1783956 – Expecting appropriate error message for duplication when we use install-server.yml on same machine

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1783956 - Expecting appropriate error message for duplication when we use install-server.yml on same machine

Summary: Expecting appropriate error message for duplication when we use install-serve...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	ansible-freeipa
Sub Component:
Version:	8.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Thomas Woerner
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-12-16 10:28 UTC by Madhuri
Modified:	2023-02-12 22:30 UTC (History)
CC List:	1 user (show)
Fixed In Version:	ansible-freeipa-0.1.8-1.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-28 16:01:56 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FREEIPA-9434	None	None	None	2023-02-12 22:30:55 UTC
Red Hat Issue Tracker	RHELPLAN-31129	None	None	None	2023-02-12 22:29:05 UTC
Red Hat Product Errata	RHBA-2020:1705	None	None	None	2020-04-28 16:02:07 UTC

Description Madhuri 2019-12-16 10:28:14 UTC

Description of problem:
The DNS code in FreeIPA is not able to recognize that the same machine will be setup and expect error message for duplication when we use install-server.yml on same machine.

Version-Release number of selected component (if applicable):
ansible-2.9.0-2.el8.noarch
ansible-freeipa-0.1.6-4.el8.noarch

How reproducible:
Always

Steps to Reproduce:
1. Try to run insatll-server.yml on same machine
2. # ansible-playbook -i inventory/hosts /usr/share/doc/ansible-freeipa/playbooks/install-server.yml
 
PLAY [Playbook to configure IPA servers] *************************************************************************************************************
 
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [master.testrealm.test]
 
TASK [ipaserver : Import variables specific to distribution] *****************************************************************************************
ok: [master.testrealm.test] => (item=/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml)
 
TASK [ipaserver : Install IPA server] ****************************************************************************************************************
included: /usr/share/ansible/roles/ipaserver/tasks/install.yml for master.testrealm.test
 
TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***************************************************************************
ok: [master.testrealm.test]
 
TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *******************************************************************
ok: [master.testrealm.test]
 
TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] ***************************************************************
skipping: [master.testrealm.test]
 
TASK [ipaserver : include_tasks] *********************************************************************************************************************
skipping: [master.testrealm.test]
 
TASK [ipaserver : Install - Server installation test] ************************************************************************************************
fatal: [master.testrealm.test]: FAILED! => {"changed": false, "msg": "DNS zone testrealm.test. already exists in DNS and is handled by server(s): master.testrealm.test."}
 
PLAY RECAP *******************************************************************************************************************************************
master.testrealm.test      : ok=5    changed=0    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0




Actual results:
Not giving a proper error message
.

Expected results:
Expect a proper error message.


Additional info:

Comment 1 Thomas Woerner 2019-12-16 11:00:04 UTC

There has been an early domain name validation check, that resulted in the ZONE overlap error message if there is already a DNS server hanling the zone. This check was too early to be able to recognize if the node itself is providing this DNS server. The domain name check has been changed in freeipa command line tool installers and also in ansible-freeipa to not do a proper check and not the zone overlap check.

The repeated deployment now reports an already deployed server as it is done without DNS support.

Here is the upstream commit:

- https://github.com/freeipa/ansible-freeipa/commit/9c853894d5832ddf7d400f77f5033d8ff3f246b7
  ipaserver_test: Do not use zone_overlap_check for domain name validation

Comment 3 Varun Mylaraiah 2020-03-05 09:47:28 UTC

Verified

Manual execution console output:
================================
# rpm -q ansible-freeipa
ansible-freeipa-0.1.8-3.el8.noarch


# ansible-playbook -v -i inventory/master.hosts install-server.yaml 
Using /etc/ansible/ansible.cfg as config file

PLAY [Playbook to configure IPA servers] *****************************************************************************

TASK [Gathering Facts] ***********************************************************************************************
ok: [master.ipadomain.test]

TASK [ipaserver : Import variables specific to distribution] *********************************************************
ok: [master.ipadomain.test] => (item=/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml) => {"ansible_facts": {"ipaserver_packages": ["@idm:DL1/server"], "ipaserver_packages_adtrust": ["@idm:DL1/adtrust"], "ipaserver_packages_dns": ["@idm:DL1/dns"], "ipaserver_packages_firewalld": ["firewalld"]}, "ansible_included_var_files": ["/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"], "ansible_loop_var": "item", "changed": false, "item": "/usr/share/ansible/roles/ipaserver/vars/RedHat-8.yml"}

TASK [ipaserver : Install IPA server] ********************************************************************************
included: /usr/share/ansible/roles/ipaserver/tasks/install.yml for master.ipadomain.test

