Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipa-server-install: Prefer no_host_dns over local_hostname #7377

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ipa-server-install: Prefer no_host_dns over local_hostname #7377

wants to merge 1 commit into from

Conversation

jakub-vavra-cz
Copy link

When running verify_fqdn with no_host_dns=True dns was still queried for local_hostname and reverse dns record was still compared to local hostname with a possible mismatch. This resulted in "The host name XXX not match the primary host name YYY." error message.

@jakub-vavra-cz
ipa-server-install: Prefer no_host_dns over local_hostname
610d92d 
When running verify_fqdn with no_host_dns=True dns was still queried
for local_hostname and reverse dns record was still compared to
local hostname with a possible mismatch. This resulted in
"The host name XXX not match the primary host name YYY."
error message.
@flo-renaud flo-renaud added the re-run Trigger a new run of PR-CI label May 30, 2024
@flo-renaud
Copy link
Contributor

Hi @jakub-vavra-cz
based on this commit message 9bff6cb it looks like the check was intentional:

Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.

@freeipa-pr-ci freeipa-pr-ci removed the re-run Trigger a new run of PR-CI label May 30, 2024
@jakub-vavra-cz
Copy link
Author

@flo-renaud : The manual explicitly says:
--no-host-dns Do not use DNS for hostname lookup during installation.

The dns (PTR) lookup is done during installation ignoring no-host-dns and failing installation. So even if it might be intentional change it goes directly against the manual description and is rendering the feature broken.

How about changing raise HostLookupError... to a printing warning message with the same content when no-host-dns is True and keeping the exception when False?

@rcritten
Copy link
Contributor

rcritten commented Jun 6, 2024

The man page can change as well.

This lookup is done because /etc/hosts can be broken. Most of these DNS checks grew organically because so many people have broken DNS. Not checking DNS can allow a server to install yet be unreachable.

You also haven't outlined the use case/reproducer where you are seeing the error and the exact output. Typically this is put into a pagure.io ticket referenced in the commit per the contribution docs, https://www.freeipa.org/page/Contribute/Code#update-pagure-ticket

@jakub-vavra-cz
Copy link
Author

I am installing testing machines in the cloud with the ipa server being setup as dns (for other machines). The cloud dns (psi openstack) returns generic ip-based hostname in ptr (that I can not affect). I am trying to use no-host-dns to ignore the ptr returned for the machine.

@rjeffman
Copy link
Member

This is the same issue that I had with some environments in AWS (at least one may be psi openstack). I fixed it by scripting the installation and querying DNS (dig + dig -x) to get the proper hostname to provide to the installer.

This behavior can also be seen in downstream gating tests.

Maybe --no-host-dns text could be more clear about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jakub-vavra-cz @flo-renaud @rcritten @rjeffman @freeipa-pr-ci