815849 – ipa-server-install unhandled exception with unclear error messages (inside DNS check)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 815849 - ipa-server-install unhandled exception with unclear error messages (inside DNS check)

Summary: ipa-server-install unhandled exception with unclear error messages (inside DN...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-04-24 16:17 UTC by Dmitri Pal
Modified:	2015-05-12 11:03 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ipa-3.0.0-1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 09:11:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0528	0	normal	SHIPPED_LIVE	Low: ipa security, bug fix and enhancement update	2013-02-21 08:22:21 UTC

Description Dmitri Pal 2012-04-24 16:17:00 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2654

If DNS check for hostname<=>local IP address correspondence fail, unhandled exception is thrown from ipa-server-install.

Detail are inside Amazon EC2 bug:

#2648

https://bugzilla.redhat.com/show_bug.cgi?id=812692

Error message in exception is mysterious:
"No network interface matches the provided IP address and netmask"


It should say:
{{{
DNS check failed. Please check if forward records for your server name {hostname} point to IP addresses on this server. Please check reverse records also.

 Checked hostname: {hostname}
 Detected IP addresses: {ipAddrList}
 Forward records point to: {dnsIpAddrList}
 Reverse record {localIpAddr} points to name {dnsName}
}}}

More verbose is definitely better.

Code also should work if more IP addresses (and A/AAAA records) are detected.

Comment 1 Martin Kosek 2012-05-17 05:58:36 UTC

Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/eef056165f437e07c4a792d5545817a5517c59de

To test:

# echo "1.2.3.4 foo.example.com foo" >> /etc/hosts
# ipa-server-install --hostname foo.example.com

Installation will later fail with incomprehensible error message:

Unexpected error - see ipaserver-install.log for details:
 No network interface matches the provided IP address and netmask

The fixed server will report a better error message:

Invalid IP Address 1.2.3.4 for foo.example.com: No network interface matches the provided IP address and netmask

Comment 4 Scott Poore 2013-01-16 14:54:19 UTC

Verified.

Version ::

ipa-server-3.0.0-21.el6.x86_64

Automated Test Results (manually run) ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipaserverinstall_bz815849 - ipa-server-install unhandled exception with unclear error messages (inside DNS check)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'echo '1.2.3.4 foo.testrelm.com' >> /etc/hosts'
:: [   PASS   ] :: Running 'ipa-server-install --setup-dns --forwarder=10.14.63.12 --hostname=foo.testrelm.com -r TESTRELM.COM -p Secret123 -P Secret123 -a Secret123 -U > /ipaserverinstall_bz815849.out 2>&1'

Warning: hostname foo.testrelm.com does not match system hostname rhel6-4.testrelm.com.
System hostname will be updated during the installation process
to prevent service failures.

Invalid IP Address 1.2.3.4 for foo.testrelm.com: No network interface matches the provided IP address and netmask

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Warning: skipping DNS resolution of host foo.testrelm.com
The domain name has been determined based on the host name.

:: [   PASS   ] :: Running 'cat /ipaserverinstall_bz815849.out'
:: [   PASS   ] :: File '/ipaserverinstall_bz815849.out' should contain 'Invalid IP Address 1.2.3.4 for foo.testrelm.com:'
:: [   PASS   ] :: BZ 815849 not found

Comment 6 errata-xmlrpc 2013-02-21 09:11:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.