[Freeipa-devel] ipa-replica-prepare requests reverse zone on RHEL

Oleg Fayans ofayans at redhat.com
Thu Aug 20 12:40:45 UTC 2015 

Done. https://fedorahosted.org/freeipa/ticket/5240

The initial question however is still unsolved: why does 
ipa-replica-prepare behaves differently on fedora and rhel? I thought, 
rhel host had more than one reverse zone, but it's not the case.


On 08/20/2015 01:43 PM, Martin Basti wrote:
> It could be, please file a bug.
>
> On 08/20/2015 12:51 PM, Oleg Fayans wrote:
>> Hi Martin,
>>
>> I guess, I know where is the problem. During replica-install the
>> replica tries to resolve it's own ip to a hostname to check whether
>> the dns is configured correctly. And fails, since we specified
>> --no-reverse during the replica preparation on master.
>> This looks like a bug to me.
>>
>> On 08/20/2015 12:37 PM, Oleg Fayans wrote:
>>>
>>>
>>> On 08/20/2015 12:01 PM, Martin Basti wrote:
>>>>
>>>>
>>>> On 08/20/2015 11:52 AM, Martin Basti wrote:
>>>>>
>>>>>
>>>>> On 08/20/2015 11:42 AM, Oleg Fayans wrote:
>>>>>> Hi Martin
>>>>>>
>>>>>> On 08/20/2015 11:33 AM, Martin Basti wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 08/20/2015 10:18 AM, Oleg Fayans wrote:
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I am trying to run integration tests for dnssec in RHEL-7.2
>>>>>>>> The tests keep failing at the step of preparing the replica. I
>>>>>>>> figured
>>>>>>>> out, the ipa-replica-prepare with the standard parameters requests
>>>>>>>> reverse zone info (does not do it in fedora) which causes the
>>>>>>>> test to
>>>>>>>> fail.
>>>>>>>>
>>>>>>>> Does anyone know why does it do it? We can, of course update our
>>>>>>>> tests
>>>>>>>> adding a --no-reverse option, but I'd like to know how come it
>>>>>>>> behaves
>>>>>>>> differently depending on the platform.
>>>>>>>>
>>>>>>>> The system is
>>>>>>>> dell-pe1950-06.rhts.eng.brq.redhat.com
>>>>>>>>
>>>>>>>> The command looks like this:
>>>>>>>>
>>>>>>>> [root at dell-pe1950-06 ~]# ipa-replica-prepare -p '<password>'
>>>>>>>> --ip-address 10.34.54.25 dell-pe1950-05.rhts.eng.brq.redhat.com
>>>>>>>> Do you want to configure the reverse zone? [yes]:
>>>>>>>>
>>>>>>> Reverse zone is not needed for DNSSEC test, you can use --no-reverse
>>>>>>> option.
>>>>>>>
>>>>>>> Did you test fedora on the same machine?
>>>>>> No, it's a beaker-provisioned vm.
>>>>>>
>>>>>> I added a --no-reverse to the install_replica method in
>>>>>> ipatests/test_integration/tasks.py. It fixed this particular issue.
>>>>>> However, now the test fails at the step of ipa-replica-install:
>>>>>>
>>>>>> [root at dell-pe1950-05 ~]# ipa-replica-install -U -p '<password>' -w
>>>>>> '<password>' --ip-address 10.34.54.25
>>>>>> /var/lib/ipa/replica-info-dell-pe1950-05.rhts.eng.brq.redhat.com.gpg
>>>>>> --setup-ca --setup-dns --forwarder 10.34.32.1
>>>>>> WARNING: conflicting time&date synchronization service 'chronyd' will
>>>>>> be disabled in favor of ntpd
>>>>>>
>>>>>> ipa         : ERROR    Unable to resolve the IP address
>>>>>> 2620:52:0:2236:215:c5ff:fef3:e54f to a host name, check /etc/hosts
>>>>>> and DNS name resolution
>>>>>>
>>>>>
>>>>> Hmm, this is interesting, is 2620:52:0:2236:215:c5ff:fef3:e54f IP
>>>>> address of replica or master.
>>>>>
>>>>>
>>>> Does the resolv.conf point to master on replica?
>>> It's an ip address of the replica. And yes, it does point to master's
>>> ip.
>>>
>>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list