ipa-client-install fails with TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract methods 'not_valid_after_utc', 'not_valid_before_utc'

martinpitt commented 1 month ago

Downstream report: https://launchpad.net/bugs/2078034

cockpituous commented 1 month ago

ubuntu-stable Ooops, it happened again

# ----------------------------------------------------------------------
# testUnqualifiedUsers (__main__.TestIPA.testUnqualifiedUsers)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 42395
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
time="2024-08-28T08:50:12Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
userdel: admin mail spool (/var/mail/admin) not found
 * Resolving: _ldap._tcp.cockpit.lan
 * Performing LDAP DSE lookup on: 10.111.112.100
 * Successfully discovered: cockpit.lan
 * Unconditionally checking packages
 * Resolving required packages
 * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W --force-ntpd
Option --force-ntpd has been deprecated and will be removed in a future release.
Discovery was successful!
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04J0\x82\x02\xb2\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r240807182318Z\x17\r440807182318Z061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xaf<B\xc3M-F\xaa\xd0\xd7\x91\xdd[k\xbf\x13\x9b\xc9\xff\x06\xfa\xb7:)\x1c]\xe0I\xb0\x9a\xb1y\x86!z\tm\xd2T-\x07:@\x0f\x1cL\xc5x\xa8\xa4\xb19\xe8\x15[U\xf4"\x9e{l\xd8\n\xa6c4\xa1\xa9\x1ah\xdc\x00\xf9\xdf\xaf26\x16Abkb\xdc\xe5J)\x8c\xa3;\xec\xa0n\tf\x97^N\'fr\xbapH\x94\x1f\xca\xf1\xc9N\xbe\x98r\xc4\xf7\x04\x8a\xf3\xf9\xbcA\xf1\x89\xbb\x06\xae\xcb\xd0\x92aNR\xd3\xe1Y\x98p\x83d\x8e\xd3?\xddu\xe2!%(C`[\xf7\x00k\x9e\x98(\xfd\xc9pg\x1a\n\xbf\x89\xdbx\xe6\xd3h\'\xfa\xbb\xef,o\x02\xc6\xe7X\t\x9e\xfdD\xdf\xac\xe2\x18\x87\xe1\x19c\x88\xa5\xce\r\xd8\xd4\x17\xa7\xd7`\xb7C*c\x002\xbe7\xean\x9d!\xd87[;\xe2\xa6\xd1\xe8b\xf3\xf0\xf1/\xeeC\xd2\x15\x93\x93\xe6\xe2\x82,\xb1L\xea-\xa6\xe4$\xff$\xcc\xb0-\xba5G\xa7\x9f\x7f\xc2u)Ok\x01:\xc7_\xbf\x9d\xab\xfe\x03;\xdc\xa62\xb3\xf3ab})<\x14#\xc2\xa1\x0f\xba\xa7\xb2\xca\xf4\xce\xc1S\xc8\x17%z\xb8\x07\x86q\x07\xb6\xa8p\xd4\xb3\xad\xad\xa8Pm\xb7\x01{\x89wQ\xa4a\x86\tb\xca\x0e\xe8\x9d\x87\x86\xd7\xd1\xa3\xae6\xe9\x0e]\x1fC\xd1\x11\xa1P-[\xa2\xbdY\xe3\x13\x1f\x8a\x0fS,{\x1f\xaaj\xef_#\x16\\\xeefSi\xcd\xd93\xfdc<\x93\'`\x1d\xd0t\xb9\x01\x06\xe9\x93\x02\x03\x01\x00\x01\xa3c0a0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\x9e\xd8\xb2\x7f\xae(Z\xca\x86\x86\xeb\x87&\x99\xc3\xdaT;\xba\xf20\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\x9e\xd8\xb2\x7f\xae(Z\xca\x86\x86\xeb\x87&\x99\xc3\xdaT;\xba\xf20\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00\x93Rmqh\xd3#\\\x1f\x01~\xb5\xbf\xb4\xa4^\xa8\xcb\x97\xdf,\x10r?/FH\r\xa36\xab\x81\xf5\xc2\xbe\xfa <\x84F\xd7o\x18\x1b\x9d\xa4d\x12\xdb;\xfe\xf9\xe3\xb1z\x1e$\x8f\x82\x8eE\x95H\x9e\x8f~\x10\xa0B\xd4\x8e\x9e\xf6\xb1\xf4\x82\xb3\x1e\x98+\xf3\xeb7;Uv\xbb"\xc7w\x9f\x95\xcdr\x02nl\xe2o!\x91$&\x05V!\xb5\xd6\xff\xe7\x9a%\xa0|@\xd0\xb6\xd2\x08<\x03n\xcb\x1a\xbf\xff=\xaa\xa7Q\xd52!9d\xe9$\xe8\tn\xe2\x93_\x0b*ik\x8f\xa1\xb3\x07\xc2\xe3B\xf9\n"]\xdbA$\x96\x86\xdd\t\x17@\x84z\x95\xba@\x9d\x82K[\xe2\x91F\xdcID\xf3\x83\x9d\xde\xb0\x84\x88#\xcc\xb4cF\x1e\x05\xf9N%\xc0\x91\xe7\xde\xce\xe7Xpq\x11\xb7b@\xb3i\x1a\x9e\x17\x97\xcec\xbbwwS9\xee\x1a\xf3/1\xcb\x89\xa7\xf3\xb6\x98a/\xaay\xf7,\xf0\x0f\x8d\xd9y\x10\x0e\xabj9q\x97\x8f\r\xad\x7fM,9\x18A`\x81N\x9amO\xbb\xbc:+\xd4\xa9\x12\x0c\xe7\x8e9\xdeVQ\x14\x1cZ9\x16\xe0Y\x13\x8d\xb4&Z\xbb\xb07\xd5\xa5\xae\x144\xb7\xc4\xf5\xbcD9q\xf2\xe2\x02Y\xcd\xb7\xc2\xebd\xf4\xfd\xa8\x06\x95\xc66\xa0\xbd\xafh\x0e\xb2\x18\xceoK\xf7\xae\x8d\xd1m\x8e\xca\xeb18|k\xd714C/+\x91\xd3\xba\xe0j-:\x91\xba\xce\x04\x1b\xdfR\xf1E\xf2\xa5\'g\xb0\xe5\xd5\xf2!\xe6\xea9D#' to type <class 'cryptography.x509.base.Certificate'>
Cannot obtain CA certificate
'ldap://f0.cockpit.lan' doesn't have a certificate.
Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Some installation state for ntp has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state
Some installation state has not been restored.
This may cause re-installation to fail.
It should be safe to remove /var/lib/ipa-client/sysrestore.state but it may
 mean your system hasn't been restored to its pre-installation state.
Client uninstall complete.

The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
This program will set up IPA client.
Version 4.11.1

WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd

Using default chrony configuration.
 ! Running ipa-client-install failed
realm: Couldn't join realm: Running ipa-client-install failed
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 625, in testUnqualifiedUsers
    super().testUnqualifiedUsers()
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 289, in testUnqualifiedUsers
    m.execute(f"echo {self.admin_password} | realm join -vU {self.admin_user} cockpit.lan", timeout=300)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2401', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%h-%p-%r-18066', '127.0.0.2', 'set -e;', 'echo foobarfoo | realm join -vU admin cockpit.lan')' returned non-zero exit status 1.

Wrote screenshot to TestIPA-testUnqualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.png
Wrote HTML dump to TestIPA-testUnqualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.html
Journal extracted to TestIPA-testUnqualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.log.gz
Journal extracted to TestIPA-testUnqualifiedUsers-services-127.0.0.2-2402-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 625, in testUnqualifiedUsers
    super().testUnqualifiedUsers()
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 289, in testUnqualifiedUsers
    m.execute(f"echo {self.admin_password} | realm join -vU {self.admin_user} cockpit.lan", timeout=300)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2401', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%h-%p-%r-18066', '127.0.0.2', 'set -e;', 'echo foobarfoo | realm join -vU admin cockpit.lan')' returned non-zero exit status 1.

