Bug 1518792
| Summary: | ipa-client-install should respect DNS Locations SRV record priority | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Brian J. Atkisson <batkisso> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED DUPLICATE | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | frenaud, pasik, pvoborni, rcritten, tscherf |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-18 09:50:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Upstream ticket: https://pagure.io/freeipa/issue/7306 This issue has been fixed with the fix for BZ #1594142 SRV lookup doesn't correctly sort results, hence closing as duplicate. *** This bug has been marked as a duplicate of bug 1594142 *** |
Description of problem: When running ipa-client-install and using DNS locations to prefer IPA servers for a site, ipa-client-install does not appear to respect SRV record priority when discovering the server to use in /etc/ipa/defaults.conf Version-Release number of selected component (if applicable): ipa-client-4.5.0-21.el7_4.2.2.x86_64 How reproducible: always Steps to Reproduce: 1. Configure a site to use DNS Locations 2. Run ipa-client-install 3. Actual results: Server is selected at random Expected results: A preferred server should be used [root@client01 ~]# ipa-client-install --domain=ipa.example.com --configure-firefox --mkhomedir --ntp-server=clock1.rdu2.example.com --ntp-server=clock02.util.phx2.example.com --ntp-server=clock.bos.example.com --force-ntpd --ssh-trust-dns --enable-dns-updates --verbose Logging to /var/log/ipaclient-install.log ipa-client-install was invoked with arguments [] and options: {'no_dns_sshfp': False, 'force': False, 'verbose': True, 'ip_addresses': None, 'configure_firefox': True, 'realm_name': None, 'force_ntpd': True, 'on_master': False, 'no_nisdomain': False, 'ssh_trust_dns': True, 'principal': None, 'keytab': None, 'no_ntp': False, 'domain_name': 'ipa.example.com', 'request_cert': False, 'fixed_primary': False, 'no_ac': False, 'no_sudo': False, 'ca_cert_files': None, 'all_ip_addresses': False, 'kinit_attempts': None, 'ntp_servers': ['clock1.rdu2.example.com', 'clock02.util.phx2.example.com', 'clock.bos.example.com'], 'enable_dns_updates': True, 'no_sshd': False, 'no_sssd': False, 'no_krb5_offline_passwords': False, 'servers': None, 'no_ssh': False, 'force_join': False, 'firefox_dir': None, 'unattended': False, 'quiet': False, 'nisdomain': None, 'prompt_password': False, 'host_name': None, 'permit': False, 'automount_location': None, 'preserve_sssd': False, 'mkhomedir': True, 'log_file': None, 'uninstall': False} IPA version 4.5.0-21.el7_4.2.2 Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' Starting external process args=/usr/sbin/selinuxenabled Process finished, return code=0 stdout= stderr= [IPA Discovery] Starting IPA discovery with domain=ipa.example.com, servers=None, hostname=client01.users.ipa.example.com Search for LDAP SRV record in ipa.example.com Search DNS for SRV record of _ldap._tcp.ipa.example.com DNS record found: 50 100 389 idm03.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm-admin.iam.prod.int.rdu2.example.com. DNS record found: 0 100 389 idm01.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm04.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm03.iam.prod.int.phx2.example.com. DNS record found: 0 100 389 idm02.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm01.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm04.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm02.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm-admin.iam.prod.int.phx2.example.com. [Kerberos realm search] Search DNS for TXT record of _kerberos.ipa.example.com DNS record found: "IPA.EXAMPLE.COM" Search DNS for SRV record of _kerberos._udp.ipa.example.com DNS record found: 0 100 88 idm02.iam.prod.int.phx2.example.com. DNS record found: 0 100 88 idm04.iam.prod.int.rdu2.example.com. DNS record found: 0 100 88 idm03.iam.prod.int.phx2.example.com. DNS record found: 0 100 88 idm02.iam.prod.int.rdu2.example.com. DNS record found: 0 100 88 idm04.iam.prod.int.phx2.example.com. DNS record found: 0 100 88 idm01.iam.prod.int.rdu2.example.com. DNS record found: 0 100 88 idm03.iam.prod.int.rdu2.example.com. DNS record found: 0 100 88 idm-admin.iam.prod.int.rdu2.example.com. DNS record found: 0 100 88 idm-admin.iam.prod.int.phx2.example.com. DNS record found: 0 100 88 idm01.iam.prod.int.phx2.example.com. [LDAP server check] Verifying that idm03.iam.prod.int.rdu2.example.com (realm IPA.EXAMPLE.COM) is an IPA server Init LDAP connection to: ldap://idm03.iam.prod.int.rdu2.example.com:389 Search LDAP server for IPA base DN Check if naming context 'dc=ipa,dc=example,dc=com' is for IPA Naming context 'dc=ipa,dc=example,dc=com' is a valid IPA context Search for (objectClass=krbRealmContainer) in dc=ipa,dc=example,dc=com (sub) Found: cn=IPA.EXAMPLE.COM,cn=kerberos,dc=ipa,dc=example,dc=com Discovery result: Success; server=idm03.iam.prod.int.rdu2.example.com, domain=ipa.example.com, kdc=idm02.iam.prod.int.phx2.example.com,idm04.iam.prod.int.rdu2.example.com,idm03.iam.prod.int.phx2.example.com,idm02.iam.prod.int.rdu2.example.com,idm04.iam.prod.int.phx2.example.com,idm01.iam.prod.int.rdu2.example.com,idm03.iam.prod.int.rdu2.example.com,idm-admin.iam.prod.int.rdu2.example.com,idm-admin.iam.prod.int.phx2.example.com,idm01.iam.prod.int.phx2.example.com, basedn=dc=ipa,dc=example,dc=com Validated servers: idm03.iam.prod.int.rdu2.example.com will use discovered domain: ipa.example.com Start searching for LDAP SRV record in "ipa.example.com" (Validating DNS Discovery) and its sub-domains Search DNS for SRV record of _ldap._tcp.ipa.example.com DNS record found: 0 100 389 idm01.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm04.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm03.iam.prod.int.phx2.example.com. DNS record found: 0 100 389 idm02.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm01.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm04.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm02.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm-admin.iam.prod.int.phx2.example.com. DNS record found: 50 100 389 idm03.iam.prod.int.rdu2.example.com. DNS record found: 50 100 389 idm-admin.iam.prod.int.rdu2.example.com. DNS validated, enabling discovery will use discovered server: idm03.iam.prod.int.rdu2.example.com Discovery was successful! will use discovered realm: IPA.EXAMPLE.COM will use discovered basedn: dc=ipa,dc=example,dc=com Client hostname: client01.users.ipa.example.com Hostname source: Machine's FQDN Realm: IPA.EXAMPLE.COM Realm source: Discovered from LDAP DNS records in idm03.iam.prod.int.rdu2.example.com DNS Domain: ipa.example.com DNS Domain source: Discovered LDAP SRV records from ipa.example.com IPA Server: idm03.iam.prod.int.rdu2.example.com IPA Server source: Discovered from LDAP DNS records in idm03.iam.prod.int.rdu2.example.com BaseDN: dc=ipa,dc=example,dc=com BaseDN source: From IPA server ldap://idm03.iam.prod.int.rdu2.example.com:389 Continue to configure the system with these values? [no]: ===== idm03.iam.prod.int.rdu2.example.com has a priority of 50, whereas, idm02.iam.prod.int.rdu2.example.com and idm01.iam.prod.int.rdu2.example.com have a priority of 0. idm01 or idm02 should have been chosen based on the priority, not idm03.