Bug 1373910

Summary: IPA server upgrade fails with DNS timed out errors.
Product: Red Hat Enterprise Linux 7 Reporter: Nikhil Dehadrai <ndehadra>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: mbabinsk, mbasti, nsoman, pvoborni, rcritten, tlavigne
Target Milestone: rcKeywords: TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-12.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 06:03:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1286635, 1364071, 1369761    

Description Nikhil Dehadrai 2016-09-07 12:12:39 UTC
Description of problem:
IPA server upgrade fails with DNS timed out errors when upgraded from 7.0. to 7.3.

Version-Release number of selected component (if applicable):
ipa-server.x86_64 0:4.4.0-9.el7

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server on RHEL 7.0
2. Setup repo links for RHEL 7.3  in order to upgrade ipa server(in my case ipa-server.x86_64 0:4.4.0-9.el7).
3. Initiate upgrade prcess by running command "yum -y update 'ipa*' sssd"

Actual results:
1. After step3, Yum update process completes successfully, but upgrade fails with following message:
2016-09-07T08:15:47Z ERROR DNS query for auto-hv-01-guest07.testrelm.test. A failed: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2016-09-07T08:15:47Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run
    server.upgrade()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1840, in upgrade
    upgrade_configuration()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1724, in upgrade_configuration
    named_update_global_forwarder_policy(),
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 843, in named_update_global_forwarder_policy
    if not dnsutil.has_empty_zone_addresses(api.env.host):
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 278, in has_empty_zone_addresses
    ip_addresses = resolve_ip_addresses(hostname)
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 328, in resolve_ip_addresses
    rrsets = resolve_rrsets(fqdn, ['A', 'AAAA'])
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 305, in resolve_rrsets
    answer = dns.resolver.query(fqdn, rdtype)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1027, in query
    raise_on_no_answer, source_port)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 947, in query
    timeout = self._compute_timeout(start)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 769, in _compute_timeout
    raise Timeout(timeout=duration)
 
2016-09-07T08:15:47Z DEBUG The ipa-server-upgrade command failed, exception: Timeout: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
Timeout: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information 

Expected results:
No error messages should be observed during upgrade process.

Comment 4 Martin Bašti 2016-09-07 15:09:33 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6205

Comment 12 Martin Babinsky 2016-09-20 12:17:09 UTC
Yes the selinux issue is orthogonal to this BZ.

Comment 17 Nikhil Dehadrai 2016-09-22 13:22:25 UTC
IPA server version: ipa-server-4.4.0-12.el7.x86_64
Bind-ldap: bind-dyndb-ldap-10.0-5.el7.x86_64

Verified the bug on the basis of following points:
1. Verified that upgrade is successful for RHE 7.0 to RHEL 7.3.
2. "DNS timed out error" message is not displayed at the console.
3. The dummy dns forwardzone details created at 7.0 are reflected after upgrade.

Thus on the basis of observations above and Comment#15 and Comment#16, marking the status of bug to "VERIFIED".

Comment 20 errata-xmlrpc 2016-11-04 06:03:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html