TASK [ipaserver : Install - Ensure that IPA server packages are installed] *******************************************
ok: [master.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] ***********************************
ok: [master.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *******************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Ensure that firewall packages installed] *************************************************
ok: [master.ipadomain.test] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [ipaserver : Firewalld service - Ensure that firewalld is running] **********************************************
ok: [master.ipadomain.test] => {"changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": {"ActiveEnterTimestamp": "Fri 2020-02-28 11:46:48 EST", "ActiveEnterTimestampMonotonic": "299333288", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target dbus.socket dbus.service sysinit.target polkit.service system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Fri 2020-02-28 11:46:48 EST", "AssertTimestampMonotonic": "298991394", "Before": "shutdown.target multi-user.target network-pre.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Fri 2020-02-28 11:46:48 EST", "ConditionTimestampMonotonic": "298991394", "ConfigurationDirectoryMode": "0755", "Conflicts": "iptables.service ebtables.service ipset.service ip6tables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "15625", "ExecMainStartTimestamp": "Fri 2020-02-28 11:46:48 EST", "ExecMainStartTimestampMonotonic": "298992773", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Fri 2020-02-28 11:46:48 EST", "InactiveExitTimestampMonotonic": "298992819", "InvocationID": "c731dc677d08430ab8fabf2d696ad775", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14986", "LimitNPROCSoft": "14986", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14986", "LimitSIGPENDINGSoft": "14986", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "15625", "MemoryAccounting": "yes", "MemoryCurrent": "27303936", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Fri 2020-02-28 11:46:48 EST", "StateChangeTimestampMonotonic": "299333288", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "2", "TasksMax": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Fri 2020-02-28 11:46:48 EST", "WatchdogTimestampMonotonic": "299333286", "WatchdogUSec": "0"}}

TASK [ipaserver : include_tasks] *************************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Server installation test] ****************************************************************
ok: [master.ipadomain.test] => {"changed": false, "server_already_configured": true}

TASK [ipaserver : Install - Master password creation] ****************************************************************
skipping: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaserver : Install - Use new master password] *****************************************************************
skipping: [master.ipadomain.test] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [ipaserver : Install - Server preparation] **********************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup NTP] *******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup DS] ********************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup KRB] *******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup custodia] **************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup CA] ********************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Copy /root/ipa.csr to "master.ipadomain.test-ipa.csr"] *********************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup otpd] ******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup HTTP] ******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup KRA] *******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup DNS] *******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Setup ADTRUST] ***************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Set DS password] *************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [Install - Setup client] ****************************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Enable IPA] ******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Cleanup root IPA cache] ******************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Configure firewalld] *********************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Install - Configure firewalld runtime] *************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [ipaserver : Uninstall IPA server] ******************************************************************************
skipping: [master.ipadomain.test] => {"changed": false, "skip_reason": "Conditional result was False"}

PLAY RECAP ***********************************************************************************************************
master.ipadomain.test      : ok=8    changed=0    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0

Comment 4 Varun Mylaraiah 2020-03-05 10:45:47 UTC

Automated test console output:
===============================

2020-03-05T09:51:32 ansible_freeipa_tests/test_idm_deploy_master.py::TestMaster01_25::test_with_dns 
2020-03-05T09:51:32 [1m-------------------------------- live log call ---------------------------------[0m
2020-03-05T09:51:32 [paramiko.transport] [32mINFO[0m Connected (version 2.0, client OpenSSH_8.0)
2020-03-05T09:51:33 [paramiko.transport] [32mINFO[0m Authentication (publickey) successful!
2020-03-05T09:51:33 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m WRITE inventory/server.hosts
2020-03-05T09:51:33 [paramiko.transport.sftp] [32mINFO[0m [chan 0] Opened sftp connection (server version 3)
2020-03-05T09:51:33 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m PUT install-server.yaml
2020-03-05T09:51:33 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/server.hosts', 'install-server.yaml']
2020-03-05T09:58:28 [paramiko.transport] [32mINFO[0m Connected (version 2.0, client OpenSSH_8.0)
2020-03-05T09:58:28 [paramiko.transport] [32mINFO[0m Authentication (publickey) successful!
2020-03-05T09:58:28 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipactl', 'status']
2020-03-05T09:58:31 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['kinit', 'admin']
2020-03-05T09:58:31 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipa', 'server-role-show', 'master.ipadomain.test', 'DNS server']
2020-03-05T09:58:32 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/server.hosts', 'install-server.yaml']
2020-03-05T09:58:45 [32mPASSED[0m[36m [ 12%][0m

Comment 6 errata-xmlrpc 2020-04-28 16:01:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1705

Note You need to log in before you can comment on or make changes to this bug.