, client OpenSSH_8.0) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:247 Authenticating with private RSA key using user root INFO paramiko.transport:transport.py:1760 Authentication (publickey) successful! INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd1:transport.py:513 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd1:transport.py:558 -bash: line 1: cd: /ipatests: No such file or directory DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd1:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding client0.ipa.test:/ipatests/env.sh to list of logs to collect DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /ipatests INFO paramiko.transport.sftp:sftp.py:158 [chan 1] Opened sftp connection (server version 3) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT / INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:312 MKDIR /ipatests INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:293 WRITE /ipatests/env.sh INFO ipatests.pytest_ipa.integration:__init__.py:267 Preparing host master.ipa.test INFO paramiko.transport:transport.py:1760 Connected (version 2.0, client OpenSSH_8.0) DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:247 Authenticating with private RSA key using user root INFO paramiko.transport:transport.py:1760 Authentication (publickey) successful! INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd1:transport.py:513 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd1:transport.py:558 -bash: line 1: cd: /ipatests: No such file or directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd1:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/ipatests/env.sh to list of logs to collect DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /ipatests INFO paramiko.transport.sftp:sftp.py:158 [chan 1] Opened sftp connection (server version 3) DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT / INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:312 MKDIR /ipatests INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:293 WRITE /ipatests/env.sh INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/errors to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/dirsrv/slapd-IPA-TEST/access to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipaserver-install.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipaserver-uninstall.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipaclient-install.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipareplica-install.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipareplica-conncheck.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipareplica-ca-install.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipaserver-kra-install.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipa-custodia.audit.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipaclient-uninstall.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/iparestore.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/ipabackup.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/kadmind.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/krb5kdc.log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/httpd/error_log to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/pki/ to list of logs to collect INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/audit/audit.log to list of logs to collect INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd2:transport.py:513 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd2:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/ipatests/env.sh to list of logs to collect DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /ipatests INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:293 WRITE /ipatests/env.sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /etc/hostname DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /ipatests/file_backup/etc DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /ipatests/file_backup DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /ipatests INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:312 MKDIR /ipatests/file_backup INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:312 MKDIR /ipatests/file_backup/etc INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd3:transport.py:513 RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd3:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:293 WRITE /etc/hostname INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['hostname', 'master.ipa.test'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd4:transport.py:513 RUN ['hostname', 'master.ipa.test'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd4:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN hostname > '/ipatests/backup_hostname' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd5:transport.py:513 RUN hostname > '/ipatests/backup_hostname' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd5:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:513 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:38369 0.0.0.0:* DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:50796 0.0.0.0:* users:(("rpc.statd",pid=2017,fd=9)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=1593,fd=7)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2016,fd=5),("systemd",pid=1,fd=79)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=525,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:58237 0.0.0.0:* users:(("rpcbind",pid=2016,fd=10)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 127.0.0.1:922 0.0.0.0:* users:(("rpc.statd",pid=2017,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 [::]:34127 [::]:* DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=2016,fd=7),("systemd",pid=1,fd=81)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 [::]:55524 [::]:* users:(("rpcbind",pid=2016,fd=11)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=525,fd=6)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 udp UNCONN 0 0 [::]:59818 [::]:* users:(("rpc.statd",pid=2017,fd=11)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 128 0.0.0.0:44619 0.0.0.0:* users:(("rpc.statd",pid=2017,fd=10)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2016,fd=4),("systemd",pid=1,fd=78)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=557,fd=3)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 64 0.0.0.0:34077 0.0.0.0:* DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp ESTAB 0 0 192.168.121.70:22 192.168.121.1:43248 users:(("sshd",pid=2143,fd=5),("sshd",pid=2141,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp ESTAB 0 0 192.168.121.70:927 192.168.121.1:2049 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp ESTAB 0 0 192.168.121.70:22 192.168.121.208:35922 users:(("sshd",pid=16846,fd=5),("sshd",pid=16844,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=2016,fd=6),("systemd",pid=1,fd=80)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 64 [::]:46675 [::]:* DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 128 [::]:43859 [::]:* users:(("rpc.statd",pid=2017,fd=12)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:558 tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=557,fd=4)) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd6:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd7:transport.py:513 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd7:transport.py:558 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd7:transport.py:217 Exit code: 0 DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /bin/systemctl INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['systemctl', 'stop', 'httpd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd8:transport.py:513 RUN ['systemctl', 'stop', 'httpd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd8:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd9:transport.py:513 RUN for line in `ipcs -s | grep apache | cut -d " " -f 2`; do ipcrm -s $line; done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd9:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['systemctl', 'unmask', 'firewalld'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd10:transport.py:513 RUN ['systemctl', 'unmask', 'firewalld'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd10:transport.py:558 Removed /etc/systemd/system/firewalld.service. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd10:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['systemctl', 'enable', 'firewalld'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd11:transport.py:513 RUN ['systemctl', 'enable', 'firewalld'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd11:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['systemctl', 'start', 'firewalld'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd12:transport.py:513 RUN ['systemctl', 'start', 'firewalld'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd12:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:513 RUN ['ipa-server-install', '-n', 'ipa.test', '-r', 'IPA.TEST', '-p', 'Secret.123', '-a', 'Secret.123', '--domain-level=1', '-U', '--setup-dns', '--forwarder', '192.168.121.1', '--auto-reverse'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Checking DNS domain ipa.test., please wait ... DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Checking DNS domain 121.168.192.in-addr.arpa., please wait ... DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Reverse zone 121.168.192.in-addr.arpa. will be created DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Synchronizing time DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 No SRV records of NTP servers found and no NTP server or pool address was provided. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Attempting to sync time with chronyc. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Process chronyc waitsync failed to sync time! DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 The log file for this installation can be found in /var/log/ipaserver-install.log DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 ============================================================================== DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 This program will set up the FreeIPA Server. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Version 4.8.4.dev DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 This includes: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Configure a stand-alone CA (dogtag) for certificate management DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Configure the NTP client (chronyd) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Create and configure an instance of Directory Server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Create and configure a Kerberos Key Distribution Center (KDC) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Configure Apache (httpd) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Configure DNS (bind) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * Configure the KDC to enable PKINIT DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Warning: skipping DNS resolution of host master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Checking DNS forwarders, please wait ... DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Using reverse zone(s) 121.168.192.in-addr.arpa. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 The IPA Master Server will be configured with: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Hostname: master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 IP address(es): 192.168.121.70 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Domain name: ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Realm name: IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 The CA will be configured with: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Subject DN: CN=Certificate Authority,O=IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Subject base: O=IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Chaining: self-signed DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 BIND DNS server will be configured to serve IPA domain with: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Forwarders: 192.168.121.1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Forward policy: only DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Reverse zone(s): 121.168.192.in-addr.arpa. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Disabled p11-kit-proxy DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Using default chrony configuration. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Warning: IPA was unable to sync time with chrony! DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Time synchronization is required for IPA to work correctly DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring directory server (dirsrv). Estimated time: 30 seconds DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/44]: creating directory server instance DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/44]: configure autobind for root DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/44]: stopping directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/44]: updating configuration in dse.ldif DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/44]: starting directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/44]: adding default schema DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/44]: enabling memberof plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [8/44]: enabling winsync plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [9/44]: configure password logging DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [10/44]: configuring replication version plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [11/44]: enabling IPA enrollment plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [12/44]: configuring uniqueness plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [13/44]: configuring uuid plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [14/44]: configuring modrdn plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [15/44]: configuring DNS plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [16/44]: enabling entryUSN plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [17/44]: configuring lockout plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [18/44]: configuring topology plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [19/44]: creating indices DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [20/44]: enabling referential integrity plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [21/44]: configuring certmap.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [22/44]: configure new location for managed entries DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [23/44]: configure dirsrv ccache and keytab DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [24/44]: enabling SASL mapping fallback DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [25/44]: restarting directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [26/44]: adding sasl mappings to the directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [27/44]: adding default layout DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [28/44]: adding delegation layout DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [29/44]: creating container for managed entries DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [30/44]: configuring user private groups DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [31/44]: configuring netgroups from hostgroups DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [32/44]: creating default Sudo bind user DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [33/44]: creating default Auto Member layout DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [34/44]: adding range check plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [35/44]: creating default HBAC rule allow_all DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [36/44]: adding entries for topology management DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [37/44]: initializing group membership DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [38/44]: adding master entry DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [39/44]: initializing domain level DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [40/44]: configuring Posix uid/gid generation DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [41/44]: adding replication acis DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [42/44]: activating sidgen plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [43/44]: activating extdom plugin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [44/44]: configuring directory to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring directory server (dirsrv). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring Kerberos KDC (krb5kdc) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/10]: adding kerberos container to the directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/10]: configuring KDC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/10]: initialize kerberos container DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/10]: adding default ACIs DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/10]: creating a keytab for the directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/10]: creating a keytab for the machine DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/10]: adding the password extension to the directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [8/10]: creating anonymous principal DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [9/10]: starting the KDC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [10/10]: configuring KDC to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring Kerberos KDC (krb5kdc). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring kadmin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/2]: starting kadmin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/2]: configuring kadmin to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring kadmin. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring ipa-custodia DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/5]: Making sure custodia container exists DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/5]: Generating ipa-custodia config file DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/5]: Generating ipa-custodia keys DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/5]: starting ipa-custodia DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/5]: configuring ipa-custodia to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring ipa-custodia. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/29]: configuring certificate server instance DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/29]: Add ipa-pki-wait-running DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/29]: reindex attributes DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/29]: exporting Dogtag certificate store pin DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/29]: stopping certificate server instance to update CS.cfg DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/29]: backing up CS.cfg DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/29]: disabling nonces DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [8/29]: set up CRL publishing DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [9/29]: enable PKIX certificate path discovery and validation DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [10/29]: starting certificate server instance DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [11/29]: configure certmonger for renewals DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [12/29]: requesting RA certificate from CA DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [13/29]: setting audit signing renewal to 2 years DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [14/29]: restarting certificate server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [15/29]: publishing the CA certificate DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [16/29]: adding RA agent as a trusted user DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [17/29]: authorizing RA to modify profiles DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [18/29]: authorizing RA to manage lightweight CAs DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [19/29]: Ensure lightweight CAs container exists DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [20/29]: configure certificate renewals DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [21/29]: Configure HTTP to proxy connections DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [22/29]: restarting certificate server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [23/29]: updating IPA configuration DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [24/29]: enabling CA instance DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [25/29]: migrating certificate profiles to LDAP DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [26/29]: importing IPA certificate profiles DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [27/29]: adding default CA ACL DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [28/29]: adding 'ipa' CA entry DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [29/29]: configuring certmonger renewal for lightweight CAs DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring certificate server (pki-tomcatd). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring directory server (dirsrv) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/3]: configuring TLS for DS instance DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/3]: adding CA certificate entry DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/3]: restarting directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring directory server (dirsrv). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring ipa-otpd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/2]: starting ipa-otpd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/2]: configuring ipa-otpd to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring ipa-otpd. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring the web interface (httpd) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/21]: stopping httpd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/21]: backing up ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/21]: disabling nss.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/21]: configuring mod_ssl certificate paths DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/21]: setting mod_ssl protocol list DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/21]: configuring mod_ssl log directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/21]: disabling mod_ssl OCSP DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [8/21]: adding URL rewriting rules DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [9/21]: configuring httpd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [10/21]: setting up httpd keytab DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [11/21]: configuring Gssproxy DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [12/21]: setting up ssl DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [13/21]: configure certmonger for renewals DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [14/21]: publish CA cert DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [15/21]: clean up any existing httpd ccaches DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [16/21]: configuring SELinux for httpd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [17/21]: create KDC proxy config DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [18/21]: enable KDC proxy DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [19/21]: starting httpd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [20/21]: configuring httpd to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [21/21]: enabling oddjobd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring the web interface (httpd). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring Kerberos KDC (krb5kdc) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/1]: installing X509 Certificate for PKINIT DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring Kerberos KDC (krb5kdc). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Applying LDAP updates DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Upgrading IPA:. Estimated time: 1 minute 30 seconds DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/11]: stopping directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/11]: saving configuration DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/11]: disabling listeners DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/11]: enabling DS global lock DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/11]: disabling Schema Compat DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/11]: starting directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/11]: updating schema DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [8/11]: upgrading server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [9/11]: stopping directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [10/11]: restoring configuration DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [11/11]: starting directory server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Restarting the KDC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring DNS (named) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/12]: generating rndc key file DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/12]: adding DNS container DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/12]: setting up our zone DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/12]: setting up reverse zone DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/12]: setting up our own record DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/12]: setting up records for other masters DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/12]: adding NS record to the zones DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [8/12]: setting up kerberos principal DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [9/12]: setting up named.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [10/12]: setting up server configuration DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [11/12]: configuring named to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [12/12]: changing resolv.conf to point to ourselves DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring DNS (named). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Restarting the web server to pick up resolv.conf changes DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring DNS key synchronization service (ipa-dnskeysyncd) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [1/7]: checking status DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [2/7]: setting up bind-dyndb-ldap working directory DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [3/7]: setting up kerberos principal DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [4/7]: setting up SoftHSM DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [5/7]: adding DNSSEC containers DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [6/7]: creating replica keys DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 [7/7]: configuring ipa-dnskeysyncd to start on boot DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Done configuring DNS key synchronization service (ipa-dnskeysyncd). DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Restarting ipa-dnskeysyncd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Restarting named DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Updating DNS system records DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring client side components DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Using existing certificate '/etc/ipa/ca.crt'. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Client hostname: master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Realm: IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DNS Domain: ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 IPA Server: master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 BaseDN: dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configured sudoers in /etc/authselect/user-nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configured /etc/sssd/sssd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Systemwide CA database updated. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 SSSD enabled DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configured /etc/openldap/ldap.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configured /etc/ssh/ssh_config DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configured /etc/ssh/sshd_config DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Configuring ipa.test as NIS domain. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Client configuration complete. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 The ipa-client-install command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 This program will set up FreeIPA client. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Version 4.8.4.dev DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 The ipa-server-install command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 ============================================================================== DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Setup complete DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Next steps: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 1. You must make sure these network ports are open: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 TCP Ports: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 80, 443: HTTP/HTTPS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 389, 636: LDAP/LDAPS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 88, 464: kerberos DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 53: bind DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 UDP Ports: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 88, 464: kerberos DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 53: bind DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 * 123: ntp DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 2. You can now obtain a kerberos ticket using the command: 'kinit admin' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 This ticket will allow you to use the IPA tools (e.g., ipa user-add) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 and the web user interface. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 Be sure to back up the CA certificates stored in /root/cacert.p12 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 These files are required to create replicas. The password for these DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:558 files is the Directory Manager password DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd13:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd14:transport.py:513 RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd14:transport.py:558 success DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd14:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns', '--permanent'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd15:transport.py:513 RUN ['firewall-cmd', '--add-service', 'freeipa-ldap', '--add-service', 'freeipa-ldaps', '--add-service', 'dns', '--permanent'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd15:transport.py:558 success DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd15:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.tasks:tasks.py:303 Set LDAP debug level INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ldapmodify', '-x', '-D', 'cn=Directory Manager', '-w', 'Secret.123'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd16:transport.py:513 RUN ['ldapmodify', '-x', '-D', 'cn=Directory Manager', '-w', 'Secret.123'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd16:transport.py:558 modifying entry "cn=config" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd16:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd16:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd17:transport.py:513 RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd17:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd18:transport.py:513 RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd18:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding master.ipa.test:/var/log/sssd to list of logs to collect DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:301 STAT /bin/systemctl INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['systemctl', 'stop', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd19:transport.py:513 RUN ['systemctl', 'stop', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd19:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:513 RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:558 removed '/var/lib/sss/db/config.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:558 removed '/var/lib/sss/db/timestamps_ipa.test.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:558 removed '/var/lib/sss/db/cache_implicit_files.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:558 removed '/var/lib/sss/db/timestamps_implicit_files.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:558 removed '/var/lib/sss/db/cache_ipa.test.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:558 removed '/var/lib/sss/db/sssd.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd20:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['rm', '-fv', '/var/lib/sss/mc/group'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd21:transport.py:513 RUN ['rm', '-fv', '/var/lib/sss/mc/group'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd21:transport.py:558 removed '/var/lib/sss/mc/group' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd21:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd22:transport.py:513 RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd22:transport.py:558 removed '/var/lib/sss/mc/passwd' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd22:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['systemctl', 'start', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd23:transport.py:513 RUN ['systemctl', 'start', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd23:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd24:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd24:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd24:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa', 'dnszone-mod', 'ipa.test', '--default-ttl', '1', '--ttl', '1'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:513 RUN ['ipa', 'dnszone-mod', 'ipa.test', '--default-ttl', '1', '--ttl', '1'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 ipa: WARNING: Service named-pkcs11.service requires restart on IPA server <all IPA DNS servers> to apply configuration changes. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Zone name: ipa.test. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Active zone: TRUE DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Authoritative nameserver: master.ipa.test. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Administrator e-mail address: hostmaster.ipa.test. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 SOA serial: 1578315494 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 SOA refresh: 3600 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 SOA retry: 900 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 SOA expire: 1209600 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 SOA minimum: 3600 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Time to live: 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Default time to live: 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Allow query: any; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:558 Allow transfer: none; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd25:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'client0.ipa.test.'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd26:transport.py:513 RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'client0.ipa.test.'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd26:transport.py:558 ipa: ERROR: client0.ipa.test.: DNS resource record not found DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd26:transport.py:217 Exit code: 2 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa', 'dnsrecord-add', 'ipa.test', 'client0.ipa.test.', '--a-rec', '192.168.121.22'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd27:transport.py:513 RUN ['ipa', 'dnsrecord-add', 'ipa.test', 'client0.ipa.test.', '--a-rec', '192.168.121.22'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd27:transport.py:558 Record name: client0 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd27:transport.py:558 A record: 192.168.121.22 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd27:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'master.ipa.test.'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd28:transport.py:513 RUN ['ipa', 'dnsrecord-show', 'ipa.test', 'master.ipa.test.'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd28:transport.py:558 Record name: master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd28:transport.py:558 A record: 192.168.121.70 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd28:transport.py:558 SSHFP record: 1 1 19C5309CCE2795702930CB2487BDDCFE4E1D5E1B, 1 2 C067F48AE2DE5339E471423456B7BAF42B23FCA9569148604B694987 FEEFE701, 3 1 D7082EC1F45B8C93D9854C8F79346EE8A873B7DA, 3 2 1F785A5FE2AE698D82173F885FC05431358CDD23FF7E23B59CEA2313 6CB8F397, 4 1 B2A54A51928C3617AED0CF25DE3FC31218FED409, 4 2 2F2DAAACEEAF1FD01DA80D31920DB437738250BF36B8255E895BB4FC 65EAFC1C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd28:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.tasks:tasks.py:1271 Installing client <Host master.ipa.test (master)> on <Host client0.ipa.test (client)> INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding client0.ipa.test:/var/log/ipaclient-install.log to list of logs to collect INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd2:transport.py:513 RUN ['true'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd2:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding client0.ipa.test:/ipatests/env.sh to list of logs to collect DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /ipatests INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:293 WRITE /ipatests/env.sh DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /etc/hostname DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /ipatests/file_backup/etc DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /ipatests/file_backup DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /ipatests INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:312 MKDIR /ipatests/file_backup INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:312 MKDIR /ipatests/file_backup/etc INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd3:transport.py:513 RUN ['cp', '-af', '/etc/hostname', '/ipatests/file_backup/etc/hostname'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd3:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:293 WRITE /etc/hostname INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['hostname', 'client0.ipa.test'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd4:transport.py:513 RUN ['hostname', 'client0.ipa.test'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd4:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN hostname > '/ipatests/backup_hostname' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd5:transport.py:513 RUN hostname > '/ipatests/backup_hostname' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd5:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:513 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp ESTAB 0 0 192.168.121.22:56967 72.30.35.89:123 users:(("chronyd",pid=512,fd=8)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 127.0.0.1:909 0.0.0.0:* users:(("rpc.statd",pid=2005,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:59319 0.0.0.0:* users:(("rpcbind",pid=2004,fd=10)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=1581,fd=7)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:47210 0.0.0.0:* users:(("rpc.statd",pid=2005,fd=9)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2004,fd=5),("systemd",pid=1,fd=92)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 0.0.0.0:39095 0.0.0.0:* DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=512,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp ESTAB 0 0 192.168.121.22:59829 45.76.244.193:123 users:(("chronyd",pid=512,fd=4)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 [::]:53998 [::]:* users:(("rpcbind",pid=2004,fd=11)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=2004,fd=7),("systemd",pid=1,fd=94)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 [::]:34974 [::]:* users:(("rpc.statd",pid=2005,fd=11)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 [::]:46342 [::]:* DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=512,fd=6)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=545,fd=3)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 64 0.0.0.0:44057 0.0.0.0:* DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 128 0.0.0.0:59105 0.0.0.0:* users:(("rpc.statd",pid=2005,fd=10)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=2004,fd=4),("systemd",pid=1,fd=91)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp TIME-WAIT 0 0 192.168.121.22:55216 52.219.73.23:80 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp ESTAB 0 0 192.168.121.22:22 192.168.121.208:37426 users:(("sshd",pid=16833,fd=5),("sshd",pid=16831,fd=5)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=545,fd=4)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 64 [::]:37379 [::]:* DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 128 [::]:48493 [::]:* users:(("rpc.statd",pid=2005,fd=12)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:558 tcp LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=2004,fd=6),("systemd",pid=1,fd=93)) DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd6:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd7:transport.py:513 RUN ['ss', '--all', '--tcp', '--udp', '--numeric', '--processes', '-o', 'state', 'all', '( sport = :749 or dport = :749 or sport = :464 or dport = :464 )'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd7:transport.py:558 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd7:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd29:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd29:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd29:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa', 'dnsconfig-mod', '--allow-sync-ptr=true'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd30:transport.py:513 RUN ['ipa', 'dnsconfig-mod', '--allow-sync-ptr=true'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd30:transport.py:558 Allow PTR sync: TRUE DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd30:transport.py:558 IPA DNS servers: master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd30:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd31:transport.py:513 RUN ['ipa', 'dnszone-add', '121.168.192.in-addr.arpa.'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd31:transport.py:558 ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd31:transport.py:217 Exit code: 1 WARNING ipatests.pytest_ipa.integration.tasks:tasks.py:149 ipa: ERROR: DNS zone with name "121.168.192.in-addr.arpa." already exists INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['ipa-client-install', '--domain', 'ipa.test', '--realm', 'IPA.TEST', '-p', 'admin', '-w', 'Secret.123', '--server', 'master.ipa.test', '-U'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:513 RUN ['ipa-client-install', '--domain', 'ipa.test', '--realm', 'IPA.TEST', '-p', 'admin', '-w', 'Secret.123', '--server', 'master.ipa.test', '-U'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Client hostname: client0.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Realm: IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 DNS Domain: ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 IPA Server: master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 BaseDN: dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Synchronizing time DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 No SRV records of NTP servers found and no NTP server or pool address was provided. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Attempting to sync time with chronyc. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Process chronyc waitsync failed to sync time! DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Successfully retrieved CA cert DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Subject: CN=Certificate Authority,O=IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Issuer: CN=Certificate Authority,O=IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Valid From: 2020-01-06 12:53:34 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Valid Until: 2040-01-06 12:53:34 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Enrolled in IPA realm IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Created /etc/ipa/default.conf DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configured sudoers in /etc/authselect/user-nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configured /etc/sssd/sssd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configured /etc/krb5.conf for IPA realm IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Systemwide CA database updated. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Hostname (client0.ipa.test) does not have A/AAAA record. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Failed to update DNS records. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Missing A/AAAA record(s) for host client0.ipa.test: 192.168.121.22. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Missing reverse record(s) for address(es): 192.168.121.22. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Could not update DNS SSHFP records. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 SSSD enabled DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configured /etc/openldap/ldap.conf DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configured /etc/ssh/ssh_config DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configured /etc/ssh/sshd_config DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Configuring ipa.test as NIS domain. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Client configuration complete. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 The ipa-client-install command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 This program will set up FreeIPA client. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Version 4.8.4.dev DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:558 Using default chrony configuration. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd8:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd9:transport.py:513 RUN ['sed', '-i', '/debug_level = 7/d', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd9:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd10:transport.py:513 RUN ['sed', '-i', '/\\[*\\]/ a\\debug_level = 7', '/etc/sssd/sssd.conf'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd10:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration:__init__.py:261 Adding client0.ipa.test:/var/log/sssd to list of logs to collect DEBUG ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:301 STAT /bin/systemctl INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['systemctl', 'stop', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd11:transport.py:513 RUN ['systemctl', 'stop', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd11:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:513 RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:558 removed '/var/lib/sss/db/config.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:558 removed '/var/lib/sss/db/timestamps_ipa.test.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:558 removed '/var/lib/sss/db/cache_implicit_files.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:558 removed '/var/lib/sss/db/timestamps_implicit_files.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:558 removed '/var/lib/sss/db/cache_ipa.test.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:558 removed '/var/lib/sss/db/sssd.ldb' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd12:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['rm', '-fv', '/var/lib/sss/mc/group'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd13:transport.py:513 RUN ['rm', '-fv', '/var/lib/sss/mc/group'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd13:transport.py:558 removed '/var/lib/sss/mc/group' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd13:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd14:transport.py:513 RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd14:transport.py:558 removed '/var/lib/sss/mc/passwd' DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd14:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['systemctl', 'start', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd15:transport.py:513 RUN ['systemctl', 'start', 'sssd'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd15:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd16:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd16:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd16:transport.py:217 Exit code: 0
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd32:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd32:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd32:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'invalid-advise-param'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd33:transport.py:513 RUN ['ipa-advise', 'invalid-advise-param'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd33:transport.py:558 invalid 'advice': No instructions are available for 'invalid-advise-param'. See the list of available configuration by invoking the ipa-advise command with no argument. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd33:transport.py:558 The ipa-advise command failed. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd33:transport.py:217 Exit code: 1
Passed test_integration/test_advise.py::TestAdvice::test_advice_FreeBSDNSSPAM 1.13
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd38:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd38:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd38:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config-freebsd-nss-pam-ldapd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:513 RUN ['ipa-advise', 'config-freebsd-nss-pam-ldapd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Instructions for configuring a FreeBSD system with nss-pam-ldapd. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Schema Compatibility plugin has not been configured on this server. To DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # configure it, run "ipa-adtrust-install --enable-compat" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Install required packages DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 pkg_add -r nss-pam-ldapd curl DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Download the CA certificate of the IPA server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 curl -k https://master.ipa.test/ipa/config/ca.crt > /usr/local/etc/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Configure nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 sed -i '' -e 's/^passwd:/passwd: files ldap/' /etc/nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 sed -i '' -e 's/^group:/group: files ldap/' /etc/nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Configure PAM stack for the sshd service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 cat > /etc/pam.d/sshd << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # PAM configuration for the "sshd" service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # auth DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 auth sufficient pam_opie.so no_warn no_fake_prompts DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 auth requisite pam_opieaccess.so no_warn allow_local DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 #auth sufficient pam_krb5.so no_warn try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 #auth sufficient pam_ssh.so no_warn try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 auth sufficient /usr/local/lib/pam_ldap.so no_warn DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 auth required pam_unix.so no_warn try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # account DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 account required pam_nologin.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 #account required pam_krb5.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 account required pam_login_access.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 account required pam_unix.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # session DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 #session optional pam_ssh.so want_agent DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 session required pam_permit.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # password DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 #password sufficient pam_krb5.so no_warn try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 password required pam_unix.so no_warn try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Add automated start of nslcd to /etc/rc.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 echo 'nslcd_enable="YES" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 nslcd_debug="NO"' >> /etc/rc.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Configure nslcd.conf: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 echo "uid nslcd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 gid nslcd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 uri ldap://master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 base cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 scope sub DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 base group cn=groups,cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 base passwd cn=users,cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 base shadow cn=users,cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 ssl start_tls DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 tls_cacertfile /usr/local/etc/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 " > /usr/local/etc/nslcd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Configure ldap.conf: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 echo "uri ldap://master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 base cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 ssl start_tls DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 tls_cacert /usr/local/etc/ipa.crt"> /usr/local/etc/ldap.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 # Restart nslcd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:558 /usr/local/etc/rc.d/nslcd restart DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd39:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_GenericNSSPAM 1.09
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd44:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd44:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd44:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config-generic-linux-nss-pam-ldapd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:513 RUN ['ipa-advise', 'config-generic-linux-nss-pam-ldapd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Instructions for configuring a system with nss-pam-ldapd. This set of DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # instructions is targeted for linux systems that do not include the DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # authconfig utility. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Schema Compatibility plugin has not been configured on this server. To DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # configure it, run "ipa-adtrust-install --enable-compat" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Install required packages using your system's package manager. E.g: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 apt-get -y install curl openssl libnss-ldapd libpam-ldapd nslcd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Please note that this script assumes /etc/openldap/cacerts as the DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # default CA certificate location. If this value is different on your DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # system the script needs to be modified accordingly. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Download the CA certificate of the IPA server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 mkdir -p -m 755 /etc/openldap/cacerts DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Generate hashes for the openldap library DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 command -v cacertdir_rehash DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 if [ $? -ne 0 ] ; then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 chmod 755 ./cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 ./cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Configure ldap.conf. Set the value of TLS_CACERTDIR to DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # /etc/openldap/cacerts. Make sure that the location of ldap.conf file DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # matches your system's configuration. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Configure nsswitch.conf. Append ldap to the lines beginning with DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # passwd and group. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 grep "^passwd.*ldap" /etc/nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| ldap|' /etc/nsswitch.conf ; fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 grep "^group.*ldap" /etc/nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 if [ $? -ne 0 ] ; then sed -i '/^group/s|$| ldap|' /etc/nsswitch.conf ; fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Configure PAM. Configuring the PAM stack differs on particular DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # distributions. The resulting PAM stack should look like this: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 cat > /etc/pam.conf << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 auth required pam_env.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 auth sufficient pam_unix.so nullok try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 auth requisite pam_succeed_if.so uid >= 500 quiet DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 auth sufficient pam_ldap.so use_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 auth required pam_deny.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 account required pam_unix.so broken_shadow DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 account sufficient pam_localuser.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 account sufficient pam_succeed_if.so uid < 500 quiet DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 account [default=bad success=ok user_unknown=ignore] pam_ldap.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 account required pam_permit.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 password requisite pam_cracklib.so try_first_pass retry=3 type= DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 password sufficient pam_ldap.so use_authtok DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 password required pam_deny.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 session optional pam_keyinit.so revoke DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 session required pam_limits.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 session required pam_unix.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 session optional pam_ldap.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Configure nslcd.conf: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 cat > /etc/nslcd.conf << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 uri ldap://master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 base cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Configure pam_ldap.conf: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 cat > /etc/pam_ldap.conf << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 uri ldap://master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 base cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 # Stop nscd and restart nslcd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:558 service nscd stop && service nslcd restart DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd45:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_GenericSSSDBefore19 1.11
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd50:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd50:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd50:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config-generic-linux-sssd-before-1-9'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:513 RUN ['ipa-advise', 'config-generic-linux-sssd-before-1-9'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Instructions for configuring a system with an old version of SSSD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # (1.5-1.8) as a FreeIPA client. This set of instructions is targeted DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # for linux systems that do not include the authconfig utility. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Schema Compatibility plugin has not been configured on this server. To DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # configure it, run "ipa-adtrust-install --enable-compat" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Install required packages using your system's package manager. E.g: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 apt-get -y install sssd curl openssl DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Please note that this script assumes /etc/openldap/cacerts as the DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # default CA certificate location. If this value is different on your DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # system the script needs to be modified accordingly. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Download the CA certificate of the IPA server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 mkdir -p -m 755 /etc/openldap/cacerts DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Generate hashes for the openldap library DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 command -v cacertdir_rehash DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 if [ $? -ne 0 ] ; then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 chmod 755 ./cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 ./cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Configure ldap.conf. Set the value of TLS_CACERTDIR to DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # /etc/openldap/cacerts. Make sure that the location of ldap.conf file DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # matches your system's configuration. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Configure nsswitch.conf. Append sss to the lines beginning with passwd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # and group. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 grep "^passwd.*sss" /etc/nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| sss|' /etc/nsswitch.conf ; fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 grep "^group.*sss" /etc/nsswitch.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 if [ $? -ne 0 ] ; then sed -i '/^group/s|$| sss|' /etc/nsswitch.conf ; fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Configure PAM. Configuring the PAM stack differs on particular DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # distributions. The resulting PAM stack should look like this: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 cat > /etc/pam.conf << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 auth required pam_env.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 auth sufficient pam_unix.so nullok try_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 auth requisite pam_succeed_if.so uid >= 500 quiet DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 auth sufficient pam_sss.so use_first_pass DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 auth required pam_deny.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 account required pam_unix.so broken_shadow DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 account sufficient pam_localuser.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 account sufficient pam_succeed_if.so uid < 500 quiet DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 account [default=bad success=ok user_unknown=ignore] pam_sss.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 account required pam_permit.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 password requisite pam_cracklib.so try_first_pass retry=3 type= DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 password sufficient pam_sss.so use_authtok DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 password required pam_deny.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 session optional pam_keyinit.so revoke DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 session required pam_limits.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 session required pam_unix.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 session optional pam_sss.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Configure SSSD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 cat > /etc/sssd/sssd.conf << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 [sssd] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 services = nss, pam DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 config_file_version = 2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 domains = default DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 re_expression = (?P<name>.+) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 [domain/default] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 cache_credentials = True DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 id_provider = ldap DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 auth_provider = ldap DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 ldap_uri = ldap://master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 ldap_search_base = cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 chmod 0600 /etc/sssd/sssd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 # Start SSSD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:558 service sssd start DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd51:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_RedHatNSS 1.03
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd56:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd56:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd56:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config-redhat-nss-ldap'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:513 RUN ['ipa-advise', 'config-redhat-nss-ldap'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Instructions for configuring a system with nss-ldap as a FreeIPA DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # client. This set of instructions is targeted for platforms that DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # include the authconfig utility, which are all Red Hat based platforms. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Schema Compatibility plugin has not been configured on this server. To DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # configure it, run "ipa-adtrust-install --enable-compat" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Install required packages via yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 yum install -y curl openssl nss_ldap authconfig DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # be able to interoperate with IPA server 3.x. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Please note that this script assumes /etc/openldap/cacerts as the DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # default CA certificate location. If this value is different on your DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # system the script needs to be modified accordingly. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Download the CA certificate of the IPA server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 mkdir -p -m 755 /etc/openldap/cacerts DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Generate hashes for the openldap library DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 command -v cacertdir_rehash DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 if [ $? -ne 0 ] ; then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 chmod 755 ./cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 ./cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 # Use the authconfig to configure nsswitch.conf and the PAM stack DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 authconfig --updateall --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://master.ipa.test --ldapbasedn=cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd57:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_RedHatNSSPAM 1.10
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd62:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd62:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd62:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config-redhat-nss-pam-ldapd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:513 RUN ['ipa-advise', 'config-redhat-nss-pam-ldapd'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Instructions for configuring a system with nss-pam-ldapd as a FreeIPA DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # client. This set of instructions is targeted for platforms that DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # include the authconfig utility, which are all Red Hat based platforms. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Schema Compatibility plugin has not been configured on this server. To DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # configure it, run "ipa-adtrust-install --enable-compat" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Install required packages via yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 yum install -y curl openssl nss-pam-ldapd pam_ldap authconfig DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # be able to interoperate with IPA server 3.x. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Please note that this script assumes /etc/openldap/cacerts as the DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # default CA certificate location. If this value is different on your DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # system the script needs to be modified accordingly. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Download the CA certificate of the IPA server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 mkdir -p -m 755 /etc/openldap/cacerts DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Generate hashes for the openldap library DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 command -v cacertdir_rehash DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 if [ $? -ne 0 ] ; then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 chmod 755 ./cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 ./cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 # Use the authconfig to configure nsswitch.conf and the PAM stack DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 authconfig --updateall --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://master.ipa.test --ldapbasedn=cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd63:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_RedHatSSSDBefore19 1.09
