Bug 1533228
Summary: | The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | alex | ||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 7.7 | CC: | alex, amarecek, cheimes, frenaud, gparente, ipa-maint, ksiddiqu, mkosek, mruzicka, myusuf, ndehadra, pasik, pvoborni, rcritten, tscherf, wlehman | ||||
Target Milestone: | rc | Keywords: | Regression, ZStream | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | ipa-4.6.5-1.el7 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1672238 (view as bug list) | Environment: | |||||
Last Closed: | 2019-08-06 13:09:05 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1672238 | ||||||
Attachments: |
|
See also thread at: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/7A2I475DZFE235QRJRXMRXTL3DVT46IN/ Can you confirm I understand the problem correctly? This replica is in a different DNS domain that the original master and that DNS domain is not controlled by IPA? Why have DNS enabled on the replica at all then? What is it going to manage? > This replica is in a different DNS domain that the original master and that DNS domain is not controlled by IPA? Yes. > Why have DNS enabled on the replica at all then? What is it going to manage? Host the IPA DNS zone (e.g. the SRV records for discovery of services), it seems simpler than maintaining the records on my existing DNS servers. This seems to work mostly well and I don't see documentation explicitly disallowing this- save for the fact that the replica installation doesn't work. Maybe it'd be nice to allow IPA hosts (both servers and clients) to have their existing hostname and a second hostname in IPA (e.g. my server is xxxx.foo.example.com, but when added to IPA it gets a xxxx.ipa.example.com additional name). This would also allow handling stuff such as laptops moving between different networks and getting different hostnames. Upstream ticket: https://pagure.io/freeipa/issue/7369 Fixed upstream: master https://pagure.io/freeipa/c/63fa87a36e3026868c49d603762a730948db9643 Fixed upstream ipa-4-7: https://pagure.io/freeipa/c/6b18e8a4232718ec72779d0a59fc243238d75d5c https://pagure.io/freeipa/c/493cdc4fb8d9a0d1e20b77660e2be9464746e708 ipa-4-6: https://pagure.io/freeipa/c/28f416c0f454e719c2cf4d24f9727ce92ab4a3d2 https://pagure.io/freeipa/c/2835dcb1073965ccbcbf37f4b1dcb1dee7510130 version: ipa-server-4.6.5-8.el7.x86_64 The ipa-replica-install got succeed. Console logs provided. Based on above observation, marking the bug as verified. Based on above comment#22, marking bug to VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 |
Created attachment 1379689 [details] Full log Description of problem: ipa-replica-install with CA/DNS fails if replica is in a forwarded zone Version-Release number of selected component (if applicable): ipa-server-4.5.0-22.el7.centos.x86_64 How reproducible: Steps to Reproduce: 1. I set up forwards on my first ipa-server: $ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1 $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24 --forwarder=10.42.42.1 --forward-policy=only 2. I install the replica on a server in the h2.int.pdp7.net domain: $ ipa-replica-install -v -w $pw -n ipa.pdp7.net -P alex --mkhomedir --setup-ca --setup-dns --auto-forwarders [...] ipa : DEBUG [2/8]: setting up our own record [2/8]: setting up our own record ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG raw: dnsrecord_add(u'h2.int.pdp7.net', u'ipa2', arecord=u'10.42.42.83', version=u'2.228') ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG dnsrecord_add(<DNS name h2.int.pdp7.net.>, <DNS name ipa2>, arecord=(u'10.42.42.83',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False, version=u'2.228') ipa : DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 852, in __add_self self.__add_master_records(self.fqdn, self.ip_addresses) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 843, in __add_master_records add_fwd_rr(zone, host, addr, self.api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 367, in add_fwd_rr add_rr(zone, host, "A", ip_address, None, api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 358, in add_rr api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3666, in execute result = super(dnsrecord_add, self).execute(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1141, in execute dn = self.obj.get_dn(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3161, in get_dn dn = self.check_zone(keys[-2], **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3152, in check_zone error=_(u'only master zones can contain records') ValidationError: invalid 'dnszoneidnsname': only master zones can contain records ipa : DEBUG [error] ValidationError: invalid 'dnszoneidnsname': only master zones can contain records [error] ValidationError: invalid 'dnszoneidnsname': only master zones can contain records Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, in execute for _nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 617, in main replica_install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 386, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1479, in install dns.install(False, True, options, api) File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 338, in install bind.create_instance() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 719, in create_instance self.start_creation() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 852, in __add_self self.__add_master_records(self.fqdn, self.ip_addresses) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 843, in __add_master_records add_fwd_rr(zone, host, addr, self.api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 367, in add_fwd_rr add_rr(zone, host, "A", ip_address, None, api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 358, in add_rr api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3666, in execute result = super(dnsrecord_add, self).execute(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1141, in execute dn = self.obj.get_dn(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3161, in get_dn dn = self.check_zone(keys[-2], **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3152, in check_zone error=_(u'only master zones can contain records') ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): DEBUG The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR invalid 'dnszoneidnsname': only master zones can contain records ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information 3. Actual results: Replica installation fails. Expected results: Replica installation works. Additional info: None