739040 – Traceback message displayed while installing ipa client on IPv6 machine.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 739040 - Traceback message displayed while installing ipa client on IPv6 machine.

Summary: Traceback message displayed while installing ipa client on IPv6 machine.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-16 11:39 UTC by Gowrishankar Rajaiyan
Modified:	2015-01-04 23:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ipa-2.1.2-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: When ipa-client-install detects that the client hostname is not resolvable, it tries to add a DNS record to the IPA server. However, it does not expect that the client may be an IPv6 machine Consequence: Client installation crashes Fix: Make sure that the process for adding a DNS record to the IPA server works for both IPv4 and IPv6 Result: IPA client installation does not crash in this case
Clone Of:
Environment:
Last Closed:	2011-12-06 18:31:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1533	0	normal	SHIPPED_LIVE	Moderate: ipa security and bug fix update	2011-12-06 01:23:31 UTC

Description Gowrishankar Rajaiyan 2011-09-16 11:39:49 UTC

Description of problem:


Version-Release number of selected component (if applicable):
ipa-client-2.1.1-1.el6.i686

How reproducible:
Always

Steps to Reproduce:
1. Install ipa-server with dns on IPv6. 
ipa-server-install --setup-dns

2. ipa-client-install to the ipa-server in step 1.
ipa-client-install --domain=lab.eng.pnq.redhat.com --server=ratchet.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM --ntp-server=ratchet.lab.eng.pnq.redhat.com --mkhomedir --password=Secret123 --principal=admin

Actual results: Traceback messages seen.

[root@jetfire ~]# ipa-client-install --domain=lab.eng.pnq.redhat.com --server=ratchet.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM --ntp-server=ratchet.lab.eng.pnq.redhat.com --mkhomedir --password=Secret123 --principal=admin
Discovery was successful!
Hostname: jetfire.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: ratchet.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Continue to configure the system with these values? [no]: yes

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
Warning: Hostname (jetfire.lab.eng.pnq.redhat.com) not found in DNS
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1140, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1129, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1002, in install
    client_dns(cli_server, hostname, options.dns_updates)
  File "/usr/sbin/ipa-client-install", line 757, in client_dns
    update_dns(server, hostname)
  File "/usr/sbin/ipa-client-install", line 692, in update_dns
    ip = resolve_ipaddress(server)
  File "/usr/sbin/ipa-client-install", line 665, in resolve_ipaddress
    s.connect((server, 389))
  File "<string>", line 1, in connect
socket.gaierror: [Errno -2] Name or service not known
[root@jetfire ~]# 

Expected results:
ipa-client-install should be successful without any traceback message.

Additional info:

1. I do not see traceback for IPv4 clients.

2. [root@jetfire ~]# ipa-client-install -d --domain=lab.eng.pnq.redhat.com --server=ratchet.lab.eng.pnq.redhat.com --realm=LAB.ENG.PNQ.REDHAT.COM --ntp-server=ratchet.lab.eng.pnq.redhat.com --mkhomedir --password=Secret123 --principal=admin 
root        : DEBUG    /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': 'lab.eng.pnq.redhat.com', 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': 'ratchet.lab.eng.pnq.redhat.com', 'prompt_password': False, 'realm_name': 'LAB.ENG.PNQ.REDHAT.COM', 'dns_updates': False, 'debug': True, 'on_master': False, 'ntp_server': 'ratchet.lab.eng.pnq.redhat.com', 'mkhomedir': True, 'unattended': None, 'principal': 'admin'}
root        : DEBUG    missing options might be asked for interactively later

root        : DEBUG    Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
root        : DEBUG    Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state'
root        : DEBUG    [ipadnssearchkrb]
root        : DEBUG    [ipacheckldap]
root        : DEBUG    args=/usr/bin/wget -O /tmp/tmplAowHO/ca.crt http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=--2011-09-16 13:36:44--  http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
Resolving ratchet.lab.eng.pnq.redhat.com... 2620:52:0:41c9:5054:ff:fea6:ec8
Connecting to ratchet.lab.eng.pnq.redhat.com|2620:52:0:41c9:5054:ff:fea6:ec8|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1361 (1.3K) [application/x-x509-ca-cert]
Saving to: “/tmp/tmplAowHO/ca.crt”

