[Freeipa-devel] [PATCH 0503-0513, 0515-0519, 0520-0528] DNS locations

Martin Basti mbasti at redhat.com
Fri Jun 17 15:05:44 UTC 2016 


On 17.06.2016 15:17, Petr Spacek wrote:
> On 17.6.2016 12:25, Martin Basti wrote:
>>
>> On 17.06.2016 08:46, Petr Spacek wrote:
>>> On 16.6.2016 22:14, Martin Basti wrote:
>>>> On 16.06.2016 15:59, Petr Spacek wrote:
>>>>> On 16.6.2016 13:57, Martin Basti wrote:
>>>>>> On 16.06.2016 12:09, Petr Spacek wrote:
>>>>>>> On 15.6.2016 17:24, Petr Spacek wrote:
>>>>>>>> On 15.6.2016 15:45, Martin Basti wrote:
>>>>>>>>> On 15.06.2016 14:52, Martin Basti wrote:
>>>>>>>>>> <snip>
>>>>>>>>>> Hydra patching: Updated patches attached + new patches for dnsserver-*
>>>>>>>>>> commands attached
>>>>>>>>>> Updated+rebased patches after Honza's interactive review
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> Minor nitpick fixed
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch
>>>>>>>>
>>>>>>>>
>>>>>>>> ACK
>>>>>>>>
>>>>>>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch
>>>>>>>>
>>>>>>>> ACK
>>>>>>>>
>>>>>>>>
>>>>>>>> I will get to the rest later on.
>>>>>>> Problems I found (could be solved in separate patches if you wish):
>>>>>>>
>>>>>>> 1. NACK
>>>>>>> # ipa dns-update-system-records --dry-run
>>>>>>> ipa: ERROR: an internal error has occurred
>>>>>>> ValueError: dns_update_system_records.validate_output(): unexpected keys
>>>>>>> ['summary'] in { ...
>>>>>> Fixed
>>>>>>> 2. NACK
>>>>>>> Command ipa dns-update-system-records does not work with DNS Administrators
>>>>>>> privilege when some record is missing:
>>>>>>>
>>>>>>> ipa: WARNING: Update of system record
>>>>>>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0
>>>>>>> 100 464
>>>>>>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
>>>>>>> access: Insufficient 'write' privilege to the 'objectClass' attribute of
>>>>>>> entry
>>>>>>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Fixed (I hope)
>>>>>>> 3. NACK
>>>>>>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns
>>>>>>> In fact the upgrade does not even add the object class into schema.
>>>>>>>
>>>>>> Fixed
>>>>>>> These needs to be fixed before we can proceed.
>>>>>>>
>>>>>> Updated patches attached
>>>>> 4. NACK
>>>>> ipa-ca-install does not add A/AAAA records for the new CA.
>>>> This should work, code is on the right place. Maybe it is a race condition.
>>>>
>>>> ... 2 hours later ...
>>>>
>>>> I found that this is broken since 4.3.0, I will fix it separately
>>>> https://fedorahosted.org/freeipa/ticket/5966
>>>>
>>>> Anyway I found bug in replicainstall (fixed) because copy&paste everywhere
>>>>
>>>>> 5. NACK
>>>>> ipa-replica-manage del <replica> does not delete SRV records from the
>>>>> remaining master
>>>>>
>>>>> # ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
>>>>> WARNING: yacc table file version is out of date
>>>>> Checking connectivity in topology suffix 'domain'
>>>>> Checking connectivity in topology suffix 'ca'
>>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
>>>>> 'idnsserverid': must be Unicode text
>>>>> You may need to manually remove them from the tree
>>>>> Checking for deleted segments in suffix 'domain'
>>>>> Agreements deleted
>>>>> Checking for deleted segments in suffix 'ca'
>>>>> Agreements deleted
>>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
>>>>> abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
>>>>> You may need to manually remove them from the tree
>>>> Fixed
>>>>> Manual execution of ipa dns-update-system-records fixes that.
>>>>>
>>>>>
>>>>>
>>>>> Besides NACKs above one more thing is missing:
>>>>> Following config options are not migrated from named.conf to LDAP object:
>>>>>
>>>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade
>>>>>
>>>>>
>>>>>
>>>>> This can go to a separate patch set if you wish (at the very end).
>>>> I will leave this for later, bind-dyndb-ldap will continue working with local
>>>> configuration as before, patches are of course welcome.
>>>>
>>>> Updated patches attached, + hydra patching
>>> 6. NACK
>>> # ipa server-show $(hostname)
>>> Managed suffixes: domain, ca
>>>     Min domain level: 0
>>>     Max domain level: 1
>>>     Location: l1
>>>     Enabled server roles: CA server, DNS server, NTP server
>>>     Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
>>>
>>> [root at vm-046 review]# ipa server-mod $(hostname) --location=l2
>>> ipa: ERROR: no modifications to be performed
>>>
>> Updated patches attached
> ACK up to patch 519.
>
> 7th NACK to the rest:
>
> It fails while attempting to add non-DNS to a location:
>
> # ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com
>    Managed suffixes: domain
>    Min domain level: 0
>    Max domain level: 1
>    Location: l1
>    Enabled server roles:
>    Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
>
> # ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2
> ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found
>

Updated patches attached + 2 extra hydra patches :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0520.3-DNS-Locations-set-proper-substitution-variable.patch
Type: text/x-patch
Size: 1740 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0521.3-DNS-Locations-require-to-restart-named-pkcs11-affter.patch
Type: text/x-patch
Size: 2283 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0522.3-DNS-Locations-show-warning-if-there-is-no-DNS-server.patch
Type: text/x-patch
Size: 4005 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0523.3-DNS-Locations-prevent-to-remove-used-locations.patch
Type: text/x-patch
Size: 1781 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0524.3-DNS-Locations-do-not-generate-location-records-for-u.patch
Type: text/x-patch
Size: 2323 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0525.3-DNS-Locations-location-del-remove-location-record.patch
Type: text/x-patch
Size: 3633 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0526.3-DNS-Locations-Rename-ipalocationweight-to-ipaservice.patch
Type: text/x-patch
Size: 17838 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0527.3-DNS-Locations-generate-NTP-records.patch
Type: text/x-patch
Size: 4223 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0528.3-upgrade-don-t-fail-if-zone-does-not-exists-in-in-fin.patch
Type: text/x-patch
Size: 1154 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0529.1-DNS-Location-add-list-of-roles-and-DNS-servers-to-lo.patch
Type: text/x-patch
Size: 3795 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0530.1-DNS-Locations-dnsserver-print-specific-error-when-DN.patch
Type: text/x-patch
Size: 1379 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160617/3e5ab614/attachment-0010.bin>

More information about the Freeipa-devel mailing list