#5229 ipa-dnskeysync-replica crash cannot contact kdc
Closed: Fixed None Opened 8 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1254262

Description of problem:

time:           Sun 16 Aug 2015 10:36:09 PM EDT
cmdline:        /usr/bin/python2 /usr/libexec/ipa/ipa-dnskeysync-replica
uid:            992 (ods)
abrt_version:   2.1.11
dso_list:       ipa-python-4.2.0-4.el7.x86_64
event_log:
executable:     /usr/libexec/ipa/ipa-dnskeysync-replica
hostname:       dell-pe800-01.spoore3.test
kernel:         3.10.0-304.el7.x86_64
last_occurrence: 1439778969
pid:            18724
pkg_arch:       x86_64
pkg_epoch:      0
pkg_name:       ipa-server
pkg_release:    4.el7
pkg_version:    4.2.0
runlevel:       N 3
username:       ods

backtrace:
:ipautil.py:1231:kinit_keytab:Krb5Error: (-1765328228, 'Cannot contact any KDC
for requested realm')
:
:Traceback (most recent call last):
:  File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 144, in <module>
:    ipautil.kinit_keytab(PRINCIPAL, paths.IPA_DNSKEYSYNCD_KEYTAB,
ccache_filename)
:  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1231, in
kinit_keytab
:    ccache.init_creds_keytab(keytab=ktab, principal=princ)
:Krb5Error: (-1765328228, 'Cannot contact any KDC for requested realm')
:
:Local variables in innermost frame:
:attempts: 1
:e: Krb5Error(-1765328228, 'Cannot contact any KDC for requested realm')
:config: None
:old_config: None
rinc: <krb5.Principal instance at 0x428c290:
ipa-dnskeysyncd/dell-pe800-01.spoore3.test@SPOORE3.TEST>
:krbcontext: <krbV.Context instance at 0x5da6098>
:keytab: '/etc/ipa/dnssec/ipa-dnskeysyncd.keytab'
:ccache: <krbV.CCache instance at 0x428c3f8>
:ccache_name: '/tmp/ipa-dnskeysync-replica.ccache'
:attempt: 1
:errors_to_retry: set([-1765328228, -1765328355])
:ktab: <krbV.Keytab instance at 0x428cb00>
rincipal: 'ipa-dnskeysyncd/dell-pe800-01.spoore3.test'

environ:
:LANG=en_US.UTF-8
:SHELL=/sbin/nologin
:KRB5CCNAME=/tmp/ipa-dnskeysyncd.ccache
:LOGNAME=ods
:USER=ods
:SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf
:HOME=//var/lib/softhsm
ATH=/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin

machineid:
:systemd=5aa1af4015c6414b8e24c340c714face
:sosreport_uploader-dmidecode=7a582b64bcf1d6ce98c628748d4d7d7c720fb9731a08045d3
b786aed9672d3ea

os_info:
:NAME="Red Hat Enterprise Linux Server"
:VERSION="7.2 (Maipo)"
:ID="rhel"
:ID_LIKE="fedora"
:VERSION_ID="7.2"
RETTY_NAME="Red Hat Enterprise Linux Server 7.2 Beta (Maipo)"
:ANSI_COLOR="0;31"
:CPE_NAME="cpe:/o:redhat:enterprise_linux:7.2:beta:server"
:HOME_URL="https://www.redhat.com/"
:BUG_REPORT_URL="https://bugzilla.redhat.com/"
:
:REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
:REDHAT_BUGZILLA_PRODUCT_VERSION=7.2
:REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
:REDHAT_SUPPORT_PRODUCT_VERSION="7.2 Beta"


Version-Release number of selected component (if applicable):
ipa-server-4.2.0-4.el7.x86_64

How reproducible:
unknown

Steps to Reproduce:
1.  ipa-server-install
2.
3.

Actual results:
server install seems to work but, afterwards I see this crash


Expected results:
no crash

Additional info:

needs to be fixed to mitigate a load of bug reports

ipa-4-2:

  • a9f010f improve the handling of krb5-related errors in dnssec daemons

master:

  • 3506938 improve the handling of krb5-related errors in dnssec daemons

This fix improves handling of KRB5 errors, to prevent abrt send unneeded crash reports.
But does not fix the issue.

Closing ticket, this commit seems to be enough to fix this issue. Feel free to reopen ticket if the issue persists.

Metadata Update from @pvoborni:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Login to comment on this ticket.

Metadata