Bug 1387425

Summary: ipa-server-install --uninstall takes a long time, complains about DNS
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: freeipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, ipa-maint, jhrozek, lslebodn, mkosek, pvoborni, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-20 18:59:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Full ipaserver-uninstall.log from an affected run none

Description Adam Williamson 2016-10-20 20:42:40 UTC
For the last few days, the FreeIPA server test on openQA has been failing on Rawhide. This seems to be because ipa-server-install --uninstall (which the test does at the end, to check it works properly) suddenly started taking much longer than before. The test gives it two minutes to complete, but it's taking longer than that:

2016-10-18T14:08:14Z DEBUG Logging to /var/log/ipaserver-uninstall.log
...
2016-10-18T14:10:57Z INFO The ipa-server-install command was successful

(so, 2 minutes 43 secs). This started with Fedora-Rawhide-20161018.n.0 and has happened with the two nightlies since then as well; it is not affecting Fedora 25.

The bulk of the time seems to be eaten by some DNS issues:

2016-10-18T14:08:18Z DEBUG raw: server_role_find(None, server_server=u'ipa001.domain.local', status=u'enabled', version=u'2.215')
2016-10-18T14:08:18Z DEBUG server_role_find(None, server_server=u'ipa001.domain.local', status=u'enabled', all=False, raw=False, version=u'2.215')
2016-10-18T14:08:18Z DEBUG raw: dnszone_show(<DNS name domain.local.>, version=u'2.215')
2016-10-18T14:08:18Z DEBUG dnszone_show(<DNS name domain.local.>, rights=False, all=False, raw=False, version=u'2.215')
2016-10-18T14:08:18Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:18Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:23Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:23Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:28Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:28Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:33Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:33Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:38Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:38Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:43Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:43Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:48Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:48Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:53Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:53Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:08:58Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:08:58Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:09:03Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:09:03Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:09:08Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:09:08Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:09:13Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:09:13Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:09:18Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN A
2016-10-18T14:09:18Z DEBUG The DNS response does not contain an answer to the question: ipa001.domain.local. IN AAAA
2016-10-18T14:09:53Z ERROR DNS query for ipa001.domain.local. 1 failed: The DNS operation timed out after 30.001404047 seconds
2016-10-18T14:10:28Z ERROR DNS query for ipa001.domain.local. 1 failed: The DNS operation timed out after 30.0011110306 seconds
2016-10-18T14:10:33Z ERROR unable to resolve host name ipa001.domain.local. to IP address, ipa-ca DNS record will be incomplete

is this expected? I can always extend the timeout on the test, but it seems suspicious that it suddenly started happening where it doesn't seem to have been a problem before.

Comment 1 Adam Williamson 2016-10-20 20:43:57 UTC
Created attachment 1212639 [details]
Full ipaserver-uninstall.log from an affected run

Comment 2 Petr Vobornik 2016-10-31 11:13:55 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6176

Comment 3 Fedora End Of Life 2017-02-28 10:29:07 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.

Comment 4 Petr Vobornik 2018-03-20 17:49:06 UTC
This was fixed in 4.6 branch and 4.5.4 branch


dffddbd DNS update: reduce timeout for CA records

Not sure if F26 will be updated. But it should be fixed in 27.

Comment 5 Adam Williamson 2018-03-20 18:59:50 UTC
I'm fine with that. Note:

"This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'."