On 16.6.2016 22:14, Martin Basti wrote:
>
>
> On 16.06.2016 15:59, Petr Spacek wrote:
>> On 16.6.2016 13:57, Martin Basti wrote:
>>>
>>> On 16.06.2016 12:09, Petr Spacek wrote:
>>>> On 15.6.2016 17:24, Petr Spacek wrote:
>>>>> On 15.6.2016 15:45, Martin Basti wrote:
>>>>>> On 15.06.2016 14:52, Martin Basti wrote:
>>>>>>> <snip>
>>>>>>> Hydra patching: Updated patches attached + new patches for dnsserver-*
>>>>>>> commands attached
>>>>>>> Updated+rebased patches after Honza's interactive review
>>>>>>>
>>>>>>>
>>>>>> Minor nitpick fixed
>>>>>>
>>>>>>
>>>>>>
>>>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch
>>>>>
>>>>> ACK
>>>>>
>>>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch
>>>>> ACK
>>>>>
>>>>>
>>>>> I will get to the rest later on.
>>>> Problems I found (could be solved in separate patches if you wish):
>>>>
>>>> 1. NACK
>>>> # ipa dns-update-system-records --dry-run
>>>> ipa: ERROR: an internal error has occurred
>>>> ValueError: dns_update_system_records.validate_output(): unexpected keys
>>>> ['summary'] in { ...
>>> Fixed
>>>> 2. NACK
>>>> Command ipa dns-update-system-records does not work with DNS Administrators
>>>> privilege when some record is missing:
>>>>
>>>> ipa: WARNING: Update of system record
>>>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0 100
>>>> 464
>>>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
>>>> access: Insufficient 'write' privilege to the 'objectClass' attribute of
>>>> entry
>>>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'.
>>>>
>>>>
>>> Fixed (I hope)
>>>> 3. NACK
>>>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns
>>>> In fact the upgrade does not even add the object class into schema.
>>>>
>>> Fixed
>>>> These needs to be fixed before we can proceed.
>>>>
>>> Updated patches attached
>> 4. NACK
>> ipa-ca-install does not add A/AAAA records for the new CA.
> This should work, code is on the right place. Maybe it is a race condition.
>
> ... 2 hours later ...
>
> I found that this is broken since 4.3.0, I will fix it separately
> https://fedorahosted.org/freeipa/ticket/5966
>
> Anyway I found bug in replicainstall (fixed) because copy&paste everywhere
>
>>
>> 5. NACK
>> ipa-replica-manage del <replica> does not delete SRV records from the
>> remaining master
>>
>> # ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
>> WARNING: yacc table file version is out of date
>> Checking connectivity in topology suffix 'domain'
>> Checking connectivity in topology suffix 'ca'
>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
>> 'idnsserverid': must be Unicode text
>> You may need to manually remove them from the tree
>> Checking for deleted segments in suffix 'domain'
>> Agreements deleted
>> Checking for deleted segments in suffix 'ca'
>> Agreements deleted
>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
>> abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
>> You may need to manually remove them from the tree
> Fixed
>>
>> Manual execution of ipa dns-update-system-records fixes that.
>>
>>
>>
>> Besides NACKs above one more thing is missing:
>> Following config options are not migrated from named.conf to LDAP object:
>>
>> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade
>>
>>
>> This can go to a separate patch set if you wish (at the very end).
> I will leave this for later, bind-dyndb-ldap will continue working with local
> configuration as before, patches are of course welcome.
>
> Updated patches attached, + hydra patching
6. NACK
# ipa server-show $(hostname)
Managed suffixes: domain, ca
Min domain level: 0
Max domain level: 1
Location: l1
Enabled server roles: CA server, DNS server, NTP server
Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
[root@vm-046 review]# ipa server-mod $(hostname) --location=l2
ipa: ERROR: no modifications to be performed
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