# Result testUnqualifiedUsers (__main__.TestIPA.testUnqualifiedUsers) failed
# 1 TEST FAILED [152s on e67fb6cb7f03]
not ok 60 test/verify/check-system-realms TestIPA.testUnqualifiedUsers $2

First occurrence: 2024-08-28T08:51:45.869776+00:00 | revision c27098d0203c0e472ac5d0644531505656ee9002 Times recorded: 1 Latest occurrences:

2024-08-28T08:51:45.869776+00:00 | revision c27098d0203c0e472ac5d0644531505656ee9002

cockpituous commented 1 month ago

ubuntu-stable Ooops, it happened again

# ----------------------------------------------------------------------
# testNegotiate (__main__.TestKerberos.testNegotiate)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 34893
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 34893.
userdel: admin mail spool (/var/mail/admin) not found
time="2024-10-22T09:52:17Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
++ seq 1 20
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 1
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 2
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 3
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 4
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 5
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 6
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 7
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ break
+ echo foobarfoo
+ realm join -vU admin cockpit.lan
 * Resolving: _ldap._tcp.cockpit.lan
 * Performing LDAP DSE lookup on: 10.111.112.100
 * Successfully discovered: cockpit.lan
 * Unconditionally checking packages
 * Resolving required packages
 * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W --force-ntpd
Option --force-ntpd has been deprecated and will be removed in a future release.
Discovery was successful!
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04J0\x82\x02\xb2\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241018224435Z\x17\r441018224435Z061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xba\xae\xe4\x17\xc2{\x85\xb6\xda\x9b\x92\x14>\xae \xc6k\xac\x05\xd8/\xa7/\xda\xa0i\x002\xd4\xec\x93\xfc\x1et(\x86\xab\x88a\x84\x1f\x90\xbb\xab\xe7\xa78X\xfe\xb6\xba\x85\xe4\xe0\xee\x02\x92\xdf\xc45\xbby\xb9N)mi\xa4\xcd\x1e\x8aJ\x00\x85\x1d\xbf\xda\xd6\x04\xcaT\xdc\x9eC\x9c\t1\x9dj|asH\xbe\x80E\xfb\x18\xbf\x13>5\xdcF\xfb\xfe\xc4\x84\xd9\\L\x93\xd1\xd9\x9b\x07\xa9\xb4Jq\xb3\xf7\x85d\xa8\xf6\xf1\xbcW=\x14\r\\\xb30R \x15"i+\x05\x89\xbd8\xd7|\xa3\x91Y\xf1\x8ad\x1fu \x99\xbc\x18\xbf\xc9C\xd4\x00\xbd\x86\x05\xb8\xf6\xa9\xbd{\x01B\xf5\x1a\xa2O\x1b\xb69U\x1e\xf7o\x85\xcf\x035Y\xf8q\x83\xc9\xffw\x19g\x87\xf8\xbc\x066TU\xd0\x91\x8a[\xde\xac\xcc\x10\xbbNy\x90\x1b@)\x1b\x7fs\x06@\xd4tz\xbf\x83Y\x90$+!%-\xf3:\xda\xe0Qej\xeb\xe6L;\xa3!nJk\xa8N\xdcH\xb2 \xe4g\xb0\x103G\x1d\x92\xcb3\x030\x03v\xb2|\xa6\xa4U=J\xd7\x9d\xa3\x97L\xadG\xab\xfbUd\x1e\x8e\x1e_\xa6Fz\xbdq=hE\x9920\xf2\x8a\xe2}\xb4\x84U\xa0\xa6\x99r5\x94q\t\xed\x8aE\x9a"\xee+\xc7\xbf\xa2\xb0\xed\x98 Qm7A\x80\xc9"\xbf\x04k0\x98\xed\x0e\xc5x\xa5\\e\'IP\x98\x8c\x01:\xd7|\x8b\xa0\xa8\x99m\xf0\x93;B\x171@\x01\xb2\xe7\x0e\xf1b\xf1\xdf=\x02\x03\x01\x00\x01\xa3c0a0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00M\x83\xbe\xbc5x)\x01\xf6\xf6\xc7o\xac\xb04,k\xc3\x91\x0f l9_\x8cp\x99l9A\xbb\xc4\x8ef"m\x96\x93\xce\xbe\xe411\xff\x17\xda\x11=t_N\xd4\xb4R\xaery\x1c\xc6\x9b\n\xc3$O.\'\xf6\xf7\xb8\x17\x13\x13\xbd\xec2\xf6\x0b\xdb\xc2\x90G*\xe3\x1f\xafc\xe3E\xd9R\x1f%\xe2\x18\xd2\xba\xfd\xa1%\x94\xd1\x04Z\x99)lt\x85.\x8a\x8ch4\xb9\xb6w\x99\xab\xfe\xce\x17\xfe\xf7\xeaY\x93\x08\xe6_\xd5\xb8\x84`\xf58r\xf9&\xa1\x95\x97\xd0Ut$d\xa6\x92!\xac\x961wp\x1er09W\x88\x0b\xc6G\xe5Et9\x07\xcc\xcc\xc2\xcdD\xeb\xfd"q\xcc\xa0\x99\x13\x1a\x89\xab\xb6z\x0c\xd2%SN|\xd0a\\0*\xb0\x15\xa8]k5`&/\x80\xfe\xc7\xd4\x18s?\xe8\x8d\xe8\xc6Fb\xb5\n\xc5\x10]\xb4\x19c\xfeU|Q\x0c>\xcc\xf7\xc7\xf83\x8au\xf1\xed\xc6o\xb4\x80\x8e\x97\x06\xfb\xf05#\xa3Z\xf7(\x01\x16"\xe5Dd\xd7\n\x03\x1b\xf6\x8d\x04\xc0\xb0\xcf\r\xf8\xd4x\xc5\x9b\xff\x85\x86\xfcwG\xc1r\x0b\x13\x98<W\xbf\x02\xdfwW\xa5\xe3&\xd5z\xd8\x15\x876\x9bN5\xe4\xa2\x07H&;H\x1e\x92$1D\x93\xde\xefx\x13\xd5\xec\x9b\xd5<\xe8\xc2\xb0\xafz#F\'\xc8\x08\xfc\x13\xb9\x927\x8f\x86\xbf\x89?\x1e\x15\x85D#c-\xbc\xacV\x9aE\xb0\x13\xbcS$\x8a\xdf\x17d\xd31Ts\x9f\xbf\x8b\x9a\x13$\x84\x8b' to type <class 'cryptography.x509.base.Certificate'>
Cannot obtain CA certificate
'ldap://f0.cockpit.lan' doesn't have a certificate.
Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Some installation state for ntp has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state
Some installation state has not been restored.
This may cause re-installation to fail.
It should be safe to remove /var/lib/ipa-client/sysrestore.state but it may
 mean your system hasn't been restored to its pre-installation state.
Client uninstall complete.

The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
This program will set up IPA client.
Version 4.11.1

WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd

Using default chrony configuration.
 ! Running ipa-client-install failed
realm: Couldn't join realm: Running ipa-client-install failed
+ systemctl --quiet is-failed sssd.service
+ journalctl -u realmd.service
+ exit 1
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1037, in testNegotiate
    self.configure_kerberos("/etc/cockpit/krb5.keytab")
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1007, in configure_kerberos
    self.machine.execute(JOIN_SCRIPT % args, timeout=1800)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2301', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-18213', '127.0.0.2', 'set -e;', '\nset -ex\n# Wait until zones from LDAP get loaded\nfor x in $(seq 1 20); do\n    if nslookup -type=SRV _ldap._tcp.cockpit.lan; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\nif ! echo \'foobarfoo\' | realm join -vU admin cockpit.lan; then\n    if systemctl --quiet is-failed sssd.service; then\n        systemctl status --lines=100 sssd.service >&2\n    fi\n    journalctl -u realmd.service\n    exit 1\nfi\n\n# On certain OS\'s it takes time for sssd to come up properly\n#   [8347] 1528294262.886088: Sending initial UDP request to dgram 172.27.0.15:88\n#   kinit: Cannot contact any KDC for realm \'COCKPIT.LAN\' while getting initial credentials\nfor x in $(seq 1 20); do\n    if echo \'foobarfoo\' | KRB5_TRACE=/dev/stderr kinit -f admin@COCKPIT.LAN; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\n# create SPN and keytab for ws\nif type ipa >/dev/null 2>&1; then\n    LC_ALL=C.UTF-8 ipa service-add --ok-as-delegate=true --force HTTP/x0.cockpit.lan@COCKPIT.LAN\nelse\n    curl --insecure -s --negotiate -u : \\\n         --header \'Referer: https://services.cockpit.lan/ipa\' \\\n         --header "Content-Type: application/json" \\\n         --header "Accept: application/json" \\\n         --data \'{"params":\n                  [\n                    ["HTTP/x0.cockpit.lan@COCKPIT.LAN"],\n                    {"raw": false, "all": false, "version": "2.101",\n                     "force": true, "no_members": false, "ipakrbokasdelegate": true}\n                  ], "method": "service_add", "id": 0}\' \\\n         https://services.cockpit.lan/ipa/json\nfi\nipa-getkeytab -p HTTP/x0.cockpit.lan -k /etc/cockpit/krb5.keytab\n\n# HACK: due to sudo\'s "last rule wins", our /etc/sudoers rule becomes trumped by sssd\'s, so swap the order\nsed -i \'/^sudoers:/ s/files sss/sss files/\' /etc/nsswitch.conf\n')' returned non-zero exit status 1.

Wrote screenshot to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2301-FAIL.png
Wrote HTML dump to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2301-FAIL.html
Journal extracted to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2301-FAIL.log.gz
Journal extracted to TestKerberos-testNegotiate-services-127.0.0.2-2302-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1037, in testNegotiate
    self.configure_kerberos("/etc/cockpit/krb5.keytab")
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1007, in configure_kerberos
    self.machine.execute(JOIN_SCRIPT % args, timeout=1800)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2301', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-18213', '127.0.0.2', 'set -e;', '\nset -ex\n# Wait until zones from LDAP get loaded\nfor x in $(seq 1 20); do\n    if nslookup -type=SRV _ldap._tcp.cockpit.lan; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\nif ! echo \'foobarfoo\' | realm join -vU admin cockpit.lan; then\n    if systemctl --quiet is-failed sssd.service; then\n        systemctl status --lines=100 sssd.service >&2\n    fi\n    journalctl -u realmd.service\n    exit 1\nfi\n\n# On certain OS\'s it takes time for sssd to come up properly\n#   [8347] 1528294262.886088: Sending initial UDP request to dgram 172.27.0.15:88\n#   kinit: Cannot contact any KDC for realm \'COCKPIT.LAN\' while getting initial credentials\nfor x in $(seq 1 20); do\n    if echo \'foobarfoo\' | KRB5_TRACE=/dev/stderr kinit -f admin@COCKPIT.LAN; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\n# create SPN and keytab for ws\nif type ipa >/dev/null 2>&1; then\n    LC_ALL=C.UTF-8 ipa service-add --ok-as-delegate=true --force HTTP/x0.cockpit.lan@COCKPIT.LAN\nelse\n    curl --insecure -s --negotiate -u : \\\n         --header \'Referer: https://services.cockpit.lan/ipa\' \\\n         --header "Content-Type: application/json" \\\n         --header "Accept: application/json" \\\n         --data \'{"params":\n                  [\n                    ["HTTP/x0.cockpit.lan@COCKPIT.LAN"],\n                    {"raw": false, "all": false, "version": "2.101",\n                     "force": true, "no_members": false, "ipakrbokasdelegate": true}\n                  ], "method": "service_add", "id": 0}\' \\\n         https://services.cockpit.lan/ipa/json\nfi\nipa-getkeytab -p HTTP/x0.cockpit.lan -k /etc/cockpit/krb5.keytab\n\n# HACK: due to sudo\'s "last rule wins", our /etc/sudoers rule becomes trumped by sssd\'s, so swap the order\nsed -i \'/^sudoers:/ s/files sss/sss files/\' /etc/nsswitch.conf\n')' returned non-zero exit status 1.

# Result testNegotiate (__main__.TestKerberos.testNegotiate) failed
# 1 TEST FAILED [80s on 111d4d9829b3]
not ok 61 test/verify/check-system-realms TestKerberos.testNegotiate $2

First occurrence: 2024-10-22T09:53:10.843627+00:00 | revision d8f45b0773c45ab98f2a170b2e46ee16f8db3e87 Times recorded: 1 Latest occurrences:

2024-10-22T09:53:10.843627+00:00 | revision d8f45b0773c45ab98f2a170b2e46ee16f8db3e87

# ----------------------------------------------------------------------
# testQualifiedUsers (__main__.TestIPA.testQualifiedUsers)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 44689
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 44689.
time="2024-10-22T09:51:01Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
> warn: Resolving coreutils failed: {"problem":null,"name":"org.freedesktop.PackageKit.Transaction.RefusedByPolicy","message":"sender does not match (:1.57 vs :1.51)"}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., MiB, [object Object]) is deprecated.
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 130, in testQualifiedUsers
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 809, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 800, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 797, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

Wrote screenshot to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.png
Wrote HTML dump to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.html
Wrote JS log to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.js.log
Journal extracted to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.log.gz
Journal extracted to TestIPA-testQualifiedUsers-services-127.0.0.2-2402-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 130, in testQualifiedUsers
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 809, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 800, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 797, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

# Result testQualifiedUsers (__main__.TestIPA.testQualifiedUsers) failed
# 1 TEST FAILED [376s on 111d4d9829b3]
not ok 59 test/verify/check-system-realms TestIPA.testQualifiedUsers $2

First occurrence: 2024-10-22T09:56:51.729592+00:00 | revision d8f45b0773c45ab98f2a170b2e46ee16f8db3e87 Times recorded: 1 Latest occurrences:

2024-10-22T09:56:51.729592+00:00 | revision d8f45b0773c45ab98f2a170b2e46ee16f8db3e87

