Bug 1784003

Summary: IPA Server install fail
Product: Red Hat Enterprise Linux 8 Reporter: Kaleem <ksiddiqu>
Component: ipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 8.2CC: afarley, pasik, pvoborni, rcritten, tscherf
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 15:44:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
verification steps with console output none

Description Kaleem 2019-12-16 13:16:05 UTC 
Description of problem:
IPA install fails 

2019-12-16T07:51:54+0000 [ipa_pytests.qe_class.QeHost.master.cmd17] DEBUG Warning: skipping DNS resolution of host master.testrealm.test
2019-12-16T07:51:54+0000 [ipa_pytests.qe_class.QeHost.master.cmd17] DEBUG DNS zone 153.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['infoblox-trust01.brq2.redhat.com.', 'infoblox-trust01.intranet.prod.int.phx2.redhat.com.', 'ns01.intranet.prod.int.phx2.redhat.com.', 'infoblox-trust01.intranet.prod.int.rdu2.redhat.com.', 'ns02.intranet.prod.int.phx2.redhat.com.']
2019-12-16T07:51:54+0000 [ipa_pytests.qe_class.QeHost.master.cmd17] DEBUG The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
2019-12-16T07:51:54+0000 [paramiko.transport] DEBUG [chan 17] EOF received (17)
2019-12-16T07:51:54+0000 [paramiko.transport] DEBUG [chan 17] EOF sent (17)
2019-12-16T07:51:54+0000 [ipa_pytests.qe_class.QeHost.master.cmd17] DEBUG Exit code: 1

Version-Release number of selected component (if applicable):
ipa-server-4.8.4-1.module+el8.2.0+5245

How reproducible:
Always

Steps to Reproduce:
1. IPA Server install

Actual results:
IPA Server install fails

Expected results:
IPA Server install successful

Additional info:
Comment 2 Petr Vobornik 2019-12-16 13:47:12 UTC 
The server install was executed with:

 INFO RUN ['/usr/sbin/ipa-server-install', '--setup-dns', '--forwarder', 'XX.XX.X.XX', '--domain', 'testrealm.test', '--realm', 'TESTREALM.TEST', '--admin-password', 'Secret123', '--ds-password', 'Secret123', '-U', '--reverse-zone', 'XX.XX.XX.in-addr.arpa.', '--allow-zone-overlap', '--domain-level=1']


There seems to be a regression in https://github.com/freeipa/freeipa/commit/dd7fdaa77d00042d44bec23291f0d0be36bead5e#diff-397332d984e3fb7f69d53120bf919dabL144 . 

Forward zone check was adjusted to new exception name:
-        except ValueError as e:
+        except dnsutil.DNSZoneAlreadyExists as e:

But reverse zone check in dns.py:144:146 still has:
except ValueError as e:

Thus DNSZoneAlreadyExists is not caught and the issue is not turned into a warning as it should be with --allow-zone-overlap option -> it fails in environment where reverse zone is handled by DNS server.
Comment 3 Thomas Woerner 2019-12-16 13:54:16 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8150
Comment 4 Thomas Woerner 2019-12-16 17:07:56 UTC 
master:

    https://github.com/freeipa/freeipa/commit/f80a6548ad8d0d21219ce26d3e819f7ad5f3663e DNS install check: Fix overlapping DNS zone from the master itself
Comment 5 Thomas Woerner 2019-12-16 20:48:22 UTC 
ipa-4-8:

    https://pagure.io/freeipa/c/2c2cef7063315766d893b275185b422be3f3c019 DNS install check: Fix overlapping DNS zone from the master itself
Comment 7 Kaleem 2020-01-10 11:43:31 UTC 
Verified.

IPA version :  ipa-server-4.8.4-2.module+el8.2.0+5265+c70de5c4.x86_64

Please find the attached file (verified-output.txt) for details.
Comment 8 Kaleem 2020-01-10 11:44:31 UTC 
Created attachment 1651250 [details]
verification steps with console output
Comment 10 errata-xmlrpc 2020-04-28 15:44:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1640