[Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install

Jakub Hrozek jhrozek at redhat.com
Tue Feb 1 09:10:32 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/01/2011 04:15 AM, Rob Crittenden wrote:
> Jakub Hrozek wrote:
>> On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote:
>>> On Mon, 31 Jan 2011 22:44:43 +0100
>>> Jakub Hrozek<jhrozek at redhat.com>  wrote:
>>>
>>>> https://fedorahosted.org/freeipa/ticket/881
>>>>
>>>> We've run into a chicken-and-egg problem during installation. If the
>>>> hostname of the IPA server is not resolvable with DNS during
>>>> installation, we'd add it as a NS server for a zone in both the SOA
>>>> entry and a NS record -- but no records from the new zone are
>>>> resolvable until Bind is restarted, including the new A/AAAA records
>>>> for the nameserver.
>>>>
>>>> I tried restarting the named service during Bind instance creation but
>>>> that didn't help..not exactly sure why. Anyway, attached is a patch
>>>> that forces the NS record creation.
>>>>
>>>> Please note that the --force flag is available via XML-RPC only, it is
>>>> completely hidden from the user otherwise.
>>>
>>> Minor issue but requires NACK.
>>>
>>> You changed the add_zone() signature to always require some parameters,
>>> but did not update it in ipa-replica-prepare
>>>
>>> Simo.
>>
>> Good catch, thank you!
>>
>> Attached is a new patch. I also found out that I don't have to require
>> all the parameters as some (such as admin email) have nice defaults in
>> the DNS plugin.
> 
> This fixes it but I did have problems with overall approach.
> 
> To test this I changed the host entry of my machine from slinky to
> spanky and ran the installer with --hostname=spanky.domain.
> 
> This worked for the initial install and I was able to find the previous
> problem with ipa-replica-prepare.
> 
> But I ran into other problems when testing this fix. The `hostname` of
> the machine is still slinky and very little actually worked. Restarting
> httpd failed and running ipa-replica-prepare failed because both were
> trying to contact the LDAP server on slinky, etc.
> 
> Once I ran hostname spanky.domain everything worked fine.
> 
> So ack for this bug but how should we handle these other problems?
> 
> Oh, and I've pushed it to master.
> 
> rob
> 

This makes me wonder if we tested the same setup as QE did - I was under
the impression that before I introduced the "NS must be resolvable"
constraint, their setup just worked even after installation.

I think I tested a little differently, too - I just added a
ipaserver.testdomain entry to /etc/hosts and ran "ipa-server-install
- --hostname ipaserver.testdomain --no-host-dns -r TESTDOMAIN -n TESTDOMAIN"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1HzggACgkQHsardTLnvCWR2ACfUjcxyhByWq/p/Mj0h9uwfsMy
p0EAnAz/rHVnN/GRz0d71jHWgaRk9n55
=5n7k
-----END PGP SIGNATURE-----

More information about the Freeipa-devel mailing list