Bug 759100
Summary: | Unable to install ipa-server on a specified interface in dual nic machines. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Gowrishankar Rajaiyan <grajaiya> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2 | CC: | jgalipea, mkosek, sgoveas |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: IPA server installation script does not expect a situation when a server has 2 IP addresses assigned.
Consequence: IPA server installation fails to proceed in a dual-NIC configuration when the server has 2 IP addresses.
Fix: Install script was fixed to handle this use case properly.
Result: User is able to install IPA server in a dual-NIC configuration.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 13:18:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gowrishankar Rajaiyan
2011-12-01 12:10:34 UTC
I'd suggest trying with --no-host-dns. Still no prompt. [root@jetfire ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@jetfire ~]# [root@jetfire ~]# ipa-server-install --no-host-dns The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form <hostname>.<domainname> Example: master.example.com. Server host name [jetfire.testrelm]: Warning: skipping DNS resolution of host jetfire.testrelm The domain name has been calculated based on the host name. Please confirm the domain name [testrelm]: The IPA Master Server will be configured with Hostname: jetfire.testrelm IP address: 10.65.201.113 Domain name: testrelm The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [TESTRELM]: ... 2011-12-01 16:50:31,880 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2011-12-01 16:50:31,880 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2011-12-01 16:50:31,880 DEBUG httpd is not configured 2011-12-01 16:50:31,880 DEBUG ipa_kpasswd is not configured 2011-12-01 16:50:31,880 DEBUG dirsrv is not configured 2011-12-01 16:50:31,881 DEBUG pki-cad is not configured 2011-12-01 16:50:31,881 DEBUG pkids is not configured 2011-12-01 16:50:31,881 DEBUG install is not configured 2011-12-01 16:50:31,881 DEBUG krb5kdc is not configured 2011-12-01 16:50:31,881 DEBUG ntpd is not configured 2011-12-01 16:50:31,881 DEBUG named is not configured 2011-12-01 16:50:31,881 DEBUG filestore is tracking no files 2011-12-01 16:50:31,882 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' 2011-12-01 16:50:31,882 DEBUG /usr/sbin/ipa-server-install was invoked with options: {'reverse_zone': None, 'realm_name': None, 'zone_refresh': 30, 'conf_ntp': True, 'subject': None, 'no_forwarders': False, 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': False, 'selfsign': False, 'external_ca_file': None, 'no_host_dns': True, 'http_pkcs12': None, 'forwarders': None, 'idstart': 911000000, 'external_ca': False, 'ip_address': None, 'zonemgr': None, 'setup_dns': False, 'host_name': None, 'debug': False, 'external_cert_file': None, 'uninstall': False} 2011-12-01 16:50:31,882 DEBUG missing options might be asked for interactively later 2011-12-01 16:50:31,882 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2011-12-01 16:50:31,882 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2011-12-01 16:50:34,424 DEBUG will use host_name: jetfire.testrelm 2011-12-01 16:50:35,255 DEBUG read domain_name: testrelm 2011-12-01 16:50:35,259 DEBUG args=/sbin/ip -family inet -oneline address show 2011-12-01 16:50:35,259 DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo 2: eth0 inet 10.65.201.71/24 brd 10.65.201.255 scope global eth0 3: eth1 inet 10.65.201.113/24 brd 10.65.201.255 scope global eth1 2011-12-01 16:50:35,259 DEBUG stderr= Additional info: However, I was prompted to enter IP address on a single interface system. [root@ratchet ~]# ipa-server-install --no-host-dns The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form <hostname>.<domainname> Example: master.example.com. Server host name [ratchet.testrelm]: Warning: skipping DNS resolution of host ratchet.testrelm The domain name has been calculated based on the host name. Please confirm the domain name [testrelm]: Unable to resolve IP address for host name Please provide the IP address to be used for this host name: Upstream ticket: https://fedorahosted.org/freeipa/ticket/2154 Fixed upstream. master: 6141919fba30487e3c4eb19b0c87a10384fd9d20 ipa-2-2: 5a77f2d1ff545cb92e57d26e569e01246e75dece Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: IPA server installation script does not expect a situation when a server has 2 IP addresses assigned. Consequence: IPA server installation fails to proceed in a dual-NIC configuration when the server has 2 IP addresses. Fix: Install script was fixed to handle this use case properly. Result: User is able to install IPA server in a dual-NIC configuration. # Both IPv4s of host is resolvable through DNS [root@ratchet ~]# host ratchet.lab.eng.pnq.redhat.com ; host 10.65.201.209 ; host 10.65.201.69 ratchet.lab.eng.pnq.redhat.com has address 10.65.201.69 ratchet.lab.eng.pnq.redhat.com has address 10.65.201.209 209.201.65.10.in-addr.