Description of problem: From Fedora 21 to 23, the rolekit service on Fedora Server has provided a simplified mechanism for quickly deploying a FreeIPA Domain Controller. In order to avoid a classic chicken-and-egg problem where setting up the FreeIPA server to provide DNS requires a valid DNS entry for the server itself, we have historically been able to rely on the presence of nss_myhostname in /etc/nsswitch.conf to ensure that the local hostname is resolvable to something meaningful. Without this, the FreeIPA installation fails in a difficult-to-understand way. Version-Release number of selected component (if applicable): rolekit-0.5.1-1.fc24 systemd-libs-229-6.fc24.x86_64.rpm glibc-2.23.1-5.fc24.x86_64.rpm How reproducible: Steps to Reproduce: 1. Install the latest Fedora Server 24 pre-release, taking all defaults 2. On the booted system, run `rolectl deploy --name=example.com domaincontroller` Actual results: Deployment fails with "Error 256". Installation logs show that it failed attempting to determine the IP address for the machine's hostname and gethostbyname() returned nothing. Expected results: FreeIPA should be installed and available. Additional info: I'm not sure where the best place to solve this is: * Have systemd %post return to installing nss_myhostname * Have glibc enable nss_myhostname by default * Have rolekit modify /etc/nsswitch to add nss_myhostname when deploying * Have rolekit modify /etc/hosts to add the current IP address(es) for the domain name.
Proposed as a Blocker for 24-beta by Fedora user sgallagh using the blocker tracking app because: "The core functional requirements for all Featured Server Roles must be met, but it is acceptable if moderate workarounds are necessary to achieve this." -- Alpha criteria Not a blocker for Alpha because: "For instance, if a service needs to be manually enabled or a configuration file minimally tweaked, this is acceptable." The workaround for now is to modify either /etc/hosts or /etc/nsswitch (which we should put into Common Bugs)
Proposed as a Freeze Exception for 24-alpha by Fedora user sgallagh using the blocker tracking app because: "The core functional requirements for all Featured Server Roles must be met, but it is acceptable if moderate workarounds are necessary to achieve this." -- Alpha criteria Not a blocker for Alpha because: "For instance, if a service needs to be manually enabled or a configuration file minimally tweaked, this is acceptable." The workaround for now is to modify either /etc/hosts or /etc/nsswitch (which we should put into Common Bugs)
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Adding of nss-myhostname to /etc/resolv.conf in glibc got stalled on the question whether "gateway" should be resolved by nss-myhostname or not. The lack of nss-myhostname is causing real issues, while we never had any bug reports about "gateway". So I think we should enable nss-myhostname by default while the remaining issues are discussed. My order of preference: 1. let glibc add myhostname to /etc/resolv.conf 2. restore the hack to enable it in systmed.rpm 3. wait
(In reply to Zbigniew Jędrzejewski-Szmek from comment #4) > Adding of nss-myhostname to /etc/resolv.conf in glibc got stalled on the > question whether "gateway" should be resolved by nss-myhostname or not. The > lack of nss-myhostname is causing real issues, while we never had any bug > reports about "gateway". So I think we should enable nss-myhostname by > default while the remaining issues are discussed. > > My order of preference: > 1. let glibc add myhostname to /etc/resolv.conf > 2. restore the hack to enable it in systmed.rpm > 3. wait Is there any possibility of disabling "gateway" in the Fedora build while that's sorted out? That way we could get nss-myhostname back in ASAP and then merge "gateway" back in (or not) as we work through the open questions?
We could also use “_gateway” instead of “gateway”. This would address my primary concern (the namespace hijack).
I'm +1 freeze exception on this.
I would vote to only resolve "gateway." and not "gateway"
Since this doesn't seem likely to get resolved for Alpha, I'm going to add the following to the Common Bugs page as a temporary solution: == Deploying Domain Controller Fails == Due to some changes with how the machine handles hostname resolution, the machine may not be able to look up the UP address for its own hostname. The workaround for this issue is to add a line similar to: 192.168.122.123 mymachine.mydomain.com to /etc/hosts (replacing the IP address with the actual *external* IP and the hostname with the real hostname of the system).
Discussed at today's blocker review meeting [1]. Voted as AcceptedFreezeException (Alpha) - this is clearly a significant issue for Server that cannot be fully fixed with an update. It's accepted as a freeze exception, if a sufficiently targeted fix is found it will be accepted [1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2016-03-21
In the same meeting, also voted as AcceptedBlocker (Beta) - clear violation of "The core functional requirements for all Featured Server Roles must be met, without any workarounds being necessary."
I'll start the process to change the resolution of "gateway" upstream, but I think this will take a while, and we need some fix now. I restored the addition of myhostname to /etc/nsswitch.conf in systemd %post now. It's building in rawhide/f24 currently.
Zbigniew, could you please modify that so it follows the implementation I suggested in BZ#1284323 ? That way, it at least won't cache-poison for temporary DNS failures.
systemd-229-7.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-14ac3b6fd4
systemd-229-7.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-14ac3b6fd4
systemd-229-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.