https://bugzilla.redhat.com/show_bug.cgi?id=757644
Description of problem: DNS reverse zone is created even when --no-reverse option is specified during ipa-replica-install. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa server with --setup-dns option. 2. Create a replica gpg file using: ipa-replica-prepare --ip-address=10.65.201.69 ratchet.testrelm 3. On slave: ipa-replica-install --setup-dns --forwarder=10.65.255.201 --no-reverse replica-info-ratchet.testrelm.gpg Actual results: reverse zone is successfully setup. Expected results: Should not create DNS reverse zone when --no-reverse is specified. Additional info: [root@ratchet ~]# ipa-replica-install --setup-dns --forwarder=10.65.255.201 --no-reverse replica-info-ratchet.testrelm.gpg Directory Manager (existing master) password: Warning: Hostname (ratchet.testrelm) not found in DNS Run connection check to master Check connection from replica to remote master 'jetfire.testrelm': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin@TESTRELM password: Execute check on remote master Check connection from master to remote replica 'ratchet.testrelm': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK Connection from master to replica is OK. Connection check OK Configuring ntpd [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd done configuring ntpd. Configuring directory server: Estimated time 31 minutes [1/29]: creating directory server user [2/29]: creating directory server instance [3/29]: adding default schema [4/29]: enabling memberof plugin [5/29]: enabling referential integrity plugin [6/29]: enabling winsync plugin [7/29]: configuring replication version plugin [8/29]: enabling IPA enrollment plugin [9/29]: enabling ldapi [10/29]: configuring uniqueness plugin [11/29]: configuring uuid plugin [12/29]: configuring modrdn plugin [13/29]: enabling entryUSN plugin [14/29]: configuring lockout plugin [15/29]: creating indices [16/29]: configuring ssl for ds instance [17/29]: configuring certmap.conf [18/29]: configure autobind for root [19/29]: configure new location for managed entries [20/29]: restarting directory server [21/29]: setting up initial replication Starting replication, please wait until this has completed. Update in progress Update in progress Update in progress Update succeeded [22/29]: adding replication acis [23/29]: setting Auto Member configuration [24/29]: initializing group membership [25/29]: adding master entry [26/29]: configuring Posix uid/gid generation [27/29]: enabling compatibility plugin Restarting IPA to initialize updates before performing deletes: [1/2]: stopping directory server [2/2]: starting directory server done configuring dirsrv. [28/29]: tuning directory server [29/29]: configuring directory to start on boot done configuring dirsrv. Configuring Kerberos KDC: Estimated time 30 minutes 30 seconds [1/9]: adding sasl mappings to the directory [2/9]: writing stash file from DS [3/9]: configuring KDC [4/9]: creating a keytab for the directory [5/9]: creating a keytab for the machine [6/9]: adding the password extension to the directory [7/9]: enable GSSAPI for replication [8/9]: starting the KDC [9/9]: configuring KDC to start on boot done configuring krb5kdc. Configuring ipa_kpasswd [1/2]: starting ipa_kpasswd [2/2]: configuring ipa_kpasswd to start on boot done configuring ipa_kpasswd. Configuring the web interface: Estimated time 31 minutes [1/12]: disabling mod_ssl in httpd [2/12]: setting mod_nss port to 443 [3/12]: setting mod_nss password file [4/12]: enabling mod_nss renegotiate [5/12]: adding URL rewriting rules [6/12]: configuring httpd [7/12]: setting up ssl [8/12]: publish CA cert [9/12]: creating a keytab for httpd [10/12]: configuring SELinux for httpd [11/12]: restarting httpd [12/12]: configuring httpd to start on boot done configuring httpd. Applying LDAP updates Restarting IPA to initialize updates before performing deletes: [1/2]: stopping directory server [2/2]: starting directory server done configuring dirsrv. Using reverse zone 201.65.10.in-addr.arpa. Configuring named: [1/8]: adding NS record to the zone [2/8]: setting up reverse zone [3/8]: setting up our own record [4/8]: setting up kerberos principal [5/8]: setting up named.conf [6/8]: restarting named [7/8]: configuring named to start on boot [8/8]: changing resolv.conf to point to ourselves done configuring named. [root@ratchet ~]# [root@ratchet ~]# ipa dnszone-find Zone name: 201.65.10.in-addr.arpa. Authoritative nameserver: jetfire.testrelm. Administrator e-mail address: root.201.65.10.in-addr.arpa. SOA serial: 2011281101 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Zone name: testrelm Authoritative nameserver: jetfire.testrelm. Administrator e-mail address: root.jetfire.testrelm. SOA serial: 2011281101 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE ---------------------------- Number of entries returned 2 ---------------------------- [root@ratchet ~]#
master: 2e860f6
ipa-2-2: 21e6f8e
Metadata Update from @dpal: - Issue assigned to ohamada - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.