I've been trying to rebuild my FreeIPA server that I run on CentOS 7.3. Previously, I was running FreeIPA 4.2.x and upgraded over time to 4.4.0 now, but somewhere along the lines, it totally broke and failed. For me it's not a big deal because it serves very little in a home cluster lab, but I wanted to take this time to update my chef cookbooks to accomodate the new way to auto-configure FreeIPA.
The Server installation portion was pretty much the same as before. It's the replica that's mostly changed. Using the install method with ipa-replica-install, I'm using these arguments: ipa-replica-install --unattended \ --no-ntp --mkhomedir --skip-conncheck \ --ip-address 172.17.0.102 \ --principal admin \ --admin-password "redacted" \ --server ipa1.home.ld \ --domain home.ld \ --realm HOME.LD And it's failing with the following results: Configuring directory server (dirsrv). Estimated time: 1 minute [1/44]: creating directory server user [2/44]: creating directory server instance [3/44]: updating configuration in dse.ldif [4/44]: restarting directory server [5/44]: adding default schema [6/44]: enabling memberof plugin [7/44]: enabling winsync plugin [8/44]: configuring replication version plugin [9/44]: enabling IPA enrollment plugin [10/44]: enabling ldapi [11/44]: configuring uniqueness plugin [12/44]: configuring uuid plugin [13/44]: configuring modrdn plugin [14/44]: configuring DNS plugin [15/44]: enabling entryUSN plugin [16/44]: configuring lockout plugin [17/44]: configuring topology plugin [18/44]: creating indices [19/44]: enabling referential integrity plugin [20/44]: configuring certmap.conf [21/44]: configure autobind for root [22/44]: configure new location for managed entries [23/44]: configure dirsrv ccache [24/44]: enabling SASL mapping fallback [25/44]: restarting directory server [26/44]: creating DS keytab [27/44]: retrieving DS Certificate [28/44]: restarting directory server [29/44]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 15 seconds elapsed [ipa1.home.ld] reports: Update failed! Status: [49 - LDAP error: Invalid credentials] [error] RuntimeError: Failed to start replication Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. STDERR: Client hostname: ipa2.home.ld Realm: HOME.LD DNS Domain: home.ld IPA Server: ipa1.home.ld BaseDN: dc=home,dc=ld Skipping synchronizing time with NTP server. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=HOME.LD Issuer: CN=Certificate Authority,O=HOME.LD Valid From: Sun Jun 11 14:31:12 2017 UTC Valid Until: Thu Jun 11 14:31:12 2037 UTC Enrolled in IPA realm HOME.LD Created /etc/ipa/default.conf Configured sudoers in /etc/nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm HOME.LD trying https://ipa1.home.ld/ipa/json Forwarding 'schema' to json server 'https://ipa1.home.ld/ipa/json' trying https://ipa1.home.ld/ipa/session/json Forwarding 'ping' to json server 'https://ipa1.home.ld/ipa/session/json ' Forwarding 'ca_is_enabled' to json server 'https://ipa1.home.ld/ipa/ses sion/json' Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Forwarding 'host_mod' to json server 'https://ipa1.home.ld/ipa/session/ json' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring home.ld as NIS domain. Client configuration complete. ipa.ipapython.install.cli.install_tool(Replica): ERROR Failed to start replication ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa- replica-install command failed. See /var/log/ipareplica-install.log for more information Attached is the full logs from ipareplica-install.log Any help on this would be greatly appreciated. I had tried all weekend long trying to get this to work all to the same basic failure. Eric
2017-06-12T20:29:06Z DEBUG Logging to /var/log/ipareplica-install.log 2017-06-12T20:29:06Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'skip_schema_check': None, 'setup_kra': None, 'ip_addresses': [CheckedIPAddress('172.17.0.102')], 'mkhomedir': True, 'http_cert_files': None, 'ssh_trust_dns': None, 'reverse_zones': None, 'no_forwarders': None, 'keytab': None, 'no_ntp': True, 'domain_name': 'home.ld', 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'no_reverse': None, 'unattended': True, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None, 'verbose': False, 'setup_ca': None, 'realm_name': 'HOME.LD', 'skip_conncheck': True, 'no_ssh': None, 'forward_policy': None, 'dirsrv_cert_name': None, 'quiet': False, 'server': 'ipa1.home.ld', 'setup_dns': None, 'host_name': None, 'log_file': None, 'allow_zone_overlap': None} 2017-06-12T20:29:06Z DEBUG IPA version 4.4.0-14.el7.centos.7 2017-06-12T20:29:06Z DEBUG Starting external process 2017-06-12T20:29:06Z DEBUG args=/usr/sbin/selinuxenabled 2017-06-12T20:29:06Z DEBUG Process finished, return code=0 2017-06-12T20:29:06Z DEBUG stdout= 2017-06-12T20:29:06Z DEBUG stderr= 2017-06-12T20:29:06Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-06-12T20:29:06Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:06Z DEBUG httpd is not configured 2017-06-12T20:29:06Z DEBUG kadmin is not configured 2017-06-12T20:29:06Z DEBUG dirsrv is not configured 2017-06-12T20:29:06Z DEBUG pki-tomcatd is not configured 2017-06-12T20:29:06Z DEBUG install is not configured 2017-06-12T20:29:06Z DEBUG krb5kdc is not configured 2017-06-12T20:29:06Z DEBUG ntpd is not configured 2017-06-12T20:29:06Z DEBUG named is not configured 2017-06-12T20:29:06Z DEBUG ipa_memcached is not configured 2017-06-12T20:29:06Z DEBUG filestore is tracking no files 2017-06-12T20:29:06Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2017-06-12T20:29:06Z DEBUG Configuring client side components 2017-06-12T20:29:06Z DEBUG Starting external process 2017-06-12T20:29:06Z DEBUG args=/usr/sbin/ipa-client-install --unattended --no-ntp --domain home.ld --server ipa1.home.ld --realm HOME.LD --principal admin --mkhomedir 2017-06-12T20:29:24Z DEBUG Process finished, return code=0 2017-06-12T20:29:24Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-06-12T20:29:24Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:24Z DEBUG Starting external process 2017-06-12T20:29:24Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS 2017-06-12T20:29:24Z DEBUG Process finished, return code=0 2017-06-12T20:29:24Z DEBUG stdout=VirtualHost configuration: *:8443 ipa2.home.ld (/etc/httpd/conf.d/nss.conf:83) 2017-06-12T20:29:24Z DEBUG