Hmm, you should be a detective!

Here is a ticket about this:
https://fedorahosted.org/freeipa/ticket/5621

Thank you very much for catching this!

Petr^2 Spacek

On 18.1.2016 17:52, Nathan Peters wrote:
> Actually I was able to solve this one, but the error logging could certainly 
> be improved to indicate what is actually happening
> 
> Here is the actual issue along with the sequence of events: 
> 
> 1. DNS check for local host to be joined checks forward, cname, and PTR 
> records against result of `hostname` command, those all came back ok
> 
> 2. A second check is performed and I believe it is being performed on an 
> existing FreeIPA server (in this case it was my CA master), but the logs say 
> " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for 
> localhost" even though this check is actually being performed remotely on the 
> Master.  It almost seems like the log entry from the master is forwarded to 
> use and that's why it says 'localhost' or something...
> 
> 3. It performs the same forward, CNAME, and PTR checks as it did against the 
> localhost, but doesn't log those checks.  It fails on the PTR check because 
> there actually was a second invalid PTR entry for 
> dc1-ipa-dev-nvan.mydomain.net.mydomain.net.  You can see from the logs that 
> it actually warned us it was about to do a PTR check on the localhost  " 
> DEBUG Check reverse address of  10.21.0.98".  But when it performs the remote 
> check on the master, it just does the check without informing us what is 
> about to happen, and because it claims that host is 'localhost' if the 2 
> hostnames are similar, you may not even realize its not performing the check 
> locally
> 
> Since the underlying technical issue that caused this was an actual invalid 
> PTR record, the removal of the PTR record solved the issue; however, it would 
> be nice if the logs let us know that 2nd PTR check was actually remote, not 
> local, and if it logged that it was about to perform a PTR check so we could 
> accurately know what the cause of the failure was.
> 
> 
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
> Sent: January-18-16 4:23 AM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with 
> the hostname is not the primary hostname
> 
> On 18.1.2016 04:23, Nathan Peters wrote:
>> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a 
>> primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary 
>> hostname for localhost: dc2-ipa-dev-van.mydomain.net 
>> 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net 
>> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is 
>> not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of 
>> 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: 
>> dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if 
>> dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost
>> ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG 
>> ------> Primary hostname for localhost: 
>> ------> dc1-ipa-dev-nvan.mydomain.net.mydomain.net
>> 2016-01-18T03:00:07Z DEBUG   File 
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in 
>> execute
>>     return_value = self.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 
>> 318, in run
>>     cfgr.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 308, in run
>>     self.validate()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 317, in validate
>>     for nothing in self._validator():
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 372, in __runner
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 394, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 362, in __runner
>>     step()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 359, in <lambda>
>>     step = lambda: next(self.__gen)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 
>> 81, in run_generator_with_yield_from
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 
>> 59, in run_generator_with_yield_from
>>     value = gen.send(prev_value)
>>  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 549, in _configure
>>     next(validator)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 372, in __runner
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 449, in _handle_exception
>>     self.__parent._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 394, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 446, in _handle_exception
>>     super(ComponentBase, self)._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 394, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 362, in __runner
>>     step()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 
>> 359, in <lambda>
>>     step = lambda: next(self.__gen)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 
>> 81, in run_generator_with_yield_from
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 
>> 59, in run_generator_with_yield_from
>>     value = gen.send(prev_value)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 
>> 63, in _install
>>     for nothing in self._installer(self.parent):
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>  line 1551, in main
>>     promote_check(self)
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>  line 372, in decorated
>>     func(installer)
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>  line 394, in decorated
>>     func(installer)
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>  line 980, in promote_check
>>     installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
>> line 168, in verify_fqdn
>>     "Please check /etc/hosts or DNS name resolution" % (host_name, 
>> ex_name[0]))
>>
>> 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, 
>> exception: HostLookupError: The host name 
>> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name 
>> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or 
>> DNS name resolution 2016-01-18T03:00:07Z ERROR The host name 
>> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name 
>> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or 
>> DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install 
>> command failed. See /var/log/ipareplica-install.log for more 
>> information
>>
>> So 3 questions :
>> 1)Why does it first check if my hostname is ok, and then check if my 
>> hostname matches this other host, and why is it referring to the other 
>> remote host as localhost ?
>> 2)Where in the world is it getting the idea that the primary hostname for my 
>> host is actually the primary hostname for the other host in a strange format 
>> with the domain name on the end twice ?
>> 3)are there any workarounds for this?  It seems rather buggy.  I have 
>> triple checked hostnames on both hosts referenced in that log entry
>>
>> Here is the output that proves that my hostname is fine and not ending 
>> with a double domain
>>
>> [root@dc2-ipa-dev-van ~]# cat /etc/hosts
>> 127.0.0.1   localhost localhost.localdomain localhost4 
>> localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6 
>> localhost6.localdomain6
>> 10.21.0.98      dc2-ipa-dev-van.mydomain.net
>> [root@dc2-ipa-dev-van ~]# cat /etc/hostname 
>> dc2-ipa-dev-van.mydomain.net [root@dc2-ipa-dev-van ~]# hostname 
>> dc2-ipa-dev-van.mydomain.net
>>
>> and on the other host :
>>
>> [root@dc1-ipa-dev-nvan ~]# hostname
>> dc1-ipa-dev-nvan.mydomain.net
>> [root@dc1-ipa-dev-nvan ~]# cat /etc/hostname 
>> dc1-ipa-dev-nvan.mydomain.net [root@dc1-ipa-dev-nvan ~]# cat 
>> /etc/hosts
>> 127.0.0.1   localhost localhost.localdomain localhost4 
>> localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6 
>> localhost6.localdomain6
>> 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net [root@dc1-ipa-dev-nvan ~]#
> 
> Interesting ...
> 
> Please send us information mentioned on page 
> http://www.freeipa.org/page/Troubleshooting#Reporting_bugs
> 
> + content of /etc/resolv.conf on the affected machine 
> + /var/log/ipareplica-install.log
> 
> Thank you.
> 
> --
> Petr^2 Spacek
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
> 


-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to