ansible-playbook [core 2.17.14] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.12/site-packages/ansible ansible collection location = /tmp/collections-xPI executable location = /usr/local/bin/ansible-playbook python version = 3.12.12 (main, Jan 16 2026, 00:00:00) [GCC 14.3.1 20251022 (Red Hat 14.3.1-4)] (/usr/bin/python3.12) jinja version = 3.1.6 libyaml = True No config file found; using defaults running playbook inside collection fedora.linux_system_roles statically imported: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'jsonl', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_ipa.yml ************************************************** 1 plays in /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml PLAY [Test using IPA to issue certs] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:2 Thursday 12 March 2026 19:19:34 -0400 (0:00:00.036) 0:00:00.036 ******** [WARNING]: Platform linux on host managed-node1 is using the discovered Python interpreter at /usr/bin/python3.12, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.17/reference_appendices/interpreter_discovery.html for more information. ok: [managed-node1] TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:16 Thursday 12 March 2026 19:19:37 -0400 (0:00:02.511) 0:00:02.547 ******** ok: [managed-node1] => { "changed": false, "stat": { "exists": false } } TASK [Skip if not supported] *************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:21 Thursday 12 March 2026 19:19:37 -0400 (0:00:00.424) 0:00:02.972 ******** META: end_host conditional evaluated to False, continuing execution for managed-node1 skipping: [managed-node1] => { "skip_reason": "end_host conditional evaluated to False, continuing execution for managed-node1" } MSG: end_host conditional evaluated to false, continuing execution for managed-node1 TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:2 Thursday 12 March 2026 19:19:37 -0400 (0:00:00.005) 0:00:02.977 ******** ok: [managed-node1] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:9 Thursday 12 March 2026 19:19:37 -0400 (0:00:00.037) 0:00:03.014 ******** ok: [managed-node1] => { "changed": false, "stat": { "exists": false } } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:14 Thursday 12 March 2026 19:19:37 -0400 (0:00:00.359) 0:00:03.373 ******** ok: [managed-node1] => { "ansible_facts": { "__certificate_is_ostree": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:18 Thursday 12 March 2026 19:19:37 -0400 (0:00:00.032) 0:00:03.406 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "__is_beaker_env", "skip_reason": "Conditional result was False" } TASK [Ensure freeipa-repo is absent] ******************************************* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:24 Thursday 12 March 2026 19:19:37 -0400 (0:00:00.014) 0:00:03.420 ******** ok: [managed-node1 -> 127.0.0.1] => { "changed": false, "path": "/tmp/freeipa-repo/", "state": "absent" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:32 Thursday 12 March 2026 19:19:38 -0400 (0:00:00.425) 0:00:03.845 ******** changed: [managed-node1 -> 127.0.0.1] => { "after": "62fd1551ebe6ff45314e2286f5b192fb9419aaf3", "before": null, "changed": true } TASK [Create role symlinks] **************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:41 Thursday 12 March 2026 19:19:39 -0400 (0:00:01.241) 0:00:05.087 ******** changed: [managed-node1 -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [managed-node1 -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [Ensure hostname package is installed] ************************************ task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:53 Thursday 12 March 2026 19:19:40 -0400 (0:00:00.581) 0:00:05.668 ******** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Get hostname] ************************************************************ task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:59 Thursday 12 March 2026 19:19:45 -0400 (0:00:04.955) 0:00:10.623 ******** ok: [managed-node1] => { "changed": false, "cmd": [ "hostname" ], "delta": "0:00:00.002573", "end": "2026-03-12 19:19:45.459542", "rc": 0, "start": "2026-03-12 19:19:45.456969" } STDOUT: managed-node1 TASK [Set hostname] ************************************************************ task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:64 Thursday 12 March 2026 19:19:45 -0400 (0:00:00.432) 0:00:11.055 ******** changed: [managed-node1] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:70 Thursday 12 March 2026 19:19:46 -0400 (0:00:00.793) 0:00:11.849 ******** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Sanitize /etc/hosts] ***************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:77 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.790) 0:00:12.640 ******** changed: [managed-node1] => { "backup": "", "changed": true, "found": 1 } MSG: 1 line(s) removed TASK [Add host to /etc/hosts] ************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:88 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.447) 0:00:13.087 ******** changed: [managed-node1] => { "backup": "", "changed": true } MSG: line added TASK [See if collection exists] ************************************************ task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:116 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.361) 0:00:13.449 ******** ok: [managed-node1 -> localhost] => { "changed": false, "stat": { "exists": false } } TASK [Set name of ipa server role] ********************************************* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:122 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.203) 0:00:13.653 ******** ok: [managed-node1] => { "ansible_facts": { "__ipa_server_role": "ipaserver" }, "changed": false } TASK [Include ipaserver role] ************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:126 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.015) 0:00:13.668 ******** included: ipaserver for managed-node1 TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.023) 0:00:13.691 ******** ok: [managed-node1] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/default.yml) => { "ansible_facts": { "ipaserver_packages": [ "ipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "ipa-server-dns" ], "ipaserver_packages_dot": [ "ipa-server-encrypted-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:19 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.025) 0:00:13.717 ******** included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for managed-node1 TASK [ipaserver : Install - Set ipaserver__dns_over_lts] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:4 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.067) 0:00:13.785 ******** ok: [managed-node1] => { "ansible_facts": { "ipaserver__dns_over_tls": false }, "changed": false } TASK [ipaserver : Install - Set packages for installation] ********************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:12 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.032) 0:00:13.817 ******** ok: [managed-node1] => { "ansible_facts": { "_ipapackages": [ "ipa-server", "python3-libselinux" ] }, "changed": false } TASK [ipaserver : Install - Set packages for installlation, add DNS] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.031) 0:00:13.850 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_setup_dns | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set packages for installlation, add DOT] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:21 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.027) 0:00:13.878 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver__dns_over_tls | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set packages for installlation, add adtrust] ******* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:26 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.029) 0:00:13.907 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_setup_adtrust | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set packages for installlation, add firewalld] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.027) 0:00:13.934 ******** ok: [managed-node1] => { "ansible_facts": { "_ipapackages": [ "ipa-server", "python3-libselinux", "firewalld" ] }, "changed": false } TASK [ipaserver : Install - Ensure that packages are installed] **************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:36 Thursday 12 March 2026 19:19:48 -0400 (0:00:00.031) 0:00:13.966 ******** changed: [managed-node1] => { "changed": true, "rc": 0, "results": [ "Installed: cups-filesystem-1:2.4.10-16.el10.noarch", "Installed: perl-Term-ReadLine-1.17-514.el10.noarch", "Installed: mod_http2-2.0.29-3.el10.x86_64", "Installed: cups-libs-1:2.4.10-16.el10.x86_64", "Installed: oddjob-0.34.7-14.el10.x86_64", "Installed: oddjob-mkhomedir-0.34.7-14.el10.x86_64", "Installed: perl-Devel-Peek-1.34-514.el10.x86_64", "Installed: publicsuffix-list-20240107-5.el10.noarch", "Installed: mod_lookup_identity-1.0.0-22.el10.x86_64", "Installed: tzdata-java-2025c-1.el10.noarch", "Installed: mod_lua-2.4.63-13.el10.x86_64", "Installed: open-sans-fonts-1.10-24.el10.noarch", "Installed: cyrus-sasl-plain-2.1.28-27.el10.x86_64", "Installed: words-3.0-47.el10.noarch", "Installed: ipa-client-4.13.1-3.el10.x86_64", "Installed: mod_session-2.4.63-13.el10.x86_64", "Installed: ipa-client-common-4.13.1-3.el10.noarch", "Installed: mod_ssl-1:2.4.63-13.el10.x86_64", "Installed: perl-Text-Diff-1.45-25.el10.noarch", "Installed: dbus-tools-1:1.14.10-5.el10.x86_64", "Installed: ipa-client-encrypted-dns-4.13.1-3.el10.x86_64", "Installed: python3-yubico-1.3.3-17.el10.noarch", "Installed: python3-argcomplete-3.2.2-4.el10.noarch", "Installed: ipa-common-4.13.1-3.el10.noarch", "Installed: augeas-libs-1.14.2-0.9.20260120gitf4135e3.el10.x86_64", "Installed: ipa-healthcheck-core-0.19-1.el10.noarch", "Installed: python3-augeas-1.1.0-14.el10.noarch", "Installed: ipa-selinux-4.13.1-3.el10.noarch", "Installed: unbound-1.24.2-7.el10.x86_64", "Installed: perl-Tie-4.6-514.el10.noarch", "Installed: unbound-anchor-1.24.2-7.el10.x86_64", "Installed: 389-ds-base-3.2.0-6.el10.x86_64", "Installed: 389-ds-base-libs-3.2.0-6.el10.x86_64", "Installed: ipa-server-4.13.1-3.el10.x86_64", "Installed: unbound-libs-1.24.2-7.el10.x86_64", "Installed: unbound-utils-1.24.2-7.el10.x86_64", "Installed: ipa-server-common-4.13.1-3.el10.noarch", "Installed: samba-client-libs-4.23.5-105.el10.x86_64", "Installed: samba-common-4.23.5-105.el10.noarch", "Installed: samba-common-libs-4.23.5-105.el10.x86_64", "Installed: bcel-6.8.1-4.el10.noarch", "Installed: libsss_autofs-2.12.0-1.el10.x86_64", "Installed: bind-32:9.18.33-15.el10.x86_64", "Installed: bind-dnssec-utils-32:9.18.33-15.el10.x86_64", "Installed: bind-libs-32:9.18.33-15.el10.x86_64", "Installed: openssl-perl-1:3.5.5-1.el10.x86_64", "Installed: bind-license-32:9.18.33-15.el10.noarch", "Installed: perl-File-Find-1.44-514.el10.noarch", "Installed: bind-utils-32:9.18.33-15.el10.x86_64", "Installed: python3-file-magic-5.45-9.el10.noarch", "Installed: libusb1-1.0.29-3.el10.x86_64", "Installed: python3-gssapi-1.7.3-10.el10.x86_64", "Installed: perl-debugger-1.60-514.el10.noarch", "Installed: python3-idm-pki-11.9.0-0.1.beta2.el10.noarch", "Installed: python3-ifaddr-0.2.0-4.el10.noarch", "Installed: libwbclient-4.23.5-105.el10.x86_64", "Installed: java-21-openjdk-headless-1:21.0.10.0.7-2.el10.x86_64", "Installed: python3-ipaclient-4.13.1-3.el10.noarch", "Installed: python3-ipalib-4.13.1-3.el10.noarch", "Installed: alsa-lib-1.2.15.3-2.el10.x86_64", "Installed: python3-ipaserver-4.13.1-3.el10.noarch", "Installed: lksctp-tools-1.0.21-1.el10.x86_64", "Installed: policycoreutils-python-utils-3.10-1.el10.noarch", "Installed: krb5-pkinit-1.21.3-9.el10.x86_64", "Installed: python3-jwcrypto-1.5.6-4.el10.noarch", "Installed: krb5-server-1.21.3-9.el10.x86_64", "Installed: perl-IO-Compress-2.212-512.el10.noarch", "Installed: python3-kdcproxy-1.1.0-1.el10.noarch", "Installed: perl-IO-Compress-Lzma-2.206-8.el10.noarch", "Installed: krb5-workstation-1.21.3-9.el10.x86_64", "Installed: acl-2.3.2-4.el10.x86_64", "Installed: perl-IO-Zlib-1:1.15-511.el10.noarch", "Installed: python3-ldap-3.4.5-2.el10.x86_64", "Installed: python3-lib389-3.2.0-6.el10.noarch", "Installed: protobuf-c-1.5.0-6.el10.x86_64", "Installed: sssd-common-pac-2.12.0-1.el10.x86_64", "Installed: slapi-nis-0.70.0-3.el10.x86_64", "Installed: slf4j-1.7.32-13.el10.noarch", "Installed: mailcap-2.1.54-8.el10.noarch", "Installed: sssd-dbus-2.12.0-1.el10.x86_64", "Installed: perl-meta-notation-5.40.2-514.el10.noarch", "Installed: slf4j-jdk14-1.7.32-13.el10.noarch", "Installed: libassuan-2.5.6-6.el10.x86_64", "Installed: javapackages-filesystem-6.4.0-1.el10.noarch", "Installed: sssd-ipa-2.12.0-1.el10.x86_64", "Installed: python3-cffi-1.16.0-7.el10.x86_64", "Installed: javapackages-tools-6.4.0-1.el10.noarch", "Installed: sssd-krb5-2.12.0-1.el10.x86_64", "Installed: python3-cryptography-43.0.0-4.el10.x86_64", "Installed: python3-decorator-5.1.1-12.el10.noarch", "Installed: perl-sigtrap-1.10-514.el10.noarch", "Installed: softhsm-2.6.1-16.el10.x86_64", "Installed: libuv-1:1.51.0-1.el10.x86_64", "Installed: fontawesome4-fonts-1:4.7.0-23.el10.noarch", "Installed: sssd-passkey-2.12.0-1.el10.x86_64", "Installed: cyrus-sasl-md5-2.1.28-27.el10.x86_64", "Installed: ecj-1:4.23-11.el10.noarch", "Installed: autofs-1:5.1.9-13.el10.x86_64", "Installed: sssd-tools-2.12.0-1.el10.x86_64", "Installed: perl-threads-1:2.40-511.el10.x86_64", "Installed: perl-threads-shared-1.69-511.el10.x86_64", "Installed: python3-dns-2.6.1-1.el10.noarch", "Installed: bash-completion-1:2.11-16.el10.noarch", "Installed: httpcomponents-client-4.5.14-9.el10.noarch", "Installed: httpcomponents-core-4.4.16-9.el10.noarch", "Installed: httpd-2.4.63-13.el10.x86_64", "Installed: python3-mod_wsgi-5.0.0-4.el10.x86_64", "Installed: httpd-core-2.4.63-13.el10.x86_64", "Installed: gnupg2-2.4.5-4.el10.x86_64", "Installed: python3-netaddr-1.3.0-2.el10.noarch", "Installed: httpd-filesystem-2.4.63-13.el10.noarch", "Installed: httpd-tools-2.4.63-13.el10.x86_64", "Installed: sscg-4.0.3-2.el10.x86_64", "Installed: sssd-idp-2.12.0-1.el10.x86_64", "Installed: tomcat-1:10.1.49-1.el10.noarch", "Installed: python3-libipa_hbac-2.12.0-1.el10.x86_64", "Installed: perl-Algorithm-Diff-1.2010-14.el10.noarch", "Installed: perl-Archive-Tar-3.02-512.el10.noarch", "Installed: libgcrypt-1.11.0-6.el10.x86_64", "Installed: tomcat-el-5.0-api-1:10.1.49-1.el10.noarch", "Installed: tomcat-jakartaee-migration-1.0.6-1.el10.noarch", "Installed: tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch", "Installed: tomcat-lib-1:10.1.49-1.el10.noarch", "Installed: libgpg-error-1.50-2.el10.x86_64", "Installed: libjose-14-102.el10.x86_64", "Installed: fstrm-0.6.1-12.el10.x86_64", "Installed: tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch", "Installed: python3-packaging-24.2-2.el10.noarch", "Installed: python3-psutil-5.9.8-6.el10.x86_64", "Installed: npth-1.6-21.el10.x86_64", "Installed: python3-ply-3.11-25.el10.noarch", "Installed: python3-pyasn1-0.6.2-1.el10.noarch", "Installed: python3-pycparser-2.20-16.el10.noarch", "Installed: python3-pyasn1-modules-0.6.2-1.el10.noarch", "Installed: libicu-74.2-5.el10.x86_64", "Installed: apache-commons-cli-1.9.0-1.el10.noarch", "Installed: idm-jss-5.9.0-1.beta2.el10.x86_64", "Installed: apache-commons-codec-1.17.1-1.el10.noarch", "Installed: apache-commons-compress-1.27.1-1.el10.noarch", "Installed: libipa_hbac-2.12.0-1.el10.x86_64", "Installed: idm-jss-tomcat-5.9.0-1.beta2.el10.x86_64", "Installed: apache-commons-io-1:2.16.1-1.el10.noarch", "Installed: apache-commons-lang3-3.14.0-6.el10.noarch", "Installed: idm-ldapjdk-5.6.0-1.el10.noarch", "Installed: libkadm5-1.21.3-9.el10.x86_64", "Installed: apache-commons-logging-1.3.4-1.el10.noarch", "Installed: apache-commons-net-3.10.0-6.el10.noarch", "Installed: idm-pki-acme-11.9.0-0.1.beta2.el10.noarch", "Installed: centos-logos-httpd-100.4-1.el10.noarch", "Installed: libmaxminddb-1.9.1-4.el10.x86_64", "Installed: libksba-1.6.7-2.el10.x86_64", "Installed: centos-logos-ipa-100.4-1.el10.noarch", "Installed: idm-pki-base-11.9.0-0.1.beta2.el10.noarch", "Installed: python3-setuptools-69.0.3-12.el10.noarch", "Installed: idm-pki-ca-11.9.0-0.1.beta2.el10.noarch", "Installed: python3-pyusb-1.2.1-11.el10.noarch", "Installed: apr-1.7.5-3.el10.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.212-512.el10.x86_64", "Installed: idm-pki-java-11.9.0-0.1.beta2.el10.noarch", "Installed: perl-Compress-Raw-Lzma-2.212-3.el10.x86_64", "Installed: python3-sss-2.12.0-1.el10.x86_64", "Installed: idm-pki-kra-11.9.0-0.1.beta2.el10.noarch", "Installed: apr-util-1.6.3-23.el10.x86_64", "Installed: python3-sss-murmur-2.12.0-1.el10.x86_64", "Installed: certmonger-0.79.21-1.el10.x86_64", "Installed: perl-Compress-Raw-Zlib-2.212-513.el10.x86_64", "Installed: idm-pki-server-11.9.0-0.1.beta2.el10.noarch", "Installed: python3-qrcode-7.4.2-13.el10.noarch", "Installed: python3-sssdconfig-2.12.0-1.el10.noarch", "Installed: idm-pki-tools-11.9.0-0.1.beta2.el10.x86_64", "Installed: openldap-clients-2.6.10-1.el10.x86_64", "Installed: apr-util-lmdb-1.6.3-23.el10.x86_64", "Installed: nss-tools-3.112.0-8.el10.x86_64", "Installed: apr-util-openssl-1.6.3-23.el10.x86_64", "Installed: python3-typing-extensions-4.9.0-6.el10.noarch", "Installed: mod_auth_gssapi-1.6.5-8.el10.x86_64" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Thursday 12 March 2026 19:20:32 -0400 (0:00:44.076) 0:00:58.043 ******** changed: [managed-node1] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "polkit.service dbus-broker.service sysinit.target dbus.socket basic.target system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target network-pre.target", "BindLogSockets": "no", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanLiveMount": "yes", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_tty_config cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "ipset.service shutdown.target ebtables.service ip6tables.service iptables.service", "ControlGroupId": "0", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DebugInvocation": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DeviceAllow": "char-rtc r", "DevicePolicy": "closed", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EffectiveMemoryHigh": "7520370688", "EffectiveMemoryMax": "7520370688", "EffectiveTasksMax": "45541", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainHandoffTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "28463", "LimitNPROCSoft": "28463", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "28463", "LimitSIGPENDINGSoft": "28463", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LiveMountResult": "success", "LoadState": "loaded", "LockPersonality": "yes", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureDurationUSec": "[not set]", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "6862667776", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "yes", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "[not set]", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "[not set]", "MemorySwapMax": "infinity", "MemorySwapPeak": "[not set]", "MemoryZSwapCurrent": "[not set]", "MemoryZSwapMax": "infinity", "MemoryZSwapWriteback": "yes", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "yes", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivatePIDs": "no", "PrivateTmp": "no", "PrivateTmpEx": "no", "PrivateUsers": "no", "PrivateUsersEx": "no", "ProcSubset": "all", "ProtectClock": "yes", "ProtectControlGroups": "yes", "ProtectControlGroupsEx": "yes", "ProtectHome": "tmpfs", "ProtectHostname": "yes", "ProtectKernelLogs": "yes", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "yes", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus-broker.service sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "yes", "RestrictSUIDSGID": "yes", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallArchitectures": "native", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "45541", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "disabled", "UtmpMode": "init", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone from ipaserver_firewalld_zone] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:53 Thursday 12 March 2026 19:20:34 -0400 (0:00:01.780) 0:00:59.823 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_firewalld_zone is defined", "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone from ipaserver_firewalld_zone] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:59 Thursday 12 March 2026 19:20:34 -0400 (0:00:00.066) 0:00:59.890 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_firewalld_zone is defined", "skip_reason": "Conditional result was False" } TASK [ipaserver : Copy external certs] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:66 Thursday 12 March 2026 19:20:34 -0400 (0:00:00.046) 0:00:59.937 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_external_cert_files_from_controller is defined and ipaserver_external_cert_files_from_controller|length > 0 and not ipaserver_external_cert_files is defined", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:73 Thursday 12 March 2026 19:20:34 -0400 (0:00:00.039) 0:00:59.976 ******** ok: [managed-node1] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "client_dns_over_tls": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 720799999, "idstart": 720600000, "ipa_python_version": 41301, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "random_serial_numbers": false, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false, "sid_generation_always": true } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:158 Thursday 12 March 2026 19:20:35 -0400 (0:00:01.308) 0:01:01.284 ******** changed: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:165 Thursday 12 March 2026 19:20:36 -0400 (0:00:01.196) 0:01:02.481 ******** ok: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Use user defined master password, if provided] *************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:171 Thursday 12 March 2026 19:20:36 -0400 (0:00:00.023) 0:01:02.505 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:177 Thursday 12 March 2026 19:20:36 -0400 (0:00:00.022) 0:01:02.527 ******** changed: [managed-node1] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_random_serial_numbers": false, "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": "TEST", "adtrust_reset_netbios_name": true, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [], "dns_reverse_zones": [], "forward_policy": null, "forwarders": [], "ip_addresses": [ "10.31.42.29" ], "no_dnssec_validation": false, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:228 Thursday 12 March 2026 19:20:38 -0400 (0:00:01.960) 0:01:04.488 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:235 Thursday 12 March 2026 19:20:46 -0400 (0:00:07.430) 0:01:11.919 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:264 Thursday 12 March 2026 19:21:05 -0400 (0:00:19.343) 0:01:31.262 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:291 Thursday 12 March 2026 19:21:12 -0400 (0:00:06.785) 0:01:38.048 ******** changed: [managed-node1] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "managed-node1-ipa.csr"] *************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:333 Thursday 12 March 2026 19:25:41 -0400 (0:04:29.167) 0:06:07.215 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "result_ipaserver_setup_ca.csr_generated | bool and ipaserver_copy_csr_to_controller | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:344 Thursday 12 March 2026 19:25:41 -0400 (0:00:00.036) 0:06:07.252 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:350 Thursday 12 March 2026 19:25:44 -0400 (0:00:02.381) 0:06:09.633 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:382 Thursday 12 March 2026 19:26:09 -0400 (0:00:25.493) 0:06:35.127 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "result_ipaserver_test.setup_kra | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:393 Thursday 12 March 2026 19:26:09 -0400 (0:00:00.035) 0:06:35.163 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_setup_dns | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:415 Thursday 12 March 2026 19:26:09 -0400 (0:00:00.033) 0:06:35.197 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:431 Thursday 12 March 2026 19:26:16 -0400 (0:00:06.543) 0:06:41.740 ******** changed: [managed-node1] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:448 Thursday 12 March 2026 19:26:18 -0400 (0:00:02.348) 0:06:44.089 ******** included: ipaclient for managed-node1 TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.052) 0:06:44.141 ******** ok: [managed-node1] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ], "ipaclient_packages_dot": [ "ipa-client-encrypted-dns" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:19 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.049) 0:06:44.191 ******** included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for managed-node1 TASK [ipaclient : Install - Set packages for installation] ********************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:8 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.088) 0:06:44.279 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_install_packages | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set packages for installlation, add DOT] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:12 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.035) 0:06:44.315 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_install_packages | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Ensure that packages are installed] **************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:17 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.035) 0:06:44.350 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_install_packages | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:22 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.035) 0:06:44.385 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "groups.ipaservers is defined and ipaclient_servers is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:27 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.037) 0:06:44.423 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either password or keytab is set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:33 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.036) 0:06:44.459 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaadmin_keytab is defined and ipaadmin_password is defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:38 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.035) 0:06:44.495 ******** ok: [managed-node1] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - Fail on missing ipaclient_domain and ipaserver_domain] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:48 Thursday 12 March 2026 19:26:18 -0400 (0:00:00.039) 0:06:44.534 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_dns_resolver | bool and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Fail on missing ipaclient_dns_servers] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:53 Thursday 12 March 2026 19:26:19 -0400 (0:00:00.035) 0:06:44.569 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_dns_resolver | bool and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure DNS resolver] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:58 Thursday 12 March 2026 19:26:19 -0400 (0:00:00.036) 0:06:44.606 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_dns_resolver | bool and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:64 Thursday 12 March 2026 19:26:19 -0400 (0:00:00.036) 0:06:44.642 ******** ok: [managed-node1] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 41301, "kdc": "ipaserver.test.local", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "selinux_works": true, "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:95 Thursday 12 March 2026 19:26:19 -0400 (0:00:00.824) 0:06:45.467 ******** ok: [managed-node1] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:100 Thursday 12 March 2026 19:26:20 -0400 (0:00:00.394) 0:06:45.861 ******** ok: [managed-node1] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:112 Thursday 12 March 2026 19:26:21 -0400 (0:00:00.789) 0:06:46.651 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_otp is defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:117 Thursday 12 March 2026 19:26:21 -0400 (0:00:00.037) 0:06:46.688 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:122 Thursday 12 March 2026 19:26:21 -0400 (0:00:00.036) 0:06:46.725 ******** ok: [managed-node1] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Thursday 12 March 2026 19:26:22 -0400 (0:00:01.510) 0:06:48.236 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not ipaclient_force_join | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:150 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.037) 0:06:48.274 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create temporary file for keytab] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:155 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.037) 0:06:48.311 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Copy keytab to server temporary file] ************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:164 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.038) 0:06:48.349 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:172 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.038) 0:06:48.388 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:182 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.037) 0:06:48.426 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Remove keytab temporary file] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:196 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.035) 0:06:48.462 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:203 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.037) 0:06:48.499 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:221 Thursday 12 March 2026 19:26:22 -0400 (0:00:00.036) 0:06:48.535 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:226 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.036) 0:06:48.572 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - From host keytab, purge TEST.LOCAL] **************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:234 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.037) 0:06:48.609 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "(ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:251 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.037) 0:06:48.646 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create temporary krb5 configuration] *************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:256 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.037) 0:06:48.683 ******** ok: [managed-node1] => { "changed": false, "krb_name": "/tmp/tmp8rgz05w2" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:265 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.798) 0:06:49.482 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)", "skip_reason": "Conditional result was False" } TASK [ipaclient : The krb5 configuration is not correct] *********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:293 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.039) 0:06:49.522 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))", "skip_reason": "Conditional result was False" } TASK [ipaclient : IPA test failed] ********************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:299 Thursday 12 March 2026 19:26:24 -0400 (0:00:00.039) 0:06:49.561 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))", "skip_reason": "Conditional result was False" } TASK [ipaclient : Fail due to missing ca.crt file] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:303 Thursday 12 March 2026 19:26:24 -0400 (0:00:00.039) 0:06:49.600 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:317 Thursday 12 March 2026 19:26:24 -0400 (0:00:00.039) 0:06:49.639 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:326 Thursday 12 March 2026 19:26:24 -0400 (0:00:00.039) 0:06:49.679 ******** changed: [managed-node1] => { "changed": true } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:344 Thursday 12 March 2026 19:26:24 -0400 (0:00:00.824) 0:06:50.504 ******** changed: [managed-node1] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:353 Thursday 12 March 2026 19:26:27 -0400 (0:00:02.118) 0:06:52.622 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:364 Thursday 12 March 2026 19:26:27 -0400 (0:00:00.041) 0:06:52.664 ******** changed: [managed-node1] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:396 Thursday 12 March 2026 19:26:57 -0400 (0:00:30.445) 0:07:23.109 ******** changed: [managed-node1] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:404 Thursday 12 March 2026 19:26:58 -0400 (0:00:00.845) 0:07:23.954 ******** ok: [managed-node1] => { "changed": false } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:410 Thursday 12 March 2026 19:26:59 -0400 (0:00:00.780) 0:07:24.735 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_firefox | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:416 Thursday 12 March 2026 19:26:59 -0400 (0:00:00.040) 0:07:24.776 ******** changed: [managed-node1] => { "changed": true } TASK [ipaclient : Remove temporary krb5.conf] ********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:422 Thursday 12 March 2026 19:27:00 -0400 (0:00:01.035) 0:07:25.812 ******** changed: [managed-node1] => { "changed": true, "path": "/tmp/tmp8rgz05w2", "state": "absent" } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:428 Thursday 12 March 2026 19:27:00 -0400 (0:00:00.408) 0:07:26.220 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure certmonger] ****************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:442 Thursday 12 March 2026 19:27:00 -0400 (0:00:00.040) 0:07:26.261 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:452 Thursday 12 March 2026 19:27:00 -0400 (0:00:00.038) 0:07:26.299 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:458 Thursday 12 March 2026 19:27:00 -0400 (0:00:00.043) 0:07:26.343 ******** ok: [managed-node1] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Remove temporary krb5.conf] ********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:463 Thursday 12 March 2026 19:27:01 -0400 (0:00:00.397) 0:07:26.740 ******** ok: [managed-node1] => { "changed": false, "path": "/tmp/tmp8rgz05w2", "state": "absent" } TASK [ipaclient : Remove temporary krb5.conf backup] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:469 Thursday 12 March 2026 19:27:01 -0400 (0:00:00.409) 0:07:27.150 ******** changed: [managed-node1] => { "changed": true, "path": "/tmp/tmp8rgz05w2.ipabkp", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:23 Thursday 12 March 2026 19:27:02 -0400 (0:00:00.403) 0:07:27.554 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "state|default('present') == 'absent'", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:464 Thursday 12 March 2026 19:27:02 -0400 (0:00:00.041) 0:07:27.595 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 Thursday 12 March 2026 19:27:06 -0400 (0:00:04.754) 0:07:32.349 ******** changed: [managed-node1] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=ntp" ], "delta": "0:00:00.216554", "end": "2026-03-12 19:27:07.358504", "rc": 0, "start": "2026-03-12 19:27:07.141950" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:487 Thursday 12 March 2026 19:27:07 -0400 (0:00:00.611) 0:07:32.961 ******** changed: [managed-node1] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=ntp" ], "delta": "0:00:00.196911", "end": "2026-03-12 19:27:07.948110", "rc": 0, "start": "2026-03-12 19:27:07.751199" } STDOUT: success TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:503 Thursday 12 March 2026 19:27:08 -0400 (0:00:00.586) 0:07:33.548 ******** ok: [managed-node1] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:508 Thursday 12 March 2026 19:27:08 -0400 (0:00:00.374) 0:07:33.922 ******** ok: [managed-node1] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [managed-node1] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [managed-node1] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:23 Thursday 12 March 2026 19:27:09 -0400 (0:00:01.118) 0:07:35.041 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "state|default('present') == 'absent'", "skip_reason": "Conditional result was False" } TASK [Issue IPA signed certificates] ******************************************* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:28 Thursday 12 March 2026 19:27:09 -0400 (0:00:00.031) 0:07:35.072 ******** included: fedora.linux_system_roles.certificate for managed-node1 TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Thursday 12 March 2026 19:27:09 -0400 (0:00:00.039) 0:07:35.111 ******** included: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for managed-node1 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Thursday 12 March 2026 19:27:09 -0400 (0:00:00.020) 0:07:35.132 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "__certificate_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Check if system is ostree] ******* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:10 Thursday 12 March 2026 19:27:09 -0400 (0:00:00.031) 0:07:35.163 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not __certificate_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set flag to indicate system is ostree] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:15 Thursday 12 March 2026 19:27:09 -0400 (0:00:00.017) 0:07:35.180 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not __certificate_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Run systemctl] ******************* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:22 Thursday 12 March 2026 19:27:09 -0400 (0:00:00.017) 0:07:35.198 ******** ok: [managed-node1] => { "changed": false, "cmd": [ "systemctl", "is-system-running" ], "delta": "0:00:00.008469", "end": "2026-03-12 19:27:09.974470", "failed_when_result": false, "rc": 0, "start": "2026-03-12 19:27:09.966001" } STDOUT: running TASK [fedora.linux_system_roles.certificate : Require installed systemd] ******* task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:30 Thursday 12 March 2026 19:27:10 -0400 (0:00:00.377) 0:07:35.575 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "\"No such file or directory\" in __is_system_running.msg | d(\"\")", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set flag to indicate that systemd runtime operations are available] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:35 Thursday 12 March 2026 19:27:10 -0400 (0:00:00.034) 0:07:35.609 ******** ok: [managed-node1] => { "ansible_facts": { "__certificate_is_booted": true }, "changed": false } TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:40 Thursday 12 March 2026 19:27:10 -0400 (0:00:00.021) 0:07:35.631 ******** skipping: [managed-node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [managed-node1] => (item=CentOS_10.yml) => { "ansible_facts": { "__certificate_certmonger_packages": [ "certmonger", "python3-packaging" ] }, "ansible_included_var_files": [ "/tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_10.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_10.yml" } ok: [managed-node1] => (item=CentOS_10.yml) => { "ansible_facts": { "__certificate_certmonger_packages": [ "certmonger", "python3-packaging" ] }, "ansible_included_var_files": [ "/tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_10.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_10.yml" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Thursday 12 March 2026 19:27:10 -0400 (0:00:00.038) 0:07:35.670 ******** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Thursday 12 March 2026 19:27:10 -0400 (0:00:00.863) 0:07:36.533 ******** ok: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:25 Thursday 12 March 2026 19:27:11 -0400 (0:00:00.864) 0:07:37.397 ******** changed: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:49 Thursday 12 March 2026 19:27:12 -0400 (0:00:00.411) 0:07:37.808 ******** changed: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:76 Thursday 12 March 2026 19:27:12 -0400 (0:00:00.408) 0:07:38.217 ******** ok: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:certmonger_unit_file_t:s0", "ActiveEnterTimestamp": "Thu 2026-03-12 19:25:00 EDT", "ActiveEnterTimestampMonotonic": "485731837", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus-broker.service systemd-journald.socket system.slice sysinit.target basic.target dbus.socket syslog.target network.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2026-03-12 19:25:00 EDT", "AssertTimestampMonotonic": "485713293", "Before": "shutdown.target multi-user.target", "BindLogSockets": "no", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "26691738000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanLiveMount": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2026-03-12 19:25:00 EDT", "ConditionTimestampMonotonic": "485713289", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlGroupId": "5489", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DebugInvocation": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveMemoryHigh": "7520370688", "EffectiveMemoryMax": "7520370688", "EffectiveTasksMax": "45541", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainHandoffTimestamp": "Thu 2026-03-12 19:25:00 EDT", "ExecMainHandoffTimestampMonotonic": "485724212", "ExecMainPID": "19101", "ExecMainStartTimestamp": "Thu 2026-03-12 19:25:00 EDT", "ExecMainStartTimestampMonotonic": "485714207", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2026-03-12 19:25:00 EDT", "InactiveExitTimestampMonotonic": "485714669", "InvocationID": "4f4e6410de514c9caf36e972d1218f1e", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "28463", "LimitNPROCSoft": "28463", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "28463", "LimitSIGPENDINGSoft": "28463", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LiveMountResult": "success", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "19101", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureDurationUSec": "[not set]", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "5927755776", "MemoryCurrent": "2510848", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "983764992", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MemoryZSwapWriteback": "yes", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivatePIDs": "no", "PrivateTmp": "no", "PrivateTmpEx": "no", "PrivateUsers": "no", "PrivateUsersEx": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectControlGroupsEx": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Thu 2026-03-12 19:27:04 EDT", "StateChangeTimestampMonotonic": "609993287", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "45541", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:86 Thursday 12 March 2026 19:27:13 -0400 (0:00:00.565) 0:07:38.782 ******** changed: [managed-node1] => (item={'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [managed-node1] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. TASK [fedora.linux_system_roles.certificate : Check if test mode is supported] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:138 Thursday 12 March 2026 19:27:16 -0400 (0:00:02.917) 0:07:41.699 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Slurp the contents of the files] *** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:143 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.030) 0:07:41.730 ******** skipping: [managed-node1] => (item=['cert', {'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "cert", { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['cert', {'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "cert", { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['key', {'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "key", { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['key', {'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "key", { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['ca', {'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "ca", { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['ca', {'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "ca", { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.certificate : Reset certificate_test_certs] **** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:151 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.050) 0:07:41.780 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Create return data] ************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:155 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.029) 0:07:41.810 ******** skipping: [managed-node1] => (item=mycert_basic_ipa) => { "ansible_loop_var": "cert_name", "cert_name": "mycert_basic_ipa", "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=groupcert) => { "ansible_loop_var": "cert_name", "cert_name": "groupcert", "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.certificate : Stop tracking certificates] ****** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:169 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.037) 0:07:41.848 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Remove files] ******************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:174 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.030) 0:07:41.879 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [Verify certificates] ***************************************************** task path: /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:44 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.036) 0:07:41.915 ******** fatal: [managed-node1]: FAILED! => {} MSG: [{'path': '{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt', 'key_path': '{{ __certificate_default_directory }}/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}, {'path': '{{ __certificate_default_directory }}/certs/groupcert.crt', 'key_path': '{{ __certificate_default_directory }}/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}]: '__certificate_default_directory' is undefined PLAY RECAP ********************************************************************* managed-node1 : ok=71 changed=30 unreachable=0 failed=1 skipped=56 rescued=0 ignored=0 SYSTEM ROLES ERRORS BEGIN v1 [ { "ansible_version": "2.17.14", "end_time": "2026-03-12T23:27:16.380823+00:00Z", "host": "managed-node1", "message": "[{'path': '{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt', 'key_path': '{{ __certificate_default_directory }}/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}, {'path': '{{ __certificate_default_directory }}/certs/groupcert.crt', 'key_path': '{{ __certificate_default_directory }}/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}]: '__certificate_default_directory' is undefined", "start_time": "2026-03-12T23:27:16.370399+00:00Z", "task_name": "Verify certificates", "task_path": "/tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:44" } ] SYSTEM ROLES ERRORS END v1 TASKS RECAP ******************************************************************** Thursday 12 March 2026 19:27:16 -0400 (0:00:00.011) 0:07:41.927 ******** =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 269.17s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:291 ----------------------- ipaserver : Install - Ensure that packages are installed --------------- 44.08s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:36 ------------------------ ipaclient : Install - Create IPA NSS database -------------------------- 30.45s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:364 ----------------------- ipaserver : Install - Setup HTTP --------------------------------------- 25.49s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:350 ----------------------- ipaserver : Install - Setup DS ----------------------------------------- 19.34s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:235 ----------------------- ipaserver : Install - Setup NTP ----------------------------------------- 7.43s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:228 ----------------------- ipaserver : Install - Setup KRB ----------------------------------------- 6.79s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:264 ----------------------- ipaserver : Install - Setup ADTRUST ------------------------------------- 6.54s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:415 ----------------------- Ensure hostname package is installed ------------------------------------ 4.96s /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:53 ipaserver : Install - Enable IPA ---------------------------------------- 4.75s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:464 ----------------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.92s /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:86 Gathering Facts --------------------------------------------------------- 2.51s /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:2 ipaserver : Install - Setup otpd ---------------------------------------- 2.38s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:344 ----------------------- ipaserver : Install - Set DS password ----------------------------------- 2.35s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:431 ----------------------- ipaclient : Install - IPA API calls for remaining enrollment parts ------ 2.12s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:344 ----------------------- ipaserver : Install - Server preparation -------------------------------- 1.96s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:177 ----------------------- ipaserver : Firewalld service - Ensure that firewalld is running -------- 1.78s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 ------------------------ ipaclient : Install - Test if IPA client has working krb5.keytab -------- 1.51s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:122 ----------------------- ipaserver : Install - Server installation test -------------------------- 1.31s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:73 ------------------------ Clone ansible-freeipa repo ---------------------------------------------- 1.24s /tmp/collections-xPI/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:32 Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.373949517 -0400] - INFO - ct_thread_cleanup - slapd shutting down - signaling connection table threads Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.376246683 -0400] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 6 max work q size 2 max work q stack size 3 Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.391801235 -0400] - INFO - slapd_daemon - slapd shutting down - waiting for 2 threads to terminate Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.500555943 -0400] - INFO - slapd_daemon - slapd shutting down - accept_thread Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.600757895 -0400] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.686159298 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.691311699 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 3 work q stack objects - freed 6 op stack objects Mar 12 19:25:51 ipaserver.test.local ns-slapd[19582]: [12/Mar/2026:19:25:51.693425746 -0400] - INFO - main - slapd stopped. Mar 12 19:25:51 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service has successfully entered the 'dead' state. Mar 12 19:25:51 ipaserver.test.local systemd[1]: Stopped dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.. ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has finished. ░░ ░░ The job identifier is 3742 and the job result is done. Mar 12 19:25:51 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Consumed 1.813s CPU time, 81.8M memory peak. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service completed and consumed the indicated resources. Mar 12 19:25:51 ipaserver.test.local systemd[1]: Starting dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 3743. Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.163454538 -0400] - NOTICE - config_set_port - Non-Secure Port Disabled Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.220034665 -0400] - INFO - main - 389-Directory/3.2.0 B2026.064.0000 starting up Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.221981687 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.233398853 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.235516133 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.237448147 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.239326915 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.785648078 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.793405660 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.799601719 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.805419714 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB) Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.807204138 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.809121689 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.814660792 -0400] - NOTICE - mdb_start_autotune - found 7.0 GB physical memory Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.816574367 -0400] - NOTICE - mdb_start_autotune - found 5.6 GB available Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.818604228 -0400] - NOTICE - mdb_start_autotune - cache autosizing: userRoot entry cache (2 total): 256.0 MB Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.820532960 -0400] - NOTICE - mdb_start_autotune - cache autosizing: userRoot dn cache (2 total): 64.0 MB Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.822446222 -0400] - NOTICE - mdb_start_autotune - cache autosizing: ipaca entry cache (2 total): 1.4 GB Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.824465119 -0400] - NOTICE - mdb_start_autotune - cache autosizing: ipaca dn cache (2 total): 192.0 MB Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.826449699 -0400] - NOTICE - mdb_start_autotune - total cache size: 1.9 GB Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.828561967 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB) Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.830348984 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.832223286 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.844451683 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.846431867 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.848475925 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.850569443 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.852594211 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.854475716 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.856389930 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=list all profiles,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.930136789 -0400] - INFO - slapi_vattrspi_regattr - Because krbPwdPolicyReference is a new registered virtual attribute , nsslapd-ignore-virtual-attrs was set to 'off' Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.932352680 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.953611443 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.957484473 -0400] - INFO - validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 187 Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.959128681 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63814 slots. Mar 12 19:25:52 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:52.991356301 -0400] - INFO - slapd_daemon - slapd started. Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:25:52 ipaserver.test.local systemd[1]: Started dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 3743. Mar 12 19:25:54 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140389806261072] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140389806261072] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:25:54 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: topologysuffix_find: SUCCESS [ldap2_140389806261072] {"criteria": null, "all": false, "raw": false, "version": "2.257", "pkey_only": false} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/topologysuffix_find.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: topologysuffix_find: SUCCESS [ldap2_140389806261072] {"criteria": null, "all": false, "raw": false, "version": "2.257", "pkey_only": false} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'topologysuffix_find' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'topologysuffix_find' by the '[autobind]' actor: ░░ ░░ {"criteria": null, "all": false, "raw": false, "version": "2.257", "pkey_only": false} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'topologysuffix_find' see ░░ https://freeipa.readthedocs.io/en/latest/api/topologysuffix_find.html Mar 12 19:25:55 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: topologysegment_find: SUCCESS [ldap2_140389806261072] {"topologysuffixcn": "domain", "criteria": null, "all": true, "raw": false, "version": "2.257", "pkey_only": false} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/topologysegment_find.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: topologysegment_find: SUCCESS [ldap2_140389806261072] {"topologysuffixcn": "domain", "criteria": null, "all": true, "raw": false, "version": "2.257", "pkey_only": false} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'topologysegment_find' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'topologysegment_find' by the '[autobind]' actor: ░░ ░░ {"topologysuffixcn": "domain", "criteria": null, "all": true, "raw": false, "version": "2.257", "pkey_only": false} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'topologysegment_find' see ░░ https://freeipa.readthedocs.io/en/latest/api/topologysegment_find.html Mar 12 19:25:55 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:55.898042449 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.124334680 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.224183999 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=replication managers,cn=sysaccounts,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.317475785 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=replication managers,cn=sysaccounts,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.323457731 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=replication,cn=etc,dc=test,dc=local does not exist Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.424679527 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.430770982 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.438593091 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.443582974 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.451052865 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.456586174 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.464627734 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.470138021 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.659615569 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.668769866 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.678405618 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.686274028 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.714229651 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.750513113 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:56 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:56.754950379 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:25:57 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:57.724017062 -0400] - INFO - dbmdb_db2index - userRoot: Indexing attribute: ipaidpconfiglink Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.231016650 -0400] - INFO - dbmdb_import_monitor_threads - reindex userRoot: Workers finished; cleaning up... Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.233197956 -0400] - INFO - dbmdb_import_monitor_threads - reindex userRoot: Workers cleaned up. Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.235316314 -0400] - INFO - dbmdb_public_dbmdb_import_main - reindex userRoot: Indexing complete. Post-processing... Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.237391317 -0400] - INFO - dbmdb_public_dbmdb_import_main - reindex userRoot: Flushing caches... Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.239525798 -0400] - INFO - dbmdb_public_dbmdb_import_main - reindex userRoot: Closing files... Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.243190607 -0400] - INFO - dbmdb_public_dbmdb_import_main - reindex userRoot: Reindexing complete. Processed 216 entries in 1 seconds. (216.00 entries/sec) Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.245814498 -0400] - INFO - dbmdb_import_all_done - Backend userRoot is now online. Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.248137597 -0400] - INFO - dbmdb_task_finish - userRoot: Finished indexing task 'cn=indextask_139926507577165760_15309,cn=index,cn=tasks,cn=config'. Exit code is 0 Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.250176699 -0400] - NOTICE - mdb_start_autotune - found 7.0 GB physical memory Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.252076887 -0400] - NOTICE - mdb_start_autotune - found 5.5 GB available Mar 12 19:25:58 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:58.253915750 -0400] - NOTICE - mdb_start_autotune - total cache size: 1.9 GB Mar 12 19:25:59 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:59.286654826 -0400] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task starts (filter: "(objectclass=*)") ... Mar 12 19:25:59 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:59.314107893 -0400] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task starts (filter: "(objectclass=*)") ... Mar 12 19:25:59 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:59.315904855 -0400] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task finished (processed 34 entries in 0 seconds) Mar 12 19:25:59 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:25:59.341845260 -0400] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task finished (processed 41 entries in 0 seconds) Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140389796515472] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140389796515472] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: ca_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/ca_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: ca_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'ca_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'ca_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'ca_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/ca_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: ca_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/ca_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: ca_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'ca_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'ca_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'ca_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/ca_is_enabled.html Mar 12 19:26:00 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_140389806261072] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:01 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: dnsconfig_show: NotFound [ldap2_140389806261072] {"rights": false, "all": true, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/dnsconfig_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: dnsconfig_show: NotFound [ldap2_140389806261072] {"rights": false, "all": true, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'dnsconfig_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'NotFound' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'dnsconfig_show' by the '[autobind]' actor: ░░ ░░ {"rights": false, "all": true, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'dnsconfig_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/dnsconfig_show.html Mar 12 19:26:01 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: dnsconfig_show: NotFound [ldap2_140389806261072] {"rights": false, "all": true, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/dnsconfig_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: dnsconfig_show: NotFound [ldap2_140389806261072] {"rights": false, "all": true, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'dnsconfig_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'NotFound' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'dnsconfig_show' by the '[autobind]' actor: ░░ ░░ {"rights": false, "all": true, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'dnsconfig_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/dnsconfig_show.html Mar 12 19:26:01 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:01.758111023 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:01 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:01.773677139 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:01 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:01.828865871 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=test,dc=local does not exist Mar 12 19:26:01 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:01.844953104 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:01 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:01.876449420 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:01 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:01.984426900 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:02 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:02.438365901 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:02 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:02.758104292 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:04 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:04.101162327 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=test,dc=local does not exist Mar 12 19:26:04 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:04.697425389 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:04 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:04.893974820 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:04 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:04.919879679 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:04 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:04.946240481 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:04 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:04.974443568 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.002798422 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.030206064 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.057592513 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.319871948 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.340481508 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.359527299 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.379159066 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.393544668 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.445008843 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:05.467372721 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:05 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: permission_del: NotFound [ldap2_140389806261072] {"cn": ["System: Read Timestamp and USN Operational Attributes"], "continue": false, "force": true, "version": "2.101"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/permission_del.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: permission_del: NotFound [ldap2_140389806261072] {"cn": ["System: Read Timestamp and USN Operational Attributes"], "continue": false, "force": true, "version": "2.101"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'permission_del' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'NotFound' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'permission_del' by the '[autobind]' actor: ░░ ░░ {"cn": ["System: Read Timestamp and USN Operational Attributes"], "continue": false, "force": true, "version": "2.101"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'permission_del' see ░░ https://freeipa.readthedocs.io/en/latest/api/permission_del.html Mar 12 19:26:05 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: permission_del: NotFound [ldap2_140389806261072] {"cn": ["System: Read Creator and Modifier Operational Attributes"], "continue": false, "force": true, "version": "2.101"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/permission_del.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: permission_del: NotFound [ldap2_140389806261072] {"cn": ["System: Read Creator and Modifier Operational Attributes"], "continue": false, "force": true, "version": "2.101"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'permission_del' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'NotFound' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'permission_del' by the '[autobind]' actor: ░░ ░░ {"cn": ["System: Read Creator and Modifier Operational Attributes"], "continue": false, "force": true, "version": "2.101"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'permission_del' see ░░ https://freeipa.readthedocs.io/en/latest/api/permission_del.html Mar 12 19:26:06 ipaserver.test.local /tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py[20404]: [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140389786538432] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140389786538432] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_http_payload_gb2fymhu/ansible_ipaserver_setup_http_payload.zip/ansible/modules/ipaserver_setup_http.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:26:06 ipaserver.test.local systemd[1]: Stopping dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.... ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 3822. Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.594643729 -0400] - INFO - ct_thread_cleanup - slapd shutting down - signaling connection table threads Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.596653853 -0400] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 2 max work q size 2 max work q stack size 2 Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.604188022 -0400] - INFO - slapd_daemon - slapd shutting down - waiting for 2 threads to terminate Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.664344528 -0400] - INFO - slapd_daemon - slapd shutting down - accept_thread Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.834285651 -0400] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.892866525 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.894921887 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack objects - freed 2 op stack objects Mar 12 19:26:06 ipaserver.test.local ns-slapd[21112]: [12/Mar/2026:19:26:06.896639285 -0400] - INFO - main - slapd stopped. Mar 12 19:26:06 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service has successfully entered the 'dead' state. Mar 12 19:26:06 ipaserver.test.local systemd[1]: Stopped dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.. ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has finished. ░░ ░░ The job identifier is 3822 and the job result is done. Mar 12 19:26:06 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Consumed 4.438s CPU time, 88.9M memory peak. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service completed and consumed the indicated resources. Mar 12 19:26:06 ipaserver.test.local systemd[1]: Starting dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 3823. Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.199689334 -0400] - INFO - slapd_extract_cert - CA CERT NAME: TEST.LOCAL IPA CA Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.202174034 -0400] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password if pin.txt does not exist. Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.267567969 -0400] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.418663924 -0400] - INFO - Security Initialization - SSL info: Enabling default cipher set. Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.420720769 -0400] - INFO - Security Initialization - SSL info: Configured NSS Ciphers Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.422638526 -0400] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.424444197 -0400] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.426257605 -0400] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.428042377 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.429801163 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.431685128 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.433542240 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.435456911 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.437436078 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.439358164 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.441197241 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.443053131 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.444928162 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.446864034 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.448651344 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.450504036 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.452522400 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.454423035 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.456289804 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.458118800 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.459942476 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.461757516 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.471239694 -0400] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.473312474 -0400] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.475440778 -0400] - INFO - main - 389-Directory/3.2.0 B2026.064.0000 starting up Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.477293258 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.488656937 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.491425270 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.493361260 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:26:07 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:07.495291156 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.039299882 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.046986048 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.052660635 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.058346233 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB) Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.060452664 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.062022554 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.078798569 -0400] - NOTICE - mdb_start_autotune - found 7.0 GB physical memory Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.080648800 -0400] - NOTICE - mdb_start_autotune - found 5.6 GB available Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.082546394 -0400] - NOTICE - mdb_start_autotune - cache autosizing: userRoot entry cache (2 total): 704.0 MB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.084573047 -0400] - NOTICE - mdb_start_autotune - cache autosizing: userRoot dn cache (2 total): 128.0 MB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.086516783 -0400] - NOTICE - mdb_start_autotune - cache autosizing: ipaca entry cache (2 total): 896.0 MB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.088490385 -0400] - NOTICE - mdb_start_autotune - cache autosizing: ipaca dn cache (2 total): 128.0 MB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.090450375 -0400] - NOTICE - mdb_start_autotune - total cache size: 1.8 GB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.092475029 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB) Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.094370723 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.096245169 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.114375075 -0400] - ERR - schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup! Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.122764522 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.124869147 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.127029422 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.128998079 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.131051065 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.133125705 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.135472385 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.137361184 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.139341787 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.141342764 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.143551867 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.145609479 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.147595852 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.149625856 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.151590068 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.153463305 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.155343608 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.157225307 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.159222178 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.161196852 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.163210608 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.169170150 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.172079728 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.174138556 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.247939478 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.252721349 -0400] - INFO - slapi_vattrspi_regattr - Because krbPwdPolicyReference is a new registered virtual attribute , nsslapd-ignore-virtual-attrs was set to 'off' Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.255023646 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.276236091 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.298927948 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher AES in backend changelog, attempting to create one... Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.304737992 -0400] - INFO - attrcrypt_cipher_init - Key for cipher AES successfully generated and stored Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.306727093 -0400] - NOTICE - attrcrypt_cipher_init - No symmetric key found for cipher 3DES in backend changelog, attempting to create one... Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.312477477 -0400] - INFO - attrcrypt_cipher_init - Key for cipher 3DES successfully generated and stored Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.316410142 -0400] - NOTICE - mdb_start_autotune - found 7.0 GB physical memory Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.318244045 -0400] - NOTICE - mdb_start_autotune - found 5.6 GB available Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.320141636 -0400] - NOTICE - mdb_start_autotune - cache autosizing: changelog dn cache (3 total): 64.0 MB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.322598680 -0400] - NOTICE - mdb_start_autotune - total cache size: 2.1 GB Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.347518063 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.352740078 -0400] - INFO - validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 230 Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.354748539 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63771 slots. Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.387339379 -0400] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.389375552 -0400] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests Mar 12 19:26:08 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:08.391215566 -0400] - INFO - slapd_daemon - Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:26:08 ipaserver.test.local systemd[1]: Started dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 3823. Mar 12 19:26:08 ipaserver.test.local systemd[1]: Stopping krb5kdc.service - Kerberos 5 KDC... ░░ Subject: A stop job for unit krb5kdc.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit krb5kdc.service has begun execution. ░░ ░░ The job identifier is 3902. Mar 12 19:26:08 ipaserver.test.local krb5kdc[21076]: closing down fd 10 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21076]: closing down fd 9 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21075]: closing down fd 10 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21076]: closing down fd 8 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21076]: closing down fd 7 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21075]: closing down fd 9 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21075]: closing down fd 8 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21075]: closing down fd 7 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21078]: closing down fd 10 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21078]: closing down fd 9 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21078]: closing down fd 8 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21078]: closing down fd 7 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21077]: closing down fd 10 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21077]: closing down fd 9 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21077]: closing down fd 8 Mar 12 19:26:08 ipaserver.test.local krb5kdc[21077]: closing down fd 7 Mar 12 19:26:08 ipaserver.test.local systemd[1]: krb5kdc.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit krb5kdc.service has successfully entered the 'dead' state. Mar 12 19:26:08 ipaserver.test.local systemd[1]: Stopped krb5kdc.service - Kerberos 5 KDC. ░░ Subject: A stop job for unit krb5kdc.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit krb5kdc.service has finished. ░░ ░░ The job identifier is 3902 and the job result is done. Mar 12 19:26:08 ipaserver.test.local systemd[1]: Starting krb5kdc.service - Kerberos 5 KDC... ░░ Subject: A start job for unit krb5kdc.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit krb5kdc.service has begun execution. ░░ ░░ The job identifier is 3902. Mar 12 19:26:09 ipaserver.test.local systemd[1]: krb5kdc.service: Can't open PID file '/run/krb5kdc.pid' (yet?) after start: No such file or directory Mar 12 19:26:09 ipaserver.test.local systemd[1]: Started krb5kdc.service - Kerberos 5 KDC. ░░ Subject: A start job for unit krb5kdc.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit krb5kdc.service has finished successfully. ░░ ░░ The job identifier is 3902. Mar 12 19:26:09 ipaserver.test.local sudo[20400]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:09 ipaserver.test.local sudo[21366]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-yrwpzgbnqqpbgvmgjwswgobbwjrtsaxw ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357969.7174792-18171-214906342823107/AnsiballZ_ipaserver_setup_adtrust.py' Mar 12 19:26:09 ipaserver.test.local sudo[21366]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:10 ipaserver.test.local python3.12[21369]: ansible-ipaserver_setup_adtrust Invoked with hostname=ipaserver.test.local setup_ca=True setup_adtrust=False enable_compat=False rid_base=1000 secondary_rid_base=100000000 adtrust_netbios_name=TEST adtrust_reset_netbios_name=True Mar 12 19:26:11 ipaserver.test.local ldapmodify[21374]: DIGEST-MD5 common mech free Mar 12 19:26:11 ipaserver.test.local systemd[1]: Stopping dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.... ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 3986. Mar 12 19:26:11 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:11.899351690 -0400] - INFO - ct_thread_cleanup - slapd shutting down - signaling connection table threads Mar 12 19:26:11 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:11.901497306 -0400] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 7 max work q size 3 max work q stack size 3 Mar 12 19:26:11 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:11.908401242 -0400] - INFO - slapd_daemon - slapd shutting down - waiting for 2 threads to terminate Mar 12 19:26:12 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:12.127784324 -0400] - INFO - slapd_daemon - slapd shutting down - accept_thread Mar 12 19:26:12 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:12.138745631 -0400] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Mar 12 19:26:12 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:12.169958403 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Mar 12 19:26:12 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:12.172226881 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 3 work q stack objects - freed 7 op stack objects Mar 12 19:26:12 ipaserver.test.local ns-slapd[21170]: [12/Mar/2026:19:26:12.174144669 -0400] - INFO - main - slapd stopped. Mar 12 19:26:12 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service has successfully entered the 'dead' state. Mar 12 19:26:12 ipaserver.test.local systemd[1]: Stopped dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.. ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has finished. ░░ ░░ The job identifier is 3986 and the job result is done. Mar 12 19:26:12 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Consumed 1.633s CPU time, 77.4M memory peak. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service completed and consumed the indicated resources. Mar 12 19:26:12 ipaserver.test.local systemd[1]: Starting dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 3986. Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.444610215 -0400] - INFO - slapd_extract_cert - CA CERT NAME: TEST.LOCAL IPA CA Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.447611572 -0400] - WARN - Security Initialization - SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password if pin.txt does not exist. Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.512352659 -0400] - INFO - slapd_extract_cert - SERVER CERT NAME: Server-Cert Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.661799591 -0400] - INFO - Security Initialization - SSL info: Enabling default cipher set. Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.663851787 -0400] - INFO - Security Initialization - SSL info: Configured NSS Ciphers Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.665848255 -0400] - INFO - Security Initialization - SSL info: TLS_AES_128_GCM_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.667725126 -0400] - INFO - Security Initialization - SSL info: TLS_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.669697338 -0400] - INFO - Security Initialization - SSL info: TLS_AES_256_GCM_SHA384: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.671551225 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.673721597 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.675565287 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.677504277 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.679442646 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.681254005 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.683040865 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.684890317 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.686783306 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.688611290 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.690535007 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.692330112 -0400] - INFO - Security Initialization - SSL info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.694247489 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.696203678 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.698167301 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.700085473 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.701916156 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.703722016 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.705507250 -0400] - INFO - Security Initialization - SSL info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.715395445 -0400] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.717392553 -0400] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.719407637 -0400] - INFO - main - 389-Directory/3.2.0 B2026.064.0000 starting up Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.721339157 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.733642202 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.735628735 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.737625678 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:26:12 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:12.739981519 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.288919331 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.297511382 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.303919308 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.309058287 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.314361658 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB) Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.316335140 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.318322313 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.340405662 -0400] - NOTICE - mdb_start_autotune - found 7.0 GB physical memory Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.342309912 -0400] - NOTICE - mdb_start_autotune - found 5.7 GB available Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.344210066 -0400] - NOTICE - mdb_start_autotune - cache autosizing: userRoot entry cache (3 total): 704.0 MB Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.346179812 -0400] - NOTICE - mdb_start_autotune - cache autosizing: userRoot dn cache (3 total): 128.0 MB Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.348446604 -0400] - NOTICE - mdb_start_autotune - cache autosizing: ipaca entry cache (3 total): 832.0 MB Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.350433340 -0400] - NOTICE - mdb_start_autotune - cache autosizing: ipaca dn cache (3 total): 128.0 MB Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.352417905 -0400] - NOTICE - mdb_start_autotune - cache autosizing: changelog dn cache (3 total): 64.0 MB Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.354439812 -0400] - NOTICE - mdb_start_autotune - total cache size: 2.0 GB Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.356524793 -0400] - INFO - dbmdb_make_env - MDB environment created with maxsize=21474836480 (20.0 GB) Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.358441412 -0400] - INFO - dbmdb_make_env - MDB environment created with max readers=126 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.360298661 -0400] - INFO - dbmdb_make_env - MDB environment created with max database instances=512 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.384092670 -0400] - ERR - schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup! Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.392887404 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.394929305 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.397045694 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=keys,cn=sec,cn=dns,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.398954964 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.400859057 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=dns,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.402944522 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.404933834 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.406976791 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.408991454 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.410916568 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.412877532 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.415190881 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.417109410 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.419099057 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.421090001 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.423042177 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.425060269 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.426946174 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.428922261 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.430963447 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.432946145 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.439767714 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.441942323 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=test,dc=local does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.518952527 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.523983228 -0400] - INFO - slapi_vattrspi_regattr - Because krbPwdPolicyReference is a new registered virtual attribute , nsslapd-ignore-virtual-attrs was set to 'off' Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.526250107 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.551303561 -0400] - INFO - validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 230 Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.553422783 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63771 slots. Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.586337801 -0400] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.588529318 -0400] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests Mar 12 19:26:13 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:13.590352061 -0400] - INFO - slapd_daemon - Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:26:13 ipaserver.test.local systemd[1]: Started dirsrv@TEST-LOCAL.service - 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 3986. Mar 12 19:26:14 ipaserver.test.local ldapmodify[21423]: DIGEST-MD5 common mech free Mar 12 19:26:14 ipaserver.test.local ldapmodify[21424]: DIGEST-MD5 common mech free Mar 12 19:26:14 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:14.841874684 -0400] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task starts ... Mar 12 19:26:14 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:14.846898469 -0400] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 204]: Sidgen task finished [0]. Mar 12 19:26:15 ipaserver.test.local /tmp/ansible_ipaserver_setup_adtrust_payload_uvfnn19t/ansible_ipaserver_setup_adtrust_payload.zip/ansible/modules/ipaserver_setup_adtrust.py[21369]: [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_139844074169328] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: adtrust_is_enabled: SUCCESS [ldap2_139844074169328] {"version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_adtrust_payload_uvfnn19t/ansible_ipaserver_setup_adtrust_payload.zip/ansible/modules/ipaserver_setup_adtrust.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_adtrust_payload_uvfnn19t/ansible_ipaserver_setup_adtrust_payload.zip/ansible/modules/ipaserver_setup_adtrust.