On 17.6.2016 12:25, Martin Basti wrote: > > > On 17.06.2016 08:46, Petr Spacek wrote: >> On 16.6.2016 22:14, Martin Basti wrote: >>> >>> On 16.06.2016 15:59, Petr Spacek wrote: >>>> On 16.6.2016 13:57, Martin Basti wrote: >>>>> On 16.06.2016 12:09, Petr Spacek wrote: >>>>>> On 15.6.2016 17:24, Petr Spacek wrote: >>>>>>> On 15.6.2016 15:45, Martin Basti wrote: >>>>>>>> On 15.06.2016 14:52, Martin Basti wrote: >>>>>>>>> <snip> >>>>>>>>> Hydra patching: Updated patches attached + new patches for dnsserver-* >>>>>>>>> commands attached >>>>>>>>> Updated+rebased patches after Honza's interactive review >>>>>>>>> >>>>>>>>> >>>>>>>> Minor nitpick fixed >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch >>>>>>> >>>>>>> >>>>>>> ACK >>>>>>> >>>>>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch >>>>>>> >>>>>>> ACK >>>>>>> >>>>>>> >>>>>>> I will get to the rest later on. >>>>>> Problems I found (could be solved in separate patches if you wish): >>>>>> >>>>>> 1. NACK >>>>>> # ipa dns-update-system-records --dry-run >>>>>> ipa: ERROR: an internal error has occurred >>>>>> ValueError: dns_update_system_records.validate_output(): unexpected keys >>>>>> ['summary'] in { ... >>>>> Fixed >>>>>> 2. NACK >>>>>> Command ipa dns-update-system-records does not work with DNS >>>>>> Administrators >>>>>> privilege when some record is missing: >>>>>> >>>>>> ipa: WARNING: Update of system record >>>>>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0 >>>>>> 100 464 >>>>>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient >>>>>> access: Insufficient 'write' privilege to the 'objectClass' attribute of >>>>>> entry >>>>>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'. >>>>>> >>>>>> >>>>>> >>>>> Fixed (I hope) >>>>>> 3. NACK >>>>>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns >>>>>> In fact the upgrade does not even add the object class into schema. >>>>>> >>>>> Fixed >>>>>> These needs to be fixed before we can proceed. >>>>>> >>>>> Updated patches attached >>>> 4. NACK >>>> ipa-ca-install does not add A/AAAA records for the new CA. >>> This should work, code is on the right place. Maybe it is a race condition. >>> >>> ... 2 hours later ... >>> >>> I found that this is broken since 4.3.0, I will fix it separately >>> https://fedorahosted.org/freeipa/ticket/5966 >>> >>> Anyway I found bug in replicainstall (fixed) because copy&paste everywhere >>> >>>> 5. NACK >>>> ipa-replica-manage del <replica> does not delete SRV records from the >>>> remaining master >>>> >>>> # ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com >>>> WARNING: yacc table file version is out of date >>>> Checking connectivity in topology suffix 'domain' >>>> Checking connectivity in topology suffix 'ca' >>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid >>>> 'idnsserverid': must be Unicode text >>>> You may need to manually remove them from the tree >>>> Checking for deleted segments in suffix 'domain' >>>> Agreements deleted >>>> Checking for deleted segments in suffix 'ca' >>>> Agreements deleted >>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries: >>>> abc.idm.lab.eng.brq.redhat.com.: DNS zone not found >>>> You may need to manually remove them from the tree >>> Fixed >>>> Manual execution of ipa dns-update-system-records fixes that. >>>> >>>> >>>> >>>> Besides NACKs above one more thing is missing: >>>> Following config options are not migrated from named.conf to LDAP object: >>>> >>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade >>>> >>>> >>>> >>>> This can go to a separate patch set if you wish (at the very end). >>> I will leave this for later, bind-dyndb-ldap will continue working with >>> local >>> configuration as before, patches are of course welcome. >>> >>> Updated patches attached, + hydra patching >> 6. NACK >> # ipa server-show $(hostname) >> Managed suffixes: domain, ca >> Min domain level: 0 >> Max domain level: 1 >> Location: l1 >> Enabled server roles: CA server, DNS server, NTP server >> Server name: vm-046.abc.idm.lab.eng.brq.redhat.com >> >> [root@vm-046 review]# ipa server-mod $(hostname) --location=l2 >> ipa: ERROR: no modifications to be performed >> > Updated patches attached
ACK up to patch 519. 7th NACK to the rest: It fails while attempting to add non-DNS to a location: # ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com Managed suffixes: domain Min domain level: 0 Max domain level: 1 Location: l1 Enabled server roles: Server name: vm-046.abc.idm.lab.eng.brq.redhat.com # ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2 ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code