[Freeipa-users] Re: FreeIPA configuration via Ansible Tower / AWX

2021-04-02 Thread Russell Long via FreeIPA-users 
Thanks Flo,

I just re-tried adding the variables to the Inventory variables, the
inventory group variables, and the individual host variables in AWX.  No
matter what I do, unless I add them to each individual task, when AWX runs
the play, I get an error stating that the password is not set.

--Russ

On Fri, Apr 2, 2021 at 9:56 AM Florence Blanc-Renaud  wrote:

> On 4/2/21 3:38 PM, Russ Long via FreeIPA-users wrote:
> > I have an ansible role built out using the Ansible-provided FreeIPA
> commands, however for more flexibility I want to switch over to the ones
> available from the FreeIPA project directly.  I run the playbook that calls
> this role from AWX/Tower, and cannot figure out the proper way to set the
> ipaadmin_principal and ipaadmin_password so I do not have to include it on
> every individual task.  I have tried setting them as variables in the
> playbook, in the AWX Template, and in the Inventory used by AWX.
> >
> > These work fine if I set the principal and password on every task, but
> that's a lot of unnecessary code that also causes confusion for others
> looking at this.
> >
> > I'm sure I'm missing something obvious, but help would be appreciated.
>
> Hi Russ,
>
> you can have a look at our official documentation:
> Installing an Identity Management server using an Ansible playbook [1]
> It explains how to set the password either in the inventory file or in
> an Ansible Vault file.
>
> HTH,
> flo
>
> [1]
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-identity-management-server-using-an-ansible-playbook_installing-identity-management
>
> >
> > --Russ
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> > Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
> >
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: FreeIPA configuration via Ansible Tower / AWX

2021-04-02 Thread Florence Blanc-Renaud via FreeIPA-users 

On 4/2/21 3:38 PM, Russ Long via FreeIPA-users wrote:

I have an ansible role built out using the Ansible-provided FreeIPA commands, 
however for more flexibility I want to switch over to the ones available from 
the FreeIPA project directly.  I run the playbook that calls this role from 
AWX/Tower, and cannot figure out the proper way to set the ipaadmin_principal 
and ipaadmin_password so I do not have to include it on every individual task.  
I have tried setting them as variables in the playbook, in the AWX Template, 
and in the Inventory used by AWX.

These work fine if I set the principal and password on every task, but that's a 
lot of unnecessary code that also causes confusion for others looking at this.

I'm sure I'm missing something obvious, but help would be appreciated.


Hi Russ,

you can have a look at our official documentation:
Installing an Identity Management server using an Ansible playbook [1]
It explains how to set the password either in the inventory file or in 
an Ansible Vault file.


HTH,
flo

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-identity-management-server-using-an-ansible-playbook_installing-identity-management




--Russ
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] FreeIPA configuration via Ansible Tower / AWX

2021-04-02 Thread Russ Long via FreeIPA-users 
I have an ansible role built out using the Ansible-provided FreeIPA commands, 
however for more flexibility I want to switch over to the ones available from 
the FreeIPA project directly.  I run the playbook that calls this role from 
AWX/Tower, and cannot figure out the proper way to set the ipaadmin_principal 
and ipaadmin_password so I do not have to include it on every individual task.  
I have tried setting them as variables in the playbook, in the AWX Template, 
and in the Inventory used by AWX. 

These work fine if I set the principal and password on every task, but that's a 
lot of unnecessary code that also causes confusion for others looking at this. 

I'm sure I'm missing something obvious, but help would be appreciated. 

--Russ
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Memory leak - ns-slapd

2021-04-02 Thread Jim Richard via FreeIPA-users 
When I upgraded IPA back in early February I stared to see an apparent memory 
leak.

Note please the links to some Zabbix screens, it was only after I suspected a 
problem that I started tracking ns-slapd memory usage specifically as well. 
There are two nodes and they both show the same thing happening.

https://photos.app.goo.gl/SFo4rAYpiaE2bK9S7
https://photos.app.goo.gl/aQvgab2StMBGDFa48
https://photos.app.goo.gl/MfFBxFbBHoaRJs7f7
https://photos.app.goo.gl/ik3j3magF8D3toxx8

You can see the trend over a year and then all of the sudden, starting on the 
day I upgraded, well, you can see. The up’s and down’s after early February are 
me doing various restarts trying to figure out what was going on.

I’ve tried to get valgrind working but I’m not having any luck there.

Tried some stracing but I’m not sure if what I’m seeing is normal.

Any help please on where to look, how to troubleshoot further.

Thanks !

I see a constant stream of the following from strace on the ns-slapd pid but 
that might be expected as we’re not an IPv6 environment and FD 9 refers to an 
IPv6 socket.

getpeername(9, 0x7ffc612b7650, [112])   = -1 ENOTCONN (Transport endpoint is 
not connected)
poll([{fd=63, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, 
{fd=10, events=POLLIN}, {fd=193, events=POLLIN}, {fd=192, events=POLLIN}, 
{fd=79, events=POLLIN}, {fd=191, events=POLLIN}, {fd=189, events=POLLIN}, 
{fd=188, events=POLLIN}, {fd=187, events=POLLIN}, {fd=186, events=POLLIN}, 
{fd=184, events=POLLIN}, {fd=183, events=POLLIN}, {fd=182, events=POLLIN}, 
{fd=181, events=POLLIN}, {fd=180, events=POLLIN}, {fd=140, events=POLLIN}, 
{fd=230, events=POLLIN}, {fd=229, events=POLLIN}, {fd=227, events=POLLIN}, 
{fd=179, events=POLLIN}, {fd=177, events=POLLIN}, {fd=226, events=POLLIN}, 
{fd=225, events=POLLIN}, {fd=197, events=POLLIN}, {fd=174, events=POLLIN}, 
{fd=176, events=POLLIN}, {fd=175, events=POLLIN}, {fd=173, events=POLLIN}, 
{fd=146, events=POLLIN}, {fd=162, events=POLLIN}, ...], 245, 250) = 1 
([{fd=384, revents=POLLIN}])
futex(0x7f233f68a3f4, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x7f2335714080, FUTEX_WAKE_PRIVATE, 1) = 1
getpeername(9, 0x7ffc612b7650, [112])   = -1 ENOTCONN (Transport endpoint is 
not connected)
poll([{fd=63, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, 
{fd=10, events=POLLIN}, {fd=193, events=POLLIN}, {fd=192, events=POLLIN}, 
{fd=79, events=POLLIN}, {fd=191, events=POLLIN}, {fd=189, events=POLLIN}, 
{fd=188, events=POLLIN}, {fd=187, events=POLLIN}, {fd=186, events=POLLIN}, 
{fd=184, events=POLLIN}, {fd=183, events=POLLIN}, {fd=182, events=POLLIN}, 
{fd=181, events=POLLIN}, {fd=180, events=POLLIN}, {fd=140, events=POLLIN}, 
{fd=230, events=POLLIN}, {fd=229, events=POLLIN}, {fd=227, events=POLLIN}, 
{fd=179, events=POLLIN}, {fd=177, events=POLLIN}, {fd=226, events=POLLIN}, 
{fd=225, events=POLLIN}, {fd=197, events=POLLIN}, {fd=174, events=POLLIN}, 
{fd=176, events=POLLIN}, {fd=175, events=POLLIN}, {fd=173, events=POLLIN}, 
{fd=146, events=POLLIN}, {fd=162, events=POLLIN}, ...], 245, 250) = 1 ([{fd=63, 
revents=POLLIN}])
read(63, "\0\0", 200)   = 2



Upgraded from:

2021-02-01T14:25:20Z DEBUG ---> Package ipa-server.x86_64 
4.8.4-7.module_el8.2.0+374+0d2d74a1 will be upgraded
2021-02-01T14:25:20Z DEBUG ---> Package ipa-server.x86_64 
4.8.7-13.module_el8.3.0+606+1e8766d7 will be an upgrade

2021-02-01T14:25:20Z DEBUG ---> Package 389-ds-base.x86_64 
1.4.2.4-10.module_el8.2.0+489+38ed056a will be upgraded
2021-02-01T14:25:20Z DEBUG ---> Package 389-ds-base.x86_64 
1.4.3.8-6.module_el8.3.0+604+ab7bf9cc will be an upgrade
2021-02-01T14:25:20Z DEBUG ---> Package 389-ds-base-libs.x86_64 
1.4.2.4-10.module_el8.2.0+489+38ed056a will be upgraded
2021-02-01T14:25:20Z DEBUG ---> Package 389-ds-base-libs.x86_64 
1.4.3.8-6.module_el8.3.0+604+ab7bf9cc will be an upgrade
2021-02-01T14:25:20Z DEBUG ---> Package 389-ds-base-snmp.x86_64 
1.4.2.4-10.module_el8.2.0+489+38ed056a will be upgraded
2021-02-01T14:25:20Z DEBUG ---> Package 389-ds-base-snmp.x86_64 
1.4.3.8-6.module_el8.3.0+604+ab7bf9cc will be an upgrade



Current versions are:

CentOS 8:

ipa-client.x86_64  4.8.7-14.module_el8.3.0+698+d6d67052 
@appstream   
ipa-client-common.noarch   4.8.7-14.module_el8.3.0+698+d6d67052 
@appstream   
ipa-common.noarch  4.8.7-14.module_el8.3.0+698+d6d67052 
@appstream   
ipa-healthcheck.noarch 0.4-6.module_el8.3.0+482+9e103aab
@AppStream   
ipa-healthcheck-core.noarch0.4-6.module_el8.3.0+482+9e103aab
@AppStream   
ipa-selinux.noarch 4.8.7-14.module_el8.3.0+698+d6d67052 
@appstream   
ipa-server.x86_64  4.8.7-14.module_el8.3.0+698+d6d67052 
@appstream   
ipa-server-common.noarch   4.8.7-14.module_el8.3.0+698+d6d67052 
@appstream   

389-ds-base.x86_64