Bug 745392
| Summary: | ipa-client-install hangs if the discovered server is unresponsive | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Kosek <mkosek> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2 | CC: | ckannan, dpal, mkosek, nsoman, shaines |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.1.3-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: When ipa-client-install tries to autodiscover IPA server in its domain, it does not use any timeout when a server is found and is being checked
Consequence: If the found server is unresponsive during the autodiscovery, the whole ipa-client-install gets stuck
Fix: A 30 second timeout is added to ipa-client-install autodiscovery server check
Result: ipa-client-install reports autodiscovery failure when the tested checked server is unresponsive and lets user set IPA server address manually
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 18:42:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 748554 | ||
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1960 Fixed upstream master: 17f247d6c2aef177c40a690f886b0773a88a6dfa ipa-2-1: 7227ffe86485bcfc9d97ce302120cfae56541a03
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: When ipa-client-install tries to autodiscover IPA server in its domain, it does not use any timeout when a server is found and is being checked
Consequence: If the found server is unresponsive during the autodiscovery, the whole ipa-client-install gets stuck
Fix: A 30 second timeout is added to ipa-client-install autodiscovery server check
Result: ipa-client-install reports autodiscovery failure when the tested checked server is unresponsive and lets user set IPA server address manually
testing Verified using ipa-client-2.1.3-8.el6.x86_64
# ipa-client-install -d
root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'preserve_sssd': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': False, 'permit': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively later
root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
root : DEBUG [ipadnssearchldap(testrelm)]
root : DEBUG [ipadnssearchldap(bos.redhat.com)]
root : DEBUG [ipadnssearchldap(redhat.com)]
root : DEBUG [ipadnssearchkrb]
root : DEBUG [ipacheckldap]
root : DEBUG args=/usr/bin/wget -O /tmp/tmp0INq5Z/ca.crt -T 15 -t 2 http://ldap.corp.redhat.com/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-11-04 10:43:23-- http://ldap.corp.redhat.com/ipa/config/ca.crt
Resolving ldap.corp.redhat.com... failed: Name or service not known.
wget: unable to resolve host address “ldap.corp.redhat.com”
root : DEBUG Retrieving CA from ldap.corp.redhat.com failed.
Command '/usr/bin/wget -O /tmp/tmp0INq5Z/ca.crt -T 15 -t 2 http://ldap.corp.redhat.com/ipa/config/ca.crt' returned non-zero exit status 4
root : DEBUG Domain not found
DNS discovery failed to determine your DNS domain
Provide the domain name of your IPA server (ex: example.com):
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |
Description of problem: When ipa-client-install is run, it autodiscovers for existing LDAP servers and checks if it is a valid IPA server. During the process, it tries to download ca.crt. If the discovered target is unresponsive, ipa-client-install hangs and does not let user to override the autodiscovered server/domain. Version-Release number of selected component (if applicable): ipa-client-2.1.1-101.20111004T0103zgita013597.el6.x86_64 How reproducible: Have an LDAP server with proper _ldap._tcp DNS SRV records in client domain and which would not return ca.crt (in my test it was ldap.corp.redhat.com) and run ipa-client-install. Steps to Reproduce: 1. Have the LDAP server with DNS SRV records as described 2. Run ipa-client-install without --server or --domain options Actual results: ipa-client-install hangs: # ipa-client-install -d root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': None, 'realm_name': None, 'unattended': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' root : DEBUG [ipadnssearchldap(idm.lab.bos.redhat.com)] root : DEBUG [ipadnssearchldap(lab.bos.redhat.com)] root : DEBUG [ipadnssearchldap(bos.redhat.com)] root : DEBUG [ipadnssearchldap(redhat.com)] root : DEBUG [ipadnssearchkrb] root : DEBUG [ipacheckldap] Expected results: ipa-client-install should timeout, inform the user that the autodiscovery has failed and let user enter his IPA server (which obviously does not have proper DNS SRV records)