ansible-freeipa
ansible-freeipa copied to clipboard
Published
20 hours ago •
freeipa
freeipa
msg: cannot import name 'kinit_password' from 'ipapython.ipautil
- Debian GNU/Linux 11.9 (bullseye)
- ansible [core 2.15.9]
- python version = 3.9.2
Python system libraries/modules/packages installed
apt list --installed | grep python
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
hexchat-python3/oldstable,now 2.14.3-6+deb11u1 amd64 [installed]
libpython3-dev/oldstable,now 3.9.2-3 amd64 [installed]
libpython3-stdlib/oldstable,now 3.9.2-3 amd64 [installed,automatic]
libpython3.9-dev/oldstable,now 3.9.2-1 amd64 [installed,automatic]
libpython3.9-minimal/oldstable,now 3.9.2-1 amd64 [installed,automatic]
libpython3.9-stdlib/oldstable,now 3.9.2-1 amd64 [installed,automatic]
libpython3.9/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python-apt-common/oldstable,now 2.2.1 all [installed,automatic]
python-pip-whl/oldstable,now 20.3.4-4+deb11u1 all [installed,automatic]
python3-aiohttp/oldstable,now 3.7.4-1 amd64 [installed,automatic]
python3-appdirs/oldstable,now 1.4.4-1 all [installed,automatic]
python3-apt/oldstable,now 2.2.1 amd64 [installed,automatic]
python3-argcomplete/oldstable,now 1.8.1-1.5 all [installed,automatic]
python3-async-timeout/oldstable,now 3.0.1-1.1 all [installed,automatic]
python3-attr/oldstable,now 20.3.0-1 all [installed,automatic]
python3-autopep8/oldstable,now 1.5.5-1 all [installed]
python3-brlapi/oldstable,now 6.3+dfsg-1+deb11u1 amd64 [installed,automatic]
python3-bs4/oldstable,now 4.9.3-1 all [installed,automatic]
python3-cairo/oldstable,now 1.16.2-4+b2 amd64 [installed,automatic]
python3-certifi/oldstable,now 2020.6.20-1 all [installed,automatic]
python3-cffi-backend/oldstable,now 1.14.5-1 amd64 [installed,automatic]
python3-chardet/oldstable,now 4.0.0-1 all [installed,automatic]
python3-click/oldstable,now 7.1.2-1 all [installed,automatic]
python3-colorama/oldstable,now 0.4.4-1 all [installed,automatic]
python3-configobj/oldstable,now 5.0.6-4 all [installed,automatic]
python3-cryptography/oldstable,now 3.3.2-1 amd64 [installed,automatic]
python3-cups/oldstable,now 2.0.1-4+b1 amd64 [installed,automatic]
python3-cupshelpers/oldstable,now 1.5.14-1 all [installed,automatic]
python3-dbus/oldstable,now 1.2.16-5 amd64 [installed,automatic]
python3-debconf/oldstable,now 1.5.77 all [installed,automatic]
python3-debian/oldstable,now 0.1.39 all [installed,automatic]
python3-debianbts/oldstable,now 3.1.0 all [installed,automatic]
python3-decorator/oldstable,now 4.4.2-2 all [installed,automatic]
python3-dev/oldstable,now 3.9.2-3 amd64 [installed,automatic]
python3-distro-info/oldstable,now 1.0+deb11u1 all [installed,automatic]
python3-distro/oldstable,now 1.5.0-1 all [installed,automatic]
python3-distutils/oldstable,now 3.9.2-1 all [installed,automatic]
python3-dns/oldstable,now 3.2.1-1 all [installed]
python3-firewall/oldstable,now 0.9.3-2 all [installed,automatic]
python3-gi-cairo/oldstable,now 3.38.0-2 amd64 [installed,automatic]
python3-gi/oldstable,now 3.38.0-2 amd64 [installed,automatic]
python3-gnucash/oldstable,now 1:4.4-1 amd64 [installed,automatic]
python3-gpg/oldstable,now 1.14.0-1+b2 amd64 [installed,automatic]
python3-html5lib/oldstable,now 1.1-3 all [installed,automatic]
python3-httplib2/oldstable,now 0.18.1-3 all [installed,automatic]
python3-ibus-1.0/oldstable,now 1.5.23-2 all [installed,automatic]
