Adam Young wrote:
On 08/05/2010 10:36 AM, Rob Crittenden wrote:
Adam Young wrote:
On 08/05/2010 08:45 AM, Rob Crittenden wrote:
Adam Young wrote:
On 07/30/2010 04:02 PM, Adam Young wrote:
On 07/22/2010 02:25 PM, Rob Crittenden wrote:
Make sure that the host behind new host and service records is
actually a resolvable DNS A record. There is a --force flag if
you know what you are doing (or just feel like charging ahead
anyway).
We use a lot of made-up names in the self-tests, had to add the
force flag to all of them.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I can't get this patch to apply:
[ayo...@ayoung freeipa]$ git apply
~/Documents/IPA/freeipa-490-dns.patch
error: patch failed: ipalib/util.py:28
error: ipalib/util.py: patch does not apply
I've tried it both with and without patch 484
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
OK, disregard that, I was able to apply it on top of 484, build
and deploy.
I'd give it an ACK except that I can't figure out how to work
around service-add where the service is not yet resolvable. I
understand that this is not desired, but I'm fairly certain that
not being able to do this will mess up someone.
ipa service-add-host --force --hosts=web.example.com
HTTP/web.example.com
Usage: ipa [global-options] service-add-host PRINCIPAL
ipa: error: no such option: --force
Good catch, this was an oversight. The add-host option is for adding
hosts that are allowed to manage this service (keytab, certificate).
I completely forgot to disable enforcement of DNS on that. I'll
resubmit the patch once I get that worked out.
rob
Are these the only two permutations (Host, Service ) X (Force , No
Force) or are there others? Is there something I should test with
the --dns option?
No, that's about it. --force just says "don't bother with DNS lookup,
user claims to know what they are doing."
I looked into this and --force isn't needed with service-add-host.
This adds hosts that are allowed to manage the service. The host needs
to exist in IPA so therefore must already exist. Therefore --force
isn't needed.
What is lacking in the context of the patch is error reporting which
hosts failed to add. This is addressed in part by patch 499. All that
is needed is the following:
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 11fd18e..a17af89 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -615,6 +615,9 @@ class LDAPAddMember(LDAPModMember):
Str('member',
label=_('Failed members'),
),
+ Str('managedby',
+ label=_('Failed members'),
+ ),
)
def execute(self, *keys, **options):
@@ -720,6 +723,9 @@ class LDAPRemoveMember(LDAPModMember):
Str('member',
label=_('Failed members'),
),
+ Str('managedby',
+ label=_('Failed members'),
+ ),
)
def execute(self, *keys, **options):
I'll submit that as a separate patch shortly.
rob
ACK
pushed to master
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel