freeipa

Clone
Source Code
GIT

#3575 ipa-server-install does not properly handle dual stacked hosts
Closed: Fixed None Opened 11 years ago by mkosek.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 952676

Description of problem:
When running the installer on a dual stacked system, the user is presented with
the following question:

 The server hostname resolves to more than one address:
   yyyy:yyyy:yyyy:yyyy::4
   xxx.xxx.xxx.180
 Please provide the IP address to be used for this host name:

The actual answer to this question seems to be ignored - the installer seems to
successfully configure FreeIPA listening on both v4 and v6 addresses.

Additionally, the zone file suggested by FreeIPA does not contain a AAAA
record. This is incorrect.
Version-Release number of selected component (if applicable):
3.1.3

How reproducible:
Always

Steps to Reproduce:
1. Configure IPv4 and IPv6 fully on a host
2. Install FreeIPA

Actual results:
Spurious question presented, zone file does not contain quad AAA record.

Expected results:
Installer should recognise dual-stacked configuration and generate a AAAA
record in the zone file.

Additional info:

Prometheus% telnet ds 389
Trying xxxx:xxx:x:xxx::4...
Connected to ds.
Escape character is '^]'.

[root@ds ~]# netstat -a | grep -i listen
tcp        0      0 *:kerberos              *:*                     LISTEN
tcp        0      0 *:kerberos-adm          *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 *:kpasswd               *:*                     LISTEN
tcp6       0      0 [::]:kerberos           [::]:*                  LISTEN
tcp6       0      0 [::]:https              [::]:*                  LISTEN
tcp6       0      0 [::]:ldaps              [::]:*                  LISTEN
tcp6       0      0 [::]:ldap               [::]:*                  LISTEN
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN
tcp6       0      0 [::]:webcache           [::]:*                  LISTEN
tcp6       0      0 [::]:http               [::]:*                  LISTEN
tcp6       0      0 [::]:kpasswd            [::]:*                  LISTEN

Related bug for ipa-client-install: #4249

Related to #3338.

We should only force people to pass --ip-address if the hostname is not resolvable. If it is and no --ip-address is given, we should just use standard resolution to find out all addresses and use them as forward records.

Need changes to the installer to explain why we are asking for this.

This issue was also reported in https://bugzilla.redhat.com/show_bug.cgi?id=1125415 and blocks some of the other development - moving to NEEDS TRIAGE to re-prioritize.

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1125415 (Fedora)

Stephen will need this for F22, but as Simo noted, this is a nasty one - we should fix earlier.

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1128380 (Red Hat Enterprise Linux 7)

The patch now depends on freeipa-dkupka-0012 as both modifies the same part of code.

Patch hits code which is changing now.

master:

  • 947c739 Detect and configure all usable IP addresses.

ipa-4-1:

  • 579b614 Detect and configure all usable IP addresses.

master:

  • 47731f4 Fix printing of reverse zones in ipa-dns-install.

ipa-4-1:

  • 7e5a71d Fix printing of reverse zones in ipa-dns-install.

Metadata Update from @mkosek:
- Issue assigned to dkupka
- Issue set to the milestone: FreeIPA 4.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
Installation
None
1
ipv6
None
jcholast, mbasti
None
https://bugzilla.redhat.com/show_bug.cgi?id=952676, https://bugzilla.redhat.com/show_bug.cgi?id=1125415, https://bugzilla.redhat.com/show_bug.cgi?id=1128380
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.