python3-idna/oldstable,now 2.10-1 all [installed,automatic]
python3-jedi/oldstable,now 0.18.0-1 all [installed]
python3-ldap/oldstable,now 3.2.0-4+b3 amd64 [installed]
python3-ldb/oldstable,oldstable-security,now 2:2.2.3-2~deb11u2 amd64 [installed,automatic]
python3-lib2to3/oldstable,now 3.9.2-1 all [installed,automatic]
python3-libvirt/oldstable,now 7.0.0-2 amd64 [installed,automatic]
python3-libxml2/oldstable,oldstable-security,now 2.9.10+dfsg-6.7+deb11u4 amd64 [installed,automatic]
python3-louis/oldstable,now 3.16.0-1 all [installed,automatic]
python3-lxml/oldstable,oldstable-security,now 4.6.3+dfsg-0.1+deb11u1 amd64 [installed,automatic]
python3-magic/oldstable,now 2:0.4.20-3 all [installed,automatic]
python3-mako/oldstable,now 1.1.3+ds1-2 all [installed,automatic]
python3-markupsafe/oldstable,now 1.1.1-1+b3 amd64 [installed,automatic]
python3-minimal/oldstable,now 3.9.2-3 amd64 [installed,automatic]
python3-multidict/oldstable,now 5.1.0-1 amd64 [installed,automatic]
python3-mypy-extensions/oldstable,now 0.4.3-2 all [installed,automatic]
python3-nautilus/oldstable,now 1.2.3-3+b1 amd64 [installed,automatic]
python3-nftables/oldstable,now 0.9.8-3.1+deb11u2 amd64 [installed,automatic]
python3-olefile/oldstable,now 0.46-3 all [installed,automatic]
python3-parso/oldstable,now 0.8.1-1 all [installed,automatic]
python3-pathspec/oldstable,now 0.8.1-1 all [installed,automatic]
python3-pep8/oldstable,now 1.7.1-9 all [installed,automatic]
python3-pil/oldstable,oldstable-security,now 8.1.2+dfsg-0.3+deb11u1 amd64 [installed,automatic]
python3-pip/oldstable,now 20.3.4-4+deb11u1 all [installed]
python3-pkg-resources/oldstable,now 52.0.0-4 all [installed,automatic]
python3-psutil/oldstable,now 5.8.0-1 amd64 [installed,automatic]
python3-pyasn1-modules/oldstable,now 0.2.1-1 all [installed,automatic]
python3-pyasn1/oldstable,now 0.4.8-1 all [installed,automatic]
python3-pyatspi/oldstable,now 2.38.1-1 all [installed,automatic]
python3-pycodestyle/oldstable,now 2.6.0-1 all [installed,automatic]
python3-pycurl/oldstable,now 7.43.0.6-5 amd64 [installed,automatic]
python3-pyfavicon/oldstable,now 0.1.1+dfsg1-3 all [installed,automatic]
python3-pygments/oldstable,now 2.7.1+dfsg-2.1 all [installed,automatic]
python3-pyinotify/oldstable,now 0.9.6-1.3 all [installed,automatic]
python3-pyotp/oldstable,now 2.3.0-1 all [installed,automatic]
python3-pysimplesoap/oldstable,now 1.16.2-3 all [installed,automatic]
python3-pyxattr/oldstable,now 0.7.2-1+b1 amd64 [installed,automatic]
python3-pyzbar/oldstable,now 0.1.8-2 all [installed,automatic]
python3-regex/oldstable,now 0.1.20201113-1 amd64 [installed,automatic]
python3-reportbug/oldstable,now 7.10.3+deb11u1 all [installed]
python3-requests/oldstable,now 2.25.1+dfsg-2 all [installed,automatic]
python3-selinux/oldstable,now 3.1-3 amd64 [installed,automatic]
python3-setuptools/oldstable,now 52.0.0-4 all [installed,automatic]
python3-six/oldstable,now 1.16.0-2 all [installed,automatic]
python3-slip-dbus/oldstable,now 0.6.5-2 all [installed,automatic]
python3-slip/oldstable,now 0.6.5-2 all [installed,automatic]
python3-smbc/oldstable,now 1.0.23-1+b1 amd64 [installed,automatic]
python3-software-properties/oldstable,now 0.96.20.2-2.1 all [installed,automatic]
python3-soupsieve/oldstable,now 2.2.1-1 all [installed,automatic]
python3-speechd/oldstable,now 0.10.2-2+deb11u2 all [installed,automatic]
python3-sqlparse/oldstable,now 0.4.1-1 all [installed,automatic]
python3-systemd/oldstable,now 234-3+b4 amd64 [installed,automatic]
python3-tabulate/oldstable,now 0.8.7-0.1 all [installed,automatic]
python3-talloc/oldstable,now 2.3.1-2+b1 amd64 [installed,automatic]
python3-toml/oldstable,now 0.10.1-1 all [installed,automatic]
python3-typed-ast/oldstable,now 1.4.2-1 amd64 [installed,automatic]
python3-typing-extensions/oldstable,now 3.7.4.3-1 all [installed,automatic]
python3-unidiff/oldstable,now 0.5.5-2 all [installed,automatic]
python3-uno/oldstable,oldstable-security,now 1:7.0.4-4+deb11u8 amd64 [installed,automatic]
python3-urllib3/oldstable,now 1.26.5-1~exp1 all [installed,automatic]
python3-venv/oldstable,now 3.9.2-3 amd64 [installed]
python3-webencodings/oldstable,now 0.5.1-2 all [installed,automatic]
python3-wheel/oldstable,now 0.34.2-1 all [installed,automatic]
python3-xdg/oldstable,now 0.27-2 all [installed,automatic]
python3-yaml/oldstable,now 5.3.1-5 amd64 [installed,automatic]
python3-yapf/oldstable,now 0.30.0-1 all [installed]
python3-yarl/oldstable,now 1.6.3-2 amd64 [installed,automatic]
python3-yoyo/oldstable,now 7.3.1+dfsg1-1 all [installed,automatic]
python3.9-dev/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3.9-minimal/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3.9-venv/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3.9/oldstable,now 3.9.2-1 amd64 [installed,automatic]
python3/oldstable,now 3.9.2-3 amd64 [installed,automatic]
Python required modules ( requirements.txt )
ansible-core==2.15.9
# Collections Requirements
# freeipa.ansible_freeipa.ipaservice
netaddr==1.2.1
gssapi==1.8.3
ipalib==4.10.2
Ansible required collections ( requirements.yml )
---
collections:
- name: ansible.posix
version: 1.5.4
- name: community.general
version: '>=7.4.0,<7.5.0'
- name: freeipa.ansible_freeipa
version: '>=1.11.1,<1.12.0'
Output
failed: [testvm.example.com -> localhost]
(item=
{'path': '/etc/httpd/conf/httpd.keytab',
'principal': 'HTTP/[email protected]',
'aliases': ['HTTP/[email protected]'],
'owner': 48,
'group': 48,
'mode': '0400'})
=> changed=false
ansible_loop_var: item
invocation:
module_args:
action: service
allow_create_keytab_group: null
allow_create_keytab_host: null
allow_create_keytab_hostgroup: null
allow_create_keytab_user: null
allow_retrieve_keytab_group: null
allow_retrieve_keytab_host: null
allow_retrieve_keytab_hostgroup: null
allow_retrieve_keytab_user: null
auth_ind: null
certificate: null
delete_continue: null
force: null
host: null
ipaadmin_password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
ipaadmin_principal: ipaadmin-username
ipaapi_context: null
ipaapi_ldap_cache: true
name:
- HTTP/[email protected]
netbiosname: null
ok_as_delegate: null
ok_to_auth_as_delegate: null
pac_type: null
principal:
- HTTP/[email protected]
requires_pre_auth: null
services: null
skip_host_check: null
smb: null
state: present
item:
aliases:
- HTTP/[email protected]
group: 48
mode: '0400'
owner: 48
path: /etc/httpd/conf/httpd.keytab
principal: HTTP/[email protected]
msg: cannot import name 'kinit_password' from 'ipapython.ipautil' (/home/username/.python-env/ipa-python-venv/lib/python3.9/site-packages/ipapython/ipautil.py)
I cannot understand why I have this error.
cannot import name 'kinit_password' from 'ipapython.ipautil'
I have this error with the following versions:
- freeipa.ansible_freeipa 1.11.1
- freeipa.ansible_freeipa 1.12.1 ( latest)
Any advice/help/idea ?
