hello,
we are trying to migrate our ipa setup to el8, and are adding a el8 host
as a replica.
however, this master is somewhat special as it involves classless
delegation. it is part of a /27 subnet, so we added it as a ptr record
to 0/27.the.24.prefix, and put a cname on the ip in the.24.prefix (not
sure i'm using the correct terminology here, but it's done as described
in
https://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation)
the master is a functional ipa client before the replica-install is started.
running the ipa-replica-install --setup-dns, we get an error:
the installer seems to try to always add the master ip as a ptr record,
and treats duplicates and something called a EmptyModlist as ok.
however, in our case, there's a cname in place, and our install fails
with a
2020-11-26T07:52:36Z DEBUG The ipa-replica-install command failed,
exception: ValidationError: invalid 'cnamerecord': CNAME record is not allowed to
coexist with any ot\
her record (RFC 1034, section 3.6.2)
my question is the following: is there any hard requirement for a fully
functional master to have a ptr record instead of a cname (and/or is it
allowed to use the classless setup for a master).
if not, is it ok to comment out the part of the install code that tries
to add this record, and retry the install?
there is a similar/identical issue reported 2 years ago
https://pagure.io/freeipa/issue/7693 (and the bugzilla referenced
there), but there is a comment "from IPA team" that says "I don't know
if using this also for IPA server is a good or desired thing."; so some
feedback/guidance is welcome.
many thanks,
stijn
error log
> 2020-11-26T07:52:36Z DEBUG step duration: named __generate_rndc_key 0.03 sec
> 2020-11-26T07:52:36Z DEBUG [2/8]: setting up our own record
> 2020-11-26T07:52:36Z DEBUG raw: dnszone_show('our.domain',
version='2.235')
> 2020-11-26T07:52:36Z DEBUG dnszone_show(<DNS name our.domain.>, rights=False,
all=False, raw=False, version='2.235')
> 2020-11-26T07:52:36Z DEBUG raw: dnsrecord_add('our.domain',
'hostname', arecord='1.2.3.4', version='2.235')
> 2020-11-26T07:52:36Z DEBUG dnsrecord_add(<DNS name our.domain.>, <DNS name
hostname>, arecord=('1.2.3.4',), a_extra_create_reverse=False,
aaaa_extra_create_reverse=False, force=False, structured=False, all=False, raw=False,
version='2.235')
> 2020-11-26T07:52:36Z DEBUG raw: dnszone_show('4.3.2.1.in-addr.arpa.',
version='2.235')
> 2020-11-26T07:52:36Z DEBUG dnszone_show(<DNS name 4.3.2.1.in-addr.arpa.>,
rights=False, all=False, raw=False, version='2.235')
> 2020-11-26T07:52:36Z DEBUG raw: dnszone_show('3.2.1.in-addr.arpa.',
version='2.235')
> 2020-11-26T07:52:36Z DEBUG dnszone_show(<DNS name 3.2.1.in-addr.arpa.>,
rights=False, all=False, raw=False, version='2.235')
> 2020-11-26T07:52:36Z DEBUG raw: dnsrecord_add('3.2.1.in-addr.arpa.',
'5', ptrrecord='hostname.our.domain.', version='2.235')
> 2020-11-26T07:52:36Z DEBUG dnsrecord_add(<DNS name 3.2.1.in-addr.arpa.>,
<DNS name 5>, a_extra_create_reverse=False, aaaa_extra_create_reverse=False,
ptrrecord=('hostname.our.domain.',), force=False, structured=False, all=False,
raw=False, version='2.235')
> 2020-11-26T07:52:36Z DEBUG Traceback (most recent call last):
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
line 603, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
line 589, in run_step
> method()
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 921,
in __add_self
> self.__add_master_records(self.fqdn, self.ip_addresses)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 918,
in __add_master_records
> add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 414,
in add_ptr_rr
> add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 397,
in add_rr
> api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
> File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in
__call__
> return self.__do_call(*args, **options)
> File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in
__do_call
> ret = self.run(*args, **options)
> File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in
run
> return self.execute(*args, **options)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line
3655, in execute
> result = super(dnsrecord_add, self).execute(*keys, **options)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py",
line 1199, in execute
> *keys, **options)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line
3647, in pre_callback
> self.obj.check_record_type_collisions(keys, rrattrs)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line
3261, in check_record_type_collisions
> error=_('CNAME record is not allowed to coexist '
> ipalib.errors.ValidationError: invalid 'cnamerecord': CNAME record is not
allowed to coexist with any other record (RFC 1034, section 3.6.2)
>
> 2020-11-26T07:52:36Z DEBUG [error] ValidationError: invalid 'cnamerecord':
CNAME record is not allowed to coexist with any other record (RFC 1034, section 3.6.2)
> 2020-11-26T07:52:36Z DEBUG File
"/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in execute
> return_value = self.run()
> File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line
340, in run
> return cfgr.run()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
360, in run
> return self.execute()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
386, in execute
> for rval in self._executor():
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
460, in _handle_execute_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
421, in __runner
> step()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
655, in _configure
> next(executor)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
431, in __runner
> exc_handler(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
460, in _handle_execute_exception
> self._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
518, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
515, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
450, in _handle_exception
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
421, in __runner
> step()
> File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line
418, in <lambda>
> step = lambda: next(self.__gen)
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
> raise value
> File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line
65, in _install
> for unused in self._installer(self.parent):
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line
597, in main
> replica_install(self)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
line 402, in decorated
> func(installer)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
line 1339, in install
> dns.install(False, True, options, api)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line
342, in install
> bind.create_instance()
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 774,
in create_instance
> self.start_creation()
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
line 603, in start_creation
> run_step(full_msg, method)
> File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py",
line 589, in run_step
> method()
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 921,
in __add_self
> self.__add_master_records(self.fqdn, self.ip_addresses)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 918,
in __add_master_records
> add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 414,
in add_ptr_rr
> add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api)
> File
"/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 397,
in add_rr
> api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
> File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in
__call__
> return self.__do_call(*args, **options)
> File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in
__do_call
> ret = self.run(*args, **options)
> File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in
run
> return self.execute(*args, **options)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line
3655, in execute
> result = super(dnsrecord_add, self).execute(*keys, **options)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py",
line 1199, in execute
> *keys, **options)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line
3647, in pre_callback
> self.obj.check_record_type_collisions(keys, rrattrs)
> File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line
3261, in check_record_type_collisions
> error=_('CNAME record is not allowed to coexist '
>
> 2020-11-26T07:52:36Z DEBUG The ipa-replica-install command failed, exception:
ValidationError: invalid 'cnamerecord': CNAME record is not allowed to coexist
with any other record (RFC 1034, section 3.6.2)
> 2020-11-26T07:52:36Z ERROR invalid 'cnamerecord': CNAME record is not allowed
to coexist with any other record (RFC 1034, section 3.6.2)
> 2020-11-26T07:52:36Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information