[Freeipa-devel] [PATCH] 762 Let the framework be able to override the hostname

Rob Crittenden rcritten at redhat.com
Wed May 25 15:29:14 UTC 2011 

Martin Kosek wrote:
> On Fri, 2011-04-01 at 11:47 -0400, Rob Crittenden wrote:
>> The hostname is passed in during the server installation. We should use
>> this hostname for the resulting server as well. It was being discarded
>> and we always used the system hostname value.
>>
>> ticket 1052
>>
>> rob
>
> I have to NACK this again. I have a problem communicating with IPA on a
> master machine. I reproduced in on 2 different machines. Please, correct
> my steps if I am wrong, I do the following procedure
>
> 1) I prepare a fresh minimal F-15
> 2) Install freeipa-server (current master with your patches)
> 3) Add custom hostname to /etc/hosts
> 4) Install IPA server:
> ipa-server-install -p secret123 -a secret123 --hostname ipa.idm.lab.bos.redhat.com --setup-dns --forwarder=10.16.255.2
> 5) # kinit admin
> Password for admin at IDM.LAB.BOS.REDHAT.COM:
> 6) # ipa user-show admin
> ipa: ERROR: cannot connect to 'any of the configured servers':
> https://ipa.idm.lab.bos.redhat.com/ipa/xml,
> https://ipa.idm.lab.bos.redhat.com/ipa/xml
>
> # ping -c 1 ipa.idm.lab.bos.redhat.com
> PING ipa.idm.lab.bos.redhat.com (10.16.78.140) 56(84) bytes of data.
> 64 bytes from ipa.idm.lab.bos.redhat.com (10.16.78.140): icmp_req=1
> ttl=64 time=0.049 ms
>
> Apache error_log shows relevant errors:
>
> [Wed May 25 06:42:38 2011] [error] ipa: ERROR: Failed to start IPA: Unable to retrieve LDAP schema: Invalid credentials: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Permission denied)
> [Wed May 25 06:42:38 2011] [error] ipa: ERROR: Failed to start IPA: Unable to retrieve LDAP schema: Invalid credentials: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Permission denied)
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:55 2011] [error] Exception KeyError: KeyError(140250828974112,) in<module 'threading' from '/usr/lib64/python2.7/threading.pyc'>  ignored
> [Wed May 25 06:43:56 2011] [notice] caught SIGTERM, shutting down
> [Wed May 25 06:43:56 2011] [notice] SELinux policy enabled; httpd running as context system_u:system_r:kernel_t:s0
> [Wed May 25 06:43:57 2011] [notice] Digest: generating secret for digest authentication ...
> [Wed May 25 06:43:57 2011] [notice] Digest: done
> [Wed May 25 06:43:57 2011] [notice] Apache/2.2.17 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.17 NSS/3.12.9.0 mod_wsgi/3.2 Python/2.7.1 configured -- resuming normal operations
> [Wed May 25 06:44:04 2011] [error] ipa: INFO: *** PROCESS START ***
> [Wed May 25 06:44:04 2011] [error] ipa: INFO: *** PROCESS START ***
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140] mod_wsgi (pid=5192): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140] Traceback (most recent call last):
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/share/ipa/wsgi.py", line 48, in application
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     return api.Backend.session(environ, start_response)
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 141, in __call__
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     self.create_context(ccache=environ.get('KRB5CCNAME'))
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 110, in create_context
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     self.Backend.ldap2.connect(ccache=ccache)
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 62, in connect
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     conn = self.create_connection(*args, **kw)
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/lib/python2.7/site-packages/ipalib/encoder.py", line 188, in new_f
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     return f(*new_args, **kwargs)
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 337, in create_connection
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     _handle_errors(e, **{})
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 118, in _handle_errors
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140]     raise errors.DatabaseError(desc=desc, info=info)
> [Wed May 25 06:45:25 2011] [error] [client 10.16.78.140] DatabaseError: Local error: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Hostname cannot be canonicalized)
> [Wed May 25 06:45:26 2011] [error] [client 10.16.78.140] mod_wsgi (pid=5193): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
>
>
> You can check the problem on vm-140.idm.lab.bos.redhat.com if you want to.
>
> Martin
>

The LDAP connection was still using the system hostname value. I added a 
conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) in the two places we 
initialize an LDAP connection and that seems to have fixed it.

Updated patch attached

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-762-2-host.patch
Type: text/x-patch
Size: 5104 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110525/35d3b60f/attachment.bin>

More information about the Freeipa-devel mailing list