[Freeipa-users] dns stops working after upgrade

Rob Verduijn rob.verduijn at gmail.com
Tue Nov 4 14:27:10 UTC 2014 

Hello again,

I've managed to integrate my katello configuration with freeipa.
Now I not only use freeipa authentication in katello but also when a host
is defined in katello it automagically gets created in the freeipa realm ,
certs, otp,dns all working great.

however, to obtain all this integration greatness I had to downgrade my
freeipa to 3.3.5 again (revert snapshot) because the katello realm
integration tool (foreman-prepare-realm) is not capable of dealing with 4.X
versions of freeipa.

And now the named-pkcs11 again does not see my internal zones.

This page
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart thinks
I should contact the freeipa-users list
The command 'ipa-ldap-updater
/usr/share/ipa/updates/55-pbacmemberof.update' didn't fix it.
and the command 'ipa-ldap-updater' didn't fix it either.

So I am now stuck at freeipa 3.3.5 again (with a working katello
integration, so I got some mixed emotions about it)
Any ideas anyone ?
Rob






2014-10-29 22:14 GMT+01:00 Rob Verduijn <rob.verduijn at gmail.com>:

> Hello,
>
> I've tested the update again.
>
> The bind-utils conflict is still there when I issue "yum update
> freeipa-server" ( as indicated on the freeipa 4.1 download page
> http://www.freeipa.org/page/Downloads#Upgrading )
>
> 'yum update' works fine
>
> My internal zones didn't resolv after the update
> ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update didn't fix
> it
> ipa-ldap-updater did fix the 'access control instructions' and my internal
> dns zones started to resolv again :-)
>
> Cheers
> Rob
>
>
> 2014-10-29 18:14 GMT+01:00 Petr Spacek <pspacek at redhat.com>:
>
>> On 29.10.2014 16:46, Rob Verduijn wrote:
>>
>>> Hello,
>>>
>>> # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update
>>>   fixes the problem.
>>>
>>> I can resolv my internal dns zones again:-)
>>>
>>> Many thanx.
>>>
>>> Since this problem happened every time I tried to update the freeipa
>>> server.
>>> I could re-run the update with some debug options if you like so you can
>>> pinpoint what goes wrong with the update script if you like.
>>>
>>
>> I have re-build some packages in mkosek's CORP so now you should not see
>> encounter dependency problems. Simple 'yum upgrade' should give you all the
>> required packages.
>>
>> We are looking at other problems in upgrade process right now so there is
>> not much to test except package dependencies.
>>
>> --
>> Petr^2 Spacek
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141104/1658f4db/attachment.htm>

More information about the Freeipa-users mailing list