[Freeipa-devel] ipa-replica-prepare requests reverse zone on RHEL

Thu Aug 20 11:43:08 UTC 2015

It could be, please file a bug.

On 08/20/2015 12:51 PM, Oleg Fayans wrote:
> Hi Martin,
>
> I guess, I know where is the problem. During replica-install the 
> replica tries to resolve it's own ip to a hostname to check whether 
> the dns is configured correctly. And fails, since we specified 
> --no-reverse during the replica preparation on master.
> This looks like a bug to me.
>
> On 08/20/2015 12:37 PM, Oleg Fayans wrote:
>>
>>
>> On 08/20/2015 12:01 PM, Martin Basti wrote:
>>>
>>>
>>> On 08/20/2015 11:52 AM, Martin Basti wrote:
>>>>
>>>>
>>>> On 08/20/2015 11:42 AM, Oleg Fayans wrote:
>>>>> Hi Martin
>>>>>
>>>>> On 08/20/2015 11:33 AM, Martin Basti wrote:
>>>>>>
>>>>>>
>>>>>> On 08/20/2015 10:18 AM, Oleg Fayans wrote:
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I am trying to run integration tests for dnssec in RHEL-7.2
>>>>>>> The tests keep failing at the step of preparing the replica. I
>>>>>>> figured
>>>>>>> out, the ipa-replica-prepare with the standard parameters requests
>>>>>>> reverse zone info (does not do it in fedora) which causes the 
>>>>>>> test to
>>>>>>> fail.
>>>>>>>
>>>>>>> Does anyone know why does it do it? We can, of course update our
>>>>>>> tests
>>>>>>> adding a --no-reverse option, but I'd like to know how come it
>>>>>>> behaves
>>>>>>> differently depending on the platform.
>>>>>>>
>>>>>>> The system is
>>>>>>> dell-pe1950-06.rhts.eng.brq.redhat.com
>>>>>>>
>>>>>>> The command looks like this:
>>>>>>>
>>>>>>> [root at dell-pe1950-06 ~]# ipa-replica-prepare -p '<password>'
>>>>>>> --ip-address 10.34.54.25 dell-pe1950-05.rhts.eng.brq.redhat.com
>>>>>>> Do you want to configure the reverse zone? [yes]:
>>>>>>>
>>>>>> Reverse zone is not needed for DNSSEC test, you can use --no-reverse
>>>>>> option.
>>>>>>
>>>>>> Did you test fedora on the same machine?
>>>>> No, it's a beaker-provisioned vm.
>>>>>
>>>>> I added a --no-reverse to the install_replica method in
>>>>> ipatests/test_integration/tasks.py. It fixed this particular issue.
>>>>> However, now the test fails at the step of ipa-replica-install:
>>>>>
>>>>> [root at dell-pe1950-05 ~]# ipa-replica-install -U -p '<password>' -w
>>>>> '<password>' --ip-address 10.34.54.25
>>>>> /var/lib/ipa/replica-info-dell-pe1950-05.rhts.eng.brq.redhat.com.gpg
>>>>> --setup-ca --setup-dns --forwarder 10.34.32.1
>>>>> WARNING: conflicting time&date synchronization service 'chronyd' will
>>>>> be disabled in favor of ntpd
>>>>>
>>>>> ipa         : ERROR    Unable to resolve the IP address
>>>>> 2620:52:0:2236:215:c5ff:fef3:e54f to a host name, check /etc/hosts
>>>>> and DNS name resolution
>>>>>
>>>>
>>>> Hmm, this is interesting, is 2620:52:0:2236:215:c5ff:fef3:e54f IP
>>>> address of replica or master.
>>>>
>>>>
>>> Does the resolv.conf point to master on replica?
>> It's an ip address of the replica. And yes, it does point to master's 
>> ip.
>>
>