Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1353908 - ipa-replica-install fails to install when provided with all parameters
Summary: ipa-replica-install fails to install when provided with all parameters
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-08 11:40 UTC by Abhijeet Kasurde
Modified: 2016-07-12 11:46 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-12 11:46:14 UTC


Attachments (Terms of Use)
ipa-replica-install.log (deleted)
2016-07-08 11:43 UTC, Abhijeet Kasurde
no flags Details
ipa-client-install.log (deleted)
2016-07-08 12:07 UTC, Abhijeet Kasurde
no flags Details
replica.log after removing CA.crt (deleted)
2016-07-08 12:18 UTC, Abhijeet Kasurde
no flags Details
client.log after removing CA.crt (deleted)
2016-07-08 12:18 UTC, Abhijeet Kasurde
no flags Details

Description Abhijeet Kasurde 2016-07-08 11:40:19 UTC
Description of problem:
ipa-replica-install fails to install even when all required parameters are given.

# ipa-replica-install -U --setup-dns --forwarder=10.65.201.89 -P admin -p Secret123 
Configuring client side components
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Using existing certificate '/etc/ipa/ca.crt'.
Skip server1.testrelm.test: cannot verify if this is an IPA server
Unable to find IPA Server to join
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Removing client side components
IPA client is not configured on this system.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Configuration of client side components failed!
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ipa-replica-install -U --setup-dns --forwarder=10.65.201.89 -P admin -p Secret123 


Actual results:
Above error message

Expected results:
ipa-replica-install should install replica successfully.

Comment 1 Abhijeet Kasurde 2016-07-08 11:43:53 UTC
Created attachment 1177633 [details]
ipa-replica-install.log

Comment 2 Petr Vobornik 2016-07-08 12:05:44 UTC
Abhijeet, could you also attach ipaclient-install.log?

Does it reproduce also if `/etc/ipa/ca.crt`(possible leftover from previous installation?) is deleted prior installation?

Comment 3 Abhijeet Kasurde 2016-07-08 12:07:48 UTC
Created attachment 1177663 [details]
ipa-client-install.log

Comment 4 Abhijeet Kasurde 2016-07-08 12:17:38 UTC
Yes. Even after deleting /etc/ipa/ca/ca.crt, I am seeing error message. 

Could this be a machine specific issue ? Attaching logs after removing ca.crt file.

Comment 5 Abhijeet Kasurde 2016-07-08 12:18:10 UTC
Created attachment 1177666 [details]
replica.log after removing CA.crt

Comment 6 Abhijeet Kasurde 2016-07-08 12:18:42 UTC
Created attachment 1177667 [details]
client.log after removing CA.crt

Comment 7 Petr Vobornik 2016-07-08 12:28:10 UTC
There's an issue with DNS resolution/configuration, which can be observed in ipa-client-install log and its error message. Simple said, it cannot find the IPA server.

2016-07-08T12:07:12Z DEBUG [IPA Discovery]
2016-07-08T12:07:12Z DEBUG Starting IPA discovery with domain=None, servers=None, hostname=vm136.testrelm.test
2016-07-08T12:07:12Z DEBUG Start searching for LDAP SRV record in "testrelm.test" (domain of the hostname) and its sub-domains
2016-07-08T12:07:12Z DEBUG Search DNS for SRV record of _ldap._tcp.testrelm.test
2016-07-08T12:07:42Z DEBUG DNS record not found: Timeout
2016-07-08T12:07:42Z DEBUG Search DNS for SRV record of _ldap._tcp.test
2016-07-08T12:08:12Z DEBUG DNS record not found: Timeout
2016-07-08T12:08:12Z DEBUG Start searching for LDAP SRV record in "gsslab.pnq.redhat.com" (search domain from /etc/resolv.conf) and its sub-domains
2016-07-08T12:08:12Z DEBUG Search DNS for SRV record of _ldap._tcp.gsslab.pnq.redhat.com
2016-07-08T12:08:42Z DEBUG DNS record not found: Timeout
2016-07-08T12:08:42Z DEBUG Search DNS for SRV record of _ldap._tcp.pnq.redhat.com
2016-07-08T12:09:12Z DEBUG DNS record not found: Timeout
2016-07-08T12:09:12Z DEBUG Search DNS for SRV record of _ldap._tcp.redhat.com
2016-07-08T12:09:42Z DEBUG DNS record not found: Timeout
2016-07-08T12:09:42Z DEBUG Search DNS for SRV record of _ldap._tcp.com
2016-07-08T12:10:12Z DEBUG DNS record not found: Timeout
2016-07-08T12:10:12Z DEBUG Start searching for LDAP SRV record in "testrelm.test" (search domain from /etc/resolv.conf) and its sub-domains
2016-07-08T12:10:12Z DEBUG Already searched testrelm.test; skipping
2016-07-08T12:10:12Z DEBUG No LDAP server found
2016-07-08T12:10:12Z DEBUG No LDAP server found
2016-07-08T12:10:12Z ERROR Unable to discover domain, not provided on command line
2016-07-08T12:10:12Z ERROR Installation failed. Rolling back changes.
2016-07-08T12:10:12Z ERROR IPA client is not configured on this system.

Comment 8 Abhijeet Kasurde 2016-07-08 13:03:52 UTC
(In reply to Petr Vobornik from comment #7)
> There's an issue with DNS resolution/configuration, which can be observed in
> ipa-client-install log and its error message. Simple said, it cannot find
> the IPA server.
I am able to install replica, after adding correct hostname in /etc/hosts and turning off Firewalld.

@Petr what do you suggest for this BZ ?

Comment 10 Petr Spacek 2016-07-11 10:39:43 UTC
This looks like misconfiguration. client-install is looking for a domain testrelm.test and fails to find DNS records for IPA because of timeout.

How did you set up DNS?
What server is in /etc/resolv.conf?
What results are you getting from $ 'dig _ldap._tcp.testrelm.test SRV'?

Comment 11 Abhijeet Kasurde 2016-07-12 11:46:14 UTC
This is actually case of misconfiguration. /etc/resolv.conf contains wrong nameserver entry. 

Closing issue for the same reason.


Note You need to log in before you can comment on or make changes to this bug.