freeipa

Clone
Source Code
GIT

#8767 ipa-server-install displays debug output when --debug output is not specified.
Closed: fixed 3 years ago by frenaud. Opened 3 years ago by sumenon.

Closed: fixed
Reopen Issue

Issue

ipa-server-install displays debug output when --debug output is not specified.

Steps to Reproduce

  1. ipa-server-install
  2. Check the message displayed on the console

Actual behavior

Updating DNS system records
Configuring client side components
This program will set up IPA client.
Version 4.10.0.dev202103230732+git4d716d3fb

Using existing certificate '/etc/ipa/ca.crt'.
Sudo version 1.9.2
Configure options: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo --enable-openssl --disable-root-mailer --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-selinux --with-passprompt=[sudo] password for %p: --with-linux-audit --with-sssd
Client hostname: server.fedora33.test
Realm: FEDORA33.TEST
DNS Domain: fedora33.test
IPA Server: server.fedora33.test
BaseDN: dc=fedora33,dc=test

Sudoers policy plugin version 1.9.2
Sudoers file grammar version 48

Sudoers path: /etc/sudoers
nsswitch path: /etc/nsswitch.conf
ldap.conf path: /etc/ldap.conf
ldap.secret path: /etc/ldap.secret
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5.0 minutes
Password prompt timeout: 5.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: SECURITY information for %h
Incorrect password message: Sorry, try again.
Path to lecture status dir: /var/db/sudo/lectured
Path to authentication timestamp dir: /run/sudo/ts
Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Value to override user's $PATH with: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
Path to the editor for use by visudo: /bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
TZ
TERM
LINGUAS
LC_
LANGUAGE
LANG
COLORTERM
Environment variables to remove:
=()
RUBYOPT
RUBYLIB
PYTHONUSERBASE
PYTHONINSPECT
PYTHONPATH
PYTHONHOME
TMPPREFIX
ZDOTDIR
READNULLCMD
NULLCMD
FPATH
PERL5DB
PERL5OPT
PERL5LIB
PERLLIB
PERLIO_DEBUG
JAVA_TOOL_OPTIONS
SHELLOPTS
BASHOPTS
GLOBIGNORE
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS
Environment variables to preserve:
XAUTHORITY
_XKB_CHARSET
LINGUAS
LANGUAGE
LC_ALL
LC_TIME
LC_TELEPHONE
LC_PAPER
LC_NUMERIC
LC_NAME
LC_MONETARY
LC_MESSAGES
LC_MEASUREMENT
LC_IDENTIFICATION
LC_COLLATE
LC_CTYPE
LC_ADDRESS
LANG
USERNAME
QTDIR
MAIL
LS_COLORS
KDEDIR
HISTSIZE
HOSTNAME
DISPLAY
COLORS
Locale to use while parsing sudoers: C
Compress I/O logs using zlib
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use: sudo
PAM service name to use for login shells: sudo-i
Attempt to establish PAM credentials for the target user
Create a new PAM session for the command to run in
Perform PAM account validation management
Enable sudoers netgroup support
Check parent directories for writability when editing files with sudoedit
Query the group plugin for unknown system groups
Allow commands to be run even if sudo cannot write to the audit log
Allow commands to be run even if sudo cannot write to the log file
Resolve groups in sudoers and match on the group ID, not the name
Log entries larger than this value will be split into multiple syslog messages: 960
File mode to use for the I/O log files: 0600
Execute commands by file descriptor instead of by path: digest_only
Type of authentication timestamp record: tty
Ignore case when matching user names
Ignore case when matching group names
Log when a command is allowed by sudoers
Log when a command is denied by sudoers
Sudo log server timeout in seconds: 30
Enable SO_KEEPALIVE socket option on the socket connected to the logserver
Verify that the log server's certificate is valid
Set the pam remote user to the user running sudo
Local IP address and netmask pairs:
192.168.122.37/255.255.255.0
fe80::5054:ff:fe08:49c2/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.9.2
Sudoers audit plugin version 1.9.2
Configured sudoers in /etc/authselect/user-nsswitch.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config.d/04-ipa.conf
Configuring fedora33.test as NIS domain.
Client configuration complete.
The ipa-client-install command was successful

Expected behavior

Removed the extra debug output as displayed above while running ipa-server-install/ipa-client-install/ipa-replica-install

Version/Release/Distribution

freeipa-client-common-4.10.0.dev202103230732+git4d716d3fb-0.fc33.noarch
freeipa-selinux-4.10.0.dev202103230732+git4d716d3fb-0.fc33.noarch
freeipa-common-4.10.0.dev202103230732+git4d716d3fb-0.fc33.noarch
freeipa-server-common-4.10.0.dev202103230732+git4d716d3fb-0.fc33.noarch
freeipa-client-4.10.0.dev202103230732+git4d716d3fb-0.fc33.x86_64
freeipa-healthcheck-core-0.8-2.fc33.noarch
freeipa-server-4.10.0.dev202103230732+git4d716d3fb-0.fc33.x86_64

Additional info:

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1943151
3 years ago

Issue linked to Bugzilla: Bug 1943151

Metadata Update from @frenaud:
- Issue assigned to frenaud
3 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5710
3 years ago

master:

  • ec8d72c client install: do not capture sudo -V stdout
  • 058a9c0 ipatests: check that the output of sudo -V is not displayed

ipa-4-9:

  • 7fa80ac client install: do not capture sudo -V stdout
  • 3499fde ipatests: check that the output of sudo -V is not displayed

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/5710
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1943151
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.