tripleo

[quickstart][ipa][libvirt] freeipa-setup : Deploy FreeIPA] Task fails as wrong forwarder is passed

Bug #1925770 reported by yatin on 2021-04-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	Unassigned	tripleo xena-2

Bug Description

Command used to install:-
./quickstart.sh -R tripleo-ci/CentOS-8/train -c config/general_config/ipa.yml --no-clone --tags all --nodes config/nodes/1ctlr_1comp_1supp.yml -I --teardown none -p quickstart-extras-undercloud.yml -w /var/tmp/bootcamp-ssl/ 127.0.0.2

Error:-
TASK [freeipa-setup : Deploy FreeIPA] ***************************************************************************************
task path: /var/tmp/bootcamp-ssl/usr/local/share/ansible/roles/freeipa-setup/tasks/main.yml:40
Friday 23 April 2021 12:19:11 +0530 (0:00:00.067) 0:00:04.394 **********
fatal: [supplemental]: FAILED! => {
    "changed": true,
    "cmd": "~stack/deploy_freeipa.sh &> ~stack/deploy_freeipa.log",
    "delta": "0:00:09.009231",
    "end": "2021-04-23 06:49:06.549404",
    "rc": 1,
    "start": "2021-04-23 06:48:57.540173"
}

MSG:

stack/deploy_freeipa.log
========================
## Logs from IPA VM: /home/stac/deploy-freeipa.log

+ ipa-server-install -U -r OOO.TEST -p 116466b1-ed71-4490-b834-3295a2318e8b -a 35f18cac-6c93-421a-85d9-981fde3c0fe4 --hostname ipa.ooo.test --ip-address=192.168.23.10 --setup-dns --forwarder=192.168.23.10 --auto-reverse
ipaserver.install.bindinstance: ERROR DNS server 192.168.23.10: query '. SOA': The DNS operation timed out after 10.0000669956 seconds
ipapython.admintool: ERROR DNS server 192.168.23.10: query '. SOA': The DNS operation timed out after 10.0000669956 seconds
ipapython.admintool: ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)
  * Configure the KDC to enable PKINIT

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Warning: skipping DNS resolution of host ipa.ooo.test
The domain name has been determined based on the host name.

Checking DNS domain ooo.test., please wait ...
Checking DNS forwarders, please wait ...

The issue is that config/general_config/ipa.yml sets custom_nameserver to freenode server ip which is wrong it should be some other working nameserver, like 8.8.8.8 or some other.

Tags:

yatin (yatinkarel) on 2021-04-23

Changed in tripleo:
milestone:	none → wallaby-rc1
status:	New → Triaged
importance:	Undecided → Medium
tags:	added: quickstart

Marios Andreou (marios-b) on 2021-05-06

Changed in tripleo:
milestone:	wallaby-rc1 → xena-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-06-02: Fix proposed to tripleo-quickstart (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/tripleo-quickstart/+/794141

Changed in tripleo:
status:	Triaged → In Progress

Marios Andreou (marios-b) on 2021-06-22

Changed in tripleo:
milestone:	xena-1 → xena-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-07-07: Fix merged to tripleo-quickstart (master)

Reviewed: https://review.opendev.org/c/openstack/tripleo-quickstart/+/794141
Committed: https://opendev.org/openstack/tripleo-quickstart/commit/b7fcb80297b9643ca2b183ec2ad0023882319a7c
Submitter: "Zuul (22348)"
Branch: master

commit b7fcb80297b9643ca2b183ec2ad0023882319a7c
Author: yatinkarel <email address hidden>
Date: Wed Jun 2 12:12:57 2021 +0530

Set proper DNS forwarders for FreeIPA

    Currently freeipa_internal_ip is used as DNS forwarder
    for FreeIPA which is wrong as self ip can't be used
    as forwarder. We need to use some public DNS servers
    for this, setting to the same we already use in CI.

Closes-Bug: #1925770
Change-Id: I117722697cc859e31f37eba70f825d41c9ac121d

Changed in tripleo:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.