Bug 704235 - Installing ipa-client indicates an error when updating DNS
Summary: Installing ipa-client indicates an error when updating DNS
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipa-client
Version: 5.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-12 14:00 UTC by Namita Soman
Modified: 2011-07-21 07:05 UTC (History)
2 users (show)

Fixed In Version: ipa-client-2.0-14.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-21 07:05:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
ipaclient-install.log (6.14 KB, text/plain)
2011-05-12 14:02 UTC, Namita Soman 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0990 0 normal SHIPPED_LIVE ipa-client bug fix update 2011-07-20 15:45:00 UTC

Description Namita Soman 2011-05-12 14:00:08 UTC 
Description of problem:
Installing ipa-client on RHEL5.7 seems to have succeeded but threw error at end of install:
Warning: Hostname (ipaqa64vma.testrelm) not found in DNS
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 986, in ?
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 904, in main
    client_dns(cli_server, hostname, options.dns_updates)
  File "/usr/sbin/ipa-client-install", line 659, in client_dns
    update_dns(server, hostname)
  File "/usr/sbin/ipa-client-install", line 626, in update_dns
    env={'KRB5CCNAME':CCACHE_FILE})
  File "/usr/lib/python2.4/site-packages/ipaclient/ipapython/ipautil.py", line 132, in run
    close_fds=True, env=env)
  File "/usr/lib64/python2.4/subprocess.py", line 550, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.4/subprocess.py", line 996, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

Was able to kinit from the client, then used single sign on - and ssh'd to server. install log didn't have any errors logged. 

Host record and dns record are created on server.

Version-Release number of selected component (if applicable):
ipa-client-2.0-13.el5


How reproducible:


Steps to Reproduce:
1. install ipa-client

  
Actual results:
error at end of install

Expected results:
no errors

Additional info:
[root@ipaqa64vma ~]# ipa-client-install --domain=testrelm --realm=TESTRELM -p admin -w Secret123
Discovery was successful!
Realm: TESTRELM
DNS Domain: testrelm
IPA Server: ipaqa64vmb.testrelm
BaseDN: dc=testrelm


Continue to configure the system with these values? [no]: y

Enrolled in IPA realm TESTRELM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM
Warning: Hostname (ipaqa64vma.testrelm) not found in DNS
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 986, in ?
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 904, in main
    client_dns(cli_server, hostname, options.dns_updates)
  File "/usr/sbin/ipa-client-install", line 659, in client_dns
    update_dns(server, hostname)
  File "/usr/sbin/ipa-client-install", line 626, in update_dns
    env={'KRB5CCNAME':CCACHE_FILE})
  File "/usr/lib/python2.4/site-packages/ipaclient/ipapython/ipautil.py", line 132, in run
    close_fds=True, env=env)
  File "/usr/lib64/python2.4/subprocess.py", line 550, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.4/subprocess.py", line 996, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
Comment 1 Namita Soman 2011-05-12 14:02:31 UTC 
Created attachment 498547 [details]
ipaclient-install.log
Comment 2 Rob Crittenden 2011-05-12 14:09:07 UTC 
I wonder if bind-utils isn't installed. Do you have the command /usr/bin/nsupdate?
Comment 3 Namita Soman 2011-05-12 14:55:34 UTC 
correction: in comment 1, i mentioned that dns record was created. But it
actually, is not created.


bind-utils-9.3.6-16.P1.el5

# which nsupdate
/usr/bin/nsupdate
Comment 4 Rob Crittenden 2011-05-12 16:02:56 UTC 
The problem is a hardcoded invocation of /usr/bin/kinit. On RHEL-5 systems this is in /usr/kerberos/bin. This is a one-line patch to fix, we just need to drop the path from the kinit invocation. ipautil.run() sets PATH to include /usr/kerberos/bin.

The patch is:

diff -up --recursive freeipa-2.0.0.rc3.orig/ipa-client/ipa-install/ipa-client-install freeipa-2.0.0.rc3/ipa-client/ipa-install/ipa-client-install
--- freeipa-2.0.0.rc3.orig/ipa-client/ipa-install/ipa-client-install    2011-03-10 10:04:45.000000000 -0500
+++ freeipa-2.0.0.rc3/ipa-client/ipa-install/ipa-client-install 2011-05-12 12:02:17.000000000 -0400
@@ -619,7 +619,7 @@ def update_dns(server, hostname):
     update_fd.close()
 
     try:
-        ipautil.run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', princ],
+        ipautil.run(['kinit', '-k', '-t', '/etc/krb5.keytab', princ],
                     env={'KRB5CCNAME':CCACHE_FILE})
     except CalledProcessError, e:
         print >>sys.stderr, "Failed to obtain host TGT."
Comment 5 Rob Crittenden 2011-05-12 18:43:08 UTC 
Final path used /usr/kerboros/bin/kinit rather than straight kinit. Since we are passing an env the PATH is not set in ipautil.run. This is fixed in upstream IPA, so I'm going with a RHEL-5 specific fix, just changing the path to the binary.
Comment 7 Namita Soman 2011-05-12 19:42:06 UTC 
verified using ipa-client-2.0-14.el5
Comment 8 errata-xmlrpc 2011-07-21 07:05:28 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0990.html
Note You need to log in before you can comment on or make changes to this bug.