Bug 734013 - ipa-client-install breaks network configuration
Summary: ipa-client-install breaks network configuration
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-29 07:38 UTC by Marko Myllynen
Modified: 2015-01-04 23:50 UTC (History)
4 users (show)

Fixed In Version: ipa-2.1.1-1.el6
Doc Type: Bug Fix
Doc Text:
Do not document
Clone Of:
Environment:
Last Closed: 2011-12-06 18:30:35 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Marko Myllynen 2011-08-29 07:38:49 UTC
Description of problem:
ipa-client-install ... --hostname=foo.example.com breaks /etc/sysconfig/network like

NETWORKING=yes
HOSTNAME=localhost.localdomain
NETWORKWAIT=yes

during installation the end result being:

NETWORKING=yes
HOSTNAME=foo.example.comNETWORKWAIT=yes

It should also be noted that this happens before the confirmation prompt where the user is asked whether the installation should proceed so if the user simply hits Ctrl+C during the prompt the network configuration is invalid even if the installation was cancelled.

Version-Release number of selected component (if applicable):
IPA 2.1

Comment 2 Martin Kosek 2011-08-29 07:55:01 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1724

Comment 3 Martin Kosek 2011-08-29 08:31:41 UTC
Thanks for the report, I sent a patch for review upstream.

If you run ipa-client-install --uninstall after the installation cancelled with CTRL+C, network configuration will be correctly restored. But I have moved the actual changing of the network configuration in the patch after this prompt so that it is not this confusing.

Comment 8 Jenny Galipeau 2011-09-21 17:54:28 UTC
# ipa-client-install --domain=testrelm --realm=TESTRELM -p admin -w Secret123 -U --server=ipaqavme.testrelm
Discovery was successful!
Hostname: hp-dl380g6-01.testrelm
Realm: TESTRELM
DNS Domain: testrelm
IPA Server: ipaqavme.testrelm
BaseDN: dc=testrelm



Enrolled in IPA realm TESTRELM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM
SSSD enabled
Kerberos 5 enabled
NTP enabled
Client configuration complete.

# kinit jgalipea
Password for jgalipea@TESTRELM: 

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: jgalipea@TESTRELM

Valid starting     Expires            Service principal
09/21/11 13:50:11  09/22/11 13:50:02  krbtgt/TESTRELM@TESTRELM

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
NETWORKWAIT=yes


Marko:  Does this sufficiently verify the issue you were seeing?

Comment 9 Marko Myllynen 2011-09-22 05:58:09 UTC
> Does this sufficiently verify the issue you were seeing?

No, not really, there are two issues:

1) The test wasn't using --hostname so /etc/sysconfig/network wasn't modified at all by ipa-client-install (and that modification was broken earlier)

2) The client has hostname hp-dl380g6-01.testrelm but /etc/sysconfig/network has HOSTNAME=localhost.localdomain - what happens if the client's IP changes, will its hostname be changed then, too? I think ipa-client-install should have updated /etc/sysconfig/network also without --hostname.

I've added a comment about 2) to bug 714919 so it can be discussed there.

Thanks.

Comment 10 Gowrishankar Rajaiyan 2011-09-22 07:03:08 UTC
Note: Please ignore "restorecon" issue, this is being tracked by another bug.

1) 
# cat /etc/sysconfig/network
NETWORKING=yes

[root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com --hostname=mudflap.lab.eng.pnq.redhat.com
DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: mudflap.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: bumblebee.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Failed to set permissions for /etc/sysconfig/network (Command '/sbin/restorecon /etc/sysconfig/network' returned non-zero exit status 1).

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
SSSD enabled
Kerberos 5 enabled
NTP enabled
Client configuration complete.


[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes


2) 
[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain

[root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com --hostname=mudflap.lab.eng.pnq.redhat.com
DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: mudflap.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: bumblebee.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Failed to set permissions for /etc/sysconfig/network (Command '/sbin/restorecon /etc/sysconfig/network' returned non-zero exit status 1).

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
SSSD enabled
Kerberos 5 enabled
NTP enabled
Client configuration complete.

[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mudflap.lab.eng.pnq.redhat.com
[root@mudflap ~]# 


3)
[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain

[root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com 
DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: localhost.localdomain
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: bumblebee.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com



Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
Warning: Hostname (localhost.localdomain) not found in DNS
Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 2)
SSSD enabled
Kerberos 5 enabled
NTP enabled
Client configuration complete.


[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain

[root@mudflap ~]# uname -n
localhost.localdomain


This is as expected since:
--hostname=HOSTNAME   The hostname of this server (FQDN). If specified, the
                      hostname will be set and the system configuration will
                      be updated to persist over reboot. By default a
                      nodename result from uname(2) is used.

4)
[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
NETWORKWAIT=yes

[root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com --hostname=mudflap.lab.eng.pnq.redhat.com
DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: mudflap.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: bumblebee.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Failed to set permissions for /etc/sysconfig/network (Command '/sbin/restorecon /etc/sysconfig/network' returned non-zero exit status 1).

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
SSSD enabled
Kerberos 5 enabled
NTP enabled
Client configuration complete.

[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mudflap.lab.eng.pnq.redhat.com
NETWORKWAIT=yes

[root@mudflap ~]# ipa-client-install -U --uninstall
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Restoring client configuration files

[root@mudflap ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
NETWORKWAIT=yes
[root@mudflap ~]#

Comment 11 Jenny Galipeau 2011-09-22 19:52:29 UTC
Marko:  Verified now? Thank you Shanks!

Comment 12 Marko Myllynen 2011-09-23 09:06:30 UTC
Yes, (In reply to comment #11)
> Marko:  Verified now? Thank you Shanks!

Yes, perfect, thanks!

Comment 13 Jenny Galipeau 2011-09-23 14:11:31 UTC
Marking verified, based on comments 9 and 12

Comment 15 Martin Kosek 2011-11-01 13:27:05 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Do not document

Comment 16 errata-xmlrpc 2011-12-06 18:30:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html


Note You need to log in before you can comment on or make changes to this bug.