On 17.6.2016 12:25, Martin Basti wrote:
>
>
> On 17.06.2016 08:46, Petr Spacek wrote:
>> On 16.6.2016 22:14, Martin Basti wrote:
>>>
>>> On 16.06.2016 15:59, Petr Spacek wrote:
>>>> On 16.6.2016 13:57, Martin Basti wrote:
>>>>> On 16.06.2016 12:09, Petr Spacek wrote:
>>>>>> On 15.6.2016 17:24, Petr Spacek wrote:
>>>>>>> On 15.6.2016 15:45, Martin Basti wrote:
>>>>>>>> On 15.06.2016 14:52, Martin Basti wrote:
>>>>>>>>> <snip>
>>>>>>>>> Hydra patching: Updated patches attached + new patches for dnsserver-*
>>>>>>>>> commands attached
>>>>>>>>> Updated+rebased patches after Honza's interactive review
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Minor nitpick fixed
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch
>>>>>>>
>>>>>>>
>>>>>>> ACK
>>>>>>>
>>>>>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch
>>>>>>>
>>>>>>> ACK
>>>>>>>
>>>>>>>
>>>>>>> I will get to the rest later on.
>>>>>> Problems I found (could be solved in separate patches if you wish):
>>>>>>
>>>>>> 1. NACK
>>>>>> # ipa dns-update-system-records --dry-run
>>>>>> ipa: ERROR: an internal error has occurred
>>>>>> ValueError: dns_update_system_records.validate_output(): unexpected keys
>>>>>> ['summary'] in { ...
>>>>> Fixed
>>>>>> 2. NACK
>>>>>> Command ipa dns-update-system-records does not work with DNS
>>>>>> Administrators
>>>>>> privilege when some record is missing:
>>>>>>
>>>>>> ipa: WARNING: Update of system record
>>>>>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0
>>>>>> 100 464
>>>>>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
>>>>>> access: Insufficient 'write' privilege to the 'objectClass' attribute of
>>>>>> entry
>>>>>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'.
>>>>>>
>>>>>>
>>>>>>
>>>>> Fixed (I hope)
>>>>>> 3. NACK
>>>>>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns
>>>>>> In fact the upgrade does not even add the object class into schema.
>>>>>>
>>>>> Fixed
>>>>>> These needs to be fixed before we can proceed.
>>>>>>
>>>>> Updated patches attached
>>>> 4. NACK
>>>> ipa-ca-install does not add A/AAAA records for the new CA.
>>> This should work, code is on the right place. Maybe it is a race condition.
>>>
>>> ... 2 hours later ...
>>>
>>> I found that this is broken since 4.3.0, I will fix it separately
>>> https://fedorahosted.org/freeipa/ticket/5966
>>>
>>> Anyway I found bug in replicainstall (fixed) because copy&paste everywhere
>>>
>>>> 5. NACK
>>>> ipa-replica-manage del <replica> does not delete SRV records from the
>>>> remaining master
>>>>
>>>> # ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
>>>> WARNING: yacc table file version is out of date
>>>> Checking connectivity in topology suffix 'domain'
>>>> Checking connectivity in topology suffix 'ca'
>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
>>>> 'idnsserverid': must be Unicode text
>>>> You may need to manually remove them from the tree
>>>> Checking for deleted segments in suffix 'domain'
>>>> Agreements deleted
>>>> Checking for deleted segments in suffix 'ca'
>>>> Agreements deleted
>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
>>>> abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
>>>> You may need to manually remove them from the tree
>>> Fixed
>>>> Manual execution of ipa dns-update-system-records fixes that.
>>>>
>>>>
>>>>
>>>> Besides NACKs above one more thing is missing:
>>>> Following config options are not migrated from named.conf to LDAP object:
>>>>
>>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade
>>>>
>>>>
>>>>
>>>> This can go to a separate patch set if you wish (at the very end).
>>> I will leave this for later, bind-dyndb-ldap will continue working with
>>> local
>>> configuration as before, patches are of course welcome.
>>>
>>> Updated patches attached, + hydra patching
>> 6. NACK
>> # ipa server-show $(hostname)
>> Managed suffixes: domain, ca
>> Min domain level: 0
>> Max domain level: 1
>> Location: l1
>> Enabled server roles: CA server, DNS server, NTP server
>> Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
>>
>> [root@vm-046 review]# ipa server-mod $(hostname) --location=l2
>> ipa: ERROR: no modifications to be performed
>>
> Updated patches attached
ACK up to patch 519.
7th NACK to the rest:
It fails while attempting to add non-DNS to a location:
# ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com
Managed suffixes: domain
Min domain level: 0
Max domain level: 1
Location: l1
Enabled server roles:
Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
# ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2
ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
