Bug 1340880
Summary: | ipa-server-install: improve prompt on interactive installation | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Marc Muehlfeld <mmuehlfe> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Sudhir Menon <sumenon> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | mbasti, pvoborni, rcritten, sumenon |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.5.0-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 09:37:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marc Muehlfeld
2016-05-30 14:16:25 UTC
Installer promts to provide IP address only when IP cannot be resolved from hostname using DNS. So something happened to DNS after uninstall. In case you have installed IPA DNS, you may experiencing this bug: https://fedorahosted.org/freeipa/ticket/5262 or this https://fedorahosted.org/freeipa/ticket/5875 However, I cannot reproduce this behavior on master (except #5875). Can you check the values in /etc/resolv.conf after uninstall? After the uninstall /etc/resolv.conf uses a DNS server that is not able to resolve the hostname/IP. I had an entry in /etc/hosts, but this was removed during the uninstall. If I add it again, the message I mentioned, doesn't appear any more. I hope, this helps you to reproduce the situation. Upstream ticket: https://fedorahosted.org/freeipa/ticket/5949 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/28bc54f91dfbd76887180fa67ceecb46977a4fb8 Marking the bug as verified as the issue is no more seen on RHEL7.4 ipa-server-4.5.0-13.el7.x86_64 389-ds-base-1.3.6.1-15.el7.x86_64 sssd-1.15.2-37.el7.x86_64 selinux-policy-3.13.1-152.el7.noarch krb5-server-1.15.1-8.el7.x86_64 pki-server-10.4.1-6.el7.noarch [root@autohv02 ~]# ipa-server-install --uninstall This is a NON REVERSIBLE operation and will delete all data and configuration! It is highly recommended to take a backup of existing data and configuration using ipa-backup utility before proceeding. Are you sure you want to continue with the uninstall procedure? [no]: yes Updating DNS system records ipa : ERROR unable to resolve host name autohv02.trustcli.test. to IP address, ipa-ca DNS record will be incomplete ------------------------------------------- Deleted IPA server "autohv02.trustcli.test" ------------------------------------------- Shutting down all IPA services Unconfiguring ntpd Configuring certmonger to stop tracking system certificates for KRA Configuring certmonger to stop tracking system certificates for CA Unconfiguring CA Unconfiguring named Unconfiguring ipa-dnskeysyncd Unconfiguring web server Unconfiguring krb5kdc Unconfiguring kadmin Unconfiguring directory server Unconfiguring smb Unconfiguring ipa-custodia Unconfiguring ipa-otpd Removing IPA client configuration Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Systemwide CA database updated. Client uninstall complete. The ipa-client-install command was successful 2. resolv.conf reverted to original status after uninstall [root@autohv02 ~]# cat /etc/resolv.conf # Generated by NetworkManager search trustcli.test nameserver *.*.*.* nameserver *.*.*.* 3. Interactive installation again [root@autohv02 ~]# ipa-server-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure the KDC to enable PKINIT To accept the default shown in brackets, press the Enter key. WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Do you want to configure integrated DNS (BIND)? [no]: yes Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form <hostname>.<domainname> Example: master.example.com. Server host name [autohv02.trustcli.test]: Warning: skipping DNS resolution of host autohv02.trustcli.test The domain name has been determined based on the host name. Please confirm the domain name [trustcli.test]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [TRUSTCLI.TEST]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): Checking DNS domain trustcli.test., please wait ... Do you want to configure DNS forwarders? [yes]: yes Following DNS servers are configured in /etc/resolv.conf: 10.16.36.29, 10.11.5.19, 10.5.30.160 Do you want to configure these servers as DNS forwarders? [yes]: All DNS servers from /etc/resolv.conf were added. You can enter additional addresses now: Enter an IP address for a DNS forwarder, or press Enter to skip: Checking DNS forwarders, please wait ... Do you want to search for missing reverse zones? [yes]: no The IPA Master Server will be configured with: Hostname: autohv02.trustcli.test IP address(es): *.*.*.* Domain name: trustcli.test Realm name: TRUSTCLI.TEST BIND DNS server will be configured to serve IPA domain with: Forwarders: *.*.*.* Forward policy: only Reverse zone(s): No reverse zone Continue to configure the system with these values? [no]: =========================================== Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |