#4220 running ipa-server-install --setup-dns results in a crash
Closed: Fixed None Opened 10 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1072502

Created attachment 870544
/var/log/ipaserver-install.log

Description of problem:

running ipa-server-install --setup-dns results in a crash

Version-Release number of selected component (if applicable):
RHEL 7 beta snapshot 8

How reproducible:


Steps to Reproduce:
[root@idm1 yum.repos.d]# ipa-server-install --setup-dns

The log file for this installation can be found in
/var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be
disabled
in favor of ntpd

Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [idm1.linux.lab]:

Warning: skipping DNS resolution of host idm1.linux.lab
The domain name has been determined based on the host name.

Please confirm the domain name [linux.lab]:

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [LINUX.LAB]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password:
Password (confirm):

The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.

IPA admin password:
Password (confirm):

Do you want to configure DNS forwarders? [yes]:
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 192.168.0.40
DNS forwarder 192.168.0.40 added
Enter IP address for a DNS forwarder: 192.168.0.60
DNS forwarder 192.168.0.60 added
Enter IP address for a DNS forwarder:
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [0.168.192.in-addr.arpa.]:
Using reverse zone 0.168.192.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname:      idm1.linux.lab
IP address:    192.168.0.80
Domain name:   linux.lab
Realm name:    LINUX.LAB

BIND DNS server will be configured to serve IPA domain with:
Forwarders:    192.168.0.40, 192.168.0.60
Reverse zone:  0.168.192.in-addr.arpa.

Continue to configure the system with these values? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/38]: creating directory server user
. . .


Actual results:

  [2/38]: creating directory server instance
ipa         : CRITICAL failed to create ds instance Command
'/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpTbUKBx' returned
non-zero exit status 1
ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv@LINUX-LAB.service' returned non-zero exit status
1). See the installation log for details.
  [3/38]: adding default schema
Unexpected error - see /var/log/ipaserver-install.log for details:
IOError: [Errno 2] No such file or directory:
'/etc/dirsrv/slapd-LINUX-LAB//schema/60kerberos.ldif'

Expected results:
completion of install without errors.

Additional info:

My assessment:

With --setup-dns flag, some hostname the reverse record validation is skipped. We also skip adding a record in /etc/hosts when hostname is resolvable, but apparently DS instance cannot be created what that is missing.

We should extend get_server_ip_address function in installutils.py to add these record in this case.

Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.

FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.

As we checked with David yesterday, Fedora20/RHEL-7 no longer crash when reverse address is missing, but forward is present.

As part of this ticket we should at least make sure that /etc/hosts record is always added when --setup-dns is passed (to prevent starting services chicken-egg problem).

Apply this patch (freeipa-dkupka-0012) after freeipa-dkupka-0009 as both touch the same part of code.

The patch no longer depends on 0009 because 0012 is going to ipa-4.0 and 0009 to ipa-4.1.

master:

  • 8aa01e2 Add record(s) to /etc/host when IPA is configured as DNS server.

ipa-4-1:

  • 7baf8fe Add record(s) to /etc/host when IPA is configured as DNS server.

ipa-4-0:

  • c1b680c Add record(s) to /etc/host when IPA is configured as DNS server.

Metadata Update from @mkosek:
- Issue assigned to dkupka
- Issue set to the milestone: FreeIPA 4.0.2

7 years ago

Login to comment on this ticket.

Metadata