[Freeipa-devel] [PATCHES 0066-0067] Upgrade procedure for forwardzones

Tue Jun 24 14:36:56 UTC 2014

On 06/18/2014 01:46 PM, Martin Basti wrote:
> On Wed, 2014-06-18 at 13:44 +0200, Martin Basti wrote:
>> On Fri, 2014-06-13 at 10:28 +0200, Martin Basti wrote:
>>> Patches attached, require patches mbasti 0052-0055.
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Rebased patches attached.
>> PEP8 fixes.
>>
> Sorry, patches are here

66.2:

1) Is it OK to just change constants in the update plugins?

-PRE_UPDATE = 1
-POST_UPDATE = 2
+PRE_SCHEMA_UPDATE = 1
+PRE_UPDATE = 2
+POST_UPDATE = 3

When people refer to the types via names, it should be OK. It just seemed
unnecessary to me.

67.2:

1) update_check_forwardzones:

I think we should set update_to_forward_zones to False when the objectclass is
there and add a check at the beginning of the execute to simply bail out, if
update_to_forward_zones is present in the sysupgrade file.

This will prevent the objectclass check (which takes some time) to run again
and again.

2) I would use different backup name:

+    backup_filename = u'master-zones-transform-backup.ldif'

Probably something based on time so that different installations' backup do not
step on each other. You can inspire yourself in other backup files we create:

# ll /var/lib/ipa/backup/
total 16
drwx------. 2 root root 4096 May 30 08:10 ipa-full-2014-05-30-08-10-13
drwx------. 2 root root 4096 May 30 08:11 ipa-full-2014-05-30-08-11-09
drwx------. 2 root root 4096 May 30 08:13 ipa-full-2014-05-30-08-13-21
-rw-r--r--. 1 root root 3441 Jun 24 16:25 master-zones-transform-backup.ldif

3) This exception does not provide much information, we should at least log the
error message itself:

+            except Exception:
+                self.log.error('Unable to create backup file')
+                return (False, False, [])

4) The actual upgrade failed in my case, when I had set forward policy:

# ipa-ldap-upgrade --upgrade
...
Updating managed permissions for user
Updating non-object managed permissions
Zones with specified forwarders with policy different than none will be
transformed to forward zones.
Original zones will be saved in LDIF format in
/var/lib/ipa/backup/master-zones-transform-backup.ldif file
No changes to ACI
Zone forward1.test. was sucessfully transformed to forward zone
Transform to forwardzone terminated: creating forwardzone forward2.test. failed
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py",
line 265, in execute
    api.Command['dnsforwardzone_add'](zone['idnsname'][0], **kw)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 433, in __call__
    params = self.convert(**params)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 631, in convert
    (k, self.params[k].convert(v)) for (k, v) in kw.iteritems()
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 631, in
<genexpr>
    (k, self.params[k].convert(v)) for (k, v) in kw.iteritems()
  File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 797, in
convert
    return self._convert_scalar(value)
  File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 806, in
_convert_scalar
    error=ugettext(self.type_error),
ConversionError: invalid 'idnsforwardpolicy': Gettext('incorrect type',
domain='ipa', localedir=None)
...

Attaching my DNS zone setting.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master-zones-transform-backup.ldif
Type: text/x-ldif
Size: 3441 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140624/4e02fbef/attachment.bin>