[Freeipa-users] IPA 4.1.0 in RHEL 7.1
Dmitri Pal
dpal at redhat.com
Wed Mar 11 23:17:15 UTC 2015
On 03/11/2015 04:37 PM, Steven Jones wrote:
> ======
> [root at vuwunicoipam004 ipa-certs]# ipa-replica-install --setup-dns --forwarder=10.100.32.31 -U replica-info-vuwunicoipam004.ods.vuw.ac.nz.gpg --skip-conncheck
> Checking forwarders, please wait ...
> WARNING: DNS forwarder 10.100.32.31 does not return DNSSEC signatures in answers
> Please fix forwarder configuration to enable DNSSEC support.
> (For BIND 9 add directive "dnssec-enable yes;" to "options {}")
> WARNING: DNSSEC validation will be disabled
> ======
>
> The AD server is a win2k12r2.
Thanks, I will follow up.
> regards
>
> Steven
> ________________________________________
> From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Dmitri Pal <dpal at redhat.com>
> Sent: Thursday, 12 March 2015 9:07 a.m.
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] IPA 4.1.0 in RHEL 7.1
>
> On 03/11/2015 03:49 PM, Steven Jones wrote:
>> Hi,
>>
>> When I try to join a 7.1 based replica to an existing setup and use an AD forwarder the command complains that the AD box isnt doing DNSSEC suggesting to me it is present in 7.1?
> Can you share the message that you get and what steps you take to get to
> that message?
>
>> At the moment however I cant join a 7.1 based IPA server into a 6.6 based IPA cluster. Or a 7.1 client to IPA, to 6.6 for that matter, 7.0 works fine though.
>>
>>
>> regards
>>
>> Steven
>>
>> ________________________________________
>> From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Erinn Looney-Triggs <erinn.looneytriggs at gmail.com>
>> Sent: Thursday, 12 March 2015 8:15 a.m.
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] IPA 4.1.0 in RHEL 7.1
>>
>> First off congratulations on getting this out. Love the new UI, all pretty and
>> integrates well with the access.redhat.com UI.
>>
>> Second, did DNSSEC not make the chop? It looks like for FreeIPA DNSSEC was
>> included in the 4.1.0 release, but near as I can tell it is not part of IPA
>> 4.1.0 in RHEL 7.1.
>>
>> Third, there appears to be a behavior change from in ipalib. I cleaned up a
>> little inventory script for ansible, you can take a look at it here:
>> https://github.com/ansible/ansible/blob/devel/plugins/inventory/freeipa.py
>>
>> Before RHEL 7.1 the call to api.Command.hostgroup_find()['result'] on line 30
>> worked, now it fails:
>>
>> Traceback (most recent call last):
>> File "./freeipa.py", line 133, in <module>
>> list_groups(api)
>> File "./freeipa.py", line 71, in list_groups
>> result = api.Command.host_find()['result']
>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
>> __call__
>> ret = self.run(*args, **options)
>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
>> return self.forward(*args, **options)
>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 776, in
>> forward
>> return self.Backend.rpcclient.forward(self.name, *args, **kw)
>> File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 880, in forward
>> command = getattr(self.conn, name)
>> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 97, in
>> __get_conn
>> self.id, threading.currentThread().getName())
>> AttributeError: no context.rpcclient in thread 'MainThread'
>>
>> Is this expected? Is this a regression?
>>
>> Thanks again for your work.
>>
>> -Erinn
>>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list