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. 69.201.65.10.in-addr.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. [root@ratchet ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@ratchet ~]# ipa-server-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [ratchet.lab.eng.pnq.redhat.com]: The domain name has been calculated based on the host name. Please confirm the domain name [lab.eng.pnq.redhat.com]: The server hostname resolves to more than one address: 10.65.201.209 10.65.201.69 Please provide the IP address to be used for this host name: 10.65.201.69 The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [LAB.ENG.PNQ.REDHAT.COM]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): The IPA Master Server will be configured with: Hostname: ratchet.lab.eng.pnq.redhat.com IP address: 10.65.201.69 Domain name: lab.eng.pnq.redhat.com Realm name: LAB.ENG.PNQ.REDHAT.COM Continue to configure the system with these values? [no]: yes # Both IPv6s of host is resolvable through DNS [root@wheeljack ~]# ping 2620:52:0:41c9:5054:ff:fec5:3047 ping: unknown host 2620:52:0:41c9:5054:ff:fec5:3047 [root@wheeljack ~]# ping6 2620:52:0:41c9:5054:ff:fec5:3047 PING 2620:52:0:41c9:5054:ff:fec5:3047(2620:52:0:41c9:5054:ff:fec5:3047) 56 data bytes 64 bytes from 2620:52:0:41c9:5054:ff:fec5:3047: icmp_seq=1 ttl=64 time=2.20 ms ^C --- 2620:52:0:41c9:5054:ff:fec5:3047 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 2.203/2.203/2.203/0.000 ms [root@wheeljack ~]# ping6 2620:52:0:41c9:5054:ff:fea6:ec8 PING 2620:52:0:41c9:5054:ff:fea6:ec8(2620:52:0:41c9:5054:ff:fea6:ec8) 56 data bytes 64 bytes from 2620:52:0:41c9:5054:ff:fea6:ec8: icmp_seq=1 ttl=64 time=1.95 ms ^C --- 2620:52:0:41c9:5054:ff:fea6:ec8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 973ms rtt min/avg/max/mdev = 1.951/1.951/1.951/0.000 ms [root@wheeljack ~]# ping6 ratchet.lab.eng.pnq.redhat.com PING ratchet.lab.eng.pnq.redhat.com(ratchet.lab.eng.pnq.redhat.com) 56 data bytes 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=1 ttl=64 time=2.38 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=2 ttl=64 time=0.402 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=3 ttl=64 time=0.339 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=4 ttl=64 time=0.327 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=5 ttl=64 time=0.331 ms ^C --- ratchet.lab.eng.pnq.redhat.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4639ms rtt min/avg/max/mdev = 0.327/0.756/2.381/0.812 ms [root@ratchet ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@ratchet ~]# cat /etc/resolv.conf search lab.eng.pnq.redhat.com pnq.redhat.com redhat.com nameserver 10.65.201.245 [root@ratchet ~]# host ratchet.lab.eng.pnq.redhat.com ; host 2620:52:0:41c9:5054:ff:fea6:ec8 ; host 2620:52:0:41c9:5054:ff:fec5:3047 ratchet.lab.eng.pnq.redhat.com has IPv6 address 2620:52:0:41c9:5054:ff:fec5:3047 ratchet.lab.eng.pnq.redhat.com has IPv6 address 2620:52:0:41c9:5054:ff:fea6:ec8 8.c.e.0.6.a.e.f.f.f.0.0.4.5.0.5.9.c.1.4.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. 7.4.0.3.5.c.e.f.f.f.0.0.4.5.0.5.9.c.1.4.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. [root@ratchet ~]# ipa-server-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [ratchet.lab.eng.pnq.redhat.com]: The domain name has been calculated based on the host name. Please confirm the domain name [lab.eng.pnq.redhat.com]: The server hostname resolves to more than one address: 2620:52:0:41c9:5054:ff:fea6:ec8 2620:52:0:41c9:5054:ff:fec5:3047 Please provide the IP address to be used for this host name: 2620:52:0:41c9:5054:ff:fea6:ec8 The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [LAB.ENG.PNQ.REDHAT.COM]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): The IPA Master Server will be configured with: Hostname: ratchet.lab.eng.pnq.redhat.com IP address: 2620:52:0:41c9:5054:ff:fea6:ec8 Domain name: lab.eng.pnq.redhat.com Realm name: LAB.ENG.PNQ.REDHAT.COM Continue to configure the system with these values? [no]: yes # All 4 IPs (2 v4 and 2 v6) are resolvable and reachable [root@wheeljack ~]# ping6 ratchet.lab.eng.pnq.redhat.com PING ratchet.lab.eng.pnq.redhat.com(ratchet.lab.eng.pnq.redhat.com) 56 data bytes 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=1 ttl=64 time=1.53 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=2 ttl=64 time=0.311 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com: icmp_seq=3 ttl=64 time=0.363 ms ^C --- ratchet.lab.eng.pnq.redhat.