RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 952756 - [RFE] Installer wizard should prompt for DNS
Summary: [RFE] Installer wizard should prompt for DNS
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-16 15:46 UTC by Dmitri Pal
Modified: 2021-05-06 14:56 UTC (History)
5 users (show)

Fixed In Version: ipa-3.2.1-1.el7
Doc Type: Enhancement
Doc Text:
Feature: A user is asked if he wants to install DNS during interative install. Reason: Previously, DNS feature was installed when --setup-dns option was passed to the installer. As a result, some users were not aware of DNS feature.
Clone Of:
Environment:
Last Closed: 2014-06-13 12:41:18 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Dmitri Pal 2013-04-16 15:46:10 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2575

Currently,  the installer will only install DNS if the option is passed on the command line.  A user should be asked if they want to install DNS,  and asked up front, so that the Wizard will error out quickly if the bind-dyndb-ldap package is not installed.

Comment 1 Martin Kosek 2013-04-22 10:33:08 UTC
Fixed upstream:
master: 3ea8dabeb9e21b255bb75287743a2bbb350f61bd

Comment 4 Namita Soman 2013-12-12 20:01:22 UTC
Verified using ipa-server-3.3.3-5


Automated test results:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ952756_tc1 - [RFE] Installer wizard should prompt for DNS
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 16:13:04 ] ::  Uninstall for next test
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Unconfiguring CA
Unconfiguring named
Unconfiguring web server

MARK-LWD-LOOP -- 2013-12-03 16:14:45 --
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
:: [   PASS   ] :: Uninstalling ipa server for next test (Expected 0, got 0)
ls: cannot access /etc/sssd/sssd.conf: No such file or directory
:: [   PASS   ] :: Making sure that /etc/sssd/sssd.conf does not exist. BZ 819982 (Expected 2, got 2)
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-4.el7 will be erased
---> Package bind-dyndb-ldap.x86_64 0:3.5-2.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch        Version             Repository           Size
================================================================================
Removing:
 bind                 x86_64      32:9.9.4-4.el7      @beaker-Server      4.3 M
 bind-dyndb-ldap      x86_64      3.5-2.el7           @beaker-Server      225 k

Transaction Summary
================================================================================
Remove  2 Packages

Installed size: 4.5 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Erasing    : bind-dyndb-ldap-3.5-2.el7.x86_64                             1/2 
  Erasing    : 32:bind-9.9.4-4.el7.x86_64                                   2/2 
  Verifying  : bind-dyndb-ldap-3.5-2.el7.x86_64                             1/2 
  Verifying  : 32:bind-9.9.4-4.el7.x86_64                                   2/2 

Removed:
  bind.x86_64 32:9.9.4-4.el7         bind-dyndb-ldap.x86_64 0:3.5-2.el7        

Complete!
:: [   PASS   ] :: Removing bind and bind-dyndb-ldap packages (Expected 0, got 0)
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' (Expected 0, got 0)
set timeout 30
set send_slow {1 .1}
spawn ipa-server-install --hostname=qeblade6.testrelm.com --mkhomedir -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123
match_max 100000
sleep 2
expect "Do you want to configure integrated DNS*"
send "yes"
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp' (Expected 0, got 0)
spawn ipa-server-install --hostname=qeblade6.testrelm.com --mkhomedir -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Do you want to configure integrated DNS (BIND)? [no]: yes

BIND was not found on this system
Please install the 'bind' package and start the installation again
The BIND LDAP plug-in was not found on this system
Please install the 'bind-dyndb-ldap' package and start the installation again
Aborting installation
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.out' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/remote_exec.out' should contain 'BIND was not found on this system
:: [   PASS   ] :: Please install the 'bind' package and start the installation again
:: [   PASS   ] :: The BIND LDAP plug-in was not found on this system
:: [   PASS   ] :: Please install the 'bind-dyndb-ldap' package and start the installation again
:: [   PASS   ] :: Aborting installation' 
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-4.el7 will be installed
---> Package bind-dyndb-ldap.x86_64 0:3.5-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch        Version              Repository          Size
================================================================================
Installing:
 bind                 x86_64      32:9.9.4-4.el7       beaker-Server      1.8 M
 bind-dyndb-ldap      x86_64      3.5-2.el7            beaker-Server       91 k

