757681 – ipa-replica-install fails when --no-host-dns option is provided.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 757681 - ipa-replica-install fails when --no-host-dns option is provided.

Summary: ipa-replica-install fails when --no-host-dns option is provided.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-28 11:26 UTC by Gowrishankar Rajaiyan
Modified:	2012-06-20 13:17 UTC (History)
CC List:	3 users (show)
Fixed In Version:	ipa-2.2.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: IPA installer did not process host IP address properly --no-host-dns option was passed. Consequence: When hostname was not resolvable and --no-host-dns option was used, ipa-replica-install failed in a middle of the installation and did not amend the host name resolution in the same way as ipa-server-install does. Fix: ipa-server-install and ipa-replica-install now share host IP address processing. They both add a record to /etc/hosts when the server/replica hostname is not resolvable. Result: ipa-replica-install is now more robust and prevents more user errors when replica hostname is not resolvable.
Clone Of:
Environment:
Last Closed:	2012-06-20 13:17:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
test ouput (10.56 KB, text/plain) 2012-05-07 16:00 UTC, Namita Soman	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0819	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2012-06-19 20:34:17 UTC

Description Gowrishankar Rajaiyan 2011-11-28 11:26:53 UTC

Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-2.1.3-9.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup ipa-server.
2. Prepare a replica file.
3. ipa-replica-install with --no-host-dns option.
  
Actual results: replica install fails with "Unable to resolve IP address for hos name"

Expected results: Should not use hostname lookup during installation and replica install should be successful. 


Additional info:

Looking up master from slave:
[root@ratchet ~]# nslookup jetfire.testrelm
Server:		10.65.201.71
Address:	10.65.201.71#53

Name:	jetfire.testrelm
Address: 10.65.201.71

[root@ratchet ~]# 


Reverse lookup of master from slave:
[root@ratchet ~]# nslookup 10.65.201.71
Server:		10.65.201.71
Address:	10.65.201.71#53

71.201.65.10.in-addr.arpa	name = jetfire.testrelm.

[root@ratchet ~]# 


/etc/hosts of slave:
[root@ratchet ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.65.201.71    jetfire.testrelm        jetfire
#10.65.201.69    ratchet.testrelm        ratchet
[root@ratchet ~]# 


[root@ratchet ~]# ipa-replica-install  --skip-conncheck --no-host-dns  replica-info-ratchet.testrelm.gpg 
Directory Manager (existing master) password: 

Warning: skipping DNS resolution of host ratchet.testrelm
Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Unable to resolve IP address for host name
[root@ratchet ~]# 



2011-11-28 16:31:06,897 DEBUG /usr/sbin/ipa-replica-install was invoked with argument "replica-info-ratchet.testrelm.gpg" and options: {'no_forwarders': False, 'ui_redirect': True, 'reverse_zone': None, 'unattended': False, 'no_host_dns': True, 'no_reverse': False, 'setup_dns': False, 'setup_ca': False, 'forwarders': None, 'debug': False, 'conf_ntp': True, 'skip_conncheck': True}
2011-11-28 16:31:06,897 DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2011-11-28 16:31:06,897 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:09,719 DEBUG args=/usr/bin/gpg --batch --homedir /tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg --passphrase-fd 0 --yes --no-tty -o /tmp/tmpGMQtBLipa/files.tar -d replica-info-ratchet.testrelm.gpg
2011-11-28 16:31:09,719 DEBUG stdout=
2011-11-28 16:31:09,719 DEBUG stderr=gpg: WARNING: unsafe permissions on homedir `/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg'
gpg: keyring `/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg/secring.gpg' created
gpg: keyring `/tmp/tmpGMQtBLipa/ipa-RRyuKL/.gnupg/pubring.gpg' created
gpg: 3DES encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected

2011-11-28 16:31:09,728 DEBUG args=tar xf /tmp/tmpGMQtBLipa/files.tar -C /tmp/tmpGMQtBLipa
2011-11-28 16:31:09,729 DEBUG stdout=
2011-11-28 16:31:09,729 DEBUG stderr=
2011-11-28 16:31:09,753 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
2011-11-28 16:31:09,754 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
2011-11-28 16:31:09,764 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
2011-11-28 16:31:09,790 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
2011-11-28 16:31:09,797 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
2011-11-28 16:31:09,798 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
2011-11-28 16:31:09,799 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
2011-11-28 16:31:09,814 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
2011-11-28 16:31:09,819 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
2011-11-28 16:31:09,822 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
2011-11-28 16:31:09,830 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
2011-11-28 16:31:09,834 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
2011-11-28 16:31:09,844 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
2011-11-28 16:31:09,845 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
2011-11-28 16:31:09,847 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
2011-11-28 16:31:09,850 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
2011-11-28 16:31:09,859 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
2011-11-28 16:31:09,860 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
2011-11-28 16:31:09,863 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
2011-11-28 16:31:09,863 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
2011-11-28 16:31:09,865 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
2011-11-28 16:31:09,869 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
2011-11-28 16:31:09,870 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
2011-11-28 16:31:09,874 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
2011-11-28 16:31:09,884 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
2011-11-28 16:31:09,888 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
2011-11-28 16:31:09,888 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
2011-11-28 16:31:09,890 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
2011-11-28 16:31:09,900 DEBUG args=klist -V
2011-11-28 16:31:09,900 DEBUG stdout=Kerberos 5 version 1.9

