freeipa

Clone
Source Code
GIT

#3496 Replica installation fails if forward zone is not present
Closed: Fixed None Opened 11 years ago by pspacek.

Closed: Fixed
Reopen Issue

Replica file preparation - no --ip-address option is present, but the vm-035 is installed with DNS (realm R.TEST):

ipa-replica-prepare -p password vm-070.example.com
Preparing replica for vm-070.example.com from vm-035.example.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-vm-070.example.com.gpg

Now on replica - no --setup-dns option is present:

ipa-replica-install replica-info-vm-070.example.com.gpg 
Directory Manager (existing master) password:

...

Done configuring NTP daemon (ntpd).

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Unexpected error - see /var/log/ipareplica-install.log for details:
NotFound: example.com: DNS zone not found

/var/log/ipareplica-install.log:

{{{2013-03-07T16:53:32Z DEBUG dnsrecord_add(u'r.test', u'_ntp._udp', a_extra_create_reverse=False, aaaa_extra_create_reverse=False, srvrecord=(u'0 100 123 vm-070.example.com.',), force=False, structured=False, all=False, raw=False)
2013-03-07T16:53:32Z DEBUG raw: dnsrecord_add(u'example.com', u'vm-070', arecord=u'192.0.2.70')
2013-03-07T16:53:32Z DEBUG dnsrecord_add(u'example.com', u'vm-070', arecord=(u'192.0.2.70',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False)
2013-03-07T16:53:32Z INFO   File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-replica-install", line 470, in main
    install_dns_records(config, options)

  File "/usr/sbin/ipa-replica-install", line 267, in install_dns_records
    reverse_zone, options.conf_ntp)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 694, in add_master_dns_records
    self.__add_self()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 607, in __add_self
    add_fwd_rr(self.host_domain, self.host, self.ip_address)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 315, in add_fwd_rr
    add_rr(zone, host, "A", ip_address)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 306, in add_rr
    api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)

  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
    ret = self.run(*args, **options)

  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
    return self.execute(*args, **options)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1078, in execute
    'oname': self.api.Object[parent].object_name,

2013-03-07T16:53:32Z INFO The ipa-replica-install command failed, exception: NotFound: idm.lab.eng.brq.redhat.com: DNS zone not found

IPA version: ipa-server-3.0.0-25.el6.x86_64

Petr, if I'm reading this right, you do this:

- ipa-server-install --setup-dns
- ipa-replica-prepare --ip-address=...
- ipa-replica-install
- FAIL

Is this sequence right?

Replying to [comment:1 rcritten]:

  • ipa-server-install --setup-dns
  • ipa-replica-prepare --ip-address=...
    I used ipa-replica-prepare without --ip-adddress (see the first sentence iin ticket description :-)
  • ipa-replica-install replica-info-vm-070.example.com.gpg
  • ipa-replica-install
  • FAIL

Is this sequence right?
It is, except --ip-address as mentioned above.

The problem is that zone example.com is not managed by IPA. (Admin decided to use IPA for other zones, but not for example.com.) Replica installer tries to add records for new replica even if no --ip-address option was used and zone example.com doesn't exist in IPA.

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=924078

The presence of --ip-address option when using ipa-replica-prepare should be irrelevant to this problem. It only adds A and PTR records on master and does not save any additional information to packaged replica information file. We need properly take care of the case if the zone example.com is not managed by IPA.

Moving unfinished March tickets to April milestone.

master: ff01a08

ipa-3-1: b50ebfb

Metadata Update from @pspacek:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.2 - 2013/04 (Beta)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Replication
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=924078
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.