ansible-playbook [core 2.17.14] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.12/site-packages/ansible ansible collection location = /tmp/collections-Lij executable location = /usr/local/bin/ansible-playbook python version = 3.12.12 (main, Feb 27 2026, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-14)] (/usr/bin/python3.12) jinja version = 3.1.6 libyaml = True No config file found; using defaults running playbook inside collection fedora.linux_system_roles statically imported: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'jsonl', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_ipa.yml ************************************************** 1 plays in /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml PLAY [Test using IPA to issue certs] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:2 Thursday 12 March 2026 19:19:44 -0400 (0:00:00.019) 0:00:00.019 ******** [WARNING]: Platform linux on host managed-node1 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.17/reference_appendices/interpreter_discovery.html for more information. ok: [managed-node1] TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:16 Thursday 12 March 2026 19:19:46 -0400 (0:00:02.219) 0:00:02.238 ******** ok: [managed-node1] => { "changed": false, "stat": { "exists": false } } TASK [Skip if not supported] *************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:21 Thursday 12 March 2026 19:19:46 -0400 (0:00:00.420) 0:00:02.659 ******** META: end_host conditional evaluated to False, continuing execution for managed-node1 skipping: [managed-node1] => { "skip_reason": "end_host conditional evaluated to False, continuing execution for managed-node1" } MSG: end_host conditional evaluated to false, continuing execution for managed-node1 TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:2 Thursday 12 March 2026 19:19:46 -0400 (0:00:00.005) 0:00:02.664 ******** ok: [managed-node1] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Check if system is ostree] *********************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:9 Thursday 12 March 2026 19:19:46 -0400 (0:00:00.035) 0:00:02.699 ******** ok: [managed-node1] => { "changed": false, "stat": { "exists": false } } TASK [Set flag to indicate system is ostree] *********************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:14 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.339) 0:00:03.039 ******** ok: [managed-node1] => { "ansible_facts": { "__certificate_is_ostree": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:18 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.019) 0:00:03.058 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "__is_beaker_env", "skip_reason": "Conditional result was False" } TASK [Ensure freeipa-repo is absent] ******************************************* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:24 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.010) 0:00:03.068 ******** ok: [managed-node1 -> 127.0.0.1] => { "changed": false, "path": "/tmp/freeipa-repo/", "state": "absent" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:32 Thursday 12 March 2026 19:19:47 -0400 (0:00:00.386) 0:00:03.454 ******** changed: [managed-node1 -> 127.0.0.1] => { "after": "62fd1551ebe6ff45314e2286f5b192fb9419aaf3", "before": null, "changed": true } TASK [Create role symlinks] **************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:41 Thursday 12 March 2026 19:19:48 -0400 (0:00:01.300) 0:00:04.755 ******** changed: [managed-node1 -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [managed-node1 -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [Ensure hostname package is installed] ************************************ task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:53 Thursday 12 March 2026 19:19:49 -0400 (0:00:00.510) 0:00:05.266 ******** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Get hostname] ************************************************************ task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:59 Thursday 12 March 2026 19:20:00 -0400 (0:00:11.572) 0:00:16.838 ******** ok: [managed-node1] => { "changed": false, "cmd": [ "hostname" ], "delta": "0:00:00.002558", "end": "2026-03-12 19:20:01.323366", "rc": 0, "start": "2026-03-12 19:20:01.320808" } STDOUT: managed-node1 TASK [Set hostname] ************************************************************ task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:64 Thursday 12 March 2026 19:20:01 -0400 (0:00:00.423) 0:00:17.262 ******** changed: [managed-node1] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:70 Thursday 12 March 2026 19:20:02 -0400 (0:00:00.793) 0:00:18.055 ******** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Sanitize /etc/hosts] ***************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:77 Thursday 12 March 2026 19:20:03 -0400 (0:00:00.947) 0:00:19.003 ******** changed: [managed-node1] => { "backup": "", "changed": true, "found": 1 } MSG: 1 line(s) removed TASK [Add host to /etc/hosts] ************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:88 Thursday 12 March 2026 19:20:03 -0400 (0:00:00.481) 0:00:19.484 ******** changed: [managed-node1] => { "backup": "", "changed": true } MSG: line added TASK [See if collection exists] ************************************************ task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:116 Thursday 12 March 2026 19:20:03 -0400 (0:00:00.347) 0:00:19.832 ******** ok: [managed-node1 -> localhost] => { "changed": false, "stat": { "exists": false } } TASK [Set name of ipa server role] ********************************************* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:122 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.203) 0:00:20.035 ******** ok: [managed-node1] => { "ansible_facts": { "__ipa_server_role": "ipaserver" }, "changed": false } TASK [Include ipaserver role] ************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:126 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.014) 0:00:20.050 ******** included: ipaserver for managed-node1 TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.023) 0:00:20.074 ******** ok: [managed-node1] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/default.yml) => { "ansible_facts": { "ipaserver_packages": [ "ipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "ipa-server-dns" ], "ipaserver_packages_dot": [ "ipa-server-encrypted-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:19 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.028) 0:00:20.102 ******** included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for managed-node1 TASK [ipaserver : Install - Set ipaserver__dns_over_lts] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:4 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.076) 0:00:20.178 ******** ok: [managed-node1] => { "ansible_facts": { "ipaserver__dns_over_tls": false }, "changed": false } TASK [ipaserver : Install - Set packages for installation] ********************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:12 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.031) 0:00:20.210 ******** ok: [managed-node1] => { "ansible_facts": { "_ipapackages": [ "ipa-server", "python3-libselinux" ] }, "changed": false } TASK [ipaserver : Install - Set packages for installlation, add DNS] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.031) 0:00:20.242 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_setup_dns | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set packages for installlation, add DOT] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:21 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.027) 0:00:20.269 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver__dns_over_tls | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set packages for installlation, add adtrust] ******* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:26 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.027) 0:00:20.297 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_setup_adtrust | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set packages for installlation, add firewalld] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.027) 0:00:20.324 ******** ok: [managed-node1] => { "ansible_facts": { "_ipapackages": [ "ipa-server", "python3-libselinux", "firewalld" ] }, "changed": false } TASK [ipaserver : Install - Ensure that packages are installed] **************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:36 Thursday 12 March 2026 19:20:04 -0400 (0:00:00.031) 0:00:20.356 ******** changed: [managed-node1] => { "changed": true, "rc": 0, "results": [ "Installed: perl-threads-1:2.25-460.el9.x86_64", "Installed: exempi-2.6.0-0.2.20211007gite23c213.el9.x86_64", "Installed: perl-threads-shared-1.61-460.el9.x86_64", "Installed: exiv2-0.27.5-2.el9.x86_64", "Installed: exiv2-libs-0.27.5-2.el9.x86_64", "Installed: lcms2-2.12-3.el9.x86_64", "Installed: tomcat-1:9.0.110-1.el9.noarch", "Installed: fdk-aac-free-2.0.0-8.el9.x86_64", "Installed: librsvg2-2.50.7-3.el9.x86_64", "Installed: tomcat-el-3.0-api-1:9.0.110-1.el9.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.110-1.el9.noarch", "Installed: tomcat-lib-1:9.0.110-1.el9.noarch", "Installed: libsbc-1.4-10.el9.x86_64", "Installed: tomcat-servlet-4.0-api-1:9.0.110-1.el9.noarch", "Installed: libX11-1.8.12-1.el9.x86_64", "Installed: libX11-common-1.8.12-1.el9.noarch", "Installed: totem-pl-parser-3.26.6-2.el9.x86_64", "Installed: tracker-3.1.2-3.el9.x86_64", "Installed: libX11-xcb-1.8.12-1.el9.x86_64", "Installed: tracker-miners-3.1.2-4.el9.x86_64", "Installed: ttmkfdir-3.0.9-65.el9.x86_64", "Installed: libXau-1.0.9-8.el9.x86_64", "Installed: libXcomposite-0.4.5-7.el9.x86_64", "Installed: libXcursor-1.2.0-7.el9.x86_64", "Installed: libXdamage-1.1.5-7.el9.x86_64", "Installed: libXext-1.3.4-8.el9.x86_64", "Installed: libsndfile-1.0.31-9.el9.x86_64", "Installed: libXfixes-5.0.3-16.el9.x86_64", "Installed: libXft-2.3.3-8.el9.x86_64", "Installed: libsoup-2.72.0-16.el9.x86_64", "Installed: libXi-1.7.10-8.el9.x86_64", "Installed: libXinerama-1.1.4-10.el9.x86_64", "Installed: tzdata-java-2025c-1.el9.noarch", "Installed: openldap-clients-2.6.8-4.el9.x86_64", "Installed: libXrandr-1.5.2-8.el9.x86_64", "Installed: libXrender-0.9.10-16.el9.x86_64", "Installed: libXtst-1.2.3-16.el9.x86_64", "Installed: libXv-1.0.11-16.el9.x86_64", "Installed: libstemmer-0-18.585svn.el9.x86_64", "Installed: avahi-glib-0.8-23.el9.x86_64", "Installed: libXxf86vm-1.1.4-18.el9.x86_64", "Installed: libappstream-glib-0.7.18-5.el9.x86_64", "Installed: nss-tools-3.112.0-4.el9.x86_64", "Installed: upower-0.99.11-11.el9.x86_64", "Installed: libasyncns-0.8-22.el9.x86_64", "Installed: libthai-0.1.28-8.el9.x86_64", "Installed: libtheora-1:1.1.1-31.el9.x86_64", "Installed: libtiff-4.4.0-16.el9.x86_64", "Installed: bind-libs-32:9.16.23-40.el9.x86_64", "Installed: bind-license-32:9.16.23-40.el9.noarch", "Installed: bind-utils-32:9.16.23-40.el9.x86_64", "Installed: libtracker-sparql-3.1.2-3.el9.x86_64", "Installed: graphene-1.10.6-2.el9.x86_64", "Installed: open-sans-fonts-1.10-16.el9.noarch", "Installed: pipewire-1.4.9-1.el9.x86_64", "Installed: polkit-0.117-14.el9.x86_64", "Installed: pipewire-alsa-1.4.9-1.el9.x86_64", "Installed: polkit-libs-0.117-14.el9.x86_64", "Installed: polkit-pkla-compat-0.1-21.el9.x86_64", "Installed: libuv-1:1.42.0-2.el9.x86_64", "Installed: fftw-libs-single-3.3.8-12.el9.x86_64", "Installed: gsm-1.0.19-6.el9.x86_64", "Installed: pipewire-jack-audio-connection-kit-1.4.9-1.el9.x86_64", "Installed: gstreamer1-1.22.12-3.el9.x86_64", "Installed: protobuf-c-1.3.3-13.el9.x86_64", "Installed: pipewire-jack-audio-connection-kit-libs-1.4.9-1.el9.x86_64", "Installed: python3-cffi-1.14.5-5.el9.x86_64", "Installed: pipewire-libs-1.4.9-1.el9.x86_64", "Installed: gstreamer1-plugins-base-1.22.12-4.el9.x86_64", "Installed: openjpeg2-2.4.0-8.el9.x86_64", "Installed: python3-cryptography-36.0.1-5.el9.x86_64", "Installed: pipewire-pulseaudio-1.4.9-1.el9.x86_64", "Installed: python3-decorator-4.4.2-6.el9.noarch", "Installed: pixman-0.40.0-6.el9.x86_64", "Installed: flac-libs-1.3.3-12.el9.x86_64", "Installed: python3-dns-2.6.1-3.el9.noarch", "Installed: libcanberra-0.30-27.el9.x86_64", "Installed: pki-jackson-annotations-2.19.1-1.el9.noarch", "Installed: flatpak-1.12.9-4.el9.x86_64", "Installed: pki-jackson-core-2.19.1-1.el9.noarch", "Installed: pki-jackson-databind-2.19.1-1.el9.noarch", "Installed: gtk-update-icon-cache-3.24.31-8.el9.x86_64", "Installed: pki-jackson-jaxrs-json-provider-2.19.1-1.el9.noarch", "Installed: libcanberra-gtk3-0.30-27.el9.x86_64", "Installed: pki-jackson-jaxrs-providers-2.19.1-1.el9.noarch", "Installed: pki-jackson-module-jaxb-annotations-2.19.1-1.el9.noarch", "Installed: flatpak-selinux-1.12.9-4.el9.noarch", "Installed: flatpak-session-helper-1.12.9-4.el9.x86_64", "Installed: pki-resteasy-client-3.0.26-19.el9.noarch", "Installed: pki-resteasy-core-3.0.26-19.el9.noarch", "Installed: pki-resteasy-jackson2-provider-3.0.26-19.el9.noarch", "Installed: pki-resteasy-servlet-initializer-3.0.26-19.el9.noarch", "Installed: python3-libipa_hbac-2.9.8-1.el9.x86_64", "Installed: gtk3-3.24.31-8.el9.x86_64", "Installed: libdatrie-0.2.13-4.el9.x86_64", "Installed: graphite2-1.3.14-9.el9.x86_64", "Installed: openssl-perl-1:3.5.5-1.el9.x86_64", "Installed: fontawesome-fonts-1:4.7.0-13.el9.noarch", "Installed: libdb-utils-5.3.28-57.el9.x86_64", "Installed: fontconfig-2.14.0-2.el9.x86_64", "Installed: opus-1.3.1-10.el9.x86_64", "Installed: python3-ply-3.11-14.el9.noarch", "Installed: python3-pycparser-2.20-6.el9.noarch", "Installed: orc-0.4.31-8.el9.x86_64", "Installed: libvorbis-1:1.3.7-5.el9.x86_64", "Installed: webkit2gtk3-jsc-2.50.4-1.el9.x86_64", "Installed: webrtc-audio-processing-0.3.1-8.el9.x86_64", "Installed: gsettings-desktop-schemas-40.0-8.el9.x86_64", "Installed: libwayland-client-1.21.0-1.el9.x86_64", "Installed: libepoxy-1.5.5-4.el9.x86_64", "Installed: libwayland-cursor-1.21.0-1.el9.x86_64", "Installed: harfbuzz-2.7.4-10.el9.x86_64", "Installed: python3-sss-2.9.8-1.el9.x86_64", "Installed: libwayland-egl-1.21.0-1.el9.x86_64", "Installed: wireplumber-0.5.12-1.el9.x86_64", "Installed: python3-sss-murmur-2.9.8-1.el9.x86_64", "Installed: python3-sssdconfig-2.9.8-1.el9.noarch", "Installed: libwebp-1.2.0-8.el9.x86_64", "Installed: wireplumber-libs-0.5.12-1.el9.x86_64", "Installed: libexif-0.6.22-6.el9.x86_64", "Installed: osinfo-db-20250606-1.el9.noarch", "Installed: osinfo-db-tools-1.10.0-1.el9.x86_64", "Installed: fribidi-1.0.10-6.el9.2.x86_64", "Installed: libfontenc-1.1.3-17.el9.x86_64", "Installed: fstrm-0.6.1-3.el9.x86_64", "Installed: libxcb-1.13.1-9.el9.x86_64", "Installed: ostree-libs-2025.7-1.el9.x86_64", "Installed: hicolor-icon-theme-0.17-13.el9.noarch", "Installed: xdg-dbus-proxy-0.1.3-1.el9.x86_64", "Installed: xdg-desktop-portal-1.12.6-1.el9.x86_64", "Installed: p11-kit-server-0.26.2-1.el9.x86_64", "Installed: libxkbcommon-1.0.3-4.el9.x86_64", "Installed: xdg-desktop-portal-gtk-1.12.0-3.el9.x86_64", "Installed: httpcomponents-client-4.5.13-7.el9.noarch", "Installed: httpcomponents-core-4.4.13-11.el9.noarch", "Installed: libxshmfence-1.3-10.el9.x86_64", "Installed: httpd-2.4.62-13.el9.x86_64", "Installed: libgexiv2-0.14.3-1.el9.x86_64", "Installed: httpd-core-2.4.62-13.el9.x86_64", "Installed: libglvnd-1:1.3.4-1.el9.x86_64", "Installed: xkeyboard-config-2.33-2.el9.noarch", "Installed: xml-common-0.6.3-58.el9.noarch", "Installed: httpd-filesystem-2.4.62-13.el9.noarch", "Installed: xml-commons-apis-1.4.01-39.el9.noarch", "Installed: libglvnd-egl-1:1.3.4-1.el9.x86_64", "Installed: policycoreutils-python-utils-3.6-5.el9.noarch", "Installed: pango-1.48.7-3.el9.x86_64", "Installed: xml-commons-resolver-1.2-42.el9.noarch", "Installed: httpd-tools-2.4.62-13.el9.x86_64", "Installed: libglvnd-glx-1:1.3.4-1.el9.x86_64", "Installed: poppler-21.01.0-24.el9.x86_64", "Installed: ModemManager-glib-1.20.2-1.el9.x86_64", "Installed: poppler-data-0.4.9-9.el9.noarch", "Installed: libgsf-1.14.47-5.el9.x86_64", "Installed: cairo-1.17.4-7.el9.x86_64", "Installed: samba-client-libs-4.23.5-6.el9.x86_64", "Installed: poppler-glib-21.01.0-24.el9.x86_64", "Installed: samba-common-4.23.5-6.el9.noarch", "Installed: cairo-gobject-1.17.4-7.el9.x86_64", "Installed: xorg-x11-fonts-Type1-7.5-33.el9.noarch", "Installed: samba-common-libs-4.23.5-6.el9.x86_64", "Installed: libgxps-0.3.2-3.el9.x86_64", "Installed: centos-logos-httpd-90.9-1.el9.noarch", "Installed: centos-logos-ipa-90.9-1.el9.noarch", "Installed: adobe-source-code-pro-fonts-2.030.1.050-12.el9.1.noarch", "Installed: certmonger-0.79.21-1.el9.x86_64", "Installed: json-glib-1.6.6-1.el9.x86_64", "Installed: llvm-filesystem-21.1.8-2.el9.x86_64", "Installed: llvm-libs-21.1.8-2.el9.x86_64", "Installed: autofs-1:5.1.7-66.el9.x86_64", "Installed: libiptcdata-1.0.5-10.el9.x86_64", "Installed: bash-completion-1:2.11-5.el9.noarch", "Installed: shared-mime-info-2.1-5.el9.x86_64", "Installed: rtkit-0.11-29.el9.x86_64", "Installed: libjose-14-1.el9.x86_64", "Installed: bluez-libs-5.85-1.el9.x86_64", "Installed: libjpeg-turbo-2.0.90-7.el9.x86_64", "Installed: bubblewrap-0.6.3-1.el9.x86_64", "Installed: low-memory-monitor-2.1-4.el9.x86_64", "Installed: lua-5.4.4-4.el9.x86_64", "Installed: lua-posix-35.0-8.el9.x86_64", "Installed: libldac-2.0.2.3-10.el9.x86_64", "Installed: sssd-common-pac-2.9.8-1.el9.x86_64", "Installed: sssd-dbus-2.9.8-1.el9.x86_64", "Installed: sssd-ipa-2.9.8-1.el9.x86_64", "Installed: krb5-pkinit-1.21.1-9.el9.x86_64", "Installed: sssd-krb5-2.9.8-1.el9.x86_64", "Installed: sssd-krb5-common-2.9.8-1.el9.x86_64", "Installed: krb5-server-1.21.1-9.el9.x86_64", "Installed: sssd-passkey-2.9.8-1.el9.x86_64", "Installed: krb5-workstation-1.21.1-9.el9.x86_64", "Installed: sssd-tools-2.9.8-1.el9.x86_64", "Installed: idm-jss-5.7.0-1.el9.x86_64", "Installed: idm-jss-tomcat-5.7.0-1.el9.x86_64", "Installed: idm-ldapjdk-5.6.0-1.el9.noarch", "Installed: idm-pki-acme-11.7.1-1.el9.noarch", "Installed: idm-pki-base-11.7.1-1.el9.noarch", "Installed: colord-libs-1.4.5-4.el9.x86_64", "Installed: idm-pki-ca-11.7.1-1.el9.noarch", "Installed: idm-pki-java-11.7.1-1.el9.noarch", "Installed: idm-pki-kra-11.7.1-1.el9.noarch", "Installed: idm-pki-server-11.7.1-1.el9.noarch", "Installed: idm-pki-tools-11.7.1-1.el9.x86_64", "Installed: libnotify-0.7.9-8.el9.x86_64", "Installed: composefs-libs-1.0.8-1.el9.x86_64", "Installed: libnsl2-2.0.0-1.el9.x86_64", "Installed: cups-libs-1:2.3.3op2-37.el9.x86_64", "Installed: libogg-2:1.3.4-6.el9.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-21.el9.x86_64", "Installed: libosinfo-1.10.0-1.el9.x86_64", "Installed: copy-jdk-configs-4.0-3.el9.noarch", "Installed: cyrus-sasl-plain-2.1.27-21.el9.x86_64", "Installed: publicsuffix-list-20210518-3.el9.noarch", "Installed: pulseaudio-libs-15.0-3.el9.x86_64", "Installed: ipa-client-4.13.1-3.el9.x86_64", "Installed: ipa-client-common-4.13.1-3.el9.noarch", "Installed: ipa-common-4.13.1-3.el9.noarch", "Installed: libdrm-2.4.128-1.el9.x86_64", "Installed: ipa-healthcheck-core-0.19-1.el9.noarch", "Installed: python3-argcomplete-1.12.0-5.el9.noarch", "Installed: ipa-selinux-4.13.1-3.el9.noarch", "Installed: python3-augeas-0.5.0-25.el9.noarch", "Installed: ipa-server-4.13.1-3.el9.x86_64", "Installed: ipa-server-common-4.13.1-3.el9.noarch", "Installed: mesa-dri-drivers-25.2.7-4.el9.x86_64", "Installed: mesa-filesystem-25.2.7-4.el9.x86_64", "Installed: mesa-libEGL-25.2.7-4.el9.x86_64", "Installed: libgudev-237-1.el9.x86_64", "Installed: libgusb-0.3.8-2.el9.x86_64", "Installed: words-3.0-39.el9.noarch", "Installed: libproxy-webkitgtk4-0.4.15-35.el9.x86_64", "Installed: iso-codes-4.6.0-3.el9.noarch", "Installed: mesa-libGL-25.2.7-4.el9.x86_64", "Installed: jakarta-activation-1.2.2-8.el9.noarch", "Installed: jakarta-annotations-1.3.5-16.el9.noarch", "Installed: libicu-67.1-10.el9.x86_64", "Installed: mesa-libgbm-25.2.7-4.el9.x86_64", "Installed: python3-gssapi-1.6.9-5.el9.x86_64", "Installed: python3-idm-pki-11.7.1-1.el9.noarch", "Installed: libipa_hbac-2.9.8-1.el9.x86_64", "Installed: python3-ipaclient-4.13.1-3.el9.noarch", "Installed: libkadm5-1.21.1-9.el9.x86_64", "Installed: python3-ipalib-4.13.1-3.el9.noarch", "Installed: 389-ds-base-2.8.0-6.el9.x86_64", "Installed: python3-ipaserver-4.13.1-3.el9.noarch", "Installed: 389-ds-base-libs-2.8.0-6.el9.x86_64", "Installed: cyrus-sasl-md5-2.1.27-21.el9.x86_64", "Installed: perl-Algorithm-Diff-1.2010-4.el9.noarch", "Installed: perl-Archive-Tar-2.38-6.el9.noarch", "Installed: python3-jwcrypto-1.5.6-2.el9.noarch", "Installed: python3-kdcproxy-1.1.0-1.el9.noarch", "Installed: mkfontscale-1.2.1-3.el9.x86_64", "Installed: mod_auth_gssapi-1.6.3-7.el9.x86_64", "Installed: python3-ldap-3.4.3-2.el9.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.101-5.el9.x86_64", "Installed: perl-Compress-Raw-Lzma-2.101-3.el9.x86_64", "Installed: mod_http2-2.0.26-5.el9.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-5.el9.x86_64", "Installed: python3-lib389-2.8.0-6.el9.noarch", "Installed: java-17-openjdk-1:17.0.18.0.8-2.el9.x86_64", "Installed: gdk-pixbuf2-2.42.6-6.el9.x86_64", "Installed: dconf-0.40.0-6.el9.x86_64", "Installed: mod_lookup_identity-1.0.0-15.el9.x86_64", "Installed: java-17-openjdk-devel-1:17.0.18.0.8-2.el9.x86_64", "Installed: mod_lua-2.4.62-13.el9.x86_64", "Installed: java-17-openjdk-headless-1:17.0.18.0.8-2.el9.x86_64", "Installed: gdk-pixbuf2-modules-2.42.6-6.el9.x86_64", "Installed: perl-DB_File-1.855-4.el9.x86_64", "Installed: freetype-2.10.4-11.el9.x86_64", "Installed: perl-Devel-Peek-1.28-483.el9.x86_64", "Installed: mod_session-2.4.62-13.el9.x86_64", "Installed: fuse-2.9.9-17.el9.x86_64", "Installed: mod_ssl-1:2.4.62-13.el9.x86_64", "Installed: fuse-common-3.10.2-9.el9.x86_64", "Installed: abattis-cantarell-fonts-0.301-4.el9.noarch", "Installed: geoclue2-2.6.0-7.el9.x86_64", "Installed: glib-networking-2.68.3-3.el9.x86_64", "Installed: python3-mod_wsgi-4.7.1-12.el9.x86_64", "Installed: adwaita-cursor-theme-40.1.1-3.el9.noarch", "Installed: adwaita-icon-theme-40.1.1-3.el9.noarch", "Installed: python3-netaddr-0.10.1-3.el9.noarch", "Installed: libpciaccess-0.16-7.el9.x86_64", "Installed: libpng-2:1.6.37-14.el9.x86_64", "Installed: libproxy-0.4.15-35.el9.x86_64", "Installed: javapackages-filesystem-6.4.0-1.el9.noarch", "Installed: alsa-lib-1.2.15.3-1.el9.x86_64", "Installed: javapackages-tools-6.4.0-1.el9.noarch", "Installed: jaxb-api-2.3.3-5.el9.noarch", "Installed: perl-File-Find-1.37-483.el9.noarch", "Installed: giflib-5.2.1-9.el9.x86_64", "Installed: jbigkit-libs-2.1-23.el9.