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 1.8 M
Installed size: 4.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                           5.7 MB/s | 1.8 MB     00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 32:bind-9.9.4-4.el7.x86_64                                   1/2 
  Installing : bind-dyndb-ldap-3.5-2.el7.x86_64                             2/2 
  Verifying  : bind-dyndb-ldap-3.5-2.el7.x86_64                             1/2 
  Verifying  : 32:bind-9.9.4-4.el7.x86_64                                   2/2 

Installed:
  bind.x86_64 32:9.9.4-4.el7         bind-dyndb-ldap.x86_64 0:3.5-2.el7        

Complete!
:: [   PASS   ] :: Installing bind and bind-dyndb-ldap packages (Expected 0, got 0)
'02ed48c5-ac07-499f-9ae6-3717be39f6e1'
BZ952756-tc1-RFE-Installer-wizard-should-prompt-for-DNS result: PASS
   metric: 0
   Log: /var/tmp/beakerlib-17694502/journal.txt
   DMesg: /mnt/testarea/dmesg.log
    Info: Searching AVC errors produced since 1386105183.94 (Tue Dec  3 16:13:03 2013)
     Searching logs...
     Fail: AVC messages found.
     Checking for errors...
     Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
     Info: No AVC messages found.
     Info: No AVC messages found.
 Writing to /mnt/testarea/tmp.UpIGfn
:
   AvcLog: /mnt/testarea/tmp.UpIGfn

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ952756_tc2 - [RFE] Installer wizard should prompt for DNS
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


MARK-LWD-LOOP -- 2013-12-03 16:19:46 --
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' (Expected 0, got 0)
set timeout 360 
set send_slow {1 .1}
spawn ipa-server-install --hostname=qeblade6.testrelm.com --mkhomedir -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123
match_max 100000
sleep 2
expect "Do you want to configure integrated DNS*"
send "yes"
send "\r"
expect "Existing BIND configuration detected*"
send "yes"
send "\r"
expect "Do you want to configure DNS forwarders*"
send "yes"
send "\r"
expect "Enter IP address for a DNS forwarder:"
send "10.10.160.1"
send "\r"
expect "Enter IP address for a DNS forwarder:"
send "\r"
expect "Do you want to configure the reverse zone*"
send "no"
send "\r"
expect "Continue to configure the system with these values*"
send "yes"
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp' (Expected 0, got 0)
spawn ipa-server-install --hostname=qeblade6.testrelm.com --mkhomedir -r TESTRELM.COM -n testrelm.com -p Secret123 -P Secret123 -a Secret123

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Do you want to configure integrated DNS (BIND)? [no]: yes

Existing BIND configuration detected, overwrite? [no]: yes
Warning: skipping DNS resolution of host qeblade6.testrelm.com
Do you want to configure DNS forwarders? [yes]: yes
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 10.10.160.1
DNS forwarder 10.10.160.1 added
Enter IP address for a DNS forwarder: 
Do you want to configure the reverse zone? [yes]: no

The IPA Master Server will be configured with:
Hostname:      qeblade6.testrelm.com
IP address:    10.16.4.29
Domain name:   testrelm.com
Realm name:    TESTRELM.COM

BIND DNS server will be configured to serve IPA domain with:
Forwarders:    10.10.160.1
Reverse zone:  No reverse zone

