RHEV-M setup often thinks IPA setup worked when it hasn't

Latest response

IPA is extremely picky about DNS, hostnames etc - if for example forward and reverse DNS are set correctly but the hostname isn't a FDQN, it will appear to start but not function correctly.  In this case, the RHEV installer will think that IPA is working when it isn't.

 

There are a bunch of other cases where IPA can appear to be working to the RHEV installer when it isn't, but that's the one I can remember right now.

ja
Log in to join the conversation

Responses

rh Red Hat Guru 1569 points
22 August 2011 2:19 PM

Look like verification that authentication against the directory is in order here.

 

P.S. For this specific issue, one of the prerequisites is that the hostname resolvable FQDN (reverse and forward). I'll verify again that the documentation does state this fact.

ja Active Contributor 270 points
22 August 2011 2:19 PM

Yes it does state that it must be a FDQN - but there's further manipulation of /etc/sysconfig/network and /etc/hosts that isn't documented or checked for.

 

Regardless, the script should do an auth attempt as the admin user, rather than starting the service and assuing that all went ok.

rh Red Hat Guru 1569 points
22 August 2011 2:56 PM

Can you please provide more info on the entries in /etc/sysconfig/network and /etc/hosts?

I actuallyset up my own DNS and environment last week  (You can find it on another thread in this group) and with that, I did not need to modify anything. Just set the hostname  during installation of the RHEV Manager host, and configure the name server in /etc/reslov.conf to point to my DNS (Which is standard procedure)

ja Active Contributor 270 points
23 August 2011 8:35 AM

Example: forward and reverse DNS work correctly, but system has hostname foo, rather than foo.bar.com.  IPA will appear to start, but won't actually work.

hostname -f should return a FDQN, but the setup script (and the IPA init script) do not check for this.

Depending on setup, an entry in /etc/hosts may also be needed, as the line immediately below the loopback addresses.  Any reference to the FDQN in the loopback addresses section must be removed.

rh Red Hat Guru 1569 points
23 August 2011 1:50 PM

The information has been forwarded to engineering.