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd68:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd68:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd68:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config-redhat-sssd-before-1-9'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:513 RUN ['ipa-advise', 'config-redhat-sssd-before-1-9'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Instructions for configuring a system with an old version of SSSD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # (1.5-1.8) as a FreeIPA client. This set of instructions is targeted DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # for platforms that include the authconfig utility, which are all Red DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Hat based platforms. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Schema Compatibility plugin has not been configured on this server. To DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # configure it, run "ipa-adtrust-install --enable-compat" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Install required packages via yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 yum install -y sssd authconfig curl openssl DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # NOTE: IPA certificate uses the SHA-256 hash function. SHA-256 was DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # introduced in RHEL5.2. Therefore, clients older than RHEL5.2 will not DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # be able to interoperate with IPA server 3.x. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Please note that this script assumes /etc/openldap/cacerts as the DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # default CA certificate location. If this value is different on your DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # system the script needs to be modified accordingly. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Download the CA certificate of the IPA server DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 mkdir -p -m 755 /etc/openldap/cacerts DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 curl http://master.ipa.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Generate hashes for the openldap library DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 command -v cacertdir_rehash DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 if [ $? -ne 0 ] ; then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 chmod 755 ./cacertdir_rehash ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 ./cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 cacertdir_rehash /etc/openldap/cacerts/ ; DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Use the authconfig to configure nsswitch.conf and the PAM stack DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 authconfig --updateall --enablesssd --enablesssdauth DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Configure SSSD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 cat > /etc/sssd/sssd.conf << EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 [sssd] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 services = nss, pam DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 config_file_version = 2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 domains = default DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 re_expression = (?P<name>.+) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 [domain/default] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 cache_credentials = True DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 id_provider = ldap DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 auth_provider = ldap DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 ldap_uri = ldap://master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 ldap_search_base = cn=compat,dc=ipa,dc=test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 EOF DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 chmod 0600 /etc/sssd/sssd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 # Start SSSD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:558 service sssd start DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd69:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_enable_admins_sudo 1.05
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd74:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd74:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd74:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'enable_admins_sudo'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:513 RUN ['ipa-advise', 'enable_admins_sudo'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # Instructions for enabling HBAC and unauthenticated SUDO for members of DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # the admins group. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # Check whether the credential cache is not empty DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 klist DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 echo "Credential cache is empty" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 if ipa hbacrule-show admins_sudo > /dev/null 2>&1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 echo HBAC rule admins_sudo already exists DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # Create the HBAC rule for sudo DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 err=$(ipa hbacrule-add --hostcat=all --desc "Allow admins to run sudo on all hosts" admins_sudo 2>&1) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 echo "Failed to add hbac rule: ${err}" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 ipa hbacrule-add-user --groups=admins admins_sudo DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 ipa hbacrule-add-service --hbacsvcs=sudo admins_sudo DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 if ipa sudorule-show admins_all > /dev/null 2>&1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 echo SUDO rule admins_all already exists DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 # Create the SUDO rule for the admins group DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 err=$(ipa sudorule-add --desc "Allow admins to run any command on any host" --hostcat=all --cmdcat=all admins_all 2>&1) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 echo "Failed to add sudo rule: ${err}" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 ipa sudorule-add-user --groups=admins admins_all DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd75:transport.py:217 Exit code: 0
Passed test_integration/test_advise.py::TestAdvice::test_advice_config_server_for_smart_card_auth 113.99
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd80:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd80:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd80:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config_server_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:513 RUN ['ipa-advise', 'config_server_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # Instructions for enabling Smart Card authentication on a single DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # FreeIPA server. Includes Apache configuration, enabling PKINIT on KDC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # and configuring WebUI to accept Smart Card auth requests. To enable DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # the feature in the whole topology you have to run the script on each DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$(id -u)" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "This script has to be run as root user" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 SC_CA_CERTS=$@ DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ -z "$SC_CA_CERTS" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ ! -f "$ca_cert" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Invalid CA certificate filename: $ca_cert" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Please check that the path exists and is a valid file" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # Check whether the credential cache is not empty DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 klist DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Credential cache is empty" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # Check whether the host is IPA master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 ipa server-find $(hostname -f) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "This script can be run on IPA master only" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # make sure bind-utils are installed so that we can dig for ipa-ca DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # records DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 rpm -qi bind-utils > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 $PKGMGR install -y bind-utils DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to install bind-utils" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # make sure ipa-ca records are resolvable, otherwise error out and DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # instruct DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # the user to update the DNS infrastructure DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 ipaca_records=$(dig +short ipa-ca.ipa.test) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ -z "$ipaca_records" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Can not resolve ipa-ca records for ${domain_name}" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Please make sure to update your DNS infrastructure with " >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "ipa-ca record pointing to IP addresses of IPA CA masters" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # look for the OCSP directive in ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # if it is present, switch it on DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # if it is absent, append it to the end of VirtualHost section DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if grep -q 'SSLOCSPEnable ' /etc/httpd/conf.d/ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 sed -i.ipabkp -r 's/^#*[[:space:]]*SSLOCSPEnable[[:space:]]+(on|off)$/SSLOCSPEnable on/' /etc/httpd/conf.d/ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 sed -i.ipabkp '/<\/VirtualHost>/i SSLOCSPEnable on' /etc/httpd/conf.d/ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # finally restart apache DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 systemctl restart httpd.service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # store the OCSP upgrade state DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 /usr/bin/python3 -c 'from ipaserver.install import sysupgrade; sysupgrade.set_upgrade_state("httpd", "ocsp_enabled", True)' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # check whether PKINIT is configured on the master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if ipa-pkinit-manage status | grep -q 'enabled' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "PKINIT already enabled" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 ipa-pkinit-manage enable DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to issue PKINIT certificates to local KDC" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # Enable OK-AS-DELEGATE flag on the HTTP principal DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # This enables smart card login to WebUI DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 output=$(ipa service-mod HTTP/$(hostname -f) --ok-to-auth-as-delegate=True 2>&1) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" -a -z "$(echo $output | grep 'no modifications')" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to set OK_AS_AUTH_AS_DELEGATE flag on HTTP principal" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # Allow Apache to access SSSD IFP DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 /usr/bin/python3 -c "import SSSDConfig; from ipaclient.install.client import sssd_enable_ifp; from ipaplatform.paths import paths; c = SSSDConfig.SSSDConfig(); c.import_config(); sssd_enable_ifp(c, allow_httpd=True); c.write(paths.SSSD_CONF)" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to modify SSSD config" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 # Restart sssd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 systemctl restart sssd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 mkdir -p /etc/sssd/pki DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 ipa-cacert-manage install $ca_cert -t CT,C,C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to install external CA certificate to IPA" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 ipa-certupdate DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to update IPA CA certificate database" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 systemctl restart krb5kdc.service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 echo "Failed to restart KDC. Please restart the service manually." >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd81:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd82:transport.py:513 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd82:transport.py:558 /tmp/tmp.gPt535oqfs DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd82:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:293 