Bug 874935
| Summary: | ipa-server installation fails to find A/AAAA record for IPA hostname | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Steeve Goveas <sgoveas> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4 | CC: | jgalipea, mkosek |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-3.0.0-8.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 09:29:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is indeed a regression in 6.4, I will open an upstream bug and fix this. Upstream ticket: https://fedorahosted.org/freeipa/ticket/3248 A patch with a fix is attached to ticket #3248. As a workaround until it gets pushed, you could either 1) Use an IPA hostname that is already resolvable, OR 2) Install IPA with --no-reverse option and configure reverse zone later when IPA installation is finished (if required) The patch resolved the issue. Installation was successful [root@rasalghul ~]# ipa-server-install --setup-dns --forwarder 10.65.201.122 -p Secret123 -P Secret123 -a Secret123 -r TESTRELM.COM -n testrelm.com --ip-address=10.65.201.217 --hostname=rasalghul.testrelm.com -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. .... .... .... Configuring DNS (named) [1/9]: adding DNS container [2/9]: setting up our zone [3/9]: setting up reverse zone [4/9]: setting up our own record [5/9]: setting up kerberos principal [6/9]: setting up named.conf [7/9]: restarting named [8/9]: configuring named to start on boot [9/9]: changing resolv.conf to point to ourselves Done configuring DNS (named). Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files Restarting the web server ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/215fcdfd5e9e0cd26cf5d60254343e11c9148a1c ipa-3-0: https://fedorahosted.org/freeipa/changeset/92860f9a4fc775ca699a0920e42bbb913c30e04f Marked as Regression. Verified using ipa-3.0.0-8.el6. Installed successfully Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html |
Description of problem: When using --no-forwarder option ipa-server installation fails not finding the A/AAAA record for the hostname. [root@rasalghul ~]# ipa-server-install --setup-dns --no-forwarder -p Secret123 -a Secret123 -r TESTRELM.COM -n testrelm.com --ip-address=10.65.201.217 --hostname=rasalghul.testrelm.com -U [1/9]: adding DNS container [2/9]: setting up our zone [3/9]: setting up reverse zone Unexpected error - see /var/log/ipaserver-install.log for details: NotFound: Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record [root@rasalghul ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.65.201.217 rasalghul.testrelm.com rasalghul Version-Release number of selected component (if applicable): [root@rasalghul ~]# rpm -qa | grep ipa-server ipa-server-trust-ad-3.0.0-107.20121109T0309zgit349ab51.el6.x86_64 ipa-server-selinux-3.0.0-107.20121109T0309zgit349ab51.el6.x86_64 ipa-server-3.0.0-107.20121109T0309zgit349ab51.el6.x86_64 [root@rasalghul ~]# rpm -qa | grep bind-dyndb-ldap bind-dyndb-ldap-2.3-1.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Install IPA server with --setup-dns 2. 3. Actual results: Fails with error Unexpected error - see /var/log/ipaserver-install.log for details: NotFound: Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record Expected results: Installation is successful Additional info: [root@rasalghul ~]# tail -50 /var/log/ipaserver-install.log 2012-11-09T05:22:17Z DEBUG stderr=ldap_initialize( ldap://rasalghul.testrelm.com:389/??base ) 2012-11-09T05:22:17Z DEBUG duration: 0 seconds 2012-11-09T05:22:17Z DEBUG [2/9]: setting up our zone 2012-11-09T05:22:17Z DEBUG raw: dnszone_add(u'testrelm.com', idnssoamname=u'rasalghul.testrelm.com.', idnssoarname=u'hostmaster.testrelm.com', idnsupdatepolicy=u'grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;', idnsallowdynupdate=True, idnsallowquery=u'any', idnsallowtransfer=u'none', force=False, ip_address=u'10.65.201.217') 2012-11-09T05:22:17Z DEBUG dnszone_add(u'testrelm.com', idnssoamname=u'rasalghul.testrelm.com.', idnssoarname=u'hostmaster.testrelm.com.', idnssoaserial=1352438537, idnssoarefresh=3600, idnssoaretry=900, idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy=u'grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;', idnsallowdynupdate=True, idnsallowquery=u'any;', idnsallowtransfer=u'none;', force=False, ip_address=u'10.65.201.217', all=False, raw=False) 2012-11-09T05:22:17Z DEBUG raw: dnsrecord_add(u'testrelm.com', u'rasalghul', arecord=u'10.65.201.217') 2012-11-09T05:22:17Z DEBUG dnsrecord_add(u'testrelm.com', u'rasalghul', arecord=(u'10.65.201.217',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False) 2012-11-09T05:22:17Z DEBUG raw: dnsrecord_add(u'testrelm.com', u'@', nsrecord=u'rasalghul.testrelm.com.', force=True) 2012-11-09T05:22:17Z DEBUG dnsrecord_add(u'testrelm.com', u'@', a_extra_create_reverse=False, aaaa_extra_create_reverse=False, nsrecord=(u'rasalghul.testrelm.com.',), force=True, structured=False, all=False, raw=False) 2012-11-09T05:22:17Z DEBUG duration: 0 seconds 2012-11-09T05:22:17Z DEBUG [3/9]: setting up reverse zone 2012-11-09T05:22:17Z DEBUG raw: dnszone_add(u'201.65.10.in-addr.arpa.', idnssoamname=u'rasalghul.testrelm.com.', idnssoarname=u'hostmaster.testrelm.com', idnsupdatepolicy=u'grant TESTRELM.COM krb5-subdomain 201.65.10.in-addr.arpa. PTR;', idnsallowdynupdate=True, idnsallowquery=u'any', idnsallowtransfer=u'none', force=False, ip_address=None) 2012-11-09T05:22:17Z DEBUG dnszone_add(u'201.65.10.in-addr.arpa.', idnssoamname=u'rasalghul.testrelm.com.', idnssoarname=u'hostmaster.testrelm.com.', idnssoaserial=1352438537, idnssoarefresh=3600, idnssoaretry=900, idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy=u'grant TESTRELM.COM krb5-subdomain 201.65.10.in-addr.arpa. PTR;', idnsallowdynupdate=True, idnsallowquery=u'any;', idnsallowtransfer=u'none;', force=False, ip_address=None, all=False, raw=False) 2012-11-09T05:22:17Z DEBUG raw: dns_resolve(u'rasalghul.testrelm.com.') 2012-11-09T05:22:17Z DEBUG dns_resolve(u'rasalghul.testrelm.com.') 2012-11-09T05:22:17Z INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script return_value = main_function() File "/usr/sbin/ipa-server-install", line 1072, in main bind.create_instance() File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 508, in create_instance self.start_creation() File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 358, in start_creation method() File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 616, in __setup_reverse_zone dns_backup=self.dns_backup) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 293, in add_zone force=force) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1063, in execute self, ldap, dn, entry_attrs, attrs_list, *keys, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1812, in pre_callback check_ns_rec_resolvable(keys[0], nameserver) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 1516, in check_ns_rec_resolvable reason=_('Nameserver \'%(host)s\' does not have a corresponding A/AAAA record') % {'host': name} 2012-11-09T05:22:17Z INFO The ipa-server-install command failed, exception: NotFound: Nameserver 'rasalghul.testrelm.com.' does not have a corresponding A/AAAA record