When setting up the IPA server interactively, if the FQDN of the server hostname isn't part of the DNS domain being created, DNS setup will fail with:
2011-04-26 15:27:08,865 DEBUG [2/9]: setting up our zone 2011-04-26 15:27:08,868 DEBUG raw: dnszone_add(u'vm-104.idm.lab.bos.redhat.com', idnssoamname=u'vm-104.idm.lab.bos.redhat.com.', idnssoarname=u'root.vm-104.vm-104.idm.lab.bos.redhat.com', idnsupdatepolicy=u'grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * AAAA;', idnsallowdynupdate=True, ip_address=u'10.16.78.104') 2011-04-26 15:27:08,869 DEBUG dnszone_add(u'vm-104.idm.lab.bos.redhat.com', idnssoamname=u'vm-104.idm.lab.bos.redhat.com.', idnssoarname=u'root.vm-104.vm-104.idm.lab.bos.redhat.com.', idnssoaserial=2011260401, idnssoarefresh=3600, idnssoaretry=900, idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy=u'grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * AAAA;', idnsallowdynupdate=True, force=False, ip_address=u'10.16.78.104', all=False, raw=False) 2011-04-26 15:27:08,932 DEBUG raw: dnsrecord_add(u'idm.lab.bos.redhat.com', u'vm-104', arecord=u'10.16.78.104') 2011-04-26 15:27:08,933 DEBUG dnsrecord_add(u'idm.lab.bos.redhat.com', u'vm-104', force=False, all=False, raw=False, arecord=(u'10.16.78.104',)) 2011-04-26 15:27:08,977 DEBUG idm.lab.bos.redhat.com: DNS zone not found File "/usr/sbin/ipa-server-install", line 971, in <module> sys.exit(main()) File "/usr/sbin/ipa-server-install", line 907, in main bind.create_instance() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 316, in create_instance self.start_creation("Configuring named:") File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 301, in start_creation method() File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 363, in __setup_zone self.dns_backup, self.ip_address) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 134, in add_zone idnsupdatepolicy=unicode(update_policy)) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 728, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 612, in execute dn = callback(ldap, dn, entry_attrs, *keys, **options) File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 378, in post_callback options['ip_address']) File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 212, in add_forward_record api.Command['dnsrecord_add'](zone, name, arecord=str_address) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 728, in run return self.execute(*args, **options) File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 580, in execute 'oname': self.api.Object[parent].object_name,
This should be detected much earlier. Right now you have to wait through the full configuration of all other components (including the long setup of the CA) before it fails.
In this case I wasn't sure how we should deal with this situation. I don't think we should fail the installation when this situation is detected. I think that somebody may want to install IPA server with --domain=example.com on a host ipa.foo.example.com.
--domain=example.com
ipa.foo.example.com
I think we should create 2 DNS domains: - example.com - foo.example.com (derived from server's FQDN), where the master A/AAAA record is created
If we don't create the second zone a skip the creation of master A/AAAA record, named will fail:
May 31 11:56:47 vm-096 named[19294]: zone redhat.com/IN: NS 'vm-096.idm.lab.bos.redhat.com' has no address records (A or AAAA) May 31 11:56:47 vm-096 named[19294]: zone redhat.com/IN: not loaded due to errors.
I am still not convinced how to behave when the host is not a part (direct or indirect) of the domain, e.g. domain=foo.com, server host name=ipa.example.com
host
domain
foo.com
ipa.example.com
master: ceb7c9c
ipa-2-0: 1ee55d4
Metadata Update from @sgallagh: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.1 - 2011/06
Login to comment on this ticket.