tripleo-heat-templates

History

Michele Baldessari 022d24aa46 Use --allow-overlap-zone when setting up freeipa We currently call ipa-server-install with '--setup-dns --auto-forwarders --auto-reverse $FreeIPAExtraArgs'. This can break if the forward dns are probed to see if they are in charge of any zones that we're setting up. So it can fail with the following error: 2020-03-25T08:51:14Z DEBUG check_port_bindable: bind success: 8080/TCP 2020-03-25T08:51:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2020-03-25T08:51:14Z INFO Checking DNS domain redhat.local., please wait ... 2020-03-25T08:51:14Z DEBUG Name freeipa-0.redhat.local resolved to {UnsafeIPAddress('10.0.0.96')} 2020-03-25T08:51:14Z DEBUG Searching for an interface of IP address: 10.0.0.96 2020-03-25T08:51:14Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo) 2020-03-25T08:51:14Z DEBUG Testing local IP address: 172.16.0.47/255.255.255.0 (interface: eth1) 2020-03-25T08:51:14Z DEBUG Testing local IP address: 10.0.0.96/255.255.255.0 (interface: eth2) 2020-03-25T08:51:14Z DEBUG IP address 10.0.0.96 belongs to a private range, using forward policy only 2020-03-25T08:51:14Z DEBUG will use DNS forwarders: ['172.16.0.1', '10.0.0.1', '2620:52:0:13b8::fe'] 2020-03-25T08:51:14Z INFO Checking DNS domain 0.0.10.in-addr.arpa., please wait ... File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 539, in check_reverse_zones options.allow_zone_overlap): File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 349, in get_auto_reverse_zones dnsutil.check_zone_overlap(default_reverse) File "/usr/lib/python3.6/site-packages/ipapython/dnsutil.py", line 383, in check_zone_overlap raise DNSZoneAlreadyExists(zone=zone.to_text(), ns=ns) 2020-03-25T08:51:14Z DEBUG The ipa-server-install command failed, exception: DNSZoneAlreadyExists: DNS zone 0.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['ns1.foo.bar.', 'ns2.foo.bar'] 2020-03-25T08:51:14Z ERROR DNS zone 0.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['ns1.foo.bar.', 'ns2.foo.bar'] 2020-03-25T08:51:14Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Let's add --allow-overlap-zone so CI is not affected by this. I checked that this new parameter we're adding exists in both centos7 and 8. Change-Id: Idfd8ddf745e6a7cded9acab7575c0b51554a1cf3	2020-03-26 12:30:43 +01:00
..
freeipa_setup.sh	Use --allow-overlap-zone when setting up freeipa	2020-03-26 12:30:43 +01:00

Michele Baldessari 022d24aa46 Use --allow-overlap-zone when setting up freeipa

We currently call ipa-server-install with '--setup-dns --auto-forwarders --auto-reverse $FreeIPAExtraArgs'.

This can break if the forward dns are probed to see if they are in
charge of any zones that we're setting up. So it can fail with the
following error:
2020-03-25T08:51:14Z DEBUG check_port_bindable: bind success: 8080/TCP
2020-03-25T08:51:14Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2020-03-25T08:51:14Z INFO Checking DNS domain redhat.local., please wait ...
2020-03-25T08:51:14Z DEBUG Name freeipa-0.redhat.local resolved to {UnsafeIPAddress('10.0.0.96')}
2020-03-25T08:51:14Z DEBUG Searching for an interface of IP address: 10.0.0.96
2020-03-25T08:51:14Z DEBUG Testing local IP address: 127.0.0.1/255.0.0.0 (interface: lo)
2020-03-25T08:51:14Z DEBUG Testing local IP address: 172.16.0.47/255.255.255.0 (interface: eth1)
2020-03-25T08:51:14Z DEBUG Testing local IP address: 10.0.0.96/255.255.255.0 (interface: eth2)
2020-03-25T08:51:14Z DEBUG IP address 10.0.0.96 belongs to a private range, using forward policy only
2020-03-25T08:51:14Z DEBUG will use DNS forwarders: ['172.16.0.1', '10.0.0.1', '2620:52:0:13b8::fe']

2020-03-25T08:51:14Z INFO Checking DNS domain 0.0.10.in-addr.arpa., please wait ...
  File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 539, in check_reverse_zones
    options.allow_zone_overlap):
  File "/usr/lib/python3.6/site-packages/ipaserver/install/bindinstance.py", line 349, in get_auto_reverse_zones
    dnsutil.check_zone_overlap(default_reverse)
  File "/usr/lib/python3.6/site-packages/ipapython/dnsutil.py", line 383, in check_zone_overlap
    raise DNSZoneAlreadyExists(zone=zone.to_text(), ns=ns)

2020-03-25T08:51:14Z DEBUG The ipa-server-install command failed, exception: DNSZoneAlreadyExists: DNS zone 0.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['ns1.foo.bar.', 'ns2.foo.bar']
2020-03-25T08:51:14Z ERROR DNS zone 0.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): ['ns1.foo.bar.', 'ns2.foo.bar']
2020-03-25T08:51:14Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information

Let's add --allow-overlap-zone so CI is not affected by this.

I checked that this new parameter we're adding exists in both centos7
and 8.

Change-Id: Idfd8ddf745e6a7cded9acab7575c0b51554a1cf3

2020-03-26 12:30:43 +01:00

freeipa_setup.sh

Use --allow-overlap-zone when setting up freeipa

2020-03-26 12:30:43 +01:00