     0K .                                                     100%  186M=0s

2011-09-16 13:36:44 (186 MB/s) - “/tmp/tmplAowHO/ca.crt” saved [1361/1361]


root        : DEBUG    Init ldap with: ldap://ratchet.lab.eng.pnq.redhat.com:389
root        : DEBUG    Search rootdse
root        : DEBUG    Search for (info=*) in dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com(base)
root        : DEBUG    Found: [('dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com', {'objectClass': ['top', 'domain', 'pilotObject', 'nisDomainObject', 'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain': ['lab.eng.pnq.redhat.com'], 'dc': ['lab'], 'nisDomain': ['lab.eng.pnq.redhat.com']})]
root        : DEBUG    Search for (objectClass=krbRealmContainer) in dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com(sub)
root        : DEBUG    Found: [('cn=LAB.ENG.PNQ.REDHAT.COM,cn=kerberos,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com', {'krbSubTrees': ['dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com'], 'cn': ['LAB.ENG.PNQ.REDHAT.COM'], 'krbDefaultEncSaltTypes': ['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special', 'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'krbSearchScope': ['2'], 'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special', 'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal', 'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special', 'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal', 'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'], 'krbMaxRenewableAge': ['604800']})]
root        : DEBUG    will use domain: lab.eng.pnq.redhat.com

root        : DEBUG    will use server: ratchet.lab.eng.pnq.redhat.com

Discovery was successful!
root        : DEBUG    will use cli_realm: LAB.ENG.PNQ.REDHAT.COM

root        : DEBUG    will use cli_basedn: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com

Hostname: jetfire.lab.eng.pnq.redhat.com
Realm: LAB.ENG.PNQ.REDHAT.COM
DNS Domain: lab.eng.pnq.redhat.com
IPA Server: ratchet.lab.eng.pnq.redhat.com
BaseDN: dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com


Continue to configure the system with these values? [no]: yes
root        : DEBUG    args=/usr/bin/wget -O /etc/ipa/ca.crt http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=--2011-09-16 13:36:46--  http://ratchet.lab.eng.pnq.redhat.com/ipa/config/ca.crt
Resolving ratchet.lab.eng.pnq.redhat.com... 2620:52:0:41c9:5054:ff:fea6:ec8
Connecting to ratchet.lab.eng.pnq.redhat.com|2620:52:0:41c9:5054:ff:fea6:ec8|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1361 (1.3K) [application/x-x509-ca-cert]
Saving to: “/etc/ipa/ca.crt”

     0K .                                                     100%  195M=0s

2011-09-16 13:36:46 (195 MB/s) - “/etc/ipa/ca.crt” saved [1361/1361]


root        : DEBUG    Writing Kerberos configuration to /tmp/tmpJ6IKWO:
#File modified by ipa-client-install

[libdefaults]
  default_realm = LAB.ENG.PNQ.REDHAT.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  LAB.ENG.PNQ.REDHAT.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM
  lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM

[appdefaults]
  pam = {
    debug = false
    krb4_convert = false
  }

root        : DEBUG    args=kinit admin.PNQ.REDHAT.COM
root        : DEBUG    stdout=Password for admin.PNQ.REDHAT.COM: 

root        : DEBUG    stderr=

root        : DEBUG    args=/usr/sbin/ipa-join -s ratchet.lab.eng.pnq.redhat.com -d
root        : DEBUG    stdout=
root        : DEBUG    stderr=XML-RPC CALL:

