Hide Forgot
Description of problem: When IP address of master does not resolve to its hostname, ipa-replica-install fails. Version-Release number of selected component (if applicable): python2-ipaserver-4.4.0-4.el7.noarch How reproducible: Deterministic. Steps to Reproduce: 1. Have setup where IP address of master as seen by replica does not match master's hostname. 2. Run ipa-replica-install --server ipa.example.test --domain example.test Actual results: /etc/ssh/ssh_config not found, skipping configuration /etc/ssh/sshd_config not found, skipping configuration Configuring example.test as NIS domain. Client configuration complete. Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Restoring client configuration files Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Systemwide CA database updated. Client uninstall complete. ipa.ipapython.install.cli.install_tool(Replica): ERROR The host name ipa.example.test does not match the primary host name freeipa-server-container.freeipa-network. Please check /etc/hosts or DNS name resolution ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Removing client side components Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. The log ends with 2016-08-04T13:29:08Z DEBUG Check if replica.example.test is a primary hostname for localhost 2016-08-04T13:29:08Z DEBUG Primary hostname for localhost: replica.example.test 2016-08-04T13:29:08Z DEBUG Search DNS for replica.example.test 2016-08-04T13:29:08Z DEBUG Check if replica.example.test is not a CNAME 2016-08-04T13:29:09Z DEBUG Check reverse address of 172.18.0.3 2016-08-04T13:29:09Z DEBUG Found reverse name: replica.example.test 2016-08-04T13:29:09Z DEBUG Check if ipa.example.test is a primary hostname for localhost 2016-08-04T13:29:09Z DEBUG Primary hostname for localhost: freeipa-server-container.freeipa-network 2016-08-04T13:29:09Z DEBUG Starting external process 2016-08-04T13:29:09Z DEBUG args=/usr/sbin/ipa-client-install --unattended --uninstall 2016-08-04T13:29:19Z DEBUG Process finished, return code=0 2016-08-04T13:29:19Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate for nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 564, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1712, in main promote_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 364, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 386, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1108, in promote_check installutils.verify_fqdn(config.master_host_name, options.no_host_dns) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 166, in verify_fqdn "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) 2016-08-04T13:29:19Z DEBUG The ipa-replica-install command failed, exception: HostLookupError: The host name ipa.example.test does not match the primary host name freeipa-server-container.freeipa-network. Please check /etc/hosts or DNS name resolution 2016-08-04T13:29:19Z ERROR The host name ipa.example.test does not match the primary host name freeipa-server-container.freeipa-network. Please check /etc/hosts or DNS name resolution 2016-08-04T13:29:19Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Expected results: No error. Additional info:
The installutils.verify_fqdn(config.master_host_name, options.no_host_dns) calls in /usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py should likely include local_hostname=False.
(In reply to Jan Pazdziora from comment #1) > The > > installutils.verify_fqdn(config.master_host_name, options.no_host_dns) > > calls in > > > /usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py > > should likely include local_hostname=False. With this change, ipa-replica install complains but proceeds setting up the replica: /etc/ssh/sshd_config not found, skipping configuration Configuring example.test as NIS domain. Client configuration complete. ipa : ERROR The host name ipa.example.test does not match the value freeipa-server-container.freeipa-network obtained by reverse lookup on IP address 172.18.0.2 Configuring NTP daemon (ntpd) [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv). Estimated time: 1 minute [1/44]: creating directory server user [2/44]: creating directory server instance That ERROR output should likely also be purged.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6210
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.
Fixed upstream master: https://pagure.io/freeipa/c/f1e20b45c5deeb25989c87a2d717bda5a31bb084
Missclicked status MIDIFIED setting to POST; Fixed upstream ipa-4-8: https://pagure.io/freeipa/c/0b2ed9c415370de79f8ecaa1be153a1d80cf6ea1 Fixed upstream ipa-4-7: https://pagure.io/freeipa/c/82351f1e09e9d592e3b0bef521c2c94b0d222cce Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/a016ed75ecbe7e2698530036043ef19df1bd718f
The pull requests add that local_hostname=False in containers. I don't think this is the proper fix. This is about the master's IP address not resolving directly to its hostname, so the same situation likely happens in AWS, and the same situation happens when the master is in container (or in general, in reverse-DNS-challenging environment) and replica is on a host, outside of containers. When verifying this bugzilla, please use a setup when the IP address of master as seen by the replica does not resolve to master's hostname, outside of containers.
Created attachment 1663784 [details] verification steps with console output Verified based on same steps done for 7.8 bugs mentioned at https://bugzilla.redhat.com/show_bug.cgi?id=1751951#c10
I still don't see how this verifies the change. We need a reproducer of the failing setup with the older version of IdM, and then fixed reproducer with newer package versions. Similar to my comments in bug 1751951, unless you show that the behaviour has changed (improved), the bugzilla cannot be considered verified.