The testing instructions are attached to the ticket. ---
Server framework calls acutil.res_send() to send DNS queries used for various DNS tests. However, once acutil is imported it does not change its list of configured resolvers even when /etc/resolv.conf is changed. This may lead to unexpected resolution issues. We should at least reload httpd when we change /etc/resolv.conf to point to FreeIPA nameserver to force a new import of acutil and thus workaround this bug until it is resolved in authconfig. https://fedorahosted.org/freeipa/ticket/2481
>From d6790fe0796953bd4e90996746ef66c976447fb9 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Tue, 6 Mar 2012 13:26:45 +0100 Subject: [PATCH] Refresh resolvers after DNS install Server framework calls acutil.res_send() to send DNS queries used for various DNS tests. However, once acutil is imported it does not change its list of configured resolvers even when /etc/resolv.conf is changed. This may lead to unexpected resolution issues. We should at least reload httpd when we change /etc/resolv.conf to point to FreeIPA nameserver to force a new import of acutil and thus workaround this bug until it is resolved in authconfig. https://fedorahosted.org/freeipa/ticket/2481 --- install/tools/ipa-dns-install | 7 ++++++- install/tools/ipa-replica-install | 6 +++--- install/tools/ipa-server-install | 8 ++++---- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index c9014371e28f0a1f131f209bc8c7034d2fa87450..096020c5e2619c3719eed15098ec2b1239b720ce 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -22,7 +22,7 @@ import traceback from ipaserver.plugins.ldap2 import ldap2 -from ipaserver.install import bindinstance, ntpinstance +from ipaserver.install import service, bindinstance, ntpinstance, httpinstance from ipaserver.install.installutils import * from ipaserver.install import installutils from ipapython import version @@ -223,6 +223,11 @@ def main(): zone_notif=options.zone_notif) bind.create_instance() + # Restart http instance to make sure acutil has the right resolver + # https://bugzilla.redhat.com/show_bug.cgi?id=800368 + http = httpinstance.HTTPInstance(fstore) + service.print_msg("Restarting the web server") + http.restart() print "==============================================================================" print "Setup complete" diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index e4e4a8d84f3299138f8e2ebc49919979430b27a0..65f5229df222a54a6a159d6f2f31067015369d8d 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -456,13 +456,13 @@ def main(): service.print_msg("Restarting the KDC") krb.restart() + if options.setup_dns: + install_bind(config, options) + # Restart httpd to pick up the new IPA configuration service.print_msg("Restarting the web server") http.restart() - if options.setup_dns: - install_bind(config, options) - # Call client install script try: args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name] diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c379dd77771f0f7d8bb845337d4e613e0929d4c8..9c7388b40dc00385e816bd939a1a843070eea662 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1009,10 +1009,6 @@ def main(): service.print_msg("Restarting the KDC") krb.restart() - # Restart httpd to pick up the new IPA configuration - service.print_msg("Restarting the web server") - http.restart() - # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, @@ -1026,6 +1022,10 @@ def main(): else: bind.create_sample_bind_zone() + # Restart httpd to pick up the new IPA configuration + service.print_msg("Restarting the web server") + http.restart() + # Set the admin user kerberos password ds.change_admin_password(admin_password) -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