<?xml version="1.0" encoding="UTF-8"?>\r\n
<methodCall>\r\n
<methodName>join</methodName>\r\n
<params>\r\n
<param><value><array><data>\r\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\r\n
</data></array></value></param>\r\n
<param><value><struct>\r\n
<member><name>nsosversion</name>\r\n
<value><string>2.6.32-197.el6.i686</string></value></member>\r\n
<member><name>nshardwareplatform</name>\r\n
<value><string>i686</string></value></member>\r\n
</struct></value></param>\r\n
</params>\r\n
</methodCall>\r\n

XML-RPC RESPONSE:

<?xml version='1.0' encoding='UTF-8'?>\n
<methodResponse>\n
<params>\n
<param>\n
<value><array><data>\n
<value><string>fqdn=jetfire.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com</string></value>\n
<value><struct>\n
<member>\n
<name>dn</name>\n
<value><string>fqdn=jetfire.lab.eng.pnq.redhat.com,cn=computers,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com</string></value>\n
</member>\n
<member>\n
<name>ipacertificatesubjectbase</name>\n
<value><array><data>\n
<value><string>O=LAB.ENG.PNQ.REDHAT.COM</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbextradata</name>\n
<value><array><data>\n
<value><base64>\n
AAgBAA==\n
</base64></value>\n
<value><base64>\n
AALjh3NOaG9zdC9qZXRmaXJlLmxhYi5lbmcucG5xLnJlZGhhdC5jb21ATEFCLkVORy5QTlEuUkVE\n
SEFULkNPTQA=\n
</base64></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>cn</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>objectclass</name>\n
<value><array><data>\n
<value><string>ipaobject</string></value>\n
<value><string>nshost</string></value>\n
<value><string>ipahost</string></value>\n
<value><string>pkiuser</string></value>\n
<value><string>ipaservice</string></value>\n
<value><string>krbprincipalaux</string></value>\n
<value><string>krbprincipal</string></value>\n
<value><string>top</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>fqdn</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managing_host</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>has_keytab</name>\n
<value><boolean>0</boolean></value>\n
</member>\n
<member>\n
<name>ipauniqueid</name>\n
<value><array><data>\n
<value><string>bfe6e268-e087-11e0-b15e-3779999befb7</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>krbprincipalname</name>\n
<value><array><data>\n
<value><string>host/jetfire.lab.eng.pnq.redhat.com.PNQ.REDHAT.COM</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>managedby_host</name>\n
<value><array><data>\n
<value><string>jetfire.lab.eng.pnq.redhat.com</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>serverhostname</name>\n
<value><array><data>\n
<value><string>jetfire</string></value>\n
</data></array></value>\n
</member>\n
<member>\n
<name>enrolledby_user</name>\n
<value><array><data>\n
<value><string>admin</string></value>\n
</data></array></value>\n
</member>\n
</struct></value>\n
</data></array></value>\n
</param>\n
</params>\n
</methodResponse>\n

Keytab successfully retrieved and stored in: /etc/krb5.keytab
Certificate subject base is: O=LAB.ENG.PNQ.REDHAT.COM

Enrolled in IPA realm LAB.ENG.PNQ.REDHAT.COM
root        : DEBUG    args=kdestroy
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    Backing up system configuration file '/etc/ipa/default.conf'
root        : DEBUG      -> Not backing up - '/etc/ipa/default.conf' doesn't exist
Created /etc/ipa/default.conf
root        : DEBUG    Backing up system configuration file '/etc/sssd/sssd.conf'
root        : DEBUG    Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
Configured /etc/sssd/sssd.conf
root        : DEBUG    args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    Backing up system configuration file '/etc/krb5.conf'
root        : DEBUG    Saving Index File to '/var/lib/ipa-client/sysrestore/sysrestore.index'
root        : DEBUG    Writing Kerberos configuration to /etc/krb5.conf:
#File modified by ipa-client-install

[libdefaults]
  default_realm = LAB.ENG.PNQ.REDHAT.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  LAB.ENG.PNQ.REDHAT.COM = {
    pkinit_anchors = FILE:/etc/ipa/ca.crt
  }

