dweller dweller via FreeIPA-users wrote:
Yep, sorry. I reuploaded it to github https://github.com/vudex/for-freeipa-users/blob/main/ipaclient-install.log.
Connectivity to ipa replica is definetly there:
[root@host-01 ~]# telnet freeipa-master-01.test-krb1.novalocal 53 Trying 172.28.19.229... Connected to freeipa-master-01.test-krb1.novalocal. Escape character is '^]'.
So, Rob, as I understood from your reply, A-record should be added *almost* always when we are enrolling new host, because DNS lookup will fail (considering we are using freeipa-dns and relying on enrollment process to setup records).
So I do not need to specify options:
- --enable-dns-updates is set
- --ip-address is set
- --all-ip-addresses is set
if I'm relying on failing of DNS lookup
An A record was found for host-01.test-krb1.novalocal:
From the log:
2023-09-10T06:48:34Z DEBUG found 1 A records for host-01.test-krb1.novalocal.: 172.28.19.96 2023-09-10T06:48:34Z DEBUG The DNS response does not contain an answer to the question: host-01.test-krb1.novalocal. IN AAAA
Later you'll see an nsupdate to update DNS:
2023-09-10T06:48:34Z DEBUG Writing nsupdate commands to /etc/ipa/.dns_update.txt: 2023-09-10T06:48:34Z DEBUG debug
update delete host-01.test-krb1.novalocal. IN A show send
update delete host-01.test-krb1.novalocal. IN AAAA show send
update add host-01.test-krb1.novalocal. 1200 IN A 172.28.19.96 show send
That update is failing but I can't tell why. We validate that the update succeeded by looking up the expected results, and they aren't there, except apparently for the reverse:
2023-09-10T06:48:34Z DEBUG DNS resolver: Query: host-01.test-krb1.novalocal IN A 2023-09-10T06:48:34Z DEBUG DNS resolver: Query: host-01.test-krb1.novalocal IN AAAA 2023-09-10T06:48:34Z DEBUG DNS resolver: No record. 2023-09-10T06:48:34Z DEBUG DNS resolver: Query: 96.19.28.172.in-addr.arpa. IN PTR
Strangely though we also print a summary of missing entries and that isn't logged. I'd expect something like "Missing A/AAAA record(s) for host host-01.test-krb1.novalocal" but it isn't logged.
rob