ansible-freeipa
ansible-freeipa copied to clipboard
Published
20 hours ago •
freeipa
freeipa
Setup CA: pkispawn', '-s', 'CA', '-f', '/tmp/tmpbiunqb'] returned non-zero exit status 1
Hello! Thanks for role freeipa!
I try install and get error
Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpbiunqb'] returned non-zero exit status 1: u"pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR ........... server did not start after 60s\npkispawn : ERROR ....... server failed to restart\n")
Playbook
---
- name: Playbook to configure IPA servers
hosts: ipaserver
become: true
collections:
- freeipa.ansible_freeipa
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Install python2.7-minimal
ansible.builtin.package:
name: python2.7-minimal
state: present
- name: Remove 127.0.1.1 from /etc/hosts
lineinfile:
path: /etc/hosts
state: absent
regexp: '^127.0.1.1'
- name: 'Add association between external ip and ipa domain into etc/hosts'
lineinfile:
path: '/etc/hosts'
line: '{{ ipaserver_ip_addresses|first }} {{ ipaserver_domain }}'
insertbefore: BOF
- name: Ensure `dnsutils` is available.
package:
name: dnsutils
state: present
- name: Retrieve hostname from IP address.
command: dig +short +onesoa -x "{{ ansible_default_ipv4.address }}"
register: dig_out
- name: Provide reverse_hostname fact.
set_fact:
reverse_hostname: "{{ dig_out.stdout_lines[0][:-1] }}"
- name: Print reverse_hostname
debug:
var: reverse_hostname
- name: Set hostname as ipaserver_domain
hostname:
name: "{{ ipaserver_domain }}"
roles:
- role: freeipa.ansible_freeipa.ipaserver
state: present
Inventory
all:
children:
ipaserver:
hosts:
"freeipa":
ansible_host: "xxxxx"
vars:
ansible_user: ubuntu
ansible_ssh_private_key_file: ~/.ssh/id_rsa
ipaadmin_password: ADMPassword1
ipadm_password: DMPassword1
ipaserver_domain: freeipa.ru-central1.internal
ipaserver_realm: freeipa.ru-central1.internal
ipaserver_ip_addresses:
- '{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}'
Ansible output
TASK [freeipa.ansible_freeipa.ipaserver : Install - Setup CA]
fatal: [freeipa]: FAILED! => changed=false
module_stderr: |-
Shared connection to 51.250.104.39 closed.
module_stdout: |-
Failed to configure CA instance: CalledProcessError(Command ['/usr/sbin/pkispawn', '-s', 'CA', '-f', '/tmp/tmpbiunqb'] returned non-zero exit status 1: u"pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['sysctl', 'crypto.fips_enabled', '-bn']' returned non-zero exit status 255!\npkispawn : ERROR ........... server did not start after 60s\npkispawn : ERROR ....... server failed to restart\n")
See the installation logs and the following files/directories for more information:
/var/log/pki/pki-tomcat
Traceback (most recent call last):
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1649254466.6170526-1537-108901459555460/AnsiballZ_ipaserver_setup_ca.py", line 107, in <module>
_ansiballz_main()
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1649254466.6170526-1537-108901459555460/AnsiballZ_ipaserver_setup_ca.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/ubuntu/.ansible/tmp/ansible-tmp-1649254466.6170526-1537-108901459555460/AnsiballZ_ipaserver_setup_ca.py", line 48, in invoke_module
run_name='__main__', alter_sys=True)
File "/usr/lib/python2.7/runpy.py", line 188, in run_module
fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 82, in _run_module_code
mod_name, mod_fname, mod_loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/tmp/ansible_freeipa.ansible_freeipa.ipaserver_setup_ca_payload_d2YItA/ansible_freeipa.ansible_freeipa.ipaserver_setup_ca_payload.zip/ansible_collections/freeipa/ansible_freeipa/plugins/modules/ipaserver_setup_ca.py", line 356, in <module>
File "/tmp/ansible_freeipa.ansible_freeipa.ipaserver_setup_ca_payload_d2YItA/ansible_freeipa.ansible_freeipa.ipaserver_setup_ca_payload.zip/ansible_collections/freeipa/ansible_freeipa/plugins/modules/ipaserver_setup_ca.py", line 320, in main
File "/usr/lib/python2.7/dist-packages/ipaserver/install/ca.py", line 326, in install_step_0
use_ldaps=standalone)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 473, in configure_instance
self.start_creation(runtime=runtime)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 555, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 541, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py", line 658, in __spawn_instance
pki_pin)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py", line 152, in spawn_instance
self.handle_setup_error(e)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/dogtaginstance.py", line 393, in handle_setup_error
raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
Environment
Version
ansible [core 2.12.2]
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
Server where ansible
cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
Remote server
cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.6 LTS"
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
Created https://github.com/freeipa/ansible-freeipa/pull/800 - Remove Ubuntu from Supported Distributions