#2654 ipa-server-install unhandled exception with unclear error messages (inside DNS check)
Closed: Fixed None Opened 11 years ago by pspacek.

If DNS check for hostname<=>local IP address correspondence fail, unhandled exception is thrown from ipa-server-install.

Detail are inside Amazon EC2 bug:

#2648

https://bugzilla.redhat.com/show_bug.cgi?id=812692

Error message in exception is mysterious:
"No network interface matches the provided IP address and netmask"

It should say:

DNS check failed. Please check if forward records for your server name {hostname} point to IP addresses on this server. Please check reverse records also.

 Checked hostname: {hostname}
 Detected IP addresses: {ipAddrList}
 Forward records point to: {dnsIpAddrList}
 Reverse record {localIpAddr} points to name {dnsName}

More verbose is definitely better.

Code also should work if more IP addresses (and A/AAAA records) are detected.


I don't think that is what this error means at all.

We check that the supplied IP address matches a locally configured network interface. This has nothing to do with DNS.

I don't see an unhandled exception in any of the references bugs or tickets. Please clarify.

Unhandled exception is thrown from ipa-server-install, see https://bugzilla.redhat.com/attachment.cgi?id=577758 from BZ https://bugzilla.redhat.com/show_bug.cgi?id=812692 .

2012-04-16 12:04:26,304 DEBUG No network interface matches the provided IP address and netmask
  File "/usr/sbin/ipa-server-install", line 1151, in <module>
    sys.exit(main())

  File "/usr/sbin/ipa-server-install", line 770, in main
    ip = CheckedIPAddress(hostaddr, match_local=True)

  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 135, in __init__
    raise ValueError('No network interface matches the provided IP address and netmask')

It says "No network interface matches the provided IP address and netmask", but the first part of long contains:

2012-04-16 12:04:23,522 DEBUG /usr/sbin/ipa-server-install was invoked with options: {... 'ip_address': None ...}

If I understood it correctly, there wasn't explicitly "provided IP address".

I was fooled by "'ip_address': None", I expected DNS->IP address resolving if there is no provided IP address.

Definitely - something is wrong. At least command line options logging.

No, this just means that it wasn't provided as a command-line option.

Based on this understanding I propose to close this as not a bug, do you agree?

Replying to [comment:4 rcritten]:

We check that the supplied IP address matches a locally configured network interface.

That's the point - no IP address was provided. How it's possible to fail in this test, if no address was provided? If address was autodetected and then checked, it should not fail.

Correct? What I left out?

I think we should handle the exception at least (and provide more meaningful error message). ABRT guys are not happy from unhandled exceptions as "error reporting method".

The user supplied an IP address interactively that was not on the system.

I can look to see where the error is being handled but the error is exactly correct. The user supplied an IP address that isn't configured on the machine.

unsucessfull install typescript
typescript

First of all - thanks for your patience.

I reproduced this problem (see typescript) and:

  • You are right about exception - it's handled properly. I misread logs.
  • I still think that error message should be improved.

It says "No network interface matches the provided IP address and netmask", but user supplies hostname - not the IP address and netmask. (This "resolving step" fooled me on start.)

User provided hostname ("f16x32.localnet" in example) and provided hostname was translated to IP address "192.168.111.4". Final check if resolved IP address is local failed and throw this error message.

I think it should say something like:

IP address resolved from server's FQDN do not match any address on active network interface.
Server FQDN: {hostname}
Resolved IP addresses: {DNSipAddrList}
Detected IP addresses: {localIpAddrList}

I think it will be adequate to just to include the IP address that doesn't match in the exception.

something like: "No network interface matches IP address {ipaddr}/{netmask}"

The class actually doing the validation is generic and is used in innumerable places. It also raises a very generic exception, so nothing unique to latch onto to make a better one.

I tested by adding my host to /etc/hosts with a bogus IP address and installing with:

# ipa-server-install --no-nost-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [pinto.greyoak.com]:

Warning: skipping DNS resolution of host pinto.greyoak.com
The domain name has been calculated based on the host name.

Please confirm the domain name [greyoak.com]:

Invalid IP Address 192.168.1.1 for pinto.greyoak.com: No network interface matches the provided IP address and netmask

Metadata Update from @pspacek:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.0 Core Effort - 2012/05

7 years ago

Login to comment on this ticket.

Metadata