[Freeipa-devel] [PATCH] 490 add DNS lookup to new hosts/services
Rob Crittenden
rcritten at redhat.com
Thu Aug 5 14:36:48 UTC 2010
Adam Young wrote:
> On 08/05/2010 08:45 AM, Rob Crittenden wrote:
>> Adam Young wrote:
>>> On 07/30/2010 04:02 PM, Adam Young wrote:
>>>> On 07/22/2010 02:25 PM, Rob Crittenden wrote:
>>>>> Make sure that the host behind new host and service records is
>>>>> actually a resolvable DNS A record. There is a --force flag if you
>>>>> know what you are doing (or just feel like charging ahead anyway).
>>>>>
>>>>> We use a lot of made-up names in the self-tests, had to add the
>>>>> force flag to all of them.
>>>>>
>>>>> rob
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>> I can't get this patch to apply:
>>>>
>>>> [ayoung at ayoung freeipa]$ git apply
>>>> ~/Documents/IPA/freeipa-490-dns.patch
>>>> error: patch failed: ipalib/util.py:28
>>>> error: ipalib/util.py: patch does not apply
>>>>
>>>>
>>>>
>>>> I've tried it both with and without patch 484
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>
>>>
>>> OK, disregard that, I was able to apply it on top of 484, build and
>>> deploy.
>>>
>>> I'd give it an ACK except that I can't figure out how to work around
>>> service-add where the service is not yet resolvable. I understand
>>> that this is not desired, but I'm fairly certain that not being able
>>> to do this will mess up someone.
>>> ipa service-add-host --force --hosts=web.example.com
>>> HTTP/web.example.com
>>> Usage: ipa [global-options] service-add-host PRINCIPAL
>>>
>>> ipa: error: no such option: --force
>>>
>>>
>>
>> Good catch, this was an oversight. The add-host option is for adding
>> hosts that are allowed to manage this service (keytab, certificate). I
>> completely forgot to disable enforcement of DNS on that. I'll resubmit
>> the patch once I get that worked out.
>>
>> rob
>
> Are these the only two permutations (Host, Service ) X (Force , No
> Force) or are there others? Is there something I should test with the
> --dns option?
>
>
No, that's about it. --force just says "don't bother with DNS lookup,
user claims to know what they are doing."
I looked into this and --force isn't needed with service-add-host. This
adds hosts that are allowed to manage the service. The host needs to
exist in IPA so therefore must already exist. Therefore --force isn't
needed.
What is lacking in the context of the patch is error reporting which
hosts failed to add. This is addressed in part by patch 499. All that is
needed is the following:
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 11fd18e..a17af89 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -615,6 +615,9 @@ class LDAPAddMember(LDAPModMember):
Str('member',
label=_('Failed members'),
),
+ Str('managedby',
+ label=_('Failed members'),
+ ),
)
def execute(self, *keys, **options):
@@ -720,6 +723,9 @@ class LDAPRemoveMember(LDAPModMember):
Str('member',
label=_('Failed members'),
),
+ Str('managedby',
+ label=_('Failed members'),
+ ),
)
def execute(self, *keys, **options):
I'll submit that as a separate patch shortly.
rob
More information about the Freeipa-devel
mailing list