[Freeipa-users] IPA 4.1.0 in RHEL 7.1

Steven Jones Steven.Jones at vuw.ac.nz
Wed Mar 11 20:37:33 UTC 2015 

======
[root at vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg  --skip-conncheck
Checking forwarders, please wait ...
WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
Please fix forwarder configuration to enable DNSSEC support.
(For BIND 9 add directive "dnssec-enable yes;" to "options {}")
WARNING: DNSSEC validation will be disabled
======

The AD server is a win2k12r2.

regards

Steven
________________________________________
From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Dmitri Pal <dpal at redhat.com>
Sent: Thursday, 12 March 2015 9:07 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] IPA 4.1.0 in RHEL 7.1

On 03/11/2015 03:49 PM, Steven Jones wrote:
> Hi,
>
> When I try to join a 7.1 based replica to an existing setup and use an AD forwarder the command complains that the AD box isnt doing DNSSEC suggesting to me it is present in 7.1?

Can you share the message that you get and what steps you take to get to
that message?

>
> At the moment however I cant join a 7.1 based IPA server into a 6.6 based IPA cluster.  Or a 7.1 client to IPA, to 6.6 for that matter, 7.0 works fine though.
>
>
> regards
>
> Steven
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Erinn Looney-Triggs <erinn.looneytriggs at gmail.com>
> Sent: Thursday, 12 March 2015 8:15 a.m.
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] IPA 4.1.0 in RHEL 7.1
>
> First off congratulations on getting this out. Love the new UI, all pretty and
> integrates well with the access.redhat.com UI.
>
> Second, did DNSSEC not make the chop? It looks like for FreeIPA DNSSEC was
> included in the 4.1.0 release, but near as I can tell it is not part of IPA
> 4.1.0 in RHEL 7.1.
>
> Third, there appears to be a behavior change from in ipalib. I cleaned up a
> little inventory script for ansible, you can take a look at it here:
> https://github.com/ansible/ansible/blob/devel/plugins/inventory/freeipa.py
>
> Before RHEL 7.1 the call to api.Command.hostgroup_find()['result'] on line 30
> worked, now it fails:
>
> Traceback (most recent call last):
>    File "./freeipa.py", line 133, in <module>
>      list_groups(api)
>    File "./freeipa.py", line 71, in list_groups
>      result = api.Command.host_find()['result']
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
> __call__
>      ret = self.run(*args, **options)
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
>      return self.forward(*args, **options)
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 776, in
> forward
>      return self.Backend.rpcclient.forward(self.name, *args, **kw)
>    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 880, in forward
>      command = getattr(self.conn, name)
>    File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 97, in
> __get_conn
>      self.id, threading.currentThread().getName())
> AttributeError: no context.rpcclient in thread 'MainThread'
>
> Is this expected? Is this a regression?
>
> Thanks again for your work.
>
> -Erinn
>


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list