# ----------------------------------------------------------------------
# testNegotiate (__main__.TestKerberos.testNegotiate)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 52971
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 52971.
userdel: admin mail spool (/var/mail/admin) not found
time="2024-10-22T11:19:23Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
++ seq 1 20
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 1
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 2
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 3
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 4
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 5
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 6
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 7
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ break
+ echo foobarfoo
+ realm join -vU admin cockpit.lan
 * Resolving: _ldap._tcp.cockpit.lan
 * Performing LDAP DSE lookup on: 10.111.112.100
 * Successfully discovered: cockpit.lan
 * Unconditionally checking packages
 * Resolving required packages
 * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W --force-ntpd
Option --force-ntpd has been deprecated and will be removed in a future release.
Discovery was successful!
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04J0\x82\x02\xb2\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241018224435Z\x17\r441018224435Z061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xba\xae\xe4\x17\xc2{\x85\xb6\xda\x9b\x92\x14>\xae \xc6k\xac\x05\xd8/\xa7/\xda\xa0i\x002\xd4\xec\x93\xfc\x1et(\x86\xab\x88a\x84\x1f\x90\xbb\xab\xe7\xa78X\xfe\xb6\xba\x85\xe4\xe0\xee\x02\x92\xdf\xc45\xbby\xb9N)mi\xa4\xcd\x1e\x8aJ\x00\x85\x1d\xbf\xda\xd6\x04\xcaT\xdc\x9eC\x9c\t1\x9dj|asH\xbe\x80E\xfb\x18\xbf\x13>5\xdcF\xfb\xfe\xc4\x84\xd9\\L\x93\xd1\xd9\x9b\x07\xa9\xb4Jq\xb3\xf7\x85d\xa8\xf6\xf1\xbcW=\x14\r\\\xb30R \x15"i+\x05\x89\xbd8\xd7|\xa3\x91Y\xf1\x8ad\x1fu \x99\xbc\x18\xbf\xc9C\xd4\x00\xbd\x86\x05\xb8\xf6\xa9\xbd{\x01B\xf5\x1a\xa2O\x1b\xb69U\x1e\xf7o\x85\xcf\x035Y\xf8q\x83\xc9\xffw\x19g\x87\xf8\xbc\x066TU\xd0\x91\x8a[\xde\xac\xcc\x10\xbbNy\x90\x1b@)\x1b\x7fs\x06@\xd4tz\xbf\x83Y\x90$+!%-\xf3:\xda\xe0Qej\xeb\xe6L;\xa3!nJk\xa8N\xdcH\xb2 \xe4g\xb0\x103G\x1d\x92\xcb3\x030\x03v\xb2|\xa6\xa4U=J\xd7\x9d\xa3\x97L\xadG\xab\xfbUd\x1e\x8e\x1e_\xa6Fz\xbdq=hE\x9920\xf2\x8a\xe2}\xb4\x84U\xa0\xa6\x99r5\x94q\t\xed\x8aE\x9a"\xee+\xc7\xbf\xa2\xb0\xed\x98 Qm7A\x80\xc9"\xbf\x04k0\x98\xed\x0e\xc5x\xa5\\e\'IP\x98\x8c\x01:\xd7|\x8b\xa0\xa8\x99m\xf0\x93;B\x171@\x01\xb2\xe7\x0e\xf1b\xf1\xdf=\x02\x03\x01\x00\x01\xa3c0a0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00M\x83\xbe\xbc5x)\x01\xf6\xf6\xc7o\xac\xb04,k\xc3\x91\x0f l9_\x8cp\x99l9A\xbb\xc4\x8ef"m\x96\x93\xce\xbe\xe411\xff\x17\xda\x11=t_N\xd4\xb4R\xaery\x1c\xc6\x9b\n\xc3$O.\'\xf6\xf7\xb8\x17\x13\x13\xbd\xec2\xf6\x0b\xdb\xc2\x90G*\xe3\x1f\xafc\xe3E\xd9R\x1f%\xe2\x18\xd2\xba\xfd\xa1%\x94\xd1\x04Z\x99)lt\x85.\x8a\x8ch4\xb9\xb6w\x99\xab\xfe\xce\x17\xfe\xf7\xeaY\x93\x08\xe6_\xd5\xb8\x84`\xf58r\xf9&\xa1\x95\x97\xd0Ut$d\xa6\x92!\xac\x961wp\x1er09W\x88\x0b\xc6G\xe5Et9\x07\xcc\xcc\xc2\xcdD\xeb\xfd"q\xcc\xa0\x99\x13\x1a\x89\xab\xb6z\x0c\xd2%SN|\xd0a\\0*\xb0\x15\xa8]k5`&/\x80\xfe\xc7\xd4\x18s?\xe8\x8d\xe8\xc6Fb\xb5\n\xc5\x10]\xb4\x19c\xfeU|Q\x0c>\xcc\xf7\xc7\xf83\x8au\xf1\xed\xc6o\xb4\x80\x8e\x97\x06\xfb\xf05#\xa3Z\xf7(\x01\x16"\xe5Dd\xd7\n\x03\x1b\xf6\x8d\x04\xc0\xb0\xcf\r\xf8\xd4x\xc5\x9b\xff\x85\x86\xfcwG\xc1r\x0b\x13\x98<W\xbf\x02\xdfwW\xa5\xe3&\xd5z\xd8\x15\x876\x9bN5\xe4\xa2\x07H&;H\x1e\x92$1D\x93\xde\xefx\x13\xd5\xec\x9b\xd5<\xe8\xc2\xb0\xafz#F\'\xc8\x08\xfc\x13\xb9\x927\x8f\x86\xbf\x89?\x1e\x15\x85D#c-\xbc\xacV\x9aE\xb0\x13\xbcS$\x8a\xdf\x17d\xd31Ts\x9f\xbf\x8b\x9a\x13$\x84\x8b' to type <class 'cryptography.x509.base.Certificate'>
Cannot obtain CA certificate
'ldap://f0.cockpit.lan' doesn't have a certificate.
Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Some installation state for ntp has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state
Some installation state has not been restored.
This may cause re-installation to fail.
It should be safe to remove /var/lib/ipa-client/sysrestore.state but it may
 mean your system hasn't been restored to its pre-installation state.
Client uninstall complete.

The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
This program will set up IPA client.
Version 4.11.1

WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd

Using default chrony configuration.
 ! Running ipa-client-install failed
realm: Couldn't join realm: Running ipa-client-install failed
+ systemctl --quiet is-failed sssd.service
+ journalctl -u realmd.service
+ exit 1
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1037, in testNegotiate
    self.configure_kerberos("/etc/cockpit/krb5.keytab")
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1007, in configure_kerberos
    self.machine.execute(JOIN_SCRIPT % args, timeout=1800)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2501', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-17624', '127.0.0.2', 'set -e;', '\nset -ex\n# Wait until zones from LDAP get loaded\nfor x in $(seq 1 20); do\n    if nslookup -type=SRV _ldap._tcp.cockpit.lan; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\nif ! echo \'foobarfoo\' | realm join -vU admin cockpit.lan; then\n    if systemctl --quiet is-failed sssd.service; then\n        systemctl status --lines=100 sssd.service >&2\n    fi\n    journalctl -u realmd.service\n    exit 1\nfi\n\n# On certain OS\'s it takes time for sssd to come up properly\n#   [8347] 1528294262.886088: Sending initial UDP request to dgram 172.27.0.15:88\n#   kinit: Cannot contact any KDC for realm \'COCKPIT.LAN\' while getting initial credentials\nfor x in $(seq 1 20); do\n    if echo \'foobarfoo\' | KRB5_TRACE=/dev/stderr kinit -f admin@COCKPIT.LAN; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\n# create SPN and keytab for ws\nif type ipa >/dev/null 2>&1; then\n    LC_ALL=C.UTF-8 ipa service-add --ok-as-delegate=true --force HTTP/x0.cockpit.lan@COCKPIT.LAN\nelse\n    curl --insecure -s --negotiate -u : \\\n         --header \'Referer: https://services.cockpit.lan/ipa\' \\\n         --header "Content-Type: application/json" \\\n         --header "Accept: application/json" \\\n         --data \'{"params":\n                  [\n                    ["HTTP/x0.cockpit.lan@COCKPIT.LAN"],\n                    {"raw": false, "all": false, "version": "2.101",\n                     "force": true, "no_members": false, "ipakrbokasdelegate": true}\n                  ], "method": "service_add", "id": 0}\' \\\n         https://services.cockpit.lan/ipa/json\nfi\nipa-getkeytab -p HTTP/x0.cockpit.lan -k /etc/cockpit/krb5.keytab\n\n# HACK: due to sudo\'s "last rule wins", our /etc/sudoers rule becomes trumped by sssd\'s, so swap the order\nsed -i \'/^sudoers:/ s/files sss/sss files/\' /etc/nsswitch.conf\n')' returned non-zero exit status 1.

