https://bugzilla.redhat.com/show_bug.cgi?id=882938 (Red Hat Enterprise Linux 6)
Description of problem: When ipa-replica-prepare is given --ip-address option, an A and PTR record should get added in the IPA DNS. This does not seem to work. Version-Release number of selected component (if applicable): [root@rasalghul ~]# rpm -qa | grep ipa-server ipa-server-3.0.0-9.el6.x86_64 ipa-server-selinux-3.0.0-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Install and configure IPA server with integrated DNS 2. Run ipa-replica-prepare for replica server with --ip-address option # ipa-replica-prepare --ip-address <Replica IP Address> <Replica Hostname> 3. Adding an entry in /etc/hosts for the replica works Actual results: [root@rasalghul ~]# ipa-replica-prepare --ip-address=10.65.201.109 wazwan.testrelm.com Directory Manager (existing master) password: Preparing replica for wazwan.testrelm.com from rasalghul.testrelm.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-wazwan.testrelm.com.gpg Adding DNS records for wazwan.testrelm.com preparation of replica failed: Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record File "/usr/sbin/ipa-replica-prepare", line 477, in <module> main() File "/usr/sbin/ipa-replica-prepare", line 465, in main add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 293, in add_zone force=force) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1063, in execute self, ldap, dn, entry_attrs, attrs_list, *keys, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1825, in pre_callback check_ns_rec_resolvable(keys[0], nameserver) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1526, in check_ns_rec_resolvable reason=_('Nameserver \'%(host)s\' does not have a corresponding A/AAAA record') % {'host': name} Expected results: Preparation of replica is successful with A and PTR record of the replica server added in IPA DNS. Additional info: [root@rasalghul ~]# man ipa-replica-prepare ... --ip-address=IP_ADDRESS IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS. ... [root@rasalghul ~]# ipa dnszone-find Zone name: 201.65.10.in-addr.arpa. Authoritative nameserver: rasalghul.testrelm.com. Administrator e-mail address: hostmaster.testrelm.com. SOA serial: 1354530593 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Zone name: 206.65.10.in-addr.arpa. Authoritative nameserver: sideswipe.testrelm.com. Administrator e-mail address: hostmaster.testrelm.com. SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Zone name: testrelm.com Authoritative nameserver: rasalghul.testrelm.com. Administrator e-mail address: hostmaster.testrelm.com. SOA serial: 1354530962 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 3 ---------------------------- [root@rasalghul ~]# ipa-replica-prepare --ip-address 10.65.201.109 wazwan.testrelm.com Directory Manager (existing master) password: Preparing replica for wazwan.testrelm.com from rasalghul.testrelm.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-wazwan.testrelm.com.gpg Adding DNS records for wazwan.testrelm.com preparation of replica failed: Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record File "/usr/sbin/ipa-replica-prepare", line 477, in <module> main() File "/usr/sbin/ipa-replica-prepare", line 465, in main add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 293, in add_zone force=force) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1063, in execute self, ldap, dn, entry_attrs, attrs_list, *keys, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1825, in pre_callback check_ns_rec_resolvable(keys[0], nameserver) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1526, in check_ns_rec_resolvable reason=_('Nameserver \'%(host)s\' does not have a corresponding A/AAAA record') % {'host': name} [root@rasalghul ~]# ipa-replica-prepare --ip-address=10.65.201.109 wazwan.testrelm.com Directory Manager (existing master) password: Preparing replica for wazwan.testrelm.com from rasalghul.testrelm.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-wazwan.testrelm.com.gpg Adding DNS records for wazwan.testrelm.com preparation of replica failed: Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record File "/usr/sbin/ipa-replica-prepare", line 477, in <module> main() File "/usr/sbin/ipa-replica-prepare", line 465, in main add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 293, in add_zone force=force) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1063, in execute self, ldap, dn, entry_attrs, attrs_list, *keys, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1825, in pre_callback check_ns_rec_resolvable(keys[0], nameserver) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1526, in check_ns_rec_resolvable reason=_('Nameserver \'%(host)s\' does not have a corresponding A/AAAA record') % {'host': name}
Note: the /etc/resolv.conf was not correct, the IPA server hostname was not resolvable. This target of this ticket is to only improve the raised error message so that it is more readable by user.
attachment freeipa-mkosek-338-improve-ipa-replica-prepare-error-message.patch
Patch freeipa-mkosek-338-improve-ipa-replica-prepare-error-message.patch sent for review
master: 152585e[[BR]] ipa-3-0: 55bace6
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.1 Stabilization
Login to comment on this ticket.