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-16.el9.noarch", "Installed: jboss-logging-3.4.1-9.el9.noarch", "Installed: jboss-logging-tools-2.2.1-7.el9.noarch", "Installed: python3-psutil-5.8.0-12.el9.x86_64", "Installed: jdeparser-2.0.3-12.el9.noarch", "Installed: python3-pyasn1-0.4.8-7.el9.noarch", "Installed: python3-pyasn1-modules-0.4.8-7.el9.noarch", "Installed: python3-pyusb-1.0.2-13.el9.noarch", "Installed: python3-qrcode-core-6.1-12.el9.noarch", "Installed: perl-IO-Compress-2.102-4.el9.noarch", "Installed: perl-IO-Compress-Lzma-2.101-4.el9.noarch", "Installed: perl-IO-Zlib-1:1.11-4.el9.noarch", "Installed: slapi-nis-0.60.0-5.el9.x86_64", "Installed: slf4j-1.7.30-16.el9.noarch", "Installed: slf4j-jdk14-1.7.30-16.el9.noarch", "Installed: libsss_autofs-2.9.8-1.el9.x86_64", "Installed: softhsm-2.6.1-11.el9.x86_64", "Installed: sound-theme-freedesktop-0.8-17.el9.noarch", "Installed: python3-yubico-1.3.3-7.el9.noarch", "Installed: spirv-tools-libs-2025.4-1.el9.x86_64", "Installed: sscg-4.0.3-2.el9.x86_64", "Installed: ecj-1:4.20-17.el9.noarch", "Installed: sssd-idp-2.9.8-1.el9.x86_64", "Installed: perl-Term-ReadLine-1.17-483.el9.noarch", "Installed: apache-commons-cli-1.4-20.el9.noarch", "Installed: apache-commons-codec-1.15-10.el9.noarch", "Installed: perl-Text-Diff-1.45-13.el9.noarch", "Installed: apache-commons-io-1:2.8.0-12.el9.noarch", "Installed: apache-commons-lang3-3.12.0-10.el9.noarch", "Installed: apache-commons-logging-1.2-33.el9.noarch", "Installed: libusbx-1.0.26-1.el9.x86_64", "Installed: perl-Tie-4.6-483.el9.noarch", "Installed: apache-commons-net-3.6-17.el9.noarch", "Installed: apr-1.7.0-12.el9.x86_64", "Installed: apr-util-1.6.1-23.el9.x86_64", "Installed: libwbclient-4.23.5-6.el9.x86_64", "Installed: apr-util-bdb-1.6.1-23.el9.x86_64", "Installed: apr-util-openssl-1.6.1-23.el9.x86_64", "Installed: perl-debugger-1.56-483.el9.noarch", "Installed: lksctp-tools-1.0.19-2.el9.x86_64", "Installed: at-spi2-atk-2.38.0-4.el9.x86_64", "Installed: at-spi2-core-2.40.3-1.el9.x86_64", "Installed: mailcap-2.1.49-5.el9.noarch", "Installed: atk-2.36.0-5.el9.x86_64", "Installed: perl-meta-notation-5.32.1-483.el9.noarch", "Installed: augeas-libs-1.14.1-3.el9.x86_64", "Installed: perl-sigtrap-1.09-483.el9.noarch" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Thursday 12 March 2026 19:21:11 -0400 (0:01:07.303) 0:01:27.659 ******** changed: [managed-node1] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "polkit.service dbus-broker.service basic.target dbus.socket system.slice sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "iptables.service ebtables.service ipset.service ip6tables.service shutdown.target", "ControlGroupId": "0", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "28521", "LimitNPROCSoft": "28521", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "28521", "LimitSIGPENDINGSoft": "28521", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "18446744073709551615", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus-broker.service dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "45633", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "disabled", "UtmpMode": "init", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone from ipaserver_firewalld_zone] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:53 Thursday 12 March 2026 19:21:13 -0400 (0:00:02.003) 0:01:29.662 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_firewalld_zone is defined", "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone from ipaserver_firewalld_zone] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:59 Thursday 12 March 2026 19:21:13 -0400 (0:00:00.036) 0:01:29.699 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_firewalld_zone is defined", "skip_reason": "Conditional result was False" } TASK [ipaserver : Copy external certs] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:66 Thursday 12 March 2026 19:21:13 -0400 (0:00:00.040) 0:01:29.739 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_external_cert_files_from_controller is defined and ipaserver_external_cert_files_from_controller|length > 0 and not ipaserver_external_cert_files is defined", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:73 Thursday 12 March 2026 19:21:13 -0400 (0:00:00.053) 0:01:29.792 ******** ok: [managed-node1] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "client_dns_over_tls": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 741599999, "idstart": 741400000, "ipa_python_version": 41301, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "random_serial_numbers": false, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false, "sid_generation_always": true } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:158 Thursday 12 March 2026 19:21:15 -0400 (0:00:01.377) 0:01:31.169 ******** changed: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:165 Thursday 12 March 2026 19:21:16 -0400 (0:00:01.434) 0:01:32.604 ******** ok: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Use user defined master password, if provided] *************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:171 Thursday 12 March 2026 19:21:16 -0400 (0:00:00.028) 0:01:32.633 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:177 Thursday 12 March 2026 19:21:16 -0400 (0:00:00.021) 0:01:32.654 ******** changed: [managed-node1] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_random_serial_numbers": false, "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": "TEST", "adtrust_reset_netbios_name": true, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [], "dns_reverse_zones": [], "forward_policy": null, "forwarders": [], "ip_addresses": [ "10.31.40.153" ], "no_dnssec_validation": false, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:228 Thursday 12 March 2026 19:21:18 -0400 (0:00:02.217) 0:01:34.871 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:235 Thursday 12 March 2026 19:21:26 -0400 (0:00:07.869) 0:01:42.740 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:264 Thursday 12 March 2026 19:22:01 -0400 (0:00:35.017) 0:02:17.758 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:291 Thursday 12 March 2026 19:22:08 -0400 (0:00:06.811) 0:02:24.570 ******** changed: [managed-node1] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "managed-node1-ipa.csr"] *************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:333 Thursday 12 March 2026 19:25:51 -0400 (0:03:43.088) 0:06:07.659 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "result_ipaserver_setup_ca.csr_generated | bool and ipaserver_copy_csr_to_controller | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:344 Thursday 12 March 2026 19:25:51 -0400 (0:00:00.035) 0:06:07.695 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:350 Thursday 12 March 2026 19:25:54 -0400 (0:00:02.592) 0:06:10.287 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:382 Thursday 12 March 2026 19:26:23 -0400 (0:00:29.509) 0:06:39.796 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "result_ipaserver_test.setup_kra | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:393 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.039) 0:06:39.836 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaserver_setup_dns | bool", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:415 Thursday 12 March 2026 19:26:23 -0400 (0:00:00.039) 0:06:39.875 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:431 Thursday 12 March 2026 19:26:33 -0400 (0:00:09.904) 0:06:49.780 ******** changed: [managed-node1] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:448 Thursday 12 March 2026 19:26:36 -0400 (0:00:02.656) 0:06:52.437 ******** included: ipaclient for managed-node1 TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.053) 0:06:52.490 ******** ok: [managed-node1] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ], "ipaclient_packages_dot": [ "ipa-client-encrypted-dns" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:19 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.050) 0:06:52.540 ******** included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for managed-node1 TASK [ipaclient : Install - Set packages for installation] ********************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:8 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.090) 0:06:52.631 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_install_packages | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set packages for installlation, add DOT] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:12 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.035) 0:06:52.666 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_install_packages | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Ensure that packages are installed] **************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:17 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.034) 0:06:52.701 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_install_packages | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:22 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.034) 0:06:52.736 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "groups.ipaservers is defined and ipaclient_servers is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:27 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.035) 0:06:52.772 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either password or keytab is set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:33 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.036) 0:06:52.808 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaadmin_keytab is defined and ipaadmin_password is defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:38 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.034) 0:06:52.843 ******** ok: [managed-node1] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - Fail on missing ipaclient_domain and ipaserver_domain] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:48 Thursday 12 March 2026 19:26:36 -0400 (0:00:00.038) 0:06:52.882 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_dns_resolver | bool and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Fail on missing ipaclient_dns_servers] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:53 Thursday 12 March 2026 19:26:37 -0400 (0:00:00.039) 0:06:52.921 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_dns_resolver | bool and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure DNS resolver] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:58 Thursday 12 March 2026 19:26:37 -0400 (0:00:00.035) 0:06:52.956 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_dns_resolver | bool and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:64 Thursday 12 March 2026 19:26:37 -0400 (0:00:00.036) 0:06:52.992 ******** ok: [managed-node1] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 41301, "kdc": "ipaserver.test.local", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "selinux_works": true, "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:95 Thursday 12 March 2026 19:26:38 -0400 (0:00:00.925) 0:06:53.918 ******** ok: [managed-node1] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:100 Thursday 12 March 2026 19:26:38 -0400 (0:00:00.456) 0:06:54.375 ******** ok: [managed-node1] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:112 Thursday 12 March 2026 19:26:39 -0400 (0:00:00.878) 0:06:55.253 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_otp is defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:117 Thursday 12 March 2026 19:26:39 -0400 (0:00:00.039) 0:06:55.292 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:122 Thursday 12 March 2026 19:26:39 -0400 (0:00:00.037) 0:06:55.330 ******** ok: [managed-node1] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Thursday 12 March 2026 19:26:41 -0400 (0:00:01.639) 0:06:56.970 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not ipaclient_force_join | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:150 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.038) 0:06:57.008 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create temporary file for keytab] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:155 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.039) 0:06:57.047 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Copy keytab to server temporary file] ************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:164 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.037) 0:06:57.085 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:172 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.039) 0:06:57.124 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:182 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.039) 0:06:57.164 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Remove keytab temporary file] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:196 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.038) 0:06:57.202 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_use_otp | bool and ipaclient_otp is not defined", "skip_reason": "Conditional result was False" } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:203 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.039) 0:06:57.242 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:221 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.036) 0:06:57.278 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:226 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.037) 0:06:57.315 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - From host keytab, purge TEST.LOCAL] **************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:234 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.036) 0:06:57.352 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "(ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:251 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.037) 0:06:57.389 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create temporary krb5 configuration] *************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:256 Thursday 12 March 2026 19:26:41 -0400 (0:00:00.036) 0:06:57.426 ******** ok: [managed-node1] => { "changed": false, "krb_name": "/tmp/tmpm1qoumuf" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:265 Thursday 12 March 2026 19:26:42 -0400 (0:00:00.895) 0:06:58.321 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)", "skip_reason": "Conditional result was False" } TASK [ipaclient : The krb5 configuration is not correct] *********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:293 Thursday 12 March 2026 19:26:42 -0400 (0:00:00.038) 0:06:58.360 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))", "skip_reason": "Conditional result was False" } TASK [ipaclient : IPA test failed] ********************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:299 Thursday 12 March 2026 19:26:42 -0400 (0:00:00.038) 0:06:58.398 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))", "skip_reason": "Conditional result was False" } TASK [ipaclient : Fail due to missing ca.crt file] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:303 Thursday 12 March 2026 19:26:42 -0400 (0:00:00.037) 0:06:58.435 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:317 Thursday 12 March 2026 19:26:42 -0400 (0:00:00.038) 0:06:58.474 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:326 Thursday 12 March 2026 19:26:42 -0400 (0:00:00.037) 0:06:58.511 ******** changed: [managed-node1] => { "changed": true } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:344 Thursday 12 March 2026 19:26:43 -0400 (0:00:00.903) 0:06:59.415 ******** changed: [managed-node1] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:353 Thursday 12 March 2026 19:26:45 -0400 (0:00:02.379) 0:07:01.795 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:364 Thursday 12 March 2026 19:26:45 -0400 (0:00:00.042) 0:07:01.837 ******** changed: [managed-node1] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:396 Thursday 12 March 2026 19:27:15 -0400 (0:00:29.556) 0:07:31.393 ******** changed: [managed-node1] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:404 Thursday 12 March 2026 19:27:16 -0400 (0:00:00.938) 0:07:32.332 ******** ok: [managed-node1] => { "changed": false } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:410 Thursday 12 March 2026 19:27:17 -0400 (0:00:00.869) 0:07:33.202 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "ipaclient_configure_firefox | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:416 Thursday 12 March 2026 19:27:17 -0400 (0:00:00.041) 0:07:33.243 ******** changed: [managed-node1] => { "changed": true } TASK [ipaclient : Remove temporary krb5.conf] ********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:422 Thursday 12 March 2026 19:27:18 -0400 (0:00:01.099) 0:07:34.343 ******** changed: [managed-node1] => { "changed": true, "path": "/tmp/tmpm1qoumuf", "state": "absent" } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:428 Thursday 12 March 2026 19:27:18 -0400 (0:00:00.474) 0:07:34.817 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure certmonger] ****************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:442 Thursday 12 March 2026 19:27:18 -0400 (0:00:00.042) 0:07:34.859 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not ipaclient_on_master | bool", "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:452 Thursday 12 March 2026 19:27:19 -0400 (0:00:00.040) 0:07:34.900 ******** skipping: [managed-node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:458 Thursday 12 March 2026 19:27:19 -0400 (0:00:00.039) 0:07:34.939 ******** ok: [managed-node1] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Remove temporary krb5.conf] ********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:463 Thursday 12 March 2026 19:27:19 -0400 (0:00:00.467) 0:07:35.407 ******** ok: [managed-node1] => { "changed": false, "path": "/tmp/tmpm1qoumuf", "state": "absent" } TASK [ipaclient : Remove temporary krb5.conf backup] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:469 Thursday 12 March 2026 19:27:19 -0400 (0:00:00.481) 0:07:35.888 ******** changed: [managed-node1] => { "changed": true, "path": "/tmp/tmpm1qoumuf.ipabkp", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:23 Thursday 12 March 2026 19:27:20 -0400 (0:00:00.460) 0:07:36.348 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "state|default('present') == 'absent'", "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:464 Thursday 12 March 2026 19:27:20 -0400 (0:00:00.039) 0:07:36.387 ******** changed: [managed-node1] => { "changed": true } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 Thursday 12 March 2026 19:27:25 -0400 (0:00:04.715) 0:07:41.103 ******** changed: [managed-node1] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=ntp" ], "delta": "0:00:00.258709", "end": "2026-03-12 19:27:25.873344", "rc": 0, "start": "2026-03-12 19:27:25.614635" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:487 Thursday 12 March 2026 19:27:25 -0400 (0:00:00.725) 0:07:41.829 ******** changed: [managed-node1] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=ntp" ], "delta": "0:00:00.233823", "end": "2026-03-12 19:27:26.571396", "rc": 0, "start": "2026-03-12 19:27:26.337573" } STDOUT: success TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:503 Thursday 12 March 2026 19:27:26 -0400 (0:00:00.699) 0:07:42.528 ******** ok: [managed-node1] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:508 Thursday 12 March 2026 19:27:27 -0400 (0:00:00.447) 0:07:42.975 ******** ok: [managed-node1] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [managed-node1] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [managed-node1] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:23 Thursday 12 March 2026 19:27:28 -0400 (0:00:01.333) 0:07:44.309 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "state|default('present') == 'absent'", "skip_reason": "Conditional result was False" } TASK [Issue IPA signed certificates] ******************************************* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:28 Thursday 12 March 2026 19:27:28 -0400 (0:00:00.031) 0:07:44.341 ******** included: fedora.linux_system_roles.certificate for managed-node1 TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Thursday 12 March 2026 19:27:28 -0400 (0:00:00.038) 0:07:44.380 ******** included: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for managed-node1 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Thursday 12 March 2026 19:27:28 -0400 (0:00:00.019) 0:07:44.400 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "__certificate_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Check if system is ostree] ******* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:10 Thursday 12 March 2026 19:27:28 -0400 (0:00:00.031) 0:07:44.431 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not __certificate_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set flag to indicate system is ostree] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:15 Thursday 12 March 2026 19:27:28 -0400 (0:00:00.016) 0:07:44.447 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "not __certificate_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Run systemctl] ******************* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:22 Thursday 12 March 2026 19:27:28 -0400 (0:00:00.014) 0:07:44.462 ******** ok: [managed-node1] => { "changed": false, "cmd": [ "systemctl", "is-system-running" ], "delta": "0:00:00.008043", "end": "2026-03-12 19:27:28.957929", "failed_when_result": false, "rc": 0, "start": "2026-03-12 19:27:28.949886" } STDOUT: running TASK [fedora.linux_system_roles.certificate : Require installed systemd] ******* task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:30 Thursday 12 March 2026 19:27:29 -0400 (0:00:00.451) 0:07:44.913 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "\"No such file or directory\" in __is_system_running.msg | d(\"\")", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Set flag to indicate that systemd runtime operations are available] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:35 Thursday 12 March 2026 19:27:29 -0400 (0:00:00.035) 0:07:44.949 ******** ok: [managed-node1] => { "ansible_facts": { "__certificate_is_booted": true }, "changed": false } TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:40 Thursday 12 March 2026 19:27:29 -0400 (0:00:00.020) 0:07:44.969 ******** skipping: [managed-node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [managed-node1] => (item=CentOS_9.yml) => { "ansible_facts": { "__certificate_certmonger_packages": [ "certmonger", "python3-packaging" ] }, "ansible_included_var_files": [ "/tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_9.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_9.yml" } ok: [managed-node1] => (item=CentOS_9.yml) => { "ansible_facts": { "__certificate_certmonger_packages": [ "certmonger", "python3-packaging" ] }, "ansible_included_var_files": [ "/tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_9.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_9.yml" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Thursday 12 March 2026 19:27:29 -0400 (0:00:00.037) 0:07:45.007 ******** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Thursday 12 March 2026 19:27:30 -0400 (0:00:01.094) 0:07:46.101 ******** changed: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: python3-pyparsing-2.4.7-9.el9.noarch", "Installed: python3-packaging-20.9-5.el9.