[Freeipa-devel] ipa-replica-prepare requests reverse zone on RHEL

Thu Aug 20 12:46:22 UTC 2015


On 08/20/2015 02:40 PM, Oleg Fayans wrote:
> Done. https://fedorahosted.org/freeipa/ticket/5240
>
> The initial question however is still unsolved: why does 
> ipa-replica-prepare behaves differently on fedora and rhel? I thought, 
> rhel host had more than one reverse zone, but it's not the case.
Can you try fedora on the same machine?
>
>
> On 08/20/2015 01:43 PM, Martin Basti wrote:
>> It could be, please file a bug.
>>
>> On 08/20/2015 12:51 PM, Oleg Fayans wrote:
>>> Hi Martin,
>>>
>>> I guess, I know where is the problem. During replica-install the
>>> replica tries to resolve it's own ip to a hostname to check whether
>>> the dns is configured correctly. And fails, since we specified
>>> --no-reverse during the replica preparation on master.
>>> This looks like a bug to me.
>>>
>>> On 08/20/2015 12:37 PM, Oleg Fayans wrote:
>>>>
>>>>
>>>> On 08/20/2015 12:01 PM, Martin Basti wrote:
>>>>>
>>>>>
>>>>> On 08/20/2015 11:52 AM, Martin Basti wrote:
>>>>>>
>>>>>>
>>>>>> On 08/20/2015 11:42 AM, Oleg Fayans wrote:
>>>>>>> Hi Martin
>>>>>>>
>>>>>>> On 08/20/2015 11:33 AM, Martin Basti wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 08/20/2015 10:18 AM, Oleg Fayans wrote:
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> I am trying to run integration tests for dnssec in RHEL-7.2
>>>>>>>>> The tests keep failing at the step of preparing the replica. I
>>>>>>>>> figured
>>>>>>>>> out, the ipa-replica-prepare with the standard parameters 
>>>>>>>>> requests
>>>>>>>>> reverse zone info (does not do it in fedora) which causes the
>>>>>>>>> test to
>>>>>>>>> fail.
>>>>>>>>>
>>>>>>>>> Does anyone know why does it do it? We can, of course update our
>>>>>>>>> tests
>>>>>>>>> adding a --no-reverse option, but I'd like to know how come it
>>>>>>>>> behaves
>>>>>>>>> differently depending on the platform.
>>>>>>>>>
>>>>>>>>> The system is
>>>>>>>>> dell-pe1950-06.rhts.eng.brq.redhat.com
>>>>>>>>>
>>>>>>>>> The command looks like this:
>>>>>>>>>
>>>>>>>>> [root at dell-pe1950-06 ~]# ipa-replica-prepare -p '<password>'
>>>>>>>>> --ip-address 10.34.54.25 dell-pe1950-05.rhts.eng.brq.redhat.com
>>>>>>>>> Do you want to configure the reverse zone? [yes]:
>>>>>>>>>
>>>>>>>> Reverse zone is not needed for DNSSEC test, you can use 
>>>>>>>> --no-reverse
>>>>>>>> option.
>>>>>>>>
>>>>>>>> Did you test fedora on the same machine?
>>>>>>> No, it's a beaker-provisioned vm.
>>>>>>>
>>>>>>> I added a --no-reverse to the install_replica method in
>>>>>>> ipatests/test_integration/tasks.py. It fixed this particular issue.
>>>>>>> However, now the test fails at the step of ipa-replica-install:
>>>>>>>
>>>>>>> [root at dell-pe1950-05 ~]# ipa-replica-install -U -p '<password>' -w
>>>>>>> '<password>' --ip-address 10.34.54.25
>>>>>>> /var/lib/ipa/replica-info-dell-pe1950-05.rhts.eng.brq.redhat.com.gpg 
>>>>>>>
>>>>>>> --setup-ca --setup-dns --forwarder 10.34.32.1
>>>>>>> WARNING: conflicting time&date synchronization service 'chronyd' 
>>>>>>> will
>>>>>>> be disabled in favor of ntpd
>>>>>>>
>>>>>>> ipa         : ERROR    Unable to resolve the IP address
>>>>>>> 2620:52:0:2236:215:c5ff:fef3:e54f to a host name, check /etc/hosts
>>>>>>> and DNS name resolution
>>>>>>>
>>>>>>
>>>>>> Hmm, this is interesting, is 2620:52:0:2236:215:c5ff:fef3:e54f IP
>>>>>> address of replica or master.
>>>>>>
>>>>>>
>>>>> Does the resolv.conf point to master on replica?
>>>> It's an ip address of the replica. And yes, it does point to master's
>>>> ip.
>>>>
>>>
>>
>