Jakub Hrozek wrote:
Hash: SHA1

On 02/01/2011 04:15 AM, Rob Crittenden wrote:
Jakub Hrozek wrote:
On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote:
On Mon, 31 Jan 2011 22:44:43 +0100
Jakub Hrozek<jhro...@redhat.com>  wrote:


We've run into a chicken-and-egg problem during installation. If the
hostname of the IPA server is not resolvable with DNS during
installation, we'd add it as a NS server for a zone in both the SOA
entry and a NS record -- but no records from the new zone are
resolvable until Bind is restarted, including the new A/AAAA records
for the nameserver.

I tried restarting the named service during Bind instance creation but
that didn't help..not exactly sure why. Anyway, attached is a patch
that forces the NS record creation.

Please note that the --force flag is available via XML-RPC only, it is
completely hidden from the user otherwise.
Minor issue but requires NACK.

You changed the add_zone() signature to always require some parameters,
but did not update it in ipa-replica-prepare

Good catch, thank you!

Attached is a new patch. I also found out that I don't have to require
all the parameters as some (such as admin email) have nice defaults in
the DNS plugin.
This fixes it but I did have problems with overall approach.

To test this I changed the host entry of my machine from slinky to
spanky and ran the installer with --hostname=spanky.domain.

This worked for the initial install and I was able to find the previous
problem with ipa-replica-prepare.

But I ran into other problems when testing this fix. The `hostname` of
the machine is still slinky and very little actually worked. Restarting
httpd failed and running ipa-replica-prepare failed because both were
trying to contact the LDAP server on slinky, etc.

Once I ran hostname spanky.domain everything worked fine.

So ack for this bug but how should we handle these other problems?

Oh, and I've pushed it to master.


This makes me wonder if we tested the same setup as QE did - I was under
the impression that before I introduced the "NS must be resolvable"
constraint, their setup just worked even after installation.
It seemed to just work before :-)
I think I tested a little differently, too - I just added a
ipaserver.testdomain entry to /etc/hosts and ran "ipa-server-install
- --hostname ipaserver.testdomain --no-host-dns -r TESTDOMAIN -n TESTDOMAIN"
you used --no-host-dns .......
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


Freeipa-devel mailing list

Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Freeipa-devel mailing list

Reply via email to