[Freeipa-users] some problems after migrating from 3.0 to 3.3

Martin Basti mbasti at redhat.com
Fri Dec 12 14:13:56 UTC 2014 

On 12/12/14 14:57, Gianluca Cecchi wrote:

Hello, read inline comments.

> Hello,
> I migrated a CentOS 6.6 system with IPA 3.0 to a CentOS 7.0 system 
> with IPA 3.3.
> The workflow was the one to create a replica and then decommission the 
> old one (that now is with services stopped) with the commands:
>
> on old server:
>  ipa-server-install --uninstall
>
> on new server:
>  ipa-replica-manage del infra.localdomain.local --force
>
<snip>
>
> - in CentOS 6.6 I had IPA with bind (9.8.2-0.23.rc1.el6_5.1), 
> configured with plain files:
> # ll /var/named/data/*zone
> -rw-r--r-- 1 root root 1244 Dec  6 14:35 /var/named/data/forward.zone
> -rw-r--r-- 1 root root  912 Dec  6 14:35 /var/named/data/reverse.zone
>
> After migration the bind configuration has been put under IPA with 
> these lines in named.conf:
>
> dynamic-db "ipa" {
>         library "ldap.so";
>         arg "uri ldapi://%2fvar%2frun%2fslapd-LOCALDOMAIN-LOCAL.socket";
>         arg "base cn=dns, dc=localdomain,dc=local";
>         arg "fake_mname c7server.localdomain.local.";
>         arg "auth_method sasl";
>         arg "sasl_mech GSSAPI";
>         arg "sasl_user DNS/c7server.localdomain.local";
>         arg "serial_autoincrement yes";
> };
>
It is not clear for me, did you use IPA DNS before upgrade, or you just 
install IPA DNS after upgrade?

> It works but the old IPA server hostname (with hostname=infra)  is no 
> more resovable
> I have that
> nslookup hostname
> works for every host that was previously defined inside the zone but 
> the previous ipa server...
> (new ipa and dns server is c7server and has ip 192.168.1.81)
>
> [root at c7server etc]# nslookup infra
> Server:         192.168.1.81
> Address:        192.168.1.81#53
>
> ** server can't find infra: NXDOMAIN
>
> [root at c7server etc]# nslookup vc1
> Server:         192.168.1.81
> Address:        192.168.1.81#53
>
> Name:   vc1.localdomain.local
> Address: 192.168.1.92
>


IMO the behavior is expected, deleting old replica 'infra', should 
remove the DNS record of replica as well

try following command to detect if there is the infra replica record in LDAP

$ ipa dnsrecord-find localdomain.local



-- 
Martin Basti

More information about the Freeipa-users mailing list