Red Hat Bugzilla – Bug 734013
ipa-client-install breaks network configuration
Last modified: 2015-01-04 18:50:45 EST
Description of problem: ipa-client-install ... --hostname=foo.example.com breaks /etc/sysconfig/network like NETWORKING=yes HOSTNAME=localhost.localdomain NETWORKWAIT=yes during installation the end result being: NETWORKING=yes HOSTNAME=foo.example.comNETWORKWAIT=yes It should also be noted that this happens before the confirmation prompt where the user is asked whether the installation should proceed so if the user simply hits Ctrl+C during the prompt the network configuration is invalid even if the installation was cancelled. Version-Release number of selected component (if applicable): IPA 2.1
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1724
Thanks for the report, I sent a patch for review upstream. If you run ipa-client-install --uninstall after the installation cancelled with CTRL+C, network configuration will be correctly restored. But I have moved the actual changing of the network configuration in the patch after this prompt so that it is not this confusing.
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/64c100947bd596d30716a9345743ccf376dd2a2d ipa-2-1: https://fedorahosted.org/freeipa/changeset/f1b93c5b0bbc433de6cf4b66f3396f09543d5843
# ipa-client-install --domain=testrelm --realm=TESTRELM -p admin -w Secret123 -U --server=ipaqavme.testrelm Discovery was successful! Hostname: hp-dl380g6-01.testrelm Realm: TESTRELM DNS Domain: testrelm IPA Server: ipaqavme.testrelm BaseDN: dc=testrelm Enrolled in IPA realm TESTRELM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm TESTRELM SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. # kinit jgalipea Password for jgalipea@TESTRELM: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: jgalipea@TESTRELM Valid starting Expires Service principal 09/21/11 13:50:11 09/22/11 13:50:02 krbtgt/TESTRELM@TESTRELM # cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain NETWORKWAIT=yes Marko: Does this sufficiently verify the issue you were seeing?
> Does this sufficiently verify the issue you were seeing? No, not really, there are two issues: 1) The test wasn't using --hostname so /etc/sysconfig/network wasn't modified at all by ipa-client-install (and that modification was broken earlier) 2) The client has hostname hp-dl380g6-01.testrelm but /etc/sysconfig/network has HOSTNAME=localhost.localdomain - what happens if the client's IP changes, will its hostname be changed then, too? I think ipa-client-install should have updated /etc/sysconfig/network also without --hostname. I've added a comment about 2) to bug 714919 so it can be discussed there. Thanks.
Note: Please ignore "restorecon" issue, this is being tracked by another bug. 1) # cat /etc/sysconfig/network NETWORKING=yes [root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com --hostname=mudflap.lab.eng.pnq.redhat.com DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: mudflap.lab.eng.pnq.redhat.com Realm: LAB.ENG.PNQ.REDHAT.COM DNS Domain: lab.eng.pnq.redhat.com IPA Server: bumblebee.lab.eng.pnq.redhat.com BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Failed to set permissions for /etc/sysconfig/network (Command '/sbin/restorecon /etc/sysconfig/network' returned non-zero exit status 1). Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes 2) [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain [root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com --hostname=mudflap.lab.eng.pnq.redhat.com DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: mudflap.lab.eng.pnq.redhat.com Realm: LAB.ENG.PNQ.REDHAT.COM DNS Domain: lab.eng.pnq.redhat.com IPA Server: bumblebee.lab.eng.pnq.redhat.com BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Failed to set permissions for /etc/sysconfig/network (Command '/sbin/restorecon /etc/sysconfig/network' returned non-zero exit status 1). Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=mudflap.lab.eng.pnq.redhat.com [root@mudflap ~]# 3) [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain [root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: localhost.localdomain Realm: LAB.ENG.PNQ.REDHAT.COM DNS Domain: lab.eng.pnq.redhat.com IPA Server: bumblebee.lab.eng.pnq.redhat.com BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM Warning: Hostname (localhost.localdomain) not found in DNS Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 2) SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain [root@mudflap ~]# uname -n localhost.localdomain This is as expected since: --hostname=HOSTNAME The hostname of this server (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used. 4) [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain NETWORKWAIT=yes [root@mudflap ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM -p admin -w Secret123 -U --server=bumblebee.lab.eng.pnq.redhat.com --hostname=mudflap.lab.eng.pnq.redhat.com DNS domain 'lab.eng.pnq.redhat.com' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: mudflap.lab.eng.pnq.redhat.com Realm: LAB.ENG.PNQ.REDHAT.COM DNS Domain: lab.eng.pnq.redhat.com IPA Server: bumblebee.lab.eng.pnq.redhat.com BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Failed to set permissions for /etc/sysconfig/network (Command '/sbin/restorecon /etc/sysconfig/network' returned non-zero exit status 1). Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM SSSD enabled Kerberos 5 enabled NTP enabled Client configuration complete. [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=mudflap.lab.eng.pnq.redhat.com NETWORKWAIT=yes [root@mudflap ~]# ipa-client-install -U --uninstall Unenrolling client from IPA server Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Restoring client configuration files [root@mudflap ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain NETWORKWAIT=yes [root@mudflap ~]#
Marko: Verified now? Thank you Shanks!
Yes, (In reply to comment #11) > Marko: Verified now? Thank you Shanks! Yes, perfect, thanks!
Marking verified, based on comments 9 and 12
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Do not document
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html