Hmm, you should be a detective! Here is a ticket about this: https://fedorahosted.org/freeipa/ticket/5621
Thank you very much for catching this! Petr^2 Spacek On 18.1.2016 17:52, Nathan Peters wrote: > Actually I was able to solve this one, but the error logging could certainly > be improved to indicate what is actually happening > > Here is the actual issue along with the sequence of events: > > 1. DNS check for local host to be joined checks forward, cname, and PTR > records against result of `hostname` command, those all came back ok > > 2. A second check is performed and I believe it is being performed on an > existing FreeIPA server (in this case it was my CA master), but the logs say > " DEBUG Check if dc1-ipa-dev-nvan.mydomain.net is a primary hostname for > localhost" even though this check is actually being performed remotely on the > Master. It almost seems like the log entry from the master is forwarded to > use and that's why it says 'localhost' or something... > > 3. It performs the same forward, CNAME, and PTR checks as it did against the > localhost, but doesn't log those checks. It fails on the PTR check because > there actually was a second invalid PTR entry for > dc1-ipa-dev-nvan.mydomain.net.mydomain.net. You can see from the logs that > it actually warned us it was about to do a PTR check on the localhost " > DEBUG Check reverse address of 10.21.0.98". But when it performs the remote > check on the master, it just does the check without informing us what is > about to happen, and because it claims that host is 'localhost' if the 2 > hostnames are similar, you may not even realize its not performing the check > locally > > Since the underlying technical issue that caused this was an actual invalid > PTR record, the removal of the PTR record solved the issue; however, it would > be nice if the logs let us know that 2nd PTR check was actually remote, not > local, and if it logged that it was about to perform a PTR check so we could > accurately know what the cause of the failure was. > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Petr Spacek > Sent: January-18-16 4:23 AM > To: [email protected] > Subject: Re: [Freeipa-users] FreeIPA 4.3.0 Replica Installation fails with > the hostname is not the primary hostname > > On 18.1.2016 04:23, Nathan Peters wrote: >> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is a >> primary hostname for localhost 2016-01-18T03:00:07Z DEBUG Primary >> hostname for localhost: dc2-ipa-dev-van.mydomain.net >> 2016-01-18T03:00:07Z DEBUG Search DNS for dc2-ipa-dev-van.mydomain.net >> 2016-01-18T03:00:07Z DEBUG Check if dc2-ipa-dev-van.mydomain.net is >> not a CNAME 2016-01-18T03:00:07Z DEBUG Check reverse address of >> 10.21.0.98 2016-01-18T03:00:07Z DEBUG Found reverse name: >> dc2-ipa-dev-van.mydomain.net 2016-01-18T03:00:07Z DEBUG Check if >> dc1-ipa-dev-nvan.mydomain.net is a primary hostname for localhost >> ------> This line here is strange ----> 2016-01-18T03:00:07Z DEBUG >> ------> Primary hostname for localhost: >> ------> dc1-ipa-dev-nvan.mydomain.net.mydomain.net >> 2016-01-18T03:00:07Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in >> execute >> return_value = self.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line >> 318, in run >> cfgr.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 308, in run >> self.validate() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 317, in validate >> for nothing in self._validator(): >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 359, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line >> 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line >> 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 549, in _configure >> next(validator) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 449, in _handle_exception >> self.__parent._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 446, in _handle_exception >> super(ComponentBase, self)._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line >> 359, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line >> 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line >> 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line >> 63, in _install >> for nothing in self._installer(self.parent): >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1551, in main >> promote_check(self) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 372, in decorated >> func(installer) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 394, in decorated >> func(installer) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 980, in promote_check >> installutils.verify_fqdn(config.master_host_name, options.no_host_dns) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", >> line 168, in verify_fqdn >> "Please check /etc/hosts or DNS name resolution" % (host_name, >> ex_name[0])) >> >> 2016-01-18T03:00:07Z DEBUG The ipa-replica-install command failed, >> exception: HostLookupError: The host name >> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name >> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or >> DNS name resolution 2016-01-18T03:00:07Z ERROR The host name >> dc1-ipa-dev-nvan.mydomain.net does not match the primary host name >> dc1-ipa-dev-nvan.mydomain.net.mydomain.net. Please check /etc/hosts or >> DNS name resolution 2016-01-18T03:00:07Z ERROR The ipa-replica-install >> command failed. See /var/log/ipareplica-install.log for more >> information >> >> So 3 questions : >> 1)Why does it first check if my hostname is ok, and then check if my >> hostname matches this other host, and why is it referring to the other >> remote host as localhost ? >> 2)Where in the world is it getting the idea that the primary hostname for my >> host is actually the primary hostname for the other host in a strange format >> with the domain name on the end twice ? >> 3)are there any workarounds for this? It seems rather buggy. I have >> triple checked hostnames on both hosts referenced in that log entry >> >> Here is the output that proves that my hostname is fine and not ending >> with a double domain >> >> [root@dc2-ipa-dev-van ~]# cat /etc/hosts >> 127.0.0.1 localhost localhost.localdomain localhost4 >> localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 >> localhost6.localdomain6 >> 10.21.0.98 dc2-ipa-dev-van.mydomain.net >> [root@dc2-ipa-dev-van ~]# cat /etc/hostname >> dc2-ipa-dev-van.mydomain.net [root@dc2-ipa-dev-van ~]# hostname >> dc2-ipa-dev-van.mydomain.net >> >> and on the other host : >> >> [root@dc1-ipa-dev-nvan ~]# hostname >> dc1-ipa-dev-nvan.mydomain.net >> [root@dc1-ipa-dev-nvan ~]# cat /etc/hostname >> dc1-ipa-dev-nvan.mydomain.net [root@dc1-ipa-dev-nvan ~]# cat >> /etc/hosts >> 127.0.0.1 localhost localhost.localdomain localhost4 >> localhost4.localdomain4 >> ::1 localhost localhost.localdomain localhost6 >> localhost6.localdomain6 >> 10.178.0.99 dc1-ipa-dev-nvan.mydomain.net [root@dc1-ipa-dev-nvan ~]# > > Interesting ... > > Please send us information mentioned on page > http://www.freeipa.org/page/Troubleshooting#Reporting_bugs > > + content of /etc/resolv.conf on the affected machine > + /var/log/ipareplica-install.log > > Thank you. > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
