Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname
Hmm, you should be a detective! Here is a ticket about this: https://fedorahosted.org/freeipa/ticket/5621 Thank you very much for catching this! Petr^2 Spacek On 18.1.2016 17:52, Nathan Peters wrote: > Actually I was able to solve this one, but the error logging could certainly > be improved to indicate what is actually happening > > Here is the actual issue along with the sequence of events: > > 1. DNS check for local host to be joined checks forward, cname, and PTR > records against result of `hostname` command, those all came back ok > > 2. A second check is performed and I believe it is being performed on an > existing FreeIPA server (in this case it was my CA master), but the logs say > " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for > localhost" even though this check is actually being performed remotely on the > Master. It almost seems like the log entry from the master is forwarded to > use and that's why it says 'localhost' or something... > > 3. It performs the same forward, CNAME, and PTR checks as it did against the > localhost, but doesn't log those checks. It fails on the PTR check because > there actually was a second invalid PTR entry for > dc1-ipa-dev-nvan.mydomain.net.mydomain.net. You can see from the logs that > it actually warned us it was about to do a PTR check on the localhost " > DEBUG Check reverse address of 10.21.0.98". But when it performs the remote > check on the master, it just does the check without informing us what is > about to happen, and because it claims that host is 'localhost' if the 2 > hostnames are similar, you may not even realize its not performing the check > locally > > Since the underlying technical issue that caused this was an actual invalid > PTR record, the removal of the PTR record solved the issue; however, it would > be nice if the logs let us know that 2nd PTR check was actually remote, not > local, and if it logged that it was about to perform a PTR check so we could > accurately know what the cause of the failure was. > > > -Original Message- > From: freeipa-users-boun...@redhat.com > [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek > Sent: January-18-16 4:23 AM > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with > the hostname is not the primary hostname > > On 18.1.2016 04:23, Nathan Peters wrote: >> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a >> primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary >> hostname for localhost: dc2-ipa-dev-van.mydomain.net >> 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net >> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is >> not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of >> 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: >> dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if >> dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost >> --> This line here is strange > 2016-01-18T03:00:07Z DEBUG >> --> Primary hostname for localhost: >> --> dc1-ipa-dev-nvan.mydomain.net.mydomain.net >> 2016-01-18T03:00:07Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in >> execute >> return_value = self.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line >> 318, in run >> cfgr.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 308, in run >> self.validate() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 317, in validate >> for nothing in self._validator(): >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 359, in >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line >> 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", lin
Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname
On 18.1.2016 04:23, Nathan Peters wrote: > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary > hostname for localhost > 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: > dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is not a > CNAME > 2016-01-18T03:00:07Z DEBUG Check reverse address of 10.21.0.98 > 2016-01-18T03:00:07Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a > primary hostname for localhost > --> This line here is strange > 2016-01-18T03:00:07Z DEBUG Primary > hostname for localhost: dc1-ipa-dev-nvan.mydomain.net.mydomain.net > 2016-01-18T03:00:07Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in > execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, > in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 308, in run > self.validate() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 317, in validate > for nothing in self._validator(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, > in _configure > next(validator) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line > 63, in _install > for nothing in self._installer(self.parent): > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1551, in main > promote_check(self) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 372, in decorated > func(installer) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 394, in decorated > func(installer) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 980, in promote_check > installutils.verify_fqdn(config.master_host_name, options.no_host_dns) > File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", > line 168, in verify_fqdn > "Please check /etc/hosts or DNS name resolution" % (host_name, > ex_name[0])) > > 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, exception: > HostLookupError: The host name dc1-ipa-dev-nvan.mydomain.net does not match > the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please > check /etc/hosts or DNS name resolution > 2016-01-18T03:00:07Z ERROR The host name dc1-ipa-dev-nvan.mydomain.net does > not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. > Please check /etc/hosts or DNS name resolution > 2016-01-18T03:00:07Z ERROR The ipa-replica-install command failed. See >
Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname
Actually I was able to solve this one, but the error logging could certainly be improved to indicate what is actually happening Here is the actual issue along with the sequence of events: 1. DNS check for local host to be joined checks forward, cname, and PTR records against result of `hostname` command, those all came back ok 2. A second check is performed and I believe it is being performed on an existing FreeIPA server (in this case it was my CA master), but the logs say " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost" even though this check is actually being performed remotely on the Master. It almost seems like the log entry from the master is forwarded to use and that's why it says 'localhost' or something... 3. It performs the same forward, CNAME, and PTR checks as it did against the localhost, but doesn't log those checks. It fails on the PTR check because there actually was a second invalid PTR entry for dc1-ipa-dev-nvan.mydomain.net.mydomain.net. You can see from the logs that it actually warned us it was about to do a PTR check on the localhost " DEBUG Check reverse address of 10.21.0.98". But when it performs the remote check on the master, it just does the check without informing us what is about to happen, and because it claims that host is 'localhost' if the 2 hostnames are similar, you may not even realize its not performing the check locally Since the underlying technical issue that caused this was an actual invalid PTR record, the removal of the PTR record solved the issue; however, it would be nice if the logs let us know that 2nd PTR check was actually remote, not local, and if it logged that it was about to perform a PTR check so we could accurately know what the cause of the failure was. -Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek Sent: January-18-16 4:23 AM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname On 18.1.2016 04:23, Nathan Peters wrote: > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a > primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary > hostname for localhost: dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net > 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is > not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of > 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: > dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if > dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost > --> This line here is strange > 2016-01-18T03:00:07Z DEBUG > --> Primary hostname for localhost: > --> dc1-ipa-dev-nvan.mydomain.net.mydomain.net > 2016-01-18T03:00:07Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in > execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, > in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 308, in run > self.validate() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 317, in validate > for nothing in self._validator(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, > in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, > in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, > in _configure > next(validator) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/l
[Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with the hostname is not the primary hostname
2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost --> This line here is strange > 2016-01-18T03:00:07Z DEBUG Primary hostname for localhost: dc1-ipa-dev-nvan.mydomain.net.mydomain.net 2016-01-18T03:00:07Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 308, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 317, in validate for nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 549, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1551, in main promote_check(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 394, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 980, in promote_check installutils.verify_fqdn(config.master_host_name, options.no_host_dns) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 168, in verify_fqdn "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0])) 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, exception: HostLookupError: The host name dc1-ipa-dev-nvan.mydomain.net does not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or DNS name resolution 2016-01-18T03:00:07Z ERROR The host name dc1-ipa-dev-nvan.mydomain.net does not match the primary host name dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information So 3 questions : 1)Why does it first check if my hostname is ok, and then check if my hostname matches this other host, and why is it referring to the other remote host as localhost ? 2)Where in the world
