Thank you, of course I can send you more debug.
Thank you for testing, I haven't my lab-REALM available here, so I cannot
easily do such tests at
The configuration/typology in this realm is only one other master, and the
DNS-zones are split, so I suspect there could be some potential problems there.
But the hidden replica are using the other master as DNS-server.
After joining the realm, the hidden-replica was installed successfully with the
following command:
ipa-replica-install --hidden-replica --skip-conncheck --principal=admin@[REALM
NAME]
(I had to use --skip-connectcheck for some reason, that could be a reason for
our problems, but when the replication is successfull and all services seems to
be running fine locally?)
root@[HOSTNAME]:~# ipa-dns-install --forwarder [IPv6-address other master]
--forwarder [IPv4-address other master] --no-reverse
The log file for this installation can be found in
/var/log/ipaserver-dns-install.log
==============================================================================
This program will setup DNS for the IPA Server.
This includes:
* Configure DNS (bind)
* Configure SoftHSM (required by DNSSEC)
* Configure ipa-dnskeysyncd (required by DNSSEC)
NOTE: DNSSEC zone signing is not enabled by default
To accept the default shown in brackets, press the Enter key.
Checking DNS forwarders, please wait ...
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring DNS (named)
[1/9]: generating rndc key file
[2/9]: setting up our own record
[error] RequirementError: 'idnsname' is required
Unexpected error - see /var/log/ipaserver-dns-install.log for details:
RequirementError: 'idnsname' is required
Here is the full log file, I have tried to sensor public information, it seems
to stop after doing something with :
2024-12-06T08:32:29Z DEBUG /sbin/ipa-dns-install was invoked with options:
{'debug': False, 'ip_addresses': [], 'forwarders':
[CheckedIPAddressLoopback('[IPv6-address other master]'),
CheckedIPAddressLoopback('[IPv4-address other master]')], 'no_forwarders':
False, 'auto_forwarders': False, 'forward_policy': None, 'reverse_zones': [],
'no_reverse': True, 'auto_reverse': False, 'allow_zone_overlap': False,
'no_dnssec_validation': False, 'dnssec_master': False, 'zonemgr': None,
'unattended': False, 'disable_dnssec_master': False, 'kasp_db_file': None,
'force': None}
2024-12-06T08:32:29Z DEBUG missing options might be asked for interactively
later
2024-12-06T08:32:29Z DEBUG IPA version 4.12.2-1.el9
2024-12-06T08:32:29Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2024-12-06T08:32:29Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2024-12-06T08:32:29Z DEBUG importing all plugin modules in ipaserver.plugins...
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.aci
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.automember
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.automount
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.baseldap
2024-12-06T08:32:29Z DEBUG ipaserver.plugins.baseldap is not a valid plugin
module
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.baseuser
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.batch
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.ca
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.caacl
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.cert
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.certmap
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.certprofile
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.config
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.delegation
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.dns
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.dogtag
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.group
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.hbac
2024-12-06T08:32:29Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.plugins.hbacsvcgroup
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.hbactest
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.host
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.idp
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.idrange
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.idviews
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.internal
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.join
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.ldap2
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.location
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.migration
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.misc
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.netgroup
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.otp
2024-12-06T08:32:29Z DEBUG ipaserver.plugins.otp is not a valid plugin module
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.otpconfig
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.otptoken
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.plugins.passkeyconfig
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.passwd
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.permission
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.ping
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.pkinit
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.privilege
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.rabase
2024-12-06T08:32:29Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.plugins.realmdomains
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.role
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.schema
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.selfservice
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.plugins.selinuxusermap
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.server
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.serverrole
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.serverroles
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.service
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.plugins.servicedelegation
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.session
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.stageuser
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.subid
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.sudo
2024-12-06T08:32:29Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.plugins.sudocmdgroup
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.sudorule
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.topology
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.trust
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.user
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.vault
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.virtual
2024-12-06T08:32:29Z DEBUG ipaserver.plugins.virtual is not a valid plugin
module
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.whoami
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.plugins.xmlserver
2024-12-06T08:32:29Z DEBUG importing all plugin modules in
ipaserver.install.plugins...
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.adtrust
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.ca_renewal_master
2024-12-06T08:32:29Z DEBUG importing plugin module ipaserver.install.plugins.dns
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.fix_kra_people_entry
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.fix_replica_agreements
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.rename_managed
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_ca_topology
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_changelog_maxage
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_dna_shared_config
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_fix_duplicate_cacrt_in_ldap
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_idranges
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_ldap_server_list
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_managed_permissions
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_nis
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_pacs
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_passsync
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_pwpolicy
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_ra_cert_store
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_referint
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_services
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_unhashed_password
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.update_uniqueness
2024-12-06T08:32:29Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
2024-12-06T08:32:30Z DEBUG Created connection context.ldap2_140064146742576
2024-12-06T08:32:30Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2024-12-06T08:32:30Z DEBUG raw: dns_is_enabled(version='2.254')
2024-12-06T08:32:30Z DEBUG dns_is_enabled(version='2.254')
2024-12-06T08:32:30Z DEBUG flushing
ldapi://%2Frun%2Fslapd-[TRANSFORMED-REALM-NAME].socket from SchemaCache
2024-12-06T08:32:30Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2Frun%2Fslapd-[TRANSFORMED-REALM-NAME].socket
conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f63391c6c70>
2024-12-06T08:32:30Z DEBUG Name [hostname].[dns-domain-name] resolved to
{UnsafeIPAddress('[IPv4-address hidden master]'),
UnsafeIPAddress('[IPv6-address hidden master]'),
UnsafeIPAddress('fdd0:172:17:252::233'), UnsafeIPAddress('172.17.252.233')}
2024-12-06T08:32:30Z DEBUG Searching for an interface of IP address:
[IPv4-address hidden master]
2024-12-06T08:32:30Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0
(interface: lo)
2024-12-06T08:32:30Z DEBUG Testing local IP address:
172.17.252.233/255.255.254.0 (interface: ens18)
2024-12-06T08:32:30Z DEBUG Testing local IP address: [IPv4-address hidden
master]/255.255.255.255 (interface: ens18)
2024-12-06T08:32:30Z DEBUG Searching for an interface of IP address:
[IPv6-address hidden master]
2024-12-06T08:32:30Z DEBUG Testing local IP address: ::1/128 (interface: lo)
2024-12-06T08:32:30Z DEBUG Testing local IP address: [IPv6-address hidden
master]/64 (interface: ens18)
2024-12-06T08:32:30Z DEBUG Searching for an interface of IP address:
fdd0:172:17:252::233
2024-12-06T08:32:30Z DEBUG Testing local IP address: ::1/128 (interface: lo)
2024-12-06T08:32:30Z DEBUG Testing local IP address: [IPv6-address hidden
master]/64 (interface: ens18)
2024-12-06T08:32:30Z DEBUG Testing local IP address: fdd0:172:17:252::233/64
(interface: ens18)
2024-12-06T08:32:30Z DEBUG Searching for an interface of IP address:
172.17.252.233
2024-12-06T08:32:30Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0
(interface: lo)
2024-12-06T08:32:30Z DEBUG Testing local IP address:
172.17.252.233/255.255.254.0 (interface: ens18)
2024-12-06T08:32:30Z DEBUG IP address fdd0:172:17:252::233 belongs to a private
range, using forward policy only
2024-12-06T08:32:30Z DEBUG Checking DNS server: [IPv6-address other master]
2024-12-06T08:32:30Z DEBUG Checking DNS server: [IPv4-address other master]
2024-12-06T08:32:30Z DEBUG will use DNS forwarders:
[CheckedIPAddressLoopback('[IPv6-address other master]'),
CheckedIPAddressLoopback('[IPv4-address other master]')]
2024-12-06T08:32:30Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2024-12-06T08:32:30Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2024-12-06T08:32:30Z INFO dnssec-validation yes
2024-12-06T08:32:30Z DEBUG Starting external process
2024-12-06T08:32:30Z DEBUG args=['/bin/systemctl', 'stop', 'named.service']
2024-12-06T08:32:30Z DEBUG Process finished, return code=0
2024-12-06T08:32:30Z DEBUG stdout=
2024-12-06T08:32:30Z DEBUG stderr=
2024-12-06T08:32:30Z DEBUG Stop of named.service complete
2024-12-06T08:32:30Z DEBUG raw: dnszone_show('[dns-domain-name]',
version='2.254')
2024-12-06T08:32:30Z DEBUG dnszone_show(<DNS name [dns-domain-name].>,
rights=False, all=False, raw=False, version='2.254')
2024-12-06T08:32:30Z DEBUG Configuring DNS (named)
