On 16.6.2016 13:57, Martin Basti wrote:
>
>
> On 16.06.2016 12:09, Petr Spacek wrote:
>> On 15.6.2016 17:24, Petr Spacek wrote:
>>> On 15.6.2016 15:45, Martin Basti wrote:
>>>>
>>>> On 15.06.2016 14:52, Martin Basti wrote:
>>>>> <snip>
>>>>> Hydra patching: Updated patches attached + new patches for dnsserver-*
>>>>> commands attached
>>>>>>
>>>>> Updated+rebased patches after Honza's interactive review
>>>>>
>>>>>
>>>> Minor nitpick fixed
>>>>
>>>>
>>>>
>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch
>>> ACK
>>>
>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch
>>> ACK
>>>
>>>
>>> I will get to the rest later on.
>>
>> Problems I found (could be solved in separate patches if you wish):
>>
>> 1. NACK
>> # ipa dns-update-system-records --dry-run
>> ipa: ERROR: an internal error has occurred
>> ValueError: dns_update_system_records.validate_output(): unexpected keys
>> ['summary'] in { ...
> Fixed
>>
>> 2. NACK
>> Command ipa dns-update-system-records does not work with DNS Administrators
>> privilege when some record is missing:
>>
>> ipa: WARNING: Update of system record
>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0 100 464
>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
>> access: Insufficient 'write' privilege to the 'objectClass' attribute of
>> entry
>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'.
>>
> Fixed (I hope)
>> 3. NACK
>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns
>> In fact the upgrade does not even add the object class into schema.
>>
> Fixed
>> These needs to be fixed before we can proceed.
>>
> Updated patches attached
4. NACK
ipa-ca-install does not add A/AAAA records for the new CA.
5. NACK
ipa-replica-manage del <replica> does not delete SRV records from the
remaining master
# ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
WARNING: yacc table file version is out of date
Checking connectivity in topology suffix 'domain'
Checking connectivity in topology suffix 'ca'
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
'idnsserverid': must be Unicode text
You may need to manually remove them from the tree
Checking for deleted segments in suffix 'domain'
Agreements deleted
Checking for deleted segments in suffix 'ca'
Agreements deleted
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
You may need to manually remove them from the tree
Manual execution of ipa dns-update-system-records fixes that.
Besides NACKs above one more thing is missing:
Following config options are not migrated from named.conf to LDAP object:
https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade
This can go to a separate patch set if you wish (at the very end).
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