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'adtrust_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'adtrust_is_enabled' by the '[autobind]' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'adtrust_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/adtrust_is_enabled.html Mar 12 19:26:16 ipaserver.test.local sudo[21366]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:16 ipaserver.test.local sudo[21581]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-ixsdivnavvmhmlszcqdymqxvfzwnwhsk ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357976.2654426-18197-157153940278850/AnsiballZ_ipaserver_set_ds_password.py' Mar 12 19:26:16 ipaserver.test.local sudo[21581]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:17 ipaserver.test.local python3.12[21584]: ansible-ipaserver_set_ds_password Invoked with dm_password=NOT_LOGGING_PARAMETER password=NOT_LOGGING_PARAMETER domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local setup_ca=True subject_base=O=TEST.LOCAL ca_subject=CN=Certificate Authority,O=TEST.LOCAL no_pkinit=False no_hbac_allow=False idstart=720600000 idmax=720799999 dirsrv_cert_files=[] external_cert_files=[] domainlevel=1 dirsrv_config_file=None _dirsrv_pkcs12_info=None Mar 12 19:26:17 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:17.849937257 -0400] - ERR - schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! Mar 12 19:26:17 ipaserver.test.local ldappasswd[21588]: DIGEST-MD5 common mech free Mar 12 19:26:17 ipaserver.test.local krb5kdc[21210]: closing down fd 10 Mar 12 19:26:17 ipaserver.test.local systemd[1]: Stopping krb5kdc.service - Kerberos 5 KDC... ░░ Subject: A stop job for unit krb5kdc.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit krb5kdc.service has begun execution. ░░ ░░ The job identifier is 4065. Mar 12 19:26:17 ipaserver.test.local krb5kdc[21207]: closing down fd 10 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21208]: closing down fd 10 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21208]: closing down fd 9 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21210]: closing down fd 9 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21207]: closing down fd 9 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21208]: closing down fd 8 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21210]: closing down fd 8 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21207]: closing down fd 8 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21208]: closing down fd 7 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21210]: closing down fd 7 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21207]: closing down fd 7 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21209]: closing down fd 10 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21209]: closing down fd 9 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21209]: closing down fd 8 Mar 12 19:26:17 ipaserver.test.local krb5kdc[21209]: closing down fd 7 Mar 12 19:26:18 ipaserver.test.local systemd[1]: krb5kdc.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit krb5kdc.service has successfully entered the 'dead' state. Mar 12 19:26:18 ipaserver.test.local systemd[1]: Stopped krb5kdc.service - Kerberos 5 KDC. ░░ Subject: A stop job for unit krb5kdc.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit krb5kdc.service has finished. ░░ ░░ The job identifier is 4065 and the job result is done. Mar 12 19:26:18 ipaserver.test.local systemd[1]: Starting krb5kdc.service - Kerberos 5 KDC... ░░ Subject: A start job for unit krb5kdc.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit krb5kdc.service has begun execution. ░░ ░░ The job identifier is 4065. Mar 12 19:26:18 ipaserver.test.local systemd[1]: krb5kdc.service: Can't open PID file '/run/krb5kdc.pid' (yet?) after start: No such file or directory Mar 12 19:26:18 ipaserver.test.local systemd[1]: Started krb5kdc.service - Kerberos 5 KDC. ░░ Subject: A start job for unit krb5kdc.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit krb5kdc.service has finished successfully. ░░ ░░ The job identifier is 4065. Mar 12 19:26:18 ipaserver.test.local sudo[21581]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:19 ipaserver.test.local sudo[21754]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-vtwroegkzngxmpxwjvtnlctyonozjhsj ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357979.1743493-18227-117210885144020/AnsiballZ_ipaclient_test.py' Mar 12 19:26:19 ipaserver.test.local sudo[21754]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:19 ipaserver.test.local python3.12[21757]: ansible-ipaclient_test Invoked with domain=test.local servers=['ipaserver.test.local'] realm=TEST.LOCAL hostname=ipaserver.test.local no_ntp=True force_ntpd=False no_nisdomain=False kinit_attempts=5 configure_firefox=False all_ip_addresses=False on_master=True dns_over_tls=False no_dnssec_validation=False enable_dns_updates=False ntp_servers=None ntp_pool=None nisdomain=None ca_cert_files=None firefox_dir=None ip_addresses=None Mar 12 19:26:19 ipaserver.test.local sudo[21754]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:20 ipaserver.test.local sudo[21915]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-jxgbmajxprbxupmxkxjllyokzntaeuzq ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357979.9867904-18238-85215363937631/AnsiballZ_file.py' Mar 12 19:26:20 ipaserver.test.local sudo[21915]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:20 ipaserver.test.local python3.12[21918]: ansible-ansible.builtin.file Invoked with path=/etc/ipa/.dns_ccache state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:26:20 ipaserver.test.local sudo[21915]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:20 ipaserver.test.local sudo[22073]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-otakekqwalvoyuyxdfbtffsclyuczhel ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357980.3921824-18246-25115464625110/AnsiballZ_ipaclient_setup_ntp.py' Mar 12 19:26:20 ipaserver.test.local sudo[22073]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:21 ipaserver.test.local python3.12[22076]: ansible-ipaclient_setup_ntp Invoked with ntp_servers=[''] ntp_pool= no_ntp=True on_master=True servers=['ipaserver.test.local'] domain=test.local Mar 12 19:26:21 ipaserver.test.local sudo[22073]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:21 ipaserver.test.local sudo[22233]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-zcvosaedppoequckqvcqhgmiwgujkrnm ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357981.2479053-18259-108441288396330/AnsiballZ_ipaclient_test_keytab.py' Mar 12 19:26:21 ipaserver.test.local sudo[22233]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:21 ipaserver.test.local python3.12[22236]: ansible-ipaclient_test_keytab Invoked with servers=['ipaserver.test.local'] domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local kdc=ipaserver.test.local kinit_attempts=5 Mar 12 19:26:22 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:26:22 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:26:22 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:26:22 ipaserver.test.local /mod_wsgi[20628]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: schema: SUCCESS [ldap2_140024988579360] {"version": "2.170"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/schema.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: schema: SUCCESS [ldap2_140024988579360] {"version": "2.170"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'schema' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'schema' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"version": "2.170"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'schema' see ░░ https://freeipa.readthedocs.io/en/latest/api/schema.html Mar 12 19:26:22 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:26:22 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:26:22 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:26:22 ipaserver.test.local /mod_wsgi[20627]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ping: SUCCESS [ldap2_140024988565184] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/ping.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ping: SUCCESS [ldap2_140024988565184] {"version": "2.257"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'ping' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'ping' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'ping' see ░░ https://freeipa.readthedocs.io/en/latest/api/ping.html Mar 12 19:26:22 ipaserver.test.local sudo[22233]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:22 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:22.855844403 -0400] - ERR - schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=test,dc=local Mar 12 19:26:22 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:22.859317049 -0400] - ERR - schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=test,dc=local Mar 12 19:26:22 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:22.862529082 -0400] - ERR - schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=test,dc=local Mar 12 19:26:22 ipaserver.test.local ns-slapd[21392]: [12/Mar/2026:19:26:22.864473041 -0400] - ERR - schema-compat-plugin - Finished plugin initialization. Mar 12 19:26:23 ipaserver.test.local sudo[22395]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-yevkokrqahjduaakkgxsajfsjfvgvzmw ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357983.2055607-18285-126221711446678/AnsiballZ_ipaclient_temp_krb5.py' Mar 12 19:26:23 ipaserver.test.local sudo[22395]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:23 ipaserver.test.local python3.12[22398]: ansible-ipaclient_temp_krb5 Invoked with servers=['ipaserver.test.local'] domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local kdc=ipaserver.test.local on_master=False Mar 12 19:26:23 ipaserver.test.local sudo[22395]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:24 ipaserver.test.local sudo[22561]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-ujkjzmmqrdjqhjfykuzunegtuyfkhjif ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357984.2056234-18301-174122869723848/AnsiballZ_ipaclient_setup_sssd.py' Mar 12 19:26:24 ipaserver.test.local sudo[22561]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:24 ipaserver.test.local python3.12[22564]: ansible-ipaclient_setup_sssd Invoked with servers=['ipaserver.test.local'] domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local on_master=True no_ssh=False no_sshd=False no_sudo=False all_ip_addresses=False fixed_primary=False permit=False enable_dns_updates=False dns_over_tls=False preserve_sssd=False no_krb5_offline_passwords=False Mar 12 19:26:24 ipaserver.test.local sudo[22561]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:25 ipaserver.test.local sudo[22722]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-pnyinvirdhavngryfkxdtlztmstvrgfv ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357985.0293193-18312-33083947070365/AnsiballZ_ipaclient_api.py' Mar 12 19:26:25 ipaserver.test.local sudo[22722]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:25 ipaserver.test.local python3.12[22725]: ansible-ipaclient_api Invoked with servers=['ipaserver.test.local'] realm=TEST.LOCAL hostname=ipaserver.test.local krb_name=/tmp/tmp8rgz05w2 debug=False Mar 12 19:26:25 ipaserver.test.local [20629]: GSSAPI client step 1 Mar 12 19:26:25 ipaserver.test.local [20629]: GSSAPI client step 1 Mar 12 19:26:25 ipaserver.test.local [20629]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local /mod_wsgi[20629]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: schema: SchemaUpToDate [ldap2_140024988563696] {"known_fingerprints": ["56201a37"], "version": "2.170"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/schema.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: schema: SchemaUpToDate [ldap2_140024988563696] {"known_fingerprints": ["56201a37"], "version": "2.170"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'schema' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SchemaUpToDate' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'schema' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"known_fingerprints": ["56201a37"], "version": "2.170"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'schema' see ░░ https://freeipa.readthedocs.io/en/latest/api/schema.html Mar 12 19:26:26 ipaserver.test.local [20626]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local [20626]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local [20626]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local /mod_wsgi[20626]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ping: SUCCESS [ldap2_140024988563888] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/ping.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ping: SUCCESS [ldap2_140024988563888] {"version": "2.257"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'ping' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'ping' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'ping' see ░░ https://freeipa.readthedocs.io/en/latest/api/ping.html Mar 12 19:26:26 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local /mod_wsgi[20628]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ca_is_enabled: SUCCESS [ldap2_140024988579360] {"version": "2.107"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/ca_is_enabled.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ca_is_enabled: SUCCESS [ldap2_140024988579360] {"version": "2.107"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'ca_is_enabled' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'ca_is_enabled' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"version": "2.107"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'ca_is_enabled' see ░░ https://freeipa.readthedocs.io/en/latest/api/ca_is_enabled.html Mar 12 19:26:26 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:26:26 ipaserver.test.local /mod_wsgi[20627]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: config_show: SUCCESS [ldap2_140024988565184] {"rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/config_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: config_show: SUCCESS [ldap2_140024988565184] {"rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'config_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'config_show' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'config_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/config_show.html Mar 12 19:26:27 ipaserver.test.local sudo[22722]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:27 ipaserver.test.local sudo[22948]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-juusgepmowhqivboifadfutntihwwian ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773357987.1944153-18327-146158960632409/AnsiballZ_ipaclient_setup_nss.py' Mar 12 19:26:27 ipaserver.test.local sudo[22948]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:27 ipaserver.test.local python3.12[22951]: ansible-ipaclient_setup_nss Invoked with servers=['ipaserver.test.local'] domain=test.local realm=TEST.LOCAL basedn=dc=test,dc=local hostname=ipaserver.test.local subject_base=O=TEST.LOCAL principal=admin mkhomedir=False ca_enabled=True on_master=True dnsok=False enable_dns_updates=False dns_over_tls=False no_dnssec_validation=False all_ip_addresses=False request_cert=False preserve_sssd=False no_ssh=False no_sshd=False no_sudo=False subid=False fixed_primary=False permit=False no_krb5_offline_passwords=False no_dns_sshfp=False nosssd_files={} selinux_works=True krb_name=/tmp/tmp8rgz05w2 ip_addresses=None Mar 12 19:26:28 ipaserver.test.local [20629]: GSSAPI client step 1 Mar 12 19:26:28 ipaserver.test.local [20629]: GSSAPI client step 1 Mar 12 19:26:28 ipaserver.test.local [20629]: GSSAPI client step 1 Mar 12 19:26:28 ipaserver.test.local /mod_wsgi[20629]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ping: SUCCESS [ldap2_140024988563696] {"version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/ping.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: ping: SUCCESS [ldap2_140024988563696] {"version": "2.257"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'ping' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'ping' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'ping' see ░░ https://freeipa.readthedocs.io/en/latest/api/ping.html Mar 12 19:26:28 ipaserver.test.local python3.12[22951]: GSSAPI client step 1 Mar 12 19:26:28 ipaserver.test.local python3.12[22951]: GSSAPI client step 1 Mar 12 19:26:28 ipaserver.test.local python3.12[22951]: GSSAPI client step 1 Mar 12 19:26:28 ipaserver.test.local python3.12[22951]: GSSAPI client step 2 Mar 12 19:26:31 ipaserver.test.local [20626]: GSSAPI client step 1 Mar 12 19:26:31 ipaserver.test.local [20626]: GSSAPI client step 1 Mar 12 19:26:31 ipaserver.test.local [20626]: GSSAPI client step 1 Mar 12 19:26:31 ipaserver.test.local /mod_wsgi[20626]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: host_mod: SUCCESS [ldap2_140024988563888] {"fqdn": "ipaserver.test.local", "random": false, "ipasshpubkey": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkNA+T/ktluT9xfyVKMZxyj3xi1ldHvT74JNWFdnQwi4OCCBYmmUDmJfcFXuGbzIObEiHkujDEjGbqHcMLYyjyBON2//xSihO20cG+dEE5SkdTwC9ytz2P1NQQUK07ixmOdVLV5s6TdHHTdzfIhEyNJNaADwl2VpfFo4MhMydVHal8JlkXIupfrrAaHr+ASyklAO31sH0ockpiHcOyE2Xuu/CCamUm2Kf+BvSkrk4OBha4rLprQLIDHpxuZ7qaR2knKfaQijhWB1KtqKFYr++OObtPvgKwCEeBIZmuUF2jTYeyEIUm8DRmrAGcTaEYZawAr/PvoDxIlpmnxVeF+BD43umZQTWZmtqIzL2mVYwP1gQdJOZvPam/vNqcNbCiQqS0WRLZ9wta7lws+AW7NEyFUBJvjEhBKsWMjWJ+t95oY0+80HGelNmND99V1fVYUHkABjp6B2Zn+BYKat26tMnPVhWkkRTP6bGFUmTqIUa1SBS8mLM1M4PT5Lw7Tr8cXQk= root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPTF1+wgSiLfPNfi3pJuEuWY8X0775/Zy5hhDYNB31jpItkdMWPZthbUegVdaj0tYJmz0qhaa1ZuJmdyBYdoZ8k= root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIEfTd/ACSrdWJR9M+qc9vxtmOHJ4Oj2CrRk9Hc46rH root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com"], "rights": false, "updatedns": false, "all": false, "raw": false, "version": "2.26", "no_members": false} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/host_mod.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: host_mod: SUCCESS [ldap2_140024988563888] {"fqdn": "ipaserver.test.local", "random": false, "ipasshpubkey": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkNA+T/ktluT9xfyVKMZxyj3xi1ldHvT74JNWFdnQwi4OCCBYmmUDmJfcFXuGbzIObEiHkujDEjGbqHcMLYyjyBON2//xSihO20cG+dEE5SkdTwC9ytz2P1NQQUK07ixmOdVLV5s6TdHHTdzfIhEyNJNaADwl2VpfFo4MhMydVHal8JlkXIupfrrAaHr+ASyklAO31sH0ockpiHcOyE2Xuu/CCamUm2Kf+BvSkrk4OBha4rLprQLIDHpxuZ7qaR2knKfaQijhWB1KtqKFYr++OObtPvgKwCEeBIZmuUF2jTYeyEIUm8DRmrAGcTaEYZawAr/PvoDxIlpmnxVeF+BD43umZQTWZmtqIzL2mVYwP1gQdJOZvPam/vNqcNbCiQqS0WRLZ9wta7lws+AW7NEyFUBJvjEhBKsWMjWJ+t95oY0+80HGelNmND99V1fVYUHkABjp6B2Zn+BYKat26tMnPVhWkkRTP6bGFUmTqIUa1SBS8mLM1M4PT5Lw7Tr8cXQk= root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPTF1+wgSiLfPNfi3pJuEuWY8X0775/Zy5hhDYNB31jpItkdMWPZthbUegVdaj0tYJmz0qhaa1ZuJmdyBYdoZ8k= root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIEfTd/ACSrdWJR9M+qc9vxtmOHJ4Oj2CrRk9Hc46rH root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com"], "rights": false, "updatedns": false, "all": false, "raw": false, "version": "2.26", "no_members": false} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'host_mod' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'host_mod' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"fqdn": "ipaserver.test.local", "random": false, "ipasshpubkey": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkNA+T/ktluT9xfyVKMZxyj3xi1ldHvT74JNWFdnQwi4OCCBYmmUDmJfcFXuGbzIObEiHkujDEjGbqHcMLYyjyBON2//xSihO20cG+dEE5SkdTwC9ytz2P1NQQUK07ixmOdVLV5s6TdHHTdzfIhEyNJNaADwl2VpfFo4MhMydVHal8JlkXIupfrrAaHr+ASyklAO31sH0ockpiHcOyE2Xuu/CCamUm2Kf+BvSkrk4OBha4rLprQLIDHpxuZ7qaR2knKfaQijhWB1KtqKFYr++OObtPvgKwCEeBIZmuUF2jTYeyEIUm8DRmrAGcTaEYZawAr/PvoDxIlpmnxVeF+BD43umZQTWZmtqIzL2mVYwP1gQdJOZvPam/vNqcNbCiQqS0WRLZ9wta7lws+AW7NEyFUBJvjEhBKsWMjWJ+t95oY0+80HGelNmND99V1fVYUHkABjp6B2Zn+BYKat26tMnPVhWkkRTP6bGFUmTqIUa1SBS8mLM1M4PT5Lw7Tr8cXQk= root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPTF1+wgSiLfPNfi3pJuEuWY8X0775/Zy5hhDYNB31jpItkdMWPZthbUegVdaj0tYJmz0qhaa1ZuJmdyBYdoZ8k= root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIEfTd/ACSrdWJR9M+qc9vxtmOHJ4Oj2CrRk9Hc46rH root@ip-10-31-42-29.testing-farm.us-east-1.aws.redhat.com"], "rights": false, "updatedns": false, "all": false, "raw": false, "version": "2.26", "no_members": false} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'host_mod' see ░░ https://freeipa.readthedocs.io/en/latest/api/host_mod.html Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: Converting 601 SID table entries... Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability ioctl_skip_cloexec=0 Mar 12 19:26:56 ipaserver.test.local kernel: SELinux: policy capability userspace_initial_context=0 Mar 12 19:26:56 ipaserver.test.local setsebool[24172]: The sssd_use_usb policy boolean was changed to on by root Mar 12 19:26:56 ipaserver.test.local systemd[1]: Starting sssd.service - System Security Services Daemon... ░░ Subject: A start job for unit sssd.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sssd.service has begun execution. ░░ ░░ The job identifier is 4149. Mar 12 19:26:56 ipaserver.test.local sssd[24199]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_be[24200]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_ifp[24205]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_sudo[24207]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_be[24200]: GSSAPI client step 1 Mar 12 19:26:57 ipaserver.test.local sssd_be[24200]: GSSAPI client step 1 Mar 12 19:26:57 ipaserver.test.local sssd_pac[24208]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_be[24200]: GSSAPI client step 1 Mar 12 19:26:57 ipaserver.test.local sssd_be[24200]: GSSAPI client step 2 Mar 12 19:26:57 ipaserver.test.local sssd_nss[24203]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_ssh[24206]: Starting up Mar 12 19:26:57 ipaserver.test.local sssd_pam[24204]: Starting up Mar 12 19:26:57 ipaserver.test.local systemd[1]: Started sssd.service - System Security Services Daemon. ░░ Subject: A start job for unit sssd.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sssd.service has finished successfully. ░░ ░░ The job identifier is 4149. Mar 12 19:26:57 ipaserver.test.local systemd[1]: Reload requested from client PID 24210 ('systemctl') (unit session-7.scope)... Mar 12 19:26:57 ipaserver.test.local systemd[1]: Reloading... Mar 12 19:26:57 ipaserver.test.local systemd-rc-local-generator[24255]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:26:57 ipaserver.test.local systemd[1]: Reloading finished in 177 ms. Mar 12 19:26:57 ipaserver.test.local sudo[22948]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:57 ipaserver.test.local sudo[24429]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-kevrscccriqqlvdtejruzjdngogeyiml ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358017.6323245-18425-254157988133980/AnsiballZ_ipaclient_setup_ssh.py' Mar 12 19:26:57 ipaserver.test.local sudo[24429]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:58 ipaserver.test.local python3.12[24432]: ansible-ipaclient_setup_ssh Invoked with servers=['ipaserver.test.local'] sssd=True no_ssh=False ssh_trust_dns=False no_sshd=False Mar 12 19:26:58 ipaserver.test.local systemd[1]: Stopping sshd.service - OpenSSH server daemon... ░░ Subject: A stop job for unit sshd.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit sshd.service has begun execution. ░░ ░░ The job identifier is 4228. Mar 12 19:26:58 ipaserver.test.local sshd[1251]: Received signal 15; terminating. Mar 12 19:26:58 ipaserver.test.local systemd[1]: sshd.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit sshd.service has successfully entered the 'dead' state. Mar 12 19:26:58 ipaserver.test.local systemd[1]: Stopped sshd.service - OpenSSH server daemon. ░░ Subject: A stop job for unit sshd.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit sshd.service has finished. ░░ ░░ The job identifier is 4228 and the job result is done. Mar 12 19:26:58 ipaserver.test.local systemd[1]: Stopped target sshd-keygen.target. ░░ Subject: A stop job for unit sshd-keygen.target has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit sshd-keygen.target has finished. ░░ ░░ The job identifier is 4312 and the job result is done. Mar 12 19:26:58 ipaserver.test.local systemd[1]: Stopping sshd-keygen.target... ░░ Subject: A stop job for unit sshd-keygen.target has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit sshd-keygen.target has begun execution. ░░ ░░ The job identifier is 4312. Mar 12 19:26:58 ipaserver.test.local systemd[1]: ssh-host-keys-migration.service - Update OpenSSH host key permissions was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/.ssh-host-keys-migration). ░░ Subject: A start job for unit ssh-host-keys-migration.