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:25 Thursday 12 March 2026 19:27:32 -0400 (0:00:01.963) 0:07:48.065 ******** changed: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:49 Thursday 12 March 2026 19:27:32 -0400 (0:00:00.474) 0:07:48.540 ******** changed: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:76 Thursday 12 March 2026 19:27:33 -0400 (0:00:00.478) 0:07:49.019 ******** ok: [managed-node1] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:certmonger_unit_file_t:s0", "ActiveEnterTimestamp": "Thu 2026-03-12 19:25:13 EDT", "ActiveEnterTimestampMonotonic": "502715265", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus.socket systemd-journald.socket sysinit.target network.target system.slice syslog.target dbus-broker.service basic.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Thu 2026-03-12 19:25:13 EDT", "AssertTimestampMonotonic": "502698142", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "27730350000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2026-03-12 19:25:13 EDT", "ConditionTimestampMonotonic": "502698138", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlGroupId": "5014", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "23177", "ExecMainStartTimestamp": "Thu 2026-03-12 19:25:13 EDT", "ExecMainStartTimestampMonotonic": "502707135", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2026-03-12 19:25:13 EDT", "InactiveExitTimestampMonotonic": "502707481", "InvocationID": "aa266d4ce88b4b06bcf2766bfeaa9f12", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "28521", "LimitNPROCSoft": "28521", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "28521", "LimitSIGPENDINGSoft": "28521", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "23177", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "2613248", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "757252096", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Thu 2026-03-12 19:27:22 EDT", "StateChangeTimestampMonotonic": "632308623", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "2", "TasksMax": "45633", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:86 Thursday 12 March 2026 19:27:33 -0400 (0:00:00.611) 0:07:49.630 ******** changed: [managed-node1] => (item={'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [managed-node1] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. TASK [fedora.linux_system_roles.certificate : Check if test mode is supported] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:138 Thursday 12 March 2026 19:27:37 -0400 (0:00:03.337) 0:07:52.968 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Slurp the contents of the files] *** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:143 Thursday 12 March 2026 19:27:37 -0400 (0:00:00.030) 0:07:52.999 ******** skipping: [managed-node1] => (item=['cert', {'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "cert", { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['cert', {'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "cert", { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['key', {'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "key", { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['key', {'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "key", { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['ca', {'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "ca", { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=['ca', {'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}]) => { "ansible_loop_var": "item", "changed": false, "false_condition": "certificate_test_mode | d(false)", "item": [ "ca", { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } ], "skip_reason": "Conditional result was False" } skipping: [managed-node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.certificate : Reset certificate_test_certs] **** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:151 Thursday 12 March 2026 19:27:37 -0400 (0:00:00.051) 0:07:53.050 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Create return data] ************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:155 Thursday 12 March 2026 19:27:37 -0400 (0:00:00.029) 0:07:53.080 ******** skipping: [managed-node1] => (item=mycert_basic_ipa) => { "ansible_loop_var": "cert_name", "cert_name": "mycert_basic_ipa", "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=groupcert) => { "ansible_loop_var": "cert_name", "cert_name": "groupcert", "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.certificate : Stop tracking certificates] ****** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:169 Thursday 12 March 2026 19:27:37 -0400 (0:00:00.037) 0:07:53.117 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Remove files] ******************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:174 Thursday 12 March 2026 19:27:37 -0400 (0:00:00.031) 0:07:53.149 ******** skipping: [managed-node1] => { "changed": false, "false_condition": "certificate_test_mode | d(false)", "skip_reason": "Conditional result was False" } TASK [Verify certificates] ***************************************************** task path: /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:44 Thursday 12 March 2026 19:27:37 -0400 (0:00:00.035) 0:07:53.184 ******** fatal: [managed-node1]: FAILED! => {} MSG: [{'path': '{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt', 'key_path': '{{ __certificate_default_directory }}/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}, {'path': '{{ __certificate_default_directory }}/certs/groupcert.crt', 'key_path': '{{ __certificate_default_directory }}/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}]: '__certificate_default_directory' is undefined PLAY RECAP ********************************************************************* managed-node1 : ok=71 changed=31 unreachable=0 failed=1 skipped=56 rescued=0 ignored=0 SYSTEM ROLES ERRORS BEGIN v1 [ { "ansible_version": "2.17.14", "end_time": "2026-03-12T23:27:37.304597+00:00Z", "host": "managed-node1", "message": "[{'path': '{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt', 'key_path': '{{ __certificate_default_directory }}/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}, {'path': '{{ __certificate_default_directory }}/certs/groupcert.crt', 'key_path': '{{ __certificate_default_directory }}/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}]: '__certificate_default_directory' is undefined", "start_time": "2026-03-12T23:27:37.294388+00:00Z", "task_name": "Verify certificates", "task_path": "/tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:44" } ] SYSTEM ROLES ERRORS END v1 TASKS RECAP ******************************************************************** Thursday 12 March 2026 19:27:37 -0400 (0:00:00.011) 0:07:53.196 ******** =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 223.09s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:291 ----------------------- ipaserver : Install - Ensure that packages are installed --------------- 67.30s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:36 ------------------------ ipaserver : Install - Setup DS ----------------------------------------- 35.02s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:235 ----------------------- ipaclient : Install - Create IPA NSS database -------------------------- 29.56s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:364 ----------------------- ipaserver : Install - Setup HTTP --------------------------------------- 29.51s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:350 ----------------------- Ensure hostname package is installed ----------------------------------- 11.57s /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tasks/setup_ipa.yml:53 ipaserver : Install - Setup ADTRUST ------------------------------------- 9.90s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:415 ----------------------- ipaserver : Install - Setup NTP ----------------------------------------- 7.87s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:228 ----------------------- ipaserver : Install - Setup KRB ----------------------------------------- 6.81s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:264 ----------------------- ipaserver : Install - Enable IPA ---------------------------------------- 4.72s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:464 ----------------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 3.34s /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:86 ipaserver : Install - Set DS password ----------------------------------- 2.66s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:431 ----------------------- ipaserver : Install - Setup otpd ---------------------------------------- 2.59s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:344 ----------------------- ipaclient : Install - IPA API calls for remaining enrollment parts ------ 2.38s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:344 ----------------------- Gathering Facts --------------------------------------------------------- 2.22s /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/tests/certificate/tests_basic_ipa.yml:2 ipaserver : Install - Server preparation -------------------------------- 2.22s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:177 ----------------------- ipaserver : Firewalld service - Ensure that firewalld is running -------- 2.00s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 ------------------------ fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 1.96s /tmp/collections-Lij/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 ipaclient : Install - Test if IPA client has working krb5.keytab -------- 1.64s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:122 ----------------------- ipaserver : Install - Master password creation -------------------------- 1.43s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:158 ----------------------- Mar 12 19:19:44 managed-node1 sshd-session[8544]: Accepted publickey for root from 10.31.40.74 port 39340 ssh2: ECDSA SHA256:uYDyYpn2uuDi5ii3YCSq8FZfdtiHpflfqTv9qCvfqwE Mar 12 19:19:44 managed-node1 systemd-logind[646]: New session 7 of user root. ░░ Subject: A new session 7 has been created for user root ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ Documentation: sd-login(3) ░░ ░░ A new session with the ID 7 has been created for the user root. ░░ ░░ The leading process of the session is 8544. Mar 12 19:19:44 managed-node1 systemd[1]: Started Session 7 of User root. ░░ Subject: A start job for unit session-7.scope has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit session-7.scope has finished successfully. ░░ ░░ The job identifier is 1038. Mar 12 19:19:44 managed-node1 sshd-session[8544]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:19:45 managed-node1 sudo[8721]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-qknrvsmaicdryclijrlpawjerrtgxjhp ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357585.324629-8954-156576895741216/AnsiballZ_setup.py' Mar 12 19:19:45 managed-node1 sudo[8721]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:19:45 managed-node1 python3.9[8724]: ansible-ansible.legacy.setup Invoked with gather_subset=['all'] gather_timeout=10 filter=[] fact_path=/etc/ansible/facts.d Mar 12 19:19:46 managed-node1 sudo[8721]: pam_unix(sudo:session): session closed for user root Mar 12 19:19:46 managed-node1 sudo[8901]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-efqpkdpfoatjkrmfowjazcsskumlqhou ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357586.3877356-9008-223142832432366/AnsiballZ_stat.py' Mar 12 19:19:46 managed-node1 sudo[8901]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:19:46 managed-node1 python3.9[8904]: ansible-stat Invoked with path=/run/ostree-booted follow=False get_checksum=True get_mime=True get_attributes=True checksum_algorithm=sha1 Mar 12 19:19:46 managed-node1 sudo[8901]: pam_unix(sudo:session): session closed for user root Mar 12 19:19:46 managed-node1 sudo[9053]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-ncfsapshpwkhriekphelydrdskyppcru ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357586.8512232-9018-172077397312735/AnsiballZ_stat.py' Mar 12 19:19:46 managed-node1 sudo[9053]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:19:47 managed-node1 python3.9[9056]: ansible-stat Invoked with path=/run/ostree-booted follow=False get_checksum=True get_mime=True get_attributes=True checksum_algorithm=sha1 Mar 12 19:19:47 managed-node1 sudo[9053]: pam_unix(sudo:session): session closed for user root Mar 12 19:19:49 managed-node1 sudo[9205]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-mxnbivjrbqsakqhnovrmbtbhshrjdzcg ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357589.4524002-9177-99931953821015/AnsiballZ_dnf.py' Mar 12 19:19:49 managed-node1 sudo[9205]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:19:49 managed-node1 python3.9[9208]: ansible-ansible.legacy.dnf Invoked with name=['hostname'] state=present allow_downgrade=False allowerasing=False autoremove=False bugfix=False cacheonly=False disable_gpg_check=False disable_plugin=[] disablerepo=[] download_only=False enable_plugin=[] enablerepo=[] exclude=[] installroot=/ install_repoquery=True install_weak_deps=True security=False skip_broken=False update_cache=False update_only=False validate_certs=True sslverify=True lock_timeout=30 use_backend=auto best=None conf_file=None disable_excludes=None download_dir=None list=None nobest=None releasever=None Mar 12 19:20:00 managed-node1 sudo[9205]: pam_unix(sudo:session): session closed for user root Mar 12 19:20:01 managed-node1 sudo[9389]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-brqiaputuwcybqbepurrbplqgushplbh ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357600.984729-9349-90173243775107/AnsiballZ_command.py' Mar 12 19:20:01 managed-node1 sudo[9389]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:20:01 managed-node1 python3.9[9392]: ansible-ansible.legacy.command Invoked with _raw_params=hostname _uses_shell=False expand_argument_vars=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None Mar 12 19:20:01 managed-node1 sudo[9389]: pam_unix(sudo:session): session closed for user root Mar 12 19:20:01 managed-node1 sudo[9542]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-adkmwnwxunumuncsabmaqwulqowxeejq ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357601.412882-9367-18060227237643/AnsiballZ_hostname.py' Mar 12 19:20:01 managed-node1 sudo[9542]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:20:02 managed-node1 python3.9[9545]: ansible-hostname Invoked with name=ipaserver.test.local use=systemd Mar 12 19:20:02 managed-node1 systemd[1]: Starting Hostname Service... ░░ Subject: A start job for unit systemd-hostnamed.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit systemd-hostnamed.service has begun execution. ░░ ░░ The job identifier is 1107. Mar 12 19:20:02 managed-node1 systemd[1]: Started Hostname Service. ░░ Subject: A start job for unit systemd-hostnamed.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit systemd-hostnamed.service has finished successfully. ░░ ░░ The job identifier is 1107. Mar 12 19:20:02 managed-node1 systemd-hostnamed[9549]: Changed pretty hostname to 'ipaserver.test.local' Mar 12 19:20:02 ipaserver.test.local systemd-hostnamed[9549]: Hostname set to (static) Mar 12 19:20:02 ipaserver.test.local NetworkManager[680]: [1773357602.0825] hostname: static hostname changed from "managed-node1" to "ipaserver.test.local" Mar 12 19:20:02 ipaserver.test.local systemd[1]: Starting Network Manager Script Dispatcher Service... ░░ Subject: A start job for unit NetworkManager-dispatcher.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit NetworkManager-dispatcher.service has begun execution. ░░ ░░ The job identifier is 1173. Mar 12 19:20:02 ipaserver.test.local systemd[1]: Started Network Manager Script Dispatcher Service. ░░ Subject: A start job for unit NetworkManager-dispatcher.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit NetworkManager-dispatcher.service has finished successfully. ░░ ░░ The job identifier is 1173. Mar 12 19:20:02 ipaserver.test.local sudo[9542]: pam_unix(sudo:session): session closed for user root Mar 12 19:20:02 ipaserver.test.local sudo[9710]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-cpmwzeksiejvyirjdmoulyfksvaieael ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357602.2251844-9385-29110785418371/AnsiballZ_dnf.py' Mar 12 19:20:02 ipaserver.test.local sudo[9710]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:20:02 ipaserver.test.local python3.9[9713]: ansible-ansible.legacy.dnf Invoked with name=['nss'] state=latest allow_downgrade=False allowerasing=False autoremove=False bugfix=False cacheonly=False disable_gpg_check=False disable_plugin=[] disablerepo=[] download_only=False enable_plugin=[] enablerepo=[] exclude=[] installroot=/ install_repoquery=True install_weak_deps=True security=False skip_broken=False update_cache=False update_only=False validate_certs=True sslverify=True lock_timeout=30 use_backend=auto best=None conf_file=None disable_excludes=None download_dir=None list=None nobest=None releasever=None Mar 12 19:20:03 ipaserver.test.local sudo[9710]: pam_unix(sudo:session): session closed for user root Mar 12 19:20:03 ipaserver.test.local sudo[9863]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-ltsytbnvyohjioflyakfnfgxvnreeadg ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357603.1558769-9400-236952464097111/AnsiballZ_lineinfile.py' Mar 12 19:20:03 ipaserver.test.local sudo[9863]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:20:03 ipaserver.test.local python3.9[9866]: ansible-ansible.builtin.lineinfile Invoked with path=/etc/hosts regexp=10.31.40.153 state=absent owner=root group=root mode=0644 backrefs=False create=False backup=False firstmatch=False unsafe_writes=False search_string=None line=None insertafter=None insertbefore=None validate=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:20:03 ipaserver.test.local sudo[9863]: pam_unix(sudo:session): session closed for user root Mar 12 19:20:03 ipaserver.test.local sudo[10015]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-dmnwwfuuezxsnnhxrirokdbhytqwhtcg ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357603.634938-9419-249052643250988/AnsiballZ_lineinfile.py' Mar 12 19:20:03 ipaserver.test.local sudo[10015]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:20:03 ipaserver.test.local python3.9[10018]: ansible-ansible.builtin.lineinfile Invoked with path=/etc/hosts line=10.31.40.153 ipaserver.test.local state=present insertafter=EOF create=True owner=root group=root mode=0644 backrefs=False backup=False firstmatch=False unsafe_writes=False regexp=None search_string=None insertbefore=None validate=None seuser=None serole=None selevel=None setype=None attributes=None Mar 12 19:20:03 ipaserver.test.local sudo[10015]: pam_unix(sudo:session): session closed for user root Mar 12 19:20:04 ipaserver.test.local sudo[10167]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-sxkcfowoqudpbvktznwblunzawpahmbz ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357604.523888-9462-106172033306116/AnsiballZ_dnf.py' Mar 12 19:20:04 ipaserver.test.local sudo[10167]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:20:04 ipaserver.test.local python3.9[10170]: ansible-ansible.legacy.dnf Invoked with name=['ipa-server', 'python3-libselinux', 'firewalld'] state=present allow_downgrade=False allowerasing=False autoremove=False bugfix=False cacheonly=False disable_gpg_check=False disable_plugin=[] disablerepo=[] download_only=False enable_plugin=[] enablerepo=[] exclude=[] installroot=/ install_repoquery=True install_weak_deps=True security=False skip_broken=False update_cache=False update_only=False validate_certs=True sslverify=True lock_timeout=30 use_backend=auto best=None conf_file=None disable_excludes=None download_dir=None list=None nobest=None releasever=None Mar 12 19:20:12 ipaserver.test.local systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit NetworkManager-dispatcher.service has successfully entered the 'dead' state. Mar 12 19:20:26 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:26 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:27 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:27 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:27 ipaserver.test.local groupadd[10523]: group added to /etc/group: name=polkitd, GID=996 Mar 12 19:20:27 ipaserver.test.local groupadd[10523]: group added to /etc/gshadow: name=polkitd Mar 12 19:20:27 ipaserver.test.local groupadd[10523]: new group: name=polkitd, GID=996 Mar 12 19:20:27 ipaserver.test.local useradd[10530]: new user: name=polkitd, UID=996, GID=996, home=/, shell=/sbin/nologin, from=none Mar 12 19:20:27 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:27 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:27 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:28 ipaserver.test.local groupadd[10545]: group added to /etc/group: name=apache, GID=48 Mar 12 19:20:28 ipaserver.test.local groupadd[10545]: group added to /etc/gshadow: name=apache Mar 12 19:20:28 ipaserver.test.local groupadd[10545]: new group: name=apache, GID=48 Mar 12 19:20:28 ipaserver.test.local useradd[10554]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin, from=none Mar 12 19:20:28 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:28 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:28 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:28 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:20:28 ipaserver.test.local systemd-rc-local-generator[10583]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:20:28 ipaserver.test.local groupadd[10605]: group added to /etc/group: name=printadmin, GID=995 Mar 12 19:20:28 ipaserver.test.local groupadd[10605]: group added to /etc/gshadow: name=printadmin Mar 12 19:20:28 ipaserver.test.local groupadd[10605]: new group: name=printadmin, GID=995 Mar 12 19:20:29 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:29 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:29 ipaserver.test.local groupadd[10620]: group added to /etc/group: name=rtkit, GID=172 Mar 12 19:20:29 ipaserver.test.local groupadd[10620]: group added to /etc/gshadow: name=rtkit Mar 12 19:20:29 ipaserver.test.local groupadd[10620]: new group: name=rtkit, GID=172 Mar 12 19:20:29 ipaserver.test.local useradd[10628]: new user: name=rtkit, UID=172, GID=172, home=/, shell=/sbin/nologin, from=none Mar 12 19:20:29 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:29 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:32 ipaserver.test.local systemd[1]: systemd-hostnamed.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit systemd-hostnamed.service has successfully entered the 'dead' state. Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: Converting 419 SID table entries... Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:20:39 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: Converting 419 SID table entries... Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:20:47 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:20:49 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:49 ipaserver.test.local dbus-broker-launch[640]: avc: op=load_policy lsm=selinux seqno=3 res=1 Mar 12 19:20:49 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:20:54 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:20:54 ipaserver.test.local systemd-rc-local-generator[10691]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:00 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:01 ipaserver.test.local systemd-rc-local-generator[10762]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:01 ipaserver.test.local groupadd[10782]: group added to /etc/group: name=dirsrv, GID=389 Mar 12 19:21:01 ipaserver.test.local groupadd[10782]: group added to /etc/gshadow: name=dirsrv Mar 12 19:21:01 ipaserver.test.local groupadd[10782]: new group: name=dirsrv, GID=389 Mar 12 19:21:01 ipaserver.test.local useradd[10790]: new user: name=dirsrv, UID=389, GID=389, home=/usr/share/dirsrv/, shell=/sbin/nologin, from=none Mar 12 19:21:02 ipaserver.test.local groupadd[10813]: group added to /etc/group: name=geoclue, GID=388 Mar 12 19:21:02 ipaserver.test.local groupadd[10813]: group added to /etc/gshadow: name=geoclue Mar 12 19:21:02 ipaserver.test.local groupadd[10813]: new group: name=geoclue, GID=388 Mar 12 19:21:02 ipaserver.test.local useradd[10820]: new user: name=geoclue, UID=388, GID=388, home=/var/lib/geoclue, shell=/sbin/nologin, from=none Mar 12 19:21:02 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:02 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:02 ipaserver.test.local groupadd[10832]: group added to /etc/group: name=flatpak, GID=387 Mar 12 19:21:02 ipaserver.test.local groupadd[10832]: group added to /etc/gshadow: name=flatpak Mar 12 19:21:02 ipaserver.test.local groupadd[10832]: new group: name=flatpak, GID=387 Mar 12 19:21:02 ipaserver.test.local useradd[10839]: new user: name=flatpak, UID=387, GID=387, home=/, shell=/usr/sbin/nologin, from=none Mar 12 19:21:02 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:02 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:02 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:03 ipaserver.test.local groupadd[10865]: group added to /etc/group: name=tomcat, GID=53 Mar 12 19:21:03 ipaserver.test.local groupadd[10865]: group added to /etc/gshadow: name=tomcat Mar 12 19:21:03 ipaserver.test.local groupadd[10865]: new group: name=tomcat, GID=53 Mar 12 19:21:03 ipaserver.test.local useradd[10873]: new user: name=tomcat, UID=53, GID=53, home=/usr/share/tomcat, shell=/sbin/nologin, from=none Mar 12 19:21:03 ipaserver.test.local groupadd[10885]: group added to /etc/group: name=pkiuser, GID=17 Mar 12 19:21:03 ipaserver.test.local groupadd[10885]: group added to /etc/gshadow: name=pkiuser Mar 12 19:21:03 ipaserver.test.local groupadd[10885]: new group: name=pkiuser, GID=17 Mar 12 19:21:03 ipaserver.test.local useradd[10892]: new user: name=pkiuser, UID=17, GID=17, home=/home/pkiuser, shell=/sbin/nologin, from=none Mar 12 19:21:05 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:05 ipaserver.test.local dbus-broker-launch[639]: Noticed file-system modification, trigger reload. ░░ Subject: A configuration directory was written to ░░ Defined-By: dbus-broker ░░ Support: https://groups.google.com/forum/#!forum/bus1-devel ░░ ░░ A write was detected to one of the directories containing D-Bus configuration ░░ files, triggering a configuration reload. ░░ ░░ This functionality exists for backwards compatibility to pick up changes to ░░ D-Bus configuration without an explicit reolad request. Typically when ░░ installing or removing third-party software causes D-Bus configuration files ░░ to be added or removed. ░░ ░░ It is worth noting that this may cause partial configuration to be loaded in ░░ case dispatching this notification races with the writing of the configuration ░░ files. However, a future notification will then cause the configuration to be ░░ reladed again. Mar 12 19:21:05 ipaserver.test.local dbus-broker-launch[639]: Looking up NSS user entry for 'ipaapi'... Mar 12 19:21:05 ipaserver.test.local dbus-broker-launch[639]: NSS returned no entry for 'ipaapi' Mar 12 19:21:05 ipaserver.test.local dbus-broker-launch[639]: Invalid user-name in /etc/dbus-1/system.d/org.freeipa.server.conf +13: user="ipaapi" Mar 12 19:21:05 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:05 ipaserver.test.local systemd-rc-local-generator[10929]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:05 ipaserver.test.local systemd[1]: Reloading D-Bus System Message Bus... ░░ Subject: A reload job for unit dbus-broker.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A reload job for unit dbus-broker.service has begun execution. ░░ ░░ The job identifier is 1264. Mar 12 19:21:05 ipaserver.test.local systemd[1]: Reloaded D-Bus System Message Bus. ░░ Subject: A reload job for unit dbus-broker.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A reload job for unit dbus-broker.service has finished. ░░ ░░ The job identifier is 1264 and the job result is done. Mar 12 19:21:08 ipaserver.test.local systemd[1]: Started /usr/bin/systemctl start man-db-cache-update. ░░ Subject: A start job for unit run-r0ff6af5043bd4fff9d2450aa0ddbf6c4.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit run-r0ff6af5043bd4fff9d2450aa0ddbf6c4.service has finished successfully. ░░ ░░ The job identifier is 1269. Mar 12 19:21:08 ipaserver.test.local systemd[1]: Starting man-db-cache-update.service... ░░ Subject: A start job for unit man-db-cache-update.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit man-db-cache-update.service has begun execution. ░░ ░░ The job identifier is 1334. Mar 12 19:21:08 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:08 ipaserver.test.local systemd-rc-local-generator[11514]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:08 ipaserver.test.local systemd[1]: Queuing reload/restart jobs for marked units… Mar 12 19:21:11 ipaserver.test.local sudo[10167]: pam_unix(sudo:session): session closed for user root Mar 12 19:21:12 ipaserver.test.local systemd[1]: man-db-cache-update.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit man-db-cache-update.service has successfully entered the 'dead' state. Mar 12 19:21:12 ipaserver.test.local systemd[1]: Finished man-db-cache-update.service. ░░ Subject: A start job for unit man-db-cache-update.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit man-db-cache-update.service has finished successfully. ░░ ░░ The job identifier is 1334. Mar 12 19:21:12 ipaserver.test.local systemd[1]: man-db-cache-update.service: Consumed 3.763s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit man-db-cache-update.service completed and consumed the indicated resources. Mar 12 19:21:12 ipaserver.test.local systemd[1]: run-r0ff6af5043bd4fff9d2450aa0ddbf6c4.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit run-r0ff6af5043bd4fff9d2450aa0ddbf6c4.service has successfully entered the 'dead' state. Mar 12 19:21:12 ipaserver.test.local sudo[17787]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-qjbryenqgnfsynqwjpkvarvizsgkeild ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357671.8652093-13352-47868563260716/AnsiballZ_systemd.py' Mar 12 19:21:12 ipaserver.test.local sudo[17787]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:21:12 ipaserver.test.local python3.9[17790]: ansible-ansible.builtin.systemd Invoked with name=firewalld enabled=True state=started daemon_reload=False daemon_reexec=False scope=system no_block=False force=None masked=None Mar 12 19:21:12 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:12 ipaserver.test.local systemd-rc-local-generator[17812]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:12 ipaserver.test.local systemd[1]: Starting firewalld - dynamic firewall daemon... ░░ Subject: A start job for unit firewalld.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit firewalld.service has begun execution. ░░ ░░ The job identifier is 1399. Mar 12 19:21:13 ipaserver.test.local systemd[1]: Started firewalld - dynamic firewall daemon. ░░ Subject: A start job for unit firewalld.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit firewalld.service has finished successfully. ░░ ░░ The job identifier is 1399. Mar 12 19:21:13 ipaserver.test.local sudo[17787]: pam_unix(sudo:session): session closed for user root Mar 12 19:21:13 ipaserver.test.local systemd[1]: Starting Authorization Manager... ░░ Subject: A start job for unit polkit.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit polkit.service has begun execution. ░░ ░░ The job identifier is 1471. Mar 12 19:21:13 ipaserver.test.local polkitd[17876]: Started polkitd version 0.117 Mar 12 19:21:13 ipaserver.test.local polkitd[17876]: Loading rules from directory /etc/polkit-1/rules.d Mar 12 19:21:13 ipaserver.test.local polkitd[17876]: Loading rules from directory /usr/share/polkit-1/rules.d Mar 12 19:21:13 ipaserver.test.local polkitd[17876]: Finished loading, compiling and executing 4 rules Mar 12 19:21:13 ipaserver.test.local systemd[1]: Started Authorization Manager. ░░ Subject: A start job for unit polkit.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit polkit.service has finished successfully. ░░ ░░ The job identifier is 1471. Mar 12 19:21:13 ipaserver.test.local polkitd[17876]: Acquired the name org.freedesktop.PolicyKit1 on the system bus Mar 12 19:21:14 ipaserver.test.local sudo[18059]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-hexrdtjzlywsmecusrxgajjvfwzyvypz ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357674.0218258-13441-108641631577263/AnsiballZ_ipaserver_test.py' Mar 12 19:21:14 ipaserver.test.local sudo[18059]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:21:15 ipaserver.test.local python3.9[18062]: ansible-ipaserver_test Invoked with dm_password=NOT_LOGGING_PARAMETER password=NOT_LOGGING_PARAMETER domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local no_host_dns=True skip_mem_check=False setup_adtrust=False setup_kra=False setup_dns=False no_pkinit=False no_ntp=False external_ca=False random_serial_numbers=False allow_zone_overlap=False reverse_zones=[] no_reverse=False auto_reverse=False forwarders=[] no_forwarders=False auto_forwarders=False no_dnssec_validation=False dot_forwarders=[] dns_over_tls=False enable_compat=False force=False ca_cert_files=[] dns_policy=relaxed rid_base=1000 secondary_rid_base=100000000 master_password=NOT_LOGGING_PARAMETER pki_config_override=None idstart=None idmax=None dirsrv_config_file=None dirsrv_cert_files=None http_cert_files=None pkinit_cert_files=None dirsrv_pin=None http_pin=None pkinit_pin=None dirsrv_cert_name=None http_cert_name=None pkinit_cert_name=None ntp_servers=None ntp_pool=None external_ca_type=None external_ca_profile=None external_cert_files=None subject_base=None ca_subject=None zonemgr=None forward_policy=None dns_over_tls_cert=None dns_over_tls_key=None netbios_name=None Mar 12 19:21:15 ipaserver.test.local sudo[18059]: pam_unix(sudo:session): session closed for user root Mar 12 19:21:15 ipaserver.test.local sudo[18242]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-xwzcumnlziiinvyxedqlmcgurgpyepkw ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357675.4292438-13508-69279129524795/AnsiballZ_ipaserver_master_password.py' Mar 12 19:21:15 ipaserver.test.local sudo[18242]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:21:16 ipaserver.test.local sudo[18242]: pam_unix(sudo:session): session closed for user root Mar 12 19:21:17 ipaserver.test.local sudo[18420]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-nauvjyilyueqrxunvywmdwpclcrhraxg ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357676.8582428-13577-133365290173556/AnsiballZ_ipaserver_prepare.py' Mar 12 19:21:17 ipaserver.test.local sudo[18420]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:21:17 ipaserver.test.local python3.9[18423]: ansible-ipaserver_prepare Invoked with dm_password=NOT_LOGGING_PARAMETER password=NOT_LOGGING_PARAMETER ip_addresses=[] domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local no_host_dns=True setup_adtrust=False setup_kra=False setup_dns=False external_ca=False allow_zone_overlap=False reverse_zones=[] no_reverse=False auto_reverse=False forwarders=[] no_forwarders=False auto_forwarders=False no_dnssec_validation=False dot_forwarders=[] dns_over_tls=False enable_compat=False setup_ca=True sid_generation_always=True random_serial_numbers=False _hostname_overridden=True force=False ca_cert_files=[] external_cert_files=[] dns_policy=relaxed external_ca_type=None external_ca_profile=None subject_base=None ca_subject=None forward_policy=None dns_over_tls_cert=None dns_over_tls_key=None netbios_name=None rid_base=None secondary_rid_base=None Mar 12 19:21:18 ipaserver.test.local systemd[1]: Starting Hostname Service... ░░ Subject: A start job for unit systemd-hostnamed.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit systemd-hostnamed.service has begun execution. ░░ ░░ The job identifier is 1537. Mar 12 19:21:18 ipaserver.test.local systemd[1]: Started Hostname Service. ░░ Subject: A start job for unit systemd-hostnamed.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit systemd-hostnamed.service has finished successfully. ░░ ░░ The job identifier is 1537. Mar 12 19:21:18 ipaserver.test.local systemd-hostnamed[18427]: Changed pretty hostname to 'n/a' Mar 12 19:21:18 ipaserver.test.local sudo[18420]: pam_unix(sudo:session): session closed for user root Mar 12 19:21:19 ipaserver.test.local sudo[18602]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-zabfzjpmkpflydswkizehbbemvvfaoln ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357679.1693578-13676-186302111140329/AnsiballZ_ipaserver_setup_ntp.py' Mar 12 19:21:19 ipaserver.test.local sudo[18602]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:21:20 ipaserver.test.local python3.9[18605]: ansible-ipaserver_setup_ntp Invoked with ntp_servers=[''] ntp_pool= Mar 12 19:21:20 ipaserver.test.local python3.9[18605]: ansible-ipaserver_setup_ntp Synchronizing time Mar 12 19:21:20 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:20 ipaserver.test.local systemd-rc-local-generator[18634]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:20 ipaserver.test.local chronyd[653]: chronyd exiting Mar 12 19:21:20 ipaserver.test.local systemd[1]: Stopping NTP client/server... ░░ Subject: A stop job for unit chronyd.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit chronyd.service has begun execution. ░░ ░░ The job identifier is 1603. Mar 12 19:21:20 ipaserver.test.local systemd[1]: chronyd.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit chronyd.service has successfully entered the 'dead' state. Mar 12 19:21:20 ipaserver.test.local systemd[1]: Stopped NTP client/server. ░░ Subject: A stop job for unit chronyd.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit chronyd.service has finished. ░░ ░░ The job identifier is 1603 and the job result is done. Mar 12 19:21:20 ipaserver.test.local systemd[1]: Starting NTP client/server... ░░ Subject: A start job for unit chronyd.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit chronyd.service has begun execution. ░░ ░░ The job identifier is 1603. Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: chronyd version 4.8 starting (+CMDMON +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +NTS +SECHASH +IPV6 +DEBUG) Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Loaded 0 symmetric keys Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Using right/UTC timezone to obtain leap second data Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Frequency 2.222 +/- 1.520 ppm read from /var/lib/chrony/drift Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Loaded seccomp filter (level 2) Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Added source 10.11.160.238 Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Added source 10.18.100.10 Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Added source 10.2.32.37 Mar 12 19:21:20 ipaserver.test.local chronyd[18660]: Added source 10.2.32.38 Mar 12 19:21:20 ipaserver.test.local systemd[1]: Started NTP client/server. ░░ Subject: A start job for unit chronyd.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit chronyd.service has finished successfully. ░░ ░░ The job identifier is 1603. Mar 12 19:21:26 ipaserver.test.local chronyd[18660]: Selected source 10.2.32.37 Mar 12 19:21:26 ipaserver.test.local chronyd[18660]: System clock TAI offset set to 37 seconds Mar 12 19:21:26 ipaserver.test.local sudo[18602]: pam_unix(sudo:session): session closed for user root Mar 12 19:21:27 ipaserver.test.local sudo[18836]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-gsiihqkocofidruuuzpklcubexstfvcp ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357686.9909196-14258-252209858623125/AnsiballZ_ipaserver_setup_ds.py' Mar 12 19:21:27 ipaserver.test.local sudo[18836]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:21:28 ipaserver.test.local python3.9[18839]: ansible-ipaserver_setup_ds Invoked with dm_password=NOT_LOGGING_PARAMETER password=NOT_LOGGING_PARAMETER domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local setup_ca=True subject_base=O=TEST.LOCAL ca_subject=CN=Certificate Authority,O=TEST.LOCAL no_pkinit=False no_hbac_allow=False idstart=741400000 idmax=741599999 dirsrv_cert_files=[] external_cert_files=[] dirsrv_config_file=None _dirsrv_pkcs12_info=None Mar 12 19:21:28 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:29 ipaserver.test.local systemd-rc-local-generator[18863]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: Converting 512 SID table entries... Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:31 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: Converting 512 SID table entries... Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:32 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: Converting 512 SID table entries... Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:33 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: Converting 512 SID table entries... Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:34 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: Converting 512 SID table entries... Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:35 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: Converting 513 SID table entries... Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:36 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: Converting 513 SID table entries... Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:37 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: Converting 514 SID table entries... Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:38 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: Converting 515 SID table entries... Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability network_peer_controls=1 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability open_perms=1 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability extended_socket_class=1 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability always_check_network=0 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability cgroup_seclabel=1 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability nnp_nosuid_transition=1 Mar 12 19:21:39 ipaserver.test.local kernel: SELinux: policy capability genfs_seclabel_symlinks=1 Mar 12 19:21:39 ipaserver.test.local dbus-broker-launch[640]: avc: op=load_policy lsm=selinux seqno=12 res=1 Mar 12 19:21:39 ipaserver.test.local systemd[1]: Created slice Slice /system/dirsrv. ░░ Subject: A start job for unit system-dirsrv.slice has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit system-dirsrv.slice has finished successfully. ░░ ░░ The job identifier is 1671. Mar 12 19:21:39 ipaserver.test.local systemd[1]: Starting 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1670. Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.213096049 -0400] - INFO - main - 389-Directory/2.8.0 B2026.064.0000 starting up Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.225863082 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.957553247 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.959778766 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.961847401 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.963933901 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.965976879 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.971377784 -0400] - INFO - bdb_config_upgrade_dse_info - create config entry from old config Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.976285139 -0400] - NOTICE - bdb_start_autotune - found 7346476k physical memory Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.978225550 -0400] - NOTICE - bdb_start_autotune - found 6464172k available Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.980131451 -0400] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 459154k Mar 12 19:21:40 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:40.982164572 -0400] - NOTICE - bdb_start_autotune - total cache size: 376139571 B; Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.395239987 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63937 slots. Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.427202845 -0400] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.429287408 -0400] - INFO - slapd_daemon - Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:21:41 ipaserver.test.local systemd[1]: Started 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 1670. Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.700318991 -0400] - INFO - postop_modify_config_dse - The change of nsslapd-securePort will not take effect until the server is restarted Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.958448122 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.971684950 -0400] - NOTICE - bdb_start_autotune - found 7346476k physical memory Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.973707674 -0400] - NOTICE - bdb_start_autotune - found 5939080k available Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.975569594 -0400] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 459154k Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.977462770 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot entry cache (1 total): 1245184k Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.979583576 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot dn cache (1 total): 196608k Mar 12 19:21:41 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:41.981500392 -0400] - NOTICE - bdb_start_autotune - total cache size: 1667985203 B; Mar 12 19:21:42 ipaserver.test.local systemd[1]: Stopping 389 Directory Server TEST-LOCAL.... ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1736. Mar 12 19:21:42 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:42.105103045 -0400] - INFO - ct_thread_cleanup - slapd shutting down - signaling connection table threads Mar 12 19:21:42 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:42.107185850 -0400] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 1 max work q size 1 max work q stack size 1 Mar 12 19:21:42 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:42.112957422 -0400] - INFO - slapd_daemon - slapd shutting down - waiting for 2 threads to terminate Mar 12 19:21:42 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:42.195040580 -0400] - INFO - slapd_daemon - slapd shutting down - accept_thread Mar 12 19:21:42 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:42.258982014 -0400] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Mar 12 19:21:42 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:42.263805120 -0400] - INFO - bdb_pre_close - Waiting for 5 database threads to stop Mar 12 19:21:43 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:43.830050223 -0400] - INFO - bdb_pre_close - All database threads now stopped Mar 12 19:21:43 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:43.866582219 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Mar 12 19:21:43 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:43.868723218 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 1 work q stack objects - freed 1 op stack objects Mar 12 19:21:43 ipaserver.test.local ns-slapd[18964]: [12/Mar/2026:19:21:43.870607924 -0400] - INFO - main - slapd stopped. Mar 12 19:21:43 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service has successfully entered the 'dead' state. Mar 12 19:21:43 ipaserver.test.local systemd[1]: Stopped 389 Directory Server TEST-LOCAL.. ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has finished. ░░ ░░ The job identifier is 1736 and the job result is done. Mar 12 19:21:43 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Consumed 1.698s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service completed and consumed the indicated resources. Mar 12 19:21:44 ipaserver.test.local systemd[1]: Starting 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1737. Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.141166919 -0400] - INFO - main - 389-Directory/2.8.0 B2026.064.0000 starting up Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.143513459 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.151976759 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.154042019 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.156009487 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.157973078 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.885128070 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.888874607 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.894544375 -0400] - NOTICE - bdb_start_autotune - found 7346476k physical memory Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.896470843 -0400] - NOTICE - bdb_start_autotune - found 5957596k available Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.898297407 -0400] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 459154k Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.900177218 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot entry cache (1 total): 1245184k Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.902115478 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot dn cache (1 total): 196608k Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.904154622 -0400] - NOTICE - bdb_start_autotune - total cache size: 1852534579 B; Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.907097374 -0400] - INFO - slapd_daemon - New referral entries are detected under dc=test,dc=local (returned to SRCH req) Mar 12 19:21:45 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:45.975252159 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63937 slots. Mar 12 19:21:46 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:46.007367346 -0400] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests Mar 12 19:21:46 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:46.009364348 -0400] - INFO - slapd_daemon - Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:21:46 ipaserver.test.local systemd[1]: Started 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 1737. Mar 12 19:21:46 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:46.546734599 -0400] - NOTICE - bdb_config_db_lock_set - New db max lock count will not take affect until the server is restarted Mar 12 19:21:46 ipaserver.test.local ldapmodify[19041]: DIGEST-MD5 common mech free Mar 12 19:21:46 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:46.563684499 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:21:46 ipaserver.test.local ldapmodify[19042]: DIGEST-MD5 common mech free Mar 12 19:21:46 ipaserver.test.local ldapmodify[19043]: DIGEST-MD5 common mech free Mar 12 19:21:46 ipaserver.test.local ldapmodify[19044]: DIGEST-MD5 common mech free Mar 12 19:21:46 ipaserver.test.local ldapmodify[19045]: DIGEST-MD5 common mech free Mar 12 19:21:47 ipaserver.test.local ldapmodify[19046]: DIGEST-MD5 common mech free Mar 12 19:21:47 ipaserver.test.local ldapmodify[19047]: DIGEST-MD5 common mech free Mar 12 19:21:47 ipaserver.test.local ldapmodify[19048]: DIGEST-MD5 common mech free Mar 12 19:21:47 ipaserver.test.local ldapmodify[19049]: DIGEST-MD5 common mech free Mar 12 19:21:48 ipaserver.test.local ldapmodify[19050]: DIGEST-MD5 common mech free Mar 12 19:21:48 ipaserver.test.local ldapmodify[19051]: DIGEST-MD5 common mech free Mar 12 19:21:48 ipaserver.test.local ldapmodify[19052]: DIGEST-MD5 common mech free Mar 12 19:21:48 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:48.473780384 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:21:48 ipaserver.test.local ldapmodify[19053]: DIGEST-MD5 common mech free Mar 12 19:21:48 ipaserver.test.local systemd[1]: systemd-hostnamed.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit systemd-hostnamed.service has successfully entered the 'dead' state. Mar 12 19:21:48 ipaserver.test.local ldapmodify[19054]: DIGEST-MD5 common mech free Mar 12 19:21:49 ipaserver.test.local ldapmodify[19057]: DIGEST-MD5 common mech free Mar 12 19:21:49 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:49.014971705 -0400] - INFO - vattr_check_thread - No role/cos definition in dc=test,dc=local Mar 12 19:21:49 ipaserver.test.local ldapmodify[19058]: DIGEST-MD5 common mech free Mar 12 19:21:49 ipaserver.test.local /tmp/ansible_ipaserver_setup_ds_payload_67_jlldb/ansible_ipaserver_setup_ds_payload.zip/ansible/modules/ipaserver_setup_ds.py[18839]: [IPA.API] [autobind]: idrange_show: NotFound [ldap2_140623297005120] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: NotFound [ldap2_140623297005120] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_ds_payload_67_jlldb/ansible_ipaserver_setup_ds_payload.zip/ansible/modules/ipaserver_setup_ds.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_ds_payload_67_jlldb/ansible_ipaserver_setup_ds_payload.zip/ansible/modules/ipaserver_setup_ds.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'NotFound' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.320076132 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: accessRuleType Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.328359222 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: altSecurityIdentities Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.330465468 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: automountMapName Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.332462950 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: automountkey Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.334464121 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: carLicense Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.336528141 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: description Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.338554865 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: displayname Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.340640204 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: fqdn Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.342900102 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: gidnumber Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.344926204 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: hostCategory Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.346910106 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: idnsName Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.348891185 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipServicePort Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.350922680 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaAnchorUUID Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.352910518 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaCASubjectDN Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.354942134 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaCertmapData Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.357044702 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaConfigString Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.359028546 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaEnabledFlag Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.361137324 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaExternalMember Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.363569118 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaIdpAuthEndpoint Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.365640168 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaIdpDevAuthEndpoint Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.367751724 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaIdpScope Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.369785399 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaIdpTokenEndpoint Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.371824834 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaKrbAuthzData Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.373820290 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaMemberCa Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.375837029 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaMemberCertProfile Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.377811710 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaNTSecurityIdentifier Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.379830930 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaNTTrustPartner Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.381923889 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaOriginalUid Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.383984160 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaOwner Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.386011639 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaSubGidNumber Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.387995249 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaSubUidNumber Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.390052521 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaallowedtarget Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.392104153 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipaassignedidview Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.394645273 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipakrbprincipalalias Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.396713597 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipalocation Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.398889487 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipasudorunas Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.401276286 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipasudorunasgroup Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.403296352 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipatokenradiusconfiglink Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.405299343 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ipauniqueid Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.407406164 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: krbCanonicalName Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.409470010 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: krbPasswordExpiration Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.411547235 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: krbPrincipalName Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.413537343 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: l Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.415624061 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: macAddress Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.417825291 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: managedby Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.419884215 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: manager Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.421892319 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: member Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.424019609 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberHost Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.426046250 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberManager Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.428030046 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberOf Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.430090492 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberPrincipal Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.432089503 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberUser Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.434055585 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberallowcmd Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.436198111 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberdenycmd Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.438574759 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: memberservice Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.440634435 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: nsHardwarePlatform Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.442699361 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: nsHostLocation Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.444743645 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: nsOsVersion Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.446734186 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ntUniqueId Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.448828212 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ntUserDomainId Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.450879637 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: ou Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.452900374 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: owner Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.454932483 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: secretary Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.456999240 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: seealso Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.458970345 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: serverhostname Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.460989609 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: sourcehost Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.463014862 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: sudoorder Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.464960909 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: title Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.466904122 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: uid Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.468862786 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: uidnumber Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.470893273 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: uniquemember Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.472989429 -0400] - INFO - bdb_db2index - userRoot: Indexing attribute: userCertificate Mar 12 19:21:50 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:50.474950111 -0400] - INFO - bdb_db2index - userRoot: Finished indexing. Mar 12 19:21:51 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:51.477486461 -0400] - INFO - slapd_daemon - No more referral entry under dc=test,dc=local Mar 12 19:21:51 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:51.581598146 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:21:51 ipaserver.test.local ldapmodify[19061]: DIGEST-MD5 common mech free Mar 12 19:21:51 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:51.849819695 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:21:51 ipaserver.test.local ldapmodify[19062]: DIGEST-MD5 common mech free Mar 12 19:21:51 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:51 ipaserver.test.local systemd-rc-local-generator[19084]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:52 ipaserver.test.local ldapmodify[19104]: DIGEST-MD5 common mech free Mar 12 19:21:52 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:52 ipaserver.test.local systemd-rc-local-generator[19124]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:52 ipaserver.test.local systemd[1]: Stopping 389 Directory Server TEST-LOCAL.... ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1803. Mar 12 19:21:52 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:52.256047135 -0400] - INFO - ct_thread_cleanup - slapd shutting down - signaling connection table threads Mar 12 19:21:52 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:52.258294099 -0400] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 2 max work q size 1 max work q stack size 1 Mar 12 19:21:52 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:52.264076930 -0400] - INFO - slapd_daemon - slapd shutting down - waiting for 2 threads to terminate Mar 12 19:21:52 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:52.307735971 -0400] - INFO - slapd_daemon - slapd shutting down - accept_thread Mar 12 19:21:52 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:52.314934145 -0400] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Mar 12 19:21:52 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:52.323536024 -0400] - INFO - bdb_pre_close - Waiting for 5 database threads to stop Mar 12 19:21:53 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:53.413907434 -0400] - INFO - bdb_pre_close - All database threads now stopped Mar 12 19:21:53 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:53.442147415 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Mar 12 19:21:53 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:53.444385591 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 1 work q stack objects - freed 2 op stack objects Mar 12 19:21:53 ipaserver.test.local ns-slapd[19012]: [12/Mar/2026:19:21:53.446261027 -0400] - INFO - main - slapd stopped. Mar 12 19:21:53 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service has successfully entered the 'dead' state. Mar 12 19:21:53 ipaserver.test.local systemd[1]: Stopped 389 Directory Server TEST-LOCAL.. ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has finished. ░░ ░░ The job identifier is 1803 and the job result is done. Mar 12 19:21:53 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Consumed 1.537s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service completed and consumed the indicated resources. Mar 12 19:21:53 ipaserver.test.local systemd[1]: Starting 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1803. Mar 12 19:21:53 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:53.733748772 -0400] - INFO - main - 389-Directory/2.8.0 B2026.064.0000 starting up Mar 12 19:21:53 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:53.737035133 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:21:53 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:53.747161647 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:21:53 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:53.749263232 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:21:53 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:53.751185894 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:21:53 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:53.753556924 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.483733697 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.487776665 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.494024812 -0400] - NOTICE - bdb_start_autotune - found 7346476k physical memory Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.495969218 -0400] - NOTICE - bdb_start_autotune - found 5963176k available Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.497859809 -0400] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 459154k Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.499868932 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot entry cache (1 total): 1245184k Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.501811624 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot dn cache (1 total): 196608k Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.503791991 -0400] - NOTICE - bdb_start_autotune - total cache size: 1852534579 B; Mar 12 19:21:54 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:54.505933282 -0400] - NOTICE - bdb_start - Resizing max db lock count: 10000 -> 50000 Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.004408476 -0400] - ERR - ipagraceperiod_get_global_config - [file ipa_graceperiod.c, line 185]: Failed to get default realm (-1765328160) Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.008339830 -0400] - ERR - ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160) Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.010838250 -0400] - ERR - ipaenrollment_start - [file ipa_enrollment.c, line 414]: Failed to get default realm?! Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.021012954 -0400] - INFO - validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 118 Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.022987103 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63883 slots. Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.054411208 -0400] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests Mar 12 19:21:55 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:55.056493041 -0400] - INFO - slapd_daemon - Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:21:55 ipaserver.test.local systemd[1]: Started 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 1803. Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.140566535 -0400] - INFO - slapi_vattrspi_regattr - Because krbPwdPolicyReference is a new registered virtual attribute , nsslapd-ignore-virtual-attrs was set to 'off' Mar 12 19:21:56 ipaserver.test.local ldapmodify[19189]: DIGEST-MD5 common mech free Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.204950374 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.550942245 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.559910141 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.569974175 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.580097974 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.590029997 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.600152462 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:56.609248887 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=list all profiles,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:21:56 ipaserver.test.local ldapmodify[19190]: DIGEST-MD5 common mech free Mar 12 19:21:56 ipaserver.test.local ldapmodify[19191]: DIGEST-MD5 common mech free Mar 12 19:21:56 ipaserver.test.local ldapmodify[19192]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ldapmodify[19193]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ldapmodify[19194]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:57.260590412 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:21:57 ipaserver.test.local ldapmodify[19195]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ldapmodify[19196]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ldapmodify[19197]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ldapmodify[19198]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ldapmodify[19199]: DIGEST-MD5 common mech free Mar 12 19:21:57 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:57.612009929 -0400] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task starts (filter: "(objectclass=*)") ... Mar 12 19:21:57 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:57.666568796 -0400] - INFO - memberof-plugin - memberof_fixup_task_thread - Memberof task finished (processed 116 entries in 0 seconds) Mar 12 19:21:58 ipaserver.test.local ldapmodify[19202]: DIGEST-MD5 common mech free Mar 12 19:21:58 ipaserver.test.local ldapmodify[19203]: DIGEST-MD5 common mech free Mar 12 19:21:58 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:58.142441298 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: server configuration missing Mar 12 19:21:58 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:58.144534746 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: cannot create replica Mar 12 19:21:58 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:58.157935135 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:21:58 ipaserver.test.local ldapmodify[19204]: DIGEST-MD5 common mech free Mar 12 19:21:58 ipaserver.test.local ldapmodify[19205]: DIGEST-MD5 common mech free Mar 12 19:21:58 ipaserver.test.local ldapmodify[19206]: DIGEST-MD5 common mech free Mar 12 19:21:58 ipaserver.test.local ldapmodify[19207]: DIGEST-MD5 common mech free Mar 12 19:21:58 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:58 ipaserver.test.local systemd-rc-local-generator[19228]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:58 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:21:58 ipaserver.test.local systemd-rc-local-generator[19267]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:21:58 ipaserver.test.local systemd[1]: Stopping 389 Directory Server TEST-LOCAL.... ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1869. Mar 12 19:21:58 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:58.947549252 -0400] - INFO - ct_thread_cleanup - slapd shutting down - signaling connection table threads Mar 12 19:21:58 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:58.949604897 -0400] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 3 max work q size 3 max work q stack size 3 Mar 12 19:21:58 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:58.955761559 -0400] - INFO - slapd_daemon - slapd shutting down - waiting for 2 threads to terminate Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.072512192 -0400] - INFO - slapd_daemon - slapd shutting down - accept_thread Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.074474367 -0400] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.083937386 -0400] - INFO - bdb_pre_close - Waiting for 5 database threads to stop Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.948881516 -0400] - INFO - bdb_pre_close - All database threads now stopped Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.991396277 -0400] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.993833926 -0400] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 3 work q stack objects - freed 3 op stack objects Mar 12 19:21:59 ipaserver.test.local ns-slapd[19158]: [12/Mar/2026:19:21:59.995697771 -0400] - INFO - main - slapd stopped. Mar 12 19:22:00 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service has successfully entered the 'dead' state. Mar 12 19:22:00 ipaserver.test.local systemd[1]: Stopped 389 Directory Server TEST-LOCAL.. ░░ Subject: A stop job for unit dirsrv@TEST-LOCAL.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit dirsrv@TEST-LOCAL.service has finished. ░░ ░░ The job identifier is 1869 and the job result is done. Mar 12 19:22:00 ipaserver.test.local systemd[1]: dirsrv@TEST-LOCAL.service: Consumed 2.120s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit dirsrv@TEST-LOCAL.service completed and consumed the indicated resources. Mar 12 19:22:00 ipaserver.test.local systemd[1]: Starting 389 Directory Server TEST-LOCAL.... ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has begun execution. ░░ ░░ The job identifier is 1869. Mar 12 19:22:00 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:00.287544936 -0400] - INFO - main - 389-Directory/2.8.0 B2026.064.0000 starting up Mar 12 19:22:00 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:00.290073623 -0400] - INFO - main - Setting the maximum file descriptor limit to: 524288 Mar 12 19:22:00 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:00.300213691 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:22:00 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:00.302329234 -0400] - INFO - PBKDF2-SHA1 - Number of iterations set to 100000 from default Mar 12 19:22:00 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:00.304312377 -0400] - INFO - PBKDF2-SHA256 - Number of iterations set to 100000 from default Mar 12 19:22:00 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:00.306311467 -0400] - INFO - PBKDF2-SHA512 - Number of iterations set to 100000 from default Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.033614586 -0400] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.037550753 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.044271722 -0400] - NOTICE - bdb_start_autotune - found 7346476k physical memory Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.046162169 -0400] - NOTICE - bdb_start_autotune - found 5907108k available Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.048034100 -0400] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 459154k Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.049960330 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot entry cache (1 total): 1245184k Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.051966727 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot dn cache (1 total): 196608k Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.053913462 -0400] - NOTICE - bdb_start_autotune - total cache size: 1852534579 B; Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.064444206 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=retrieve certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.066466091 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=request certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.068477371 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=request certificate different host,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.070538173 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=certificate status,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.072527150 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=revoke certificate,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.074488960 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=certificate remove hold,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.076480086 -0400] - WARN - NSACLPlugin - acl_parse - The ACL target cn=list all profiles,cn=virtual operations,cn=etc,dc=test,dc=local does not exist Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.152695714 -0400] - INFO - slapi_vattrspi_regattr - Because krbPwdPolicyReference is a new registered virtual attribute , nsslapd-ignore-virtual-attrs was set to 'off' Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.154855336 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.161419309 -0400] - ERR - ipagraceperiod_get_global_config - [file ipa_graceperiod.c, line 185]: Failed to get default realm (-1765328160) Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.165434167 -0400] - ERR - ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160) Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.168035285 -0400] - ERR - ipaenrollment_start - [file ipa_enrollment.c, line 414]: Failed to get default realm?! Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.177972758 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.181217445 -0400] - INFO - validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 118 Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.183146567 -0400] - INFO - connection_table_new - Number of connection sub-tables 1, each containing 63883 slots. Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.215193463 -0400] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests Mar 12 19:22:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:01.217186612 -0400] - INFO - slapd_daemon - Listening on /run/slapd-TEST-LOCAL.socket for LDAPI requests Mar 12 19:22:01 ipaserver.test.local systemd[1]: Started 389 Directory Server TEST-LOCAL.. ░░ Subject: A start job for unit dirsrv@TEST-LOCAL.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit dirsrv@TEST-LOCAL.service has finished successfully. ░░ ░░ The job identifier is 1869. Mar 12 19:22:01 ipaserver.test.local sudo[18836]: pam_unix(sudo:session): session closed for user root Mar 12 19:22:02 ipaserver.test.local sudo[19504]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-obhmsavttpbscseovybqmiryuxbuahcy ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357722.0133178-16470-135801731382011/AnsiballZ_ipaserver_setup_krb.py' Mar 12 19:22:02 ipaserver.test.local sudo[19504]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:22:03 ipaserver.test.local python3.9[19507]: ansible-ipaserver_setup_krb Invoked with dm_password=NOT_LOGGING_PARAMETER password=NOT_LOGGING_PARAMETER master_password=NOT_LOGGING_PARAMETER domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local reverse_zones=[] setup_adtrust=False setup_kra=False setup_dns=False setup_ca=True no_host_dns=True subject_base=O=TEST.LOCAL ca_subject=CN=Certificate Authority,O=TEST.LOCAL no_reverse=False auto_forwarders=False no_pkinit=False no_hbac_allow=False idstart=741400000 idmax=741599999 ip_addresses=[] external_cert_files=[] _pkinit_pkcs12_info=None Mar 12 19:22:04 ipaserver.test.local ldapmodify[19515]: DIGEST-MD5 common mech free Mar 12 19:22:04 ipaserver.test.local kdb5_util[19521]: MS-PAC generator: Local domain NT attributes not configured Mar 12 19:22:04 ipaserver.test.local ldapmodify[19522]: DIGEST-MD5 common mech free Mar 12 19:22:04 ipaserver.test.local systemd[1]: Starting SSSD Kerberos Cache Manager... ░░ Subject: A start job for unit sssd-kcm.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sssd-kcm.service has begun execution. ░░ ░░ The job identifier is 1936. Mar 12 19:22:04 ipaserver.test.local systemd[1]: Started SSSD Kerberos Cache Manager. ░░ Subject: A start job for unit sssd-kcm.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit sssd-kcm.service has finished successfully. ░░ ░░ The job identifier is 1936. Mar 12 19:22:04 ipaserver.test.local sssd_kcm[19525]: Starting up Mar 12 19:22:06 ipaserver.test.local /tmp/ansible_ipaserver_setup_krb_payload_2kzeo6ie/ansible_ipaserver_setup_krb_payload.zip/ansible/modules/ipaserver_setup_krb.py[19507]: [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_139795255963120] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_139795255963120] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_krb_payload_2kzeo6ie/ansible_ipaserver_setup_krb_payload.zip/ansible/modules/ipaserver_setup_krb.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_krb_payload_2kzeo6ie/ansible_ipaserver_setup_krb_payload.zip/ansible/modules/ipaserver_setup_krb.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:22:06 ipaserver.test.local ldapmodify[19529]: DIGEST-MD5 common mech free Mar 12 19:22:06 ipaserver.test.local ldapmodify[19531]: DIGEST-MD5 common mech free Mar 12 19:22:06 ipaserver.test.local systemd[1]: Starting Kerberos 5 KDC... ░░ Subject: A start job for unit krb5kdc.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit krb5kdc.service has begun execution. ░░ ░░ The job identifier is 2002. Mar 12 19:22:06 ipaserver.test.local systemd[1]: krb5kdc.service: Can't open PID file /run/krb5kdc.pid (yet?) after start: No such file or directory Mar 12 19:22:06 ipaserver.test.local systemd[1]: Started Kerberos 5 KDC. ░░ Subject: A start job for unit krb5kdc.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit krb5kdc.service has finished successfully. ░░ ░░ The job identifier is 2002. Mar 12 19:22:07 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:07 ipaserver.test.local systemd-rc-local-generator[19561]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:07 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:07 ipaserver.test.local systemd-rc-local-generator[19600]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:07 ipaserver.test.local systemd[1]: Starting Kerberos 5 Password-changing and Administration... ░░ Subject: A start job for unit kadmin.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit kadmin.service has begun execution. ░░ ░░ The job identifier is 2073. Mar 12 19:22:07 ipaserver.test.local systemd[1]: Started Kerberos 5 Password-changing and Administration. ░░ Subject: A start job for unit kadmin.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit kadmin.service has finished successfully. ░░ ░░ The job identifier is 2073. Mar 12 19:22:07 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:07 ipaserver.test.local systemd-rc-local-generator[19646]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:07 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:08 ipaserver.test.local systemd-rc-local-generator[19685]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:08 ipaserver.test.local sudo[19504]: pam_unix(sudo:session): session closed for user root Mar 12 19:22:09 ipaserver.test.local sudo[19877]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c 'echo BECOME-SUCCESS-xmhehsggmlonhktreauyexhbdedijtgy ; /usr/bin/python3.9 /root/.ansible/tmp/ansible-tmp-1773357728.8099806-16701-201705872744052/AnsiballZ_ipaserver_setup_ca.py' Mar 12 19:22:09 ipaserver.test.local sudo[19877]: pam_unix(sudo:session): session opened for user root(uid=0) by root(uid=0) Mar 12 19:22:09 ipaserver.test.local python3.9[19880]: ansible-ipaserver_setup_ca Invoked with dm_password=NOT_LOGGING_PARAMETER password=NOT_LOGGING_PARAMETER master_password=NOT_LOGGING_PARAMETER domain=test.local realm=TEST.LOCAL hostname=ipaserver.test.local no_host_dns=True setup_adtrust=False setup_kra=False setup_dns=False setup_ca=True idstart=741400000 idmax=741599999 no_hbac_allow=False no_pkinit=False dirsrv_cert_files=[] external_ca=False subject_base=O=TEST.LOCAL _subject_base=O=TEST.LOCAL ca_subject=CN=Certificate Authority,O=TEST.LOCAL _ca_subject=CN=Certificate Authority,O=TEST.LOCAL _random_serial_numbers=False reverse_zones=[] no_reverse=False auto_forwarders=False _http_ca_cert= ip_addresses=[] pki_config_override=None dirsrv_config_file=None _dirsrv_pkcs12_info=None external_ca_type=None external_ca_profile=None external_cert_files=None ca_signing_algorithm=None domainlevel=None Mar 12 19:22:11 ipaserver.test.local /tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py[19880]: [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140167126674016] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140167126674016] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:22:12 ipaserver.test.local systemd[1]: Starting IPA Custodia Service... ░░ Subject: A start job for unit ipa-custodia.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit ipa-custodia.service has begun execution. ░░ ░░ The job identifier is 2144. Mar 12 19:22:12 ipaserver.test.local ipa-custodia[19886]: 2026-03-12 19:22:12 - custodia - Custodia instance
Mar 12 19:22:12 ipaserver.test.local systemd[1]: Started IPA Custodia Service. ░░ Subject: A start job for unit ipa-custodia.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit ipa-custodia.service has finished successfully. ░░ ░░ The job identifier is 2144. Mar 12 19:22:12 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:12 ipaserver.test.local systemd-rc-local-generator[19908]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:12 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:12 ipaserver.test.local systemd-rc-local-generator[19949]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:13 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:22:13 ipaserver.test.local systemd-rc-local-generator[19990]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:22:14 ipaserver.test.local runuser[20017]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:14 ipaserver.test.local kernel: /proc/cgroups lists only v1 controllers, use cgroup.controllers of root cgroup for v2 info Mar 12 19:22:15 ipaserver.test.local runuser[20017]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:15 ipaserver.test.local runuser[20046]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.145854779 -0400] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.167162481 -0400] - NOTICE - bdb_start_autotune - found 7346476k physical memory Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.169132033 -0400] - NOTICE - bdb_start_autotune - found 5824264k available Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.171052969 -0400] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 459154k Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.172976251 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot entry cache (2 total): 655360k Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.174986170 -0400] - NOTICE - bdb_start_autotune - cache autosizing: userRoot dn cache (2 total): 131072k Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.176994871 -0400] - NOTICE - bdb_start_autotune - cache autosizing: ipaca entry cache (2 total): 655360k Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.178975480 -0400] - NOTICE - bdb_start_autotune - cache autosizing: ipaca dn cache (2 total): 131072k Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.181028382 -0400] - NOTICE - bdb_start_autotune - total cache size: 1936420659 B; Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.190747126 -0400] - ERR - ipa-topology-plugin - ipa_topo_be_state_change - backend ipaca is coming online; checking domain level and init shared topology Mar 12 19:22:16 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:16.205500356 -0400] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=test,dc=local--no CoS Templates found, which should be added before the CoS Definition. Mar 12 19:22:16 ipaserver.test.local runuser[20046]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:16 ipaserver.test.local runuser[20076]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:17 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:17.418774204 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:22:21 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:21.193877969 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: server configuration missing Mar 12 19:22:21 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:21.196120674 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: cannot create replica Mar 12 19:22:36 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:36.198609095 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: replica already exists Mar 12 19:22:36 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:36.200922024 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: server configuration missing Mar 12 19:22:36 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:36.202922549 -0400] - ERR - ipa-topology-plugin - ipa_topo_util_get_replica_conf: cannot create replica Mar 12 19:22:48 ipaserver.test.local runuser[20076]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:48 ipaserver.test.local runuser[20105]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:49 ipaserver.test.local runuser[20105]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:49 ipaserver.test.local runuser[20134]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.601240286 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: revokedby Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.642941480 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: issuedby Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.645199312 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: publicKeyData Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.647343049 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: clientId Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.649702387 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: dataType Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.651752602 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: status Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.653862211 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: description Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.655949074 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: serialno Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.658028865 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: metaInfo Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.660131510 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: certstatus Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.662274574 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requestid Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.664643039 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requesttype Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.666788561 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requeststate Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.668941061 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requestowner Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.671070406 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: notbefore Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.673253028 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: notafter Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.675378525 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: duration Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.677521015 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: dateOfCreate Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.679619243 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: revokedOn Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.681778939 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: archivedBy Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.683877610 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: ownername Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.686429437 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: subjectname Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.688580921 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: issuername Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.690712327 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requestsourceid Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.692834490 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: revInfo Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.695038309 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: extension Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.697228502 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeExpires Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.699389653 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeAccountId Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.701523496 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeStatus Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.703706449 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeAuthorizationId Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.705806184 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeIdentifier Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.707895184 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeCertificateId Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.710140611 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: acmeAuthorizationWildcard Mar 12 19:22:50 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:22:50.745152373 -0400] - INFO - bdb_db2index - ipaca: Finished indexing. Mar 12 19:22:52 ipaserver.test.local runuser[20134]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:52 ipaserver.test.local runuser[20164]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:53 ipaserver.test.local runuser[20164]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:53 ipaserver.test.local runuser[20193]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:54 ipaserver.test.local runuser[20193]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:55 ipaserver.test.local runuser[20246]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:22:56 ipaserver.test.local runuser[20246]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:22:56 ipaserver.test.local systemd[1]: Created slice Slice /system/pki-tomcatd. ░░ Subject: A start job for unit system-pki\x2dtomcatd.slice has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit system-pki\x2dtomcatd.slice has finished successfully. ░░ ░░ The job identifier is 2210. Mar 12 19:22:56 ipaserver.test.local systemd[1]: Starting PKI Tomcat Server pki-tomcat... ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has begun execution. ░░ ░░ The job identifier is 2209. Mar 12 19:22:57 ipaserver.test.local pki-server[20305]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:22:58 ipaserver.test.local pki-server[20278]: AJP connector requiredSecret: None Mar 12 19:22:58 ipaserver.test.local pki-server[20278]: AJP connector requiredSecret: None Mar 12 19:22:58 ipaserver.test.local systemd[1]: Started PKI Tomcat Server pki-tomcat. ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has finished successfully. ░░ ░░ The job identifier is 2209. Mar 12 19:22:58 ipaserver.test.local server[20349]: Java virtual machine used: /usr/lib/jvm/jre-17-openjdk/bin/java Mar 12 19:22:58 ipaserver.test.local server[20349]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: Mar 12 19:22:58 ipaserver.test.local server[20349]: main class used: org.apache.catalina.startup.Bootstrap Mar 12 19:22:58 ipaserver.test.local server[20349]: flags used: -Dcom.redhat.fips=false Mar 12 19:22:58 ipaserver.test.local server[20349]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dsun.io.useCanonCaches=false -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy Mar 12 19:22:58 ipaserver.test.local server[20349]: arguments used: start Mar 12 19:22:58 ipaserver.test.local server[20349]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:22:58 ipaserver.test.local server[20349]: WARNING: A command line option has enabled the Security Manager Mar 12 19:22:58 ipaserver.test.local server[20349]: WARNING: The Security Manager is deprecated and will be removed in a future release Mar 12 19:22:59 ipaserver.test.local server[20349]: WARNING: Tomcat interprets the [protocols] attribute in a manner consistent with the latest OpenSSL development branch. Some of the specified [protocols] are not supported by the configured SSL engine for this connector (which may use JSSE or an older OpenSSL version) and have been skipped: [[TLSv1, TLSv1.1]] Mar 12 19:23:05 ipaserver.test.local runuser[20483]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:07 ipaserver.test.local runuser[20483]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:07 ipaserver.test.local runuser[20510]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:08 ipaserver.test.local runuser[20510]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:08 ipaserver.test.local runuser[20538]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:09 ipaserver.test.local runuser[20538]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:09 ipaserver.test.local runuser[20568]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:11 ipaserver.test.local runuser[20568]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:11 ipaserver.test.local runuser[20600]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:12 ipaserver.test.local runuser[20600]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:15 ipaserver.test.local runuser[20660]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:16 ipaserver.test.local runuser[20660]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:16 ipaserver.test.local runuser[20687]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:17 ipaserver.test.local runuser[20687]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:17 ipaserver.test.local runuser[20714]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:18 ipaserver.test.local runuser[20714]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:18 ipaserver.test.local runuser[20743]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:21 ipaserver.test.local runuser[20743]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:21 ipaserver.test.local runuser[20773]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:22 ipaserver.test.local runuser[20773]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:24 ipaserver.test.local runuser[20833]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:25 ipaserver.test.local runuser[20833]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:25 ipaserver.test.local runuser[20860]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:26 ipaserver.test.local runuser[20860]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:26 ipaserver.test.local runuser[20887]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:28 ipaserver.test.local runuser[20887]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:28 ipaserver.test.local runuser[20916]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:30 ipaserver.test.local runuser[20916]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:30 ipaserver.test.local runuser[20947]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:31 ipaserver.test.local runuser[20947]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:34 ipaserver.test.local runuser[21008]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:35 ipaserver.test.local runuser[21008]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:35 ipaserver.test.local runuser[21035]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:35 ipaserver.test.local runuser[21035]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:35 ipaserver.test.local runuser[21062]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:37 ipaserver.test.local runuser[21062]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:37 ipaserver.test.local runuser[21092]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:37 ipaserver.test.local systemd[5239]: Created slice User Background Tasks Slice. ░░ Subject: A start job for unit UNIT has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit UNIT has finished successfully. ░░ ░░ The job identifier is 14. Mar 12 19:23:37 ipaserver.test.local systemd[5239]: Starting Cleanup of User's Temporary Files and Directories... ░░ Subject: A start job for unit UNIT has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit UNIT has begun execution. ░░ ░░ The job identifier is 13. Mar 12 19:23:37 ipaserver.test.local systemd[5239]: Finished Cleanup of User's Temporary Files and Directories. ░░ Subject: A start job for unit UNIT has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit UNIT has finished successfully. ░░ ░░ The job identifier is 13. Mar 12 19:23:39 ipaserver.test.local runuser[21092]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:39 ipaserver.test.local runuser[21123]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:40 ipaserver.test.local runuser[21123]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:43 ipaserver.test.local runuser[21183]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:44 ipaserver.test.local runuser[21183]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:44 ipaserver.test.local runuser[21210]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:45 ipaserver.test.local runuser[21210]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:45 ipaserver.test.local runuser[21237]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:46 ipaserver.test.local runuser[21237]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:46 ipaserver.test.local runuser[21267]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:48 ipaserver.test.local runuser[21267]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:48 ipaserver.test.local runuser[21298]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:49 ipaserver.test.local runuser[21298]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:57 ipaserver.test.local runuser[21500]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:58 ipaserver.test.local runuser[21500]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:58 ipaserver.test.local runuser[21529]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:23:59 ipaserver.test.local runuser[21529]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:23:59 ipaserver.test.local runuser[21557]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:01 ipaserver.test.local runuser[21557]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:01 ipaserver.test.local runuser[21588]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:02 ipaserver.test.local runuser[21588]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:02 ipaserver.test.local runuser[21616]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:03 ipaserver.test.local runuser[21616]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:04 ipaserver.test.local runuser[21672]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:06 ipaserver.test.local runuser[21672]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:06 ipaserver.test.local runuser[21700]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:08 ipaserver.test.local runuser[21700]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:14 ipaserver.test.local runuser[21841]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:16 ipaserver.test.local runuser[21841]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:16 ipaserver.test.local runuser[21872]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:17 ipaserver.test.local runuser[21872]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:17 ipaserver.test.local runuser[21903]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:19 ipaserver.test.local runuser[21903]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:19 ipaserver.test.local runuser[21934]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:21 ipaserver.test.local runuser[21934]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:21 ipaserver.test.local runuser[21965]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:23 ipaserver.test.local runuser[21965]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:23 ipaserver.test.local runuser[21995]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:24 ipaserver.test.local runuser[21995]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:24 ipaserver.test.local runuser[22026]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:26 ipaserver.test.local runuser[22026]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:26 ipaserver.test.local runuser[22057]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:28 ipaserver.test.local runuser[22057]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:28 ipaserver.test.local runuser[22087]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:30 ipaserver.test.local runuser[22087]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:30 ipaserver.test.local runuser[22118]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:31 ipaserver.test.local runuser[22118]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:31 ipaserver.test.local runuser[22146]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:32 ipaserver.test.local runuser[22146]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:32 ipaserver.test.local runuser[22178]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:33 ipaserver.test.local runuser[22178]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:33 ipaserver.test.local runuser[22206]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:35 ipaserver.test.local runuser[22206]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:35 ipaserver.test.local runuser[22237]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:37 ipaserver.test.local runuser[22237]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:37 ipaserver.test.local runuser[22267]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:39 ipaserver.test.local runuser[22267]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:39 ipaserver.test.local runuser[22297]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:40 ipaserver.test.local runuser[22297]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:41 ipaserver.test.local runuser[22328]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:41 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:24:41.628204039 -0400] - NOTICE - dse_modify - A plugin has been enabled or disabled, but nsslapd-dynamic-plugins is off. A server restart is required to change this plugin state. Mar 12 19:24:42 ipaserver.test.local runuser[22328]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:42 ipaserver.test.local runuser[22357]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:44 ipaserver.test.local runuser[22357]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:44 ipaserver.test.local systemd[1]: Stopping PKI Tomcat Server pki-tomcat... ░░ Subject: A stop job for unit pki-tomcatd@pki-tomcat.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit pki-tomcatd@pki-tomcat.service has begun execution. ░░ ░░ The job identifier is 2275. Mar 12 19:24:44 ipaserver.test.local server[22390]: Java virtual machine used: /usr/lib/jvm/jre-17-openjdk/bin/java Mar 12 19:24:44 ipaserver.test.local server[22390]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: Mar 12 19:24:44 ipaserver.test.local server[22390]: main class used: org.apache.catalina.startup.Bootstrap Mar 12 19:24:44 ipaserver.test.local server[22390]: flags used: -Dcom.redhat.fips=false Mar 12 19:24:44 ipaserver.test.local server[22390]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dsun.io.useCanonCaches=false Mar 12 19:24:44 ipaserver.test.local server[22390]: arguments used: stop Mar 12 19:24:44 ipaserver.test.local server[22390]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:24:44 ipaserver.test.local systemd[1]: pki-tomcatd@pki-tomcat.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit pki-tomcatd@pki-tomcat.service has successfully entered the 'dead' state. Mar 12 19:24:44 ipaserver.test.local systemd[1]: Stopped PKI Tomcat Server pki-tomcat. ░░ Subject: A stop job for unit pki-tomcatd@pki-tomcat.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit pki-tomcatd@pki-tomcat.service has finished. ░░ ░░ The job identifier is 2275 and the job result is done. Mar 12 19:24:44 ipaserver.test.local systemd[1]: pki-tomcatd@pki-tomcat.service: Consumed 19.637s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit pki-tomcatd@pki-tomcat.service completed and consumed the indicated resources. Mar 12 19:24:45 ipaserver.test.local runuser[22422]: pam_unix(runuser:session): session opened for user pkiuser(uid=17) by root(uid=0) Mar 12 19:24:46 ipaserver.test.local runuser[22422]: pam_unix(runuser:session): session closed for user pkiuser Mar 12 19:24:49 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:24:49 ipaserver.test.local systemd-rc-local-generator[22506]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:24:49 ipaserver.test.local systemd[1]: Starting PKI Tomcat Server pki-tomcat... ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has begun execution. ░░ ░░ The job identifier is 2276. Mar 12 19:24:50 ipaserver.test.local pki-server[22558]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:24:51 ipaserver.test.local pki-server[22531]: AJP connector requiredSecret: None Mar 12 19:24:51 ipaserver.test.local pki-server[22531]: AJP connector requiredSecret: None Mar 12 19:24:51 ipaserver.test.local systemd[1]: Started PKI Tomcat Server pki-tomcat. ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has finished successfully. ░░ ░░ The job identifier is 2276. Mar 12 19:24:51 ipaserver.test.local server[22605]: Java virtual machine used: /usr/lib/jvm/jre-17-openjdk/bin/java Mar 12 19:24:51 ipaserver.test.local server[22605]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: Mar 12 19:24:51 ipaserver.test.local server[22605]: main class used: org.apache.catalina.startup.Bootstrap Mar 12 19:24:51 ipaserver.test.local server[22605]: flags used: -Dcom.redhat.fips=false Mar 12 19:24:51 ipaserver.test.local server[22605]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dsun.io.useCanonCaches=false -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy Mar 12 19:24:51 ipaserver.test.local server[22605]: arguments used: start Mar 12 19:24:51 ipaserver.test.local server[22605]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:24:51 ipaserver.test.local server[22605]: WARNING: A command line option has enabled the Security Manager Mar 12 19:24:51 ipaserver.test.local server[22605]: WARNING: The Security Manager is deprecated and will be removed in a future release Mar 12 19:24:52 ipaserver.test.local server[22605]: WARNING: Tomcat interprets the [protocols] attribute in a manner consistent with the latest OpenSSL development branch. Some of the specified [protocols] are not supported by the configured SSL engine for this connector (which may use JSSE or an older OpenSSL version) and have been skipped: [[TLSv1, TLSv1.1]] Mar 12 19:25:00 ipaserver.test.local systemd[1]: Stopping PKI Tomcat Server pki-tomcat... ░░ Subject: A stop job for unit pki-tomcatd@pki-tomcat.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit pki-tomcatd@pki-tomcat.service has begun execution. ░░ ░░ The job identifier is 2342. Mar 12 19:25:00 ipaserver.test.local server[22766]: Java virtual machine used: /usr/lib/jvm/jre-17-openjdk/bin/java Mar 12 19:25:00 ipaserver.test.local server[22766]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: Mar 12 19:25:00 ipaserver.test.local server[22766]: main class used: org.apache.catalina.startup.Bootstrap Mar 12 19:25:00 ipaserver.test.local server[22766]: flags used: -Dcom.redhat.fips=false Mar 12 19:25:00 ipaserver.test.local server[22766]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dsun.io.useCanonCaches=false Mar 12 19:25:00 ipaserver.test.local server[22766]: arguments used: stop Mar 12 19:25:00 ipaserver.test.local server[22766]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:25:01 ipaserver.test.local systemd[1]: pki-tomcatd@pki-tomcat.service: Deactivated successfully. ░░ Subject: Unit succeeded ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit pki-tomcatd@pki-tomcat.service has successfully entered the 'dead' state. Mar 12 19:25:01 ipaserver.test.local systemd[1]: Stopped PKI Tomcat Server pki-tomcat. ░░ Subject: A stop job for unit pki-tomcatd@pki-tomcat.service has finished ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A stop job for unit pki-tomcatd@pki-tomcat.service has finished. ░░ ░░ The job identifier is 2342 and the job result is done. Mar 12 19:25:01 ipaserver.test.local systemd[1]: pki-tomcatd@pki-tomcat.service: Consumed 19.906s CPU time. ░░ Subject: Resources consumed by unit runtime ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ The unit pki-tomcatd@pki-tomcat.service completed and consumed the indicated resources. Mar 12 19:25:01 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:25:01 ipaserver.test.local systemd-rc-local-generator[22818]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.374925948 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: archivedBy Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.412395985 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: certstatus Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.415177432 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: clientId Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.417438190 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: dataType Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.419838385 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: dateOfCreate Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.422348255 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: description Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.424972384 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: duration Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.427411190 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: extension Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.429886920 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: issuedby Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.432166007 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: issuername Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.434896224 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: metaInfo Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.437266084 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: notafter Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.439536365 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: notbefore Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.441806147 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: ownername Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.443997565 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: publicKeyData Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.446302365 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requestid Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.448600160 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requestowner Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.450868620 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requestsourceid Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.452954531 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requeststate Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.455205449 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: requesttype Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.457601541 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: revInfo Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.459762199 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: revokedOn Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.461941125 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: revokedby Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.464038810 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: serialno Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.466452090 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: status Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.468648772 -0400] - INFO - bdb_db2index - ipaca: Indexing attribute: subjectname Mar 12 19:25:01 ipaserver.test.local ns-slapd[19301]: [12/Mar/2026:19:25:01.717500617 -0400] - INFO - bdb_db2index - ipaca: Finished indexing. Mar 12 19:25:03 ipaserver.test.local /tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py[19880]: [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140167116126048] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/idrange_show.