Bug 1364139

Summary: When master's IP address does not resolve to its name, ipa-replica-install fails
Product: Red Hat Enterprise Linux 8 Reporter: Jan Pazdziora <jpazdziora>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: CLOSED MIGRATED QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 8.0CC: cobrown, frenaud, jpazdziora, pasik, rcritten, tscherf, twoerner
Target Milestone: rcKeywords: MigratedToJIRA, Reopened, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1751951 (view as bug list) Environment:
Last Closed: 2023-09-18 17:48:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1751951    
Attachments:
Description Flags
verification steps with console output none

Description Jan Pazdziora 2016-08-04 14:21:33 UTC 
Description of problem:

When IP address of master does not resolve to its hostname, ipa-replica-install fails.

Version-Release number of selected component (if applicable):

python2-ipaserver-4.4.0-4.el7.noarch

How reproducible:

Deterministic.

Steps to Reproduce:
1. Have setup where IP address of master as seen by replica does not match master's hostname.
2. Run ipa-replica-install --server ipa.example.test --domain example.test

Actual results:

/etc/ssh/ssh_config not found, skipping configuration
/etc/ssh/sshd_config not found, skipping configuration
Configuring example.test as NIS domain.
Client configuration complete.

Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The host name ipa.example.test does not match the primary host name freeipa-server-container.freeipa-network. Please check /etc/hosts or DNS name resolution
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Removing client side components

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

The log ends with

2016-08-04T13:29:08Z DEBUG Check if replica.example.test is a primary hostname for localhost
2016-08-04T13:29:08Z DEBUG Primary hostname for localhost: replica.example.test
2016-08-04T13:29:08Z DEBUG Search DNS for replica.example.test
2016-08-04T13:29:08Z DEBUG Check if replica.example.test is not a CNAME
2016-08-04T13:29:09Z DEBUG Check reverse address of 172.18.0.3
2016-08-04T13:29:09Z DEBUG Found reverse name: replica.example.test
2016-08-04T13:29:09Z DEBUG Check if ipa.example.test is a primary hostname for localhost
2016-08-04T13:29:09Z DEBUG Primary hostname for localhost: freeipa-server-container.freeipa-network
2016-08-04T13:29:09Z DEBUG Starting external process
2016-08-04T13:29:09Z DEBUG args=/usr/sbin/ipa-client-install --unattended --uninstall
2016-08-04T13:29:19Z DEBUG Process finished, return code=0
2016-08-04T13:29:19Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run
    self.validate()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate
    for nothing in self._validator():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 564, in _configure
    next(validator)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
    for nothing in self._installer(self.parent):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1712, in main
    promote_check(self)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 364, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 386, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1108, in promote_check
    installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 166, in verify_fqdn
    "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0]))

2016-08-04T13:29:19Z DEBUG The ipa-replica-install command failed, exception: HostLookupError: The host name ipa.example.test does not match the primary host name freeipa-server-container.freeipa-network. Please check /etc/hosts or DNS name resolution
2016-08-04T13:29:19Z ERROR The host name ipa.example.test does not match the primary host name freeipa-server-container.freeipa-network. Please check /etc/hosts or DNS name resolution
2016-08-04T13:29:19Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Expected results:

No error.

Additional info:
Comment 1 Jan Pazdziora 2016-08-04 14:22:58 UTC 
The

   installutils.verify_fqdn(config.master_host_name, options.no_host_dns)

calls in

   /usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py

should likely include local_hostname=False.
Comment 2 Jan Pazdziora 2016-08-04 14:28:50 UTC 
(In reply to Jan Pazdziora from comment #1)
> The
> 
>    installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
> 
> calls in
> 
>   
> /usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py
> 
> should likely include local_hostname=False.

With this change, ipa-replica install complains but proceeds setting up the replica:

/etc/ssh/sshd_config not found, skipping configuration
Configuring example.test as NIS domain.
Client configuration complete.

ipa         : ERROR    The host name ipa.example.test does not match the value freeipa-server-container.freeipa-network obtained by reverse lookup on IP address 172.18.0.2

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
  [1/44]: creating directory server user
  [2/44]: creating directory server instance

That ERROR output should likely also be purged.
Comment 4 Petr Vobornik 2016-08-12 13:50:42 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6210
Comment 8 Red Hat Bugzilla Rules Engine 2017-10-22 19:39:45 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.
Comment 10 Tibor Dudlák 2019-09-16 07:46:39 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/f1e20b45c5deeb25989c87a2d717bda5a31bb084
Comment 11 Tibor Dudlák 2019-09-16 14:09:47 UTC 
Missclicked status MIDIFIED setting to POST;

Fixed upstream
ipa-4-8:
https://pagure.io/freeipa/c/0b2ed9c415370de79f8ecaa1be153a1d80cf6ea1
Fixed upstream
ipa-4-7:
https://pagure.io/freeipa/c/82351f1e09e9d592e3b0bef521c2c94b0d222cce
Fixed upstream
ipa-4-6:
https://pagure.io/freeipa/c/a016ed75ecbe7e2698530036043ef19df1bd718f
Comment 12 Jan Pazdziora 2019-10-09 08:34:43 UTC 
The pull requests add that local_hostname=False in containers. I don't think this is the proper fix.

This is about the master's IP address not resolving directly to its hostname, so the same situation likely happens in AWS, and the same situation happens when the master is in container (or in general, in reverse-DNS-challenging environment) and replica is on a host, outside of containers.

When verifying this bugzilla, please use a setup when the IP address of master as seen by the replica does not resolve to master's hostname, outside of containers.
Comment 16 Kaleem 2020-02-18 15:17:11 UTC 
Created attachment 1663784 [details]
verification steps with console output

Verified based on same steps done for 7.8 bugs mentioned at 
https://bugzilla.redhat.com/show_bug.cgi?id=1751951#c10
Comment 17 Jan Pazdziora 2020-02-18 16:59:30 UTC 
I still don't see how this verifies the change. We need a reproducer of the failing setup with the older version of IdM, and then fixed reproducer with newer package versions.

Similar to my comments in bug 1751951, unless you show that the behaviour has changed (improved), the bugzilla cannot be considered verified.
Comment 37 RHEL Program Management 2023-09-18 17:46:06 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 38 RHEL Program Management 2023-09-18 17:48:09 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.