First Last Prev Next    This bug is not in your last search results.
Bug 1476531 - ipa-replica-install does not create host A record [NEEDINFO]
ipa-replica-install does not create host A record
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: freeipa (Show other bugs)
25
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: IPA Maintainers
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-29 19:54 EDT by Patrick Hemmer
Modified: 2017-10-16 04:39 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-10-16 04:39:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tkrizek: needinfo? (bugzilla.redhat)

Attachments (Terms of Use)
ipareplica-install.log (71.24 KB, text/plain)
2017-07-29 19:54 EDT, Patrick Hemmer 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Patrick Hemmer 2017-07-29 19:54:08 EDT 
Created attachment 1306427 [details]
ipareplica-install.log

Description of problem:
When running `ipa-replica-install` on a new host, the script does not create an A record for the host in the IPA DNS zone. This results in lookups for the host failing and the install script failing as well.

Version-Release number of selected component (if applicable):
4.5.2

How reproducible:
Every time

Steps to Reproduce:
1. `ipa-replica-install` on a new host.

Actual results:
No A record for host added to IPA DNS zone.

Expected results:
An A record for host added to IPA DNS zone.


Additional info:
Install command used:
    ipa-replica-install --principal admin -w XXXX -n ipa-stg.chewy.net -r IPA-STG.CHEWY.NET --setup-dns --no-host-dns --setup-kra --mkhomedir --forwarder 10.0.2.10 --forwarder 10.0.2.11 --no-ntp --no-dnssec-validation -U --server=fll2aipa01stg.ipa-stg.chewy.net --setup-ca --skip-conncheck
Comment 1 Petr Vobornik 2017-08-11 17:23:27 EDT 
You are using --no-host-dns and --skip-conncheck which forces the installer to skip some DNS related checks and therefore might hide some environmental issues.

IPA adds A record if it cannot be resolved or IP address(es) are provided.

From the log it seems that the hostname was resolvable:
 
2017-07-27T21:54:24Z DEBUG Name fll2aipa02stg.ipa-stg.chewy.net resolved to set([UnsafeIPAddress('10.0.33.201')])
2017-07-27T21:54:24Z WARNING No network interface matches the IP address 10.0.33.201

So it didn't add anything but master most likely could not contact the replica.

You can run the installer with --ip-address option.

Alternative is first to install client and then promote it to replica.
Comment 2 Patrick Hemmer 2017-08-11 17:29:36 EDT 
We adjusted our install process to manually add the A record to the IPA DNS zone prior to running `ipa-replica-install` and it comes up perfectly fine. So it's not an issue with the master reaching the replica.

I can try with `--ip-address`. Maybe that can be a substitute for manually creating the A record.
Comment 5 Tomas Krizek 2017-09-18 08:54:30 EDT 
Could you please also share ipa-client-install.log from the replica? It should contain the nsupdate command along with its output and may provide some insight.

Also, do you have dynamic-update enabled for the IPA dnszone? You can check with 

$ ipa dnszone-mod example.com. --dynamic-update=TRUE

and you should get an error saying no configuration was changed.

Is the A record created for other clients you install?
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.