#935 ipa-client-install unable to create DNS entry
Closed: Fixed None Opened 13 years ago by obriend.

The ipa-client-install should be able to create the DNS entry if DNS is
available.

I have a working ipa server with DNS and ran the following on a client:

ipa-client-install

Discovery was successful!
Realm: IPADOCS.ORG
DNS Domain: ipadocs.org
IPA Server: ipaserver.ipadocs.org
BaseDN: dc=ipadocs,dc=org

Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
Password for admin@IPADOCS.ORG:
Joining realm failed: RPC failed at server. Host does not have
corresponding DNS A record

This would not work until I added the host using --ip-address on the server.


This seems to be thie right rule to apply:

if 
the user running ipa_client_add has admin privileges, 
and 
DNS is enabled and the fqdn for the host is in a zone managed by the server 
and 
there is no A or AAAA record

then A and/or AAAA recrods should be added to the DNS zone and the host-add should succeed.

I guess I'll add an ip_address option to ipa-client-install. If one isn't provided I'll use getaddrinfo() and getnameinfo() to pick an address.

This is going to require a signature change to the XML-RPC join() command a changes to ipa-join so we can send the address.

Error handling is going to be tricky too, we'll need to handle a number of different errors so the right message bubbles back to the end-user.

Taking it but not going to change the XML-RPC interface.
Simply forcing host-add to always succeed and then trying a DNS Update once we get the host keytab.
And warning the user if that fails.

Metadata Update from @obriend:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 2.0.2 RC2 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata