#1194 ipa-server-install should detect when the FQDN of the server isn't part of the DNS domain being created
Closed: Fixed None Opened 12 years ago by sgallagh.

When setting up the IPA server interactively, if the FQDN of the server hostname isn't part of the DNS domain being created, DNS setup will fail with:

    2011-04-26 15:27:08,865 DEBUG [2/9]: setting up our zone
    2011-04-26 15:27:08,868 DEBUG raw: dnszone_add(u'vm-104.idm.lab.bos.redhat.com', idnssoamname=u'vm-104.idm.lab.bos.redhat.com.', idnssoarname=u'root.vm-104.vm-104.idm.lab.bos.redhat.com', idnsupdatepolicy=u'grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * AAAA;', idnsallowdynupdate=True, ip_address=u'10.16.78.104')
    2011-04-26 15:27:08,869 DEBUG dnszone_add(u'vm-104.idm.lab.bos.redhat.com', idnssoamname=u'vm-104.idm.lab.bos.redhat.com.', idnssoarname=u'root.vm-104.vm-104.idm.lab.bos.redhat.com.', idnssoaserial=2011260401, idnssoarefresh=3600, idnssoaretry=900, idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy=u'grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant VM-104.IDM.LAB.BOS.REDHAT.COM krb5-self * AAAA;', idnsallowdynupdate=True, force=False, ip_address=u'10.16.78.104', all=False, raw=False)
    2011-04-26 15:27:08,932 DEBUG raw: dnsrecord_add(u'idm.lab.bos.redhat.com', u'vm-104', arecord=u'10.16.78.104')
    2011-04-26 15:27:08,933 DEBUG dnsrecord_add(u'idm.lab.bos.redhat.com', u'vm-104', force=False, all=False, raw=False, arecord=(u'10.16.78.104',))
    2011-04-26 15:27:08,977 DEBUG idm.lab.bos.redhat.com: DNS zone not found
    File "/usr/sbin/ipa-server-install", line 971, in <module>
    sys.exit(main())

    File "/usr/sbin/ipa-server-install", line 907, in main
    bind.create_instance()

    File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 316, in create_instance
    self.start_creation("Configuring named:")

    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 301, in start_creation
    method()

    File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 363, in __setup_zone
    self.dns_backup, self.ip_address)

    File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 134, in add_zone
    idnsupdatepolicy=unicode(update_policy))

    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__
    ret = self.run(*args, **options)

    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 728, in run
    return self.execute(*args, **options)

    File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 612, in execute
    dn = callback(ldap, dn, entry_attrs, *keys, **options)

    File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 378, in post_callback
    options['ip_address'])

    File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 212, in add_forward_record
    api.Command['dnsrecord_add'](zone, name, arecord=str_address)

    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 422, in __call__
    ret = self.run(*args, **options)

    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 728, in run
    return self.execute(*args, **options)

    File "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 580, in execute
    'oname': self.api.Object[parent].object_name,

This should be detected much earlier. Right now you have to wait through the full configuration of all other components (including the long setup of the CA) before it fails.


In this case I wasn't sure how we should deal with this situation. I don't think we should fail the installation when this situation is detected. I think that somebody may want to install IPA server with --domain=example.com on a host ipa.foo.example.com.

I think we should create 2 DNS domains:
- example.com
- foo.example.com (derived from server's FQDN), where the master A/AAAA record is created

If we don't create the second zone a skip the creation of master A/AAAA record, named will fail:

May 31 11:56:47 vm-096 named[19294]: zone redhat.com/IN: NS 'vm-096.idm.lab.bos.redhat.com' has no address records (A or AAAA)
May 31 11:56:47 vm-096 named[19294]: zone redhat.com/IN: not loaded due to errors.

I am still not convinced how to behave when the host is not a part (direct or indirect) of the domain, e.g. domain=foo.com, server host name=ipa.example.com

Metadata Update from @sgallagh:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.1 - 2011/06

7 years ago

Login to comment on this ticket.

Metadata