Wrote screenshot to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2501-FAIL.png
Wrote HTML dump to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2501-FAIL.html
Journal extracted to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2501-FAIL.log.gz
Journal extracted to TestKerberos-testNegotiate-services-127.0.0.2-2502-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1037, in testNegotiate
    self.configure_kerberos("/etc/cockpit/krb5.keytab")
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1007, in configure_kerberos
    self.machine.execute(JOIN_SCRIPT % args, timeout=1800)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2501', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-17624', '127.0.0.2', 'set -e;', '\nset -ex\n# Wait until zones from LDAP get loaded\nfor x in $(seq 1 20); do\n    if nslookup -type=SRV _ldap._tcp.cockpit.lan; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\nif ! echo \'foobarfoo\' | realm join -vU admin cockpit.lan; then\n    if systemctl --quiet is-failed sssd.service; then\n        systemctl status --lines=100 sssd.service >&2\n    fi\n    journalctl -u realmd.service\n    exit 1\nfi\n\n# On certain OS\'s it takes time for sssd to come up properly\n#   [8347] 1528294262.886088: Sending initial UDP request to dgram 172.27.0.15:88\n#   kinit: Cannot contact any KDC for realm \'COCKPIT.LAN\' while getting initial credentials\nfor x in $(seq 1 20); do\n    if echo \'foobarfoo\' | KRB5_TRACE=/dev/stderr kinit -f admin@COCKPIT.LAN; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\n# create SPN and keytab for ws\nif type ipa >/dev/null 2>&1; then\n    LC_ALL=C.UTF-8 ipa service-add --ok-as-delegate=true --force HTTP/x0.cockpit.lan@COCKPIT.LAN\nelse\n    curl --insecure -s --negotiate -u : \\\n         --header \'Referer: https://services.cockpit.lan/ipa\' \\\n         --header "Content-Type: application/json" \\\n         --header "Accept: application/json" \\\n         --data \'{"params":\n                  [\n                    ["HTTP/x0.cockpit.lan@COCKPIT.LAN"],\n                    {"raw": false, "all": false, "version": "2.101",\n                     "force": true, "no_members": false, "ipakrbokasdelegate": true}\n                  ], "method": "service_add", "id": 0}\' \\\n         https://services.cockpit.lan/ipa/json\nfi\nipa-getkeytab -p HTTP/x0.cockpit.lan -k /etc/cockpit/krb5.keytab\n\n# HACK: due to sudo\'s "last rule wins", our /etc/sudoers rule becomes trumped by sssd\'s, so swap the order\nsed -i \'/^sudoers:/ s/files sss/sss files/\' /etc/nsswitch.conf\n')' returned non-zero exit status 1.

# Result testNegotiate (__main__.TestKerberos.testNegotiate) failed
# 1 TEST FAILED [80s on 7c8fb2ba07aa]
not ok 41 test/verify/check-system-realms TestKerberos.testNegotiate $2

First occurrence: 2024-10-22T11:20:15.804470+00:00 | revision 8f18d3bd4f4ad11bd7cfe1072a54cfb9df64f359 Times recorded: 1 Latest occurrences:

2024-10-22T11:20:15.804470+00:00 | revision 8f18d3bd4f4ad11bd7cfe1072a54cfb9df64f359

# ----------------------------------------------------------------------
# testQualifiedUsers (__main__.TestIPA.testQualifiedUsers)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 58949
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 58949.
time="2024-10-22T11:18:04Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
> warn: cockpit.format_{bytes,bits}[_per_sec](..., MiB, [object Object]) is deprecated.
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 130, in testQualifiedUsers
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 808, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 799, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 796, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

Wrote screenshot to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2301-FAIL.png
Wrote HTML dump to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2301-FAIL.html
Wrote JS log to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2301-FAIL.js.log
Journal extracted to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2301-FAIL.log.gz
Journal extracted to TestIPA-testQualifiedUsers-services-127.0.0.2-2302-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 130, in testQualifiedUsers
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 808, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 799, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 796, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

# Result testQualifiedUsers (__main__.TestIPA.testQualifiedUsers) failed
# 1 TEST FAILED [377s on 7c8fb2ba07aa]
not ok 39 test/verify/check-system-realms TestIPA.testQualifiedUsers $2

First occurrence: 2024-10-22T11:23:55.220621+00:00 | revision 8f18d3bd4f4ad11bd7cfe1072a54cfb9df64f359 Times recorded: 1 Latest occurrences:

2024-10-22T11:23:55.220621+00:00 | revision 8f18d3bd4f4ad11bd7cfe1072a54cfb9df64f359

# ----------------------------------------------------------------------
# testNegotiate (__main__.TestKerberos.testNegotiate)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 36261
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 36261.
userdel: admin mail spool (/var/mail/admin) not found
time="2024-10-22T13:05:35Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
++ seq 1 20
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 1
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 2
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 3
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 4
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 5
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 6
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ sleep 7
+ for x in $(seq 1 20)
+ nslookup -type=SRV _ldap._tcp.cockpit.lan
+ break
+ echo foobarfoo
+ realm join -vU admin cockpit.lan
 * Resolving: _ldap._tcp.cockpit.lan
 * Performing LDAP DSE lookup on: 10.111.112.100
 * Successfully discovered: cockpit.lan
 * Unconditionally checking packages
 * Resolving required packages
 * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W --force-ntpd
Option --force-ntpd has been deprecated and will be removed in a future release.
Discovery was successful!
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04J0\x82\x02\xb2\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241018224435Z\x17\r441018224435Z061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xba\xae\xe4\x17\xc2{\x85\xb6\xda\x9b\x92\x14>\xae \xc6k\xac\x05\xd8/\xa7/\xda\xa0i\x002\xd4\xec\x93\xfc\x1et(\x86\xab\x88a\x84\x1f\x90\xbb\xab\xe7\xa78X\xfe\xb6\xba\x85\xe4\xe0\xee\x02\x92\xdf\xc45\xbby\xb9N)mi\xa4\xcd\x1e\x8aJ\x00\x85\x1d\xbf\xda\xd6\x04\xcaT\xdc\x9eC\x9c\t1\x9dj|asH\xbe\x80E\xfb\x18\xbf\x13>5\xdcF\xfb\xfe\xc4\x84\xd9\\L\x93\xd1\xd9\x9b\x07\xa9\xb4Jq\xb3\xf7\x85d\xa8\xf6\xf1\xbcW=\x14\r\\\xb30R \x15"i+\x05\x89\xbd8\xd7|\xa3\x91Y\xf1\x8ad\x1fu \x99\xbc\x18\xbf\xc9C\xd4\x00\xbd\x86\x05\xb8\xf6\xa9\xbd{\x01B\xf5\x1a\xa2O\x1b\xb69U\x1e\xf7o\x85\xcf\x035Y\xf8q\x83\xc9\xffw\x19g\x87\xf8\xbc\x066TU\xd0\x91\x8a[\xde\xac\xcc\x10\xbbNy\x90\x1b@)\x1b\x7fs\x06@\xd4tz\xbf\x83Y\x90$+!%-\xf3:\xda\xe0Qej\xeb\xe6L;\xa3!nJk\xa8N\xdcH\xb2 \xe4g\xb0\x103G\x1d\x92\xcb3\x030\x03v\xb2|\xa6\xa4U=J\xd7\x9d\xa3\x97L\xadG\xab\xfbUd\x1e\x8e\x1e_\xa6Fz\xbdq=hE\x9920\xf2\x8a\xe2}\xb4\x84U\xa0\xa6\x99r5\x94q\t\xed\x8aE\x9a"\xee+\xc7\xbf\xa2\xb0\xed\x98 Qm7A\x80\xc9"\xbf\x04k0\x98\xed\x0e\xc5x\xa5\\e\'IP\x98\x8c\x01:\xd7|\x8b\xa0\xa8\x99m\xf0\x93;B\x171@\x01\xb2\xe7\x0e\xf1b\xf1\xdf=\x02\x03\x01\x00\x01\xa3c0a0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00M\x83\xbe\xbc5x)\x01\xf6\xf6\xc7o\xac\xb04,k\xc3\x91\x0f l9_\x8cp\x99l9A\xbb\xc4\x8ef"m\x96\x93\xce\xbe\xe411\xff\x17\xda\x11=t_N\xd4\xb4R\xaery\x1c\xc6\x9b\n\xc3$O.\'\xf6\xf7\xb8\x17\x13\x13\xbd\xec2\xf6\x0b\xdb\xc2\x90G*\xe3\x1f\xafc\xe3E\xd9R\x1f%\xe2\x18\xd2\xba\xfd\xa1%\x94\xd1\x04Z\x99)lt\x85.\x8a\x8ch4\xb9\xb6w\x99\xab\xfe\xce\x17\xfe\xf7\xeaY\x93\x08\xe6_\xd5\xb8\x84`\xf58r\xf9&\xa1\x95\x97\xd0Ut$d\xa6\x92!\xac\x961wp\x1er09W\x88\x0b\xc6G\xe5Et9\x07\xcc\xcc\xc2\xcdD\xeb\xfd"q\xcc\xa0\x99\x13\x1a\x89\xab\xb6z\x0c\xd2%SN|\xd0a\\0*\xb0\x15\xa8]k5`&/\x80\xfe\xc7\xd4\x18s?\xe8\x8d\xe8\xc6Fb\xb5\n\xc5\x10]\xb4\x19c\xfeU|Q\x0c>\xcc\xf7\xc7\xf83\x8au\xf1\xed\xc6o\xb4\x80\x8e\x97\x06\xfb\xf05#\xa3Z\xf7(\x01\x16"\xe5Dd\xd7\n\x03\x1b\xf6\x8d\x04\xc0\xb0\xcf\r\xf8\xd4x\xc5\x9b\xff\x85\x86\xfcwG\xc1r\x0b\x13\x98<W\xbf\x02\xdfwW\xa5\xe3&\xd5z\xd8\x15\x876\x9bN5\xe4\xa2\x07H&;H\x1e\x92$1D\x93\xde\xefx\x13\xd5\xec\x9b\xd5<\xe8\xc2\xb0\xafz#F\'\xc8\x08\xfc\x13\xb9\x927\x8f\x86\xbf\x89?\x1e\x15\x85D#c-\xbc\xacV\x9aE\xb0\x13\xbcS$\x8a\xdf\x17d\xd31Ts\x9f\xbf\x8b\x9a\x13$\x84\x8b' to type <class 'cryptography.x509.base.Certificate'>
Cannot obtain CA certificate
'ldap://f0.cockpit.lan' doesn't have a certificate.
Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Some installation state for ntp has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state
Some installation state has not been restored.
This may cause re-installation to fail.
It should be safe to remove /var/lib/ipa-client/sysrestore.state but it may
 mean your system hasn't been restored to its pre-installation state.
Client uninstall complete.

