Bug 751597
| Summary: | ipa-server-install --hostname fails at step configuring certificate server instance | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Namita Soman <nsoman> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | dpal, jgalipea, mkosek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: When IPA server is installed with a custom hostname which is not properly resolvable in DNS, an IP address for the custom hostname is requested from the user and a host record is added to /etc/hosts so that the custom hostname is resolvable and the installation can continue. However, the record is not added when the IP address is passed as an option (--ip-address).
Consequence: Installation fails because subsequent steps cannot resolve the machine IP address.
Fix: Host record in /etc/hosts is now added even when IP address is passed via CLI option --ip-address.
Result: Installation with a nonresolvable hostname now succeeds with no regards to how the IP address is passed to the installer (interactively or via CLI option).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:16:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 756082 | ||
|
Description
Namita Soman
2011-11-06 03:51:42 UTC
There are 2 ways how to workaround this: 1) Pass IP address interactively (omit --ip-address option in CLI call) 2) Add host record to /etc/hosts in a proper format before you install: $IP_ADDRESS $HOSTNAME $SHORT_NAME where $IP_ADDRESS is the value you pass to --ip-address, $HOSTNAME is the value you pass to --hostname and $SHORT_NAME is first part of the $HOSTNAME. For example, if you install IPA this way: ipa-server-install --setup-dns --forwarder=10.14.63.12 --hostname ipaserver.testrelm -r TESTRELM -n testrelm -p Secret123 -P Secret123 -a Secret123 --ip-address 10.16.19.135 and add this record to /etc/hosts: 10.16.19.135 ipaserver.testrelm ipaserver before you run ipa-server-install, the installation should be OK. Upstream ticket: https://fedorahosted.org/freeipa/ticket/2074 Fixed upstream. master: 0165a03694db76462b62ca06cdc2b3f88312a154 Using:
ipa-server-2.2.0-7.el6.x86_64
# hostname
margo.testrelm.com
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=margo.testrelm.com
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.16.96.50 margo.testrelm.com margo
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search idm.lab.bos.redhat.com
nameserver 10.16.78.150
Installed using command:
# ipa-server-install --setup-dns --forwarder=10.14.63.12 --hostname ipaserver.testrelm.com -r TESTRELM.COM -n testrelm -p Secret123 -P Secret123 -a Secret123 --ip-address 10.16.96.50
Failed with:
Configuring named:
[1/9]: adding DNS container
[2/9]: setting up our zone
[3/9]: setting up reverse zone
[4/9]: setting up our own record
[5/9]: setting up kerberos principal
[6/9]: setting up named.conf
[7/9]: restarting named
[8/9]: configuring named to start on boot
[9/9]: changing resolv.conf to point to ourselves
done configuring named.
Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files
Restarting the web server
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install --on-master --unattended --domain testrelm --server ipaserver.testrelm.com --realm TESTRELM.COM --hostname ipaserver.testrelm.com' returned non-zero exit status 1
/var/log/ipaserver-install.log has:
2012-04-02T14:39:16Z DEBUG Changing admin password
2012-04-02T14:39:16Z DEBUG args=/usr/bin/ldappasswd -h ipaserver.testrelm.com -ZZ -x -D cn=Directory Manager -y /var/lib/ipa/tmpjjJRzL -T /var/lib/ipa/tmp_K_Zxx uid=admin,cn=users,cn=accounts,dc=testrelm,dc=com
2012-04-02T14:39:16Z DEBUG stdout=
2012-04-02T14:39:16Z DEBUG stderr=
2012-04-02T14:39:16Z DEBUG ldappasswd done
2012-04-02T14:39:18Z DEBUG args=/usr/sbin/ipa-client-install --on-master --unattended --domain testrelm --server ipaserver.testrelm.com --realm TESTRELM.COM --hostname ipaserver.testrelm.com
2012-04-02T14:39:18Z DEBUG stdout=^[[?1034hDiscovery was successful!
Hostname: ipaserver.testrelm.com
Realm: TESTRELM.COM
DNS Domain: testrelm
IPA Server: ipaserver.testrelm.com
BaseDN: dc=testrelm,dc=com
Configured /etc/sssd/sssd.conf
2012-04-02T14:39:18Z DEBUG stderr=DNS domain 'testrelm.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1534, in <module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1521, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1358, in install
api.Backend.xmlclient.connect()
File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in create_connection
raise errors.KerberosError(major=str(krberr), minor='')
ipalib.errors.KerberosError: Kerberos error: Service u'HTTP' not found in Kerberos database/
After install:
# hostname
ipaserver.testrelm.com
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2602 I'm glad Martin opened a new ticket, this seems to be a different issue. In this case you set the DNS for testrelm and set server name to testrelm.com. No wonder it isn't resolvable. Yes - my mistake. I missed passing testrelm.com for domain name. I retried the install with correct paremeters as in - ipa-server-install --setup-dns --forwarder=10.14.63.12 --hostname ipaserver.testrelm.com --ip-address 10.16.96.50 And was able to install on a machine where hostname before install was margo.testrelm.com Verified this bug using ipa-server-2.2.0-7.el6.x86_64 Opened new bug 809190 for the error installer ran into when domain name is not resolvable. Ok, thanks. I will link the upstream ticket to the new Bugzilla.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: When IPA server is installed with a custom hostname which is not properly resolvable in DNS, an IP address for the custom hostname is requested from the user and a host record is added to /etc/hosts so that the custom hostname is resolvable and the installation can continue. However, the record is not added when the IP address is passed as an option (--ip-address).
Consequence: Installation fails because subsequent steps cannot resolve the machine IP address.
Fix: Host record in /etc/hosts is now added even when IP address is passed via CLI option --ip-address.
Result: Installation with a nonresolvable hostname now succeeds with no regards to how the IP address is passed to the installer (interactively or via CLI option).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |