Bug 705800
| Summary: | Improve debug logging in ipa-client-install | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Rob Crittenden <rcritten> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.1 | CC: | benl, dpal, jgalipea, jwest, nsoman, shaines |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.1.0-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: If installing an IPA client fails it is not always clear why.
Consequence: Debugging some installation failures can be very difficult.
Fix: Add more debugging to the IPA client installation log, /var/log/ipaclient-install.log, so that problems can be more easily debugged.
Result: Reasons for failure are more apparent.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 18:22:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rob Crittenden
2011-05-18 14:08:15 UTC
Once the patches are applied, to verify the bug: Look in /var/log/ipaclient-install.log for: Writing Kerberos configuration to /tmp/XXXXXXXX You should see a copy of the temporary krb5.conf used during enrollment. and Writing nsupdate commands to /tmp/XXXXXXXXX It should contain the nsupdate sent to the IPA server. It will look something like: zone example.com. update delete lion.example.com. IN A send update add lion.example.com. 1200 IN A 192.168.166.32 send master: 8472dc26b7e261090b73e0dba488df23917830fa ipa-2-0: d615e45a8f99af25086aef03ae8b724be630d48a and master: 8472dc26b7e261090b73e0dba488df23917830fa ipa-2-0: d615e45a8f99af25086aef03ae8b724be630d48a partially verified:
<snip_of_install_log>
2011-09-21 13:49:52,547 DEBUG Writing Kerberos configuration to /tmp/tmplwFeOn:
#File modified by ipa-client-install
[libdefaults]
default_realm = TESTRELM
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
TESTRELM = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.testrelm = TESTRELM
testrelm = TESTRELM
[appdefaults]
pam = {
debug = false
krb4_convert = false
}
</snip>
However, I do not see any debug output for nsupdate
To see the nsupdate output you need to either add the command-line option --enable-dns-updates or have the client configured to use the IPA DNS but not have the client hostname in DNS. Will test with above options Verified using ipa-client-2.1.1-3.el6.x86_64 Installed using cmd: ipa-client-install --enable-dns-updates In addition to the debug section for kerberos in the log, also saw: <snip_of_install_log> 2011-09-22 13:27:39,096 DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: zone testrelm. update delete ipaqavmh.testrelm. IN A send update add ipaqavmh.testrelm. 1200 IN A 10.16.98.193 send </snip>
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: If installing an IPA client fails it is not always clear why.
Consequence: Debugging some installation failures can be very difficult.
Fix: Add more debugging to the IPA client installation log, /var/log/ipaclient-install.log, so that problems can be more easily debugged.
Result: Reasons for failure are more apparent.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |