freeipa

Clone
Source Code
GIT

#9550 ipa-migrate prod-mode fails with error 'SIDGEN task failed: Command '['/usr/bin/ipa config-mod --enable-sid --add-sids']' returned non-zero exit status 1'
Opened 2 months ago by sumenon. Modified 2 months ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

Issue

ipa-migrate prod-mode fails with error 'SIDGEN task failed: Command '['/usr/bin/ipa config-mod --enable-sid --add-sids']' returned non-zero exit status 1'

Steps to Reproduce

  1. Install 2 IPA server with 1.ipa.test and 2. testrelm.test
  2. Run ipa-migrate prod-mode server2.testrelm.test -D 'cn=Directory Manager' -w pwd.

Actual behavior

[root@server1 ~]# ipa-migrate prod-mode server2.testrelm.test -D 'cn=Directory Manager' -w Secret123
Initializing ...
Connecting to local server ...
Warning - the migration process is irreversible! Make sure you have a backup of the local IPA server before doing the migration
To proceed type "yes": yes
IPA to IPA migration starting ...
Migrating schema ...
Migrating configuration ...
Migrating database ... (this make take a while)
Processed 479 entries.
Running ipa-server-upgrade ... (this make take a while)
Running SIDGEN task ...
SIDGEN task failed: Command '['/usr/bin/ipa config-mod --enable-sid --add-sids']' returned non-zero exit status 1.
Migration complete!

Expected behavior

SIDGEN task should pass

Version/Release/Distribution

freeipa-server-4.12.0.dev-0.fc39.x86_64
389-ds-base-2.4.5-1.fc39.x86_64
selinux-policy-39.5-1.fc39.noarch
selinux-policy-targeted-39.5-1.fc39.noarch
freeipa-selinux-4.12.0.dev-0.fc39.noarch
dogtag-pki-server-11.4.3-2.fc39.1.noarch

Additional info:

Attaching logs for reference.

Note that this tool is still under review.

Metadata Update from @rcritten:
- Issue assigned to mreynolds
2 months ago

I can not reproduce this problem. Can you manually run this command on your system and share what the actual error is?

# /usr/bin/ipa config-mod --enable-sid --add-sids

And, can you also provide the "exact" steps how you ran this test? What did you do with the remote server (server2.testrelm.test) prior to running the migration tool?

@sumenon share this HTTP log clip when it fails:

# /usr/bin/ipa config-mod --enable-sid --add-sids
ipa: ERROR: Configuration of SID failed. See details in the error log

Tue Mar 12 16:24:10.107875 2024] [wsgi:error] [pid 40082:tid 40532] [remote 10.0.193.160:57804] ipa: INFO: [jsonserver_kerb] admin@IPA.TEST: config_mod/1(enable_sid=True, add_sids=True, version='2.253'): ExecutionError

Not very useful, but we are still investigating...

More logging, but not more useful (at least to me)

[Tue Mar 12 16:29:39.166011 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: raw: config_mod(enable_sid=True, add_sids=True, version='2.253')
[Tue Mar 12 16:29:39.166153 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: config_mod(enable_sid=True, add_sids=True, rights=False, all=False, raw=False, version='2.253')
[Tue Mar 12 16:29:40.657636 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: Destroyed connection context.ldap2_140351228696608
[Tue Mar 12 16:29:40.664289 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: Created connection context.ldap2_140351228696608
[Tue Mar 12 16:29:40.664464 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: ERROR: Helper config_enable_sid return code is 1
[Tue Mar 12 16:29:40.666524 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: WSGI wsgi_execute PublicError: Traceback (most recent call last):
[Tue Mar 12 16:29:40.666537 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipaserver/rpcserver.py", line 417, in wsgi_execute
[Tue Mar 12 16:29:40.666543 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     result = command(*args, **options)
[Tue Mar 12 16:29:40.666548 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]              ^^^^^^^^^^^^^^^^^^^^^^^^^
[Tue Mar 12 16:29:40.666554 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 471, in __call__
[Tue Mar 12 16:29:40.666559 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     return self.__do_call(*args, **options)
[Tue Mar 12 16:29:40.666565 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[Tue Mar 12 16:29:40.666570 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 499, in __do_call
[Tue Mar 12 16:29:40.666575 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     ret = self.run(*args, **options)
[Tue Mar 12 16:29:40.666581 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]           ^^^^^^^^^^^^^^^^^^^^^^^^^^
[Tue Mar 12 16:29:40.666586 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 816, in run
[Tue Mar 12 16:29:40.666591 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     return self.execute(*args, **options)
[Tue Mar 12 16:29:40.666597 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[Tue Mar 12 16:29:40.666602 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipaserver/plugins/baseldap.py", line 1523, in execute
[Tue Mar 12 16:29:40.666622 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     entry_attrs.dn = callback(
[Tue Mar 12 16:29:40.666628 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]                      ^^^^^^^^^
[Tue Mar 12 16:29:40.666633 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipaserver/plugins/config.py", line 701, in pre_callback
[Tue Mar 12 16:29:40.666639 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     self._enable_sid(ldap, options)
[Tue Mar 12 16:29:40.666644 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]   File "/usr/lib/python3.12/site-packages/ipaserver/plugins/config.py", line 559, in _enable_sid
[Tue Mar 12 16:29:40.666650 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000]     raise errors.ExecutionError(
[Tue Mar 12 16:29:40.666655 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipalib.errors.ExecutionError: Configuration of SID failed. See details in the error log
[Tue Mar 12 16:29:40.666661 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] 
[Tue Mar 12 16:29:40.666770 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: INFO: [jsonserver_session] admin@IPA.TEST: config_mod/1(enable_sid=True, add_sids=True, version='2.253'): ExecutionError
[Tue Mar 12 16:29:40.666812 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: [jsonserver_session] admin@IPA.TEST: config_mod/1(enable_sid=True, add_sids=True, version='2.253'): ExecutionError etime=1505088318
[Tue Mar 12 16:29:40.667312 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: Destroyed connection context.ldap2_140351228696608

IPA calls dbus to start the SID generation so perhaps the systemd journal has information.

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Attachments 1
prod-mode.log
Attached 2 months ago View Comment
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.