On 07/27/2012 02:24 PM, Petr Viktorin wrote:
> On 07/26/2012 11:48 PM, John Dennis wrote:
>> I have applied the suggested fixes, rebased against master, run all the
>> unit tests successfully, built RPM's, did a full install without errors,
>> and brought up the web UI successfully.
>>
>> The current code can be found here:
>>
>> git clone git://fedorapeople.org/~jdennis/freeipa.dn.git
>> git checkout dn
>>
>> I did not squash the individual commits (but they should be before we
>> apply to master).
>
> Thank you!
>
>> Please test (again).
>>
>> I continue to believe the greatest lurking liability is the installer
>> code and the individual command line utilities (e.g. replica-manage,
>> etc.) Aside from the server install I have not exercised those components.
>
> Please test them, most of them just don't work. They're practically the only
> ones that use the old Entity & Entry, so related bugs won't show up unless you
> run the utilities.
>
>
>
>
> ipa-ldap-updater still fails:
>
> 2012-07-27T10:21:05Z DEBUG Traceback (most recent call last):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> line 112, in __upgrade
> self.modified = ld.update(self.files)
> File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line
> 879, in update
> updates = api.Backend.updateclient.update(POST_UPDATE, self.dm_password,
> self.ldapi, self.live_run)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
> line 134, in update
> if dn not in rdn_count_list[rdn_count]:
> IndexError: list index out of range
>
> The offending code is:
> rdn_count = len(DN(dn))
> rdn_count_list = dn_by_rdn_count.setdefault(rdn_count, [])
> if dn not in rdn_count_list[rdn_count]:
> rdn_count_list[rdn_count].append(dn)
>
> rdn_count_list is dn_by_rdn_count[rdn_count]; indexing with rdn_count again is
> an error.
>
> I find the variable names are a bit confusing here.
>
>
>
>
> ipa-replica-prepare is also unusable:
>
> $ sudo ipa-replica-prepare vm-125.$DOMAIN --ip-address $IP
> Directory Manager (existing master) password:
>
> Preparing replica for vm-125.idm.lab.bos.redhat.com from
> vm-134.idm.lab.bos.redhat.com
> preparation of replica failed: '__getitem__'
> '__getitem__'
> File "/sbin/ipa-replica-prepare", line 461, in <module>
> main()
>
> File "/sbin/ipa-replica-prepare", line 309, in main
> dirman_password)
>
> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 99, in enable_replication_version_checking
> conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled',
> 'on')])
>
> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 143, in
> __getattr__
> return self.__dict__[name]
>
> i.e. entry[0] tries to call entry.__getitem__.
>
> I haven't tested any replica-related tools since I couldn't prepare a replica.
>
>
>
>
> ipa-compliance still has the same error as before
>
>
>
>
> ipa-managed-entries still fails:
> File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 607, in run_script
> return_value = main_function()
>
> File "install/tools/ipa-managed-entries", line 133, in main
> managed_entries = [entry.cn for entry in entries]
>
> You need entry.data['cn'] instead.
>
>
>
>
> I also get several errors in the DNS plugin test suite:
>
> Traceback (most recent call last):
> File "/home/pviktori/freeipa/ipaserver/rpcserver.py", line 332, in
> wsgi_execute
> result = self.Command[name](*args, **options)
> File "/home/pviktori/freeipa/ipalib/frontend.py", line 435, in __call__
> ret = self.run(*args, **options)
> File "/home/pviktori/freeipa/ipalib/frontend.py", line 747, in run
> return self.execute(*args, **options)
> File "/home/pviktori/freeipa/ipalib/plugins/dns.py", line 2458, in execute
> result = super(dnsrecord_mod, self).execute(*keys, **options)
> File "/home/pviktori/freeipa/ipalib/plugins/baseldap.py", line 1351, in
> execute
> assert isinstance(dn, DN)
> AssertionError
>
> ipa: INFO: ad...@idm.lab.bos.redhat.com: dnsrecord_mod(u'dnszone.test',
> u'testcnamerec', arecord=(u'10.0.0.1',), cnamerecord=None, rights=False,
> structured=False, all=False, raw=False, version=u'2.41'): AssertionError
>
> This is a good catch; the dnsrecord_mod post_callback should return the DN,
> not
> None.
>
I started reviewing the latest state of your DN effort in your git repo. It is
in much better shape than before, but I still found some issues in utilities we
use. I am sending what I have found so far.
1) ipa-managed-entries is broken
# ipa-managed-entries -l
Available Managed Entry Definitions:
[u'UPG Definition']
[u'NGP Definition']
# ipa-managed-entries -e 'UPG Definition' status
Unexpected error
AttributeError: 'LDAPEntry' object has no attribute 'originfilter'
2) ipa-replica-prepare is broken when --ip-address is passed
# ipa-replica-prepare vm-055.idm.lab.bos.redhat.com --ip-address=10.16.78.55
Directory Manager (existing master) password:
Preparing replica for vm-055.idm.lab.bos.redhat.com from
vm-086.idm.lab.bos.redhat.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into
/var/lib/ipa/replica-info-vm-055.idm.lab.bos.redhat.com.gpg
Adding DNS records for vm-055.idm.lab.bos.redhat.com
preparation of replica failed: invalid 'ip_address': Gettext('invalid IP
address format', domain='ipa', localedir=None)
invalid 'ip_address': Gettext('invalid IP address format', domain='ipa',
localedir=None)
File "/sbin/ipa-replica-prepare", line 464, in <module>
main()
File "/sbin/ipa-replica-prepare", line 452, in main
add_zone(domain)
File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
line 302, in add_zone
idnsallowtransfer=u'none',)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 433, in
__call__
self.validate(**params)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 705, in
validate
param.validate(value, self.env.context, supplied=param.name in kw)
File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 879, in
validate
self._validate_scalar(value)
File "/usr/lib/python2.7/site-packages/ipalib/parameters.py", line 900, in
_validate_scalar
rule=rule,
3) ipa-replica-manage list is broken:
# ipa-replica-manage list
Failed to get data from 'vm-086.idm.lab.bos.redhat.com':
base="cn=replicas,cn=ipa,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
scope=1, filterstr="(objectClass=*)"
I think the problem here is that the following code in ipa-replica-manage
returns an exception when no entry in cn=replicas is found (which is ok):
dn = DN(('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'),
ipautil.realm_to_suffix(realm))
entries = conn.getList(dn, ldap.SCOPE_ONELEVEL)
4) IPA compliance is broken
# ipa-compliance
IPA compliance checking failed:
This is the traceback (some DN was left in string format):
Traceback (most recent call last):
File "/sbin/ipa-compliance", line 198, in <module>
main()
File "/sbin/ipa-compliance", line 179, in main
check_compliance(tmpdir, options.debug)
File "/sbin/ipa-compliance", line 121, in check_compliance
size_limit = -1)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
1087, in find_entries
assert isinstance(base_dn, DN)
AssertionError
Btw. Petr Vobornik is testing Web UI, so far so good on this side...
Martin
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
