Red Hat Bugzilla – Bug 894143
ipa-replica-prepare fails when reverse zone does not have SOA serial data
Last modified: 2013-02-21 04:32:20 EST
Description of problem: ipa-replica-prepare fails if idnsSOAserial attribute missing for zone of server being prepared. This is being seen after bug #894131 occurs. reverse zone does not have/show the SOA serial attribute for the zone. after replica deleted/uninstalled, attempting to re-run ipa-replica-prepare for it (with --ip-address) fails: Version-Release number of selected component (if applicable): ipa-server-3.0.0-19.el6.x86_64 How reproducible: always (at least when #894131) Steps to Reproduce: 1. Follow steps from bug #894131 2. uninstall replica but leave new zone in place without SOA Serial attr 3. ipa-replica-prepare -p Actual results: :: [23:19:12] :: Running: ipa-replica-prepare -p $ADMINPW --ip-address=<IP> <Hostname> Preparing replica for ipaqavmf.testrelm.com from ipaqavmh.testrelm.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-ipaqavmf.testrelm.com.gpg Adding DNS records for ipaqavmf.testrelm.com Using reverse zone 98.16.10.in-addr.arpa. preparation of replica failed: missing attribute "idnsSOAserial" required by object class "idnsZone" missing attribute "idnsSOAserial" required by object class "idnsZone" File "/usr/sbin/ipa-replica-prepare", line 477, in <module> main() File "/usr/sbin/ipa-replica-prepare", line 470, in main add_zone(reverse_zone) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 300, in add_zone add_ns_rr(name, hostname, dns_backup=None, force=True) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 327, in add_ns_rr force=force) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 306, in add_rr api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1071, in execute self._exc_wrapper(keys, options, ldap.add_entry)(dn, entry_attrs, normalize=self.obj.normalize_dn) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 994, in wrapped return func(*call_args, **call_kwargs) File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1002, in exc_func self, keys, options, e, call_func, *args, **kwargs) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 2463, in exc_callback ldap.update_entry(dn, entry_attrs, **call_kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 1411, in update_entry self.handle_errors(e) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 714, in handle_errors raise errors.ObjectclassViolation(info=info) Expected results: Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3341
This issue is already fixed upstream: ipa-3-0: https://fedorahosted.org/freeipa/changeset/55bace6546095d78760be413896c824efe9c2f20/ By fixed I mean that the error message is fixed. When testing this patch, the ipa-replica-prepare should no longer crash, but rather report a better worded error what operation failed and that SOA serial is missing. This would logically lead the user to fix the affected zone SOA serial.
Verified. Version :: ipa-server-3.0.0-22.el6.x86_64 bind-dyndb-ldap-2.3-2.el6.x86_64 Automated Test Results (manually run) :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Bug 894143 - ipa-replica-prepare fails when reverse zone does not have SOA serial data :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'sed -i 's/serial_autoincrement yes/serial_autoincrement no/' /etc/named.conf' Stopping named: [ OK ] Starting named: [ OK ] :: [ PASS ] :: Running 'service named restart' :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "sed -i 's/serial_autoincrement yes/serial_autoincrement no/' /etc/named.conf"' Stopping named: .[ OK ] Starting named: [ OK ] :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "service named restart"' Zone name: 3.3.3.in-addr.arpa. Authoritative nameserver: rhel6-1.testrelm.com. Administrator e-mail address: ipaqar.redhat.com. SOA serial: 1358535383 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-subdomain 3.3.3.in-addr.arpa. PTR; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; :: [ PASS ] :: Running 'ipa dnszone-add 3.3.3.in-addr.arpa. --name-server=rhel6-1.testrelm.com. --admin-email=ipaqar.redhat.com' Password for admin@TESTRELM.COM: :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "echo Secret123|kinit admin"' :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "ipa dnszone-show 3.3.3.in-addr.arpa." > /tmp/replicaBugCheck_bz894143.out 2>&1' Zone name: 3.3.3.in-addr.arpa. Authoritative nameserver: rhel6-1.testrelm.com. Administrator e-mail address: ipaqar.redhat.com. SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: Running 'cat /tmp/replicaBugCheck_bz894143.out' :: [ PASS ] :: File '/tmp/replicaBugCheck_bz894143.out' should not contain 'SOA serial:' :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "ipa-replica-prepare -p Secret123 --ip-address=3.3.3.100 bz894143.testrelm.com" > /tmp/replicaBugCheck_bz894143.out 2>&1' :: [ PASS ] :: File '/tmp/replicaBugCheck_bz894143.out' should contain 'Could not create reverse DNS zone for the replica: missing attribute "idnsSOAserial"' :: [ PASS ] :: BZ 894143 not found :: [ PASS ] :: Running 'sed -i 's/serial_autoincrement no/serial_autoincrement yes/' /etc/named.conf' Stopping named: [ OK ] Starting named: [ OK ] :: [ PASS ] :: Running 'service named restart' :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "sed -i 's/serial_autoincrement no/serial_autoincrement yes/' /etc/named.conf"' Stopping named: .[ OK ] Starting named: [ OK ] :: [ PASS ] :: Running 'ssh rhel6-1.testrelm.com "service named restart"'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html