Bug 729377
Summary: | ipa-server-install fails on DNS errors when no DNS check is required | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | 6.1 | CC: | acathrow, benl, dpal, iheim, jgalipea, oschreib, ranglust, shaines |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.1.0-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Installing IPA server using --no-host-dns without a DNS resolvable host name.
Consequence: Installation fails on error that host name is not resolvable or does not match the reverse.
Fix: Move the no-host-dns test so it is tested before any DNS lookups occur.
Result: Installation with --no-host-dns should do no DNS validation.
|
Story Points: | --- |
Clone Of: | 729357 | Environment: | |
Last Closed: | 2011-12-06 18:29:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 729357 | ||
Bug Blocks: | 728234 |
Description
Dmitri Pal
2011-08-09 17:40:17 UTC
This was already closed upstream and will be released as part of future FreeIPA release (2.1). Upstream ticket: https://fedorahosted.org/freeipa/ticket/1246 The bug also talks about the wrong flag above: Instead --no-dns it should be --no-host-dns. Upstream commits: master: 915235859cb67d4f350ff506b435586fd15505e7 ipa-2-0: 73e04bd972ba3d010ea63c9c7b834cdb80f7fadd Verified: Changed machine name to not resolve to ip address and installed ... # ipa-server-install -p mysecret -P mysecret -a mysecret --no-host-dns <snip> Warning: skipping DNS resolution of host ipaserver.rhts.eng.rdu.redhat.com The domain name has been calculated based on the host name. </snip> Installation successful. # kinit admin Password for admin.RDU.REDHAT.COM: # ipa user-add --first=Jenny --last=Galipeau jgalipea --------------------- Added user "jgalipea" --------------------- User login: jgalipea First name: Jenny Last name: Galipeau Full name: Jenny Galipeau Display name: Jenny Galipeau Initials: JG Home directory: /home/jgalipea GECOS field: Jenny Galipeau Login shell: /bin/sh Kerberos principal: jgalipea.RDU.REDHAT.COM UID: 1913000003 GID: 1913000003 # ipa passwd jgalipea Password: Enter Password again to verify: ------------------------------------------------------- Changed password for "jgalipea.RDU.REDHAT.COM" ------------------------------------------------------- # kinit jgalipea Password for jgalipea.RDU.REDHAT.COM: Password expired. You must change it now. Enter new password: Enter it again: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: jgalipea.RDU.REDHAT.COM Valid starting Expires Service principal 08/22/11 14:40:42 08/23/11 14:40:42 krbtgt/RHTS.ENG.RDU.REDHAT.COM.RDU.REDHAT.COM Version: # rpm -qi ipa-server Name : ipa-server Relocations: (not relocatable) Version : 2.1.0 Vendor: Red Hat, Inc. Release : 1.el6 Build Date: Mon 15 Aug 2011 06:26:27 PM EDT Install Date: Mon 22 Aug 2011 02:25:15 PM EDT Build Host: x86-005.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.1.0-1.el6.src.rpm Size : 3296786 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server Description : IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). If you are installing an IPA server you need to install this package (in other words, most people should NOT install this package). # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.2 Beta (Santiago) Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Installing IPA server using --no-host-dns without a DNS resolvable host name. Consequence: Installation fails on error that host name is not resolvable or does not match the reverse. Fix: Move the no-host-dns test so it is tested before any DNS lookups occur. Result: Installation with --no-host-dns should do no DNS validation. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |