RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 894143 - ipa-replica-prepare fails when reverse zone does not have SOA serial data
Summary: ipa-replica-prepare fails when reverse zone does not have SOA serial data
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks: 902691
TreeView+ depends on / blocked
 
Reported: 2013-01-10 20:23 UTC by Scott Poore
Modified: 2013-02-21 09:32 UTC (History)
3 users (show)

Fixed In Version: ipa-3.0.0-22.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-21 09:32:20 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 0 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 08:22:21 UTC

Description Scott Poore 2013-01-10 20:23:49 UTC
Description of problem:

ipa-replica-prepare fails if idnsSOAserial attribute missing for zone of server being prepared.

This is being seen after bug #894131 occurs.  reverse zone does not have/show the SOA serial attribute for the zone.  after replica deleted/uninstalled, attempting to re-run ipa-replica-prepare for it (with --ip-address) fails:


Version-Release number of selected component (if applicable):
ipa-server-3.0.0-19.el6.x86_64


How reproducible:
always (at least when #894131)

Steps to Reproduce:
1.  Follow steps from bug #894131
2.  uninstall replica but leave new zone in place without SOA Serial attr
3.  ipa-replica-prepare -p
  
Actual results:

:: [23:19:12] ::  Running: ipa-replica-prepare -p $ADMINPW --ip-address=<IP> <Hostname>

Preparing replica for ipaqavmf.testrelm.com from ipaqavmh.testrelm.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-ipaqavmf.testrelm.com.gpg
Adding DNS records for ipaqavmf.testrelm.com
Using reverse zone 98.16.10.in-addr.arpa.
preparation of replica failed: missing attribute "idnsSOAserial" required by object class "idnsZone"
missing attribute "idnsSOAserial" required by object class "idnsZone"
  File "/usr/sbin/ipa-replica-prepare", line 477, in <module>
    main()

  File "/usr/sbin/ipa-replica-prepare", line 470, in main
    add_zone(reverse_zone)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 300, in add_zone
    add_ns_rr(name, hostname, dns_backup=None, force=True)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 327, in add_ns_rr
    force=force)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 306, in add_rr
    api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)

  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__
    ret = self.run(*args, **options)

  File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 747, in run
    return self.execute(*args, **options)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1071, in execute
    self._exc_wrapper(keys, options, ldap.add_entry)(dn, entry_attrs, normalize=self.obj.normalize_dn)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 994, in wrapped
    return func(*call_args, **call_kwargs)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py", line 1002, in exc_func
    self, keys, options, e, call_func, *args, **kwargs)

  File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 2463, in exc_callback
    ldap.update_entry(dn, entry_attrs, **call_kwargs)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 1411, in update_entry
    self.handle_errors(e)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 714, in handle_errors
    raise errors.ObjectclassViolation(info=info)
Expected results:


Additional info:

Comment 2 Dmitri Pal 2013-01-10 23:17:45 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3341

Comment 3 Martin Kosek 2013-01-15 16:00:58 UTC
This issue is already fixed upstream:

ipa-3-0: https://fedorahosted.org/freeipa/changeset/55bace6546095d78760be413896c824efe9c2f20/

By fixed I mean that the error message is fixed. When testing this patch, the ipa-replica-prepare should no longer crash, but rather report a better worded error what operation failed and that SOA serial is missing. This would logically lead the user to fix the affected zone SOA serial.

Comment 5 Scott Poore 2013-01-18 18:57:36 UTC
Verified.

Version ::

ipa-server-3.0.0-22.el6.x86_64
bind-dyndb-ldap-2.3-2.el6.x86_64

Automated Test Results (manually run) ::


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Bug 894143 - ipa-replica-prepare fails when reverse zone does not have SOA serial data
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'sed -i 's/serial_autoincrement yes/serial_autoincrement no/' /etc/named.conf'
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
:: [   PASS   ] :: Running 'service named restart'
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "sed -i 's/serial_autoincrement yes/serial_autoincrement no/' /etc/named.conf"'
Stopping named: .[  OK  ]
Starting named: [  OK  ]
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "service named restart"'
  Zone name: 3.3.3.in-addr.arpa.
  Authoritative nameserver: rhel6-1.testrelm.com.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 1358535383
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-subdomain 3.3.3.in-addr.arpa. PTR;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Running 'ipa dnszone-add 3.3.3.in-addr.arpa. --name-server=rhel6-1.testrelm.com. --admin-email=ipaqar.redhat.com'
Password for admin: 
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "echo Secret123|kinit admin"'
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "ipa dnszone-show 3.3.3.in-addr.arpa." > /tmp/replicaBugCheck_bz894143.out 2>&1'
  Zone name: 3.3.3.in-addr.arpa.
  Authoritative nameserver: rhel6-1.testrelm.com.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Running 'cat /tmp/replicaBugCheck_bz894143.out'
:: [   PASS   ] :: File '/tmp/replicaBugCheck_bz894143.out' should not contain 'SOA serial:'
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "ipa-replica-prepare -p Secret123 --ip-address=3.3.3.100 bz894143.testrelm.com" > /tmp/replicaBugCheck_bz894143.out 2>&1'
:: [   PASS   ] :: File '/tmp/replicaBugCheck_bz894143.out' should contain 'Could not create reverse DNS zone for the replica: missing attribute "idnsSOAserial"'
:: [   PASS   ] :: BZ 894143 not found
:: [   PASS   ] :: Running 'sed -i 's/serial_autoincrement no/serial_autoincrement yes/' /etc/named.conf'
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
:: [   PASS   ] :: Running 'service named restart'
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "sed -i 's/serial_autoincrement no/serial_autoincrement yes/' /etc/named.conf"'
Stopping named: .[  OK  ]
Starting named: [  OK  ]
:: [   PASS   ] :: Running 'ssh rhel6-1.testrelm.com "service named restart"'

Comment 7 errata-xmlrpc 2013-02-21 09:32:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html


Note You need to log in before you can comment on or make changes to this bug.