Issue #2139: ipa-replica-install fails when --no-host-dns option is provided. - freeipa

freeipa

#2139 ipa-replica-install fails when --no-host-dns option is provided.

Closed: Fixed None Opened 12 years ago by mkosek.

https://bugzilla.redhat.com/show_bug.cgi?id=757681

Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-2.1.3-9.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup ipa-server.
2. Prepare a replica file.
3. ipa-replica-install with --no-host-dns option.

Actual results: replica install fails with "Unable to resolve IP address for
hos name"

Expected results: Should not use hostname lookup during installation and
replica install should be successful.


Additional info:

Looking up master from slave:
[root@ratchet ~]# nslookup jetfire.testrelm
Server:         10.65.201.71
Address:        10.65.201.71#53

Name:   jetfire.testrelm
Address: 10.65.201.71

[root@ratchet ~]#


Reverse lookup of master from slave:
[root@ratchet ~]# nslookup 10.65.201.71
Server:         10.65.201.71
Address:        10.65.201.71#53

71.201.65.10.in-addr.arpa       name = jetfire.testrelm.

[root@ratchet ~]#


/etc/hosts of slave:
[root@ratchet ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.65.201.71    jetfire.testrelm        jetfire
#10.65.201.69    ratchet.testrelm        ratchet
[root@ratchet ~]#


[root@ratchet ~]# ipa-replica-install  --skip-conncheck --no-host-dns
replica-info-ratchet.testrelm.gpg
Directory Manager (existing master) password:

Warning: skipping DNS resolution of host ratchet.testrelm
Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Unable to resolve IP address for host name
[root@ratchet ~]#



2011-11-28 16:31:06,897 DEBUG /usr/sbin/ipa-replica-install was invoked with
argument "replica-info-ratchet.testrelm.gpg" and options: {'no_forwarders':
False, 'ui_redirect': True, 'reverse_zone': None, 'unattended': False,
'no_host_dns': True, 'no_reverse': False, 'setup_dns': False, 'setup_ca':
False, 'forwarders': None, 'debug': False, 'conf_ntp': True, 'skip_conncheck':
True}
2011-11-28 16:31:06,897 DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-11-28 16:31:06,897 DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:09,719 DEBUG args=/usr/bin/gpg --batch --homedir
/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg --passphrase-fd 0 --yes --no-tty -o
/tmp/tmpGMQtBLipa/files.tar -d replica-info-ratchet.testrelm.gpg
2011-11-28 16:31:09,719 DEBUG stdout=
2011-11-28 16:31:09,719 DEBUG stderr=gpg: WARNING: unsafe permissions on
homedir `/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg'
gpg: keyring `/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg/secring.gpg' created
gpg: keyring `/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg/pubring.gpg' created
gpg: 3DES encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

2011-11-28 16:31:09,728 DEBUG args=tar xf /tmp/tmpGMQtBLipa/files.tar -C
/tmp/tmpGMQtBLipa
2011-11-28 16:31:09,729 DEBUG stdout=
2011-11-28 16:31:09,729 DEBUG stderr=
2011-11-28 16:31:09,753 DEBUG importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipalib/plugins'...
2011-11-28 16:31:09,754 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
2011-11-28 16:31:09,764 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
2011-11-28 16:31:09,790 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
2011-11-28 16:31:09,797 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
2011-11-28 16:31:09,798 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
2011-11-28 16:31:09,799 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
2011-11-28 16:31:09,814 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
2011-11-28 16:31:09,819 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
2011-11-28 16:31:09,822 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
2011-11-28 16:31:09,830 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
2011-11-28 16:31:09,834 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
2011-11-28 16:31:09,844 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
2011-11-28 16:31:09,845 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
2011-11-28 16:31:09,847 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
2011-11-28 16:31:09,850 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
2011-11-28 16:31:09,859 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
2011-11-28 16:31:09,860 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
2011-11-28 16:31:09,863 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
2011-11-28 16:31:09,863 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
2011-11-28 16:31:09,865 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
2011-11-28 16:31:09,869 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
2011-11-28 16:31:09,870 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
2011-11-28 16:31:09,874 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
2011-11-28 16:31:09,884 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
2011-11-28 16:31:09,888 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
2011-11-28 16:31:09,888 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
2011-11-28 16:31:09,890 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
2011-11-28 16:31:09,900 DEBUG args=klist -V
2011-11-28 16:31:09,900 DEBUG stdout=Kerberos 5 version 1.9