stderr= 2017-06-12T20:29:24Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-06-12T20:29:24Z DEBUG importing plugin module ipaserver.plugins.aci 2017-06-12T20:29:24Z DEBUG importing plugin module ipaserver.plugins.automember 2017-06-12T20:29:24Z DEBUG importing plugin module ipaserver.plugins.automount 2017-06-12T20:29:24Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-06-12T20:29:24Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-06-12T20:29:24Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.batch 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.ca 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.cert 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.config 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.dns 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-06-12T20:29:25Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.group 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-06-12T20:29:25Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.host 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.internal 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.join 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.location 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.migration 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.misc 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.otp 2017-06-12T20:29:25Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.permission 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.ping 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-06-12T20:29:25Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-06-12T20:29:25Z DEBUG Starting external process 2017-06-12T20:29:25Z DEBUG args=klist -V 2017-06-12T20:29:25Z DEBUG Process finished, return code=0 2017-06-12T20:29:25Z DEBUG stdout=Kerberos 5 version 1.14.1 2017-06-12T20:29:25Z DEBUG stderr= 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-06-12T20:29:25Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.role 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.schema 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.server 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.service 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.session 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-06-12T20:29:25Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.topology 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.trust 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.user 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.vault 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-06-12T20:29:25Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-06-12T20:29:25Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-06-12T20:29:25Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-06-12T20:29:27Z DEBUG Check if ipa2.home.ld is a primary hostname for localhost 2017-06-12T20:29:27Z DEBUG Primary hostname for localhost: ipa2.home.ld 2017-06-12T20:29:27Z DEBUG Search DNS for ipa2.home.ld 2017-06-12T20:29:27Z DEBUG Check if ipa2.home.ld is not a CNAME 2017-06-12T20:29:27Z DEBUG Check reverse address of 172.17.0.102 2017-06-12T20:29:27Z DEBUG Found reverse name: ipa2.home.ld 2017-06-12T20:29:27Z DEBUG Check if ipa1.home.ld is a primary hostname for localhost 2017-06-12T20:29:28Z DEBUG Primary hostname for localhost: ipa1.home.ld 2017-06-12T20:29:28Z DEBUG Search DNS for ipa1.home.ld 2017-06-12T20:29:28Z DEBUG Check if ipa1.home.ld is not a CNAME 2017-06-12T20:29:28Z DEBUG Check reverse address of 172.17.0.101 2017-06-12T20:29:28Z DEBUG Found reverse name: ipa1.home.ld 2017-06-12T20:29:28Z DEBUG Initializing principal host/ipa2.home...@home.ld using keytab /etc/krb5.keytab 2017-06-12T20:29:28Z DEBUG using ccache /tmp/krbcc_C2trI/ccache 2017-06-12T20:29:28Z DEBUG Attempt 1/1: success 2017-06-12T20:29:28Z DEBUG importing all plugin modules in ipaserver.plugins... 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.aci 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.automember 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.automount 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.baseldap 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.baseuser 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.batch 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.ca 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.caacl 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.cert 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.certprofile 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.config 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.delegation 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.dns 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.dnsserver 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.dogtag 2017-06-12T20:29:28Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.domainlevel 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.group 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.hbac 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.hbac is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.hbacrule 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.hbacsvc 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.hbactest 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.host 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.hostgroup 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.idrange 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.idviews 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.internal 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.join 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.ldap2 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.location 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.migration 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.misc 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.netgroup 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.otp 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.otp is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.otpconfig 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.otptoken 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.passwd 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.permission 