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit ssh-host-keys-migration.service has finished successfully. ░░ ░░ The job identifier is 4306. Mar 12 19:26:58 ipaserver.test.local systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because of an unmet condition check (ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target). ░░ Subject: A start job for unit sshd-keygen@ecdsa.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sshd-keygen@ecdsa.service has finished successfully. ░░ ░░ The job identifier is 4310. Mar 12 19:26:58 ipaserver.test.local systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because of an unmet condition check (ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target). ░░ Subject: A start job for unit sshd-keygen@ed25519.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sshd-keygen@ed25519.service has finished successfully. ░░ ░░ The job identifier is 4311. Mar 12 19:26:58 ipaserver.test.local systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because of an unmet condition check (ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target). ░░ Subject: A start job for unit sshd-keygen@rsa.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sshd-keygen@rsa.service has finished successfully. ░░ ░░ The job identifier is 4308. Mar 12 19:26:58 ipaserver.test.local systemd[1]: Reached target sshd-keygen.target. ░░ Subject: A start job for unit sshd-keygen.target has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sshd-keygen.target has finished successfully. ░░ ░░ The job identifier is 4312. Mar 12 19:26:58 ipaserver.test.local systemd[1]: Starting sshd.service - OpenSSH server daemon... ░░ Subject: A start job for unit sshd.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sshd.service has begun execution. ░░ ░░ The job identifier is 4228. Mar 12 19:26:58 ipaserver.test.local sshd[24439]: Server listening on 0.0.0.0 port 22. Mar 12 19:26:58 ipaserver.test.local sshd[24439]: Server listening on :: port 22. Mar 12 19:26:58 ipaserver.test.local systemd[1]: Started sshd.service - OpenSSH server daemon. ░░ Subject: A start job for unit sshd.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sshd.service has finished successfully. ░░ ░░ The job identifier is 4228. Mar 12 19:26:58 ipaserver.test.local sudo[24429]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:58 ipaserver.test.local sudo[24595]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-zvbtbrbbpsrnftorkpeobduogfnrhgix ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358018.479411-18436-277772547359806/AnsiballZ_ipaclient_setup_automount.py' Mar 12 19:26:58 ipaserver.test.local sudo[24595]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:59 ipaserver.test.local python3.12[24598]: ansible-ipaclient_setup_automount Invoked with servers=['ipaserver.test.local'] sssd=True automount_location=None Mar 12 19:26:59 ipaserver.test.local sudo[24595]: pam_unix(sudo:session): session closed for user root Mar 12 19:26:59 ipaserver.test.local sudo[24755]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-wwzzwuzjpgqzbfxjjotauvgdxqfmaqmy ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358019.3015654-18448-271675876983909/AnsiballZ_ipaclient_setup_nis.py' Mar 12 19:26:59 ipaserver.test.local sudo[24755]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:26:59 ipaserver.test.local python3.12[24758]: ansible-ipaclient_setup_nis Invoked with domain=test.local nisdomain=None Mar 12 19:26:59 ipaserver.test.local systemd[1]: Reload requested from client PID 24763 ('systemctl') (unit session-7.scope)... Mar 12 19:26:59 ipaserver.test.local systemd[1]: Reloading... Mar 12 19:27:00 ipaserver.test.local systemd-rc-local-generator[24808]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:27:00 ipaserver.test.local systemd[1]: Reloading finished in 179 ms. Mar 12 19:27:00 ipaserver.test.local systemd[1]: Starting nis-domainname.service - Read and set NIS domainname from /etc/sysconfig/network... ░░ Subject: A start job for unit nis-domainname.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit nis-domainname.service has begun execution. ░░ ░░ The job identifier is 4313. Mar 12 19:27:00 ipaserver.test.local systemd[1]: Finished nis-domainname.service - Read and set NIS domainname from /etc/sysconfig/network. ░░ Subject: A start job for unit nis-domainname.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit nis-domainname.service has finished successfully. ░░ ░░ The job identifier is 4313. Mar 12 19:27:00 ipaserver.test.local sudo[24755]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:00 ipaserver.test.local sudo[24988]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-dzvrkiarnxbskjneyovvpnulcnymycai ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358020.337254-18459-121383104710948/AnsiballZ_file.py' Mar 12 19:27:00 ipaserver.test.local sudo[24988]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:00 ipaserver.test.local python3.12[24991]: ansible-ansible.builtin.file Invoked with path=/tmp/tmp8rgz05w2 state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:00 ipaserver.test.local sudo[24988]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:00 ipaserver.test.local sudo[25146]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-suejujwjgsogdthckvzvjctygjrgrzyu ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358020.8627217-18473-202368496285484/AnsiballZ_file.py' Mar 12 19:27:00 ipaserver.test.local sudo[25146]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:01 ipaserver.test.local python3.12[25149]: ansible-ansible.builtin.file Invoked with path=/etc/ipa/.dns_ccache state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:01 ipaserver.test.local sudo[25146]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:01 ipaserver.test.local sudo[25304]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-iwklbfldhmtfcurjvoigfgfcggryeqjm ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358021.2643523-18481-70605943950579/AnsiballZ_file.py' Mar 12 19:27:01 ipaserver.test.local sudo[25304]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:01 ipaserver.test.local python3.12[25307]: ansible-ansible.builtin.file Invoked with path=/tmp/tmp8rgz05w2 state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:01 ipaserver.test.local sudo[25304]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:01 ipaserver.test.local sudo[25462]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-domaxihsdyeintvorlnkafbqeapswtts ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358021.6721392-18489-257397470491312/AnsiballZ_file.py' Mar 12 19:27:01 ipaserver.test.local sudo[25462]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:01 ipaserver.test.local python3.12[25465]: ansible-ansible.builtin.file Invoked with path=/tmp/tmp8rgz05w2.ipabkp state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:01 ipaserver.test.local sudo[25462]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:02 ipaserver.test.local sudo[25620]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-fbmvwqzbsszxjismscoenjxtqmolwnga ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358022.1158736-18501-79244410025471/AnsiballZ_ipaserver_enable_ipa.py' Mar 12 19:27:02 ipaserver.test.local sudo[25620]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:02 ipaserver.test.local python3.12[25623]: ansible-ipaserver_enable_ipa Invoked with hostname=ipaserver.test.local setup_dns=False setup_ca=True Mar 12 19:27:04 ipaserver.test.local /tmp/ansible_ipaserver_enable_ipa_payload_5id0sqy0/ansible_ipaserver_enable_ipa_payload.zip/ansible/modules/ipaserver_enable_ipa.py[25623]: [IPA.API] [autobind]: dns_update_system_records: SUCCESS [ldap2_139815277192464] {"dry_run": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/dns_update_system_records.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: dns_update_system_records: SUCCESS [ldap2_139815277192464] {"dry_run": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_enable_ipa_payload_5id0sqy0/ansible_ipaserver_enable_ipa_payload.zip/ansible/modules/ipaserver_enable_ipa.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_enable_ipa_payload_5id0sqy0/ansible_ipaserver_enable_ipa_payload.zip/ansible/modules/ipaserver_enable_ipa.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'dns_update_system_records' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'dns_update_system_records' by the '[autobind]' actor: ░░ ░░ {"dry_run": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'dns_update_system_records' see ░░ https://freeipa.readthedocs.io/en/latest/api/dns_update_system_records.html Mar 12 19:27:04 ipaserver.test.local /tmp/ansible_ipaserver_enable_ipa_payload_5id0sqy0/ansible_ipaserver_enable_ipa_payload.zip/ansible/modules/ipaserver_enable_ipa.py[25623]: [IPA.API] [autobind]: server_find: SUCCESS [ldap2_139815277192464] {"criteria": null, "all": false, "raw": false, "version": "2.257", "no_members": false, "pkey_only": false} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/server_find.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: server_find: SUCCESS [ldap2_139815277192464] {"criteria": null, "all": false, "raw": false, "version": "2.257", "no_members": false, "pkey_only": false} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_enable_ipa_payload_5id0sqy0/ansible_ipaserver_enable_ipa_payload.zip/ansible/modules/ipaserver_enable_ipa.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_enable_ipa_payload_5id0sqy0/ansible_ipaserver_enable_ipa_payload.zip/ansible/modules/ipaserver_enable_ipa.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'server_find' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'server_find' by the '[autobind]' actor: ░░ ░░ {"criteria": null, "all": false, "raw": false, "version": "2.257", "no_members": false, "pkey_only": false} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'server_find' see ░░ https://freeipa.readthedocs.io/en/latest/api/server_find.html Mar 12 19:27:04 ipaserver.test.local systemd[1]: Reload requested from client PID 25627 ('systemctl') (unit session-7.scope)... Mar 12 19:27:04 ipaserver.test.local systemd[1]: Reloading... Mar 12 19:27:04 ipaserver.test.local systemd-rc-local-generator[25676]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:27:04 ipaserver.test.local systemd[1]: Reloading finished in 181 ms. Mar 12 19:27:04 ipaserver.test.local systemd[1]: Starting ipa.service - Identity, Policy, Audit... ░░ Subject: A start job for unit ipa.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit ipa.service has begun execution. ░░ ░░ The job identifier is 4319. Mar 12 19:27:05 ipaserver.test.local ipactl[25694]: Existing service file detected! Mar 12 19:27:05 ipaserver.test.local ipactl[25694]: Assuming stale, cleaning and proceeding Mar 12 19:27:06 ipaserver.test.local systemd[1]: Starting httpd-init.service - One-time temporary TLS key generation for httpd.service... ░░ Subject: A start job for unit httpd-init.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit httpd-init.service has begun execution. ░░ ░░ The job identifier is 4729. Mar 12 19:27:06 ipaserver.test.local systemd[1]: httpd-init.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit httpd-init.service has successfully entered the 'dead' state. Mar 12 19:27:06 ipaserver.test.local systemd[1]: Finished httpd-init.service - One-time temporary TLS key generation for httpd.service. ░░ Subject: A start job for unit httpd-init.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit httpd-init.service has finished successfully. ░░ ░░ The job identifier is 4729. Mar 12 19:27:06 ipaserver.test.local systemd[1]: Reached target dirsrv.target - 389 Directory Server. ░░ Subject: A start job for unit dirsrv.target has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv.target has finished successfully. ░░ ░░ The job identifier is 4810. Mar 12 19:27:06 ipaserver.test.local systemd[1]: Reached target pki-tomcatd.target - PKI Tomcat Server. ░░ Subject: A start job for unit pki-tomcatd.target has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd.target has finished successfully. ░░ ░░ The job identifier is 4809. Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: ipa: INFO: The ipactl command was successful Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting Directory Service Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting krb5kdc Service Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting kadmin Service Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting httpd Service Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting ipa-custodia Service Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting pki-tomcatd Service Mar 12 19:27:06 ipaserver.test.local ipactl[25694]: Starting ipa-otpd Service Mar 12 19:27:06 ipaserver.test.local systemd[1]: Finished ipa.service - Identity, Policy, Audit. ░░ Subject: A start job for unit ipa.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit ipa.service has finished successfully. ░░ ░░ The job identifier is 4319. Mar 12 19:27:06 ipaserver.test.local sudo[25620]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:06 ipaserver.test.local sudo[25874]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-wefkbxuoudxlvlbksuvqftfvwipjrhtx ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358026.868794-18523-220343536802467/AnsiballZ_command.py' Mar 12 19:27:07 ipaserver.test.local sudo[25874]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:07 ipaserver.test.local python3.12[25877]: ansible-ansible.legacy.command Invoked with _raw_params=firewall-cmd --permanent --zone="" --add-service=freeipa-ldap --add-service=freeipa-ldaps --add-service=ntp _uses_shell=False expand_argument_vars=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None Mar 12 19:27:07 ipaserver.test.local sudo[25874]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:07 ipaserver.test.local sudo[26033]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-pwulfpydzgxgrphsumdmqwtrspxyjqsw ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358027.4808383-18534-152801139248415/AnsiballZ_command.py' Mar 12 19:27:07 ipaserver.test.local sudo[26033]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:07 ipaserver.test.local python3.12[26036]: ansible-ansible.legacy.command Invoked with _raw_params=firewall-cmd --zone="" --add-service=freeipa-ldap --add-service=freeipa-ldaps --add-service=ntp _uses_shell=False expand_argument_vars=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None Mar 12 19:27:07 ipaserver.test.local sudo[26033]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:08 ipaserver.test.local sudo[26192]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-hnygvrhthzvkertggytsbalmjnuxrlad ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358028.0482278-18545-22377801475329/AnsiballZ_file.py' Mar 12 19:27:08 ipaserver.test.local sudo[26192]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:08 ipaserver.test.local python3.12[26195]: ansible-ansible.builtin.file Invoked with path=/root/.ipa_cache state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:08 ipaserver.test.local sudo[26192]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:08 ipaserver.test.local sudo[26350]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-rymfmtmalmjooockxyigonqionmdjfjk ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358028.4241004-18553-22087304621745/AnsiballZ_file.py' Mar 12 19:27:08 ipaserver.test.local sudo[26350]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:08 ipaserver.test.local python3.12[26353]: ansible-ansible.builtin.file Invoked with path=/etc/ipa/.tmp_pkcs12_dirsrv state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:08 ipaserver.test.local sudo[26350]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:08 ipaserver.test.local sudo[26508]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-plcneqikmfapdyjndfnnvjzotznriytu ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358028.7809339-18553-177468768130382/AnsiballZ_file.py' Mar 12 19:27:08 ipaserver.test.local sudo[26508]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:09 ipaserver.test.local python3.12[26511]: ansible-ansible.builtin.file Invoked with path=/etc/ipa/.tmp_pkcs12_http state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:09 ipaserver.test.local sudo[26508]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:09 ipaserver.test.local sudo[26666]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-oifxmacrtwsqemshccmivhmptqddqvuf ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358029.1496973-18553-11661983793730/AnsiballZ_file.py' Mar 12 19:27:09 ipaserver.test.local sudo[26666]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:09 ipaserver.test.local python3.12[26669]: ansible-ansible.builtin.file Invoked with path=/etc/ipa/.tmp_pkcs12_pkinit state=absent recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None mode=None owner=None group=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:09 ipaserver.test.local sudo[26666]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:09 ipaserver.test.local sudo[26824]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-ikohodaitbgmzckyzdqdzyvlxsccknai ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358029.6972928-18584-84648815202952/AnsiballZ_command.py' Mar 12 19:27:09 ipaserver.test.local sudo[26824]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:09 ipaserver.test.local python3.12[26827]: ansible-ansible.legacy.command Invoked with _raw_params=systemctl is-system-running _uses_shell=False expand_argument_vars=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None Mar 12 19:27:09 ipaserver.test.local sudo[26824]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:10 ipaserver.test.local sudo[26983]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-dilobcycvbupyssudmtsvijbmendriex ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358030.185745-18598-52976681534050/AnsiballZ_dnf.py' Mar 12 19:27:10 ipaserver.test.local sudo[26983]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:10 ipaserver.test.local python3.12[26986]: ansible-ansible.legacy.dnf Invoked with name=['python3-pyasn1', 'python3-cryptography', 'python3-dbus'] state=present allow_downgrade=False allowerasing=False autoremove=False bugfix=False cacheonly=False disable_gpg_check=False disable_plugin=[] disablerepo=[] download_only=False enable_plugin=[] enablerepo=[] exclude=[] installroot=/ install_repoquery=True install_weak_deps=True security=False skip_broken=False update_cache=False update_only=False validate_certs=True sslverify=True lock_timeout=30 use_backend=auto best=None conf_file=None disable_excludes=None download_dir=None list=None nobest=None releasever=None Mar 12 19:27:10 ipaserver.test.local sudo[26983]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:11 ipaserver.test.local sudo[27142]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-whdhjmkjjtouewvwcbbntnnhtqtgernm ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358031.059289-18609-118383657632914/AnsiballZ_dnf.py' Mar 12 19:27:11 ipaserver.test.local sudo[27142]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:11 ipaserver.test.local python3.12[27145]: ansible-ansible.legacy.dnf Invoked with name=['certmonger', 'python3-packaging'] state=present allow_downgrade=False allowerasing=False autoremove=False bugfix=False cacheonly=False disable_gpg_check=False disable_plugin=[] disablerepo=[] download_only=False enable_plugin=[] enablerepo=[] exclude=[] installroot=/ install_repoquery=True install_weak_deps=True security=False skip_broken=False update_cache=False update_only=False validate_certs=True sslverify=True lock_timeout=30 use_backend=auto best=None conf_file=None disable_excludes=None download_dir=None list=None nobest=None releasever=None Mar 12 19:27:11 ipaserver.test.local sudo[27142]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:12 ipaserver.test.local sudo[27301]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-wfcupribpegffbfaunpdvejjjjlxinjn ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358031.9254248-18617-238608482857349/AnsiballZ_file.py' Mar 12 19:27:12 ipaserver.test.local sudo[27301]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:12 ipaserver.test.local python3.12[27304]: ansible-file Invoked with name=/etc/certmonger//pre-scripts owner=root group=root mode=0700 state=directory path=/etc/certmonger//pre-scripts recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:12 ipaserver.test.local sudo[27301]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:12 ipaserver.test.local sudo[27459]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-afpsdkcycevpvcwmxbkxiluzqavmeped ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358032.3362134-18628-66190744548757/AnsiballZ_file.py' Mar 12 19:27:12 ipaserver.test.local sudo[27459]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:12 ipaserver.test.local python3.12[27462]: ansible-file Invoked with name=/etc/certmonger//post-scripts owner=root group=root mode=0700 state=directory path=/etc/certmonger//post-scripts recurse=False force=False follow=True modification_time_format=%Y%m%d%H%M.%S access_time_format=%Y%m%d%H%M.