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2015ms rtt min/avg/max/mdev = 0.311/0.734/1.530/0.563 ms [root@wheeljack ~]# ping ratchet.lab.eng.pnq.redhat.com PING ratchet.lab.eng.pnq.redhat.com (10.65.201.209) 56(84) bytes of data. 64 bytes from ratchet.lab.eng.pnq.redhat.com (10.65.201.209): icmp_seq=1 ttl=64 time=2.06 ms 64 bytes from ratchet.lab.eng.pnq.redhat.com (10.65.201.209): icmp_seq=2 ttl=64 time=0.339 ms ^C --- ratchet.lab.eng.pnq.redhat.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1402ms rtt min/avg/max/mdev = 0.339/1.200/2.062/0.862 ms [root@wheeljack ~]# ping ratchet.lab.eng.pnq.redhat.com PING ratchet.lab.eng.pnq.redhat.com (10.65.201.69) 56(84) bytes of data. 64 bytes from ratchet.lab.eng.pnq.redhat.com (10.65.201.69): icmp_seq=1 ttl=64 time=0.334 ms ^C --- ratchet.lab.eng.pnq.redhat.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 859ms rtt min/avg/max/mdev = 0.334/0.334/0.334/0.000 ms [root@wheeljack ~]# ping 10.65.201.69 PING 10.65.201.69 (10.65.201.69) 56(84) bytes of data. 64 bytes from 10.65.201.69: icmp_seq=1 ttl=64 time=0.429 ms ^C --- 10.65.201.69 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 878ms rtt min/avg/max/mdev = 0.429/0.429/0.429/0.000 ms [root@wheeljack ~]# ping 10.65.201.209 PING 10.65.201.209 (10.65.201.209) 56(84) bytes of data. 64 bytes from 10.65.201.209: icmp_seq=1 ttl=64 time=0.205 ms ^C --- 10.65.201.209 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 910ms rtt min/avg/max/mdev = 0.205/0.205/0.205/0.000 ms [root@wheeljack ~]# ping6 2620:52:0:41c9:5054:ff:fea6:ec8 PING 2620:52:0:41c9:5054:ff:fea6:ec8(2620:52:0:41c9:5054:ff:fea6:ec8) 56 data bytes 64 bytes from 2620:52:0:41c9:5054:ff:fea6:ec8: icmp_seq=1 ttl=64 time=0.356 ms ^C --- 2620:52:0:41c9:5054:ff:fea6:ec8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 560ms rtt min/avg/max/mdev = 0.356/0.356/0.356/0.000 ms [root@wheeljack ~]# ping6 2620:52:0:41c9:5054:ff:fec5:3047 PING 2620:52:0:41c9:5054:ff:fec5:3047(2620:52:0:41c9:5054:ff:fec5:3047) 56 data bytes 64 bytes from 2620:52:0:41c9:5054:ff:fec5:3047: icmp_seq=1 ttl=64 time=1.33 ms ^C --- 2620:52:0:41c9:5054:ff:fec5:3047 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 782ms rtt min/avg/max/mdev = 1.338/1.338/1.338/0.000 ms [root@ratchet ~]# host ratchet.lab.eng.pnq.redhat.com ; host 2620:52:0:41c9:5054:ff:fea6:ec8 ; host 2620:52:0:41c9:5054:ff:fec5:3047; host 10.65.201.209 ; host 10.65.201.69 ratchet.lab.eng.pnq.redhat.com has address 10.65.201.209 ratchet.lab.eng.pnq.redhat.com has address 10.65.201.69 ratchet.lab.eng.pnq.redhat.com has IPv6 address 2620:52:0:41c9:5054:ff:fec5:3047 ratchet.lab.eng.pnq.redhat.com has IPv6 address 2620:52:0:41c9:5054:ff:fea6:ec8 8.c.e.0.6.a.e.f.f.f.0.0.4.5.0.5.9.c.1.4.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. 7.4.0.3.5.c.e.f.f.f.0.0.4.5.0.5.9.c.1.4.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. 209.201.65.10.in-addr.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. 69.201.65.10.in-addr.arpa domain name pointer ratchet.lab.eng.pnq.redhat.com. [root@ratchet ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@ratchet ~]# cat /etc/resolv.conf search lab.eng.pnq.redhat.com pnq.redhat.com redhat.com nameserver 10.65.201.245 [root@ratchet ~]# ipa-server-install The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) To accept the default shown in brackets, press the Enter key. Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [ratchet.lab.eng.pnq.redhat.com]: The domain name has been calculated based on the host name. Please confirm the domain name [lab.eng.pnq.redhat.com]: The server hostname resolves to more than one address: 2620:52:0:41c9:5054:ff:fea6:ec8 2620:52:0:41c9:5054:ff:fec5:3047 10.65.201.209 10.65.201.69 Please provide the IP address to be used for this host name: 2620:52:0:41c9:5054:ff:fec5:3047 The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [LAB.ENG.PNQ.REDHAT.COM]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): The IPA Master Server will be configured with: Hostname: ratchet.lab.eng.pnq.redhat.com IP address: 2620:52:0:41c9:5054:ff:fec5:3047 Domain name: lab.eng.pnq.redhat.com Realm name: LAB.ENG.PNQ.REDHAT.COM Continue to configure the system with these values? [no]: yes Verified in version ipa-server-2.2.0-14.el6.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |