Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-9.8
Affects Version/s: rhel-9.8
Component/s: ipa
Labels:
- fixed_upstream

Fixed in Build:
ipa-4.13.1-1.el9
Regression:
Yes
Severity:
Important
Epic Link:
IDM-2830

AssignedTeam:
rhel-idm-ipa

Dev Target Milestone:
22
Internal Target Milestone:
24
Story Points:
0
ACKs Check:

QE ack, Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/154922
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Steps To reproduce :

Install ipa server with --setup-dns
Enable DNSSEC master: ipa-dns-install --dnssec-master --forwarder x.x.x.x -U
Add a new DNSSEC-enabled zone : ipa dnszone-add example.test. --dnssec 'true
The new zone is added but the records are not signed.

Last Green run : https://idm-artifacts.psi.redhat.com/idm-ci/freeipa/Nightly-Tier2/RHEL9.8/2025-12-15_16-00/tier-2/upstream-backup-and-restore-testbackupandrestorewithdnssec/1/report.html

Failed run : https://idm-artifacts.psi.redhat.com/idm-ci/freeipa/Nightly-Tier2/RHEL9.8/2025-12-29_16-00/tier-2/upstream-backup-and-restore-testbackupandrestorewithdnssec/2/report.html

the zone doesn't get signedm there is traceback in the journal

https://idm-artifacts.psi.redhat.com/idm-ci/freeipa/Nightly-Tier2/RHEL9.8/2026-01-12_16-00/tier-2/upstream-backup-and-restore-testbackupandrestorewithdnssec/1/logs/test_integration-test_backup_and_restore.py-TestBackupAndRestoreWithDNSSEC-test_full_backup_and_restore_with_DNSSEC_zone/master.testrelm.test/journal

Note : Failing only on rhel-9.8 not on rhel-10.2

depends on

RHEL-137585 ipa-server-upgrade succeeds but ipactl restart fails due to ipa-dnskeysyncd service failure caused by SELinux AVC denial on RHEL 9.8

Release Pending

links to

RHSA-2025:154922 ipa security update

Assignee:: Florence Renaud

Reporter:: Anuja More

Developer:: Florence Renaud

QA Contact:: Anuja More

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2026/01/13 1:39 PM

Updated:: 2026/02/03 6:46 AM

Dev Target end:: 2026/01/26

Target end:: 2026/02/09

Next Planned Release Date:: 2026/05/12