ipa-migrate prod-mode fails with error 'SIDGEN task failed: Command '['/usr/bin/ipa config-mod --enable-sid --add-sids']' returned non-zero exit status 1'
[root@server1 ~]# ipa-migrate prod-mode server2.testrelm.test -D 'cn=Directory Manager' -w Secret123 Initializing ... Connecting to local server ... Warning - the migration process is irreversible! Make sure you have a backup of the local IPA server before doing the migration To proceed type "yes": yes IPA to IPA migration starting ... Migrating schema ... Migrating configuration ... Migrating database ... (this make take a while) Processed 479 entries. Running ipa-server-upgrade ... (this make take a while) Running SIDGEN task ... SIDGEN task failed: Command '['/usr/bin/ipa config-mod --enable-sid --add-sids']' returned non-zero exit status 1. Migration complete!
SIDGEN task should pass
freeipa-server-4.12.0.dev-0.fc39.x86_64 389-ds-base-2.4.5-1.fc39.x86_64 selinux-policy-39.5-1.fc39.noarch selinux-policy-targeted-39.5-1.fc39.noarch freeipa-selinux-4.12.0.dev-0.fc39.noarch dogtag-pki-server-11.4.3-2.fc39.1.noarch
Attaching logs for reference.
<img alt="prod-mode.log" src="/freeipa/issue/raw/files/9bd6e54823ad83db276cdb4627fddb048a0cc48e844309bfe41055a6b8956867-prod-mode.log" />
Note that this tool is still under review.
Metadata Update from @rcritten: - Issue assigned to mreynolds
I can not reproduce this problem. Can you manually run this command on your system and share what the actual error is?
# /usr/bin/ipa config-mod --enable-sid --add-sids
And, can you also provide the "exact" steps how you ran this test? What did you do with the remote server (server2.testrelm.test) prior to running the migration tool?
@sumenon share this HTTP log clip when it fails:
# /usr/bin/ipa config-mod --enable-sid --add-sids ipa: ERROR: Configuration of SID failed. See details in the error log Tue Mar 12 16:24:10.107875 2024] [wsgi:error] [pid 40082:tid 40532] [remote 10.0.193.160:57804] ipa: INFO: [jsonserver_kerb] admin@IPA.TEST: config_mod/1(enable_sid=True, add_sids=True, version='2.253'): ExecutionError
Not very useful, but we are still investigating...
More logging, but not more useful (at least to me)
[Tue Mar 12 16:29:39.166011 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: raw: config_mod(enable_sid=True, add_sids=True, version='2.253') [Tue Mar 12 16:29:39.166153 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: config_mod(enable_sid=True, add_sids=True, rights=False, all=False, raw=False, version='2.253') [Tue Mar 12 16:29:40.657636 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: Destroyed connection context.ldap2_140351228696608 [Tue Mar 12 16:29:40.664289 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: Created connection context.ldap2_140351228696608 [Tue Mar 12 16:29:40.664464 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: ERROR: Helper config_enable_sid return code is 1 [Tue Mar 12 16:29:40.666524 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: WSGI wsgi_execute PublicError: Traceback (most recent call last): [Tue Mar 12 16:29:40.666537 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipaserver/rpcserver.py", line 417, in wsgi_execute [Tue Mar 12 16:29:40.666543 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] result = command(*args, **options) [Tue Mar 12 16:29:40.666548 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ^^^^^^^^^^^^^^^^^^^^^^^^^ [Tue Mar 12 16:29:40.666554 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 471, in __call__ [Tue Mar 12 16:29:40.666559 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] return self.__do_call(*args, **options) [Tue Mar 12 16:29:40.666565 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [Tue Mar 12 16:29:40.666570 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 499, in __do_call [Tue Mar 12 16:29:40.666575 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ret = self.run(*args, **options) [Tue Mar 12 16:29:40.666581 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ^^^^^^^^^^^^^^^^^^^^^^^^^^ [Tue Mar 12 16:29:40.666586 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipalib/frontend.py", line 816, in run [Tue Mar 12 16:29:40.666591 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] return self.execute(*args, **options) [Tue Mar 12 16:29:40.666597 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [Tue Mar 12 16:29:40.666602 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipaserver/plugins/baseldap.py", line 1523, in execute [Tue Mar 12 16:29:40.666622 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] entry_attrs.dn = callback( [Tue Mar 12 16:29:40.666628 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ^^^^^^^^^ [Tue Mar 12 16:29:40.666633 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipaserver/plugins/config.py", line 701, in pre_callback [Tue Mar 12 16:29:40.666639 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] self._enable_sid(ldap, options) [Tue Mar 12 16:29:40.666644 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] File "/usr/lib/python3.12/site-packages/ipaserver/plugins/config.py", line 559, in _enable_sid [Tue Mar 12 16:29:40.666650 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] raise errors.ExecutionError( [Tue Mar 12 16:29:40.666655 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipalib.errors.ExecutionError: Configuration of SID failed. See details in the error log [Tue Mar 12 16:29:40.666661 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] [Tue Mar 12 16:29:40.666770 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: INFO: [jsonserver_session] admin@IPA.TEST: config_mod/1(enable_sid=True, add_sids=True, version='2.253'): ExecutionError [Tue Mar 12 16:29:40.666812 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: [jsonserver_session] admin@IPA.TEST: config_mod/1(enable_sid=True, add_sids=True, version='2.253'): ExecutionError etime=1505088318 [Tue Mar 12 16:29:40.667312 2024] [wsgi:error] [pid 41248:tid 41469] [remote 10.0.193.160:42000] ipa: DEBUG: Destroyed connection context.ldap2_140351228696608
IPA calls dbus to start the SID generation so perhaps the systemd journal has information.
Login to comment on this ticket.