Hi,
Yesterday I upgraded one of the masters (CentOS 8 Stream, from 4.9.2 => 4.9.3)
and
in the process it modified ipa-ca to only have its own IP address. Here is
an extract from ipaupgrade.log
2021-07-08T18:37:29Z DEBUG raw: server_role_find(None,
server_server='rotte.example.com', status='enabled', include_master=True,
version='2.240')
2021-07-08T18:37:29Z DEBUG server_role_find(None,
server_server='rotte.example.com', status='enabled', include_master=True,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG raw: server_role_find(None,
server_server='iparep4.example.com', status='enabled', include_master=True,
version='2.240')
2021-07-08T18:37:29Z DEBUG server_role_find(None,
server_server='iparep4.example.com', status='enabled', include_master=True,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG raw: server_role_find(None,
server_server='linge.example.com', status='enabled', include_master=True,
version='2.240')
2021-07-08T18:37:29Z DEBUG server_role_find(None,
server_server='linge.example.com', status='enabled', include_master=True,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG raw: dnszone_show(<DNS name example.com.>,
version='2.240')
2021-07-08T18:37:29Z DEBUG dnszone_show(<DNS name example.com.>, rights=False,
all=False, raw=False, version='2.240')
2021-07-08T18:37:29Z DEBUG Name iparep4.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:32Z DEBUG Name iparep4.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:35Z DEBUG Name iparep4.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:38Z DEBUG Name iparep4.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:41Z DEBUG Name iparep4.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:44Z DEBUG Name iparep4.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:44Z ERROR unable to resolve host name iparep4.example.com. to
IP address, ipa-ca DNS record will be incomplete
2021-07-08T18:37:44Z DEBUG Name linge.example.com. resolved to
{UnsafeIPAddress('172.16.16.10'), UnsafeIPAddress('fe80::529a:4cff:fe9d:3b10')}
2021-07-08T18:37:44Z DEBUG Name rotte.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:47Z DEBUG Name rotte.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:50Z DEBUG Name rotte.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:37:53Z DEBUG Name rotte.example.com. does not have any address:
[Errno -2] Name or service not known
2021-07-08T18:38:01Z ERROR unable to resolve host name rotte.example.com. to IP
address, ipa-ca DNS record will be incomplete
...
2021-07-08T18:38:02Z DEBUG raw: dnsrecord_mod(<DNS name example.com.>, <DNS name
ipa-ca.example.com.>, arecord=['172.16.16.10'],
aaaarecord=['fe80::529a:4cff:fe9d:3b10'], version='2.240')
2021-07-08T18:38:02Z DEBUG dnsrecord_mod(<DNS name example.com.>, <DNS name
ipa-ca.example.com.>, arecord=('172.16.16.10',),
aaaarecord=('fe80::529a:4cff:fe9d:3b10',), rights=False, structured=False, all=False,
raw=False, version='2.240')
That's a bit puzzling. Why couldn't it find these two hostnames during the
upgrade?
/etc/resolv.conf:
nameserver 127.0.0.1
There does not seem to be anything wrong (before and after the upgrade).
Both hostname names resolve perfectly well.
The only thing I can think of (wild guess) is that the nameservers are
configured
with dnssec disabled. Could that be it?
--
Kees
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
