Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1072502
Created attachment 870544 /var/log/ipaserver-install.log Description of problem: running ipa-server-install --setup-dns results in a crash Version-Release number of selected component (if applicable): RHEL 7 beta snapshot 8 How reproducible: Steps to Reproduce: [root@idm1 yum.repos.d]# ipa-server-install --setup-dns The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Existing BIND configuration detected, overwrite? [no]: yes Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form <hostname>.<domainname> Example: master.example.com. Server host name [idm1.linux.lab]: Warning: skipping DNS resolution of host idm1.linux.lab The domain name has been determined based on the host name. Please confirm the domain name [linux.lab]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [LINUX.LAB]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): Do you want to configure DNS forwarders? [yes]: Enter the IP address of DNS forwarder to use, or press Enter to finish. Enter IP address for a DNS forwarder: 192.168.0.40 DNS forwarder 192.168.0.40 added Enter IP address for a DNS forwarder: 192.168.0.60 DNS forwarder 192.168.0.60 added Enter IP address for a DNS forwarder: Do you want to configure the reverse zone? [yes]: Please specify the reverse zone name [0.168.192.in-addr.arpa.]: Using reverse zone 0.168.192.in-addr.arpa. The IPA Master Server will be configured with: Hostname: idm1.linux.lab IP address: 192.168.0.80 Domain name: linux.lab Realm name: LINUX.LAB BIND DNS server will be configured to serve IPA domain with: Forwarders: 192.168.0.40, 192.168.0.60 Reverse zone: 0.168.192.in-addr.arpa. Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user . . . Actual results: [2/38]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpTbUKBx' returned non-zero exit status 1 ipa : CRITICAL Failed to restart the directory server (Command '/bin/systemctl restart dirsrv@LINUX-LAB.service' returned non-zero exit status 1). See the installation log for details. [3/38]: adding default schema Unexpected error - see /var/log/ipaserver-install.log for details: IOError: [Errno 2] No such file or directory: '/etc/dirsrv/slapd-LINUX-LAB//schema/60kerberos.ldif' Expected results: completion of install without errors. Additional info:
My assessment:
With --setup-dns flag, some hostname the reverse record validation is skipped. We also skip adding a record in /etc/hosts when hostname is resolvable, but apparently DS instance cannot be created what that is missing. We should extend get_server_ip_address function in installutils.py to add these record in this case.
Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.
FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.
As we checked with David yesterday, Fedora20/RHEL-7 no longer crash when reverse address is missing, but forward is present.
As part of this ticket we should at least make sure that /etc/hosts record is always added when --setup-dns is passed (to prevent starting services chicken-egg problem).
/etc/hosts
--setup-dns
attachment freeipa-dkupka-0012-Add-record-s-to-etc-host-when-IPA-is-configured-as-D.patch
Apply this patch (freeipa-dkupka-0012) after freeipa-dkupka-0009 as both touch the same part of code.
attachment freeipa-dkupka-0012-2-Add-record-s-to-etc-host-when-IPA-is-configured-as-D.patch
The patch no longer depends on 0009 because 0012 is going to ipa-4.0 and 0009 to ipa-4.1.
master:
ipa-4-1:
ipa-4-0:
Metadata Update from @mkosek: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.0.2
Login to comment on this ticket.