hello, we are trying to migrate our ipa setup to el8, and are adding a el8 host as a replica.
however, this master is somewhat special as it involves classless delegation. it is part of a /27 subnet, so we added it as a ptr record to 0/27.the.24.prefix, and put a cname on the ip in the.24.prefix (not sure i'm using the correct terminology here, but it's done as described in https://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation) the master is a functional ipa client before the replica-install is started. running the ipa-replica-install --setup-dns, we get an error: the installer seems to try to always add the master ip as a ptr record, and treats duplicates and something called a EmptyModlist as ok. however, in our case, there's a cname in place, and our install fails with a > 2020-11-26T07:52:36Z DEBUG The ipa-replica-install command failed, exception: > ValidationError: invalid 'cnamerecord': CNAME record is not allowed to > coexist with any ot\ > her record (RFC 1034, section 3.6.2) my question is the following: is there any hard requirement for a fully functional master to have a ptr record instead of a cname (and/or is it allowed to use the classless setup for a master). if not, is it ok to comment out the part of the install code that tries to add this record, and retry the install? there is a similar/identical issue reported 2 years ago https://pagure.io/freeipa/issue/7693 (and the bugzilla referenced there), but there is a comment "from IPA team" that says "I don't know if using this also for IPA server is a good or desired thing."; so some feedback/guidance is welcome. many thanks, stijn error log > 2020-11-26T07:52:36Z DEBUG step duration: named __generate_rndc_key 0.03 sec > 2020-11-26T07:52:36Z DEBUG [2/8]: setting up our own record > 2020-11-26T07:52:36Z DEBUG raw: dnszone_show('our.domain', version='2.235') > 2020-11-26T07:52:36Z DEBUG dnszone_show(<DNS name our.domain.>, rights=False, > all=False, raw=False, version='2.235') > 2020-11-26T07:52:36Z DEBUG raw: dnsrecord_add('our.domain', 'hostname', > arecord='1.2.3.4', version='2.235') > 2020-11-26T07:52:36Z DEBUG dnsrecord_add(<DNS name our.domain.>, <DNS name > hostname>, arecord=('1.2.3.4',), a_extra_create_reverse=False, > aaaa_extra_create_reverse=False, force=False, structured=False, all=False, > raw=False, version='2.235') > 2020-11-26T07:52:36Z DEBUG raw: dnszone_show('4.3.2.1.in-addr.arpa.', > version='2.235') > 2020-11-26T07:52:36Z DEBUG dnszone_show(<DNS name 4.3.2.1.in-addr.arpa.>, > rights=False, all=False, raw=False, version='2.235') > 2020-11-26T07:52:36Z DEBUG raw: dnszone_show('3.2.1.in-addr.arpa.', > version='2.235') > 2020-11-26T07:52:36Z DEBUG dnszone_show(<DNS name 3.2.1.in-addr.arpa.>, > rights=False, all=False, raw=False, version='2.235') > 2020-11-26T07:52:36Z DEBUG raw: dnsrecord_add('3.2.1.in-addr.arpa.', '5', > ptrrecord='hostname.our.domain.', version='2.235') > 2020-11-26T07:52:36Z DEBUG dnsrecord_add(<DNS name 3.2.1.in-addr.arpa.>, <DNS > name 5>, a_extra_create_reverse=False, aaaa_extra_create_reverse=False, > ptrrecord=('hostname.our.domain.',), force=False, structured=False, > all=False, raw=False, version='2.235') > 2020-11-26T07:52:36Z DEBUG Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line > 603, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line > 589, in run_step > method() > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 921, in __add_self > self.__add_master_records(self.fqdn, self.ip_addresses) > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 918, in __add_master_records > add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api) > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 414, in add_ptr_rr > add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api) > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 397, in add_rr > api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) > File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in > __call__ > return self.__do_call(*args, **options) > File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in > __do_call > ret = self.run(*args, **options) > File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run > return self.execute(*args, **options) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line > 3655, in execute > result = super(dnsrecord_add, self).execute(*keys, **options) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line > 1199, in execute > *keys, **options) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line > 3647, in pre_callback > self.obj.check_record_type_collisions(keys, rrattrs) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line > 3261, in check_record_type_collisions > error=_('CNAME record is not allowed to coexist ' > ipalib.errors.ValidationError: invalid 'cnamerecord': CNAME record is not > allowed to coexist with any other record (RFC 1034, section 3.6.2) > > 2020-11-26T07:52:36Z DEBUG [error] ValidationError: invalid 'cnamerecord': > CNAME record is not allowed to coexist with any other record (RFC 1034, > section 3.6.2) > 2020-11-26T07:52:36Z DEBUG File > "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 179, in > execute > return_value = self.run() > File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 340, > in run > return cfgr.run() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 360, in run > return self.execute() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 386, in execute > for rval in self._executor(): > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 431, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 460, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 421, in __runner > step() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 418, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 655, in _configure > next(executor) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 431, in __runner > exc_handler(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 460, in _handle_execute_exception > self._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 518, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 515, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 450, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 421, in __runner > step() > File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line > 418, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise > raise value > File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line > 65, in _install > for unused in self._installer(self.parent): > File > "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py", line > 597, in main > replica_install(self) > File > "/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py", > line 402, in decorated > func(installer) > File > "/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py", > line 1339, in install > dns.install(False, True, options, api) > File "/usr/lib/python3.6/site-packages/ipaserver/install/dns.py", line 342, > in install > bind.create_instance() > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 774, in create_instance > self.start_creation() > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line > 603, in start_creation > run_step(full_msg, method) > File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line > 589, in run_step > method() > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 921, in __add_self > self.__add_master_records(self.fqdn, self.ip_addresses) > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 918, in __add_master_records > add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api) > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 414, in add_ptr_rr > add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api) > File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", > line 397, in add_rr > api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) > File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in > __call__ > return self.__do_call(*args, **options) > File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in > __do_call > ret = self.run(*args, **options) > File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run > return self.execute(*args, **options) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line > 3655, in execute > result = super(dnsrecord_add, self).execute(*keys, **options) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line > 1199, in execute > *keys, **options) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line > 3647, in pre_callback > self.obj.check_record_type_collisions(keys, rrattrs) > File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line > 3261, in check_record_type_collisions > error=_('CNAME record is not allowed to coexist ' > > 2020-11-26T07:52:36Z DEBUG The ipa-replica-install command failed, exception: > ValidationError: invalid 'cnamerecord': CNAME record is not allowed to > coexist with any other record (RFC 1034, section 3.6.2) > 2020-11-26T07:52:36Z ERROR invalid 'cnamerecord': CNAME record is not allowed > to coexist with any other record (RFC 1034, section 3.6.2) > 2020-11-26T07:52:36Z ERROR The ipa-replica-install command failed. See > /var/log/ipareplica-install.log for more information _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
