Issue #8175: FreeIPA: Issue during replica install [29/41]: prevent time skew after initial replication - freeipa

freeipa

#8175 FreeIPA: Issue during replica install [29/41]: prevent time skew after initial replication

Closed: wontfix 4 years ago by abbra. Opened 4 years ago by alexadevinta.

Request for enhancement

I need a fix to this problem. Or some help on what may be wrong with what I am doing. Thanks!

Issue

When I try to make Replica during the installation phase action is interrupt in phase [29/41]

[29/41]: prevent time skew after initial replication
ipaserver.install.service: CRITICAL Failed to load replica-prevent-time-skew.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpejRVaN -H ldapi://%2Fvar%2Frun%2Fslapd-SUBITOHQ-IT.socket -Y EXTERNAL' returned non-zero exit status 50
[error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpejRVaN -H ldapi://%2Fvar%2Frun%2Fslapd-SUBITOHQ-IT.socket -Y EXTERNAL' returned non-zero exit status 50
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Steps to Reproduce

when i try to make command ipa-replica-install begin the process, but crashes in the middle. I have accumulated all the information together.

IPA VERSION - VERSION: 4.6.5, API_VERSION: 2.231 - BOTH
MASTER SRV - CentosCentOS Linux release 7.7.1908 (Core)
REPLICA SRV - CentOS Linux release 7.7.1908 (Core)

Actual behavior

Fails on replica installation

Expected behavior

Successful replica installation

Version/Release/Distribution

ON MASTER:

ipa-server-4.6.5-11.el7.centos.3.x86_64
ipa-client-4.6.5-11.el7.centos.3.x86_64
389-ds-base-1.3.9.1-10.el7.x86_64
pki-ca-10.5.16-5.el7_7.noarch
krb5-server-1.15.1-37.el7_7.2.x86_64

ON SRV REPLICA:

ipa-server-4.6.5-11.el7.centos.3.x86_64
ipa-client-4.6.5-11.el7.centos.3.x86_64
389-ds-base-1.3.9.1-12.el7_7.x86_64
pki-ca-10.5.16-5.el7_7.noarch
krb5-server-1.15.1-37.el7_7.2.x86_64

Additional info:

PREPARE REPLICA SERVER TO CONNECT AND INSTALL TO MASTER SRV

[root@ipa-replica ~]# yum install -y freeipa-server
...........
Installed:
ipa-server.x86_64 0:4.6.5-11.el7.centos.3
ipa-client-install --domain=XXXX.it --realm=XXXX.IT --server=ipa.XXXX.it
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
Client hostname: ipa-replica.XXXX.it
Realm: XXXX.IT
DNS Domain: XXXX.it
IPA Server: ipa.XXXX.it
BaseDN: dc=XXXX,dc=it

Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Attempting to sync time using ntpd. Will timeout after 15 seconds
User authorized to enroll computers: admin
Password for admin@XXXX.IT:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=XXXX.IT
Issuer: CN=Certificate Authority,O=XXXX.IT
Valid From: 2019-11-06 15:37:52
Valid Until: 2039-11-06 15:37:52

Enrolled in IPA realm XXXX.IT
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm XXXX.IT
trying https://ipa.XXXX.it/ipa/json

trying https://ipa.XXXX.it/ipa/session/json

Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub

SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring XXXX.it as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
[root@ipa-replica ~]# ipa hostgroup-find
ipa: ERROR: did not receive Kerberos credentials
[root@ipa-replica ~]# kinit admin
Password for admin@XXXX.IT:
[root@ipa-replica ~]# ipa hostgroup-find

1 hostgroup matched

Host-group: ipaservers
Description: IPA server hosts

Number of entries returned 1

[root@ipa-replica ~]# ipa host-find

2 hosts matched

Host name: ipa-replica.XXXX.it
Principal name: host/ipa-replica.XXXX.it@XXXX.IT
Principal alias: host/ipa-replica.XXXX.it@XXXX.IT
SSH public key fingerprint: SHA256:tWDXd+O9oSK093tsRjOsRsEIzLNhcOgV3BQa4AbNYUw (ssh-rsa), SHA256:gOey5xX34MZfA2/z/6C/gs7AYwywo/M+FoqanI+09sc (ecdsa-sha2-nistp256), SHA256:eJAql0eAMk0K94VWpAL+5Wz5UBRBiSMDibK9w2FIlKc (ssh-ed25519)

Host name: ipa.XXXX.it
Principal name: host/ipa.XXXX.it@XXXX.IT
Principal alias: host/ipa.XXXX.it@XXXX.IT
SSH public key fingerprint: SHA256:Y1qGK6mRlvvuVHTq0bupf8AOT35k8di7gRzi58/BOl8 (ssh-rsa), SHA256:mAYlfPzGc8Krs78gPb99VF2/zi/IkUIQFG8sZdZLcl8 (ecdsa-sha2-nistp256), SHA256:rKzJs6KhhjhnqNNT0E6dBfMZHO+zFBLoUiRaNvhvxqY (ssh-ed25519)

Number of entries returned 2

[root@ipa-replica ~]# ipa-replica-install
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
[1/41]: creating directory server instance
[2/41]: enabling ldapi
[3/41]: configure autobind for root
[4/41]: stopping directory server
[5/41]: updating configuration in dse.ldif
[6/41]: starting directory server
[7/41]: adding default schema
[8/41]: enabling memberof plugin
[9/41]: enabling winsync plugin
[10/41]: configuring replication version plugin
[11/41]: enabling IPA enrollment plugin
[12/41]: configuring uniqueness plugin
[13/41]: configuring uuid plugin
[14/41]: configuring modrdn plugin
[15/41]: configuring DNS plugin
[16/41]: enabling entryUSN plugin
[17/41]: configuring lockout plugin
[18/41]: configuring topology plugin
[19/41]: creating indices
[20/41]: enabling referential integrity plugin
[21/41]: configuring certmap.conf
[22/41]: configure new location for managed entries
[23/41]: configure dirsrv ccache
[24/41]: enabling SASL mapping fallback
[25/41]: restarting directory server
[26/41]: creating DS keytab
[27/41]: ignore time skew for initial replication
[28/41]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 3 seconds elapsed
Update succeeded

[29/41]: prevent time skew after initial replication
ipaserver.install.service: CRITICAL Failed to load replica-prevent-time-skew.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-XXXX-IT.socket -Y EXTERNAL' returned non-zero exit status 50
[error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-XXXX-IT.socket -Y EXTERNAL' returned non-zero exit status 50
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipapython.admintool: ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-XXXX-IT.socket -Y EXTERNAL' returned non-zero exit status 50
ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