WRITE /tmp/tmp.gPt535oqfs INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd83:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd83:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd83:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config_server_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:513 RUN ['ipa-advise', 'config_server_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # Instructions for enabling Smart Card authentication on a single DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # FreeIPA server. Includes Apache configuration, enabling PKINIT on KDC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # and configuring WebUI to accept Smart Card auth requests. To enable DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # the feature in the whole topology you have to run the script on each DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$(id -u)" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "This script has to be run as root user" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 SC_CA_CERTS=$@ DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ -z "$SC_CA_CERTS" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ ! -f "$ca_cert" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Invalid CA certificate filename: $ca_cert" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Please check that the path exists and is a valid file" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # Check whether the credential cache is not empty DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 klist DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Credential cache is empty" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # Check whether the host is IPA master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 ipa server-find $(hostname -f) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "This script can be run on IPA master only" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # make sure bind-utils are installed so that we can dig for ipa-ca DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # records DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 rpm -qi bind-utils > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 $PKGMGR install -y bind-utils DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to install bind-utils" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # make sure ipa-ca records are resolvable, otherwise error out and DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # instruct DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # the user to update the DNS infrastructure DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 ipaca_records=$(dig +short ipa-ca.ipa.test) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ -z "$ipaca_records" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Can not resolve ipa-ca records for ${domain_name}" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Please make sure to update your DNS infrastructure with " >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "ipa-ca record pointing to IP addresses of IPA CA masters" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # look for the OCSP directive in ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # if it is present, switch it on DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # if it is absent, append it to the end of VirtualHost section DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if grep -q 'SSLOCSPEnable ' /etc/httpd/conf.d/ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 sed -i.ipabkp -r 's/^#*[[:space:]]*SSLOCSPEnable[[:space:]]+(on|off)$/SSLOCSPEnable on/' /etc/httpd/conf.d/ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 sed -i.ipabkp '/<\/VirtualHost>/i SSLOCSPEnable on' /etc/httpd/conf.d/ssl.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # finally restart apache DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 systemctl restart httpd.service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # store the OCSP upgrade state DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 /usr/bin/python3 -c 'from ipaserver.install import sysupgrade; sysupgrade.set_upgrade_state("httpd", "ocsp_enabled", True)' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # check whether PKINIT is configured on the master DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if ipa-pkinit-manage status | grep -q 'enabled' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "PKINIT already enabled" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 ipa-pkinit-manage enable DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to issue PKINIT certificates to local KDC" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # Enable OK-AS-DELEGATE flag on the HTTP principal DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # This enables smart card login to WebUI DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 output=$(ipa service-mod HTTP/$(hostname -f) --ok-to-auth-as-delegate=True 2>&1) DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" -a -z "$(echo $output | grep 'no modifications')" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to set OK_AS_AUTH_AS_DELEGATE flag on HTTP principal" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # Allow Apache to access SSSD IFP DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 /usr/bin/python3 -c "import SSSDConfig; from ipaclient.install.client import sssd_enable_ifp; from ipaplatform.paths import paths; c = SSSDConfig.SSSDConfig(); c.import_config(); sssd_enable_ifp(c, allow_httpd=True); c.write(paths.SSSD_CONF)" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to modify SSSD config" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 # Restart sssd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 systemctl restart sssd DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 mkdir -p /etc/sssd/pki DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 ipa-cacert-manage install $ca_cert -t CT,C,C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to install external CA certificate to IPA" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 ipa-certupdate DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to update IPA CA certificate database" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 systemctl restart krb5kdc.service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 echo "Failed to restart KDC. Please restart the service manually." >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd84:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd85:transport.py:513 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd85:transport.py:558 /tmp/tmp.YmSQf54UQH DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd85:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:293 WRITE /tmp/tmp.YmSQf54UQH INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['sh', '/tmp/tmp.YmSQf54UQH', '/tmp/tmp.gPt535oqfs'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:513 RUN ['sh', '/tmp/tmp.YmSQf54UQH', '/tmp/tmp.gPt535oqfs'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Ticket cache: KCM:0 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Default principal: admin@IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Valid starting Expires Service principal DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 01/06/2020 12:59:40 01/07/2020 12:59:40 krbtgt/IPA.TEST@IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 -------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 1 IPA server matched DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 -------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Server name: master.ipa.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Min domain level: 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Max domain level: 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 ---------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Number of entries returned 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 ---------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 The ipa-pkinit-manage command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 PKINIT already enabled DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 The ipa-cacert-manage command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Installing CA certificate, please wait DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Verified CN=example.test DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 CA certificate successfully installed DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Systemwide CA database updated. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 Systemwide CA database updated. DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:558 The ipa-certupdate command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd86:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['rm', '-f', '/tmp/tmp.YmSQf54UQH'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd87:transport.py:513 RUN ['rm', '-f', '/tmp/tmp.YmSQf54UQH'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd87:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['rm', '-f', '/tmp/tmp.gPt535oqfs'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd88:transport.py:513 RUN ['rm', '-f', '/tmp/tmp.gPt535oqfs'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd88:transport.py:217 Exit code: 0 DEBUG ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:284 READ /etc/sssd/sssd.conf
Passed test_integration/test_advise.py::TestAdvice::test_advice_config_client_for_smart_card_auth 19.43
-------------------------------Captured log call--------------------------------
INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd93:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd93:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd93:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config_client_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:513 RUN ['ipa-advise', 'config_client_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # Instructions for enabling Smart Card authentication on a single DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # FreeIPA client. Configures Smart Card daemon, set the system-wide DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # trust store and configures SSSD to allow smart card logins to desktop DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$(id -u)" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "This script has to be run as root user" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 SC_CA_CERTS=$@ DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ -z "$SC_CA_CERTS" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ ! -f "$ca_cert" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Invalid CA certificate filename: $ca_cert" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Please check that the path exists and is a valid file" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # Check whether the credential cache is not empty DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 klist DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Credential cache is empty" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 rpm -qi pam_pkcs11 > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -eq "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 $PKGMGR remove -y pam_pkcs11 || exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Could not remove pam_pkcs11 package" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # authconfig often complains about missing dconf, install it explicitly DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 rpm -qi opensc dconf > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 $PKGMGR install -y opensc dconf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Could not install OpenSC package" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 rpm -qi krb5-pkinit-openssl > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 $PKGMGR install -y krb5-pkinit-openssl DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Failed to install Kerberos client PKINIT extensions." >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 systemctl start pcscd.service pcscd.socket && systemctl enable pcscd.service pcscd.socket DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if modutil -dbdir /etc/pki/nssdb -list | grep -q OpenSC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "OpenSC PKCS#11 module already configured" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "" | modutil -dbdir /etc/pki/nssdb -add "OpenSC" -libfile /usr/lib64/opensc-pkcs11.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 mkdir -p /etc/sssd/pki DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 ipa-certupdate DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Failed to update IPA CA certificate database" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # Use either authselect or authconfig to enable Smart Card DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # authentication DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ -f /usr/bin/authselect ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 AUTHCMD="authselect enable-feature with-smartcard" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 AUTHCMD="authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=1 --updateall" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 $AUTHCMD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 echo "Failed to configure Smart Card authentication in SSSD" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # Set pam_cert_auth=True in /etc/sssd/sssd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 # This step is required only when authselect is used DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 if [ -f /usr/bin/authselect ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 /usr/bin/python3 -c 'from SSSDConfig import SSSDConfig; c = SSSDConfig(); c.import_config(); c.set("pam", "pam_cert_auth", "True"); c.write()' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:558 systemctl restart sssd.service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd94:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd53:transport.py:513 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd53:transport.py:558 /tmp/tmp.7U7e4oJFDx DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd53:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:293 WRITE /tmp/tmp.7U7e4oJFDx INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd95:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd95:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd95:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.master.ParamikoTransport:transport.py:318 RUN ['ipa-advise', 'config_client_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:513 RUN ['ipa-advise', 'config_client_for_smart_card_auth'] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 #!