[Freeipa-devel] [PATCH 0053-0056] DNSSEC: Fix deadlocks & export to LDAP
Martin Basti
mbasti at redhat.com
Thu Sep 3 15:44:45 UTC 2015
On 09/03/2015 10:40 AM, Oleg Fayans wrote:
> NACK from me.
>
> 2 out of 5 tests still fail with assertion errors:
> https://paste.fedoraproject.org/262926/44126948/
>
> Although, I am not sure these failures are caused by the same very
> problem.
>
> On 08/31/2015 06:50 PM, Petr Spacek wrote:
>> Hello,
>>
>> Attached patch set should fix the deadlock you discovered + few more
>> issues I
>> spotted when testing the original patch.
>>
>> Known problems (more patches needed):
>> - /etc/opendnssec/zonelist.xml should be restored during server
>> uninstall
>> - ccache for ipa-ods-exporter should be removed during server uninstall
>> - timestamps in .private key files do not reflect (?) current key
>> state in
>> OpenDNSSEC database (I will look into this tomorrow.)
>>
>>
>>
>
Actually, I did testing and these patches fixing the deadlock.
ACK from me.
You may hit another issue, which is reproducible only by DNSSEC CI test:
named is not able to read keys (we don't know why, because keys are
ready and readable)
Workaround is just to restart named, and everything will work.
More information about the Freeipa-devel
mailing list