LOG IN /var/log/ipareplica-install.log

2020-01-16T09:18:19Z DEBUG Logging to /var/log/ipareplica-install.log
2020-01-16T09:18:19Z DEBUG ipa-replica-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'skip_schema_check': False, 'no_ntp': False, 'hidden_replica': False, 'ip_addresses': None, 'secondary_rid_base': None, 'netbios_name': None, 'mkhomedir': False, 'http_cert_files': None, 'no_pkinit': False, 'principal': None, 'no_forwarders': False, 'add_sids': False, 'keytab': None, 'ssh_trust_dns': False, 'no_msdcs': False, 'setup_kra': False, 'domain_name': None, 'setup_adtrust': False, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': False, 'no_reverse': False, 'pkinit_cert_files': None, 'unattended': False, 'skip_conncheck': False, 'auto_reverse': False, 'auto_forwarders': False, 'no_host_dns': False, 'dirsrv_cert_name': None, 'no_ui_redirect': False, 'dirsrv_config_file': None, 'forwarders': None, 'verbose': False, 'setup_ca': False, 'servers': None, 'pkinit_cert_name': None, 'no_ssh': False, 'enable_compat': False, 'add_agents': False, 'realm_name': None, 'force_join': False, 'no_sshd': False, 'forward_policy': None, 'rid_base': None, 'quiet': False, 'setup_dns': False, 'host_name': None, 'log_file': None, 'reverse_zones': None, 'allow_zone_overlap': False}
2020-01-16T09:18:19Z DEBUG IPA version 4.6.5-11.el7.centos.3
2020-01-16T09:18:19Z DEBUG Searching for an interface of IP address: ::1
2020-01-16T09:18:19Z DEBUG Testing local IP address: ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (interface: lo)
2020-01-16T09:18:19Z DEBUG Starting external process
2020-01-16T09:18:19Z DEBUG args=/usr/sbin/selinuxenabled
2020-01-16T09:18:19Z DEBUG Process finished, return code=0
2020-01-16T09:18:19Z DEBUG stdout=
2020-01-16T09:18:19Z DEBUG stderr=
2020-01-16T09:18:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:19Z DEBUG httpd is not configured
2020-01-16T09:18:19Z DEBUG kadmin is not configured
2020-01-16T09:18:19Z DEBUG dirsrv is not configured
2020-01-16T09:18:19Z DEBUG pki-tomcatd is not configured
2020-01-16T09:18:19Z DEBUG install is not configured
2020-01-16T09:18:19Z DEBUG krb5kdc is not configured
2020-01-16T09:18:19Z DEBUG ntpd is not configured
2020-01-16T09:18:19Z DEBUG named is not configured
2020-01-16T09:18:19Z DEBUG filestore is tracking no files
2020-01-16T09:18:19Z DEBUG Starting external process
2020-01-16T09:18:19Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2020-01-16T09:18:19Z DEBUG Process finished, return code=0
2020-01-16T09:18:19Z DEBUG stdout=VirtualHost configuration:
*:8443 ipa-replica.xxx.it (/etc/httpd/conf.d/nss.conf:81)

2020-01-16T09:18:19Z DEBUG stderr=
2020-01-16T09:18:19Z DEBUG Starting external process
2020-01-16T09:18:19Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2020-01-16T09:18:19Z DEBUG Process finished, return code=1
2020-01-16T09:18:19Z DEBUG stdout=disabled

2020-01-16T09:18:19Z DEBUG stderr=
2020-01-16T09:18:19Z DEBUG Starting external process
2020-01-16T09:18:19Z DEBUG args=/bin/systemctl is-active chronyd.service
2020-01-16T09:18:19Z DEBUG Process finished, return code=3
2020-01-16T09:18:19Z DEBUG stdout=unknown

2020-01-16T09:18:19Z DEBUG stderr=
2020-01-16T09:18:19Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2020-01-16T09:18:19Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:19Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:19Z DEBUG importing all plugin modules in ipaserver.plugins...
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.aci
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.automember
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.automount
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.baseldap
2020-01-16T09:18:19Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.baseuser
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.batch
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.ca
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.caacl
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.cert
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.certmap
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.certprofile
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.config
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.delegation
2020-01-16T09:18:19Z DEBUG importing plugin module ipaserver.plugins.dns
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.dogtag
2020-01-16T09:18:20Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.group
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbac
2020-01-16T09:18:20Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hbactest
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.host
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.idrange
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.idviews
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.internal
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.join
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.ldap2
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.location
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.migration
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.misc
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.netgroup
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.otp
2020-01-16T09:18:20Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.otptoken
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.passwd
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.permission
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.ping
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.pkinit
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.privilege
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.rabase
2020-01-16T09:18:20Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.role
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.schema
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.selfservice
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.server
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.serverrole
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.serverroles
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.service
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.session
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.stageuser
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudo
2020-01-16T09:18:20Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.sudorule
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.topology
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.trust
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.user
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.vault
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.virtual
2020-01-16T09:18:20Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.whoami
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2020-01-16T09:18:20Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.dns
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2020-01-16T09:18:20Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2020-01-16T09:18:21Z DEBUG Check if ipa-replica.xxx.it is a primary hostname for localhost
2020-01-16T09:18:21Z DEBUG Primary hostname for localhost: ipa-replica.xxx.it
2020-01-16T09:18:21Z DEBUG Search DNS for ipa-replica.xxx.it
2020-01-16T09:18:21Z DEBUG Check if ipa-replica.xxx.it is not a CNAME
2020-01-16T09:18:21Z DEBUG Check reverse address of 10.56.7.4
2020-01-16T09:18:21Z DEBUG Found reverse name: ipa-replica.xxx.it
2020-01-16T09:18:21Z DEBUG Check if ipa.xxx.it is a primary hostname for localhost
2020-01-16T09:18:21Z DEBUG Primary hostname for localhost: ipa.xxx.it
2020-01-16T09:18:21Z DEBUG Search DNS for ipa.xxx.it
2020-01-16T09:18:21Z DEBUG Check if ipa.xxx.it is not a CNAME
2020-01-16T09:18:21Z DEBUG Check reverse address of 10.56.7.5
2020-01-16T09:18:21Z DEBUG Found reverse name: ipa.xxx.it
2020-01-16T09:18:21Z DEBUG Initializing principal host/ipa-replica.xxx.it@xxx.IT using keytab /etc/krb5.keytab
2020-01-16T09:18:21Z DEBUG using ccache /tmp/krbcct6yRkx/ccache
2020-01-16T09:18:21Z DEBUG Attempt 1/1: success
2020-01-16T09:18:21Z DEBUG importing all plugin modules in ipaserver.plugins...
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.aci
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.automember
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.automount
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.baseldap
2020-01-16T09:18:21Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.baseuser
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.batch
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.ca
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.caacl
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.cert
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.certmap
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.certprofile
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.config
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.delegation
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.dns
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.dogtag
2020-01-16T09:18:21Z DEBUG skipping plugin module ipaserver.plugins.dogtag: dogtag not selected as RA plugin
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.group
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbac
2020-01-16T09:18:21Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hbactest
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.host
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.idrange
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.idviews
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.internal
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.join
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.ldap2
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.location
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.migration
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.misc
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.netgroup
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.otp
2020-01-16T09:18:21Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.otptoken
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.passwd
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.permission
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.ping
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.pkinit
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.privilege
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.rabase
2020-01-16T09:18:21Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.realmdomains
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.role
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.schema
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.selfservice
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.server
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.serverrole
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.serverroles
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.service
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.session
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.stageuser
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudo
2020-01-16T09:18:21Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.sudorule
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.topology
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.trust
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.user
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.vault
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.virtual
2020-01-16T09:18:21Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.whoami
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2020-01-16T09:18:21Z DEBUG importing all plugin modules in ipaserver.install.plugins...
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.dns
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_dna_shared_config
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ldap_server_list
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_ra_cert_store
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_services
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
2020-01-16T09:18:21Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
2020-01-16T09:18:22Z DEBUG failed to find session_cookie in persistent storage for principal 'host/ipa-replica.xxx.it@xxx.IT'
2020-01-16T09:18:22Z INFO trying https://ipa.xxx.it/ipa/json
2020-01-16T09:18:22Z DEBUG Created connection context.jsonclient_139649412854032
2020-01-16T09:18:22Z INFO try 1: Forwarding 'env' to json server 'https://ipa.xxx.it/ipa/json'
2020-01-16T09:18:22Z DEBUG New HTTP connection (ipa.xxx.it)
2020-01-16T09:18:22Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=BTSz0XyuEzRd7xkZM4kysKsWOkZOaERqJhzYjuyfBlhAqc4DteVEm3KNfgUdir%2fscHchNLakzdUFih4V34FJ2%2fG%2b9G7BPvtx5rynH06HfBxHzCA6FiApqL0vXTNSR9aD5QDxDKY8SJgSLvUU83NuUpvMjx7W1WdespWCUaaNr2X%2fXDnu2d2vgHXfG5KootdJ6B4CO2SyE3dpI4uVQjK2bKeJ37P6LvB%2b3g3yljV9deZ8ny4c3NaC5kpDZDDbuf6EAfNin0F%2f6rpQyNN5RaSnuA%3d%3d;path=/ipa;httponly;secure;']'
2020-01-16T09:18:22Z DEBUG storing cookie 'ipa_session=MagBearerToken=BTSz0XyuEzRd7xkZM4kysKsWOkZOaERqJhzYjuyfBlhAqc4DteVEm3KNfgUdir%2fscHchNLakzdUFih4V34FJ2%2fG%2b9G7BPvtx5rynH06HfBxHzCA6FiApqL0vXTNSR9aD5QDxDKY8SJgSLvUU83NuUpvMjx7W1WdespWCUaaNr2X%2fXDnu2d2vgHXfG5KootdJ6B4CO2SyE3dpI4uVQjK2bKeJ37P6LvB%2b3g3yljV9deZ8ny4c3NaC5kpDZDDbuf6EAfNin0F%2f6rpQyNN5RaSnuA%3d%3d;' for principal host/ipa-replica.xxx.it@xxx.IT
2020-01-16T09:18:22Z INFO try 1: Forwarding 'env' to json server 'https://ipa.xxx.it/ipa/json'
2020-01-16T09:18:22Z DEBUG HTTP connection keep-alive (ipa.xxx.it)
2020-01-16T09:18:22Z DEBUG received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=Xa4DQXyDf2N%2bN02BRKniv2vPEEvy7HBccDQrtIFssIJ4mk8X1HUu1ewDHL6Ad8JXSoPTmnrxhRhUsViUQ7jOjcK3tUYk8PWoKNYuYnG6oRo1ZDEJKJUKMty2hP1QvNcpvunxaO6uqNFXny2qh9dUUpU9JvDd2N3dnaJQnLQ0poV3X%2fhdgWAlTWsXHrOSujY58qQD4FRQpFS6mJDETXGrnY8hCd7X7wf7o0OnLQuVBD6IYTc6g62S5B86zaS4S65U%2bWv8ugmg2v6pbCOMWhHnug%3d%3d;path=/ipa;httponly;secure;']'
2020-01-16T09:18:22Z DEBUG storing cookie 'ipa_session=MagBearerToken=Xa4DQXyDf2N%2bN02BRKniv2vPEEvy7HBccDQrtIFssIJ4mk8X1HUu1ewDHL6Ad8JXSoPTmnrxhRhUsViUQ7jOjcK3tUYk8PWoKNYuYnG6oRo1ZDEJKJUKMty2hP1QvNcpvunxaO6uqNFXny2qh9dUUpU9JvDd2N3dnaJQnLQ0poV3X%2fhdgWAlTWsXHrOSujY58qQD4FRQpFS6mJDETXGrnY8hCd7X7wf7o0OnLQuVBD6IYTc6g62S5B86zaS4S65U%2bWv8ugmg2v6pbCOMWhHnug%3d%3d;' for principal host/ipa-replica.xxx.it@xxx.IT
2020-01-16T09:18:22Z DEBUG Destroyed connection context.jsonclient_139649412854032
2020-01-16T09:18:22Z DEBUG Created connection context.ldap2_139649422986192
2020-01-16T09:18:22Z DEBUG flushing ldaps://ipa.xxx.it from SchemaCache
2020-01-16T09:18:22Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa.xxx.it conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02a9a4b5f0>
2020-01-16T09:18:23Z DEBUG raw: domainlevel_get(version=u'2.231')
2020-01-16T09:18:23Z DEBUG domainlevel_get(version=u'2.231')
2020-01-16T09:18:23Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers', version=u'2.231', host=[u'ipa-replica.xxx.it'])
2020-01-16T09:18:23Z DEBUG hostgroup_find(None, cn=u'ipaservers', all=False, raw=False, version=u'2.231', no_members=True, pkey_only=False, host=(u'ipa-replica.xxx.it',))
2020-01-16T09:18:23Z WARNING Lookup failed: Preferred host ipa-replica.xxx.it does not provide DNS.
2020-01-16T09:18:23Z DEBUG Check forward/reverse DNS resolution
2020-01-16T09:18:23Z DEBUG Search DNS server ipa.xxx.it (['10.56.7.5', '10.56.7.5', '10.56.7.5']) for ipa.xxx.it
2020-01-16T09:18:23Z DEBUG Check reverse address 10.56.7.5 (ipa.xxx.it)
2020-01-16T09:18:23Z DEBUG Address 10.56.7.5 resolves to: ipa.xxx.it..
2020-01-16T09:18:23Z DEBUG Search DNS server ipa.xxx.it (['10.56.7.5', '10.56.7.5', '10.56.7.5']) for ipa-replica.xxx.it
2020-01-16T09:18:23Z DEBUG Check reverse address 10.56.7.4 (ipa-replica.xxx.it)
2020-01-16T09:18:23Z DEBUG Address 10.56.7.4 resolves to: ipa-replica.xxx.it..
2020-01-16T09:18:23Z DEBUG Name ipa-replica.xxx.it resolved to set([UnsafeIPAddress('10.56.7.4')])
2020-01-16T09:18:23Z DEBUG Searching for an interface of IP address: 10.56.7.4
2020-01-16T09:18:23Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2020-01-16T09:18:23Z DEBUG Testing local IP address: 10.56.7.4/255.255.255.0 (interface: ens192)
2020-01-16T09:18:23Z DEBUG Destroyed connection context.ldap2_139649422986192
2020-01-16T09:18:23Z DEBUG Starting external process
2020-01-16T09:18:23Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master ipa.xxx.it --auto-master-check --realm xxx.IT --hostname ipa-replica.xxx.it --ca-cert-file /etc/ipa/ca.crt
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=Check connection from replica to remote master 'ipa.xxx.it':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK

The following list of ports use UDP protocoland would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
trying https://ipa.xxx.it/ipa/session/json

Execute check on remote master

Check connection from master to remote replica 'ipa-replica.xxx.it':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK

Connection from master to replica is OK.

2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl start messagebus.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active messagebus.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=active

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Start of messagebus.service complete
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl restart certmonger.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active certmonger.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=active

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Restart of certmonger.service complete
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl enable certmonger.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.

2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=1
2020-01-16T09:18:26Z DEBUG stdout=disabled

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active chronyd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=3
2020-01-16T09:18:26Z DEBUG stdout=unknown

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:26Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:26Z DEBUG Configuring NTP daemon (ntpd)
2020-01-16T09:18:26Z DEBUG [1/4]: stopping ntpd
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active ntpd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=active

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl stop ntpd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Stop of ntpd.service complete
2020-01-16T09:18:26Z DEBUG duration: 0 seconds
2020-01-16T09:18:26Z DEBUG [2/4]: writing configuration
2020-01-16T09:18:26Z DEBUG Backing up system configuration file '/etc/ntp.conf'
2020-01-16T09:18:26Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:26Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2020-01-16T09:18:26Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:26Z DEBUG duration: 0 seconds
2020-01-16T09:18:26Z DEBUG [3/4]: configuring ntpd to start on boot
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-enabled ntpd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=enabled

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl enable ntpd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG duration: 0 seconds
2020-01-16T09:18:26Z DEBUG [4/4]: starting ntpd
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl start ntpd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=
2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Starting external process
2020-01-16T09:18:26Z DEBUG args=/bin/systemctl is-active ntpd.service
2020-01-16T09:18:26Z DEBUG Process finished, return code=0
2020-01-16T09:18:26Z DEBUG stdout=active

2020-01-16T09:18:26Z DEBUG stderr=
2020-01-16T09:18:26Z DEBUG Start of ntpd.service complete
2020-01-16T09:18:26Z DEBUG duration: 0 seconds
2020-01-16T09:18:26Z DEBUG Done configuring NTP daemon (ntpd).
2020-01-16T09:18:26Z DEBUG Created connection context.ldap2_139649422986192
2020-01-16T09:18:26Z DEBUG flushing ldaps://ipa.xxx.it from SchemaCache
2020-01-16T09:18:26Z DEBUG retrieving schema for SchemaCache url=ldaps://ipa.xxx.it conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02ae7ed050>
2020-01-16T09:18:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:27Z DEBUG Configuring directory server (dirsrv). Estimated time: 30 seconds
2020-01-16T09:18:27Z DEBUG [1/41]: creating directory server instance
2020-01-16T09:18:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:27Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2020-01-16T09:18:27Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2020-01-16T09:18:27Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:27Z DEBUG
dn: dc=xxx,dc=it
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: xxx
info: IPA V2.0

2020-01-16T09:18:27Z DEBUG writing inf template
2020-01-16T09:18:27Z DEBUG
[General]
FullMachineName= ipa-replica.xxx.it
SuiteSpotUserID= dirsrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib64/dirsrv
[slapd]
ServerPort= 389
ServerIdentifier= xxx-IT
Suffix= dc=xxx,dc=it
RootDN= cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir= /var/lib/dirsrv/scripts-xxx-IT

2020-01-16T09:18:27Z DEBUG calling setup-ds.pl
2020-01-16T09:18:27Z DEBUG Starting external process
2020-01-16T09:18:27Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpj4p7qw
2020-01-16T09:18:33Z DEBUG Process finished, return code=0
2020-01-16T09:18:33Z DEBUG stdout=[20/01/16:10:18:33] - [Setup] Info Your new DS instance 'xxx-IT' was successfully created.
Your new DS instance 'xxx-IT' was successfully created.
[20/01/16:10:18:33] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'

2020-01-16T09:18:33Z DEBUG stderr=
2020-01-16T09:18:33Z DEBUG completed creating DS instance
2020-01-16T09:18:33Z DEBUG duration: 6 seconds
2020-01-16T09:18:33Z DEBUG [2/41]: enabling ldapi
2020-01-16T09:18:33Z DEBUG Starting external process
2020-01-16T09:18:33Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpK5bh89 -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmpCM49ie
2020-01-16T09:18:34Z DEBUG Process finished, return code=0
2020-01-16T09:18:34Z DEBUG stdout=replace nsslapd-ldapilisten:
on
modifying entry "cn=config"
modify complete

2020-01-16T09:18:34Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2020-01-16T09:18:34Z DEBUG duration: 0 seconds
2020-01-16T09:18:34Z DEBUG [3/41]: configure autobind for root
2020-01-16T09:18:34Z DEBUG Starting external process
2020-01-16T09:18:34Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://localhost -x -D cn=Directory Manager -y /tmp/tmp_nkFxO
2020-01-16T09:18:34Z DEBUG Process finished, return code=0
2020-01-16T09:18:34Z DEBUG stdout=add objectClass:
extensibleObject
top
add cn:
root-autobind
add uidNumber:
0
add gidNumber:
0
adding new entry "cn=root-autobind,cn=config"
modify complete

replace nsslapd-ldapiautobind:
on
modifying entry "cn=config"
modify complete

replace nsslapd-ldapimaptoentries:
on
modifying entry "cn=config"
modify complete

2020-01-16T09:18:34Z DEBUG stderr=ldap_initialize( ldap://localhost:389/??base )

2020-01-16T09:18:34Z DEBUG duration: 0 seconds
2020-01-16T09:18:34Z DEBUG [4/41]: stopping directory server
2020-01-16T09:18:34Z DEBUG Starting external process
2020-01-16T09:18:34Z DEBUG args=/bin/systemctl stop dirsrv@xxx-IT.service
2020-01-16T09:18:36Z DEBUG Process finished, return code=0
2020-01-16T09:18:36Z DEBUG stdout=
2020-01-16T09:18:36Z DEBUG stderr=
2020-01-16T09:18:36Z DEBUG Stop of dirsrv@xxx-IT.service complete
2020-01-16T09:18:36Z DEBUG duration: 2 seconds
2020-01-16T09:18:36Z DEBUG [5/41]: updating configuration in dse.ldif
2020-01-16T09:18:36Z DEBUG Starting external process
2020-01-16T09:18:36Z DEBUG args=/usr/sbin/selinuxenabled
2020-01-16T09:18:36Z DEBUG Process finished, return code=0
2020-01-16T09:18:36Z DEBUG stdout=
2020-01-16T09:18:36Z DEBUG stderr=
2020-01-16T09:18:36Z DEBUG Starting external process
2020-01-16T09:18:36Z DEBUG args=/sbin/restorecon /etc/dirsrv/slapd-xxx-IT/dse.ldif
2020-01-16T09:18:36Z DEBUG Process finished, return code=0
2020-01-16T09:18:36Z DEBUG stdout=
2020-01-16T09:18:36Z DEBUG stderr=
2020-01-16T09:18:36Z DEBUG duration: 0 seconds
2020-01-16T09:18:36Z DEBUG [6/41]: starting directory server
2020-01-16T09:18:36Z DEBUG Starting external process
2020-01-16T09:18:36Z DEBUG args=/bin/systemctl start dirsrv@xxx-IT.service
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=
2020-01-16T09:18:41Z DEBUG stderr=
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/bin/systemctl is-active dirsrv@xxx-IT.service
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=active

2020-01-16T09:18:41Z DEBUG stderr=
2020-01-16T09:18:41Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2020-01-16T09:18:41Z DEBUG waiting for port: 389
2020-01-16T09:18:41Z DEBUG SUCCESS: port: 389
2020-01-16T09:18:41Z DEBUG Start of dirsrv@xxx-IT.service complete
2020-01-16T09:18:41Z DEBUG Created connection context.ldap2_139649442352464
2020-01-16T09:18:41Z DEBUG duration: 5 seconds
2020-01-16T09:18:41Z DEBUG [7/41]: adding default schema
2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [8/41]: enabling memberof plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=replace nsslapd-pluginenabled:
on
add memberofgroupattr:
memberUser
add memberofgroupattr:
memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [9/41]: enabling winsync plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa-winsync
add nsslapd-pluginpath:
libipa_winsync
add nsslapd-plugininitfunc:
ipa_winsync_plugin_init
add nsslapd-pluginDescription:
Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
ipa-winsync
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-plugin-depends-on-type:
database
add ipaWinSyncRealmFilter:
(objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
cn
add ipaWinSyncNewEntryFilter:
(cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
ipauserobjectclasses
add ipaWinSyncUserFlatten:
true
add ipaWinsyncHomeDirAttr:
ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
(gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
both
add ipaWinSyncForceSync:
true
add ipaWinSyncUserAttr:
uidNumber -1
gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [10/41]: configuring replication version plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Version Replication
add nsslapd-pluginpath:
libipa_repl_version
add nsslapd-plugininitfunc:
repl_version_plugin_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
off
add nsslapd-pluginid:
ipa_repl_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-plugin-depends-on-named:
Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [11/41]: enabling IPA enrollment plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpBK05zN -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipa_enrollment_extop
add nsslapd-pluginpath:
libipa_enrollment_extop
add nsslapd-plugininitfunc:
ipaenrollment_init
add nsslapd-plugintype:
extendedop
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_enrollment_extop
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
RedHat
add nsslapd-plugindescription:
Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
database
add nsslapd-realmTree:
dc=xxx,dc=it
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [12/41]: configuring uniqueness plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmph01dBB -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbPrincipalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbPrincipalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=xxx,dc=it
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=xxx,dc=it
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
krbCanonicalName uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
krbCanonicalName
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=xxx,dc=it
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=xxx,dc=it
add uniqueness-across-all-subtrees:
on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
netgroup uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=ng,cn=alt,dc=xxx,dc=it
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
ipaUniqueID uniqueness
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
ipaUniqueID
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
add nsslapd-pluginDescription:
Enforce unique attribute values
add uniqueness-subtrees:
dc=xxx,dc=it
add uniqueness-exclude-subtrees:
cn=staged users,cn=accounts,cn=provisioning,dc=xxx,dc=it
add uniqueness-across-all-subtrees:
on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
sudorule name uniqueness
add nsslapd-pluginDescription:
Enforce unique attribute values
add nsslapd-pluginPath:
libattr-unique-plugin
add nsslapd-pluginInitfunc:
NSUniqueAttr_Init
add nsslapd-pluginType:
preoperation
add nsslapd-pluginEnabled:
on
add uniqueness-attribute-name:
cn
add uniqueness-subtrees:
cn=sudorules,cn=sudo,dc=xxx,dc=it
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginId:
NSUniqueAttr
add nsslapd-pluginVersion:
1.1.0
add nsslapd-pluginVendor:
Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [13/41]: configuring uuid plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA UUID
add nsslapd-pluginpath:
libipa_uuid
add nsslapd-plugininitfunc:
ipauuid_init
add nsslapd-plugintype:
preoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipauuid_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA UUID plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpkRGGwo -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
IPA Unique IDs
add ipaUuidAttr:
ipaUniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
dc=xxx,dc=it
add ipaUuidEnforce:
TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

add objectclass:
top
extensibleObject
add cn:
IPK11 Unique IDs
add ipaUuidAttr:
ipk11UniqueID
add ipaUuidMagicRegen:
autogenerate
add ipaUuidFilter:
(objectclass=ipk11Object)
add ipaUuidScope:
dc=xxx,dc=it
add ipaUuidEnforce:
FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [14/41]: configuring modrdn plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA MODRDN
add nsslapd-pluginpath:
libipa_modrdn
add nsslapd-plugininitfunc:
ipamodrdn_init
add nsslapd-plugintype:
betxnpostoperation
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipamodrdn_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
database
add nsslapd-pluginPrecedence:
60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpM1bgin -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
extensibleObject
add cn:
Kerberos Principal Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbPrincipalName
add ipaModRDNsuffix:
@xxx.IT
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=xxx,dc=it
adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

