infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

[ipaserver] Include toddlers setup for prod #2650

Merged
ryanlerch merged 1 commit from toddlers_prod into main 2025-05-29 08:46:38 +00:00
Conversation 4 Commits 1 Files changed 1 -1
lenkaseg commented 2025-05-29 08:27:26 +00:00
Contributor
Copy link

Signed-off-by: Lenka Segura lsegura@redhat.com

Signed-off-by: Lenka Segura <lsegura@redhat.com>
zuul commented 2025-05-29 08:30:49 +00:00
First-time contributor
Copy link

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/d0df332a836546c1bea9a8dfa8376b78

Build succeeded. https://fedora.softwarefactory-project.io/zuul/buildset/d0df332a836546c1bea9a8dfa8376b78 - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/2a29aadabdde41b7bba542415ac0a32a) : SUCCESS in 2m 47s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/83555df1d95c4426a0c2134cc7ef067d) : SUCCESS in 2m 28s
lenkaseg commented 2025-05-29 08:32:18 +00:00
Author
Contributor
Copy link

The toddler cleaning_packager_groups needs ipa server with toddler setup running on production.

The toddler `cleaning_packager_groups` needs ipa server with toddler setup running on production.
zlopez commented 2025-05-29 08:46:39 +00:00
Contributor
Copy link

Pull-Request has been merged by zlopez

Pull-Request has been merged by zlopez
zlopez commented 2025-05-29 08:52:27 +00:00
Contributor
Copy link

I tried to run the playbook with -t toddlers and something is missing.

fatal: [ipa02.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.515365", "end": "2025-05-29 08:48:03.964192", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.448827", "stderr": "ipa: ERROR: did not receive Kerberos credentials", "stderr_lines": ["ipa: ERROR: did not receive Kerberos credentials"], "stdout": "", "stdout_lines": []}
fatal: [ipa01.stg.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.884026", "end": "2025-05-29 08:48:04.023617", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.139591", "stderr": "ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=Group Membership Synchronization,cn=privileges,cn=pbac,dc=stg,dc=fedoraproject,dc=org'.", "stderr_lines": ["ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=Group Membership Synchronization,cn=privileges,cn=pbac,dc=stg,dc=fedoraproject,dc=org'."], "stdout": "", "stdout_lines": []}
fatal: [ipa02.stg.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.543576", "end": "2025-05-29 08:48:04.189337", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.645761", "stderr": "ipa: ERROR: did not receive Kerberos credentials", "stderr_lines": ["ipa: ERROR: did not receive Kerberos credentials"], "stdout": "", "stdout_lines": []}
fatal: [ipa03.stg.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.557461", "end": "2025-05-29 08:48:04.255243", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.697782", "stderr": "ipa: ERROR: did not receive Kerberos credentials", "stderr_lines": ["ipa: ERROR: did not receive Kerberos credentials"], "stdout": "", "stdout_lines": []}

My assumption is that you need to add toddlers tag to Get admin ticket task.

I tried to run the playbook with -t toddlers and something is missing. ``` fatal: [ipa02.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.515365", "end": "2025-05-29 08:48:03.964192", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.448827", "stderr": "ipa: ERROR: did not receive Kerberos credentials", "stderr_lines": ["ipa: ERROR: did not receive Kerberos credentials"], "stdout": "", "stdout_lines": []} fatal: [ipa01.stg.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.884026", "end": "2025-05-29 08:48:04.023617", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.139591", "stderr": "ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=Group Membership Synchronization,cn=privileges,cn=pbac,dc=stg,dc=fedoraproject,dc=org'.", "stderr_lines": ["ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=Group Membership Synchronization,cn=privileges,cn=pbac,dc=stg,dc=fedoraproject,dc=org'."], "stdout": "", "stdout_lines": []} fatal: [ipa02.stg.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.543576", "end": "2025-05-29 08:48:04.189337", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.645761", "stderr": "ipa: ERROR: did not receive Kerberos credentials", "stderr_lines": ["ipa: ERROR: did not receive Kerberos credentials"], "stdout": "", "stdout_lines": []} fatal: [ipa03.stg.iad2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": ["ipa", "privilege-add", "Group Membership Synchronization", "--desc=Toddler to synchronize group memberships"], "delta": "0:00:00.557461", "end": "2025-05-29 08:48:04.255243", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2025-05-29 08:48:03.697782", "stderr": "ipa: ERROR: did not receive Kerberos credentials", "stderr_lines": ["ipa: ERROR: did not receive Kerberos credentials"], "stdout": "", "stdout_lines": []} ``` My assumption is that you need to add toddlers tag to `Get admin ticket` task.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
freeze-break-request

   
post-freeze
No labels
freeze-break-request
post-freeze
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/ansible#2650
No description provided.
Delete branch "toddlers_prod"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?