Bug 949632
| Summary: | ipa-client-install is not able to fail over to functional server | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Petr Spacek <pspacek> |
| Component: | ipa-client | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.9 | CC: | dpal, mkosek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-client-2.1.3-6.el5 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-09-30 23:17:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 905626 | ||
| Bug Blocks: | |||
| Attachments: | |||
|
Description
Petr Spacek
2013-04-08 16:37:55 UTC
Can you attach /var/log/ipaclient-install.log? Created attachment 733035 [details]
ipaclient-install.log from failed attempt
Created attachment 733040 [details]
ipaclient-install.log from successful attempt
Sure, sorry.
Created attachment 733045 [details]
733040: ipaclient-install.log from successful attempt - dead replica has A record in DNS
I repeated installation with proper A record for both replicas. The dead replica didn't have A record in DNS in previous successful attempt.
Log files from unsuccessful attempts are exactly same in both cases.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3388 Related RHEL-6.5 Bugzilla: Bug 905626 This bug would require backporting RHEL-6.4/RHEL 6.5 bug fix (Bug Bug 905626) also for RHEL-6.5. Let us decide on triage if we want to backport or not. (In reply to comment #5) > This bug would require backporting RHEL-6.4/RHEL 6.5 bug fix (Bug Bug > 905626) also for RHEL-6.5. ... Sorry for typo, I meant backporting for *RHEL 5.10*. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Upstream commits: master: cbb262dc07ea0615068a630e6c7136e3200d5a06 ipa-3-1: a5f10e25b27fb860be0f06506d603197c2e5a955 Regression fix: master: be54d1deb5e40945e4ead5b34d9acde88c1e8264 ipa-client discovery with anonymous access off ipa-3-1: dda3cd1b1c94c764d774110789dff8899ff873c8 ipa-client discovery with anonymous access off verified using ipa-client-2.1.3-7.el5; ipa-server-3.0.0-26.el6_4.4.x86_64 Steps taken: 1> Installed master (storm.testrelm.com) 2> Installed replica (qe-blade-01.testrelm.com) 3> On Client (mgmt7.testrelm.com) # cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 10.16.120.17 mgmt7.testrelm.com mgmt7 10.16.76.32 qe-blade-01.testrelm.com qe-blade-01 10.16.96.68 storm.testrelm.com storm # cat /etc/resolv.conf ; generated by /sbin/dhclient-script search testrelm.com nameserver 10.16.96.68 nameserver 10.16.76.32 4> Stopped server on master 5> On replica: [root@qe-blade-01 ~]# dig -t SRV _ldap._tcp.testrelm.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> -t SRV _ldap._tcp.testrelm.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 421 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;_ldap._tcp.testrelm.com. IN SRV ;; ANSWER SECTION: _ldap._tcp.testrelm.com. 86400 IN SRV 0 100 389 storm.testrelm.com. _ldap._tcp.testrelm.com. 86400 IN SRV 0 100 389 qe-blade-01.testrelm.com. ;; AUTHORITY SECTION: testrelm.com. 86400 IN NS storm.testrelm.com. testrelm.com. 86400 IN NS qe-blade-01.testrelm.com. ;; ADDITIONAL SECTION: storm.testrelm.com. 1200 IN A 10.16.96.68 qe-blade-01.testrelm.com. 1200 IN A 10.16.76.32 ;; Query time: 1 msec ;; SERVER: 10.16.76.32#53(10.16.76.32) ;; WHEN: Mon Aug 5 13:27:30 2013 ;; MSG SIZE rcvd: 183 6> Installed client: # ipa-client-install --domain=testrelm.com Discovery was successful! Hostname: mgmt7.testrelm.com Realm: TESTRELM.COM DNS Domain: testrelm.com IPA Server: qe-blade-01.testrelm.com BaseDN: dc=testrelm,dc=com Continue to configure the system with these values? [no]: y User authorized to enroll computers: admin Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Password for admin: Enrolled in IPA realm TESTRELM.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM.COM Warning: Hostname (mgmt7.testrelm.com) not found in DNS Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status -6) SSSD enabled NTP enabled Client configuration complete. 7> on client tried: # kinit one Password for one: Password expired. You must change it now. Enter new password: Enter it again: # ssh storm.testrelm.com Automated test: ipaclientinstall_withmasterdown() Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1334.html |