The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
This program will set up IPA client.
Version 4.11.1

WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd

Using default chrony configuration.
 ! Running ipa-client-install failed
realm: Couldn't join realm: Running ipa-client-install failed
+ systemctl --quiet is-failed sssd.service
+ journalctl -u realmd.service
+ exit 1
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1037, in testNegotiate
    self.configure_kerberos("/etc/cockpit/krb5.keytab")
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1007, in configure_kerberos
    self.machine.execute(JOIN_SCRIPT % args, timeout=1800)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2301', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-18122', '127.0.0.2', 'set -e;', '\nset -ex\n# Wait until zones from LDAP get loaded\nfor x in $(seq 1 20); do\n    if nslookup -type=SRV _ldap._tcp.cockpit.lan; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\nif ! echo \'foobarfoo\' | realm join -vU admin cockpit.lan; then\n    if systemctl --quiet is-failed sssd.service; then\n        systemctl status --lines=100 sssd.service >&2\n    fi\n    journalctl -u realmd.service\n    exit 1\nfi\n\n# On certain OS\'s it takes time for sssd to come up properly\n#   [8347] 1528294262.886088: Sending initial UDP request to dgram 172.27.0.15:88\n#   kinit: Cannot contact any KDC for realm \'COCKPIT.LAN\' while getting initial credentials\nfor x in $(seq 1 20); do\n    if echo \'foobarfoo\' | KRB5_TRACE=/dev/stderr kinit -f admin@COCKPIT.LAN; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\n# create SPN and keytab for ws\nif type ipa >/dev/null 2>&1; then\n    LC_ALL=C.UTF-8 ipa service-add --ok-as-delegate=true --force HTTP/x0.cockpit.lan@COCKPIT.LAN\nelse\n    curl --insecure -s --negotiate -u : \\\n         --header \'Referer: https://services.cockpit.lan/ipa\' \\\n         --header "Content-Type: application/json" \\\n         --header "Accept: application/json" \\\n         --data \'{"params":\n                  [\n                    ["HTTP/x0.cockpit.lan@COCKPIT.LAN"],\n                    {"raw": false, "all": false, "version": "2.101",\n                     "force": true, "no_members": false, "ipakrbokasdelegate": true}\n                  ], "method": "service_add", "id": 0}\' \\\n         https://services.cockpit.lan/ipa/json\nfi\nipa-getkeytab -p HTTP/x0.cockpit.lan -k /etc/cockpit/krb5.keytab\n\n# HACK: due to sudo\'s "last rule wins", our /etc/sudoers rule becomes trumped by sssd\'s, so swap the order\nsed -i \'/^sudoers:/ s/files sss/sss files/\' /etc/nsswitch.conf\n')' returned non-zero exit status 1.

Wrote screenshot to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2301-FAIL.png
Wrote HTML dump to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2301-FAIL.html
Journal extracted to TestKerberos-testNegotiate-ubuntu-stable-127.0.0.2-2301-FAIL.log.gz
Journal extracted to TestKerberos-testNegotiate-services-127.0.0.2-2302-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1037, in testNegotiate
    self.configure_kerberos("/etc/cockpit/krb5.keytab")
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 1007, in configure_kerberos
    self.machine.execute(JOIN_SCRIPT % args, timeout=1800)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2301', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-18122', '127.0.0.2', 'set -e;', '\nset -ex\n# Wait until zones from LDAP get loaded\nfor x in $(seq 1 20); do\n    if nslookup -type=SRV _ldap._tcp.cockpit.lan; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\nif ! echo \'foobarfoo\' | realm join -vU admin cockpit.lan; then\n    if systemctl --quiet is-failed sssd.service; then\n        systemctl status --lines=100 sssd.service >&2\n    fi\n    journalctl -u realmd.service\n    exit 1\nfi\n\n# On certain OS\'s it takes time for sssd to come up properly\n#   [8347] 1528294262.886088: Sending initial UDP request to dgram 172.27.0.15:88\n#   kinit: Cannot contact any KDC for realm \'COCKPIT.LAN\' while getting initial credentials\nfor x in $(seq 1 20); do\n    if echo \'foobarfoo\' | KRB5_TRACE=/dev/stderr kinit -f admin@COCKPIT.LAN; then\n        break\n    else\n        sleep $x\n    fi\ndone\n\n# create SPN and keytab for ws\nif type ipa >/dev/null 2>&1; then\n    LC_ALL=C.UTF-8 ipa service-add --ok-as-delegate=true --force HTTP/x0.cockpit.lan@COCKPIT.LAN\nelse\n    curl --insecure -s --negotiate -u : \\\n         --header \'Referer: https://services.cockpit.lan/ipa\' \\\n         --header "Content-Type: application/json" \\\n         --header "Accept: application/json" \\\n         --data \'{"params":\n                  [\n                    ["HTTP/x0.cockpit.lan@COCKPIT.LAN"],\n                    {"raw": false, "all": false, "version": "2.101",\n                     "force": true, "no_members": false, "ipakrbokasdelegate": true}\n                  ], "method": "service_add", "id": 0}\' \\\n         https://services.cockpit.lan/ipa/json\nfi\nipa-getkeytab -p HTTP/x0.cockpit.lan -k /etc/cockpit/krb5.keytab\n\n# HACK: due to sudo\'s "last rule wins", our /etc/sudoers rule becomes trumped by sssd\'s, so swap the order\nsed -i \'/^sudoers:/ s/files sss/sss files/\' /etc/nsswitch.conf\n')' returned non-zero exit status 1.

# Result testNegotiate (__main__.TestKerberos.testNegotiate) failed
# 1 TEST FAILED [81s on 2bb35c54a625]
not ok 61 test/verify/check-system-realms TestKerberos.testNegotiate $2

First occurrence: 2024-10-22T13:06:28.421841+00:00 | revision 09c0e1a8537c97dfda10aec17727535b0db3494b Times recorded: 1 Latest occurrences:

2024-10-22T13:06:28.421841+00:00 | revision 09c0e1a8537c97dfda10aec17727535b0db3494b

# ----------------------------------------------------------------------
# testQualifiedUsers (__main__.TestIPA.testQualifiedUsers)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 52509
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 52509.
time="2024-10-22T13:04:22Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
> warn: cockpit.format_{bytes,bits}[_per_sec](..., MiB, [object Object]) is deprecated.
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 130, in testQualifiedUsers
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 809, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 800, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 797, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

Wrote screenshot to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.png
Wrote HTML dump to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.html
Wrote JS log to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.js.log
Journal extracted to TestIPA-testQualifiedUsers-ubuntu-stable-127.0.0.2-2401-FAIL.log.gz
Journal extracted to TestIPA-testQualifiedUsers-services-127.0.0.2-2402-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 130, in testQualifiedUsers
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 809, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 800, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 797, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

# Result testQualifiedUsers (__main__.TestIPA.testQualifiedUsers) failed
# 1 TEST FAILED [379s on 2bb35c54a625]
not ok 59 test/verify/check-system-realms TestIPA.testQualifiedUsers $2

First occurrence: 2024-10-22T13:10:13.941385+00:00 | revision 09c0e1a8537c97dfda10aec17727535b0db3494b Times recorded: 1 Latest occurrences:

2024-10-22T13:10:13.941385+00:00 | revision 09c0e1a8537c97dfda10aec17727535b0db3494b

# ----------------------------------------------------------------------
# testUnqualifiedUsers (__main__.TestIPA.testUnqualifiedUsers)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 35021
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 35021.
time="2024-10-22T14:30:41Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
ipa: ERROR: cannot connect to 'https://f0.cockpit.lan/ipa/json': [Errno 111] Connection refused
userdel: admin mail spool (/var/mail/admin) not found
 * Resolving: _ldap._tcp.cockpit.lan
 * Performing LDAP DSE lookup on: 10.111.112.100
 * Successfully discovered: cockpit.lan
 * Unconditionally checking packages
 * Resolving required packages
 * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN --mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W --force-ntpd
Option --force-ntpd has been deprecated and will be removed in a future release.
Discovery was successful!
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
unable to convert the attribute 'cacertificate;binary' value b'0\x82\x04J0\x82\x02\xb2\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x1e\x17\r241018224435Z\x17\r441018224435Z061\x140\x12\x06\x03U\x04\n\x0c\x0bCOCKPIT.LAN1\x1e0\x1c\x06\x03U\x04\x03\x0c\x15Certificate Authority0\x82\x01\xa20\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\xba\xae\xe4\x17\xc2{\x85\xb6\xda\x9b\x92\x14>\xae \xc6k\xac\x05\xd8/\xa7/\xda\xa0i\x002\xd4\xec\x93\xfc\x1et(\x86\xab\x88a\x84\x1f\x90\xbb\xab\xe7\xa78X\xfe\xb6\xba\x85\xe4\xe0\xee\x02\x92\xdf\xc45\xbby\xb9N)mi\xa4\xcd\x1e\x8aJ\x00\x85\x1d\xbf\xda\xd6\x04\xcaT\xdc\x9eC\x9c\t1\x9dj|asH\xbe\x80E\xfb\x18\xbf\x13>5\xdcF\xfb\xfe\xc4\x84\xd9\\L\x93\xd1\xd9\x9b\x07\xa9\xb4Jq\xb3\xf7\x85d\xa8\xf6\xf1\xbcW=\x14\r\\\xb30R \x15"i+\x05\x89\xbd8\xd7|\xa3\x91Y\xf1\x8ad\x1fu \x99\xbc\x18\xbf\xc9C\xd4\x00\xbd\x86\x05\xb8\xf6\xa9\xbd{\x01B\xf5\x1a\xa2O\x1b\xb69U\x1e\xf7o\x85\xcf\x035Y\xf8q\x83\xc9\xffw\x19g\x87\xf8\xbc\x066TU\xd0\x91\x8a[\xde\xac\xcc\x10\xbbNy\x90\x1b@)\x1b\x7fs\x06@\xd4tz\xbf\x83Y\x90$+!%-\xf3:\xda\xe0Qej\xeb\xe6L;\xa3!nJk\xa8N\xdcH\xb2 \xe4g\xb0\x103G\x1d\x92\xcb3\x030\x03v\xb2|\xa6\xa4U=J\xd7\x9d\xa3\x97L\xadG\xab\xfbUd\x1e\x8e\x1e_\xa6Fz\xbdq=hE\x9920\xf2\x8a\xe2}\xb4\x84U\xa0\xa6\x99r5\x94q\t\xed\x8aE\x9a"\xee+\xc7\xbf\xa2\xb0\xed\x98 Qm7A\x80\xc9"\xbf\x04k0\x98\xed\x0e\xc5x\xa5\\e\'IP\x98\x8c\x01:\xd7|\x8b\xa0\xa8\x99m\xf0\x93;B\x171@\x01\xb2\xe7\x0e\xf1b\xf1\xdf=\x02\x03\x01\x00\x01\xa3c0a0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xa2\xa4\x9f\xd6F\x8d\xc4\xc4O\xb0\xc5\r?yi\x98\xc8\xb4\xb1\xb90\x0f\x06\x03U\x1d\x13\x01\x01\xff\x04\x050\x03\x01\x01\xff0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\xc60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x81\x00M\x83\xbe\xbc5x)\x01\xf6\xf6\xc7o\xac\xb04,k\xc3\x91\x0f l9_\x8cp\x99l9A\xbb\xc4\x8ef"m\x96\x93\xce\xbe\xe411\xff\x17\xda\x11=t_N\xd4\xb4R\xaery\x1c\xc6\x9b\n\xc3$O.\'\xf6\xf7\xb8\x17\x13\x13\xbd\xec2\xf6\x0b\xdb\xc2\x90G*\xe3\x1f\xafc\xe3E\xd9R\x1f%\xe2\x18\xd2\xba\xfd\xa1%\x94\xd1\x04Z\x99)lt\x85.\x8a\x8ch4\xb9\xb6w\x99\xab\xfe\xce\x17\xfe\xf7\xeaY\x93\x08\xe6_\xd5\xb8\x84`\xf58r\xf9&\xa1\x95\x97\xd0Ut$d\xa6\x92!\xac\x961wp\x1er09W\x88\x0b\xc6G\xe5Et9\x07\xcc\xcc\xc2\xcdD\xeb\xfd"q\xcc\xa0\x99\x13\x1a\x89\xab\xb6z\x0c\xd2%SN|\xd0a\\0*\xb0\x15\xa8]k5`&/\x80\xfe\xc7\xd4\x18s?\xe8\x8d\xe8\xc6Fb\xb5\n\xc5\x10]\xb4\x19c\xfeU|Q\x0c>\xcc\xf7\xc7\xf83\x8au\xf1\xed\xc6o\xb4\x80\x8e\x97\x06\xfb\xf05#\xa3Z\xf7(\x01\x16"\xe5Dd\xd7\n\x03\x1b\xf6\x8d\x04\xc0\xb0\xcf\r\xf8\xd4x\xc5\x9b\xff\x85\x86\xfcwG\xc1r\x0b\x13\x98<W\xbf\x02\xdfwW\xa5\xe3&\xd5z\xd8\x15\x876\x9bN5\xe4\xa2\x07H&;H\x1e\x92$1D\x93\xde\xefx\x13\xd5\xec\x9b\xd5<\xe8\xc2\xb0\xafz#F\'\xc8\x08\xfc\x13\xb9\x927\x8f\x86\xbf\x89?\x1e\x15\x85D#c-\xbc\xacV\x9aE\xb0\x13\xbcS$\x8a\xdf\x17d\xd31Ts\x9f\xbf\x8b\x9a\x13$\x84\x8b' to type <class 'cryptography.x509.base.Certificate'>
Cannot obtain CA certificate
'ldap://f0.cockpit.lan' doesn't have a certificate.
Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Some installation state for ntp has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state
Some installation state has not been restored.
This may cause re-installation to fail.
It should be safe to remove /var/lib/ipa-client/sysrestore.state but it may
 mean your system hasn't been restored to its pre-installation state.
Client uninstall complete.