2011-11-28 16:31:09,900 DEBUG stderr=
2011-11-28 16:31:09,905 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
2011-11-28 16:31:09,906 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
2011-11-28 16:31:09,908 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
2011-11-28 16:31:09,909 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
2011-11-28 16:31:09,910 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
2011-11-28 16:31:09,912 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
2011-11-28 16:31:09,921 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
2011-11-28 16:31:09,921 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
2011-11-28 16:31:09,921 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
2011-11-28 16:31:09,921 DEBUG importing all plugin modules in
'/usr/lib/python2.6/site-packages/ipaserver/plugins'...
2011-11-28 16:31:09,922 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py'
2011-11-28 16:31:09,941 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/plugins/join.py'
2011-11-28 16:31:09,942 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py'
2011-11-28 16:31:09,942 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/plugins/rabase.py'
2011-11-28 16:31:09,942 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/plugins/selfsign.py'
2011-11-28 16:31:09,943 DEBUG skipping plugin module
ipaserver.plugins.selfsign: selfsign is not selected as RA plugin, it is dogtag
2011-11-28 16:31:09,943 DEBUG importing plugin module
'/usr/lib/python2.6/site-packages/ipaserver/plugins/xmlserver.py'
2011-11-28 16:31:10,022 DEBUG Mounting ipaserver.rpcserver.jsonserver() at
'json'
2011-11-28 16:31:10,033 DEBUG Mounting ipaserver.rpcserver.xmlserver() at 'xml'
2011-11-28 16:31:10,665 DEBUG ds group dirsrv exists
2011-11-28 16:31:10,665 DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:10,680 DEBUG Created connection context.ldap2_35333584
2011-11-28 16:31:10,860 DEBUG Destroyed connection context.ldap2_35333584
2011-11-28 16:31:10,861 DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:10,861 DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2011-11-28 16:31:10,861 DEBUG Configuring ntpd
2011-11-28 16:31:10,862 DEBUG   [1/4]: stopping ntpd
2011-11-28 16:31:10,929 DEBUG args=/sbin/service ntpd status
2011-11-28 16:31:10,930 DEBUG stdout=ntpd is stopped

2011-11-28 16:31:10,930 DEBUG stderr=
2011-11-28 16:31:10,930 DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:10,979 DEBUG args=/sbin/service ntpd stop
2011-11-28 16:31:10,980 DEBUG stdout=Shutting down ntpd:   [FAILED]

2011-11-28 16:31:10,980 DEBUG stderr=
2011-11-28 16:31:10,980 DEBUG   duration: 0 seconds
2011-11-28 16:31:10,980 DEBUG   [2/4]: writing configuration
2011-11-28 16:31:10,980 DEBUG Backing up system configuration file
'/etc/ntp.conf'
2011-11-28 16:31:10,981 DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2011-11-28 16:31:10,981 DEBUG Backing up system configuration file
'/etc/sysconfig/ntpd'
2011-11-28 16:31:10,982 DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2011-11-28 16:31:10,983 DEBUG   duration: 0 seconds
2011-11-28 16:31:10,983 DEBUG   [3/4]: configuring ntpd to start on boot
2011-11-28 16:31:10,996 DEBUG args=/sbin/chkconfig ntpd
2011-11-28 16:31:10,996 DEBUG stdout=
2011-11-28 16:31:10,996 DEBUG stderr=
2011-11-28 16:31:10,996 DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:11,385 DEBUG args=/sbin/chkconfig ntpd on
2011-11-28 16:31:11,386 DEBUG stdout=
2011-11-28 16:31:11,386 DEBUG stderr=
2011-11-28 16:31:11,386 DEBUG   duration: 0 seconds
2011-11-28 16:31:11,386 DEBUG   [4/4]: starting ntpd
2011-11-28 16:31:11,429 DEBUG args=/sbin/service ntpd start
2011-11-28 16:31:11,429 DEBUG stdout=Starting ntpd:        [  OK  ]

2011-11-28 16:31:11,429 DEBUG stderr=
2011-11-28 16:31:11,430 DEBUG   duration: 0 seconds
2011-11-28 16:31:11,430 DEBUG done configuring ntpd.
2011-11-28 16:31:11,431 DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:11,452 DEBUG Created connection context.ldap2
2011-11-28 16:31:11,452 DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:11,453 DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'

mkosek commented 12 years ago

Implementation proposal which has been agreed by abbra and me:
1. --no-host-dns specified and we fail to get the ip address: fail, instruct user to specify ip address via --ip-address or /etc/hosts
2. In case --ip-address is specified, automatically enable --no-host-dns and do check that after adding DNS entries the ip address is resolvable to the hostname in replica file

If possible, the checks should be generic so that we don't repeat ourselves too much in ipa-server-install and ipa-replica-install

rmeggins commented 12 years ago

I can confirm that these patches allow ipa-replica-install to work successfully on F-16.

mkosek commented 12 years ago

Thanks for the test Rich, I hope they will get ACK soon so that they can be pushed.

mkosek commented 12 years ago

master:[[BR]]
5550ee1[[BR]]
649d13b[[BR]]
bc50856[[BR]]
95f3ec5[[BR]]

ipa-2-2:[[BR]]
6bb719b[[BR]]
61ad6e0[[BR]]
8413882[[BR]]
4b7d430[[BR]]

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01

7 years ago

Metadata

Assignee

mkosek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.2 Core Effort - 2012/01

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=757681

tester

None

changelog

None

design

None

freeipa

Source Code

#2139 ipa-replica-install fails when --no-host-dns option is provided. Closed: Fixed None Opened 12 years ago by mkosek.

Metadata

#2139 ipa-replica-install fails when --no-host-dns option is provided.

Closed: Fixed None Opened 12 years ago by mkosek.