On 05/09/2013 05:44 PM, Jan Cholasta wrote:
> On 9.5.2013 15:14, Martin Kosek wrote:
>> On 05/09/2013 02:39 PM, Petr Viktorin wrote:
>>> On 05/09/2013 02:06 PM, Martin Kosek wrote:
>>>> This should get to 3.2 GA.
>>>>
>>>> -- 
>>>> ipa-dns-install crashed when it was run on a CA-less server.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3617
>>>>
>>>
>>> This solves the issue, ACK
>>>
>>
>> Thanks. Pushed to master.
>>
>> Martin
>>
> 
> Sorry for this, but NACK. With this patch ipa-ca records are not created for
> existing masters unless ipa-dns-install is run on a replica which has CA
> configured. You should instead put the ldap.get_entries() call in a try/except
> block and ignore the NotFound exception which causes the crash.
> 
> You can test it by installing IPA without --setup-dns and without 
> --external-ca
> on server1 and then installing a replica with --setup-dns and without
> --setup-ca on server2. After this, ipa-ca record for server1 should be 
> created.
> 
> Honza
> 

Sending updated patch, please review if you can.

Martin
From 146d904ec797108f16b73f59ea31554c91cb8957 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Thu, 9 May 2013 17:50:15 +0200
Subject: [PATCH] Fix ipa-ca DNS name creation

Previous fix (6d06a7e) did not work properly on a CA-less replica
with CA-powered master.

https://fedorahosted.org/freeipa/ticket/3617
---
 ipaserver/install/bindinstance.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 5a2450e615cb7d0236721f533c22aeb64b94fe9b..ac86e9e7d5713172772b7868233cfa7da91a9fab 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -733,13 +733,17 @@ def __add_ipa_ca_record(self):
         self.__add_ipa_ca_records(self.fqdn, [self.ip_address],
                                   self.ca_configured)
 
-        if self.first_instance and self.ca_configured:
+        if self.first_instance:
             ldap = api.Backend.ldap2
-            entries = ldap.get_entries(
-                DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
-                   api.env.basedn),
-                ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))',
-                ['dn'])
+            try:
+                entries = ldap.get_entries(
+                    DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+                       api.env.basedn),
+                    ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))',
+                    ['dn'])
+            except errors.NotFound:
+                root_logger.debug('No server with CA found')
+                entries = []
 
             for entry in entries:
                 fqdn = entry.dn[1]['cn']
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to