In my attempt to solve this, I have also installed the following python 3 modules.
pip freeze
ipa==4.10.2
ipaclient==4.10.2
ipalib==4.10.2
ipaplatform==4.10.2
ipapython==4.10.2
python-freeipa==1.0.8
ansible-core==2.15.9
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
cryptography==42.0.5
decorator==5.1.1
dnspython==2.6.1
gssapi==1.8.3
idna==3.6
importlib-resources==5.0.7
Jinja2==3.1.3
MarkupSafe==2.1.5
netaddr==1.2.1
packaging==23.2
pkg_resources==0.0.0
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
pypng==0.20220715.0
PyYAML==6.0.1
qrcode==7.4.2
requests==2.31.0
resolvelib==1.0.1
six==1.16.0
typing_extensions==4.10.0
urllib3==2.2.1
- Red Hat Enterprise Linux release 9.1 (Plow)
- Python 3.9.18
System python related packages
dnf install python3 python3-devel krb5-workstation krb5-libs krb5-devel gcc -y
dnf list installed | grep python
libcap-ng-python3.x86_64 0.8.2-7.el9
policycoreutils-python-utils.noarch 3.5-2.el9
python-unversioned-command.noarch 3.9.18-1.el9_3.1
python3.x86_64 3.9.18-1.el9_3.1
python3-attrs.noarch 20.3.0-7.el9
python3-audit.x86_64 3.0.7-103.el9
python3-babel.noarch 2.9.1-2.el9
python3-chardet.noarch 4.0.0-5.el9
python3-cloud-what.x86_64 1.29.30-1.el9
python3-configobj.noarch 5.0.6-25.el9
python3-dasbus.noarch 1.4-5.el9
python3-dateutil.noarch 1:2.8.1-6.el9
python3-dbus.x86_64 1.2.18-2.el9
python3-decorator.noarch 4.4.2-6.el9
python3-devel.x86_64 3.9.18-1.el9_3.1
python3-distro.noarch 1.5.0-7.el9
python3-dnf.noarch 4.12.0-4.el9
python3-dnf-plugin-versionlock.noarch 4.3.0-11.el9_3
python3-dnf-plugins-core.noarch 4.3.0-11.el9_3
python3-ethtool.x86_64 0.15-2.el9
python3-file-magic.noarch 5.39-10.el9
python3-firewall.noarch 1.2.1-1.el9
python3-gobject-base.x86_64 3.40.1-6.el9
python3-gobject-base-noarch.noarch 3.40.1-6.el9
python3-gpg.x86_64 1.15.1-6.el9
python3-hawkey.x86_64 0.67.0-3.el9
python3-idna.noarch 2.10-7.el9
python3-iniparse.noarch 0.4-45.el9
python3-inotify.noarch 0.9.6-25.el9
python3-jinja2.noarch 2.11.3-4.el9
python3-jsonpatch.noarch 1.21-16.el9
python3-jsonpointer.noarch 2.0-4.el9
python3-jsonschema.noarch 3.2.0-13.el9
python3-ldap.x86_64 3.4.3-2.el9
python3-libcomps.x86_64 0.1.18-1.el9
python3-libdnf.x86_64 0.67.0-3.el9
python3-librepo.x86_64 1.14.2-3.el9
python3-libs.x86_64 3.9.18-1.el9_3.1
python3-libselinux.x86_64 3.5-1.el9
python3-libsemanage.x86_64 3.5-2.el9
python3-libxml2.x86_64 2.9.13-2.el9
python3-linux-procfs.noarch 0.7.0-1.el9
python3-markupsafe.x86_64 1.1.1-12.el9
python3-netifaces.x86_64 0.10.6-15.el9
python3-nftables.x86_64 1:1.0.4-11.el9_3
python3-oauthlib.noarch 3.1.1-2.el9
python3-perf.x86_64 5.14.0-139.kpq0.el9
python3-pexpect.noarch 4.8.0-7.el9
python3-pip.noarch 21.2.3-7.el9_3.1
python3-pip-wheel.noarch 21.2.3-6.el9
python3-policycoreutils.noarch 3.5-2.el9
python3-prettytable.noarch 0.7.2-27.el9
python3-psycopg2.x86_64 2.8.6-6.el9
python3-ptyprocess.noarch 0.6.0-12.el9
python3-pyasn1.noarch 0.4.8-6.el9
python3-pyasn1-modules.noarch 0.4.8-6.el9
python3-pyrsistent.x86_64 0.17.3-8.el9
python3-pyserial.noarch 3.4-12.el9
python3-pysocks.noarch 1.7.1-12.el9
python3-pytz.noarch 2021.1-4.el9
python3-pyudev.noarch 0.22.0-6.el9
python3-pyyaml.x86_64 5.4.1-6.el9
python3-requests.noarch 2.25.1-6.el9
python3-rpm.x86_64 4.16.1.3-18.el9_1
