On 08/20/2015 02:46 PM, Martin Basti wrote:
On 08/20/2015 02:40 PM, Oleg Fayans wrote:
The initial question however is still unsolved: why does
ipa-replica-prepare behaves differently on fedora and rhel? I thought,
rhel host had more than one reverse zone, but it's not the case.
Can you try fedora on the same machine?
Are you sure that both systems has the same configuration. E.g. one
could have only IPv4 but the other also IPv6?
On 08/20/2015 01:43 PM, Martin Basti wrote:
It could be, please file a bug.
On 08/20/2015 12:51 PM, Oleg Fayans wrote:
I guess, I know where is the problem. During replica-install the
replica tries to resolve it's own ip to a hostname to check whether
the dns is configured correctly. And fails, since we specified
--no-reverse during the replica preparation on master.
This looks like a bug to me.
Why is that a bug? Where should ipa-replica-prepare put a SRV record if
no reverse zone is created?
I.e. if I do not want to add them by ipa-replica-prepare e.g. because
they are not managed in IPA then they have to be added to DNS
server(whatever server it is) by other means.
On 08/20/2015 12:37 PM, Oleg Fayans wrote:
On 08/20/2015 12:01 PM, Martin Basti wrote:
On 08/20/2015 11:52 AM, Martin Basti wrote:
On 08/20/2015 11:42 AM, Oleg Fayans wrote:
On 08/20/2015 11:33 AM, Martin Basti wrote:
On 08/20/2015 10:18 AM, Oleg Fayans wrote:
I am trying to run integration tests for dnssec in RHEL-7.2
The tests keep failing at the step of preparing the replica. I
out, the ipa-replica-prepare with the standard parameters
reverse zone info (does not do it in fedora) which causes the
Does anyone know why does it do it? We can, of course update our
adding a --no-reverse option, but I'd like to know how come it
differently depending on the platform.
The system is
The command looks like this:
[root@dell-pe1950-06 ~]# ipa-replica-prepare -p '<password>'
--ip-address 10.34.54.25 dell-pe1950-05.rhts.eng.brq.redhat.com
Do you want to configure the reverse zone? [yes]:
Reverse zone is not needed for DNSSEC test, you can use
Did you test fedora on the same machine?
No, it's a beaker-provisioned vm.
I added a --no-reverse to the install_replica method in
ipatests/test_integration/tasks.py. It fixed this particular issue.
However, now the test fails at the step of ipa-replica-install:
[root@dell-pe1950-05 ~]# ipa-replica-install -U -p '<password>' -w
'<password>' --ip-address 10.34.54.25
--setup-ca --setup-dns --forwarder 10.34.32.1
WARNING: conflicting time&date synchronization service 'chronyd'
be disabled in favor of ntpd
ipa : ERROR Unable to resolve the IP address
2620:52:0:2236:215:c5ff:fef3:e54f to a host name, check /etc/hosts
and DNS name resolution
Hmm, this is interesting, is 2620:52:0:2236:215:c5ff:fef3:e54f IP
address of replica or master.
Does the resolv.conf point to master on replica?
It's an ip address of the replica. And yes, it does point to master's
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code