2024-12-06T08:32:30Z DEBUG [1/9]: generating rndc key file
2024-12-06T08:32:30Z DEBUG Starting external process
2024-12-06T08:32:30Z DEBUG args=['/usr/libexec/generate-rndc-key.sh']
2024-12-06T08:32:30Z DEBUG Process finished, return code=0
2024-12-06T08:32:30Z DEBUG stdout=
2024-12-06T08:32:30Z DEBUG stderr=
2024-12-06T08:32:30Z DEBUG step duration: named __generate_rndc_key 0.01 sec
2024-12-06T08:32:30Z DEBUG [2/9]: setting up our own record
2024-12-06T08:32:30Z DEBUG raw: dnszone_show('[dns-domain-name]',
version='2.254')
2024-12-06T08:32:30Z DEBUG dnszone_show(<DNS name [dns-domain-name].>,
rights=False, all=False, raw=False, version='2.254')
2024-12-06T08:32:30Z DEBUG raw: dnsrecord_add('[dns-domain-name]',
'[hostname]', arecord='[IPv4-address hidden master]', version='2.254')
2024-12-06T08:32:30Z DEBUG dnsrecord_add(<DNS name [dns-domain-name].>, <DNS
name [hostname]>, arecord=('[IPv4-address hidden master]',),
a_extra_create_reverse=False, aaaa_extra_create_reverse=False, force=False,
structured=False, all=False, raw=False, version='2.254')
2024-12-06T08:32:30Z DEBUG raw: dnszone_show('[Reverse-IPv4].in-addr.arpa.',
version='2.254')
2024-12-06T08:32:30Z DEBUG dnszone_show(<DNS name
[Reverse-IPv4].in-addr.arpa.>, rights=False, all=False, raw=False,
version='2.254')
2024-12-06T08:32:30Z DEBUG raw: dnsrecord_add('[Reverse-IPv4].in-addr.arpa.',
'', ptrrecord='[hostname].[dns-domain-name].', version='2.254')
2024-12-06T08:32:30Z DEBUG dnsrecord_add(<DNS name
[Reverse-IPv4].in-addr.arpa.>, None, a_extra_create_reverse=False,
aaaa_extra_create_reverse=False, ptrrecord=('[hostname].[dns-domain-name].',),
force=False, structured=False, all=False, raw=False, version='2.254')
2024-12-06T08:32:30Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line
686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line
672, in run_step
method()
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 971, in __add_self
self.__add_master_records(self.fqdn, self.ip_addresses)
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 968, in __add_master_records
add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api)
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 400, in add_ptr_rr
add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api)
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 383, in add_rr
api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 477, in
__call__
return self.__do_call(*args, **options)
File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 538, in
__do_call
self.validate(**params)
File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 848, in
validate
param.validate(value, supplied=param.name in kw)
File "/usr/lib/python3.9/site-packages/ipalib/parameters.py", line 881, in
validate
raise RequirementError(name=self.name)
ipalib.errors.RequirementError: 'idnsname' is required
2024-12-06T08:32:30Z DEBUG [error] RequirementError: 'idnsname' is required
2024-12-06T08:32:30Z DEBUG File
"/usr/lib/python3.9/site-packages/ipaserver/install/installutils.py", line 781,
in run_script
return_value = main_function()
File "/sbin/ipa-dns-install", line 143, in main
dns_installer.install(True, False, options)
File "/usr/lib/python3.9/site-packages/ipaserver/install/dns.py", line 345,
in install
bind.create_instance()
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 780, in create_instance
self.start_creation()
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line
686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py", line
672, in run_step
method()
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 971, in __add_self
self.__add_master_records(self.fqdn, self.ip_addresses)
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 968, in __add_master_records
add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api)
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 400, in add_ptr_rr
add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api)
File "/usr/lib/python3.9/site-packages/ipaserver/install/bindinstance.py",
line 383, in add_rr
api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw)
File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 477, in
__call__
return self.__do_call(*args, **options)
File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 538, in
__do_call
self.validate(**params)
File "/usr/lib/python3.9/site-packages/ipalib/frontend.py", line 848, in
validate
param.validate(value, supplied=param.name in kw)
File "/usr/lib/python3.9/site-packages/ipalib/parameters.py", line 881, in
validate
raise RequirementError(name=self.name)
2024-12-06T08:32:30Z DEBUG The ipa-dns-install command failed, exception:
RequirementError: 'idnsname' is required
"idnsname" is what the DNS-enteries is called in ldap, so there might be
something missing, that I can add manually?
Anything more you want?
Best Regards
Jostein
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
