Bug 1018018
Summary: | ipa-client-install to a different hostname can fail to set up new DNS records | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Michael Gregg <mgregg> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED WORKSFORME | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | mgregg, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-11 19:48:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Gregg
2013-10-11 01:43:18 UTC
I tested with ipa-server-3.3.2-1.el7.x86_64 and it worked fine for me: SERVER: # ipa dnszone-add other.zone.test --name-server=`hostname`. --dynamic-update Administrator e-mail address [hostmaster.other.zone.test.]: Zone name: other.zone.test Authoritative nameserver: vm-119.example.com. Administrator e-mail address: hostmaster.other.zone.test. SOA serial: 1381478396 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: TRUE Allow query: any; CLIENT: [root@vm-052 ~]# ipa-client-install --hostname client.other.zone.test Discovery was successful! Hostname: client.other.zone.test Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: vm-119.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: y User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Valid From: Fri Oct 11 07:28:43 2013 UTC Valid Until: Tue Oct 11 07:28:43 2033 UTC Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf New SSSD config will be created Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM Hostname (client.other.zone.test) not found in DNS DNS server record set to: client.other.zone.test -> 10.0.0.52 Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config SERVER: # ipa dnsrecord-show other.zone.test client Record name: client A record: 10.0.0.52 SSHFP record: 1 1 57322CB8429B154A83EC7985C9C173959AE32F8E, 1 2 7B9E1224743D1E2B218E278EFD474912993F2E08580081DB3EBAA420 A82F529F, 2 1 FC533874B195235557F0DC01B57DE114BF28ADB7, 2 2 FE767477F9680258F571F1756D345A9E2F6AE834720E4F63960183E1 DCAD2C5D Please check that your DNS zone exists and can accept dynamic updates. This is what I see in the provided log file: 2013-10-11T01:34:41Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2013-10-11T01:34:41Z DEBUG debug zone testrelm.com.nonexistent. update delete ipaqavmg.testrelm.com.nonexistent. IN A show send update add ipaqavmg.testrelm.com.nonexistent. 1200 IN A 10.16.98.192 show send 2013-10-11T01:34:41Z DEBUG Starting external process 2013-10-11T01:34:41Z DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt 2013-10-11T01:34:41Z DEBUG Process finished, return code=2 2013-10-11T01:34:41Z DEBUG stdout=Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;testrelm.com.nonexistent. IN SOA ;; UPDATE SECTION: ipaqavmg.testrelm.com.nonexistent. 0 ANY A Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;testrelm.com.nonexistent. IN SOA ;; UPDATE SECTION: ipaqavmg.testrelm.com.nonexistent. 1200 IN A 10.16.98.192 2013-10-11T01:34:41Z DEBUG stderr=Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10026 ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;testrelm.com.nonexistent. IN SOA ;; AUTHORITY SECTION: . 0 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013101001 1800 900 604800 86400 specified zone 'testrelm.com.nonexistent' does not exist (NXDOMAIN) Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12492 ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;testrelm.com.nonexistent. IN SOA ;; AUTHORITY SECTION: . 0 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013101001 1800 900 604800 86400 specified zone 'testrelm.com.nonexistent' does not exist (NXDOMAIN) 2013-10-11T01:34:41Z DEBUG nsupdate failed: Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 2 2013-10-11T01:34:41Z ERROR Failed to update DNS records. This is the important part: specified zone 'testrelm.com.nonexistent' does not exist (NXDOMAIN) I seem to be unable to reproduce this with last nights build. This is already covered in a QE test, so, we should know if this comes back. I am closing this bug. |