Red Hat Bugzilla – Bug 1553790
httpd-config-generator fails during ipa configuration generation
Last modified: 2018-07-12 10:51:57 EDT
Description of problem: Copied from https://github.com/ManageIQ/httpd_configmap_generator/issues/25 Since blocker BZ(1540641) is resolved, I encounter same issue in CFME httpd-configmap-generator pod. When I try to generate ipa configuration using latest docker I get the following error: [root@cfme-smicro-628-b09 cfme-59018-0126]# docker exec $CONFIGMAP_GENERATOR_ID httpd_configmap_generator ipa --host=xz3tto.*** --ipa-server=env-freeipa01.*** --ipa-domain=freeipa01.*** --ipa-realm=freeipa01.*** --ipa-principal=admin --ipa-password=*** -f -d -o /tmp/external-ipa.yaml Running Command: /usr/bin/hostname Running Command: /usr/bin/hostname --params xz3tto.*** Running Command: /usr/sbin/ipa-client-install --params -N force_join fixed_primary unattended realm\= FREEIPA01.*** domain\= freeipa01.*** server\= env-freeipa01.*** principal\= admin password\= *** Configuring IPA HTTP Service Running Command: /usr/bin/kinit --params admin --stdin-data *** Command Error: /usr/bin/ipa exit code: 2 stdout: stderr: ipa: ERROR: The host 'xz3tto.***' does not exist to add a service to. /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/awesome_spawn-1.4.1/lib/awesome_spawn.rb:105:in `run!': /usr/bin/ipa exit code: 2 (AwesomeSpawn::CommandResultError) from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/lib/httpd_configmap_generator/base/command.rb:17:in `command_run!' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/lib/httpd_configmap_generator/base/principal.rb:30:in `request' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/lib/httpd_configmap_generator/base/principal.rb:19:in `register' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/lib/httpd_configmap_generator/ipa.rb:115:in `configure_ipa_http_service' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/lib/httpd_configmap_generator/ipa.rb:63:in `configure' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/lib/httpd_configmap_generator/base.rb:83:in `run_configure' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/bin/httpd_configmap_generator:68:in `run' from /opt/rubies/ruby-2.3.1/lib/ruby/gems/2.3.0/gems/httpd_configmap_generator-0.2.1/bin/httpd_configmap_generator:87:in `<top (required)>' from /opt/rubies/ruby-2.3.1/bin/httpd_configmap_generator:23:in `load' from /opt/rubies/ruby-2.3.1/bin/httpd_configmap_generator:23:in `<main>' Version-Release number of selected component (if applicable): 5.9.0.21 How reproducible: 100% Steps to Reproduce: 1. deploy httpd-configmap-generator pod 2. try to generate ipa configuration following this guide https://github.com/ManageIQ/httpd_configmap_generator Actual results: error from description Expected results: no such error Additional info: When I open shell in docker and run kinit + ipa host-add + ipa service-add manually, next attempt to run httpd_configmap_generator finishes successfully.
Ievgen, Is your IPA serve DNS resolvable on the configmap generator pod? If not you will need to get it added in DNS. To test this I recreated the same error you reported by using a IPA server not in DNS. Then I hacked a DNS resolution by adding the IPA server to the /etc/hosts file in the configmap generator and was able to successfully generate the new config map without having to open shell in and run kinit + ipa host-add + ipa service-add/ Please ensure your IPA server hostname is DNS resolvable. Thank you. JoeV
Ievgen, please see comment 4's request for information.
Dave, We chatted the other day and I provided all necessary details/logs/credentials/etc.
Ievgen, I've successfully generated the IPA config map using the credentials for your IPA server. The realm in the IPA server you are using is all uppercase. I will PM you the command I ran. JoeV
it turned out after some investigation that this issue happens only to resolvable/pingable hostnames. When hostname isn't resolvable, configmap generator prepares configmap w/o issues. The workaround for resolvable hostname is to run in httpd-configmap-generator pod the following commands: kinit ipa host-add 2ldn9k.ocp-sprout-01.cmqe.lab.eng.rdu2.redhat.com ipa service-add HTTP/2ldn9k.ocp-sprout-01.cmqe.lab.eng.rdu2.redhat.com where 2ldn9k.ocp-sprout-01.cmqe.lab.eng.rdu2.redhat.com is pod hostname. and re-run configmap generator application once more. When host and service are added to IPA server, the application works fine. So, it seems those steps are missed in configmap generator.
(In reply to Ievgen Zapolskyi from comment #9) > it turned out after some investigation that this issue happens only to > resolvable/pingable hostnames. > When hostname isn't resolvable, configmap generator prepares configmap w/o > issues. > The workaround for resolvable hostname is to run in > httpd-configmap-generator pod the following commands: > > kinit > ipa host-add 2ldn9k.ocp-sprout-01.cmqe.lab.eng.rdu2.redhat.com > ipa service-add HTTP/2ldn9k.ocp-sprout-01.cmqe.lab.eng.rdu2.redhat.com > > where 2ldn9k.ocp-sprout-01.cmqe.lab.eng.rdu2.redhat.com is pod hostname. > > and re-run configmap generator application once more. > When host and service are added to IPA server, the application works fine. > So, it seems those steps are missed in configmap generator. Upon further investigation the issue is not as we initially thought. I did more research and discovered the root cause of the failures you are experiencing. The reason is rooted in the QE automated test beds use of host name aliases. If the canonical name associated with the QE test bed hostname alias is used the httpd-config-generator successfully generates the ipa configuration. The work around you identified, of using `ipa host-add` and `ipa service-add`, is not necessary. In fact the httpd-config-generator already does the `ipa service-add`. The httpd-config-generator will succeed if you use the canonical hostname. JoeV
This issues is addressed by PR: https://github.com/ManageIQ/httpd_configmap_generator/pull/27 Which was merged in commit: https://github.com/ManageIQ/httpd_configmap_generator/commit/8d5a1d7a328c67461d4793e48aad7f6d13098a99 Moving to Post
VERIFIED in 5.9.3.2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2183