Hide Forgot
Description of problem: IPA server upgrade fails with DNS timed out errors when upgraded from 7.0. to 7.3. Version-Release number of selected component (if applicable): ipa-server.x86_64 0:4.4.0-9.el7 How reproducible: Always Steps to Reproduce: 1. Setup IPA server on RHEL 7.0 2. Setup repo links for RHEL 7.3 in order to upgrade ipa server(in my case ipa-server.x86_64 0:4.4.0-9.el7). 3. Initiate upgrade prcess by running command "yum -y update 'ipa*' sssd" Actual results: 1. After step3, Yum update process completes successfully, but upgrade fails with following message: 2016-09-07T08:15:47Z ERROR DNS query for auto-hv-01-guest07.testrelm.test. A failed: The DNS operation timed out after 30.0012800694 seconds 2016-09-07T08:15:47Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2016-09-07T08:15:47Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1840, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1724, in upgrade_configuration named_update_global_forwarder_policy(), File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 843, in named_update_global_forwarder_policy if not dnsutil.has_empty_zone_addresses(api.env.host): File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 278, in has_empty_zone_addresses ip_addresses = resolve_ip_addresses(hostname) File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 328, in resolve_ip_addresses rrsets = resolve_rrsets(fqdn, ['A', 'AAAA']) File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 305, in resolve_rrsets answer = dns.resolver.query(fqdn, rdtype) File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1027, in query raise_on_no_answer, source_port) File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 947, in query timeout = self._compute_timeout(start) File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 769, in _compute_timeout raise Timeout(timeout=duration) 2016-09-07T08:15:47Z DEBUG The ipa-server-upgrade command failed, exception: Timeout: The DNS operation timed out after 30.0012800694 seconds 2016-09-07T08:15:47Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details: Timeout: The DNS operation timed out after 30.0012800694 seconds 2016-09-07T08:15:47Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information Expected results: No error messages should be observed during upgrade process.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6205
Fixed upstream ipa-4-3: https://fedorahosted.org/freeipa/changeset/2d011b97c8a56d9eabae2ca3d88c30314e0adb58 https://fedorahosted.org/freeipa/changeset/93756dc719723bbec93497ecd6e06e325e6eecbd ipa-4-4: https://fedorahosted.org/freeipa/changeset/afeb4bd8a6039173c24201803f1253fae2529a83 https://fedorahosted.org/freeipa/changeset/e39cc53d90175e3cae6805302f318a96bc0e1af1 master: https://fedorahosted.org/freeipa/changeset/22fd6f020940b5b2a1258f8e0e6058c95f7a1ba5 https://fedorahosted.org/freeipa/changeset/271a4f098230112ee0e3ea3ffb3a509977ee7330
Yes the selinux issue is orthogonal to this BZ.
IPA server version: ipa-server-4.4.0-12.el7.x86_64 Bind-ldap: bind-dyndb-ldap-10.0-5.el7.x86_64 Verified the bug on the basis of following points: 1. Verified that upgrade is successful for RHE 7.0 to RHEL 7.3. 2. "DNS timed out error" message is not displayed at the console. 3. The dummy dns forwardzone details created at 7.0 are reflected after upgrade. Thus on the basis of observations above and Comment#15 and Comment#16, marking the status of bug to "VERIFIED".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html