1373910 – IPA server upgrade fails with DNS timed out errors.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1373910 - IPA server upgrade fails with DNS timed out errors.

Summary: IPA server upgrade fails with DNS timed out errors.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Kaleem
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1286635 1364071 1369761
TreeView+	depends on / blocked

Reported:	2016-09-07 12:12 UTC by Nikhil Dehadrai
Modified:	2016-11-04 06:03 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ipa-4.4.0-12.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-04 06:03:04 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2404	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2016-11-03 13:56:18 UTC

Description Nikhil Dehadrai 2016-09-07 12:12:39 UTC

Description of problem:
IPA server upgrade fails with DNS timed out errors when upgraded from 7.0. to 7.3.

Version-Release number of selected component (if applicable):
ipa-server.x86_64 0:4.4.0-9.el7

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server on RHEL 7.0
2. Setup repo links for RHEL 7.3  in order to upgrade ipa server(in my case ipa-server.x86_64 0:4.4.0-9.el7).
3. Initiate upgrade prcess by running command "yum -y update 'ipa*' sssd"

Actual results:
1. After step3, Yum update process completes successfully, but upgrade fails with following message:
2016-09-07T08:15:47Z ERROR DNS query for auto-hv-01-guest07.testrelm.test. A failed: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2016-09-07T08:15:47Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run
    server.upgrade()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1840, in upgrade
    upgrade_configuration()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1724, in upgrade_configuration
    named_update_global_forwarder_policy(),
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 843, in named_update_global_forwarder_policy
    if not dnsutil.has_empty_zone_addresses(api.env.host):
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 278, in has_empty_zone_addresses
    ip_addresses = resolve_ip_addresses(hostname)
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 328, in resolve_ip_addresses
    rrsets = resolve_rrsets(fqdn, ['A', 'AAAA'])
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 305, in resolve_rrsets
    answer = dns.resolver.query(fqdn, rdtype)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1027, in query
    raise_on_no_answer, source_port)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 947, in query
    timeout = self._compute_timeout(start)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 769, in _compute_timeout
    raise Timeout(timeout=duration)
 
2016-09-07T08:15:47Z DEBUG The ipa-server-upgrade command failed, exception: Timeout: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
Timeout: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information 

Expected results:
No error messages should be observed during upgrade process.

Comment 4 Martin Bašti 2016-09-07 15:09:33 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6205

Comment 6 Martin Babinsky 2016-09-14 12:58:00 UTC

Fixed upstream
ipa-4-3:
https://fedorahosted.org/freeipa/changeset/2d011b97c8a56d9eabae2ca3d88c30314e0adb58
https://fedorahosted.org/freeipa/changeset/93756dc719723bbec93497ecd6e06e325e6eecbd
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/afeb4bd8a6039173c24201803f1253fae2529a83
https://fedorahosted.org/freeipa/changeset/e39cc53d90175e3cae6805302f318a96bc0e1af1
master:
https://fedorahosted.org/freeipa/changeset/22fd6f020940b5b2a1258f8e0e6058c95f7a1ba5
https://fedorahosted.org/freeipa/changeset/271a4f098230112ee0e3ea3ffb3a509977ee7330

Comment 12 Martin Babinsky 2016-09-20 12:17:09 UTC

Yes the selinux issue is orthogonal to this BZ.

Comment 17 Nikhil Dehadrai 2016-09-22 13:22:25 UTC

IPA server version: ipa-server-4.4.0-12.el7.x86_64
Bind-ldap: bind-dyndb-ldap-10.0-5.el7.x86_64

Verified the bug on the basis of following points:
1. Verified that upgrade is successful for RHE 7.0 to RHEL 7.3.
2. "DNS timed out error" message is not displayed at the console.
3. The dummy dns forwardzone details created at 7.0 are reflected after upgrade.

Thus on the basis of observations above and Comment#15 and Comment#16, marking the status of bug to "VERIFIED".

Comment 20 errata-xmlrpc 2016-11-04 06:03:04 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html

Note You need to log in before you can comment on or make changes to this bug.