add objectclass:
top
extensibleObject
add cn:
Kerberos Canonical Name
add ipaModRDNsourceAttr:
uid
add ipaModRDNtargetAttr:
krbCanonicalName
add ipaModRDNsuffix:
@xxx.IT
add ipaModRDNfilter:
(&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
dc=xxx,dc=it
adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [15/41]: configuring DNS plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsslapdPlugin
extensibleObject
add cn:
IPA DNS
add nsslapd-plugindescription:
IPA DNS support plugin
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipa_dns
add nsslapd-plugininitfunc:
ipadns_init
add nsslapd-pluginpath:
libipa_dns.so
add nsslapd-plugintype:
preoperation
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-pluginversion:
1.0
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [16/41]: enabling entryUSN plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=replace nsslapd-entryusn-global:
on
modifying entry "cn=config"
modify complete

replace nsslapd-entryusn-import-initval:
next
modifying entry "cn=config"
modify complete

replace nsslapd-pluginenabled:
on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [17/41]: configuring lockout plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectclass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Lockout
add nsslapd-pluginpath:
libipa_lockout
add nsslapd-plugininitfunc:
ipalockout_init
add nsslapd-plugintype:
object
add nsslapd-pluginenabled:
on
add nsslapd-pluginid:
ipalockout_version
add nsslapd-pluginversion:
1.0
add nsslapd-pluginvendor:
Red Hat, Inc.
add nsslapd-plugindescription:
IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [18/41]: configuring topology plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcZDJf8 -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectClass:
top
nsSlapdPlugin
extensibleObject
add cn:
IPA Topology Configuration
add nsslapd-pluginPath:
libtopology
add nsslapd-pluginInitfunc:
ipa_topo_init
add nsslapd-pluginType:
object
add nsslapd-pluginEnabled:
on
add nsslapd-topo-plugin-shared-config-base:
cn=ipa,cn=etc,dc=xxx,dc=it
add nsslapd-topo-plugin-shared-replica-root:
dc=xxx,dc=it
o=ipaca
add nsslapd-topo-plugin-shared-binddngroup:
cn=replication managers,cn=sysaccounts,cn=etc,dc=xxx,dc=it
add nsslapd-topo-plugin-startup-delay:
20
add nsslapd-pluginId:
none
add nsslapd-plugin-depends-on-named:
ldbm database
Multimaster Replication Plugin
add nsslapd-pluginVersion:
1.0
add nsslapd-pluginVendor:
none
add nsslapd-pluginDescription:
none
adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [19/41]: creating indices
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=add objectClass:
top
nsIndex
add cn:
krbPrincipalName
add nsSystemIndex:
false
add nsIndexType:
eq
sub
add nsMatchingRule:
caseIgnoreIA5Match
caseExactIA5Match
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
ou
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
carLicense
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
title
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
manager
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
secretary
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
displayname
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add nsIndexType:
sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
uidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add objectClass:
top
nsIndex
add cn:
gidnumber
add nsSystemIndex:
false
add nsIndexType:
eq
add nsMatchingRule:
integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
eq
pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
eq
pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add ObjectClass:
top
nsIndex
add cn:
fqdn
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add ObjectClass:
top
nsIndex
add cn:
macAddress
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberHost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberUser
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
sourcehost
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberservice
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
managedby
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberallowcmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
memberdenycmd
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipasudorunas
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipasudorunasgroup
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
automountkey
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
automountMapName
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=automountMapName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaConfigString
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipaConfigString,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaEnabledFlag
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipaEnabledFlag,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaKrbAuthzData
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=ipaKrbAuthzData,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipakrbprincipalalias
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipauniqueid
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaMemberCa
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipaMemberCertProfile
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
userCertificate
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipalocation
add ObjectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
pres
adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
krbCanonicalName
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
serverhostname
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
sub
adding new entry "cn=serverhostname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
description
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
l
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=l,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
nsOsVersion
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsOsVersion,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
nsHardwarePlatform
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsHardwarePlatform,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
nsHostLocation
add objectClass:
top
nsindex
add nssystemindex:
false
add nsindextype:
eq
sub
adding new entry "cn=nsHostLocation,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
ipServicePort
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=ipServicePort,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
accessRuleType
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=accessRuleType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
hostCategory
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=hostCategory,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

add cn:
idnsName
add objectClass:
top
nsIndex
add nsSystemIndex:
false
add nsIndexType:
eq
adding new entry "cn=idnsName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [20/41]: enabling referential integrity plugin
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:41Z DEBUG Process finished, return code=0
2020-01-16T09:18:41Z DEBUG stdout=replace nsslapd-pluginenabled:
on
modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [21/41]: configuring certmap.conf
2020-01-16T09:18:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2020-01-16T09:18:41Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2020-01-16T09:18:41Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
2020-01-16T09:18:41Z DEBUG duration: 0 seconds
2020-01-16T09:18:41Z DEBUG [22/41]: configure new location for managed entries
2020-01-16T09:18:41Z DEBUG Starting external process
2020-01-16T09:18:41Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpyYQZIt -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:42Z DEBUG Process finished, return code=0
2020-01-16T09:18:42Z DEBUG stdout=add nsslapd-pluginConfigArea:
cn=Definitions,cn=Managed Entries,cn=etc,dc=xxx,dc=it
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete

2020-01-16T09:18:42Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2020-01-16T09:18:42Z DEBUG duration: 0 seconds
2020-01-16T09:18:42Z DEBUG [23/41]: configure dirsrv ccache
2020-01-16T09:18:42Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
2020-01-16T09:18:42Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:18:42Z DEBUG Starting external process
2020-01-16T09:18:42Z DEBUG args=/usr/sbin/selinuxenabled
2020-01-16T09:18:42Z DEBUG Process finished, return code=0
2020-01-16T09:18:42Z DEBUG stdout=
2020-01-16T09:18:42Z DEBUG stderr=
2020-01-16T09:18:42Z DEBUG Starting external process
2020-01-16T09:18:42Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
2020-01-16T09:18:42Z DEBUG Process finished, return code=0
2020-01-16T09:18:42Z DEBUG stdout=
2020-01-16T09:18:42Z DEBUG stderr=
2020-01-16T09:18:42Z DEBUG duration: 0 seconds
2020-01-16T09:18:42Z DEBUG [24/41]: enabling SASL mapping fallback
2020-01-16T09:18:42Z DEBUG Starting external process
2020-01-16T09:18:42Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2cUva2 -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:42Z DEBUG Process finished, return code=0
2020-01-16T09:18:42Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
on
modifying entry "cn=config"
modify complete

2020-01-16T09:18:42Z DEBUG duration: 0 seconds
2020-01-16T09:18:42Z DEBUG [25/41]: restarting directory server
2020-01-16T09:18:42Z DEBUG Destroyed connection context.ldap2_139649442352464
2020-01-16T09:18:42Z DEBUG Starting external process
2020-01-16T09:18:42Z DEBUG args=/bin/systemctl --system daemon-reload
2020-01-16T09:18:42Z DEBUG Process finished, return code=0
2020-01-16T09:18:42Z DEBUG stdout=
2020-01-16T09:18:42Z DEBUG stderr=
2020-01-16T09:18:42Z DEBUG Starting external process
2020-01-16T09:18:42Z DEBUG args=/bin/systemctl restart dirsrv@xxx-IT.service
2020-01-16T09:18:48Z DEBUG Process finished, return code=0
2020-01-16T09:18:48Z DEBUG stdout=
2020-01-16T09:18:48Z DEBUG stderr=
2020-01-16T09:18:48Z DEBUG Starting external process
2020-01-16T09:18:48Z DEBUG args=/bin/systemctl is-active dirsrv@xxx-IT.service
2020-01-16T09:18:48Z DEBUG Process finished, return code=0
2020-01-16T09:18:48Z DEBUG stdout=active

2020-01-16T09:18:48Z DEBUG stderr=
2020-01-16T09:18:48Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2020-01-16T09:18:48Z DEBUG waiting for port: 389
2020-01-16T09:18:48Z DEBUG SUCCESS: port: 389
2020-01-16T09:18:48Z DEBUG Restart of dirsrv@xxx-IT.service complete
2020-01-16T09:18:48Z DEBUG Starting external process
2020-01-16T09:18:48Z DEBUG args=/bin/systemctl is-active dirsrv@xxx-IT.service
2020-01-16T09:18:48Z DEBUG Process finished, return code=0
2020-01-16T09:18:48Z DEBUG stdout=active

2020-01-16T09:18:48Z DEBUG stderr=
2020-01-16T09:18:48Z DEBUG Created connection context.ldap2_139649442352464
2020-01-16T09:18:48Z DEBUG duration: 6 seconds
2020-01-16T09:18:48Z DEBUG [26/41]: creating DS keytab
2020-01-16T09:18:48Z DEBUG raw: service_add(u'ldap/ipa-replica.xxx.it@xxx.IT', force=True, version=u'2.231')
2020-01-16T09:18:48Z DEBUG service_add(ipapython.kerberos.Principal('ldap/ipa-replica.xxx.it@xxx.IT'), force=True, all=False, raw=False, version=u'2.231', no_members=False)
2020-01-16T09:18:48Z DEBUG raw: host_show(u'ipa-replica.xxx.it', version=u'2.231')
2020-01-16T09:18:48Z DEBUG host_show(u'ipa-replica.xxx.it', rights=False, all=False, raw=False, version=u'2.231', no_members=False)
2020-01-16T09:18:48Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab'
2020-01-16T09:18:48Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist
2020-01-16T09:18:48Z DEBUG Starting external process
2020-01-16T09:18:48Z DEBUG args=/usr/sbin/ipa-getkeytab -k /etc/dirsrv/ds.keytab -p ldap/ipa-replica.xxx.it@xxx.IT -H ldaps://ipa.xxx.it
2020-01-16T09:18:49Z DEBUG Process finished, return code=0
2020-01-16T09:18:49Z DEBUG stdout=
2020-01-16T09:18:49Z DEBUG stderr=Keytab successfully retrieved and stored in: /etc/dirsrv/ds.keytab

2020-01-16T09:18:49Z DEBUG duration: 0 seconds
2020-01-16T09:18:49Z DEBUG [27/41]: ignore time skew for initial replication
2020-01-16T09:18:49Z DEBUG Starting external process
2020-01-16T09:18:49Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmptm2Bru -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:18:49Z DEBUG Process finished, return code=0
2020-01-16T09:18:49Z DEBUG stdout=replace nsslapd-ignore-time-skew:
on
modifying entry "cn=config"
modify complete

