Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Created attachment 1379689[details]
Full log
Description of problem:
ipa-replica-install with CA/DNS fails if replica is in a forwarded zone
Version-Release number of selected component (if applicable):
ipa-server-4.5.0-22.el7.centos.x86_64
How reproducible:
Steps to Reproduce:
1.
I set up forwards on my first ipa-server:
$ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1
$ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24 --forwarder=10.42.42.1 --forward-policy=only
2.
I install the replica on a server in the h2.int.pdp7.net domain:
$ ipa-replica-install -v -w $pw -n ipa.pdp7.net -P alex --mkhomedir --setup-ca --setup-dns --auto-forwarders
[...]
ipa : DEBUG [2/8]: setting up our own record
[2/8]: setting up our own record
ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG raw: dnsrecord_add(u'h2.int.pdp7.net', u'ipa2', arecord=u'10.42.42.83', version=u'2.228')
ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG dnsrecord_add(<DNS name h2.int.pdp7.net.>, <DNS name ipa2>, arecord=(u'10.42.42.83',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False, version=u'2.228')
ipa : DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 852, in __add_self
self.__add_master_records(self.fqdn, self.ip_addresses)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 843, in __add_master_records
add_fwd_rr(zone, host, addr, self.api)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 367, in add_fwd_rr
add_rr(zone, host, "A", ip_address, None, api)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 358, in add_rr
api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
return self.__do_call(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
ret = self.run(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run
return self.execute(*args, **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3666, in execute
result = super(dnsrecord_add, self).execute(*keys, **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1141, in execute
dn = self.obj.get_dn(*keys, **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3161, in get_dn
dn = self.check_zone(keys[-2], **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3152, in check_zone
error=_(u'only master zones can contain records')
ValidationError: invalid 'dnszoneidnsname': only master zones can contain records
ipa : DEBUG [error] ValidationError: invalid 'dnszoneidnsname': only master zones can contain records
[error] ValidationError: invalid 'dnszoneidnsname': only master zones can contain records
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, in execute
for _nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
for _nothing in self._installer(self.parent):
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 617, in main
replica_install(self)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 386, in decorated
func(installer)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1479, in install
dns.install(False, True, options, api)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 338, in install
bind.create_instance()
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 719, in create_instance
self.start_creation()
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 852, in __add_self
self.__add_master_records(self.fqdn, self.ip_addresses)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 843, in __add_master_records
add_fwd_rr(zone, host, addr, self.api)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 367, in add_fwd_rr
add_rr(zone, host, "A", ip_address, None, api)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 358, in add_rr
api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__
return self.__do_call(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call
ret = self.run(*args, **options)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run
return self.execute(*args, **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3666, in execute
result = super(dnsrecord_add, self).execute(*keys, **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1141, in execute
dn = self.obj.get_dn(*keys, **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3161, in get_dn
dn = self.check_zone(keys[-2], **options)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3152, in check_zone
error=_(u'only master zones can contain records')
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): DEBUG The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR invalid 'dnszoneidnsname': only master zones can contain records
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
3.
Actual results:
Replica installation fails.
Expected results:
Replica installation works.
Additional info:
None
Can you confirm I understand the problem correctly?
This replica is in a different DNS domain that the original master and that DNS domain is not controlled by IPA?
Why have DNS enabled on the replica at all then? What is it going to manage?
> This replica is in a different DNS domain that the original master and that DNS domain is not controlled by IPA?
Yes.
> Why have DNS enabled on the replica at all then? What is it going to manage?
Host the IPA DNS zone (e.g. the SRV records for discovery of services), it seems simpler than maintaining the records on my existing DNS servers.
This seems to work mostly well and I don't see documentation explicitly disallowing this- save for the fact that the replica installation doesn't work.
Maybe it'd be nice to allow IPA hosts (both servers and clients) to have their existing hostname and a second hostname in IPA (e.g. my server is xxxx.foo.example.com, but when added to IPA it gets a xxxx.ipa.example.com additional name). This would also allow handling stuff such as laptops moving between different networks and getting different hostnames.
version:
ipa-server-4.6.5-8.el7.x86_64
The ipa-replica-install got succeed. Console logs provided. Based on above observation, marking the bug as verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2019:2241
Created attachment 1379689 [details] Full log Description of problem: ipa-replica-install with CA/DNS fails if replica is in a forwarded zone Version-Release number of selected component (if applicable): ipa-server-4.5.0-22.el7.centos.x86_64 How reproducible: Steps to Reproduce: 1. I set up forwards on my first ipa-server: $ ipa dnsforwardzone-add h2.int.pdp7.net --forwarder=10.42.42.1 $ ipa dnsforwardzone-add --name-from-ip=10.42.42.0/24 --forwarder=10.42.42.1 --forward-policy=only 2. I install the replica on a server in the h2.int.pdp7.net domain: $ ipa-replica-install -v -w $pw -n ipa.pdp7.net -P alex --mkhomedir --setup-ca --setup-dns --auto-forwarders [...] ipa : DEBUG [2/8]: setting up our own record [2/8]: setting up our own record ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG raw: dnsrecord_add(u'h2.int.pdp7.net', u'ipa2', arecord=u'10.42.42.83', version=u'2.228') ipa.ipaserver.plugins.dns.dnsrecord_add: DEBUG dnsrecord_add(<DNS name h2.int.pdp7.net.>, <DNS name ipa2>, arecord=(u'10.42.42.83',), a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False, version=u'2.228') ipa : DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 852, in __add_self self.__add_master_records(self.fqdn, self.ip_addresses) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 843, in __add_master_records add_fwd_rr(zone, host, addr, self.api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 367, in add_fwd_rr add_rr(zone, host, "A", ip_address, None, api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 358, in add_rr api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3666, in execute result = super(dnsrecord_add, self).execute(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1141, in execute dn = self.obj.get_dn(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3161, in get_dn dn = self.check_zone(keys[-2], **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3152, in check_zone error=_(u'only master zones can contain records') ValidationError: invalid 'dnszoneidnsname': only master zones can contain records ipa : DEBUG [error] ValidationError: invalid 'dnszoneidnsname': only master zones can contain records [error] ValidationError: invalid 'dnszoneidnsname': only master zones can contain records Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, in execute for _nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for _nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/__init__.py", line 617, in main replica_install(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 386, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1479, in install dns.install(False, True, options, api) File "/usr/lib/python2.7/site-packages/ipaserver/install/dns.py", line 338, in install bind.create_instance() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 719, in create_instance self.start_creation() File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 852, in __add_self self.__add_master_records(self.fqdn, self.ip_addresses) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 843, in __add_master_records add_fwd_rr(zone, host, addr, self.api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 367, in add_fwd_rr add_rr(zone, host, "A", ip_address, None, api) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 358, in add_rr api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3666, in execute result = super(dnsrecord_add, self).execute(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line 1141, in execute dn = self.obj.get_dn(*keys, **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3161, in get_dn dn = self.check_zone(keys[-2], **options) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dns.py", line 3152, in check_zone error=_(u'only master zones can contain records') ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): DEBUG The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain records ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR invalid 'dnszoneidnsname': only master zones can contain records ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information 3. Actual results: Replica installation fails. Expected results: Replica installation works. Additional info: None