freeipa

Clone
Source Code
GIT

#3341 ipa-replica-prepare fails when reverse zone does not have SOA serial data
Closed: Invalid None Opened 11 years ago by dpal.

Closed: Invalid
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=894143 (Red Hat Enterprise Linux 6)

Description of problem:

ipa-replica-prepare fails if idnsSOAserial attribute missing for zone of server
being prepared.

This is being seen after bug #894131 occurs.  reverse zone does not have/show
the SOA serial attribute for the zone.  after replica deleted/uninstalled,
attempting to re-run ipa-replica-prepare for it (with --ip-address) fails:


Version-Release number of selected component (if applicable):
ipa-server-3.0.0-19.el6.x86_64


How reproducible:
always (at least when #894131)

Steps to Reproduce:
1.  Follow steps from bug #894131
2.  uninstall replica but leave new zone in place without SOA Serial attr
3.  ipa-replica-prepare -p

Actual results:

:: [23:19:12] ::  Running: ipa-replica-prepare -p $ADMINPW --ip-address=<IP>
<Hostname>

Preparing replica for ipaqavmf.testrelm.com from ipaqavmh.testrelm.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into
/var/lib/ipa/replica-info-ipaqavmf.testrelm.com.gpg
Adding DNS records for ipaqavmf.testrelm.com
Using reverse zone 98.16.10.in-addr.arpa.
preparation of replica failed: missing attribute "idnsSOAserial" required by
object class "idnsZone"
missing attribute "idnsSOAserial" required by object class "idnsZone"
  File "/usr/sbin/ipa-replica-prepare", line 477, in <module>
    main()

  File "/usr/sbin/ipa-replica-prepare", line 470, in main
    add_zone(reverse_zone)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
line 300, in add_zone
    add_ns_rr(name, hostname, dns_backup=None, force=True)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
line 327, in add_ns_rr
    force=force)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
line 306, in add_rr
    api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)

  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in
__call__
    ret = self.run(*args, **options)

  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
    return self.execute(*args, **options)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line
1071, in execute
    self._exc_wrapper(keys, options, ldap.add_entry)(dn, entry_attrs,
normalize=self.obj.normalize_dn)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 994,
in wrapped
    return func(*call_args, **call_kwargs)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line
1002, in exc_func
    self, keys, options, e, call_func, *args, **kwargs)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 2463, in
exc_callback
    ldap.update_entry(dn, entry_attrs, **call_kwargs)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line
1411, in update_entry
    self.handle_errors(e)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 714,
in handle_errors
    raise errors.ObjectclassViolation(info=info)
Expected results:


Additional info:

Long term fix for this problem should be this: ​https://fedorahosted.org/freeipa/ticket/3347

I think that all we need to fix the ipa-replica-prepare issue would be to backport my patch 152585e (ticket #3283) to ipa-3-0 branch. With this patch applied, we'd get better worded errors:

1) Zone 'example.com' does not have SOA serial configured

# ipa-replica-prepare foo.example.com --ip-address 10.16.78.201
Directory Manager (existing master) password:

Preparing replica for foo.example.com from vm-037.idm.lab.bos.redhat.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Saving dogtag Directory Server port
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-foo.example.com.gpg
Adding DNS records for foo.example.com
Could not create forward DNS zone for the replica: missing attribute "idnsSOAserial" required by object class "idnsZone"

2) Reverse zone 79.16.10.in-addr.arpa. does not have SOA serial configured

# ipa-replica-prepare replica.idm.lab.bos.redhat.com --ip-address 10.16.79.101
Directory Manager (existing master) password:

Preparing replica for replica.idm.lab.bos.redhat.com from vm-037.idm.lab.bos.redhat.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Saving dogtag Directory Server port
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-replica.idm.lab.bos.redhat.com.gpg
Adding DNS records for replica.idm.lab.bos.redhat.com
Using reverse zone 79.16.10.in-addr.arpa.
Could not create reverse DNS zone for the replica: missing attribute "idnsSOAserial" required by object class "idnsZone"

I just see this was already pushed also to ipa-3-0. Nothing to be done upstream then, closing the ticket as invalid.

Metadata Update from @dpal:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.0.3 (bug fixing)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=894143
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.