2020-01-16T09:18:49Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

2020-01-16T09:18:49Z DEBUG duration: 0 seconds
2020-01-16T09:18:49Z DEBUG [28/41]: setting up initial replication
2020-01-16T09:18:49Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-xxx-IT.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02a8bcee60>
2020-01-16T09:18:49Z DEBUG Destroyed connection context.ldap2_139649442352464
2020-01-16T09:18:49Z DEBUG Starting external process
2020-01-16T09:18:49Z DEBUG args=/bin/systemctl --system daemon-reload
2020-01-16T09:18:49Z DEBUG Process finished, return code=0
2020-01-16T09:18:49Z DEBUG stdout=
2020-01-16T09:18:49Z DEBUG stderr=
2020-01-16T09:18:49Z DEBUG Starting external process
2020-01-16T09:18:49Z DEBUG args=/bin/systemctl restart dirsrv@xxx-IT.service
2020-01-16T09:18:56Z DEBUG Process finished, return code=0
2020-01-16T09:18:56Z DEBUG stdout=
2020-01-16T09:18:56Z DEBUG stderr=
2020-01-16T09:18:56Z DEBUG Restart of dirsrv@xxx-IT.service complete
2020-01-16T09:18:56Z DEBUG Created connection context.ldap2_139649442352464
2020-01-16T09:18:56Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2020-01-16T09:18:56Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.xxx.it:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f02a89871b8>
2020-01-16T09:18:56Z DEBUG Successfully updated nsDS5ReplicaId.
2020-01-16T09:18:56Z DEBUG Add or update replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config
2020-01-16T09:18:56Z DEBUG Added replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config
2020-01-16T09:18:56Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2020-01-16T09:18:56Z DEBUG Successfully updated nsDS5ReplicaId.
2020-01-16T09:18:56Z DEBUG Add or update replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config
2020-01-16T09:18:56Z DEBUG Added replica config cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config
2020-01-16T09:18:56Z DEBUG Waiting for replication (ldap://ipa.xxx.it:389) cn=meToipa-replica.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config (objectclass=)
2020-01-16T09:18:56Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=meToipa-replica.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config'), {u'nsds5replicaLastInitStart': ['19700101000000Z'], u'nsds5replicaUpdateInProgress': ['FALSE'], u'cn': ['meToipa-replica.xxx.it'], u'objectClass': ['nsds5replicationagreement', 'top'], u'nsds5replicaLastUpdateEnd': ['19700101000000Z'], u'nsDS5ReplicaRoot': ['dc=xxx,dc=it'], u'nsDS5ReplicaHost': ['ipa-replica.xxx.it'], u'nsds5replicaLastUpdateStatus': ['Error (0) No replication sessions started since server startup'], u'nsDS5ReplicaBindMethod': ['SASL/GSSAPI'], u'nsds5ReplicaStripAttrs': ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], u'nsds5replicaLastUpdateStart': ['19700101000000Z'], u'nsDS5ReplicaPort': ['389'], u'nsDS5ReplicaTransportInfo': ['LDAP'], u'description': ['me to ipa-replica.xxx.it'], u'nsds5replicareapactive': ['0'], u'nsds5replicaChangesSentSinceStartup': [''], u'nsds5replicaTimeout': ['120'], u'nsDS5ReplicatedAttributeList': ['(objectclass=) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'], u'nsds5replicaLastInitEnd': ['19700101000000Z'], u'nsDS5ReplicatedAttributeListTotal': ['(objectclass=) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount']})]
2020-01-16T09:18:56Z DEBUG Waiting for replication (ldapi://%2fvar%2frun%2fslapd-xxx-IT.socket) cn=meToipa.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config (objectclass=)
2020-01-16T09:18:56Z DEBUG Entry found [LDAPEntry(ipapython.dn.DN('cn=meToipa.xxx.it,cn=replica,cn=dc\=xxx\,dc\=it,cn=mapping tree,cn=config'), {u'nsds5replicaLastInitStart': ['19700101000000Z'], u'nsds5replicaUpdateInProgress': ['FALSE'], u'cn': ['meToipa.xxx.it'], u'objectClass': ['nsds5replicationagreement', 'top'], u'nsds5replicaLastUpdateEnd': ['19700101000000Z'], u'nsDS5ReplicaRoot': ['dc=xxx,dc=it'], u'nsDS5ReplicaHost': ['ipa.xxx.it'], u'nsds5replicaLastUpdateStatus': ['Error (0) No replication sessions started since server startup'], u'nsDS5ReplicaBindMethod': ['SASL/GSSAPI'], u'nsds5ReplicaStripAttrs': ['modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp'], u'nsds5replicaLastUpdateStart': ['19700101000000Z'], u'nsDS5ReplicaPort': ['389'], u'nsDS5ReplicaTransportInfo': ['LDAP'], u'description': ['me to ipa.xxx.it'], u'nsds5replicareapactive': ['0'], u'nsds5replicaChangesSentSinceStartup': [''], u'nsds5replicaTimeout': ['120'], u'nsDS5ReplicatedAttributeList': ['(objectclass=) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount'], u'nsds5replicaLastInitEnd': ['19700101000000Z'], u'nsDS5ReplicatedAttributeListTotal': ['(objectclass=) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount']})]
2020-01-16T09:19:01Z DEBUG duration: 11 seconds
2020-01-16T09:19:01Z DEBUG [29/41]: prevent time skew after initial replication
2020-01-16T09:19:01Z DEBUG Starting external process
2020-01-16T09:19:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL
2020-01-16T09:19:01Z DEBUG Process finished, return code=50
2020-01-16T09:19:01Z DEBUG stdout=replace nsslapd-ignore-time-skew:
off
modifying entry "cn=config"

2020-01-16T09:19:01Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_modify: Insufficient access (50)
additional info: Insufficient 'write' privilege to the 'nsslapd-ignore-time-skew' attribute of entry 'cn=config'.

2020-01-16T09:19:01Z CRITICAL Failed to load replica-prevent-time-skew.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50
2020-01-16T09:19:01Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 976, in replica_manage_time_skew
self._ldap_mod("replica-prevent-time-skew.ldif", self.sub_dict)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 370, in _ldap_mod
ipautil.run(args, nolog=nologlist)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 563, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50

2020-01-16T09:19:01Z DEBUG [error] CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50
2020-01-16T09:19:01Z DEBUG Destroyed connection context.ldap2_139649422986192
2020-01-16T09:19:01Z DEBUG Backing up system configuration file '/etc/ipa/default.conf'
2020-01-16T09:19:01Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2020-01-16T09:19:01Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 319, in run
return cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 360, in run
return self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 655, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 431, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception
six.reraise(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 418, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init.py", line 629, in main
replica_install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 408, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1451, in install
fstore=fstore)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 115, in install_replica_ds
setup_pkinit=not options.no_pkinit,
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 419, in create_replica
self.start_creation(runtime=30)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 567, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 557, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 976, in replica_manage_time_skew
self._ldap_mod("replica-prevent-time-skew.ldif", self.sub_dict)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 370, in _ldap_mod
ipautil.run(args, nolog=nologlist)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 563, in run
raise CalledProcessError(p.returncode, arg_string, str(output))

2020-01-16T09:19:01Z DEBUG The ipa-replica-install command failed, exception: CalledProcessError: Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50
2020-01-16T09:19:01Z ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmpp_RlNI -H ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket -Y EXTERNAL' returned non-zero exit status 50
2020-01-16T09:19:01Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

cheimes commented 4 years ago

The failing command is:

2020-01-16T09:19:01Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-xxx-IT.socket/??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_modify: Insufficient access (50)
    additional info: Insufficient 'write' privilege to the 'nsslapd-ignore-time-skew' attribute of entry 'cn=config'.

Do you have a user with uid 0 in IPA or did you install the first IPA server with --idstart=0?

alexadevinta commented 4 years ago

Hi @cheimes,

yes I have an user call "root"

1 user matched

User login: root
Last name: root
Home directory: /home/root
Login shell: /bin/false
Principal name: root@xxx.IT
Principal alias: root@xxx.IT
UID: 0
GID: 0
Account disabled: False

Number of entries returned 1

Edited 4 years ago by alexadevinta

cheimes commented 4 years ago

That's most likely the root cause of your problem. You should not have a root user in IPA nor a user with UID 0 or GID 0. This conflicts with Directory Manager auto-bind and other features.

alexadevinta commented 4 years ago

Thanks you @cheimes that's work!

Thanks soo much.

abbra commented 4 years ago

Yes, using 'root' inside IPA is unsupported.

Metadata Update from @abbra:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8175 FreeIPA: Issue during replica install [29/41]: prevent time skew after initial replication Closed: wontfix 4 years ago by abbra. Opened 4 years ago by alexadevinta.

Request for enhancement

Issue

When I try to make Replica during the installation phase action is interrupt in phase [29/41]

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Additional info:

LOG IN /var/log/ipareplica-install.log

1 user matched

Metadata

#8175 FreeIPA: Issue during replica install [29/41]: prevent time skew after initial replication

Closed: wontfix 4 years ago by abbra. Opened 4 years ago by alexadevinta.