Bug 1340880

Summary: ipa-server-install: improve prompt on interactive installation
Product: Red Hat Enterprise Linux 7 Reporter: Marc Muehlfeld <mmuehlfe>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Sudhir Menon <sumenon>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.2CC: mbasti, pvoborni, rcritten, sumenon
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: ipa-4.5.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 09:37:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Marc Muehlfeld 2016-05-30 14:16:25 UTC
Description of problem:
When re-installing IPA, ipa-server-install asks for the IP address (this seems only to appear when uninstalling + installing IPA again and not on the first installation). One of the message texts should be enhanced to be more clear how to continue with the installation. It is required to enter at least one IP and when you're asked again, you have to press [Enter] to continue with the installation.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Uninstall IPA (ipa-server-install --uninstall)
2. Install IPA again (ipa-server-install)

Actual results:
During the interactive setup, the user is asked to enter the IP address to use:
> ...
> Enter the IP address to use, or press Enter to finish.
> Please provide the IP address to be used for this host name:
> Please provide the IP address to be used for this host name:

Expected results:
The prompt asking the user for the IP should be extended. Currently after entering an IP, it asks the same question again and again. Only if you just press [Enter], the installation continues.

The message should make clear that at least one IP is required (that's already in the text) and pressing [Enter] on a further appearance will continue with the installation. Something like:
> ...
> Enter the IP address to use, or press Enter to finish.
> Please provide the IP address to be used for this host name:
> Please provide the IP address to be used for this host name. Leave blank to continue with the installation:

Comment 2 Martin Bašti 2016-05-30 16:58:16 UTC
Installer promts to provide IP address only when IP cannot be resolved from hostname using DNS. So something happened to DNS after uninstall.

In case you have installed IPA DNS, you may experiencing this bug:
or this

However, I cannot reproduce this behavior on master (except #5875).

Can you check the values in /etc/resolv.conf after uninstall?

Comment 3 Marc Muehlfeld 2016-05-31 07:21:52 UTC
After the uninstall /etc/resolv.conf uses a DNS server that is not able to resolve the hostname/IP. I had an entry in /etc/hosts, but this was removed during the uninstall. If I add it again, the message I mentioned, doesn't appear any more. I hope, this helps you to reproduce the situation.

Comment 4 Petr Vobornik 2016-06-10 12:22:17 UTC
Upstream ticket:

Comment 5 Martin Bašti 2016-11-11 12:51:59 UTC
Fixed upstream

Comment 7 Sudhir Menon 2017-05-29 17:48:47 UTC
Marking the bug as verified as the issue is no more seen on RHEL7.4


[root@autohv02 ~]# ipa-server-install --uninstall 

This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly recommended to take a backup of existing data and configuration using ipa-backup utility before proceeding.

Are you sure you want to continue with the uninstall procedure? [no]: yes
Updating DNS system records
ipa         : ERROR    unable to resolve host name autohv02.trustcli.test. to IP address, ipa-ca DNS record will be incomplete
Deleted IPA server "autohv02.trustcli.test"
Shutting down all IPA services
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring named
Unconfiguring ipa-dnskeysyncd
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring smb
Unconfiguring ipa-custodia
Unconfiguring ipa-otpd
Removing IPA client configuration
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.
The ipa-client-install command was successful

2. resolv.conf reverted to original status after uninstall
[root@autohv02 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search  trustcli.test
nameserver *.*.*.*
nameserver *.*.*.*

3. Interactive installation again
[root@autohv02 ~]# ipa-server-install 

The log file for this installation can be found in /var/log/ipaserver-install.log
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure the KDC to enable PKINIT

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Do you want to configure integrated DNS (BIND)? [no]: yes

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
Example: master.example.com.

Server host name [autohv02.trustcli.test]: 

Warning: skipping DNS resolution of host autohv02.trustcli.test
The domain name has been determined based on the host name.

Please confirm the domain name [trustcli.test]: 

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [TRUSTCLI.TEST]: 
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: 
Password (confirm): 

The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.

IPA admin password: 
Password (confirm): 

Checking DNS domain trustcli.test., please wait ...
Do you want to configure DNS forwarders? [yes]: yes
Following DNS servers are configured in /etc/resolv.conf:,,
Do you want to configure these servers as DNS forwarders? [yes]: 
All DNS servers from /etc/resolv.conf were added. You can enter additional addresses now:
Enter an IP address for a DNS forwarder, or press Enter to skip: 
Checking DNS forwarders, please wait ...
Do you want to search for missing reverse zones? [yes]: no

The IPA Master Server will be configured with:
Hostname:       autohv02.trustcli.test
IP address(es): *.*.*.*
Domain name:    trustcli.test
Realm name:     TRUSTCLI.TEST

BIND DNS server will be configured to serve IPA domain with:
Forwarders:       *.*.*.*
Forward policy:   only
Reverse zone(s):  No reverse zone

Continue to configure the system with these values? [no]: 

Comment 8 errata-xmlrpc 2017-08-01 09:37:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.