[Freeipa-devel] [PATCH 0503-0513, 0515-0519, 0520-0528] DNS locations
Petr Spacek
pspacek at redhat.com
Fri Jun 17 16:00:05 UTC 2016
On 17.6.2016 17:05, Martin Basti wrote:
>
>
> On 17.06.2016 15:17, Petr Spacek wrote:
>> On 17.6.2016 12:25, Martin Basti wrote:
>>>
>>> On 17.06.2016 08:46, Petr Spacek wrote:
>>>> On 16.6.2016 22:14, Martin Basti wrote:
>>>>> On 16.06.2016 15:59, Petr Spacek wrote:
>>>>>> On 16.6.2016 13:57, Martin Basti wrote:
>>>>>>> On 16.06.2016 12:09, Petr Spacek wrote:
>>>>>>>> On 15.6.2016 17:24, Petr Spacek wrote:
>>>>>>>>> On 15.6.2016 15:45, Martin Basti wrote:
>>>>>>>>>> On 15.06.2016 14:52, Martin Basti wrote:
>>>>>>>>>>> <snip>
>>>>>>>>>>> Hydra patching: Updated patches attached + new patches for dnsserver-*
>>>>>>>>>>> commands attached
>>>>>>>>>>> Updated+rebased patches after Honza's interactive review
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> Minor nitpick fixed
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ACK
>>>>>>>>>
>>>>>>>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ACK
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I will get to the rest later on.
>>>>>>>> Problems I found (could be solved in separate patches if you wish):
>>>>>>>>
>>>>>>>> 1. NACK
>>>>>>>> # ipa dns-update-system-records --dry-run
>>>>>>>> ipa: ERROR: an internal error has occurred
>>>>>>>> ValueError: dns_update_system_records.validate_output(): unexpected keys
>>>>>>>> ['summary'] in { ...
>>>>>>> Fixed
>>>>>>>> 2. NACK
>>>>>>>> Command ipa dns-update-system-records does not work with DNS
>>>>>>>> Administrators
>>>>>>>> privilege when some record is missing:
>>>>>>>>
>>>>>>>> ipa: WARNING: Update of system record
>>>>>>>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0
>>>>>>>> 100 464
>>>>>>>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
>>>>>>>> access: Insufficient 'write' privilege to the 'objectClass' attribute of
>>>>>>>> entry
>>>>>>>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Fixed (I hope)
>>>>>>>> 3. NACK
>>>>>>>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns
>>>>>>>> In fact the upgrade does not even add the object class into schema.
>>>>>>>>
>>>>>>> Fixed
>>>>>>>> These needs to be fixed before we can proceed.
>>>>>>>>
>>>>>>> Updated patches attached
>>>>>> 4. NACK
>>>>>> ipa-ca-install does not add A/AAAA records for the new CA.
>>>>> This should work, code is on the right place. Maybe it is a race condition.
>>>>>
>>>>> ... 2 hours later ...
>>>>>
>>>>> I found that this is broken since 4.3.0, I will fix it separately
>>>>> https://fedorahosted.org/freeipa/ticket/5966
>>>>>
>>>>> Anyway I found bug in replicainstall (fixed) because copy&paste everywhere
>>>>>
>>>>>> 5. NACK
>>>>>> ipa-replica-manage del <replica> does not delete SRV records from the
>>>>>> remaining master
>>>>>>
>>>>>> # ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
>>>>>> WARNING: yacc table file version is out of date
>>>>>> Checking connectivity in topology suffix 'domain'
>>>>>> Checking connectivity in topology suffix 'ca'
>>>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
>>>>>> 'idnsserverid': must be Unicode text
>>>>>> You may need to manually remove them from the tree
>>>>>> Checking for deleted segments in suffix 'domain'
>>>>>> Agreements deleted
>>>>>> Checking for deleted segments in suffix 'ca'
>>>>>> Agreements deleted
>>>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
>>>>>> abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
>>>>>> You may need to manually remove them from the tree
>>>>> Fixed
>>>>>> Manual execution of ipa dns-update-system-records fixes that.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Besides NACKs above one more thing is missing:
>>>>>> Following config options are not migrated from named.conf to LDAP object:
>>>>>>
>>>>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> This can go to a separate patch set if you wish (at the very end).
>>>>> I will leave this for later, bind-dyndb-ldap will continue working with
>>>>> local
>>>>> configuration as before, patches are of course welcome.
>>>>>
>>>>> Updated patches attached, + hydra patching
>>>> 6. NACK
>>>> # ipa server-show $(hostname)
>>>> Managed suffixes: domain, ca
>>>> Min domain level: 0
>>>> Max domain level: 1
>>>> Location: l1
>>>> Enabled server roles: CA server, DNS server, NTP server
>>>> Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
>>>>
>>>> [root at vm-046 review]# ipa server-mod $(hostname) --location=l2
>>>> ipa: ERROR: no modifications to be performed
>>>>
>>> Updated patches attached
>> ACK up to patch 519.
>>
>> 7th NACK to the rest:
>>
>> It fails while attempting to add non-DNS to a location:
>>
>> # ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com
>> Managed suffixes: domain
>> Min domain level: 0
>> Max domain level: 1
>> Location: l1
>> Enabled server roles:
>> Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
>>
>> # ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2
>> ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found
>>
>
> Updated patches attached + 2 extra hydra patches :)
ACK with full force!
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list