[Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname

Nathan Peters Nathan.Peters at globalrelay.net
Mon Jan 18 16:52:02 UTC 2016 

Actually I was able to solve this one, but the error logging could certainly be improved to indicate what is actually happening

Here is the actual issue along with the sequence of events: 

1. DNS check for local host to be joined checks forward, cname, and PTR records against result of `hostname` command, those all came back ok

2. A second check is performed and I believe it is being performed on an existing FreeIPA server (in this case it was my CA master), but the logs say " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost" even though this check is actually being performed remotely on the Master.  It almost seems like the log entry from the master is forwarded to use and that's why it says 'localhost' or something...

3. It performs the same forward, CNAME, and PTR checks as it did against the localhost, but doesn't log those checks.  It fails on the PTR check because there actually was a second invalid PTR entry for dc1-ipa-dev-nvan.mydomain.net.mydomain.net.  You can see from the logs that it actually warned us it was about to do a PTR check on the localhost  " DEBUG Check reverse address of  10.21.0.98".  But when it performs the remote check on the master, it just does the check without informing us what is about to happen, and because it claims that host is 'localhost' if the 2 hostnames are similar, you may not even realize its not performing the check locally

Since the underlying technical issue that caused this was an actual invalid PTR record, the removal of the PTR record solved the issue; however, it would be nice if the logs let us know that 2nd PTR check was actually remote, not local, and if it logged that it was about to perform a PTR check so we could accurately know what the cause of the failure was.


-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek
Sent: January-18-16 4:23 AM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname

On 18.1.2016 04:23, Nathan Peters wrote:
> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a 
> primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary 
> hostname for localhost: dc2-ipa-dev-van.mydomain.net 
> 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net 
> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is 
> not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of 
> 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: 
> dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if 
> dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost
> ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG 
> ------> Primary hostname for localhost: 
> ------> dc1-ipa-dev-nvan.mydomain.net.mydomain.net
> 2016-01-18T03:00:07Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
>     return_value = self.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
>     cfgr.run()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run
>     self.validate()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate
>     for nothing in self._validator():
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure
>     next(validator)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
>     self._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
>     self.__parent._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
>     super(ComponentBase, self)._handle_exception(exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
>     step()
>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
>     step = lambda: next(self.__gen)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
>     six.reraise(*exc_info)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
>     value = gen.send(prev_value)
>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
>     for nothing in self._installer(self.parent):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1551, in main
>     promote_check(self)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated
>     func(installer)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 394, in decorated
>     func(installer)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 980, in promote_check
>     installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 168, in verify_fqdn
>     "Please check /etc/hosts or DNS name resolution" % (host_name, 
> ex_name[0]))
> 
> 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, 
> exception: HostLookupError: The host name 
> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name 
> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or 
> DNS name resolution 2016-01-18T03:00:07Z ERROR The host name 
> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name 
> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or 
> DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install 
> command failed. See /var/log/ipareplica-install.log for more 
> information
> 
> So 3 questions :
> 1)Why does it first check if my hostname is ok, and then check if my hostname matches this other host, and why is it referring to the other remote host as localhost ?
> 2)Where in the world is it getting the idea that the primary hostname for my host is actually the primary hostname for the other host in a strange format with the domain name on the end twice ?
> 3)are there any workarounds for this?  It seems rather buggy.  I have 
> triple checked hostnames on both hosts referenced in that log entry
> 
> Here is the output that proves that my hostname is fine and not ending 
> with a double domain
> 
> [root at dc2-ipa-dev-van ~]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
> 10.21.0.98      dc2-ipa-dev-van.mydomain.net
> [root at dc2-ipa-dev-van ~]# cat /etc/hostname 
> dc2-ipa-dev-van.mydomain.net [root at dc2-ipa-dev-van ~]# hostname 
> dc2-ipa-dev-van.mydomain.net
> 
> and on the other host :
> 
> [root at dc1-ipa-dev-nvan ~]# hostname
> dc1-ipa-dev-nvan.mydomain.net
> [root at dc1-ipa-dev-nvan ~]# cat /etc/hostname 
> dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]# cat 
> /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
> 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net [root at dc1-ipa-dev-nvan ~]#

Interesting ...

Please send us information mentioned on page http://www.freeipa.org/page/Troubleshooting#Reporting_bugs

+ content of /etc/resolv.conf on the affected machine 
+ /var/log/ipareplica-install.log

Thank you.

--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list