Project

General

Profile

Support #14177

dns-problems when provision a host

Added by Lukas Müller over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Hello,

i have a problem with nsupdate when i would like to provision a host. Bind says "servfail". There's also a dhcp error, but i think i have to solve the dns-error first.

Here is the log:

D, [2016-03-14T11:19:15.613577 #20807] DEBUG -- : close: 10.140.79.170:50494
D, [2016-03-14T11:19:15.676633 #20807] DEBUG -- : accept: 10.140.79.170:50495
D, [2016-03-14T11:19:15.679153 #20807] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2016-03-14T11:19:15.680212 #20807] DEBUG -- : verifying remote client 10.140.79.170 against trusted_hosts ["hostname.domain.de"]
D, [2016-03-14T11:19:15.680553 #20807] DEBUG -- : Reading config file /etc/dhcp/dhcpd.conf
D, [2016-03-14T11:19:15.680742 #20807] DEBUG -- : Reading config file /etc/dhcp/dhcpd.hosts
D, [2016-03-14T11:19:15.680902 #20807] DEBUG -- : Reading config file /var/lib/dhcpd/dhcpd.leases
D, [2016-03-14T11:19:15.681024 #20807] DEBUG -- : Loading subnets for 127.0.0.1
D, [2016-03-14T11:19:15.681194 #20807] DEBUG -- : Added a subnet: 10.140.79.0
E, [2016-03-14T11:19:15.681791 #20807] ERROR -- : Record 10.140.79.0/10.140.79.173 not found
I, [2016-03-14T11:19:15.682169 #20807]  INFO -- : 10.140.79.170 - - [14/Mar/2016 11:19:15] "GET /dhcp/10.140.79.0/10.140.79.173 HTTP/1.1" 404 42 0.0022

D, [2016-03-14T11:19:15.722658 #20807] DEBUG -- : close: 10.140.79.170:50495
D, [2016-03-14T11:19:18.256598 #20807] DEBUG -- : accept: 10.140.79.170:50497
D, [2016-03-14T11:19:18.259132 #20807] DEBUG -- : Rack::Handler::WEBrick is invoked.
D, [2016-03-14T11:19:18.297006 #20807] DEBUG -- : verifying remote client 10.140.79.170 against trusted_hosts ["hostname.domain.de"]
D, [2016-03-14T11:19:18.297736 #20807] DEBUG -- : running /usr/bin/nsupdate -k /etc/foreman.key
D, [2016-03-14T11:19:18.301837 #20807] DEBUG -- : nsupdate: executed - server 127.0.0.1
D, [2016-03-14T11:19:18.304010 #20807] DEBUG -- : nsupdate: executed - update add 173.79.140.10.in-addr.arpa.  86400 IN PTR vm1.subdomain.domain.de
D, [2016-03-14T11:19:18.333248 #20807] DEBUG -- : nsupdate: errors
Answer:

;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id:  33637

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;79.140.10.in-addr.arpa.                IN      SOA

;; TSIG PSEUDOSECTION:

foreman.                0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1457950758 300 16 8rC8b2DbIs0AVujhPKQ1dQ== 33637 NOERROR 0

E, [2016-03-14T11:19:18.333610 #20807] ERROR -- : Update errors: Answer:

;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id:  33637

;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1

;; ZONE SECTION:

;79.140.10.in-addr.arpa.                IN      SOA

;; TSIG PSEUDOSECTION:

foreman.                0       ANY     TSIG    hmac-md5.sig-alg.reg.int. 1457950758 300 16 8rC8b2DbIs0AVujhPKQ1dQ== 33637 NOERROR 0

My named.conf looks like this:

// named.conf

options {
  dnssec-validation no;
  directory "/var/named";
  dump-file "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
};
controls {  inet 127.0.0.1 allow { localhost; } keys { foreman; }; };
include "/etc/foreman.key";
include "/etc/zones.conf";

logging
{
  category update { update_log; };
  channel update_log
  {
    file "/var/named/logs/dns-update.log" versions 2 size 20m;
    print-time yes;
    print-category yes;
    print-severity yes;
    severity info;
  };
};
zone "." {
  type forward;
  forwarders {
    IP.OF.MY.FORWARDER;
  };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Here's my zones.conf:

 zone "79.140.10.in-addr.arpa" {
    type master;
    file "/var/named/79.140.10.rev";
    update-policy {
            grant foreman zonesub ANY;
    };
};
zone "gemsvm.bafg.de" {
    type master;
    file "/var/named/gemsvm.bafg.de";
    update-policy {
            grant foreman zonesub ANY;
    };
};

Greeting
lukas


Related issues

Related to Salt - Bug #12995: I can' t delete my hostResolved2016-01-05

History

#1 Updated by Dominic Cleal over 6 years ago

The DNS server's logs will usually indicate why the request was rejected. Check syslog/daemon logs for bind/named messages.

#2 Updated by Lukas Müller over 6 years ago

The DNS-Log said permission denied.

After giving group write permissions on /var/named the same error occured.

After disabling SELinux there was no permission denied error.

Now i receive a hardware adresse error. My dhcpd.conf is configured for 3 mac adresses only.
I gave the host to provision one of this adress, but omshell says hardware adresse conflict.

So now i habe to figure out why the dns entry fails on

/var/named/79.140.10.rev.jnl: create: permission denied

when i have selinux on and why the dhcp doesnt accept the right hardware adresse.

#3 Updated by Lukas Müller over 6 years ago

Here is the log from the omshell:

D, [2016-03-14T12:05:35.245050 #20807] DEBUG -- : omshell: executed - set name = "gemsvm1.gemsvm.bafg.de" 
D, [2016-03-14T12:05:35.245250 #20807] DEBUG -- : true
D, [2016-03-14T12:05:35.245345 #20807] DEBUG -- : omshell: executed - set ip-address = 10.140.79.174
D, [2016-03-14T12:05:35.245395 #20807] DEBUG -- : true
D, [2016-03-14T12:05:35.245460 #20807] DEBUG -- : omshell: executed - set hardware-address = 00:16:3e:8c:4f:                  75
D, [2016-03-14T12:05:35.245518 #20807] DEBUG -- : true
D, [2016-03-14T12:05:35.245582 #20807] DEBUG -- : omshell: executed - set hardware-type = 1
D, [2016-03-14T12:05:35.245635 #20807] DEBUG -- : true
D, [2016-03-14T12:05:35.246028 #20807] DEBUG -- : omshell: executed - set statements = "filename = \"pxelinu                  x.0\"; next-server = 0a:8c:4f:aa; option host-name = \"gemsvm1.gemsvm.bafg.de\";" 
D, [2016-03-14T12:05:35.246119 #20807] DEBUG -- : true
D, [2016-03-14T12:05:35.246201 #20807] DEBUG -- : omshell: executed - create
D, [2016-03-14T12:05:35.246311 #20807] DEBUG -- : true
E, [2016-03-14T12:05:35.279445 #20807] ERROR -- : Omshell failed:
> > > > obj: <null>
, > obj: host
, > obj: host
, name = "gemsvm1.gemsvm.bafg.de" 
, > obj: host
, name = "gemsvm1.gemsvm.bafg.de" 
, ip-address = 0a:8c:4f:ae
, > obj: host
, name = "gemsvm1.gemsvm.bafg.de" 
, ip-address = 0a:8c:4f:ae
, hardware-address = 00:16:3e:8c:4f:75
, > obj: host
, name = "gemsvm1.gemsvm.bafg.de" 
, ip-address = 0a:8c:4f:ae
, hardware-address = 00:16:3e:8c:4f:75
, hardware-type = 1
, > obj: host
, name = "gemsvm1.gemsvm.bafg.de" 
, ip-address = 0a:8c:4f:ae
, hardware-address = 00:16:3e:8c:4f:75
, hardware-type = 1
, statements = "filename = "pxelinux.0"; next-server = 0a:8c:4f:aa; option host-name = "gemsvm1.gemsvm.bafg.                  de";" 
, > can't open object: already exists
, obj: host
, name = "gemsvm1.gemsvm.bafg.de" 
, ip-address = 0a:8c:4f:ae
, hardware-address = 00:16:3e:8c:4f:75
, hardware-type = 1
, statements = "filename = "pxelinux.0"; next-server = 0a:8c:4f:aa; option host-name = "gemsvm1.gemsvm.bafg.                  de";" 
, >
E, [2016-03-14T12:05:35.280006 #20807] ERROR -- : Failed to add DHCP reservation for gemsvm1.gemsvm.bafg.de                   (10.140.79.174 / 00:16:3e:8c:4f:75): Entry already exists

Here is my dhcpd.conf:

# dhcpd.conf
omapi-port 7911;

key omapi_key {
        algorithm HMAC-MD5;
        secret "here is my secret key";
}
omapi-key omapi_key;

default-lease-time 43200;
max-lease-time 86400;

ddns-update-style none;

option domain-name "gemsvm.bafg.de";
option domain-name-servers 10.140.79.170, 10.140.79.240;
option ntp-servers ptbtime1.ptb.de;

allow booting;
allow bootp;

option fqdn.no-client-update    on;  # set the "O" and "S" flag bits
option fqdn.rcode2            255;
option pxegrub code 150 = text ;

# PXE Handoff.
next-server 10.140.79.170;
filename "pxelinux.0";

log-facility local7;

include "/etc/dhcp/dhcpd.hosts";

subnet 10.140.79.0 netmask 255.255.255.0 {
  pool
  {
    range 10.140.79.172 10.140.79.174;
  }

  option subnet-mask 255.255.255.0;
  option routers 10.140.79.1;
  host gemsvm1.subdomain.domain.de { hardware ethernet 00:16:3E:8C:4F:75; }
  host gemsvm2 { hardware ethernet 00:16:3E:8C:4F:76; }
  host gemsvm3 { hardware ethernet 00:16:3E:8C:4F:39; }
  ignore unknown-clients;
}

I think it has something to to with the host blocks and the ingnore unknown clients statement.

Why do I make this? Because not alle mac adresses are allowed in my network.
I can only provision to 3 mac adresses i got from my administrator.

Any idea to fix?

#4 Updated by Dominic Cleal over 6 years ago

The error is in the log:

E, [2016-03-14T12:05:35.280006 #20807] ERROR -- : Failed to add DHCP reservation for gemsvm1.gemsvm.bafg.de                   (10.140.79.174 / 00:16:3e:8c:4f:75): Entry already exists

Your existing host { } entries prevent the smart proxy from adding another with the same MAC address. Try removing them, if ignore unknown-clients is still there then it should probably work fine.

#5 Updated by Lukas Müller over 6 years ago

Ok, it was done with creating a class and filtering the mac adresse there. So that runs.

Foreman added the host and it started, but when i want to delete the host (because there is a wrong mac adress) it says:

undefined method `delete' for nil:NilClass

how can it delete the host now?

#6 Updated by Dominic Cleal over 6 years ago

Please provide the whole request, error and stack trace from /var/log/foreman/production.log when deleting the host.

#7 Updated by Lukas Müller over 6 years ago

Here is the trace:

Started DELETE "/hosts/gemsvm1.gemsvm.bafg.de" for 10.140.70.92 at 2016-03-14 12:53:35 +0100
2016-03-14 12:53:35 [app] [I] Processing by HostsController#destroy as HTML
2016-03-14 12:53:35 [app] [I]   Parameters: {"authenticity_token"=>"/grILdfaBcsOrYm8USliuMaULVKxiWpxz+mYht+aXYI=", "id"=>"gemsvm1.gemsvm.bafg.de"}
2016-03-14 12:53:35 [app] [I] Delete the DNS PTR record for 10.140.79.173/gemsvm1.gemsvm.bafg.de
2016-03-14 12:53:35 [app] [I] Delete DHCP reservation for gemsvm1.gemsvm.bafg.de-b2:b0:ce:33:5b:8c/10.140.79.173
2016-03-14 12:53:36 [app] [W] Action failed
 | NoMethodError: undefined method `delete' for nil:NilClass
 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_salt-4.0.1/app/models/foreman_salt/concerns/host_managed_extensions.rb:98:in `delete_salt_key'
2016-03-14 12:53:36 [app] [I]   Rendered common/500.html.erb within layouts/application (4.1ms)
2016-03-14 12:53:36 [app] [I]   Rendered layouts/base.html.erb (2.0ms)
2016-03-14 12:53:36 [app] [I] Completed 500 Internal Server Error in 1521ms (Views: 10.7ms | ActiveRecord: 22.3ms)

#8 Updated by Dominic Cleal over 6 years ago

  • Related to Bug #12995: I can' t delete my host added

#9 Updated by Dominic Cleal over 6 years ago

  • Status changed from New to Resolved

That is bug #12995 in the Salt plugin, which at the moment is only fixed in foreman_salt 5.0 (for Foreman 1.11, currently RC). You may want to try applying the patch from that ticket.

Closing this for now as it seems most of your issues are resolved. In future, please check the users mailing list or IRC channels for support: http://theforeman.org/support.html

Also available in: Atom PDF