Bug 1948034

Summary: Server deployment fails on current F34 and Rawhide ("All nameservers failed to answer the query...")
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: freeipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 34CC: abokovoy, contribs, frenaud, ftrivino, ipa-maint, jcholast, jhrozek, mhjacks, pvoborni, rcritten, robatino, ssorce, twoerner
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: openqa AcceptedBlocker
Fixed In Version: freeipa-4.9.3-2.fc35 freeipa-4.9.3-2.fc34 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-14 19:36:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1829024    

Description Adam Williamson 2021-04-09 19:18:48 UTC 
In current Rawhide and F34, FreeIPA server deployment fails with a DNS-related error, "All nameservers failed to answer the query..." (the subsequent text depends on the IP address of the server). This is reported upstream at https://pagure.io/freeipa/issue/8794 , filing downstream issue to propose as an F34 Final blocker, per Basic criterion "It must be possible to configure a Fedora Server system installed according to the above criteria as a FreeIPA domain controller, using the official deployment tools provided in the distribution FreeIPA packages..." - https://fedoraproject.org/wiki/Basic_Release_Criteria#FreeIPA_server_requirements .
Comment 1 Adam Williamson 2021-04-12 16:06:58 UTC 
+4 in https://pagure.io/fedora-qa/blocker-review/issue/349 , marking accepted.
Comment 2 Alexander Bokovoy 2021-04-12 17:33:20 UTC 
We have a tentative fix in https://github.com/freeipa/freeipa/pull/5708.

Adam created a staging pipeline for OpenQA to test my scratch build with the fix and that pipeline did succeeded.
https://openqa.stg.fedoraproject.org/tests/overview.html?distri=fedora&version=34&build=Kojitask-65800229-NOREPORT&groupid=2
Comment 3 Fedora Update System 2021-04-12 19:46:51 UTC 
FEDORA-2021-71ddc3d955 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 4 Adam Williamson 2021-04-12 19:48:45 UTC 
Rawhide update should not have been marked as fixing the bug.
Comment 5 Fedora Update System 2021-04-12 19:55:50 UTC 
FEDORA-2021-63573cb66d has been pushed to the Fedora ELN stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2021-04-13 06:11:38 UTC 
FEDORA-2021-71acfa977f has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-71acfa977f
Comment 7 Florence Blanc-Renaud 2021-04-13 13:53:26 UTC 
Upstream fix:
master:
    48ef179 ipaserver/install/dns: handle SERVFAIL when checking reverse zone
Comment 8 Florence Blanc-Renaud 2021-04-13 15:55:06 UTC 
ipa-4-9:

    aea2c9f ipaserver/install/dns: handle SERVFAIL when checking reverse zone
Comment 9 Fedora Update System 2021-04-13 20:47:51 UTC 
FEDORA-2021-71acfa977f has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-71acfa977f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-71acfa977f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2021-04-14 19:36:52 UTC 
FEDORA-2021-71acfa977f has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.