Continue to configure the system with these values? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
<..snip..>
Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.out' (Expected 0, got 0)
:: [ 16:21:05 ] ::  Verify kinit
:: [ 16:21:06 ] ::  execute expect file: /tmp/kinit.16137.exp

set timeout 30
set force_conservative 0
set send_slow {1 .001}
spawn /usr/bin/kinit -V admin
expect Password for *
send -s -- Secret123\r
expect eof 
spawn /usr/bin/kinit -V admin
SecretUsing existing cache: persistent:0:krb_ccache_N2bBK6M
Using principal: admin
123
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [ 16:21:06 ] ::  Success: kinit as [admin] with password [Secret123] was successful.
:: [   PASS   ] :: Get administrator credentials after installing (Expected 0, got 0)
:: [ 16:21:06 ] ::  Verify ipactl status
ipa: INFO: The ipactl command was successful
./lib.ipaserververify.sh: line 278: [: too many arguments
:: [   PASS   ] :: ipactl status not as expected for DS, KDC, KPASSWD, DNS, HTTP 
:: [ 16:21:09 ] ::  ipactl status:
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
:: [   PASS   ] :: ipctl status as expected for CA 
:: [ 16:21:09 ] ::  Verify sssd.conf
:: [   PASS   ] :: [cache_credentials ] matches :[True] 
:: [   PASS   ] :: [krb5_realm ] matches :[] 
:: [   PASS   ] :: [ipa_domain ] matches :[testrelm.com] 
:: [   PASS   ] :: [id_provider ] matches :[ipa] 
:: [   PASS   ] :: [auth_provider ] matches :[ipa] 
:: [   PASS   ] :: [access_provider ] matches :[ipa] 
:: [   PASS   ] :: [chpass_provider ] matches :[ipa] 
:: [   PASS   ] :: [ipa_server ] matches :[qeblade6.testrelm.com] 
:: [   PASS   ] :: File '/etc/sssd/sssd.conf' should not contain 'ldap_sasl_authid' 
:: [   PASS   ] :: File '/var/log/messages' should not contain 'sssd_be\[.*\]: segfault' 
:: [   PASS   ] :: BZ 878420 not found 
:: [   PASS   ] :: BZ 878288 not found 
Note: Forwarding request to 'systemctl is-enabled sssd.service'.
enabled
:: [   PASS   ] :: BZ 888124 not found 
:: [ 16:21:12 ] ::  Verify default.conf
:: [   PASS   ] :: /etc/ipa/default.conf created 
:: [ 16:21:12 ] ::  Verify ntp config
:: [   PASS   ] :: [ntpserver: ] matches :[server 127.127.1.0] 
:: [   PASS   ] :: [ntpfudgeserver: ] matches :[fudge 127.127.1.0 stratum 10] 
:: [ 16:21:13 ] ::  Verify zonemgr addr
:: [   PASS   ] :: [Administrator e-mail address: ] matches :[hostmaster.testrelm.com.] 
:: [ 16:21:14 ] ::  Verify forwarder
:: [   PASS   ] :: [Forwarder: ] matches :[--- engineering.redhat.com ping statistics ---] 
:: [ 16:21:15 ] ::  Verify Cerificate Subject base for server install
:: [   PASS   ] :: [Certificate Subject base] matches :[O=TESTRELM.COM] 
:: [   PASS   ] :: ldapsearch accepted password - Secret123 
:: [ 16:21:16 ] ::  Verify kinit
:: [ 16:21:16 ] ::  execute expect file: /tmp/kinit.10007.exp

set timeout 30
set force_conservative 0
set send_slow {1 .001}
spawn /usr/bin/kinit -V admin
expect Password for *
send -s -- Secret123\r
expect eof 
spawn /usr/bin/kinit -V admin
SecreUsing existing cache: persistent:0:krb_ccache_N2bBK6M
Using principal: admin
t123
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [ 16:21:17 ] ::  Success: kinit as [admin] with password [Secret123] was successful.
:: [   PASS   ] :: Get administrator credentials after installing (Expected 0, got 0)
:: [   PASS   ] :: Reverse DNS found :  
:: [ 16:21:18 ] ::  Verify krb5.conf
:: [   PASS   ] :: [default_realm ] matches :[TESTRELM.COM] 
:: [   PASS   ] :: [forwardable ] matches :[yes] 
:: [   PASS   ] :: [pkinit_anchors ] matches :[FILE:/etc/ipa/ca.crt] 
:: [   PASS   ] :: [renew_lifetime ] matches :[] 
:: [   PASS   ] :: [ticket_lifetime ] matches :[24h] 
:: [   PASS   ] :: [debug ] matches :[] 
:: [   PASS   ] :: [krb4_convert ] matches :[] 
:: [ 16:21:20 ] ::  Verify HBAC rules
:: [ 16:21:20 ] ::  EXECUTING: ipa hbacrule-find --name=allow_all
-------------------
1 HBAC rule matched
-------------------
  Rule name: allow_all
  User category: all
  Host category: all
  <sourcehostcategory>: all
  Service category: all
  Description: Allow all users to access any host from any host
  Enabled: TRUE
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: hbac rule - allow_all is installed (Expected 0, got 0)
:: [ 16:21:21 ] ::  Verify ipa-rewrite to verify for redirect
:: [   PASS   ] :: Redirect line is not commented 
:: [ 16:21:21 ] ::  Test for BZ 833515 :: permissions of replica files should be 0600
drwx------.  2 root root 4096 Dec  3 16:20 sysrestore
:: [   PASS   ] :: Ensure that /var/lib/ipa/sysrestore appears to be set to a 600 permission set BZ 833515 (Expected 0, got 0)
drwx------.  2 root root   29 Dec  3 16:15 sysupgrade
:: [   PASS   ] :: Ensure that /var/lib/ipa/sysupgrade appears to be set to a 600 permission set BZ 833515 (Expected 0, got 0)
:: [ 16:21:22 ] ::  Test for BZ 782920 - Make life easier to admins by configuring /etc/openldap/ldap.conf
/etc/openldap/ldap.conf
:: [   PASS   ] :: Make sure that ldap.conf was created (Expected 0, got 0)
BASE dc=testrelm,dc=com
:: [   PASS   ] :: Check to see if the Base DN seems to be in ldap.conf (Expected 0, got 0)
URI ldaps://qeblade6.testrelm.com
:: [   PASS   ] :: Check to see the MASTER dns seems to be in ldap.conf (Expected 0, got 0)
:: [ 16:21:23 ] ::  Test for BZ 819629 - Enable persistent search in bind-dyndb-ldap during IPA upgrade
:: [   PASS   ] :: Make sure a psearch is not disabled anywhere in named.conf (Expected 1, got 1)
:: [ 16:21:23 ] ::  Errors file to check is /var/log/dirsrv/slapd-TESTRELM-COM/errors
:: [   PASS   ] :: Ensure that offending error message is not coming up in the slapd error log (Expected 1, got 1)
:: [   PASS   ] :: File '/tmp/tmpout.verify_bz1018804' should contain '8443' 
:: [   PASS   ] :: File '/tmp/tmpout.verify_bz1018804' should contain 'wait on local port' 
:: [   PASS   ] :: BZ 1018804 not found 
'98df0ad2-c696-4eb8-af5b-0c1c9acd7959'
BZ952756-tc2-RFE-Installer-wizard-should-prompt-for-DNS result: PASS
   metric: 0
   Log: /var/tmp/beakerlib-17694502/journal.txt
   DMesg: /mnt/testarea/dmesg.log
    Info: Searching AVC errors produced since 1386105319.11 (Tue Dec  3 16:15:19 2013)
     Searching logs...
     Fail: AVC messages found.
     Checking for errors...
     Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
     Info: No AVC messages found.
     Info: No AVC messages found.
 Writing to /mnt/testarea/tmp.UpIGfn
:
   AvcLog: /mnt/testarea/tmp.UpIGfn

Comment 5 Ludek Smid 2014-06-13 12:41:18 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.


Note You need to log in before you can comment on or make changes to this bug.