[Freeipa-devel] [PATCH] 262-265 Enable psearch by default
Martin Kosek
mkosek at redhat.com
Fri Jun 1 08:46:33 UTC 2012
On Fri, 2012-05-25 at 17:14 +0200, Martin Kosek wrote:
> On Fri, 2012-05-25 at 09:25 -0400, Rob Crittenden wrote:
> > Martin Kosek wrote:
> > > This set of patches handles enabling psearch both for new installations
> > > (patch 263) and upgraded IPA servers.
> > >
> > > For upgraded IPA servers I needed to make sure that psearch is not
> > > enabled for every IPA package update, but at most once, when a user
> > > updates to IPA with this patch for the first time (patch 264). This is
> > > enabled by a new State store located in /var/lib/ipa/sysupgrade (patch
> > > 262).
> > >
> > > I also improved the way we handled SELinux sebool updates (patch 265),
> > > this can make ipa-upgradeconfig to finish in 0.4 seconds and not in 150
> > > seconds as previously. Details are in the patches.
> > >
> > > Martin
> >
> > 262:
> > The sysupgrade directory isn't created by the RPM install:
> >
> > mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade
>
> Fixed.
>
> >
> > 263:
> >
> > It looks like zone_refresh is simply disabled in bindinstance.py, why
> > not remove it completely?
>
> zone_refresh is used by bindinstance.py. ipa-server-install or
> ipa-dns-install may be configured to use zone refresh instead of
> persistent search mechanism to update the zones (e.g. --zone-refresh
> 30).
>
> >
> > 264:
> >
> > Small nit, worth doing case-insensitive compare of psearch enabled status?
>
> Petr2 told me that arg value for boolean configuration option is
> case-insensitive, so we can do that - fixed.
>
> >
> > We're updating named.conf in place so I don't know that we need to reset
> > permissions. It at least shouldn't get modified by the write.
>
> Right, I was being too defensive. I removed the check.
>
> I made the upgrade more robust, now it won't crash for example when
> named.conf does not exist. I also made sure the upgrade script works
> correctly when the IPA is configured without DNS.
>
> Martin
I rebased the patches for current master. I also slightly reworked patch
265, the error message printed in case of an unsuccessful setsebool was
not printed right.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-262-3-add-sysupgrade-state-file.patch
Type: text/x-patch
Size: 9251 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120601/c344ee3b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-263-3-enable-persistent-search-by-default.patch
Type: text/x-patch
Size: 13484 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120601/c344ee3b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-264-3-enable-psearch-on-upgrades.patch
Type: text/x-patch
Size: 11512 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120601/c344ee3b/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-265-3-only-set-sebools-when-necessary.patch
Type: text/x-patch
Size: 5725 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120601/c344ee3b/attachment-0003.bin>
More information about the Freeipa-devel
mailing list