Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1373910 - IPA server upgrade fails with DNS timed out errors.
Summary: IPA server upgrade fails with DNS timed out errors.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks: 1286635 1364071 1369761
TreeView+ depends on / blocked
 
Reported: 2016-09-07 12:12 UTC by Nikhil Dehadrai
Modified: 2016-11-04 06:03 UTC (History)
6 users (show)

Fixed In Version: ipa-4.4.0-12.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 06:03:04 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Nikhil Dehadrai 2016-09-07 12:12:39 UTC
Description of problem:
IPA server upgrade fails with DNS timed out errors when upgraded from 7.0. to 7.3.

Version-Release number of selected component (if applicable):
ipa-server.x86_64 0:4.4.0-9.el7

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server on RHEL 7.0
2. Setup repo links for RHEL 7.3  in order to upgrade ipa server(in my case ipa-server.x86_64 0:4.4.0-9.el7).
3. Initiate upgrade prcess by running command "yum -y update 'ipa*' sssd"

Actual results:
1. After step3, Yum update process completes successfully, but upgrade fails with following message:
2016-09-07T08:15:47Z ERROR DNS query for auto-hv-01-guest07.testrelm.test. A failed: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2016-09-07T08:15:47Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run
    server.upgrade()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1840, in upgrade
    upgrade_configuration()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1724, in upgrade_configuration
    named_update_global_forwarder_policy(),
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 843, in named_update_global_forwarder_policy
    if not dnsutil.has_empty_zone_addresses(api.env.host):
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 278, in has_empty_zone_addresses
    ip_addresses = resolve_ip_addresses(hostname)
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 328, in resolve_ip_addresses
    rrsets = resolve_rrsets(fqdn, ['A', 'AAAA'])
  File "/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 305, in resolve_rrsets
    answer = dns.resolver.query(fqdn, rdtype)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 1027, in query
    raise_on_no_answer, source_port)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 947, in query
    timeout = self._compute_timeout(start)
  File "/usr/lib/python2.7/site-packages/dns/resolver.py", line 769, in _compute_timeout
    raise Timeout(timeout=duration)
 
2016-09-07T08:15:47Z DEBUG The ipa-server-upgrade command failed, exception: Timeout: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
Timeout: The DNS operation timed out after 30.0012800694 seconds
2016-09-07T08:15:47Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information 

Expected results:
No error messages should be observed during upgrade process.

Comment 4 Martin Bašti 2016-09-07 15:09:33 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6205

Comment 12 Martin Babinsky 2016-09-20 12:17:09 UTC
Yes the selinux issue is orthogonal to this BZ.

Comment 17 Nikhil Dehadrai 2016-09-22 13:22:25 UTC
IPA server version: ipa-server-4.4.0-12.el7.x86_64
Bind-ldap: bind-dyndb-ldap-10.0-5.el7.x86_64

Verified the bug on the basis of following points:
1. Verified that upgrade is successful for RHE 7.0 to RHEL 7.3.
2. "DNS timed out error" message is not displayed at the console.
3. The dummy dns forwardzone details created at 7.0 are reflected after upgrade.

Thus on the basis of observations above and Comment#15 and Comment#16, marking the status of bug to "VERIFIED".

Comment 20 errata-xmlrpc 2016-11-04 06:03:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.