%S unsafe_writes=False _original_basename=None _diff_peek=None src=None modification_time=None access_time=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:27:12 ipaserver.test.local sudo[27459]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:12 ipaserver.test.local sudo[27617]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-zrckwqerqpkmbbntmensmydolkkfbgft ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358032.7427216-18636-24014083354183/AnsiballZ_systemd.py' Mar 12 19:27:12 ipaserver.test.local sudo[27617]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:13 ipaserver.test.local python3.12[27620]: ansible-ansible.legacy.systemd Invoked with name=certmonger state=started enabled=True daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None Mar 12 19:27:13 ipaserver.test.local sudo[27617]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:13 ipaserver.test.local sudo[27777]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-lyfdzhnxbmpnxwdxsyhwjjxnvlpmonho ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358033.325314-18647-35478004413935/AnsiballZ_certificate_request.py' Mar 12 19:27:13 ipaserver.test.local sudo[27777]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:13 ipaserver.test.local python3.12[27780]: ansible-fedora.linux_system_roles.certificate_request Invoked with name=mycert_basic_ipa dns=['ipaserver.test.local'] principal=['HTTP/ipaserver.test.local@TEST.LOCAL'] directory=/etc/pki/tls wait=True ca=ipa __header=# # Ansible managed # # system_role:certificate booted=True provider_config_directory=/etc/certmonger provider=certmonger key_usage=['digitalSignature', 'keyEncipherment'] extended_key_usage=['id-kp-serverAuth', 'id-kp-clientAuth'] auto_renew=True ip=None email=None common_name=None country=None state=None locality=None organization=None organizational_unit=None contact_email=None key_size=None owner=None group=None mode=None run_before=None run_after=None Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_REQ_SUBJECT" to "CN=ipaserver.test.local" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_REQ_HOSTNAME" to "ipaserver.test.local Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: " for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_REQ_PRINCIPAL" to "HTTP/ipaserver.test.local@TEST.LOCAL Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: " for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_OPERATION" to "SUBMIT" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_CSR" to "-----BEGIN CERTIFICATE REQUEST----- Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEi Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWKlWwJG6PWk/UKBQwopXlxEI3 Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 1zHjsZV7yv0QEvktAvvbblXGPncYhQk92xoTrhMn7pqEVNfLTGpAWqs1OSVu/Cl+ Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: f91TtxaNh3kM+kUw4RY5FvPqE+iq0bqCjXXIkQ4e811/5HKPWug1usP35tCZw9+D Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: kjDA/UwHx9qX4MnHpUvw3c3maN19iX0qV5emReFYOrG8kBAVz3PI+2P6MTmf2rzL Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 05VE9R5pfyyp5CDmusQsxWo5WziCHNlBMKI73+NjST5qZL6AbUKheQ3080ZIT1Dn Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: jSKQ69Srq5TIMo3o3ecjsMh1fRNXJq5l9Nv6eikFji3GIRUGwscMrxG8iv1LAgMB Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: AAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcA Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: MQAzMIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGU Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: MIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAv Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: aXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwb Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: ClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5s Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: b2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: ADAdBgNVHQ4EFgQUb8lV5syPzs7Ym8YeEIMfWXJ3v+wwDQYJKoZIhvcNAQELBQAD Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: ggEBAJb3l94BFzQzs3REpyXoQTtXbKfEj8Q57uFsO20YVy9R6i1zjGIc3CUqBo7t Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: mvWdKPfrBZbExs3pCeFrQs49aFYu60DCV2x/0L2GtDF4QvC+QF97vRvJFChr5Vz8 Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: kEI8HpKcRPnN+In5PZazxCGZ5HeN++LBq1qshOtSGqEh/RqTxl/QCSkdS/ctOnbH Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: DbV7KOC2ZYRxwbU3Q6g5JZWPOKMOLoLbqJ8SFIVMlrOyjEFCO2fRGv+skLrK/MSj Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 4NKKRTWCI0G7SpZ9YiGfRFY2PvyKdO1BAUS1f66ffLL0FKOn1bLaLSFa69+LWpBY Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: Je9r160GbC0ZS9gJfqqf6wt+5DM= Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: -----END CERTIFICATE REQUEST----- Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: " for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_SPKAC" to "MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWKlWwJG6PWk/UKBQwopXlxEI31zHjsZV7yv0QEvktAvvbblXGPncYhQk92xoTrhMn7pqEVNfLTGpAWqs1OSVu/Cl+f91TtxaNh3kM+kUw4RY5FvPqE+iq0bqCjXXIkQ4e811/5HKPWug1usP35tCZw9+DkjDA/UwHx9qX4MnHpUvw3c3maN19iX0qV5emReFYOrG8kBAVz3PI+2P6MTmf2rzL05VE9R5pfyyp5CDmusQsxWo5WziCHNlBMKI73+NjST5qZL6AbUKheQ3080ZIT1DnjSKQ69Srq5TIMo3o3ecjsMh1fRNXJq5l9Nv6eikFji3GIRUGwscMrxG8iv1LAgMBAAEWADANBgkqhkiG9w0BAQsFAAOCAQEArjymgu3wMbzz1Oqi3DOEF5izaLlJERSaQqJSpnuPMOmgjEDLmxHbopKDO7sN+U+PlzhYb6ZS0wgnJT6Ld8xZG0VZyW2uc7eJqhN5jbm8JET5FZzHW2hLvXItpZW33OQZE5g5IijJm97Ftaq18Jym8ONpWzKPLOrsslWs+2YubH9fpZtLRrARk/FWbYl4NAOsnezZesjuysOnwdcYq9z5wgfuWXQ9IRCudcF+NkbgkB5FNLMbP90299219PIh+ODwQOeWOI5vfNNCSvvrrto0+vJzWOf6G12CrUWMp7CMEStoLoYylD1y6UjABhNJZKr49QZmgaxITPEY2ssMrCVTQw==" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_SPKI" to "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ipVsCRuj1pP1CgUMKKV5cRCN9cx47GVe8r9EBL5LQL7225Vxj53GIUJPdsaE64TJ+6ahFTXy0xqQFqrNTklbvwpfn/dU7cWjYd5DPpFMOEWORbz6hPoqtG6go11yJEOHvNdf+Ryj1roNbrD9+bQmcPfg5IwwP1MB8fal+DJx6VL8N3N5mjdfYl9KleXpkXhWDqxvJAQFc9zyPtj+jE5n9q8y9OVRPUeaX8sqeQg5rrELMVqOVs4ghzZQTCiO9/jY0k+amS+gG1CoXkN9PNGSE9Q540ikOvUq6uUyDKN6N3nI7DIdX0TVyauZfTb+nopBY4txiEVBsLHDK8RvIr9SwIDAQAB" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_LOCAL_CA_DIR" to "/var/lib/certmonger/local" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_KEY_TYPE" to "RSA" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Setting "CERTMONGER_CA_NICKNAME" to "IPA" for child. Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Redirecting stdin to /dev/null, leaving stdout and stderr open for child "/usr/libexec/certmonger/ipa-server-guard". Mar 12 19:27:13 ipaserver.test.local certmonger[27790]: 2026-03-12 19:27:13 [27790] Running enrollment helper "/usr/libexec/certmonger/ipa-server-guard". Mar 12 19:27:13 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:13 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:27:14 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:27:14 ipaserver.test.local [20628]: GSSAPI client step 1 Mar 12 19:27:14 ipaserver.test.local /mod_wsgi[20628]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: cert_request: SUCCESS [ldap2_140024988579360] {"csr": {"__base64__": "MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWKlWwJG6PWk/UKBQwopXlxEI31zHjsZV7yv0QEvktAvvbblXGPncYhQk92xoTrhMn7pqEVNfLTGpAWqs1OSVu/Cl+f91TtxaNh3kM+kUw4RY5FvPqE+iq0bqCjXXIkQ4e811/5HKPWug1usP35tCZw9+DkjDA/UwHx9qX4MnHpUvw3c3maN19iX0qV5emReFYOrG8kBAVz3PI+2P6MTmf2rzL05VE9R5pfyyp5CDmusQsxWo5WziCHNlBMKI73+NjST5qZL6AbUKheQ3080ZIT1DnjSKQ69Srq5TIMo3o3ecjsMh1fRNXJq5l9Nv6eikFji3GIRUGwscMrxG8iv1LAgMBAAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcAMQAzMIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUb8lV5syPzs7Ym8YeEIMfWXJ3v+wwDQYJKoZIhvcNAQELBQADggEBAJb3l94BFzQzs3REpyXoQTtXbKfEj8Q57uFsO20YVy9R6i1zjGIc3CUqBo7tmvWdKPfrBZbExs3pCeFrQs49aFYu60DCV2x/0L2GtDF4QvC+QF97vRvJFChr5Vz8kEI8HpKcRPnN+In5PZazxCGZ5HeN++LBq1qshOtSGqEh/RqTxl/QCSkdS/ctOnbHDbV7KOC2ZYRxwbU3Q6g5JZWPOKMOLoLbqJ8SFIVMlrOyjEFCO2fRGv+skLrK/MSj4NKKRTWCI0G7SpZ9YiGfRFY2PvyKdO1BAUS1f66ffLL0FKOn1bLaLSFa69+LWpBYJe9r160GbC0ZS9gJfqqf6wt+5DM="}, "request_type": "pkcs10", "cacn": "ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL", "add": true, "chain": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/cert_request.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: cert_request: SUCCESS [ldap2_140024988579360] {"csr": {"__base64__": "MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWKlWwJG6PWk/UKBQwopXlxEI31zHjsZV7yv0QEvktAvvbblXGPncYhQk92xoTrhMn7pqEVNfLTGpAWqs1OSVu/Cl+f91TtxaNh3kM+kUw4RY5FvPqE+iq0bqCjXXIkQ4e811/5HKPWug1usP35tCZw9+DkjDA/UwHx9qX4MnHpUvw3c3maN19iX0qV5emReFYOrG8kBAVz3PI+2P6MTmf2rzL05VE9R5pfyyp5CDmusQsxWo5WziCHNlBMKI73+NjST5qZL6AbUKheQ3080ZIT1DnjSKQ69Srq5TIMo3o3ecjsMh1fRNXJq5l9Nv6eikFji3GIRUGwscMrxG8iv1LAgMBAAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcAMQAzMIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUb8lV5syPzs7Ym8YeEIMfWXJ3v+wwDQYJKoZIhvcNAQELBQADggEBAJb3l94BFzQzs3REpyXoQTtXbKfEj8Q57uFsO20YVy9R6i1zjGIc3CUqBo7tmvWdKPfrBZbExs3pCeFrQs49aFYu60DCV2x/0L2GtDF4QvC+QF97vRvJFChr5Vz8kEI8HpKcRPnN+In5PZazxCGZ5HeN++LBq1qshOtSGqEh/RqTxl/QCSkdS/ctOnbHDbV7KOC2ZYRxwbU3Q6g5JZWPOKMOLoLbqJ8SFIVMlrOyjEFCO2fRGv+skLrK/MSj4NKKRTWCI0G7SpZ9YiGfRFY2PvyKdO1BAUS1f66ffLL0FKOn1bLaLSFa69+LWpBYJe9r160GbC0ZS9gJfqqf6wt+5DM="}, "request_type": "pkcs10", "cacn": "ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL", "add": true, "chain": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'cert_request' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'cert_request' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"csr": {"__base64__": "MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWKlWwJG6PWk/UKBQwopXlxEI31zHjsZV7yv0QEvktAvvbblXGPncYhQk92xoTrhMn7pqEVNfLTGpAWqs1OSVu/Cl+f91TtxaNh3kM+kUw4RY5FvPqE+iq0bqCjXXIkQ4e811/5HKPWug1usP35tCZw9+DkjDA/UwHx9qX4MnHpUvw3c3maN19iX0qV5emReFYOrG8kBAVz3PI+2P6MTmf2rzL05VE9R5pfyyp5CDmusQsxWo5WziCHNlBMKI73+NjST5qZL6AbUKheQ3080ZIT1DnjSKQ69Srq5TIMo3o3ecjsMh1fRNXJq5l9Nv6eikFji3GIRUGwscMrxG8iv1LAgMBAAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcAMQAzMIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUb8lV5syPzs7Ym8YeEIMfWXJ3v+wwDQYJKoZIhvcNAQELBQADggEBAJb3l94BFzQzs3REpyXoQTtXbKfEj8Q57uFsO20YVy9R6i1zjGIc3CUqBo7tmvWdKPfrBZbExs3pCeFrQs49aFYu60DCV2x/0L2GtDF4QvC+QF97vRvJFChr5Vz8kEI8HpKcRPnN+In5PZazxCGZ5HeN++LBq1qshOtSGqEh/RqTxl/QCSkdS/ctOnbHDbV7KOC2ZYRxwbU3Q6g5JZWPOKMOLoLbqJ8SFIVMlrOyjEFCO2fRGv+skLrK/MSj4NKKRTWCI0G7SpZ9YiGfRFY2PvyKdO1BAUS1f66ffLL0FKOn1bLaLSFa69+LWpBYJe9r160GbC0ZS9gJfqqf6wt+5DM="}, "request_type": "pkcs10", "cacn": "ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL", "add": true, "chain": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'cert_request' see ░░ https://freeipa.readthedocs.io/en/latest/api/cert_request.html Mar 12 19:27:14 ipaserver.test.local certmonger[27790]: Submitting request to "https://ipaserver.test.local/ipa/json". Mar 12 19:27:14 ipaserver.test.local certmonger[27790]: Certificate: "MIIFPDCCA6SgAwIBAgIQfdwMiFMuzCUtpyT4yrY2pzANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjYwMzEyMjMyNzE0WhcNMjgwMzEyMjMyNzE0WjA0MRMwEQYDVQQKDApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYqVbAkbo9aT9QoFDCileXEQjfXMeOxlXvK/RAS+S0C+9tuVcY+dxiFCT3bGhOuEyfumoRU18tMakBaqzU5JW78KX5/3VO3Fo2HeQz6RTDhFjkW8+oT6KrRuoKNdciRDh7zXX/kco9a6DW6w/fm0JnD34OSMMD9TAfH2pfgycelS/DdzeZo3X2JfSpXl6ZF4Vg6sbyQEBXPc8j7Y/oxOZ/avMvTlUT1Hml/LKnkIOa6xCzFajlbOIIc2UEwojvf42NJPmpkvoBtQqF5DfTzRkhPUOeNIpDr1KurlMgyjejd5yOwyHV9E1cmrmX02/p6KQWOLcYhFQbCxwyvEbyK/UsCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2FsL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9jYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQ5o3JinurAVkyFpzqgAGhNBCVXXjCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEAEO9RE0cx/jGNQXFEPEXJ3Umow6Jy+sM9MohwRJL+LwHo+bW9UqX6uBElUUraXT7GxuYnWJoBVNT3SBvri2GDu49b+coISu6+7VT3tk5qEmr7mXMdv1Jr0PLQsMl52ScM7rHHIXGZaUdBplKwP8h87OdzI2fPPmVUnDQqgoMS1DtQh02BCRTnDhPeMAVQK+sj2/nYHj2s7CmegBoBxwf5F9f+8aMt6JLqGRzpqcO167WAKcPXjtteLgdks3qO/OyuCmGNbcD/h0XOHsQkWE/mVNyM5Mmu5sLBDKVRYH+0POu2PBeLAqP/B16a+EMlM2oFlBmwdxNo2MSQoCTHRjZl8/pPffy/Vcz0Now/EbX4H1nPhseVDnasVooeEihKnzfSckTAS9Hdqr0ngrhsAa08s8QAZIEFal+sPeYaf6Is5nk+ZioWT2pcKwZyNQg5DS9v8DQkmHBj4E1Na8oRo+Jy0vQS5FBdMBjzt7lPG1F3WaZIOuG3IqRmF5xLCaate1mF" Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Certificate submission still ongoing. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Certificate submission attempt complete. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Child status = 0. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Child output: Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: "-----BEGIN CERTIFICATE----- Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MIIFPDCCA6SgAwIBAgIQfdwMiFMuzCUtpyT4yrY2pzANBgkqhkiG9w0BAQsFADA1 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: b3JpdHkwHhcNMjYwMzEyMjMyNzE0WhcNMjgwMzEyMjMyNzE0WjA0MRMwEQYDVQQK Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: DApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYqVbAkbo9aT9QoFDCileXEQjfX Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MeOxlXvK/RAS+S0C+9tuVcY+dxiFCT3bGhOuEyfumoRU18tMakBaqzU5JW78KX5/ Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 3VO3Fo2HeQz6RTDhFjkW8+oT6KrRuoKNdciRDh7zXX/kco9a6DW6w/fm0JnD34OS Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MMD9TAfH2pfgycelS/DdzeZo3X2JfSpXl6ZF4Vg6sbyQEBXPc8j7Y/oxOZ/avMvT Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: lUT1Hml/LKnkIOa6xCzFajlbOIIc2UEwojvf42NJPmpkvoBtQqF5DfTzRkhPUOeN Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: IpDr1KurlMgyjejd5yOwyHV9E1cmrmX02/p6KQWOLcYhFQbCxwyvEbyK/UsCAwEA Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: AaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: AQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: BgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: YWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQ5o3JinurA Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: VkyFpzqgAGhNBCVXXjCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: bKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: VC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: GwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: EO9RE0cx/jGNQXFEPEXJ3Umow6Jy+sM9MohwRJL+LwHo+bW9UqX6uBElUUraXT7G Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: xuYnWJoBVNT3SBvri2GDu49b+coISu6+7VT3tk5qEmr7mXMdv1Jr0PLQsMl52ScM Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 7rHHIXGZaUdBplKwP8h87OdzI2fPPmVUnDQqgoMS1DtQh02BCRTnDhPeMAVQK+sj Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2/nYHj2s7CmegBoBxwf5F9f+8aMt6JLqGRzpqcO167WAKcPXjtteLgdks3qO/Oyu Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: CmGNbcD/h0XOHsQkWE/mVNyM5Mmu5sLBDKVRYH+0POu2PBeLAqP/B16a+EMlM2oF Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: lBmwdxNo2MSQoCTHRjZl8/pPffy/Vcz0Now/EbX4H1nPhseVDnasVooeEihKnzfS Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: ckTAS9Hdqr0ngrhsAa08s8QAZIEFal+sPeYaf6Is5nk+ZioWT2pcKwZyNQg5DS9v Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 8DQkmHBj4E1Na8oRo+Jy0vQS5FBdMBjzt7lPG1F3WaZIOuG3IqRmF5xLCaate1mF Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: -----END CERTIFICATE----- Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: " Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: 2026-03-12 19:27:14 [27798] Postprocessing output "-----BEGIN CERTIFICATE----- Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: MIIFPDCCA6SgAwIBAgIQfdwMiFMuzCUtpyT4yrY2pzANBgkqhkiG9w0BAQsFADA1 Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: b3JpdHkwHhcNMjYwMzEyMjMyNzE0WhcNMjgwMzEyMjMyNzE0WjA0MRMwEQYDVQQK Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: DApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYqVbAkbo9aT9QoFDCileXEQjfX Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: MeOxlXvK/RAS+S0C+9tuVcY+dxiFCT3bGhOuEyfumoRU18tMakBaqzU5JW78KX5/ Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: 3VO3Fo2HeQz6RTDhFjkW8+oT6KrRuoKNdciRDh7zXX/kco9a6DW6w/fm0JnD34OS Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: MMD9TAfH2pfgycelS/DdzeZo3X2JfSpXl6ZF4Vg6sbyQEBXPc8j7Y/oxOZ/avMvT Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: lUT1Hml/LKnkIOa6xCzFajlbOIIc2UEwojvf42NJPmpkvoBtQqF5DfTzRkhPUOeN Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: IpDr1KurlMgyjejd5yOwyHV9E1cmrmX02/p6KQWOLcYhFQbCxwyvEbyK/UsCAwEA Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: AaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: AQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: BgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: YWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQ5o3JinurA Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: VkyFpzqgAGhNBCVXXjCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: bKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: VC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: GwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: EO9RE0cx/jGNQXFEPEXJ3Umow6Jy+sM9MohwRJL+LwHo+bW9UqX6uBElUUraXT7G Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: xuYnWJoBVNT3SBvri2GDu49b+coISu6+7VT3tk5qEmr7mXMdv1Jr0PLQsMl52ScM Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: 7rHHIXGZaUdBplKwP8h87OdzI2fPPmVUnDQqgoMS1DtQh02BCRTnDhPeMAVQK+sj Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: 2/nYHj2s7CmegBoBxwf5F9f+8aMt6JLqGRzpqcO167WAKcPXjtteLgdks3qO/Oyu Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: CmGNbcD/h0XOHsQkWE/mVNyM5Mmu5sLBDKVRYH+0POu2PBeLAqP/B16a+EMlM2oF Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: lBmwdxNo2MSQoCTHRjZl8/pPffy/Vcz0Now/EbX4H1nPhseVDnasVooeEihKnzfS Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: ckTAS9Hdqr0ngrhsAa08s8QAZIEFal+sPeYaf6Is5nk+ZioWT2pcKwZyNQg5DS9v Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: 8DQkmHBj4E1Na8oRo+Jy0vQS5FBdMBjzt7lPG1F3WaZIOuG3IqRmF5xLCaate1mF Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: -----END CERTIFICATE----- Mar 12 19:27:14 ipaserver.test.local certmonger[27798]: ". Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Certificate submission still ongoing. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Certificate submission postprocessing complete. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Child status = 0. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Child output: Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: "{"certificate":"-----BEGIN CERTIFICATE-----\nMIIFPDCCA6SgAwIBAgIQfdwMiFMuzCUtpyT4yrY2pzANBgkqhkiG9w0BAQsFADA1\nMRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo\nb3JpdHkwHhcNMjYwMzEyMjMyNzE0WhcNMjgwMzEyMjMyNzE0WjA0MRMwEQYDVQQK\nDApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYqVbAkbo9aT9QoFDCileXEQjfX\nMeOxlXvK/RAS+S0C+9tuVcY+dxiFCT3bGhOuEyfumoRU18tMakBaqzU5JW78KX5/\n3VO3Fo2HeQz6RTDhFjkW8+oT6KrRuoKNdciRDh7zXX/kco9a6DW6w/fm0JnD34OS\nMMD9TAfH2pfgycelS/DdzeZo3X2JfSpXl6ZF4Vg6sbyQEBXPc8j7Y/oxOZ/avMvT\nlUT1Hml/LKnkIOa6xCzFajlbOIIc2UEwojvf42NJPmpkvoBtQqF5DfTzRkhPUOeN\nIpDr1KurlMgyjejd5yOwyHV9E1cmrmX02/p6KQWOLcYhFQbCxwyvEbyK/UsCAwEA\nAaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG\nAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\nBgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j\nYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe\nMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQ5o3JinurA\nVkyFpzqgAGhNBCVXXjCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh\nbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT\nVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc\nGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA\nEO9RE0cx/jGNQXFEPEXJ3Umow6Jy+sM9MohwRJL+LwHo+bW9UqX6uBElUUraXT7G\nxuYnWJoBVNT3SBvri2GDu49b+coISu6+7VT3tk5qEmr7mXMdv1Jr0PLQsMl52ScM\n7rHHIXGZaUdBplKwP8h87OdzI2fPPmVUnDQqgoMS1DtQh02BCRTnDhPeMAVQK+sj\n2/nYHj2s7CmegBoBxwf5F9f+8aMt6JLqGRzpqcO167WAKcPXjtteLgdks3qO/Oyu\nCmGNbcD/h0XOHsQkWE/mVNyM5Mmu5sLBDKVRYH+0POu2PBeLAqP/B16a+EMlM2oF\nlBmwdxNo2MSQoCTHRjZl8/pPffy/Vcz0Now/EbX4H1nPhseVDnasVooeEihKnzfS\nckTAS9Hdqr0ngrhsAa08s8QAZIEFal+sPeYaf6Is5nk+ZioWT2pcKwZyNQg5DS9v\n8DQkmHBj4E1Na8oRo+Jy0vQS5FBdMBjzt7lPG1F3WaZIOuG3IqRmF5xLCaate1mF\n-----END CERTIFICATE-----\n","key_checked":true} Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: " Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Issued certificate is "-----BEGIN CERTIFICATE----- Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MIIFPDCCA6SgAwIBAgIQfdwMiFMuzCUtpyT4yrY2pzANBgkqhkiG9w0BAQsFADA1 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: b3JpdHkwHhcNMjYwMzEyMjMyNzE0WhcNMjgwMzEyMjMyNzE0WjA0MRMwEQYDVQQK Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: DApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANYqVbAkbo9aT9QoFDCileXEQjfX Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MeOxlXvK/RAS+S0C+9tuVcY+dxiFCT3bGhOuEyfumoRU18tMakBaqzU5JW78KX5/ Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 3VO3Fo2HeQz6RTDhFjkW8+oT6KrRuoKNdciRDh7zXX/kco9a6DW6w/fm0JnD34OS Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MMD9TAfH2pfgycelS/DdzeZo3X2JfSpXl6ZF4Vg6sbyQEBXPc8j7Y/oxOZ/avMvT Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: lUT1Hml/LKnkIOa6xCzFajlbOIIc2UEwojvf42NJPmpkvoBtQqF5DfTzRkhPUOeN Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: IpDr1KurlMgyjejd5yOwyHV9E1cmrmX02/p6KQWOLcYhFQbCxwyvEbyK/UsCAwEA Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: AaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: AQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: BgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: YWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBQ5o3JinurA Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: VkyFpzqgAGhNBCVXXjCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: bKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: VC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: GwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: EO9RE0cx/jGNQXFEPEXJ3Umow6Jy+sM9MohwRJL+LwHo+bW9UqX6uBElUUraXT7G Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: xuYnWJoBVNT3SBvri2GDu49b+coISu6+7VT3tk5qEmr7mXMdv1Jr0PLQsMl52ScM Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 7rHHIXGZaUdBplKwP8h87OdzI2fPPmVUnDQqgoMS1DtQh02BCRTnDhPeMAVQK+sj Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2/nYHj2s7CmegBoBxwf5F9f+8aMt6JLqGRzpqcO167WAKcPXjtteLgdks3qO/Oyu Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: CmGNbcD/h0XOHsQkWE/mVNyM5Mmu5sLBDKVRYH+0POu2PBeLAqP/B16a+EMlM2oF Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: lBmwdxNo2MSQoCTHRjZl8/pPffy/Vcz0Now/EbX4H1nPhseVDnasVooeEihKnzfS Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: ckTAS9Hdqr0ngrhsAa08s8QAZIEFal+sPeYaf6Is5nk+ZioWT2pcKwZyNQg5DS9v Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 8DQkmHBj4E1Na8oRo+Jy0vQS5FBdMBjzt7lPG1F3WaZIOuG3IqRmF5xLCaate1mF Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: -----END CERTIFICATE----- Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: ". Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Certificate issued (0 chain certificates, 0 roots). Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] No hooks set for pre-save command. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] No hooks set for post-save command. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local certmonger[27802]: Certificate in file "/etc/pki/tls/certs/mycert_basic_ipa.crt" issued by CA and saved. Mar 12 19:27:14 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:14 [19101] Wrote to /var/lib/certmonger/requests/20260312232713 Mar 12 19:27:14 ipaserver.test.local sudo[27777]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:14 ipaserver.test.local sudo[27957]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-inwcumfkhxhdxpzqymjrcxzrsfugbrfg ; /usr/bin/python3.12 /root/.ansible/tmp/ansible-tmp-1773358034.8132863-18647-159534349407452/AnsiballZ_certificate_request.py' Mar 12 19:27:14 ipaserver.test.local sudo[27957]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:15 ipaserver.test.local python3.12[27960]: ansible-fedora.linux_system_roles.certificate_request Invoked with name=groupcert dns=['ipaserver.test.local'] group=ftp principal=['HTTP/ipaserver.test.local@TEST.LOCAL'] directory=/etc/pki/tls wait=True ca=ipa __header=# # Ansible managed # # system_role:certificate booted=True provider_config_directory=/etc/certmonger provider=certmonger key_usage=['digitalSignature', 'keyEncipherment'] extended_key_usage=['id-kp-serverAuth', 'id-kp-clientAuth'] auto_renew=True ip=None email=None common_name=None country=None state=None locality=None organization=None organizational_unit=None contact_email=None key_size=None owner=None mode=None run_before=None run_after=None Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_REQ_SUBJECT" to "CN=ipaserver.test.local" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_REQ_HOSTNAME" to "ipaserver.test.local Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: " for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_REQ_PRINCIPAL" to "HTTP/ipaserver.test.local@TEST.LOCAL Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: " for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_OPERATION" to "SUBMIT" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_CSR" to "-----BEGIN CERTIFICATE REQUEST----- Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEi Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmC2uNOXPRAwlynzZCktaFzRs/ Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: xdnrI6zklEabMQUR4sl4BVyCCr+bCPttT0JJtuuVdbElBDZ88EajYVr2U+x4oWQF Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: rwhAzeNQ98lCqIBlC9U3cb6QpK9hChg5DoTlj4SuNvTYxA/2s6ckW074H6NUD1sD Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: BfgB45KrVZohVjP0zhTjqDmqJzbC/92Y/+3D9o3fhHDm4HyyIWUp7AYdSS97mJEe Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: JG+TYFXQsnInJhNmWI8aR/7Cl5iLF59vcvQBaZ+DMnK3/hO9Erb6BrskPAEkqfac Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: MmPLpgRMvEDR1v9qFHlgkgdpL4zj6K3sv8WftqdtuxsUAVijGNWRW3lIHXIfAgMB Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: AAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcA Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: MQA1MIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGU Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: MIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAv Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: aXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwb Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: ClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5s Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: b2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: ADAdBgNVHQ4EFgQUDs5PO4mTiX1R4w116hBZGOBBVL0wDQYJKoZIhvcNAQELBQAD Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: ggEBAGABmQ3C+3bhp6BxXQ68H3KSi1WtUdR+Jl4dCB2D13C+qKs+Evd8mGoik4Ac Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: ciFMTyFGu9/ma2KKv1KJbY2W2WHV4oiKuV6cI1Vjb9dwFUIEDm57zKuoZOpihgR6 Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: DoduRyRBV2wCjslY2u0l7bP7IHZoHFx1LgPLrxUJ5ye/rTqZfvuJ8drP/yUqg1pP Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: IxI3Gki/vFyeA7jzyKjOznSCvTkotvlzQSa7aoJJMmghdtqK4KHcxZ3LzowbloZo Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 1CBDwsInfvs2IsYsfCbbS/mb35LG2O5d9xp2OXavpy1qQ7lGcr0p24SwtPXbqjc6 Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: y1XGdCDCnZumv3hW8tduRAI9DIs= Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: -----END CERTIFICATE REQUEST----- Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: " for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_SPKAC" to "MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmC2uNOXPRAwlynzZCktaFzRs/xdnrI6zklEabMQUR4sl4BVyCCr+bCPttT0JJtuuVdbElBDZ88EajYVr2U+x4oWQFrwhAzeNQ98lCqIBlC9U3cb6QpK9hChg5DoTlj4SuNvTYxA/2s6ckW074H6NUD1sDBfgB45KrVZohVjP0zhTjqDmqJzbC/92Y/+3D9o3fhHDm4HyyIWUp7AYdSS97mJEeJG+TYFXQsnInJhNmWI8aR/7Cl5iLF59vcvQBaZ+DMnK3/hO9Erb6BrskPAEkqfacMmPLpgRMvEDR1v9qFHlgkgdpL4zj6K3sv8WftqdtuxsUAVijGNWRW3lIHXIfAgMBAAEWADANBgkqhkiG9w0BAQsFAAOCAQEAyP3EyCYOJJ3texfyqA+XigUpPbSdlIFGVsygc3Io1olCZHC60PWbVu7BdT+Q4YW5WTRpj/vjNH8NCn8PXCoZ0cIR2bK7f3SwtE0hTxF7YuprKAOuVqeEXLWKU1eIyW8+mocpYiWOdjCfNe5RHFav4p+WWlZHnSuzdLT81GIMqrhwiONFPcp2LW1Pv9Lir9LtUhuahUw2a+mCyjWX2xMzCPZ48mxG+6sTpbspBFRsMp1BBgzq6b7Jz1O4O5Dlpvpu1wfebiAQrDnzHBqzqBiOsGwec0l20ctjw7P3oGwLtI7E1QmSVw3OiL4CuDc03VgC/6pXJCGlVqdOmfpLOa5PDw==" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_SPKI" to "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5gtrjTlz0QMJcp82QpLWhc0bP8XZ6yOs5JRGmzEFEeLJeAVcggq/mwj7bU9CSbbrlXWxJQQ2fPBGo2Fa9lPseKFkBa8IQM3jUPfJQqiAZQvVN3G+kKSvYQoYOQ6E5Y+Erjb02MQP9rOnJFtO+B+jVA9bAwX4AeOSq1WaIVYz9M4U46g5qic2wv/dmP/tw/aN34Rw5uB8siFlKewGHUkve5iRHiRvk2BV0LJyJyYTZliPGkf+wpeYixefb3L0AWmfgzJyt/4TvRK2+ga7JDwBJKn2nDJjy6YETLxA0db/ahR5YJIHaS+M4+it7L/Fn7anbbsbFAFYoxjVkVt5SB1yHwIDAQAB" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_LOCAL_CA_DIR" to "/var/lib/certmonger/local" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_KEY_TYPE" to "RSA" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Setting "CERTMONGER_CA_NICKNAME" to "IPA" for child. Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Redirecting stdin to /dev/null, leaving stdout and stderr open for child "/usr/libexec/certmonger/ipa-server-guard". Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: 2026-03-12 19:27:15 [27970] Running enrollment helper "/usr/libexec/certmonger/ipa-server-guard". Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:27:15 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:27:15 ipaserver.test.local [20627]: GSSAPI client step 1 Mar 12 19:27:15 ipaserver.test.local /mod_wsgi[20627]: [IPA.API] host/ipaserver.test.local@TEST.LOCAL: cert_request: SUCCESS [ldap2_140024988565184] {"csr": {"__base64__": "MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmC2uNOXPRAwlynzZCktaFzRs/xdnrI6zklEabMQUR4sl4BVyCCr+bCPttT0JJtuuVdbElBDZ88EajYVr2U+x4oWQFrwhAzeNQ98lCqIBlC9U3cb6QpK9hChg5DoTlj4SuNvTYxA/2s6ckW074H6NUD1sDBfgB45KrVZohVjP0zhTjqDmqJzbC/92Y/+3D9o3fhHDm4HyyIWUp7AYdSS97mJEeJG+TYFXQsnInJhNmWI8aR/7Cl5iLF59vcvQBaZ+DMnK3/hO9Erb6BrskPAEkqfacMmPLpgRMvEDR1v9qFHlgkgdpL4zj6K3sv8WftqdtuxsUAVijGNWRW3lIHXIfAgMBAAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcAMQA1MIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDs5PO4mTiX1R4w116hBZGOBBVL0wDQYJKoZIhvcNAQELBQADggEBAGABmQ3C+3bhp6BxXQ68H3KSi1WtUdR+Jl4dCB2D13C+qKs+Evd8mGoik4AcciFMTyFGu9/ma2KKv1KJbY2W2WHV4oiKuV6cI1Vjb9dwFUIEDm57zKuoZOpihgR6DoduRyRBV2wCjslY2u0l7bP7IHZoHFx1LgPLrxUJ5ye/rTqZfvuJ8drP/yUqg1pPIxI3Gki/vFyeA7jzyKjOznSCvTkotvlzQSa7aoJJMmghdtqK4KHcxZ3LzowbloZo1CBDwsInfvs2IsYsfCbbS/mb35LG2O5d9xp2OXavpy1qQ7lGcr0p24SwtPXbqjc6y1XGdCDCnZumv3hW8tduRAI9DIs="}, "request_type": "pkcs10", "cacn": "ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL", "add": true, "chain": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/cert_request.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] host/ipaserver.test.local@TEST.LOCAL: cert_request: SUCCESS [ldap2_140024988565184] {"csr": {"__base64__": "MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmC2uNOXPRAwlynzZCktaFzRs/xdnrI6zklEabMQUR4sl4BVyCCr+bCPttT0JJtuuVdbElBDZ88EajYVr2U+x4oWQFrwhAzeNQ98lCqIBlC9U3cb6QpK9hChg5DoTlj4SuNvTYxA/2s6ckW074H6NUD1sDBfgB45KrVZohVjP0zhTjqDmqJzbC/92Y/+3D9o3fhHDm4HyyIWUp7AYdSS97mJEeJG+TYFXQsnInJhNmWI8aR/7Cl5iLF59vcvQBaZ+DMnK3/hO9Erb6BrskPAEkqfacMmPLpgRMvEDR1v9qFHlgkgdpL4zj6K3sv8WftqdtuxsUAVijGNWRW3lIHXIfAgMBAAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcAMQA1MIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDs5PO4mTiX1R4w116hBZGOBBVL0wDQYJKoZIhvcNAQELBQADggEBAGABmQ3C+3bhp6BxXQ68H3KSi1WtUdR+Jl4dCB2D13C+qKs+Evd8mGoik4AcciFMTyFGu9/ma2KKv1KJbY2W2WHV4oiKuV6cI1Vjb9dwFUIEDm57zKuoZOpihgR6DoduRyRBV2wCjslY2u0l7bP7IHZoHFx1LgPLrxUJ5ye/rTqZfvuJ8drP/yUqg1pPIxI3Gki/vFyeA7jzyKjOznSCvTkotvlzQSa7aoJJMmghdtqK4KHcxZ3LzowbloZo1CBDwsInfvs2IsYsfCbbS/mb35LG2O5d9xp2OXavpy1qQ7lGcr0p24SwtPXbqjc6y1XGdCDCnZumv3hW8tduRAI9DIs="}, "request_type": "pkcs10", "cacn": "ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL", "add": true, "chain": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/mod_wsgi' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/mod_wsgi' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was 'host/ipaserver.test.local@TEST.LOCAL' ░░ ░░ - name of the command executed, in this case 'cert_request' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'cert_request' by the 'host/ipaserver.test.local@TEST.LOCAL' actor: ░░ ░░ {"csr": {"__base64__": "MIIDoDCCAogCAQAwHzEdMBsGA1UEAxMUaXBhc2VydmVyLnRlc3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmC2uNOXPRAwlynzZCktaFzRs/xdnrI6zklEabMQUR4sl4BVyCCr+bCPttT0JJtuuVdbElBDZ88EajYVr2U+x4oWQFrwhAzeNQ98lCqIBlC9U3cb6QpK9hChg5DoTlj4SuNvTYxA/2s6ckW074H6NUD1sDBfgB45KrVZohVjP0zhTjqDmqJzbC/92Y/+3D9o3fhHDm4HyyIWUp7AYdSS97mJEeJG+TYFXQsnInJhNmWI8aR/7Cl5iLF59vcvQBaZ+DMnK3/hO9Erb6BrskPAEkqfacMmPLpgRMvEDR1v9qFHlgkgdpL4zj6K3sv8WftqdtuxsUAVijGNWRW3lIHXIfAgMBAAGgggE6MCsGCSqGSIb3DQEJFDEeHhwAMgAwADIANgAwADMAMQAyADIAMwAyADcAMQA1MIIBCQYJKoZIhvcNAQkOMYH7MIH4MAsGA1UdDwQEAwIFoDCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDs5PO4mTiX1R4w116hBZGOBBVL0wDQYJKoZIhvcNAQELBQADggEBAGABmQ3C+3bhp6BxXQ68H3KSi1WtUdR+Jl4dCB2D13C+qKs+Evd8mGoik4AcciFMTyFGu9/ma2KKv1KJbY2W2WHV4oiKuV6cI1Vjb9dwFUIEDm57zKuoZOpihgR6DoduRyRBV2wCjslY2u0l7bP7IHZoHFx1LgPLrxUJ5ye/rTqZfvuJ8drP/yUqg1pPIxI3Gki/vFyeA7jzyKjOznSCvTkotvlzQSa7aoJJMmghdtqK4KHcxZ3LzowbloZo1CBDwsInfvs2IsYsfCbbS/mb35LG2O5d9xp2OXavpy1qQ7lGcr0p24SwtPXbqjc6y1XGdCDCnZumv3hW8tduRAI9DIs="}, "request_type": "pkcs10", "cacn": "ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL", "add": true, "chain": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'cert_request' see ░░ https://freeipa.readthedocs.io/en/latest/api/cert_request.html Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: Submitting request to "https://ipaserver.test.local/ipa/json". Mar 12 19:27:15 ipaserver.test.local certmonger[27970]: Certificate: "MIIFPDCCA6SgAwIBAgIQUMB8fLv2taOzIgCjb0rtsTANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjYwMzEyMjMyNzE1WhcNMjgwMzEyMjMyNzE1WjA0MRMwEQYDVQQKDApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOYLa405c9EDCXKfNkKS1oXNGz/F2esjrOSURpsxBRHiyXgFXIIKv5sI+21PQkm265V1sSUENnzwRqNhWvZT7HihZAWvCEDN41D3yUKogGUL1TdxvpCkr2EKGDkOhOWPhK429NjED/azpyRbTvgfo1QPWwMF+AHjkqtVmiFWM/TOFOOoOaonNsL/3Zj/7cP2jd+EcObgfLIhZSnsBh1JL3uYkR4kb5NgVdCycicmE2ZYjxpH/sKXmIsXn29y9AFpn4Mycrf+E70StvoGuyQ8ASSp9pwyY8umBEy8QNHW/2oUeWCSB2kvjOPorey/xZ+2p227GxQBWKMY1ZFbeUgdch8CAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2FsL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9jYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRZGIEDznKgL8P9eJyjGDLLMmDsDTCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2NhbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVTVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAcGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEAEu8RtrB5p7OGZPQaVYdPdUX0UGhG2BMn739f3RuqTAU1mwWJoReLdjGJ+EV7jMebkv0fy5GsAmv073wQhiIOFgHwNfLGKU6pOZcT+kY34vO7VTatmrAJm+WOg+yWn8Kdm4HjvsPkvbTcTSey8iIZrFonH2v9aSZPwYxgoIzULRQJeHJBnad4PU0R52qhTcyvbtyLeDQm+oRYS0v6Ni3BYsGyUwet7bANRAUT3twuaVf/hP9sn7yFv6xFnZFsYWQ1RoNWHXzRE4r+CKWbOs4UomK2VEx6s+y7uBdDpwI8pdMeF1LfAiy6V2kKbs07dkQr2Ig7fFICEpEK+h8snItrfPLY7k6mL1tCUG2dZskbGT3cYfvQJVTHrABLADtimrgXKd68D3+6KtsEdLN+Wlq9MUS8ul4Ui5pfPHZJivPeWzCDE6xc2U3OWDqvrzpoXRG6przBd+Q/qvFRLt0POVml9AjDNYw2Mk1ztdZxyBqBJWBbeLhRfwwJD70DexLHtaO7" Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Certificate submission still ongoing. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Certificate submission attempt complete. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Child status = 0. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Child output: Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: "-----BEGIN CERTIFICATE----- Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: MIIFPDCCA6SgAwIBAgIQUMB8fLv2taOzIgCjb0rtsTANBgkqhkiG9w0BAQsFADA1 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: b3JpdHkwHhcNMjYwMzEyMjMyNzE1WhcNMjgwMzEyMjMyNzE1WjA0MRMwEQYDVQQK Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: DApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOYLa405c9EDCXKfNkKS1oXNGz/F Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2esjrOSURpsxBRHiyXgFXIIKv5sI+21PQkm265V1sSUENnzwRqNhWvZT7HihZAWv Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: CEDN41D3yUKogGUL1TdxvpCkr2EKGDkOhOWPhK429NjED/azpyRbTvgfo1QPWwMF Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: +AHjkqtVmiFWM/TOFOOoOaonNsL/3Zj/7cP2jd+EcObgfLIhZSnsBh1JL3uYkR4k Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: b5NgVdCycicmE2ZYjxpH/sKXmIsXn29y9AFpn4Mycrf+E70StvoGuyQ8ASSp9pwy Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: Y8umBEy8QNHW/2oUeWCSB2kvjOPorey/xZ+2p227GxQBWKMY1ZFbeUgdch8CAwEA Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: AaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: AQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: BgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: YWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRZGIEDznKg Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: L8P9eJyjGDLLMmDsDTCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: bKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: VC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: GwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: Eu8RtrB5p7OGZPQaVYdPdUX0UGhG2BMn739f3RuqTAU1mwWJoReLdjGJ+EV7jMeb Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: kv0fy5GsAmv073wQhiIOFgHwNfLGKU6pOZcT+kY34vO7VTatmrAJm+WOg+yWn8Kd Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: m4HjvsPkvbTcTSey8iIZrFonH2v9aSZPwYxgoIzULRQJeHJBnad4PU0R52qhTcyv Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: btyLeDQm+oRYS0v6Ni3BYsGyUwet7bANRAUT3twuaVf/hP9sn7yFv6xFnZFsYWQ1 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: RoNWHXzRE4r+CKWbOs4UomK2VEx6s+y7uBdDpwI8pdMeF1LfAiy6V2kKbs07dkQr Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2Ig7fFICEpEK+h8snItrfPLY7k6mL1tCUG2dZskbGT3cYfvQJVTHrABLADtimrgX Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: Kd68D3+6KtsEdLN+Wlq9MUS8ul4Ui5pfPHZJivPeWzCDE6xc2U3OWDqvrzpoXRG6 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: przBd+Q/qvFRLt0POVml9AjDNYw2Mk1ztdZxyBqBJWBbeLhRfwwJD70DexLHtaO7 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: -----END CERTIFICATE----- Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: " Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: 2026-03-12 19:27:15 [27976] Postprocessing output "-----BEGIN CERTIFICATE----- Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: MIIFPDCCA6SgAwIBAgIQUMB8fLv2taOzIgCjb0rtsTANBgkqhkiG9w0BAQsFADA1 Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: b3JpdHkwHhcNMjYwMzEyMjMyNzE1WhcNMjgwMzEyMjMyNzE1WjA0MRMwEQYDVQQK Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: DApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOYLa405c9EDCXKfNkKS1oXNGz/F Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: 2esjrOSURpsxBRHiyXgFXIIKv5sI+21PQkm265V1sSUENnzwRqNhWvZT7HihZAWv Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: CEDN41D3yUKogGUL1TdxvpCkr2EKGDkOhOWPhK429NjED/azpyRbTvgfo1QPWwMF Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: +AHjkqtVmiFWM/TOFOOoOaonNsL/3Zj/7cP2jd+EcObgfLIhZSnsBh1JL3uYkR4k Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: b5NgVdCycicmE2ZYjxpH/sKXmIsXn29y9AFpn4Mycrf+E70StvoGuyQ8ASSp9pwy Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: Y8umBEy8QNHW/2oUeWCSB2kvjOPorey/xZ+2p227GxQBWKMY1ZFbeUgdch8CAwEA Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: AaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: AQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: BgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: YWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRZGIEDznKg Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: L8P9eJyjGDLLMmDsDTCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: bKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: VC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: GwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: Eu8RtrB5p7OGZPQaVYdPdUX0UGhG2BMn739f3RuqTAU1mwWJoReLdjGJ+EV7jMeb Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: kv0fy5GsAmv073wQhiIOFgHwNfLGKU6pOZcT+kY34vO7VTatmrAJm+WOg+yWn8Kd Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: m4HjvsPkvbTcTSey8iIZrFonH2v9aSZPwYxgoIzULRQJeHJBnad4PU0R52qhTcyv Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: btyLeDQm+oRYS0v6Ni3BYsGyUwet7bANRAUT3twuaVf/hP9sn7yFv6xFnZFsYWQ1 Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: RoNWHXzRE4r+CKWbOs4UomK2VEx6s+y7uBdDpwI8pdMeF1LfAiy6V2kKbs07dkQr Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: 2Ig7fFICEpEK+h8snItrfPLY7k6mL1tCUG2dZskbGT3cYfvQJVTHrABLADtimrgX Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: Kd68D3+6KtsEdLN+Wlq9MUS8ul4Ui5pfPHZJivPeWzCDE6xc2U3OWDqvrzpoXRG6 Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: przBd+Q/qvFRLt0POVml9AjDNYw2Mk1ztdZxyBqBJWBbeLhRfwwJD70DexLHtaO7 Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: -----END CERTIFICATE----- Mar 12 19:27:15 ipaserver.test.local certmonger[27976]: ". Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Certificate submission still ongoing. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Certificate submission postprocessing complete. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Child status = 0. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Child output: Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: "{"certificate":"-----BEGIN CERTIFICATE-----\nMIIFPDCCA6SgAwIBAgIQUMB8fLv2taOzIgCjb0rtsTANBgkqhkiG9w0BAQsFADA1\nMRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo\nb3JpdHkwHhcNMjYwMzEyMjMyNzE1WhcNMjgwMzEyMjMyNzE1WjA0MRMwEQYDVQQK\nDApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOYLa405c9EDCXKfNkKS1oXNGz/F\n2esjrOSURpsxBRHiyXgFXIIKv5sI+21PQkm265V1sSUENnzwRqNhWvZT7HihZAWv\nCEDN41D3yUKogGUL1TdxvpCkr2EKGDkOhOWPhK429NjED/azpyRbTvgfo1QPWwMF\n+AHjkqtVmiFWM/TOFOOoOaonNsL/3Zj/7cP2jd+EcObgfLIhZSnsBh1JL3uYkR4k\nb5NgVdCycicmE2ZYjxpH/sKXmIsXn29y9AFpn4Mycrf+E70StvoGuyQ8ASSp9pwy\nY8umBEy8QNHW/2oUeWCSB2kvjOPorey/xZ+2p227GxQBWKMY1ZFbeUgdch8CAwEA\nAaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG\nAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\nBgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j\nYWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe\nMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRZGIEDznKg\nL8P9eJyjGDLLMmDsDTCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh\nbKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT\nVC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc\nGwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA\nEu8RtrB5p7OGZPQaVYdPdUX0UGhG2BMn739f3RuqTAU1mwWJoReLdjGJ+EV7jMeb\nkv0fy5GsAmv073wQhiIOFgHwNfLGKU6pOZcT+kY34vO7VTatmrAJm+WOg+yWn8Kd\nm4HjvsPkvbTcTSey8iIZrFonH2v9aSZPwYxgoIzULRQJeHJBnad4PU0R52qhTcyv\nbtyLeDQm+oRYS0v6Ni3BYsGyUwet7bANRAUT3twuaVf/hP9sn7yFv6xFnZFsYWQ1\nRoNWHXzRE4r+CKWbOs4UomK2VEx6s+y7uBdDpwI8pdMeF1LfAiy6V2kKbs07dkQr\n2Ig7fFICEpEK+h8snItrfPLY7k6mL1tCUG2dZskbGT3cYfvQJVTHrABLADtimrgX\nKd68D3+6KtsEdLN+Wlq9MUS8ul4Ui5pfPHZJivPeWzCDE6xc2U3OWDqvrzpoXRG6\nprzBd+Q/qvFRLt0POVml9AjDNYw2Mk1ztdZxyBqBJWBbeLhRfwwJD70DexLHtaO7\n-----END CERTIFICATE-----\n","key_checked":true} Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: " Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Issued certificate is "-----BEGIN CERTIFICATE----- Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: MIIFPDCCA6SgAwIBAgIQUMB8fLv2taOzIgCjb0rtsTANBgkqhkiG9w0BAQsFADA1 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: MRMwEQYDVQQKDApURVNULkxPQ0FMMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRo Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: b3JpdHkwHhcNMjYwMzEyMjMyNzE1WhcNMjgwMzEyMjMyNzE1WjA0MRMwEQYDVQQK Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: DApURVNULkxPQ0FMMR0wGwYDVQQDDBRpcGFzZXJ2ZXIudGVzdC5sb2NhbDCCASIw Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOYLa405c9EDCXKfNkKS1oXNGz/F Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2esjrOSURpsxBRHiyXgFXIIKv5sI+21PQkm265V1sSUENnzwRqNhWvZT7HihZAWv Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: CEDN41D3yUKogGUL1TdxvpCkr2EKGDkOhOWPhK429NjED/azpyRbTvgfo1QPWwMF Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: +AHjkqtVmiFWM/TOFOOoOaonNsL/3Zj/7cP2jd+EcObgfLIhZSnsBh1JL3uYkR4k Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: b5NgVdCycicmE2ZYjxpH/sKXmIsXn29y9AFpn4Mycrf+E70StvoGuyQ8ASSp9pwy Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: Y8umBEy8QNHW/2oUeWCSB2kvjOPorey/xZ+2p227GxQBWKMY1ZFbeUgdch8CAwEA Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: AaOCAccwggHDMB8GA1UdIwQYMBaAFC7oD/uHpufyjcsEVopS+1xRdbxDMDwGCCsG Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: AQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0cDovL2lwYS1jYS50ZXN0LmxvY2Fs Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: L2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: BgEFBQcDAjB1BgNVHR8EbjBsMGqgMqAwhi5odHRwOi8vaXBhLWNhLnRlc3QubG9j Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: YWwvaXBhL2NybC9NYXN0ZXJDUkwuYmluojSkMjAwMQ4wDAYDVQQKDAVpcGFjYTEe Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRZGIEDznKg Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: L8P9eJyjGDLLMmDsDTCBnAYDVR0RBIGUMIGRghRpcGFzZXJ2ZXIudGVzdC5sb2Nh Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: bKA0BgorBgEEAYI3FAIDoCYMJEhUVFAvaXBhc2VydmVyLnRlc3QubG9jYWxAVEVT Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: VC5MT0NBTKBDBgYrBgEFAgKgOTA3oAwbClRFU1QuTE9DQUyhJzAloAMCAQGhHjAc Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: GwRIVFRQGxRpcGFzZXJ2ZXIudGVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAYEA Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: Eu8RtrB5p7OGZPQaVYdPdUX0UGhG2BMn739f3RuqTAU1mwWJoReLdjGJ+EV7jMeb Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: kv0fy5GsAmv073wQhiIOFgHwNfLGKU6pOZcT+kY34vO7VTatmrAJm+WOg+yWn8Kd Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: m4HjvsPkvbTcTSey8iIZrFonH2v9aSZPwYxgoIzULRQJeHJBnad4PU0R52qhTcyv Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: btyLeDQm+oRYS0v6Ni3BYsGyUwet7bANRAUT3twuaVf/hP9sn7yFv6xFnZFsYWQ1 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: RoNWHXzRE4r+CKWbOs4UomK2VEx6s+y7uBdDpwI8pdMeF1LfAiy6V2kKbs07dkQr Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2Ig7fFICEpEK+h8snItrfPLY7k6mL1tCUG2dZskbGT3cYfvQJVTHrABLADtimrgX Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: Kd68D3+6KtsEdLN+Wlq9MUS8ul4Ui5pfPHZJivPeWzCDE6xc2U3OWDqvrzpoXRG6 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: przBd+Q/qvFRLt0POVml9AjDNYw2Mk1ztdZxyBqBJWBbeLhRfwwJD70DexLHtaO7 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: -----END CERTIFICATE----- Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: ". Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Certificate issued (0 chain certificates, 0 roots). Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] No hooks set for pre-save command. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] No hooks set for post-save command. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:15 ipaserver.test.local certmonger[27980]: Certificate in file "/etc/pki/tls/certs/groupcert.crt" issued by CA and saved. Mar 12 19:27:15 ipaserver.test.local certmonger[19101]: 2026-03-12 19:27:15 [19101] Wrote to /var/lib/certmonger/requests/20260312232715 Mar 12 19:27:16 ipaserver.test.local sudo[27957]: pam_unix(sudo:session): session closed for user root Mar 12 19:27:16 ipaserver.test.local sshd-session[28006]: Accepted publickey for root from 10.31.40.212 port 51438 ssh2: RSA SHA256:9j1blwt3wcrRiGYZQ7ZGu9axm3cDklH6/z4c+Ee8CzE Mar 12 19:27:16 ipaserver.test.local systemd-logind[808]: New session 9 of user root. ░░ Subject: A new session 9 has been created for user root ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ Documentation: sd-login(3) ░░ ░░ A new session with the ID 9 has been created for the user root. ░░ ░░ The leading process of the session is 28006. Mar 12 19:27:16 ipaserver.test.local systemd[1]: Started session-9.scope - Session 9 of User root. ░░ Subject: A start job for unit session-9.scope has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit session-9.scope has finished successfully. ░░ ░░ The job identifier is 4972. Mar 12 19:27:16 ipaserver.test.local sshd-session[28006]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:27:16 ipaserver.test.local sshd-session[28009]: Received disconnect from 10.31.40.212 port 51438:11: disconnected by user Mar 12 19:27:16 ipaserver.test.local sshd-session[28009]: Disconnected from user root 10.31.40.212 port 51438 Mar 12 19:27:16 ipaserver.test.local sshd-session[28006]: pam_unix(sshd:session): session closed for user root Mar 12 19:27:16 ipaserver.test.local systemd[1]: session-9.scope: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit session-9.scope has successfully entered the 'dead' state. Mar 12 19:27:16 ipaserver.test.local systemd-logind[808]: Session 9 logged out. Waiting for processes to exit. Mar 12 19:27:16 ipaserver.test.local systemd-logind[808]: Removed session 9. ░░ Subject: Session 9 has been terminated ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ Documentation: sd-login(3) ░░ ░░ A session with the ID 9 has been terminated. Mar 12 19:27:16 ipaserver.test.local sshd-session[28036]: Accepted publickey for root from 10.31.40.212 port 51454 ssh2: RSA SHA256:9j1blwt3wcrRiGYZQ7ZGu9axm3cDklH6/z4c+Ee8CzE Mar 12 19:27:16 ipaserver.test.local systemd-logind[808]: New session 10 of user root. ░░ Subject: A new session 10 has been created for user root ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ Documentation: sd-login(3) ░░ ░░ A new session with the ID 10 has been created for the user root. ░░ ░░ The leading process of the session is 28036. Mar 12 19:27:16 ipaserver.test.local systemd[1]: Started session-10.scope - Session 10 of User root. ░░ Subject: A start job for unit session-10.scope has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit session-10.scope has finished successfully. ░░ ░░ The job identifier is 5055. Mar 12 19:27:16 ipaserver.test.local sshd-session[28036]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)