search

SSSD / sssd-test-suite

Setup virtual environment for testing SSSD against LDAP, IPA and Active Directory servers.
7 stars 16 forks source link

False positive error #31

Closed elkoniu closed 10 months ago

elkoniu commented 3 years ago

When I am provisioning and enrolling all clients I am getting error during client processing: Joining realm failed: Host is already joined. I think this should be considered as warning rather than error? Full log bellow.

[SSH: ppolawsk@czapka]<sssd-test-suite><master>$ ./sssd-test-suite provision enroll all
[sssd-test-suite] [enroll] [1/2] Start Guest Machines
Bringing machine 'ad' up with 'libvirt' provider...
Bringing machine 'ad-child' up with 'libvirt' provider...
Bringing machine 'client' up with 'libvirt' provider...
Bringing machine 'ipa' up with 'libvirt' provider...
Bringing machine 'ldap' up with 'libvirt' provider...
==> ad: Checking if box 'sssd-winsrv-latest-ad' version '20200128.01' is up to date...
==> ad-child: Checking if box 'sssd-winsrv-latest-ad-child' version '20200128.01' is up to date...
==> client: Checking if box 'sssd-vagrant/fedora31-client' version '20201205.01' is up to date...
==> ldap: Checking if box 'sssd-vagrant/fedora31-ldap' version '20201205.01' is up to date...
==> ipa: Checking if box 'sssd-vagrant/fedora31-ipa' version '20201205.01' is up to date...
==> ad: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> ad: flag to force provisioning. Provisioners marked to run always will still run.
==> ad-child: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> ad-child: flag to force provisioning. Provisioners marked to run always will still run.
==> ldap: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> ldap: flag to force provisioning. Provisioners marked to run always will still run.
==> client: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> client: flag to force provisioning. Provisioners marked to run always will still run.
==> ipa: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> ipa: flag to force provisioning. Provisioners marked to run always will still run.
[sssd-test-suite] [enroll] [2/2] Enroll Machines
BECOME password: 

PLAY [ipa] ********************************************************************************************************************

TASK [enroll-ipa : Create /shared/enrollment/ipa directory] *******************************************************************
ok: [ipa]

TASK [enroll-ipa : Copy certificate to shared folder] *************************************************************************
ok: [ipa]

TASK [enroll-ipa : Install IPA-AD trust] **************************************************************************************
ok: [ipa]

TASK [enroll-ipa : Setup trust with ad.vm] ************************************************************************************
changed: [ipa]

PLAY [ldap] *******************************************************************************************************************

TASK [enroll-ldap : Create /shared/enrollment/ldap directory] *****************************************************************
ok: [ldap]

TASK [enroll-ldap : Copy certificate to shared folder] ************************************************************************
ok: [ldap]

PLAY [client] *****************************************************************************************************************

TASK [enroll-client : Create /shared/enrollment/client directory] *************************************************************
ok: [client]

TASK [enroll-client : include_tasks] ******************************************************************************************
included: /home/ppolawsk/RedHat/git/sssd-test-suite/provision/roles/enroll-client/tasks/ipa.yml for client

TASK [enroll-client : Join IPA domain] ****************************************************************************************
fatal: [client]: FAILED! => changed=true 
  cmd: |-
    /usr/sbin/ipa-client-install --unattended           --domain ipa.vm                 --principal admin                                 --password 123456789             --force-ntpd
  delta: '0:00:13.372355'
  end: '2021-08-18 09:47:57.783905'
  msg: non-zero return code
  rc: 1
  start: '2021-08-18 09:47:44.411550'
  stderr: |-
    Option --force-ntpd has been deprecated and will be removed in a future release.
    Discovery was successful!
    Client hostname: master.client.vm
    Realm: IPA.VM
    DNS Domain: ipa.vm
    IPA Server: master.ipa.vm
    BaseDN: dc=ipa,dc=vm
    Synchronizing time
    No SRV records of NTP servers found and no NTP server or pool address was provided.
    Attempting to sync time with chronyc.
    Time synchronization was successful.
    Successfully retrieved CA cert
        Subject:     CN=Certificate Authority,O=IPA.VM
        Issuer:      CN=Certificate Authority,O=IPA.VM
        Valid From:  2020-12-05 01:22:35
        Valid Until: 2040-12-05 01:22:35

    Joining realm failed: Host is already joined.

    Use --force-join option to override the host entry on the server and force client enrollment.
    Installation failed. Rolling back changes.
    Disabling client Kerberos and LDAP configurations
    Other domains than IPA domain found, IPA domain was removed from /etc/sssd/sssd.conf.
    nscd daemon is not installed, skip configuration
    nslcd daemon is not installed, skip configuration
    Client uninstall complete.
    The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
  stderr_lines: <omitted>
  stdout: |-
    This program will set up FreeIPA client.
    Version 4.8.6

    Using default chrony configuration.
  stdout_lines: <omitted>

PLAY RECAP ********************************************************************************************************************
client                     : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   
ipa                        : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
ldap                       : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[sssd-test-suite] [enroll] ERROR ShellCommandError: Command returned non-zero status code: 2
[sssd-test-suite] [enroll] Finished with error ShellCommandError: Command returned non-zero status code: 2
[sssd-test-suite] The following command exited with: 2
[sssd-test-suite] [shell] Working directory: /home/ppolawsk/RedHat/git/sssd-test-suite
[sssd-test-suite] [shell] Environment: ANSIBLE_CONFIG='/home/ppolawsk/RedHat/git/sssd-test-suite/provision/ansible.cfg'
[sssd-test-suite] [shell] Command: ['ansible-playbook', '--limit', 'all', '--ask-become-pass', '/home/ppolawsk/RedHat/git/sssd-test-suite/provision/enroll.yml']
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/nutcli/runner.py", line 240, in execute
    return self._call_actor(args.func, args, shell)
  File "/usr/local/lib/python3.9/site-packages/nutcli/runner.py", line 282, in _call_actor
    return actor(**actor._filter_parser_args(args))
  File "/home/ppolawsk/RedHat/git/sssd-test-suite/cli/commands/provision.py", line 184, in __call__
    TaskList('enroll', logger=self.logger)([
  File "/usr/local/lib/python3.9/site-packages/nutcli/tasks.py", line 187, in execute
    self.__real_handler(kwargs)(*real_args, **real_kwargs)
  File "/usr/local/lib/python3.9/site-packages/nutcli/tasks.py", line 401, in _run_tasks
    raise error.with_traceback(error_info[2])
  File "/usr/local/lib/python3.9/site-packages/nutcli/tasks.py", line 383, in _run_tasks
    task.execute(parent=self)
  File "/usr/local/lib/python3.9/site-packages/nutcli/tasks.py", line 187, in execute
    self.__real_handler(kwargs)(*real_args, **real_kwargs)
  File "/home/ppolawsk/RedHat/git/sssd-test-suite/cli/commands/provision.py", line 207, in enroll
    self._exec_ansible(
  File "/home/ppolawsk/RedHat/git/sssd-test-suite/cli/commands/provision.py", line 49, in _exec_ansible
    return self.shell(['ansible-playbook', *args], env=env)
  File "/usr/local/lib/python3.9/site-packages/nutcli/shell.py", line 197, in __call__
    raise ShellCommandError(
nutcli.shell.ShellCommandError: Command returned non-zero status code: 2
elkoniu commented 10 months ago

I guess this is deprecated already as it 2+ years old.