Bug 799335

Summary:	ipa host-add fails when DNS records already exist
Product:	Red Hat Enterprise Linux 6	Reporter:	Jenny Severance <jgalipea>
Component:	ipa	Assignee:	Rob Crittenden <rcritten>
Status:	CLOSED ERRATA	QA Contact:	IDM QE LIST <seceng-idm-qe-list>
Severity:	unspecified	Docs Contact:
Priority:	high
Version:	6.3	CC:	aakkiang, mkosek
Target Milestone:	rc	Keywords:	Regression
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ipa-2.2.0-4.el6	Doc Type:	Bug Fix
Doc Text:	No documentation needed	Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-06-20 13:20:09 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Jenny Severance 2012-03-02 14:15:10 UTC

Description of problem:

add forward and reverse entries for a host and try to add the host without --force option.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-48: Add host without force option - DNS Record Exists
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [09:09:36] ::  EXECUTING: ipa host-add myhost.testrelm.com
ipa: ERROR: Host does not have corresponding DNS A record
:: [   FAIL   ] :: Add host DNS entries exist (Expected 0, got 1)
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [09:09:39] ::  WARNING: Failed to find host.
:: [   FAIL   ] :: Verifying host was added when DNS records exist. (Expected 0, got 1)
  Record name: myhost
  A record: 10.16.187.99
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for forward DNS entry
  Record name: 99
  PTR record: myhost.testrelm.com.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry



Version-Release number of selected component (if applicable):
ipa-server-2.2.0-103.20120302T0507zgitc611d89.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. see description
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 2 Martin Kosek 2012-03-02 14:30:33 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2481

Comment 3 Martin Kosek 2012-03-02 15:07:16 UTC

I found the reason why this issue happens. We call acutil.res_send() to send a DNS query to find A record of the new hostname. However, the request may not be sent to the current resolver in /etc/resolv.conf but to the old one that was configure there before. Which apparently does not know this hostname.

So if you run ipa-dns-install and then tried this use case right after it, it resulted to this error. As a workaround, one can reload httpd process after ipa-dns-install.

Comment 4 Jenny Severance 2012-03-02 15:13:52 UTC

I installed the ipa-server with --setup-dns ... why should I have to run ipa-dns-isntall ?

Comment 5 Jenny Severance 2012-03-02 15:21:24 UTC

however, fresh install behaves the same, see acceptance tests results when they come in on list.

Comment 6 Martin Kosek 2012-03-02 15:37:00 UTC

Oh, its the same with --setup-dns. The problem is in change of /etc/resolv.conf and unability of acutil to realize it.

Comment 7 Rob Crittenden 2012-03-12 19:22:00 UTC

Fixed upstream.

master: c956b3cd2ba12d87054909af3dce7d231f034240

ipa-2-2: 453dbdc0dd412ed90950f10ffd8be895ff7b2ded

This was addressed by restarting Apache after configuring bind so it gets an updated resolv.conf.

Comment 9 Jenny Severance 2012-03-15 11:03:29 UTC

verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-48: Add host without force option - DNS Record Exists
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: EXECUTING: ipa host-add myhost.testrelm.com
:: [   PASS   ] :: Add host DNS entries exist
:: [   LOG    ] :: Host name is as expected.
:: [   LOG    ] :: Principal name is as expected.
:: [   PASS   ] :: Verifying host was added when DNS records exist.
:: [   PASS   ] :: Checking for forward DNS entry
:: [   PASS   ] :: Checking for reverse DNS entry
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-host-cli-48: Add host without force option - DNS Record Exists


version ::
ipa-server-2.2.0-4.el6.x86_64

Comment 11 Martin Kosek 2012-04-24 13:32:42 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed

Comment 13 errata-xmlrpc 2012-06-20 13:20:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html