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.ping 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.pkinit 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.privilege 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.pwpolicy 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.rabase 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.rabase is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.radiusproxy 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.realmdomains 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.role 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.schema 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.selfservice 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.server 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.serverrole 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.serverroles 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.service 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.servicedelegation 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.session 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.stageuser 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.sudo 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.sudo is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.sudocmd 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.sudorule 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.topology 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.trust 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.user 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.vault 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.virtual 2017-06-12T20:29:28Z DEBUG ipaserver.plugins.virtual is not a valid plugin module 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.plugins.xmlserver 2017-06-12T20:29:28Z DEBUG importing all plugin modules in ipaserver.install.plugins... 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.adtrust 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.dns 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_nis 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_referint 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_services 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness 2017-06-12T20:29:28Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout=938543773 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl pipe 938543773 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout=ipa_session=8dcf25f45f07c1a0a8c02d31886dff46; Domain=ipa1.home.ld; Path=/ipa; Expires=Mon, 12 Jun 2017 20:49:22 GMT; Secure; HttpOnly 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG found session_cookie in persistent storage for principal 'host/ipa2.home...@home.ld', cookie: 'ipa_session=8dcf25f45f07c1a0a8c02d31886dff46; Domain=ipa1.home.ld; Path=/ipa; Expires=Mon, 12 Jun 2017 20:49:22 GMT; Secure; HttpOnly' 2017-06-12T20:29:30Z DEBUG setting session_cookie into context 'ipa_session=8dcf25f45f07c1a0a8c02d31886dff46;' 2017-06-12T20:29:30Z INFO trying https://ipa1.home.ld/ipa/session/json 2017-06-12T20:29:30Z DEBUG NSSConnection init ipa1.home.ld 2017-06-12T20:29:30Z DEBUG Connecting: 172.17.0.101:0 2017-06-12T20:29:30Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-06-12T20:29:30Z DEBUG cert valid True for "CN=ipa1.home.ld,O=HOME.LD" 2017-06-12T20:29:30Z DEBUG handshake complete, peer = 172.17.0.101:443 2017-06-12T20:29:30Z DEBUG Protocol: TLS1.2 2017-06-12T20:29:30Z DEBUG Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 2017-06-12T20:29:30Z DEBUG received Set-Cookie 'ipa_session=8dcf25f45f07c1a0a8c02d31886dff46; Domain=ipa1.home.ld; Path=/ipa; Expires=Mon, 12 Jun 2017 20:49:32 GMT; Secure; HttpOnly' 2017-06-12T20:29:30Z DEBUG storing cookie 'ipa_session=8dcf25f45f07c1a0a8c02d31886dff46; Domain=ipa1.home.ld; Path=/ipa; Expires=Mon, 12 Jun 2017 20:49:32 GMT; Secure; HttpOnly' for principal host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout=938543773 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout=938543773 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl pupdate 938543773 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout= 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Created connection context.jsonclient_141233104 2017-06-12T20:29:30Z INFO Forwarding 'env' to json server 'https://ipa1.home.ld/ipa/session/json' 2017-06-12T20:29:30Z DEBUG NSSConnection init ipa1.home.ld 2017-06-12T20:29:30Z DEBUG Connecting: 172.17.0.101:0 2017-06-12T20:29:30Z DEBUG approved_usage = SSL Server intended_usage = SSL Server 2017-06-12T20:29:30Z DEBUG cert valid True for "CN=ipa1.home.ld,O=HOME.LD" 2017-06-12T20:29:30Z DEBUG handshake complete, peer = 172.17.0.101:443 2017-06-12T20:29:30Z DEBUG Protocol: TLS1.2 2017-06-12T20:29:30Z DEBUG Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 2017-06-12T20:29:30Z DEBUG received Set-Cookie 'ipa_session=8dcf25f45f07c1a0a8c02d31886dff46; Domain=ipa1.home.ld; Path=/ipa; Expires=Mon, 12 Jun 2017 20:49:32 GMT; Secure; HttpOnly' 2017-06-12T20:29:30Z DEBUG storing cookie 'ipa_session=8dcf25f45f07c1a0a8c02d31886dff46; Domain=ipa1.home.ld; Path=/ipa; Expires=Mon, 12 Jun 2017 20:49:32 GMT; Secure; HttpOnly' for principal host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout=938543773 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl search @s user ipa_session_cookie:host/ipa2.home...@home.ld 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout=938543773 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Starting external process 2017-06-12T20:29:30Z DEBUG args=keyctl pupdate 938543773 2017-06-12T20:29:30Z DEBUG Process finished, return code=0 2017-06-12T20:29:30Z DEBUG stdout= 2017-06-12T20:29:30Z DEBUG stderr= 2017-06-12T20:29:30Z DEBUG Destroyed connection context.jsonclient_141233104 2017-06-12T20:29:31Z DEBUG Created connection context.ldap2_110636944 2017-06-12T20:29:31Z DEBUG raw: domainlevel_get(version=u'2.213') 2017-06-12T20:29:31Z DEBUG domainlevel_get(version=u'2.213') 2017-06-12T20:29:31Z DEBUG flushing ldaps://ipa1.home.ld from SchemaCache 2017-06-12T20:29:31Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa1.home.ld conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86b45f0> 2017-06-12T20:29:31Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.213', host=[u'ipa2.home.ld']) 2017-06-12T20:29:31Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.213', no_members=True, pkey_only=False, host=(u'ipa2.home.ld',)) 2017-06-12T20:29:31Z DEBUG KRB5CCNAME set to None 2017-06-12T20:29:31Z DEBUG Failed to find default ccache: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639053): No Kerberos credentials available (default cache: KEYRING:persistent:0) 2017-06-12T20:29:31Z DEBUG Initializing principal ad...@home.ld using password 2017-06-12T20:29:31Z DEBUG Starting external process 2017-06-12T20:29:31Z DEBUG args=/usr/bin/kinit ad...@home.ld -c /tmp/tmpuxrjbz 2017-06-12T20:29:31Z DEBUG Process finished, return code=0 2017-06-12T20:29:31Z DEBUG stdout=Password for ad...@home.ld: 2017-06-12T20:29:31Z DEBUG stderr= 2017-06-12T20:29:31Z DEBUG Destroyed connection context.ldap2_110636944 2017-06-12T20:29:31Z DEBUG Created connection context.ldap2_110636944 2017-06-12T20:29:31Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True, all=True, version=u'2.213') 2017-06-12T20:29:31Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True, raw=False, version=u'2.213', no_members=False) 2017-06-12T20:29:31Z DEBUG flushing ldaps://ipa1.home.ld from SchemaCache 2017-06-12T20:29:31Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa1.home.ld conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86b4c20> 2017-06-12T20:29:32Z DEBUG Destroyed connection context.ldap2_110636944 2017-06-12T20:29:32Z DEBUG Created connection context.ldap2_110636944 2017-06-12T20:29:32Z DEBUG flushing ldaps://ipa1.home.ld from SchemaCache 2017-06-12T20:29:32Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa1.home.ld conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86b4998> 2017-06-12T20:29:32Z DEBUG No IPA DNS servers, skipping forward/reverse resolution check 2017-06-12T20:29:32Z DEBUG Name ipa2.home.ld. resolved to set([UnsafeIPAddress('172.17.0.102')]) 2017-06-12T20:29:32Z DEBUG Destroyed connection context.ldap2_110636944 2017-06-12T20:29:32Z DEBUG Created connection context.ldap2_110636944 2017-06-12T20:29:32Z DEBUG raw: hostgroup_add_member(u'ipaservers', version=u'2.213', host=[u'ipa2.home.ld']) 2017-06-12T20:29:32Z DEBUG hostgroup_add_member(u'ipaservers', all=False, raw=False, version=u'2.213', no_members=False, host=(u'ipa2.home.ld',)) 2017-06-12T20:29:32Z DEBUG add_entry_to_group: dn=fqdn=ipa2.home.ld,cn=computers,cn=accounts,dc=home,dc=ld group_dn=cn=ipaservers,cn=hostgroups,cn=accounts,dc=home,dc=ld member_attr=member 2017-06-12T20:29:32Z DEBUG flushing ldaps://ipa1.home.ld from SchemaCache 2017-06-12T20:29:32Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa1.home.ld conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x90d7c20> 2017-06-12T20:29:34Z DEBUG Destroyed connection context.ldap2_110636944 2017-06-12T20:29:34Z DEBUG Backing up system configuration file '/etc/ipa/default.conf' 2017-06-12T20:29:34Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:34Z DEBUG Starting external process 2017-06-12T20:29:34Z DEBUG args=/bin/systemctl start messagebus.service 2017-06-12T20:29:34Z DEBUG Process finished, return code=0 2017-06-12T20:29:34Z DEBUG stdout= 2017-06-12T20:29:34Z DEBUG stderr= 2017-06-12T20:29:34Z DEBUG Starting external process 2017-06-12T20:29:34Z DEBUG args=/bin/systemctl is-active messagebus.service 2017-06-12T20:29:34Z DEBUG Process finished, return code=0 2017-06-12T20:29:34Z DEBUG stdout=active 2017-06-12T20:29:34Z DEBUG stderr= 2017-06-12T20:29:34Z DEBUG Starting external process 2017-06-12T20:29:34Z DEBUG args=/bin/systemctl restart certmonger.service 2017-06-12T20:29:34Z DEBUG Process finished, return code=0 2017-06-12T20:29:34Z DEBUG stdout= 2017-06-12T20:29:34Z DEBUG stderr= 2017-06-12T20:29:34Z DEBUG Starting external process 2017-06-12T20:29:34Z DEBUG args=/bin/systemctl is-active certmonger.service 2017-06-12T20:29:34Z DEBUG Process finished, return code=0 2017-06-12T20:29:34Z DEBUG stdout=active 2017-06-12T20:29:34Z DEBUG stderr= 2017-06-12T20:29:34Z DEBUG Starting external process 2017-06-12T20:29:34Z DEBUG args=/bin/systemctl enable certmonger.service 2017-06-12T20:29:34Z DEBUG Process finished, return code=0 2017-06-12T20:29:34Z DEBUG stdout= 2017-06-12T20:29:34Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service. 2017-06-12T20:29:34Z DEBUG group dirsrv exists 2017-06-12T20:29:34Z DEBUG user dirsrv exists 2017-06-12T20:29:34Z DEBUG Created connection context.ldap2_110636944 2017-06-12T20:29:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-06-12T20:29:34Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:34Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute 2017-06-12T20:29:34Z DEBUG [1/44]: creating directory server user 2017-06-12T20:29:34Z DEBUG group dirsrv exists 2017-06-12T20:29:34Z DEBUG user dirsrv exists 2017-06-12T20:29:34Z DEBUG duration: 0 seconds 2017-06-12T20:29:34Z DEBUG [2/44]: creating directory server instance 2017-06-12T20:29:34Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-06-12T20:29:34Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2017-06-12T20:29:34Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2017-06-12T20:29:34Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:34Z DEBUG dn: dc=home,dc=ld objectClass: top objectClass: domain objectClass: pilotObject dc: home info: IPA V2.0 2017-06-12T20:29:34Z DEBUG writing inf template 2017-06-12T20:29:34Z DEBUG [General] FullMachineName= ipa2.home.ld SuiteSpotUserID= dirsrv SuiteSpotGroup= dirsrv ServerRoot= /usr/lib64/dirsrv [slapd] ServerPort= 389 ServerIdentifier= HOME-LD Suffix= dc=home,dc=ld RootDN= cn=Directory Manager InstallLdifFile= /var/lib/dirsrv/boot.ldif inst_dir= /var/lib/dirsrv/scripts-HOME-LD 2017-06-12T20:29:34Z DEBUG calling setup-ds.pl 2017-06-12T20:29:34Z DEBUG Starting external process 2017-06-12T20:29:34Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpeOHXFY 2017-06-12T20:29:38Z DEBUG Process finished, return code=0 2017-06-12T20:29:38Z DEBUG stdout=[17/06/12:16:29:38] - [Setup] Info Your new DS instance 'HOME-LD' was successfully created. Your new DS instance 'HOME-LD' was successfully created. [17/06/12:16:29:38] - [Setup] Success Exiting . . . Log file is '-' Exiting . . . Log file is '-' 2017-06-12T20:29:38Z DEBUG stderr= 2017-06-12T20:29:38Z DEBUG completed creating ds instance 2017-06-12T20:29:38Z DEBUG duration: 4 seconds 2017-06-12T20:29:38Z DEBUG [3/44]: updating configuration in dse.ldif 2017-06-12T20:29:38Z DEBUG Starting external process 2017-06-12T20:29:38Z DEBUG args=/bin/systemctl stop dirsrv@HOME-LD.service 2017-06-12T20:29:39Z DEBUG Process finished, return code=0 2017-06-12T20:29:39Z DEBUG stdout= 2017-06-12T20:29:39Z DEBUG stderr= 2017-06-12T20:29:39Z DEBUG duration: 1 seconds 2017-06-12T20:29:39Z DEBUG [4/44]: restarting directory server 2017-06-12T20:29:39Z DEBUG Starting external process 2017-06-12T20:29:39Z DEBUG args=/bin/systemctl --system daemon-reload 2017-06-12T20:29:40Z DEBUG Process finished, return code=0 2017-06-12T20:29:40Z DEBUG stdout= 2017-06-12T20:29:40Z DEBUG stderr= 2017-06-12T20:29:40Z DEBUG Starting external process 2017-06-12T20:29:40Z DEBUG args=/bin/systemctl restart dirsrv@HOME-LD.service 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout= 2017-06-12T20:29:41Z DEBUG stderr= 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=active 2017-06-12T20:29:41Z DEBUG stderr= 2017-06-12T20:29:41Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=active 2017-06-12T20:29:41Z DEBUG stderr= 2017-06-12T20:29:41Z DEBUG duration: 1 seconds 2017-06-12T20:29:41Z DEBUG [5/44]: adding default schema 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [6/44]: enabling memberof plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpLXs1sg 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=replace nsslapd-pluginenabled: on add memberofgroupattr: memberUser add memberofgroupattr: memberHost modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [7/44]: enabling winsync plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpqhqwNn 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa-winsync add nsslapd-pluginpath: libipa_winsync add nsslapd-plugininitfunc: ipa_winsync_plugin_init add nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature add nsslapd-pluginid: ipa-winsync add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-plugin-depends-on-type: database add ipaWinSyncRealmFilter: (objectclass=krbRealmContainer) add ipaWinSyncRealmAttr: cn add ipaWinSyncNewEntryFilter: (cn=ipaConfig) add ipaWinSyncNewUserOCAttr: ipauserobjectclasses add ipaWinSyncUserFlatten: true add ipaWinsyncHomeDirAttr: ipaHomesRootDir add ipaWinsyncLoginShellAttr: ipaDefaultLoginShell add ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup add ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames) add ipaWinSyncAcctDisable: both add ipaWinSyncForceSync: true add ipaWinSyncUserAttr: uidNumber -1 gidNumber -1 adding new entry "cn=ipa-winsync,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [8/44]: configuring replication version plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpp3TsrW 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Version Replication add nsslapd-pluginpath: libipa_repl_version add nsslapd-plugininitfunc: repl_version_plugin_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: off add nsslapd-pluginid: ipa_repl_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Replication version plugin add nsslapd-plugin-depends-on-type: database add nsslapd-plugin-depends-on-named: Multimaster Replication Plugin adding new entry "cn=IPA Version Replication,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [9/44]: enabling IPA enrollment plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpctxKDu -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpLjWA3i 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: ipa_enrollment_extop add nsslapd-pluginpath: libipa_enrollment_extop add nsslapd-plugininitfunc: ipaenrollment_init add nsslapd-plugintype: extendedop add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_enrollment_extop add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: RedHat add nsslapd-plugindescription: Enroll hosts into the IPA domain add nsslapd-plugin-depends-on-type: database add nsslapd-realmTree: dc=home,dc=ld adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [10/44]: enabling ldapi 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpk6aRi3 -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmp9y1VzO 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=replace nsslapd-ldapilisten: on modifying entry "cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [11/44]: configuring uniqueness plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmppxYiie -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpzb2pDv 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: krbPrincipalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbPrincipalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=home,dc=ld add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=home,dc=ld add uniqueness-across-all-subtrees: on adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: krbCanonicalName uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: krbCanonicalName add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=home,dc=ld add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=home,dc=ld add uniqueness-across-all-subtrees: on adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: netgroup uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=ng,cn=alt,dc=home,dc=ld add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: ipaUniqueID uniqueness add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: ipaUniqueID add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project add nsslapd-pluginDescription: Enforce unique attribute values add uniqueness-subtrees: dc=home,dc=ld add uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,dc=home,dc=ld add uniqueness-across-all-subtrees: on adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config" modify complete add objectClass: top nsSlapdPlugin extensibleObject add cn: sudorule name uniqueness add nsslapd-pluginDescription: Enforce unique attribute values add nsslapd-pluginPath: libattr-unique-plugin add nsslapd-pluginInitfunc: NSUniqueAttr_Init add nsslapd-pluginType: preoperation add nsslapd-pluginEnabled: on add uniqueness-attribute-name: cn add uniqueness-subtrees: cn=sudorules,cn=sudo,dc=home,dc=ld add nsslapd-plugin-depends-on-type: database add nsslapd-pluginId: NSUniqueAttr add nsslapd-pluginVersion: 1.1.0 add nsslapd-pluginVendor: Fedora Project adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [12/44]: configuring uuid plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpDZhjsz 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA UUID add nsslapd-pluginpath: libipa_uuid add nsslapd-plugininitfunc: ipauuid_init add nsslapd-plugintype: preoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipauuid_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA UUID plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA UUID,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpQ_Traz -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpkZaWLZ 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top extensibleObject add cn: IPA Unique IDs add ipaUuidAttr: ipaUniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation)) add ipaUuidScope: dc=home,dc=ld add ipaUuidEnforce: TRUE adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: IPK11 Unique IDs add ipaUuidAttr: ipk11UniqueID add ipaUuidMagicRegen: autogenerate add ipaUuidFilter: (objectclass=ipk11Object) add ipaUuidScope: dc=home,dc=ld add ipaUuidEnforce: FALSE adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [13/44]: configuring modrdn plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpTLcteY 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA MODRDN add nsslapd-pluginpath: libipa_modrdn add nsslapd-plugininitfunc: ipamodrdn_init add nsslapd-plugintype: betxnpostoperation add nsslapd-pluginenabled: on add nsslapd-pluginid: ipamodrdn_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA MODRDN plugin add nsslapd-plugin-depends-on-type: database add nsslapd-pluginPrecedence: 60 adding new entry "cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp81FD6V -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmphKbgWf 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top extensibleObject add cn: Kerberos Principal Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbPrincipalName add ipaModRDNsuffix: @HOME.LD add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=home,dc=ld adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete add objectclass: top extensibleObject add cn: Kerberos Canonical Name add ipaModRDNsourceAttr: uid add ipaModRDNtargetAttr: krbCanonicalName add ipaModRDNsuffix: @HOME.LD add ipaModRDNfilter: (&(objectclass=posixaccount)(objectclass=krbPrincipalAux)) add ipaModRDNscope: dc=home,dc=ld adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [14/44]: configuring DNS plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpCBMwdW 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsslapdPlugin extensibleObject add cn: IPA DNS add nsslapd-plugindescription: IPA DNS support plugin add nsslapd-pluginenabled: on add nsslapd-pluginid: ipa_dns add nsslapd-plugininitfunc: ipadns_init add nsslapd-pluginpath: libipa_dns.so add nsslapd-plugintype: preoperation add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-pluginversion: 1.0 add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA DNS,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [15/44]: enabling entryUSN plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpZ6U3yP 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=replace nsslapd-entryusn-global: on modifying entry "cn=config" modify complete replace nsslapd-entryusn-import-initval: next modifying entry "cn=config" modify complete replace nsslapd-pluginenabled: on modifying entry "cn=USN,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [16/44]: configuring lockout plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpvczEva 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectclass: top nsSlapdPlugin extensibleObject add cn: IPA Lockout add nsslapd-pluginpath: libipa_lockout add nsslapd-plugininitfunc: ipalockout_init add nsslapd-plugintype: object add nsslapd-pluginenabled: on add nsslapd-pluginid: ipalockout_version add nsslapd-pluginversion: 1.0 add nsslapd-pluginvendor: Red Hat, Inc. add nsslapd-plugindescription: IPA Lockout plugin add nsslapd-plugin-depends-on-type: database adding new entry "cn=IPA Lockout,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [17/44]: configuring topology plugin 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpk9mwG2 -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpFSr231 2017-06-12T20:29:41Z DEBUG Process finished, return code=0 2017-06-12T20:29:41Z DEBUG stdout=add objectClass: top nsSlapdPlugin extensibleObject add cn: IPA Topology Configuration add nsslapd-pluginPath: libtopology add nsslapd-pluginInitfunc: ipa_topo_init add nsslapd-pluginType: object add nsslapd-pluginEnabled: on add nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,dc=home,dc=ld add nsslapd-topo-plugin-shared-replica-root: dc=home,dc=ld o=ipaca add nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=home,dc=ld add nsslapd-topo-plugin-startup-delay: 20 add nsslapd-pluginId: none add nsslapd-plugin-depends-on-named: ldbm database Multimaster Replication Plugin add nsslapd-pluginVersion: 1.0 add nsslapd-pluginVendor: none add nsslapd-pluginDescription: none adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config" modify complete 2017-06-12T20:29:41Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:41Z DEBUG duration: 0 seconds 2017-06-12T20:29:41Z DEBUG [18/44]: creating indices 2017-06-12T20:29:41Z DEBUG Starting external process 2017-06-12T20:29:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpkC3cg_ 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout=add objectClass: top nsIndex add cn: krbPrincipalName add nsSystemIndex: false add nsIndexType: eq sub add nsMatchingRule: caseIgnoreIA5Match caseExactIA5Match adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: ou add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: carLicense add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: title add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: manager add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: secretary add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: displayname add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add nsIndexType: sub modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: uidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add objectClass: top nsIndex add cn: gidnumber add nsSystemIndex: false add nsIndexType: eq add nsMatchingRule: integerOrderingMatch adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq pres modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete replace nsIndexType: eq pres modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: fqdn add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add ObjectClass: top nsIndex add cn: macAddress add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberHost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberUser add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: sourcehost add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberservice add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: managedby add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberallowcmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: memberdenycmd add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunas add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipasudorunasgroup add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: automountkey add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipakrbprincipalalias add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipauniqueid add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipaMemberCa add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipaMemberCertProfile add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres sub adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: userCertificate add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: ipalocation add ObjectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq pres adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete add cn: krbCanonicalName add objectClass: top nsIndex add nsSystemIndex: false add nsIndexType: eq sub adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" modify complete 2017-06-12T20:29:42Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [19/44]: enabling referential integrity plugin 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpBjY_RK 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout=replace nsslapd-pluginenabled: on modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" modify complete 2017-06-12T20:29:42Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [20/44]: configuring certmap.conf 2017-06-12T20:29:42Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-06-12T20:29:42Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-06-12T20:29:42Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [21/44]: configure autobind for root 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpKS6UY6 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout=add objectClass: extensibleObject top add cn: root-autobind add uidNumber: 0 add gidNumber: 0 adding new entry "cn=root-autobind,cn=config" modify complete replace nsslapd-ldapiautobind: on modifying entry "cn=config" modify complete replace nsslapd-ldapimaptoentries: on modifying entry "cn=config" modify complete 2017-06-12T20:29:42Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [22/44]: configure new location for managed entries 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpONEPbD -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpwBssk0 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout=add nsslapd-pluginConfigArea: cn=Definitions,cn=Managed Entries,cn=etc,dc=home,dc=ld modifying entry "cn=Managed Entries,cn=plugins,cn=config" modify complete 2017-06-12T20:29:42Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [23/44]: configure dirsrv ccache 2017-06-12T20:29:42Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' 2017-06-12T20:29:42Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/usr/sbin/selinuxenabled 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout= 2017-06-12T20:29:42Z DEBUG stderr= 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout= 2017-06-12T20:29:42Z DEBUG stderr= 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [24/44]: enabling SASL mapping fallback 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp_0Hq5j -H ldap://ipa2.home.ld:389 -x -D cn=Directory Manager -y /tmp/tmpHWzkqs 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback: on modifying entry "cn=config" modify complete 2017-06-12T20:29:42Z DEBUG stderr=ldap_initialize( ldap://ipa2.home.ld:389/??base ) 2017-06-12T20:29:42Z DEBUG duration: 0 seconds 2017-06-12T20:29:42Z DEBUG [25/44]: restarting directory server 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/bin/systemctl --system daemon-reload 2017-06-12T20:29:42Z DEBUG Process finished, return code=0 2017-06-12T20:29:42Z DEBUG stdout= 2017-06-12T20:29:42Z DEBUG stderr= 2017-06-12T20:29:42Z DEBUG Starting external process 2017-06-12T20:29:42Z DEBUG args=/bin/systemctl restart dirsrv@HOME-LD.service 2017-06-12T20:29:43Z DEBUG Process finished, return code=0 2017-06-12T20:29:43Z DEBUG stdout= 2017-06-12T20:29:43Z DEBUG stderr= 2017-06-12T20:29:43Z DEBUG Starting external process 2017-06-12T20:29:43Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:43Z DEBUG Process finished, return code=0 2017-06-12T20:29:43Z DEBUG stdout=active 2017-06-12T20:29:43Z DEBUG stderr= 2017-06-12T20:29:43Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-06-12T20:29:43Z DEBUG Starting external process 2017-06-12T20:29:43Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:43Z DEBUG Process finished, return code=0 2017-06-12T20:29:43Z DEBUG stdout=active 2017-06-12T20:29:43Z DEBUG stderr= 2017-06-12T20:29:43Z DEBUG duration: 1 seconds 2017-06-12T20:29:43Z DEBUG [26/44]: creating DS keytab 2017-06-12T20:29:43Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' 2017-06-12T20:29:43Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist 2017-06-12T20:29:43Z DEBUG raw: service_add(u'ldap/ipa2.home...@home.ld', force=True, version=u'2.213') 2017-06-12T20:29:43Z DEBUG service_add(<ipapython.kerberos.Principal object at 0x90f8f90>, force=True, all=False, raw=False, version=u'2.213', no_members=False) 2017-06-12T20:29:43Z DEBUG flushing ldaps://ipa1.home.ld from SchemaCache 2017-06-12T20:29:43Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa1.home.ld conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86b4e60> 2017-06-12T20:29:44Z DEBUG raw: host_show(u'ipa2.home.ld', version=u'2.213') 2017-06-12T20:29:44Z DEBUG host_show(u'ipa2.home.ld', rights=False, all=False, raw=False, version=u'2.213', no_members=False) 2017-06-12T20:29:44Z DEBUG Starting external process 2017-06-12T20:29:44Z DEBUG args=/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p ldap/ipa2.home...@home.ld -s ipa1.home.ld 2017-06-12T20:29:44Z DEBUG Process finished, return code=0 2017-06-12T20:29:44Z DEBUG stdout= 2017-06-12T20:29:44Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/dirsrv/ds.keytab 2017-06-12T20:29:44Z DEBUG duration: 0 seconds 2017-06-12T20:29:44Z DEBUG [27/44]: retrieving DS Certificate 2017-06-12T20:29:44Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-12T20:29:44Z DEBUG Starting external process 2017-06-12T20:29:44Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-HOME-LD/ -L -n HOME.LD IPA CA -a 2017-06-12T20:29:44Z DEBUG Process finished, return code=255 2017-06-12T20:29:44Z DEBUG stdout= 2017-06-12T20:29:44Z DEBUG stderr=certutil: Could not find cert: HOME.LD IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found 2017-06-12T20:29:44Z DEBUG Starting external process 2017-06-12T20:29:44Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-HOME-LD/ -N -f /etc/dirsrv/slapd-HOME-LD//pwdfile.txt 2017-06-12T20:29:44Z DEBUG Process finished, return code=0 2017-06-12T20:29:44Z DEBUG stdout= 2017-06-12T20:29:44Z DEBUG stderr= 2017-06-12T20:29:44Z DEBUG Starting external process 2017-06-12T20:29:44Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-HOME-LD/ -A -n HOME.LD IPA CA -t CT,C,C -a 2017-06-12T20:29:44Z DEBUG Process finished, return code=0 2017-06-12T20:29:44Z DEBUG stdout= 2017-06-12T20:29:44Z DEBUG stderr= 2017-06-12T20:29:44Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1) 2017-06-12T20:29:49Z DEBUG certmonger request is in state dbus.String(u'MONITORING', variant_level=1) 2017-06-12T20:29:49Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-HOME-LD.socket from SchemaCache 2017-06-12T20:29:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-HOME-LD.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x92829e0> 2017-06-12T20:29:50Z DEBUG duration: 5 seconds 2017-06-12T20:29:50Z DEBUG [28/44]: restarting directory server 2017-06-12T20:29:50Z DEBUG Starting external process 2017-06-12T20:29:50Z DEBUG args=/bin/systemctl --system daemon-reload 2017-06-12T20:29:50Z DEBUG Process finished, return code=0 2017-06-12T20:29:50Z DEBUG stdout= 2017-06-12T20:29:50Z DEBUG stderr= 2017-06-12T20:29:50Z DEBUG Starting external process 2017-06-12T20:29:50Z DEBUG args=/bin/systemctl restart dirsrv@HOME-LD.service 2017-06-12T20:29:52Z DEBUG Process finished, return code=0 2017-06-12T20:29:52Z DEBUG stdout= 2017-06-12T20:29:52Z DEBUG stderr= 2017-06-12T20:29:52Z DEBUG Starting external process 2017-06-12T20:29:52Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:52Z DEBUG Process finished, return code=0 2017-06-12T20:29:52Z DEBUG stdout=active 2017-06-12T20:29:52Z DEBUG stderr= 2017-06-12T20:29:52Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-06-12T20:29:52Z DEBUG Starting external process 2017-06-12T20:29:52Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:52Z DEBUG Process finished, return code=0 2017-06-12T20:29:52Z DEBUG stdout=active 2017-06-12T20:29:52Z DEBUG stderr= 2017-06-12T20:29:52Z DEBUG duration: 2 seconds 2017-06-12T20:29:52Z DEBUG [29/44]: setting up initial replication 2017-06-12T20:29:52Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-HOME-LD.socket from SchemaCache 2017-06-12T20:29:52Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-HOME-LD.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86ce518> 2017-06-12T20:29:53Z DEBUG Starting external process 2017-06-12T20:29:53Z DEBUG args=/bin/systemctl --system daemon-reload 2017-06-12T20:29:53Z DEBUG Process finished, return code=0 2017-06-12T20:29:53Z DEBUG stdout= 2017-06-12T20:29:53Z DEBUG stderr= 2017-06-12T20:29:53Z DEBUG Starting external process 2017-06-12T20:29:53Z DEBUG args=/bin/systemctl restart dirsrv@HOME-LD.service 2017-06-12T20:29:56Z DEBUG Process finished, return code=0 2017-06-12T20:29:56Z DEBUG stdout= 2017-06-12T20:29:56Z DEBUG stderr= 2017-06-12T20:29:56Z DEBUG Starting external process 2017-06-12T20:29:56Z DEBUG args=/bin/systemctl is-active dirsrv@HOME-LD.service 2017-06-12T20:29:56Z DEBUG Process finished, return code=0 2017-06-12T20:29:56Z DEBUG stdout=active 2017-06-12T20:29:56Z DEBUG stderr= 2017-06-12T20:29:56Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-06-12T20:29:56Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2017-06-12T20:29:56Z DEBUG flushing ldap://ipa1.home.ld:389 from SchemaCache 2017-06-12T20:29:56Z DEBUG retrieving schema for SchemaCache url=ldap://ipa1.home.ld:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa420c68> 2017-06-12T20:29:56Z DEBUG Successfully updated nsDS5ReplicaId. 2017-06-12T20:29:56Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-HOME-LD.socket from SchemaCache 2017-06-12T20:29:56Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-HOME-LD.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa6547a0> 2017-06-12T20:30:13Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 416, in __setup_replica repl.setup_promote_replication(self.master_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1643, in setup_promote_replication raise RuntimeError("Failed to start replication") RuntimeError: Failed to start replication 2017-06-12T20:30:13Z DEBUG [error] RuntimeError: Failed to start replication 2017-06-12T20:30:13Z DEBUG Destroyed connection context.ldap2_110636944 2017-06-12T20:30:13Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1722, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1423, in promote promote=True, pkcs12_info=dirsrv_pkcs12_info) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 135, in install_replica_ds api=remote_api, File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 401, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 416, in __setup_replica repl.setup_promote_replication(self.master_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1643, in setup_promote_replication raise RuntimeError("Failed to start replication") 2017-06-12T20:30:13Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Failed to start replication 2017-06-12T20:30:13Z ERROR Failed to start replication 2017-06-12T20:30:13Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org