[Freeipa-devel] ipa-replica-prepare requests reverse zone on RHEL

Thu Aug 20 13:10:35 UTC 2015


On 08/20/2015 03:01 PM, Oleg Fayans wrote:
>
>
> On 08/20/2015 02:46 PM, Martin Basti wrote:
>>
>>
>> On 08/20/2015 02:40 PM, Oleg Fayans wrote:
>>> Done. https://fedorahosted.org/freeipa/ticket/5240
>>>
>>> The initial question however is still unsolved: why does
>>> ipa-replica-prepare behaves differently on fedora and rhel? I thought,
>>> rhel host had more than one reverse zone, but it's not the case.
>> Can you try fedora on the same machine?
> I guess, I can create a new fedora-based vm and install official 
> package there.
Okay because I think it is caused by different enviroment.
>
>>>
>>>
>>> On 08/20/2015 01:43 PM, Martin Basti wrote:
>>>> It could be, please file a bug.
>>>>
>>>> On 08/20/2015 12:51 PM, Oleg Fayans wrote:
>>>>> Hi Martin,
>>>>>
>>>>> I guess, I know where is the problem. During replica-install the
>>>>> replica tries to resolve it's own ip to a hostname to check whether
>>>>> the dns is configured correctly. And fails, since we specified
>>>>> --no-reverse during the replica preparation on master.
>>>>> This looks like a bug to me.
>>>>>
>>>>> On 08/20/2015 12:37 PM, Oleg Fayans wrote:
>>>>>>
>>>>>>
>>>>>> On 08/20/2015 12:01 PM, Martin Basti wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 08/20/2015 11:52 AM, Martin Basti wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 08/20/2015 11:42 AM, Oleg Fayans wrote:
>>>>>>>>> Hi Martin
>>>>>>>>>
>>>>>>>>> On 08/20/2015 11:33 AM, Martin Basti wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 08/20/2015 10:18 AM, Oleg Fayans wrote:
>>>>>>>>>>> Hi all,
>>>>>>>>>>>
>>>>>>>>>>> I am trying to run integration tests for dnssec in RHEL-7.2
>>>>>>>>>>> The tests keep failing at the step of preparing the replica. I
>>>>>>>>>>> figured
>>>>>>>>>>> out, the ipa-replica-prepare with the standard parameters
>>>>>>>>>>> requests
>>>>>>>>>>> reverse zone info (does not do it in fedora) which causes the
>>>>>>>>>>> test to
>>>>>>>>>>> fail.
>>>>>>>>>>>
>>>>>>>>>>> Does anyone know why does it do it? We can, of course update 
>>>>>>>>>>> our
>>>>>>>>>>> tests
>>>>>>>>>>> adding a --no-reverse option, but I'd like to know how come it
>>>>>>>>>>> behaves
>>>>>>>>>>> differently depending on the platform.
>>>>>>>>>>>
>>>>>>>>>>> The system is
>>>>>>>>>>> dell-pe1950-06.rhts.eng.brq.redhat.com
>>>>>>>>>>>
>>>>>>>>>>> The command looks like this:
>>>>>>>>>>>
>>>>>>>>>>> [root at dell-pe1950-06 ~]# ipa-replica-prepare -p '<password>'
>>>>>>>>>>> --ip-address 10.34.54.25 dell-pe1950-05.rhts.eng.brq.redhat.com
>>>>>>>>>>> Do you want to configure the reverse zone? [yes]:
>>>>>>>>>>>
>>>>>>>>>> Reverse zone is not needed for DNSSEC test, you can use
>>>>>>>>>> --no-reverse
>>>>>>>>>> option.
>>>>>>>>>>
>>>>>>>>>> Did you test fedora on the same machine?
>>>>>>>>> No, it's a beaker-provisioned vm.
>>>>>>>>>
>>>>>>>>> I added a --no-reverse to the install_replica method in
>>>>>>>>> ipatests/test_integration/tasks.py. It fixed this particular 
>>>>>>>>> issue.
>>>>>>>>> However, now the test fails at the step of ipa-replica-install:
>>>>>>>>>
>>>>>>>>> [root at dell-pe1950-05 ~]# ipa-replica-install -U -p 
>>>>>>>>> '<password>' -w
>>>>>>>>> '<password>' --ip-address 10.34.54.25
>>>>>>>>> /var/lib/ipa/replica-info-dell-pe1950-05.rhts.eng.brq.redhat.com.gpg 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --setup-ca --setup-dns --forwarder 10.34.32.1
>>>>>>>>> WARNING: conflicting time&date synchronization service 'chronyd'
>>>>>>>>> will
>>>>>>>>> be disabled in favor of ntpd
>>>>>>>>>
>>>>>>>>> ipa         : ERROR    Unable to resolve the IP address
>>>>>>>>> 2620:52:0:2236:215:c5ff:fef3:e54f to a host name, check 
>>>>>>>>> /etc/hosts
>>>>>>>>> and DNS name resolution
>>>>>>>>>
>>>>>>>>
>>>>>>>> Hmm, this is interesting, is 2620:52:0:2236:215:c5ff:fef3:e54f IP
>>>>>>>> address of replica or master.
>>>>>>>>
>>>>>>>>
>>>>>>> Does the resolv.conf point to master on replica?
>>>>>> It's an ip address of the replica. And yes, it does point to 
>>>>>> master's
>>>>>> ip.
>>>>>>
>>>>>
>>>>
>>>
>>
>