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: idrange_show: SUCCESS [ldap2_140167116126048] {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'idrange_show' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'idrange_show' by the '[autobind]' actor: ░░ ░░ {"cn": "TEST.LOCAL_id_range", "rights": false, "all": false, "raw": false, "version": "2.257"} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'idrange_show' see ░░ https://freeipa.readthedocs.io/en/latest/api/idrange_show.html Mar 12 19:25:03 ipaserver.test.local systemd[1]: Starting PKI Tomcat Server pki-tomcat... ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has begun execution. ░░ ░░ The job identifier is 2343. Mar 12 19:25:04 ipaserver.test.local pki-server[22929]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:25:04 ipaserver.test.local pki-server[22902]: AJP connector requiredSecret: None Mar 12 19:25:04 ipaserver.test.local pki-server[22902]: AJP connector requiredSecret: None Mar 12 19:25:04 ipaserver.test.local server[22972]: Java virtual machine used: /usr/lib/jvm/jre-17-openjdk/bin/java Mar 12 19:25:04 ipaserver.test.local server[22972]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: Mar 12 19:25:04 ipaserver.test.local server[22972]: main class used: org.apache.catalina.startup.Bootstrap Mar 12 19:25:04 ipaserver.test.local server[22972]: flags used: -Dcom.redhat.fips=false Mar 12 19:25:04 ipaserver.test.local server[22972]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dsun.io.useCanonCaches=false -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy Mar 12 19:25:04 ipaserver.test.local server[22972]: arguments used: start Mar 12 19:25:04 ipaserver.test.local server[22972]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 12 19:25:04 ipaserver.test.local server[22972]: WARNING: A command line option has enabled the Security Manager Mar 12 19:25:04 ipaserver.test.local server[22972]: WARNING: The Security Manager is deprecated and will be removed in a future release Mar 12 19:25:05 ipaserver.test.local ipa-pki-wait-running[22973]: pki.client: cert_path missing; not used for validation: /etc/ipa/ca.crt Mar 12 19:25:05 ipaserver.test.local ipa-pki-wait-running[22973]: ipa-pki-wait-running: Created connection http://ipaserver.test.local:8080/ca/admin/ca/getStatus Mar 12 19:25:05 ipaserver.test.local ipa-pki-wait-running[22973]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipaserver.test.local', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) Mar 12 19:25:05 ipaserver.test.local server[22972]: WARNING: Tomcat interprets the [protocols] attribute in a manner consistent with the latest OpenSSL development branch. Some of the specified [protocols] are not supported by the configured SSL engine for this connector (which may use JSSE or an older OpenSSL version) and have been skipped: [[TLSv1, TLSv1.1]] Mar 12 19:25:07 ipaserver.test.local ipa-pki-wait-running[22973]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipaserver.test.local', port=8080): Read timed out. (read timeout=1.0) Mar 12 19:25:09 ipaserver.test.local ipa-pki-wait-running[22973]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipaserver.test.local', port=8080): Read timed out. (read timeout=1.0) Mar 12 19:25:11 ipaserver.test.local ipa-pki-wait-running[22973]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipaserver.test.local', port=8080): Read timed out. (read timeout=1.0) Mar 12 19:25:13 ipaserver.test.local ipa-pki-wait-running[22973]: ipa-pki-wait-running: Success, subsystem ca is running! Mar 12 19:25:13 ipaserver.test.local systemd[1]: Started PKI Tomcat Server pki-tomcat. ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has finished successfully. ░░ ░░ The job identifier is 2343. Mar 12 19:25:13 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:25:13 ipaserver.test.local systemd-rc-local-generator[23154]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:25:13 ipaserver.test.local systemd[1]: Starting Certificate monitoring and PKI enrollment... ░░ Subject: A start job for unit certmonger.service has begun execution ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit certmonger.service has begun execution. ░░ ░░ The job identifier is 2409. Mar 12 19:25:13 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:13 [23177] Changing to root directory. Mar 12 19:25:13 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:13 [23177] Obtaining system lock. Mar 12 19:25:13 ipaserver.test.local systemd[1]: Started Certificate monitoring and PKI enrollment. ░░ Subject: A start job for unit certmonger.service has finished successfully ░░ Defined-By: systemd ░░ Support: https://access.redhat.com/support ░░ ░░ A start job for unit certmonger.service has finished successfully. ░░ ░░ The job identifier is 2409. Mar 12 19:25:13 ipaserver.test.local certmonger[23178]: 2026-03-12 19:25:13 [23178] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23179]: 2026-03-12 19:25:13 [23179] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23180]: 2026-03-12 19:25:13 [23180] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23182]: 2026-03-12 19:25:13 [23182] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23183]: 2026-03-12 19:25:13 [23183] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23184]: 2026-03-12 19:25:13 [23184] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23185]: 2026-03-12 19:25:13 [23185] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local ipa-submit[23179]: GSSAPI client step 1 Mar 12 19:25:13 ipaserver.test.local certmonger[23186]: 2026-03-12 19:25:13 [23186] Running enrollment/cadata helper "/usr/libexec/certmonger/ipa-submit". Mar 12 19:25:13 ipaserver.test.local ipa-submit[23179]: GSSAPI client step 1 Mar 12 19:25:13 ipaserver.test.local certmonger[23187]: 2026-03-12 19:25:13 [23187] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23188]: 2026-03-12 19:25:13 [23188] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23189]: 2026-03-12 19:25:13 [23189] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23190]: 2026-03-12 19:25:13 [23190] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23191]: 2026-03-12 19:25:13 [23191] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local ipa-submit[23179]: GSSAPI client step 1 Mar 12 19:25:13 ipaserver.test.local ipa-submit[23179]: GSSAPI client step 1 Mar 12 19:25:13 ipaserver.test.local certmonger[23192]: 2026-03-12 19:25:13 [23192] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23193]: 2026-03-12 19:25:13 [23193] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23194]: 2026-03-12 19:25:13 [23194] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23195]: 2026-03-12 19:25:13 [23195] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23196]: 2026-03-12 19:25:13 [23196] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23197]: 2026-03-12 19:25:13 [23197] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23198]: 2026-03-12 19:25:13 [23198] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23199]: 2026-03-12 19:25:13 [23199] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23200]: 2026-03-12 19:25:13 [23200] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23201]: 2026-03-12 19:25:13 [23201] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23202]: 2026-03-12 19:25:13 [23202] Running enrollment/cadata helper "/usr/libexec/certmonger/local-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23203]: 2026-03-12 19:25:13 [23203] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23204]: 2026-03-12 19:25:13 [23204] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23205]: 2026-03-12 19:25:13 [23205] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23206]: 2026-03-12 19:25:13 [23206] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23207]: 2026-03-12 19:25:13 [23207] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local dogtag-ipa-renew-agent-submit[23189]: jsonrpc_url is NULL Mar 12 19:25:13 ipaserver.test.local dogtag-ipa-renew-agent-submit[23189]: jsonrpc_url is NULL Mar 12 19:25:13 ipaserver.test.local certmonger[23208]: 2026-03-12 19:25:13 [23208] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23209]: 2026-03-12 19:25:13 [23209] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local ipa-submit[23179]: GSSAPI client step 2 Mar 12 19:25:13 ipaserver.test.local certmonger[23210]: 2026-03-12 19:25:13 [23210] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23212]: 2026-03-12 19:25:13 [23212] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23213]: 2026-03-12 19:25:13 [23213] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23214]: 2026-03-12 19:25:13 [23214] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23215]: 2026-03-12 19:25:13 [23215] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23216]: 2026-03-12 19:25:13 [23216] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23217]: 2026-03-12 19:25:13 [23217] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23218]: 2026-03-12 19:25:13 [23218] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23219]: 2026-03-12 19:25:13 [23219] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23221]: 2026-03-12 19:25:13 [23221] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23222]: 2026-03-12 19:25:13 [23222] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23223]: 2026-03-12 19:25:13 [23223] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23224]: 2026-03-12 19:25:13 [23224] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23225]: 2026-03-12 19:25:13 [23225] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23226]: 2026-03-12 19:25:13 [23226] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23227]: 2026-03-12 19:25:13 [23227] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:13 ipaserver.test.local certmonger[23228]: 2026-03-12 19:25:13 [23228] Running enrollment/cadata helper "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". Mar 12 19:25:14 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:14 [23177] No hooks set for ca-pre-save command. Mar 12 19:25:14 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:14 [23177] No hooks set for ca-post-save command. Mar 12 19:25:14 ipaserver.test.local certmonger[23245]: 2026-03-12 19:25:14 [23245] Certificate "Local Signing Authority" valid for 31535999s. Mar 12 19:25:21 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:21 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:21 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:21 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:21 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:21 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:21 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:21 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:21 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:21 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:21 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:21 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:22 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:22 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:22 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:22 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:22 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:22 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:22 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:22 [23177] Wrote to /var/lib/certmonger/requests/20260312232521 Mar 12 19:25:23 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:23 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:23 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:23 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:23 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:23 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:23 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:23 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:24 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:24 [23177] Wrote to /var/lib/certmonger/requests/20260312232524 Mar 12 19:25:24 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:24 [23177] Wrote to /var/lib/certmonger/requests/20260312232524 Mar 12 19:25:24 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:24 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:24 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:24 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:25 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:25 [23177] Wrote to /var/lib/certmonger/requests/20260312232525 Mar 12 19:25:25 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:25 [23177] Wrote to /var/lib/certmonger/requests/20260312232525 Mar 12 19:25:25 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:25 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:25 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:25 [23177] Wrote to /var/lib/certmonger/requests/20260312232523 Mar 12 19:25:26 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:26 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:26 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:26 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:26 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:26 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:26 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:26 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:26 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:25:26 ipaserver.test.local systemd-rc-local-generator[23295]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:25:26 ipaserver.test.local systemd[1]: Reloading. Mar 12 19:25:26 ipaserver.test.local systemd-rc-local-generator[23334]: /etc/rc.d/rc.local is not marked executable, skipping. Mar 12 19:25:27 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:27 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:27 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:27 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:27 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:27 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:27 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:27 [23177] Wrote to /var/lib/certmonger/requests/20260312232526 Mar 12 19:25:27 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:27 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:27 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:27 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:27 ipaserver.test.local /tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py[19880]: [IPA.API] [autobind]: caacl_find: SUCCESS [ldap2_140167137746080] {"criteria": null, "all": false, "raw": false, "version": "2.257", "no_members": true, "pkey_only": false} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/caacl_find.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: caacl_find: SUCCESS [ldap2_140167137746080] {"criteria": null, "all": false, "raw": false, "version": "2.257", "no_members": true, "pkey_only": false} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'caacl_find' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'caacl_find' by the '[autobind]' actor: ░░ ░░ {"criteria": null, "all": false, "raw": false, "version": "2.257", "no_members": true, "pkey_only": false} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'caacl_find' see ░░ https://freeipa.readthedocs.io/en/latest/api/caacl_find.html Mar 12 19:25:27 ipaserver.test.local /tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py[19880]: [IPA.API] [autobind]: caacl_add: SUCCESS [ldap2_140167137746080] {"cn": "hosts_services_caIPAserviceCert", "hostcategory": "all", "servicecategory": "all", "all": false, "raw": false, "version": "2.257", "no_members": false} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/caacl_add.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: caacl_add: SUCCESS [ldap2_140167137746080] {"cn": "hosts_services_caIPAserviceCert", "hostcategory": "all", "servicecategory": "all", "all": false, "raw": false, "version": "2.257", "no_members": false} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'caacl_add' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'caacl_add' by the '[autobind]' actor: ░░ ░░ {"cn": "hosts_services_caIPAserviceCert", "hostcategory": "all", "servicecategory": "all", "all": false, "raw": false, "version": "2.257", "no_members": false} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'caacl_add' see ░░ https://freeipa.readthedocs.io/en/latest/api/caacl_add.html Mar 12 19:25:27 ipaserver.test.local /tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py[19880]: [IPA.API] [autobind]: caacl_add_profile: SUCCESS [ldap2_140167137746080] {"cn": "hosts_services_caIPAserviceCert", "all": false, "raw": false, "version": "2.257", "no_members": false, "certprofile": ["caIPAserviceCert"]} ░░ Subject: IPA API command was executed and result of its execution was audited ░░ Defined-by: FreeIPA ░░ Support: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/ ░░ Documentation: man:ipa(1) ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/index.html ░░ Documentation: https://freeipa.readthedocs.io/en/latest/api/caacl_add_profile.html ░░ ░░ FreeIPA provides an extensive API that allows to manage all aspects of IPA deployments. ░░ ░░ The following information about the API command executed is available: ░░ ░░ [IPA.API] [autobind]: caacl_add_profile: SUCCESS [ldap2_140167137746080] {"cn": "hosts_services_caIPAserviceCert", "all": false, "raw": false, "version": "2.257", "no_members": false, "certprofile": ["caIPAserviceCert"]} ░░ ░░ The command was executed by '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' utility. If the utility name ░░ is '/mod_wsgi`, then this API command came from a remote source through the IPA ░░ API end-point. ░░ ░░ The message includes following fields: ░░ ░░ - executable name and PID ('/mod_wsgi' for HTTP end-point; in this case it ░░ was '/tmp/ansible_ipaserver_setup_ca_payload_fycnybap/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py' command) ░░ ░░ - '[IPA.API]' marker to allow searches with 'journalctl -g IPA.API' ░░ ░░ - authenticated Kerberos principal or '[autobind]' marker for LDAPI-based ░░ access as root. In this case it was '[autobind]' ░░ ░░ - name of the command executed, in this case 'caacl_add_profile' ░░ ░░ - result of execution: `SUCCESS` or an exception name. In this case it was ░░ 'SUCCESS' ░░ ░░ - LDAP backend instance identifier. The identifier will be the same for all ░░ operations performed under the same request. This allows to identify operations ░░ which were executed as a part of the same API request instance. For API ░░ operations that didn't result in LDAP access, there will be ░░ '[no_connection_id]' marker. ░░ ░░ - finally, a list of arguments and options passed to the command is provided ░░ in JSON format. ░░ ░░ --------- ░░ The following list of arguments and options were passed to the command ░░ 'caacl_add_profile' by the '[autobind]' actor: ░░ ░░ {"cn": "hosts_services_caIPAserviceCert", "all": false, "raw": false, "version": "2.257", "no_members": false, "certprofile": ["caIPAserviceCert"]} ░░ --------- ░░ ░░ A detailed information about FreeIPA API can be found at upstream documentation API reference: ░░ https://freeipa.readthedocs.io/en/latest/api/index.html ░░ ░░ For details on the IPA API command 'caacl_add_profile' see ░░ https://freeipa.readthedocs.io/en/latest/api/caacl_add_profile.html Mar 12 19:25:28 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:28 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:28 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:28 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:28 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:28 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:28 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:28 [23177] Wrote to /var/lib/certmonger/requests/20260312232522 Mar 12 19:25:28 ipaserver.test.local ldapmodify[23357]: DIGEST-MD5 common mech free Mar 12 19:25:29 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:29 [23177] Wrote to /var/lib/certmonger/requests/20260312232524 Mar 12 19:25:29 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:29 [23177] Wrote to /var/lib/certmonger/requests/20260312232524 Mar 12 19:25:30 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:30 [23177] Wrote to /var/lib/certmonger/requests/20260312232524 Mar 12 19:25:30 ipaserver.test.local certmonger[23177]: 2026-03-12 19:25:30 [23177] Wrote to /var/lib/certmonger/requests/20260312232524