[Freeipa-devel] [PATCHES 0233-0234] DNSSEC: forwarders validation

Petr Spacek pspacek at redhat.com
Thu May 7 10:19:05 UTC 2015 

On 7.5.2015 08:59, David Kupka wrote:
> On 05/06/2015 03:20 PM, Martin Basti wrote:
>> On 05/05/15 15:00, Martin Basti wrote:
>>> On 30/04/15 15:37, David Kupka wrote:
>>>> On 04/24/2015 02:56 PM, Martin Basti wrote:
>>>>> Patches attached.
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Hi,
>>>> thanks for patches.
>>>>
>>>> 1. You changed message in DNSServerNotRespondingWarning class but not
>>>> the test in ipatest/test_xmlrpc/test_dns_plugin.py
>>>>
>>>> nitpick. Please spell 'edns' correctly. I've seen several instances
>>>> of 'ends'.
>>>>
>>> Thank you,
>>>
>>> updated patches attached:
>>> * new error messages
>>> * logging to debug log server output if exception was raised
>>> * fixed test
>>> * fixed spelling
>>>
>>>
>>>
>> Fixed tests (again)
>>
>> Updated patches attached
>>
> The code looks good to me and tests are no longer broken. (I would prefer
> better fix of the tests but given that the priorities are different now it can
> wait.)
> 
> Petr, can you please confirm that the patch set works for you?

Sorry, NACK:

$ ipa dnsforwardzone-add ptr.test. --forwarder=10.34.47.236
Server will check DNS forwarder(s).
This may take some time, please wait ...
ipa: ERROR: an internal error has occurred

# /var/log/httpd/error_log
ipa: ERROR: non-public: AssertionError:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 350, in
wsgi_execute
    result = self.Command[name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 443, in
__call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 760, in run
    return self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 4444, in
execute
    **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 4405, in
_warning_if_forwarders_do_not_work
    log=self.log)
  File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 715, in
validate_dnssec_zone_forwarder_step2
    timeout=timeout)
  File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 610, in
_resolve_record
    assert isinstance(nameserver_ip, basestring)
AssertionError
ipa: INFO: [jsonserver_session] admin at IPA.EXAMPLE: dnsforwardzone_add(<DNS
name ptr.test.>, idnsforwarders=(u'10.34.47.236',), all=False, raw=False,
version=u'2.116'): AssertionError

This is constantly reproducible in my vm-090.abc. Let me know if you want to
take a look.


I'm attaching little response.patch which improves compatibility with older
python-dns packages. This patch allows IPA to work while error messages are
simply not as nice as they could be with latest python-dns :-)

check_fwd_msg.patch is a little nitpick, just to make sure everyone
understands the message.

BTW why some messages in check_forwarders() are printed using 'print' and
others using logger? I would prefer to use logger for everything to make sure
that logs contain all the information, including warnings.

Thank you for your time!

-- 
Petr^2 Spacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: response.patch
Type: text/x-patch
Size: 415 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150507/07db65ec/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_fwd_msg.patch
Type: text/x-patch
Size: 611 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150507/07db65ec/attachment-0001.bin>

More information about the Freeipa-devel mailing list