Bug 739040 - Traceback message displayed while installing ipa client on IPv6 machine.
Summary: Traceback message displayed while installing ipa client on IPv6 machine.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: i686
OS: Linux
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-16 11:39 UTC by Gowrishankar Rajaiyan
Modified: 2015-01-04 23:51 UTC (History)
4 users (show)

Fixed In Version: ipa-2.1.2-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: When ipa-client-install detects that the client hostname is not resolvable, it tries to add a DNS record to the IPA server. However, it does not expect that the client may be an IPv6 machine Consequence: Client installation crashes Fix: Make sure that the process for adding a DNS record to the IPA server works for both IPv4 and IPv6 Result: IPA client installation does not crash in this case
Clone Of:
Environment:
Last Closed: 2011-12-06 18:31:36 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Gowrishankar Rajaiyan 2011-09-16 11:39:49 UTC
Description of problem:


Version-Release number of selected component (if applicable):
ipa-client-2.1.1-1.el6.i686

How reproducible:
Always

Steps to Reproduce:
1. Install ipa-server with dns on IPv6. 
ipa-server-install --setup-dns

2. ipa-client-install to the ipa-server in step 1.
ipa-client-install --domain=lab.eng.pnq.redhat.com --server=ratchet.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM --ntp-server=ratchet.lab.eng.pnq.redhat.com --mkhomedir --password=Secret123 --principal=admin

Actual results: Traceback messages seen.

[root@jetfire ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --server=ratchet.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM --ntp-server=ratchet.lab.eng.pnq.redhat.com --mkhomedir --password=Secret123 --principal=admin
Discovery was successful!
Hostname: jetfire.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: ratchet.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Continue to configure the system with these values? [no]: yes

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
Warning: Hostname (jetfire.lab.eng.pnq.redhat.com) not found in DNS
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1140, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1129, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1002, in install
    client_dns(cli_server, hostname, options.dns_updates)
  File "/usr/sbin/ipa-client-install", line 757, in client_dns
    update_dns(server, hostname)
  File "/usr/sbin/ipa-client-install", line 692, in update_dns
    ip = resolve_ipaddress(server)
  File "/usr/sbin/ipa-client-install", line 665, in resolve_ipaddress
    s.connect((server, 389))
  File "<string>", line 1, in connect
socket.gaierror: [Errno -2] Name or service not known
[root@jetfire ~]# 

Expected results:
ipa-client-install should be successful without any traceback message.

Additional info:

1. I do not see traceback for IPv4 clients.

2. [root@jetfire ~]# ipa-client-install -d --domain=lab.eng.pnq.redhat.com --server=ratchet.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM --ntp-server=ratchet.lab.eng.pnq.redhat.com --mkhomedir --password=Secret123 --principal=admin 
root        : DEBUG    /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': 'lab.eng.pnq.redhat.com', 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': 'ratchet.lab.eng.pnq.redhat.com', 'prompt_password': False, 'realm_name': 'LAB.ENG.PNQ.REDHAT.COM', 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': 'ratchet.lab.eng.pnq.redhat.com', 'mkhomedir': True, 'unattended': None, 'principal': 'admin'}
root        : DEBUG    missing options might be asked for interactively later

root        : DEBUG    Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
root        : DEBUG    Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
root        : DEBUG    [ipadnssearchkrb]
root        : DEBUG    [ipacheckldap]
root        : DEBUG    args=/usr/bin/wget -O /tmp/tmplAowHO/ca.crt http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=--2011-09-16 13:36:44--  http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
Resolving ratchet.lab.eng.pnq.redhat.com... 2620:52:0:41c9:5054:ff:fea6:ec8
Connecting to ratchet.lab.eng.pnq.redhat.com|2620:52:0:41c9:5054:ff:fea6:ec8|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1361 (1.3K) [application/x-x509-ca-cert]
Saving to: “/tmp/tmplAowHO/ca.crt”

     0K .                                                     100%  186M=0s

2011-09-16 13:36:44 (186 MB/s) - “/tmp/tmplAowHO/ca.crt” saved [1361/1361]


root        : DEBUG    Init ldap with: ldap://ratchet.lab.eng.pnq.redhat.com:389
root        : DEBUG    Search rootdse
root        : DEBUG    Search for (info=*) in dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com(base)
root        : DEBUG    Found: [('dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['lab.eng.pnq.redhat.com'], 'dc': ['lab'], 'nisDomain': ['lab.eng.pnq.redhat.com']})]
root        : DEBUG    Search for (objectClass=krbRealmContainer) in dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com(sub)
root        : DEBUG    Found: [('cn=LAB.ENG.PNQ.REDHAT.COM,cn=kerberos,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com', {'krbSubTrees': ['dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com'], 'cn': ['LAB.ENG.PNQ.REDHAT.COM'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})]
root        : DEBUG    will use domain: lab.eng.pnq.redhat.com

root        : DEBUG    will use server: ratchet.lab.eng.pnq.redhat.com

Discovery was successful!
root        : DEBUG    will use cli_realm: LAB.ENG.PNQ.REDHAT.COM

root        : DEBUG    will use cli_basedn: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com

Hostname: jetfire.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: ratchet.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Continue to configure the system with these values? [no]: yes
root        : DEBUG    args=/usr/bin/wget -O /etc/ipa/ca.crt http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=--2011-09-16 13:36:46--  http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
Resolving ratchet.lab.eng.pnq.redhat.com... 2620:52:0:41c9:5054:ff:fea6:ec8
Connecting to ratchet.lab.eng.pnq.redhat.com|2620:52:0:41c9:5054:ff:fea6:ec8|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1361 (1.3K) [application/x-x509-ca-cert]
Saving to: “/etc/ipa/ca.crt”

     0K .                                                     100%  195M=0s

2011-09-16 13:36:46 (195 MB/s) - “/etc/ipa/ca.crt” saved [1361/1361]


root        : DEBUG    Writing Kerberos configuration to /tmp/tmpJ6IKWO:
#File modified by ipa-client-install

[libdefaults]
  default_realm = LAB.ENG.PNQ.REDHAT.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  LAB.ENG.PNQ.REDHAT.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM
  lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM

[appdefaults]
  pam = {
    debug = false
    krb4_convert = false
  }

root        : DEBUG    args=kinit admin@LAB.ENG.PNQ.REDHAT.COM
root        : DEBUG    stdout=Password for admin@LAB.ENG.PNQ.REDHAT.COM: 

root        : DEBUG    stderr=

root        : DEBUG    args=/usr/sbin/ipa-join -s ratchet.lab.eng.pnq.redhat.com -d
root        : DEBUG    stdout=
root        : DEBUG    stderr=XML-RPC CALL:

<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>2.6.32-197.el6.i686</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>i686</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n

XML-RPC RESPONSE:

<?xml version='1.0' encoding='UTF-8'?>\n
<methodResponse>\n
<params>\n
<param>\n
<value><array><data>\n
<value><string>fqdn=jetfire.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com</string></value>\n
<value><struct>\n
<member>\n
<name>dn</name>\n
<value><string>fqdn=jetfire.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com</string></value>\n
</member>\n
<member>\n
<name>ipacertificatesubjectbase</name>\n
<value><array><data>\n
<value><string>O=LAB.ENG.PNQ.REDHAT.COM</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbextradata</name>\n
<value><array><data>\n
<value><base64>\n
AAgBAA==\n
</base64></value>\n
<value><base64>\n
AALjh3NOaG9zdC9qZXRmaXJlLmxhYi5lbmcucG5xLnJlZGhhdC5jb21ATEFCLkVORy5QTlEuUkVE\n
SEFULkNPTQA=\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>cn</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>objectclass</name>\n
<value><array><data>\n
<value><string>ipaobject</string></value>\n
<value><string>nshost</string></value>\n
<value><string>ipahost</string></value>\n
<value><string>pkiuser</string></value>\n
<value><string>ipaservice</string></value>\n
<value><string>krbprincipalaux</string></value>\n
<value><string>krbprincipal</string></value>\n
<value><string>top</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>fqdn</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managing_host</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_keytab</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>ipauniqueid</name>\n
<value><array><data>\n
<value><string>bfe6e268-e087-11e0-b15e-3779999befb7</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbprincipalname</name>\n
<value><array><data>\n
<value><string>host/jetfire.lab.eng.pnq.redhat.com@LAB.ENG.PNQ.REDHAT.COM</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managedby_host</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serverhostname</name>\n
<value><array><data>\n
<value><string>jetfire</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>enrolledby_user</name>\n
<value><array><data>\n
<value><string>admin</string></value>\n
</data></array></value>\n
</member>\n
</struct></value>\n
</data></array></value>\n
</param>\n
</params>\n
</methodResponse>\n

Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=LAB.ENG.PNQ.REDHAT.COM

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
root        : DEBUG    args=kdestroy
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    Backing up system configuration file '/etc/ipa/default.conf'
root        : DEBUG      -> Not backing up - '/etc/ipa/default.conf' doesn't exist
Created /etc/ipa/default.conf
root        : DEBUG    Backing up system configuration file '/etc/sssd/sssd.conf'
root        : DEBUG    Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Configured /etc/sssd/sssd.conf
root        : DEBUG    args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    Backing up system configuration file '/etc/krb5.conf'
root        : DEBUG    Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
root        : DEBUG    Writing Kerberos configuration to /etc/krb5.conf:
#File modified by ipa-client-install

[libdefaults]
  default_realm = LAB.ENG.PNQ.REDHAT.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  LAB.ENG.PNQ.REDHAT.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM
  lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM

[appdefaults]
  pam = {
    debug = false
    krb4_convert = false
  }

Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
root        : DEBUG    args=/sbin/service messagebus start 
root        : DEBUG    stdout=Starting system message bus: 

root        : DEBUG    stderr=
root        : DEBUG    args=/sbin/service certmonger restart 
root        : DEBUG    stdout=Stopping certmonger:         [FAILED]
Starting certmonger:                                       [  OK  ]

root        : DEBUG    stderr=
root        : DEBUG    args=/sbin/service certmonger restart 
root        : DEBUG    stdout=Stopping certmonger:         [  OK  ]
Starting certmonger:                                       [  OK  ]

root        : DEBUG    stderr=
root        : DEBUG    args=/sbin/chkconfig certmonger on
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - jetfire.lab.eng.pnq.redhat.com -N CN=jetfire.lab.eng.pnq.redhat.com,O=LAB.ENG.PNQ.REDHAT.COM -K host/jetfire.lab.eng.pnq.redhat.com@LAB.ENG.PNQ.REDHAT.COM
root        : DEBUG    stdout=New signing request "20110916173648" added.

root        : DEBUG    stderr=
Warning: Hostname (jetfire.lab.eng.pnq.redhat.com) not found in DNS
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1140, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1129, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1002, in install
    client_dns(cli_server, hostname, options.dns_updates)
  File "/usr/sbin/ipa-client-install", line 757, in client_dns
    update_dns(server, hostname)
  File "/usr/sbin/ipa-client-install", line 692, in update_dns
    ip = resolve_ipaddress(server)
  File "/usr/sbin/ipa-client-install", line 665, in resolve_ipaddress
    s.connect((server, 389))
  File "<string>", line 1, in connect
socket.gaierror: [Errno -2] Name or service not known

Comment 2 Martin Kosek 2011-09-16 13:18:34 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1804

Comment 5 Martin Kosek 2011-11-01 10:05:09 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: When ipa-client-install detects that the client hostname is not resolvable, it tries to add a DNS record to the IPA server. However, it does not expect that the client may be an IPv6 machine
Consequence: Client installation crashes
Fix: Make sure that the process for adding a DNS record to the IPA server works for both IPv4 and IPv6
Result: IPA client installation does not crash in this case

Comment 6 Gowrishankar Rajaiyan 2011-11-01 14:16:53 UTC
CLIENT:

[root@ratchet ~]# ipa-client-install --domain=testrelm --server=jetfire.testrelm --realm=TESTRELM  --mkhomedir --password=Secret123 --principal=admin
Discovery was successful!
Hostname: ratchet.testrelm
Realm: TESTRELM
DNS Domain: testrelm
IPA Server: jetfire.testrelm
BaseDN: dc=testrelm


Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM
Warning: Hostname (ratchet.testrelm) not found in DNS
DNS server record set to: ratchet.testrelm -> 2620:52:0:41c9:5054:ff:fea6:ec8
SSSD enabled
NTP enabled
Client configuration complete.
[root@ratchet ~]# 


ipa-client-install successful without any traceback message. 
Verified in version: ipa-server-2.1.3-7.el6.x86_64 & ipa-client-2.1.3-7.el6.x86_64

Comment 7 errata-xmlrpc 2011-12-06 18:31:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html


Note You need to log in before you can comment on or make changes to this bug.