python3-setools.x86_64 4.4.0-5.el9
python3-setuptools.noarch 53.0.0-10.el9
python3-setuptools-wheel.noarch 53.0.0-10.el9
python3-six.noarch 1.15.0-9.el9
python3-subscription-manager-rhsm.x86_64 1.29.30-1.el9
python3-systemd.x86_64 234-18.el9
python3-urllib3.noarch 1.26.5-3.el9
pip freeze
- requirements.txt
ansible-core==2.15.9
# Collections Requirements
# freeipa.ansible_freeipa.ipaservice
netaddr==1.2.1
gssapi==1.8.3
ipalib==4.10.2
ansible-core==2.15.9
cffi==1.16.0
cryptography==42.0.5
decorator==5.1.1
dnspython==2.6.1
gssapi==1.8.3
importlib-resources==5.0.7
ipalib==4.10.2
ipaplatform==4.10.2
ipapython==4.10.2
Jinja2==3.1.3
MarkupSafe==2.1.5
netaddr==1.2.1
packaging==23.2
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
PyYAML==6.0.1
resolvelib==1.0.1
six==1.16.0
But again exactly the same:
msg: cannot import name 'kinit_password' from 'ipapython.ipautil'
pip install ipaclient
pip freeze | grep ipa
ipaclient==4.10.2
ipalib==4.10.2
ipaplatform==4.10.2
ipapython==4.10.2
But, nothing changed.
ansible-freeipa modules are supporting management nodes that are part of an IPA domain as a client or server. If the node is part of an IPA domain, all the needed packages and bindings are installed and the management modules are able to be used. ansible-core and ansible-freeipa is only needed on the controller, it is not needed on the management nodes.
The management node needs to deployed as a server/replica or client in an IPA domain. Installing ipaclient with pip is not able to do this.
For information how to deploy a client, please have a look at https://github.com/freeipa/ansible-freeipa/blob/master/roles/ipaclient/README.md
So, the task below cannot be run on my laptop - which is not an IPA server/client ( at least client ) ?
---
- name: Create service
delegate_to: localhost
freeipa.ansible_freeipa.ipaservice:
name: "{{ item.principal }}"
principal: "{{ item.aliases | default(omit) }}"
state: "present"
ipaadmin_principal: "{{ ipa_host_enrollment_principal }}"
ipaadmin_password: "{{ ipa_host_enrollment_password }}"
loop: "{{ custom_keytabs }}"
As you mentioned above from the Ansible controller side you only need ansible-core & ansible-freeipa.
So I cannot run the above from my localhost, if my localhost/controller is not already deployed as a server/replica or client in an IPA domain.
Excuse me, I'm confused because I ran it locally and the error message doesn't help me enough.
Could we change the error message to give more information about what is going wrong?
For example, with some kind of condition checking whether "Ω" has already been done or not, print "χ message", otherwise "ψ message".
Thank you very much for your prompt reply above and for the really useful reference which is really helpful! :pray:
Good point, please open a ticket to work on the error messages for missing IPA bindings.
@Tas-sos no, you can't delegate the task to your localhost if it is not a server or a client in a FreeIPA deployment.
The controller does not need to be part of FreeIPA, but any target node needs to be.
We should make this clearer in the documentation, but IMO, working this on the error messages provided will open a lot of unknown issues, and this might be too much work for too small improvement.