2011-11-28 16:31:09,900 DEBUG stderr=
2011-11-28 16:31:09,905 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
2011-11-28 16:31:09,906 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
2011-11-28 16:31:09,908 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
2011-11-28 16:31:09,909 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
2011-11-28 16:31:09,910 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
2011-11-28 16:31:09,912 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
2011-11-28 16:31:09,921 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
2011-11-28 16:31:09,921 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
2011-11-28 16:31:09,921 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
2011-11-28 16:31:09,921 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/plugins'...
2011-11-28 16:31:09,922 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py'
2011-11-28 16:31:09,941 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/join.py'
2011-11-28 16:31:09,942 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py'
2011-11-28 16:31:09,942 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/rabase.py'
2011-11-28 16:31:09,942 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/selfsign.py'
2011-11-28 16:31:09,943 DEBUG skipping plugin module ipaserver.plugins.selfsign: selfsign is not selected as RA plugin, it is dogtag
2011-11-28 16:31:09,943 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/xmlserver.py'
2011-11-28 16:31:10,022 DEBUG Mounting ipaserver.rpcserver.jsonserver() at 'json'
2011-11-28 16:31:10,033 DEBUG Mounting ipaserver.rpcserver.xmlserver() at 'xml'
2011-11-28 16:31:10,665 DEBUG ds group dirsrv exists
2011-11-28 16:31:10,665 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:10,680 DEBUG Created connection context.ldap2_35333584
2011-11-28 16:31:10,860 DEBUG Destroyed connection context.ldap2_35333584
2011-11-28 16:31:10,861 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:10,861 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2011-11-28 16:31:10,861 DEBUG Configuring ntpd
2011-11-28 16:31:10,862 DEBUG   [1/4]: stopping ntpd
2011-11-28 16:31:10,929 DEBUG args=/sbin/service ntpd status 
2011-11-28 16:31:10,930 DEBUG stdout=ntpd is stopped

2011-11-28 16:31:10,930 DEBUG stderr=
2011-11-28 16:31:10,930 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:10,979 DEBUG args=/sbin/service ntpd stop 
2011-11-28 16:31:10,980 DEBUG stdout=Shutting down ntpd:   [FAILED]

2011-11-28 16:31:10,980 DEBUG stderr=
2011-11-28 16:31:10,980 DEBUG   duration: 0 seconds
2011-11-28 16:31:10,980 DEBUG   [2/4]: writing configuration
2011-11-28 16:31:10,980 DEBUG Backing up system configuration file '/etc/ntp.conf'
2011-11-28 16:31:10,981 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2011-11-28 16:31:10,981 DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2011-11-28 16:31:10,982 DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2011-11-28 16:31:10,983 DEBUG   duration: 0 seconds
2011-11-28 16:31:10,983 DEBUG   [3/4]: configuring ntpd to start on boot
2011-11-28 16:31:10,996 DEBUG args=/sbin/chkconfig ntpd
2011-11-28 16:31:10,996 DEBUG stdout=
2011-11-28 16:31:10,996 DEBUG stderr=
2011-11-28 16:31:10,996 DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:11,385 DEBUG args=/sbin/chkconfig ntpd on
2011-11-28 16:31:11,386 DEBUG stdout=
2011-11-28 16:31:11,386 DEBUG stderr=
2011-11-28 16:31:11,386 DEBUG   duration: 0 seconds
2011-11-28 16:31:11,386 DEBUG   [4/4]: starting ntpd
2011-11-28 16:31:11,429 DEBUG args=/sbin/service ntpd start 
2011-11-28 16:31:11,429 DEBUG stdout=Starting ntpd:        [  OK  ]

2011-11-28 16:31:11,429 DEBUG stderr=
2011-11-28 16:31:11,430 DEBUG   duration: 0 seconds
2011-11-28 16:31:11,430 DEBUG done configuring ntpd.
2011-11-28 16:31:11,431 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:11,452 DEBUG Created connection context.ldap2
2011-11-28 16:31:11,452 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2011-11-28 16:31:11,453 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'

Comment 2 Martin Kosek 2011-11-28 11:52:57 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2139

Comment 3 Martin Kosek 2012-01-13 08:36:33 UTC

Fixed upstream:

master:
5550ee16071e5a1cf6c3a0f58c15865d730fe1e4
649d13b59746582ee19a7b40e454bc268b1b9be9
bc5085699d92369460c04050fad11bf64978fbd3
95f3ec5d7053a54a393daf1f7d9a93be9d8a64fe

ipa-2-2:
6bb719be5c7b126931310432d604cda4e4e56d3b
61ad6e09b15f84655a8f91183f5aebe7d117fa56
8413882dabdd511fff5435ae820f1bd599c1f13b
4b7d430b29c897e768ce10c1d7e9e5ecf79c575a

Comment 5 Martin Kosek 2012-04-19 12:44:07 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: IPA installer did not process host IP address properly  --no-host-dns option was passed.
Consequence: When hostname was not resolvable and --no-host-dns option was used, ipa-replica-install failed in a middle of the installation and did not amend the host name resolution in the same way as ipa-server-install does.
Fix: ipa-server-install and ipa-replica-install now share host IP address processing. They both add a record to /etc/hosts when the server/replica hostname is not resolvable.
Result: ipa-replica-install is now more robust and prevents more user errors when replica hostname is not resolvable.

Comment 6 Namita Soman 2012-05-07 16:00:53 UTC

Created attachment 582707 [details]
test ouput

tests run on ipa-server.x86_64 0:2.2.0-12.el6 pass. Attaching test output

Comment 8 errata-xmlrpc 2012-06-20 13:17:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.