Browse Source

Use --allow-overlap-zone when setting up freeipa

We currently call ipa-server-install with '--setup-dns --auto-forwarders --auto-reverse $FreeIPAExtraArgs'.

This can break if the forward dns are probed to see if they are in
charge of any zones that we're setting up. So it can fail with the
following error:
2020-03-25T08:51:14Z DEBUG check_port_bindable: bind success: 8080/TCP
2020-03-25T08:51:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2020-03-25T08:51:14Z INFO Checking DNS domain redhat.local., please wait ...
2020-03-25T08:51:14Z DEBUG Name freeipa-0.redhat.local resolved to {UnsafeIPAddress('10.0.0.96')}
2020-03-25T08:51:14Z DEBUG Searching for an interface of IP address: 10.0.0.96
2020-03-25T08:51:14Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2020-03-25T08:51:14Z DEBUG Testing local IP address: 172.16.0.47/255.255.255.0 (interface: eth1)
2020-03-25T08:51:14Z DEBUG Testing local IP address: 10.0.0.96/255.255.255.0 (interface: eth2)
2020-03-25T08:51:14Z DEBUG IP address 10.0.0.96 belongs to a private range, using forward policy only
2020-03-25T08:51:14Z DEBUG will use DNS forwarders: ['172.16.0.1', '10.0.0.1', '2620:52:0:13b8::fe']

2020-03-25T08:51:14Z INFO Checking DNS domain 0.0.10.in-addr.arpa., please wait ...
  File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 539, in check_reverse_zones
    options.allow_zone_overlap):
  File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 349, in get_auto_reverse_zones
    dnsutil.check_zone_overlap(default_reverse)
  File "/usr/lib/python3.6/site-packages/ipapython/dnsutil.py", line 383, in check_zone_overlap
    raise DNSZoneAlreadyExists(zone=zone.to_text(), ns=ns)

2020-03-25T08:51:14Z DEBUG The ipa-server-install command failed, exception: DNSZoneAlreadyExists: DNS zone 0.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['ns1.foo.bar.', 'ns2.foo.bar']
2020-03-25T08:51:14Z ERROR DNS zone 0.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['ns1.foo.bar.', 'ns2.foo.bar']
2020-03-25T08:51:14Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Let's add --allow-overlap-zone so CI is not affected by this.

I checked that this new parameter we're adding exists in both centos7
and 8.

Change-Id: Idfd8ddf745e6a7cded9acab7575c0b51554a1cf3
changes/08/714908/2
Michele Baldessari 1 year ago
parent
commit
022d24aa46
  1. 1
      ci/scripts/freeipa_setup.sh

1
ci/scripts/freeipa_setup.sh

@ -105,6 +105,7 @@ ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \
-p $DirectoryManagerPassword -a $AdminPassword \
--hostname `hostname -f` \
--ip-address=$FreeIPAIP \
--allow-zone-overlap \
--setup-dns --auto-forwarders --auto-reverse $FreeIPAExtraArgs
# Authenticate

Loading…
Cancel
Save