[domain_realm]
  .lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM
  lab.eng.pnq.redhat.com = LAB.ENG.PNQ.REDHAT.COM

[appdefaults]
  pam = {
    debug = false
    krb4_convert = false
  }

Configured /etc/krb5.conf for IPA realm LAB.ENG.PNQ.REDHAT.COM
root        : DEBUG    args=/sbin/service messagebus start 
root        : DEBUG    stdout=Starting system message bus: 

root        : DEBUG    stderr=
root        : DEBUG    args=/sbin/service certmonger restart 
root        : DEBUG    stdout=Stopping certmonger:         [FAILED]
Starting certmonger:                                       [  OK  ]

root        : DEBUG    stderr=
root        : DEBUG    args=/sbin/service certmonger restart 
root        : DEBUG    stdout=Stopping certmonger:         [  OK  ]
Starting certmonger:                                       [  OK  ]

root        : DEBUG    stderr=
root        : DEBUG    args=/sbin/chkconfig certmonger on
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    args=ipa-getcert request -d /etc/pki/nssdb -n IPA Machine Certificate - jetfire.lab.eng.pnq.redhat.com -N CN=jetfire.lab.eng.pnq.redhat.com,O=LAB.ENG.PNQ.REDHAT.COM -K host/jetfire.lab.eng.pnq.redhat.com.PNQ.REDHAT.COM
root        : DEBUG    stdout=New signing request "20110916173648" added.

root        : DEBUG    stderr=
Warning: Hostname (jetfire.lab.eng.pnq.redhat.com) not found in DNS
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1140, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1129, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1002, in install
    client_dns(cli_server, hostname, options.dns_updates)
  File "/usr/sbin/ipa-client-install", line 757, in client_dns
    update_dns(server, hostname)
  File "/usr/sbin/ipa-client-install", line 692, in update_dns
    ip = resolve_ipaddress(server)
  File "/usr/sbin/ipa-client-install", line 665, in resolve_ipaddress
    s.connect((server, 389))
  File "<string>", line 1, in connect
socket.gaierror: [Errno -2] Name or service not known

Comment 2 Martin Kosek 2011-09-16 13:18:34 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1804

Comment 3 Martin Kosek 2011-09-19 16:13:21 UTC

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/7854d8166e54e0d39c51750a421ebc9b5a347233
ipa-2-1: https://fedorahosted.org/freeipa/changeset/f83c773a361e2ca7d1b2626879eb2feff975e15c

Comment 5 Martin Kosek 2011-11-01 10:05:09 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: When ipa-client-install detects that the client hostname is not resolvable, it tries to add a DNS record to the IPA server. However, it does not expect that the client may be an IPv6 machine
Consequence: Client installation crashes
Fix: Make sure that the process for adding a DNS record to the IPA server works for both IPv4 and IPv6
Result: IPA client installation does not crash in this case

Comment 6 Gowrishankar Rajaiyan 2011-11-01 14:16:53 UTC

CLIENT:

[root@ratchet ~]# ipa-client-install --domain=testrelm --server=jetfire.testrelm --realm=TESTRELM  --mkhomedir --password=Secret123 --principal=admin
Discovery was successful!
Hostname: ratchet.testrelm
Realm: TESTRELM
DNS Domain: testrelm
IPA Server: jetfire.testrelm
BaseDN: dc=testrelm


Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...

Enrolled in IPA realm TESTRELM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM
Warning: Hostname (ratchet.testrelm) not found in DNS
DNS server record set to: ratchet.testrelm -> 2620:52:0:41c9:5054:ff:fea6:ec8
SSSD enabled
NTP enabled
Client configuration complete.
[root@ratchet ~]# 


ipa-client-install successful without any traceback message. 
Verified in version: ipa-server-2.1.3-7.el6.x86_64 & ipa-client-2.1.3-7.el6.x86_64

Comment 7 errata-xmlrpc 2011-12-06 18:31:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html

Note You need to log in before you can comment on or make changes to this bug.