<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 26.07.2016 12:17, Lenka Doudova
wrote:<br>
</div>
<blockquote
cite="mid:f7fa0dad-79b1-d7d5-949e-c99a1a4ec852@redhat.com"
type="cite">
<br>
<br>
On 06/30/2016 01:14 PM, Martin Basti wrote:
<br>
<blockquote type="cite">
<br>
<br>
On 30.06.2016 12:58, Lenka Doudova wrote:
<br>
<blockquote type="cite">
<br>
<br>
On 06/30/2016 12:51 PM, Petr Spacek wrote:
<br>
<blockquote type="cite">On 30.6.2016 12:32, Lenka Doudova
wrote:
<br>
<blockquote type="cite">
<br>
On 06/29/2016 07:49 PM, Petr Spacek wrote:
<br>
<blockquote type="cite">On 29.6.2016 18:52, Lenka Doudova
wrote:
<br>
<blockquote type="cite">On 06/29/2016 06:51 PM, Petr
Spacek wrote:
<br>
<blockquote type="cite">On 29.6.2016 18:48, Lenka
Doudova wrote:
<br>
<blockquote type="cite">On 06/27/2016 11:05 AM,
Lenka Doudova wrote:
<br>
<blockquote type="cite">On 06/27/2016 10:33 AM,
Martin Babinsky wrote:
<br>
<blockquote type="cite">On 06/27/2016 10:28 AM,
Petr Spacek wrote:
<br>
<blockquote type="cite">On 27.6.2016 10:26,
Petr Spacek wrote:
<br>
<blockquote type="cite">On 27.6.2016 10:18,
Martin Babinsky wrote:
<br>
<blockquote type="cite">On 06/27/2016
10:04 AM, Petr Vobornik wrote:
<br>
<blockquote type="cite">On 06/27/2016
09:42 AM, Lenka Doudova wrote:
<br>
<blockquote type="cite">Hi!
<br>
<br>
With newly created AD machines in
Brno lab, existing trust tests
<br>
fail on
<br>
'ipa dnsforwardzone-add' command
claiming the zone is already
<br>
present,
<br>
as new AD domain is
dom-221.idm.lab.eng.brq.redhat.com.
<br>
<br>
To prevent these failures I prepared
attached patch, that will still
<br>
attempt to add the forward zone, but
in case of non-zero return code
<br>
will check the message if it says
that the forward zone is already
<br>
configured, and lets the tests
continue, if it is so.
<br>
<br>
<br>
Lenka
<br>
<br>
</blockquote>
Current approach expects that every
error of ipa dnsforward-add here
<br>
will mean that the zone exists. So it
might hide other issues - not
<br>
very
<br>
good.
<br>
<br>
On the other hand it is not very
robust to parse error message.
<br>
<br>
Question for general audience: What do
you think if IPA client's exit
<br>
status would be the IPA error code
instead of "1" for every error.
<br>
E.g.
<br>
in DuplicateEntry case it's 4002.
<br>
<br>
Btw, this is not a NACK.
<br>
<br>
</blockquote>
Well AFAIK the exit status on POSIX
systems is encoded into a single
<br>
byte so
<br>
you cannot have the return value greater
that 255. We would have to
<br>
devise
<br>
some mapping between our XMLRPC status
codes and subprocess return
<br>
codes.
<br>
<br>
Some of our exceptions have defined
return values outside plain '1',
<br>
e.g.
<br>
NotFound has return value of 2. It would
be possible to extend this
<br>
concept on
<br>
other common errors.
<br>
</blockquote>
Even more importantly, the forward zone is
completely unnecessary
<br>
because
<br>
DNS
<br>
when DNS is set up properly. I would
simply remove the
<br>
dnsforwardzone-add.
<br>
<br>
</blockquote>
Grr, I meant this:
<br>
Even more importantly, the forward zone is
completely unnecessary when
<br>
DNS is
<br>
set up properly. I would simply remove the
dnsforwardzone-add.
<br>
<br>
</blockquote>
+1, our tests should not fiddle with the
provisioned environment as
<br>
much as
<br>
they sometimes do.
<br>
<br>
</blockquote>
Well, I have nothing against removing it
completely, but left it there just
<br>
because with previous AD machines with "wild"
domains it was necessary.
<br>
Looking at the code, your suggestion would
probably mean to entirely remove
<br>
method configure_dns_for_trust from
ipatests/test_integration/tasks.py,
<br>
right? I'll have to verify this won't break
anything else.
<br>
<br>
Lenka
<br>
<br>
</blockquote>
Hi,
<br>
<br>
to get back to this issue: do we really want to
have the DNS configuration
<br>
method removed? I mean, we no longer need it for
our CI tests, with new
<br>
AD VMs
<br>
it works without it, but should somebody else with
different setup run these
<br>
tests, they could experience failures because
their AD domain would not be
<br>
configured in DNS by default and the test would no
longer provide that
<br>
configuration. It doesn't feel right to delete
something we needed before
<br>
but
<br>
don't need anymore, in case somebody else is
depending on the same
<br>
configuration. But of course, I'll abide by your
counsel.
<br>
In case the call on DNS configuration method
really is removed, should I
<br>
remove even it's definition? It's not used
anywhere else, so it would be
<br>
quite
<br>
logical.
<br>
</blockquote>
Feel free to keep empty method around as a "hook"
for other people. The
<br>
important thing is that it should do nothing by
default.
<br>
<br>
</blockquote>
So leave the method call, but erase method contents
and let it just pass?
<br>
</blockquote>
Fine with me. (List re-added.)
<br>
<br>
</blockquote>
Ah, sorry for doing the wrong reply.
<br>
Anyway, fixed patch attached. I decided to do as you
suggested - the original
<br>
DNS configuring function is now empty, I modified the
comment to explain
<br>
significance of this strange thing. I also changed patch
title to better
<br>
reflect proposed changes.
<br>
</blockquote>
ACK if it passes your tests.
<br>
<br>
</blockquote>
Yes, I've had no problems running the tests since I started to
use this.
<br>
Thanks.
<br>
<br>
</blockquote>
Pushed to master: 1d9e1521c59a5b43c2322892ce5cbe8cceff2790
<br>
<br>
</blockquote>
Hi,
<br>
<br>
I just realized the same problem occurs in 4.3 branch, but the
original patch was pushed to master only, hence I ask for second
review.
<br>
The originally pushed patch attached, should not need any
modifications for ipa-4-3 branch.
<br>
<br>
Ticket: <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/6133">https://fedorahosted.org/freeipa/ticket/6133</a>
<br>
<br>
Thanks,
<br>
Lenka
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Pushed to ipa-4-3: 40b1459ad0299e95331699be9684682fca02a570<br>
<br>
</body>
</html>