/bin/sh DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # Instructions for enabling Smart Card authentication on a single DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # FreeIPA client. Configures Smart Card daemon, set the system-wide DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # trust store and configures SSSD to allow smart card logins to desktop DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # ---------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$(id -u)" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "This script has to be run as root user" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 SC_CA_CERTS=$@ DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ -z "$SC_CA_CERTS" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "You need to provide one or more paths to the PEM files containing CAs signing the Smart Cards" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ ! -f "$ca_cert" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Invalid CA certificate filename: $ca_cert" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Please check that the path exists and is a valid file" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # Check whether the credential cache is not empty DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 klist DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Credential cache is empty" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Use kinit as privileged user to obtain Kerberos credentials" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 rpm -qi pam_pkcs11 > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -eq "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 $PKGMGR remove -y pam_pkcs11 || exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Could not remove pam_pkcs11 package" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # authconfig often complains about missing dconf, install it explicitly DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 rpm -qi opensc dconf > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 $PKGMGR install -y opensc dconf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Could not install OpenSC package" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if which yum >/dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 PKGMGR=yum DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 PKGMGR=dnf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 rpm -qi krb5-pkinit-openssl > /dev/null DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 $PKGMGR install -y krb5-pkinit-openssl DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Failed to install Kerberos client PKINIT extensions." >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 systemctl start pcscd.service pcscd.socket && systemctl enable pcscd.service pcscd.socket DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if modutil -dbdir /etc/pki/nssdb -list | grep -q OpenSC DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "OpenSC PKCS#11 module already configured" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "" | modutil -dbdir /etc/pki/nssdb -add "OpenSC" -libfile /usr/lib64/opensc-pkcs11.so DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 mkdir -p /etc/sssd/pki DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 for ca_cert in $SC_CA_CERTS DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 do DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 certutil -d /etc/pki/nssdb -A -i $ca_cert -n "Smart Card CA $(uuidgen)" -t CT,C,C DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 cat $ca_cert >> /etc/sssd/pki/sssd_auth_ca_db.pem DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 done DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 ipa-certupdate DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Failed to update IPA CA certificate database" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # Use either authselect or authconfig to enable Smart Card DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # authentication DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ -f /usr/bin/authselect ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 AUTHCMD="authselect enable-feature with-smartcard" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 else DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 AUTHCMD="authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=1 --updateall" DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 $AUTHCMD DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ "$?" -ne "0" ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 echo "Failed to configure Smart Card authentication in SSSD" >&2 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 exit 1 DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # Set pam_cert_auth=True in /etc/sssd/sssd.conf DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 # This step is required only when authselect is used DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 if [ -f /usr/bin/authselect ] DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 then DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 /usr/bin/python3 -c 'from SSSDConfig import SSSDConfig; c = SSSDConfig(); c.import_config(); c.set("pam", "pam_cert_auth", "True"); c.write()' DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 fi DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:558 systemctl restart sssd.service DEBUG ipatests.pytest_ipa.integration.host.Host.master.cmd96:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd54:transport.py:513 RUN ['kinit', 'admin'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd54:transport.py:558 Password for admin@IPA.TEST: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd54:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd55:transport.py:513 RUN ['mktemp'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd55:transport.py:558 /tmp/tmp.XCeIXnayZJ DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd55:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:293 WRITE /tmp/tmp.XCeIXnayZJ INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['sh', '/tmp/tmp.XCeIXnayZJ', '/tmp/tmp.7U7e4oJFDx'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:513 RUN ['sh', '/tmp/tmp.XCeIXnayZJ', '/tmp/tmp.7U7e4oJFDx'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Ticket cache: KCM:0 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Default principal: admin@IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Valid starting Expires Service principal DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 01/06/2020 13:01:39 01/07/2020 13:01:39 krbtgt/IPA.TEST@IPA.TEST DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Last metadata expiration check: 0:04:12 ago on Mon 06 Jan 2020 12:57:29 PM UTC. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Package dconf-0.32.0-1.fc30.x86_64 is already installed. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Dependencies resolved. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 ================================================================================ DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Package Architecture Version Repository Size DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 ================================================================================ DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installing: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 opensc x86_64 0.19.0-6.fc30 fedora 1.1 M DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installing dependencies: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 pcsc-lite-ccid x86_64 1.4.31-1.fc30 updates 309 k DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 pcsc-lite x86_64 1.8.25-1.fc30 fedora 92 k DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 pcsc-lite-libs x86_64 1.8.25-1.fc30 fedora 29 k DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Transaction Summary DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 ================================================================================ DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Install 4 Packages DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Total download size: 1.5 M DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installed size: 5.9 M DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Downloading Packages: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 (1/4): pcsc-lite-ccid-1.4.31-1.fc30.x86_64.rpm 2.1 MB/s | 309 kB 00:00 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 (2/4): pcsc-lite-1.8.25-1.fc30.x86_64.rpm 417 kB/s | 92 kB 00:00 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 (3/4): pcsc-lite-libs-1.8.25-1.fc30.x86_64.rpm 238 kB/s | 29 kB 00:00 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 (4/4): opensc-0.19.0-6.fc30.x86_64.rpm 1.1 MB/s | 1.1 MB 00:00 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 -------------------------------------------------------------------------------- DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Total 871 kB/s | 1.5 MB 00:01 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Running transaction check DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Transaction check succeeded. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Running transaction test DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Transaction test succeeded. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Running transaction DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Preparing : 1/1 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installing : pcsc-lite-libs-1.8.25-1.fc30.x86_64 1/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installing : pcsc-lite-1.8.25-1.fc30.x86_64 2/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Running scriptlet: pcsc-lite-1.8.25-1.fc30.x86_64 2/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installing : pcsc-lite-ccid-1.4.31-1.fc30.x86_64 3/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Running scriptlet: pcsc-lite-ccid-1.4.31-1.fc30.x86_64 3/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installing : opensc-0.19.0-6.fc30.x86_64 4/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Running scriptlet: opensc-0.19.0-6.fc30.x86_64 4/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Verifying : pcsc-lite-ccid-1.4.31-1.fc30.x86_64 1/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Verifying : opensc-0.19.0-6.fc30.x86_64 2/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Verifying : pcsc-lite-1.8.25-1.fc30.x86_64 3/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Verifying : pcsc-lite-libs-1.8.25-1.fc30.x86_64 4/4 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Installed: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 opensc-0.19.0-6.fc30.x86_64 pcsc-lite-ccid-1.4.31-1.fc30.x86_64 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 pcsc-lite-1.8.25-1.fc30.x86_64 pcsc-lite-libs-1.8.25-1.fc30.x86_64 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Complete! DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Last metadata expiration check: 0:04:19 ago on Mon 06 Jan 2020 12:57:29 PM UTC. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Package krb5-pkinit-1.17-15.fc30.x86_64 is already installed. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Dependencies resolved. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Nothing to do. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Complete! DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 WARNING: Performing this operation while the browser is running could cause DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 corruption of your security databases. If the browser is currently running, DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 you should exit browser before continuing this operation. Type DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 'q <enter>' to abort, or <enter> to continue: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 WARNING: Manually adding a module while p11-kit is enabled could cause DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 duplicate module registration in your security database. It is suggested DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 to configure the module through p11-kit configuration file instead. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Type 'q <enter>' to abort, or <enter> to continue: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 ERROR: Failed to add module "OpenSC". Probable cause : "Unknown PKCS #11 error.". DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Systemwide CA database updated. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Systemwide CA database updated. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 The ipa-certupdate command was successful DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 - with-smartcard is selected, make sure smartcard authentication is enabled in sssd.conf: DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 - set "pam_cert_auth = True" in [pam] section DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:558 DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd56:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['rm', '-f', '/tmp/tmp.XCeIXnayZJ'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd57:transport.py:513 RUN ['rm', '-f', '/tmp/tmp.XCeIXnayZJ'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd57:transport.py:217 Exit code: 0 INFO ipatests.pytest_ipa.integration.host.Host.client0.ParamikoTransport:transport.py:318 RUN ['rm', '-f', '/tmp/tmp.7U7e4oJFDx'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd58:transport.py:513 RUN ['rm', '-f', '/tmp/tmp.7U7e4oJFDx'] DEBUG ipatests.pytest_ipa.integration.host.Host.client0.cmd58:transport.py:217 Exit code: 0