https://bugzilla.redhat.com/show_bug.cgi?id=894143 (Red Hat Enterprise Linux 6)
Description of problem: ipa-replica-prepare fails if idnsSOAserial attribute missing for zone of server being prepared. This is being seen after bug #894131 occurs. reverse zone does not have/show the SOA serial attribute for the zone. after replica deleted/uninstalled, attempting to re-run ipa-replica-prepare for it (with --ip-address) fails: Version-Release number of selected component (if applicable): ipa-server-3.0.0-19.el6.x86_64 How reproducible: always (at least when #894131) Steps to Reproduce: 1. Follow steps from bug #894131 2. uninstall replica but leave new zone in place without SOA Serial attr 3. ipa-replica-prepare -p Actual results: :: [23:19:12] :: Running: ipa-replica-prepare -p $ADMINPW --ip-address=<IP> <Hostname> Preparing replica for ipaqavmf.testrelm.com from ipaqavmh.testrelm.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-ipaqavmf.testrelm.com.gpg Adding DNS records for ipaqavmf.testrelm.com Using reverse zone 98.16.10.in-addr.arpa. preparation of replica failed: missing attribute "idnsSOAserial" required by object class "idnsZone" missing attribute "idnsSOAserial" required by object class "idnsZone" File "/usr/sbin/ipa-replica-prepare", line 477, in <module> main() File "/usr/sbin/ipa-replica-prepare", line 470, in main add_zone(reverse_zone) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 300, in add_zone add_ns_rr(name, hostname, dns_backup=None, force=True) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 327, in add_ns_rr force=force) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 306, in add_rr api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1071, in execute self._exc_wrapper(keys, options, ldap.add_entry)(dn, entry_attrs, normalize=self.obj.normalize_dn) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 994, in wrapped return func(*call_args, **call_kwargs) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1002, in exc_func self, keys, options, e, call_func, *args, **kwargs) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 2463, in exc_callback ldap.update_entry(dn, entry_attrs, **call_kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 1411, in update_entry self.handle_errors(e) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 714, in handle_errors raise errors.ObjectclassViolation(info=info) Expected results: Additional info:
Long term fix for this problem should be this: https://fedorahosted.org/freeipa/ticket/3347
I think that all we need to fix the ipa-replica-prepare issue would be to backport my patch 152585e (ticket #3283) to ipa-3-0 branch. With this patch applied, we'd get better worded errors:
ipa-replica-prepare
1) Zone 'example.com' does not have SOA serial configured # ipa-replica-prepare foo.example.com --ip-address 10.16.78.201 Directory Manager (existing master) password: Preparing replica for foo.example.com from vm-037.idm.lab.bos.redhat.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Saving dogtag Directory Server port Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-foo.example.com.gpg Adding DNS records for foo.example.com Could not create forward DNS zone for the replica: missing attribute "idnsSOAserial" required by object class "idnsZone" 2) Reverse zone 79.16.10.in-addr.arpa. does not have SOA serial configured # ipa-replica-prepare replica.idm.lab.bos.redhat.com --ip-address 10.16.79.101 Directory Manager (existing master) password: Preparing replica for replica.idm.lab.bos.redhat.com from vm-037.idm.lab.bos.redhat.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Saving dogtag Directory Server port Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-replica.idm.lab.bos.redhat.com.gpg Adding DNS records for replica.idm.lab.bos.redhat.com Using reverse zone 79.16.10.in-addr.arpa. Could not create reverse DNS zone for the replica: missing attribute "idnsSOAserial" required by object class "idnsZone"
I just see this was already pushed also to ipa-3-0. Nothing to be done upstream then, closing the ticket as invalid.
ipa-3-0
Metadata Update from @dpal: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0.3 (bug fixing)
Login to comment on this ticket.