The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
This program will set up IPA client.
Version 4.11.1

WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd

Using default chrony configuration.
 ! Running ipa-client-install failed
realm: Couldn't join realm: Running ipa-client-install failed
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 625, in testUnqualifiedUsers
    super().testUnqualifiedUsers()
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 289, in testUnqualifiedUsers
    m.execute(f"echo {self.admin_password} | realm join -vU {self.admin_user} cockpit.lan", timeout=300)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2201', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-17821', '127.0.0.2', 'set -e;', 'echo foobarfoo | realm join -vU admin cockpit.lan')' returned non-zero exit status 1.

Wrote screenshot to TestIPA-testUnqualifiedUsers-ubuntu-stable-127.0.0.2-2201-FAIL.png
Wrote HTML dump to TestIPA-testUnqualifiedUsers-ubuntu-stable-127.0.0.2-2201-FAIL.html
Journal extracted to TestIPA-testUnqualifiedUsers-ubuntu-stable-127.0.0.2-2201-FAIL.log.gz
Journal extracted to TestIPA-testUnqualifiedUsers-services-127.0.0.2-2202-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 625, in testUnqualifiedUsers
    super().testUnqualifiedUsers()
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 289, in testUnqualifiedUsers
    m.execute(f"echo {self.admin_password} | realm join -vU {self.admin_user} cockpit.lan", timeout=300)
  File "/work/make-checkout-workdir/bots/machine/machine_core/ssh_connection.py", line 327, in execute
    res = subprocess.run(command_line,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('env', '-u', 'LANGUAGE', 'LC_ALL=C', 'ssh', '-p', '2201', '-o', 'BatchMode=yes', '-o', 'IdentitiesOnly=yes', '-o', 'PKCS11Provider=none', '-o', 'StrictHostKeyChecking=no', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'LogLevel=ERROR', '-l', 'root', '-o', 'ControlPath=/tmp/.cockpit-test-resources/ssh-%C-17821', '127.0.0.2', 'set -e;', 'echo foobarfoo | realm join -vU admin cockpit.lan')' returned non-zero exit status 1.

# Result testUnqualifiedUsers (__main__.TestIPA.testUnqualifiedUsers) failed
# 1 TEST FAILED [119s on 91d8fcea5c31]
not ok 60 test/verify/check-system-realms TestIPA.testUnqualifiedUsers $2

First occurrence: 2024-10-22T14:31:46.446754+00:00 | revision dac40b12eedb3da6f9f595112d08e329e43459d0 Times recorded: 1 Latest occurrences:

2024-10-22T14:31:46.446754+00:00 | revision dac40b12eedb3da6f9f595112d08e329e43459d0

# ----------------------------------------------------------------------
# testClientCertAuthentication (__main__.TestIPA.testClientCertAuthentication)
Error: unknown connection 'ens15'.
Error: cannot delete unknown connection(s): 'ens15'.
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 53279
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 53279.
time="2024-10-22T14:29:28Z" level=warning msg="The input device is not a TTY. The --tty and --interactive flags might not work properly"
+ ipa user-add --first=Alice --last=Developer --shell=/bin/bash alice
+ yes WonderLand123
+ ipa user-mod --password alice
+ ipa user-mod --password-expiration=2030-01-01T00:00:00Z alice
+ openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout /tmp/alice.key -out /tmp/alice.csr -subj /CN=alice
Ignoring -days without -x509; not generating a certificate
....................+..........+...+.........+..+...+++++++++++++++++++++++++++++++++++++++*...+.....+.+.........+.....+++++++++++++++++++++++++++++++++++++++*...+....+...+.........+......+...+............+..+......+.+.....+...+......+....+........+.......+.......................+...+.........+......+....+..+....+......+......+..+..........+...+........+......+......+.........+......+.......+..+...+.+.....+.+.........+.....+.......+...+..............+.....................+.+...+..+................+.....+....+........+.+.........+...+..+............+.+........+.+........+.+.........+..+.........+.+.....+....+..+...+....+..+...+.........................+...+.....+....+...+..+.+..+.......+.....+.+........+......+......+.............+..............+.+.....................+..................+......+...........+......+.......+........+...+.......+...+..+..........+..+...+.........+......+...+....+......+.....+....+..+...+......+.+.....+....+..+....+........+...+..........+...+.....+.........+.+..+....+.....+....++++++
..........+...+............+.+.....+.......+.....+....+..............+.......+..+.+.....+......................+...+..+.........+.+++++++++++++++++++++++++++++++++++++++*..+......+.....+......+...+.......+...+..+...+......+.........+......+.+++++++++++++++++++++++++++++++++++++++*...+..+.......+.........+.....+.+...+......+..+...+......+.+...+..............+......+....+............+......+..............+.+.....+.........+...+.+....................+...............+.+...........+.........+...................+..+.......+..+..................+.......+......+...+..+....+...+.....+.+.....+......+......+...+...............+.......+............++++++
-----
+ ipa cert-request /tmp/alice.csr --principal=alice --certificate-out=/tmp/alice.pem
+ ipa group-add-member admins --users=alice
+ ipa-advise enable-admins-sudo
+ sh -ex
+ klist
+ '[' 0 -ne 0 ']'
+ ipa hbacrule-show admins_sudo
+ echo HBAC rule admins_sudo already exists
+ ipa sudorule-show admins_all
+ echo SUDO rule admins_all already exists
> warn: cockpit.format_{bytes,bits}[_per_sec](..., MiB, [object Object]) is deprecated.
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
> info: Object(4)
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 724, in testClientCertAuthentication
    self.checkClientCertAuthentication()
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 362, in checkClientCertAuthentication
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 809, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 800, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 797, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

Wrote screenshot to TestIPA-testClientCertAuthentication-ubuntu-stable-127.0.0.2-2301-FAIL.png
Wrote HTML dump to TestIPA-testClientCertAuthentication-ubuntu-stable-127.0.0.2-2301-FAIL.html
Wrote JS log to TestIPA-testClientCertAuthentication-ubuntu-stable-127.0.0.2-2301-FAIL.js.log
Journal extracted to TestIPA-testClientCertAuthentication-ubuntu-stable-127.0.0.2-2301-FAIL.log.gz
Journal extracted to TestIPA-testClientCertAuthentication-services-127.0.0.2-2302-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 724, in testClientCertAuthentication
    self.checkClientCertAuthentication()
  File "/work/make-checkout-workdir/test/verify/check-system-realms", line 362, in checkClientCertAuthentication
    b.wait_not_present("#realms-join-dialog")
  File "/work/make-checkout-workdir/test/common/testlib.py", line 809, in wait_not_present
    self.wait_js_func('!ph_is_present', selector)
  File "/work/make-checkout-workdir/test/common/testlib.py", line 800, in wait_js_func
    self.wait_js_cond("%s(%s)" % (func, ','.join(map(jsquote, args))))
  File "/work/make-checkout-workdir/test/common/testlib.py", line 797, in wait_js_cond
    raise Error(f"timeout\nwait_js_cond({cond}): {last_error.msg}") from None
testlib.Error: timeout
wait_js_cond(!ph_is_present("#realms-join-dialog")): Error: condition did not become true

# Result testClientCertAuthentication (__main__.TestIPA.testClientCertAuthentication) failed
# 1 TEST FAILED [432s on 91d8fcea5c31]
not ok 57 test/verify/check-system-realms TestIPA.testClientCertAuthentication $2

First occurrence: 2024-10-22T14:35:46.604254+00:00 | revision dac40b12eedb3da6f9f595112d08e329e43459d0 Times recorded: 1 Latest occurrences:

2024-10-22T14:35:46.604254+00:00 | revision dac40b12eedb3da6f9f595112d08e329e43459d0

cockpit-project / bots

ipa-client-install fails with TypeError: Can't instantiate abstract class IPACertificate without an implementation for abstract methods 'not_valid_after_utc', 'not_valid_before_utc' #6804