1476531 – ipa-replica-install does not create host A record

Bug 1476531 - ipa-replica-install does not create host A record

Summary: ipa-replica-install does not create host A record

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	freeipa
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	IPA Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-29 23:54 UTC by Patrick Hemmer
Modified:	2023-09-14 04:01 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-10-16 08:39:00 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
ipareplica-install.log (71.24 KB, text/plain) 2017-07-29 23:54 UTC, Patrick Hemmer	no flags	Details
View All

Description Patrick Hemmer 2017-07-29 23:54:08 UTC

Created attachment 1306427 [details]
ipareplica-install.log

Description of problem:
When running `ipa-replica-install` on a new host, the script does not create an A record for the host in the IPA DNS zone. This results in lookups for the host failing and the install script failing as well.

Version-Release number of selected component (if applicable):
4.5.2

How reproducible:
Every time

Steps to Reproduce:
1. `ipa-replica-install` on a new host.

Actual results:
No A record for host added to IPA DNS zone.

Expected results:
An A record for host added to IPA DNS zone.


Additional info:
Install command used:
    ipa-replica-install --principal admin -w XXXX -n ipa-stg.chewy.net -r IPA-STG.CHEWY.NET --setup-dns --no-host-dns --setup-kra --mkhomedir --forwarder 10.0.2.10 --forwarder 10.0.2.11 --no-ntp --no-dnssec-validation -U --server=fll2aipa01stg.ipa-stg.chewy.net --setup-ca --skip-conncheck

Comment 1 Petr Vobornik 2017-08-11 21:23:27 UTC

You are using --no-host-dns and --skip-conncheck which forces the installer to skip some DNS related checks and therefore might hide some environmental issues.

IPA adds A record if it cannot be resolved or IP address(es) are provided.

From the log it seems that the hostname was resolvable:
 
2017-07-27T21:54:24Z DEBUG Name fll2aipa02stg.ipa-stg.chewy.net resolved to set([UnsafeIPAddress('10.0.33.201')])
2017-07-27T21:54:24Z WARNING No network interface matches the IP address 10.0.33.201

So it didn't add anything but master most likely could not contact the replica.

You can run the installer with --ip-address option.

Alternative is first to install client and then promote it to replica.

Comment 2 Patrick Hemmer 2017-08-11 21:29:36 UTC

We adjusted our install process to manually add the A record to the IPA DNS zone prior to running `ipa-replica-install` and it comes up perfectly fine. So it's not an issue with the master reaching the replica.

I can try with `--ip-address`. Maybe that can be a substitute for manually creating the A record.

Comment 5 Tomas Krizek 2017-09-18 12:54:30 UTC

Could you please also share ipa-client-install.log from the replica? It should contain the nsupdate command along with its output and may provide some insight.

Also, do you have dynamic-update enabled for the IPA dnszone? You can check with 

$ ipa dnszone-mod example.com. --dynamic-update=TRUE

and you should get an error saying no configuration was changed.

Is the A record created for other clients you install?

Comment 6 Red Hat Bugzilla 2023-09-14 04:01:51 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days

Note You need to log in before you can comment on or make changes to this bug.