On 17.06.2016 15:17, Petr Spacek wrote:
On 17.6.2016 12:25, Martin Basti wrote:

On 17.06.2016 08:46, Petr Spacek wrote:
On 16.6.2016 22:14, Martin Basti wrote:
On 16.06.2016 15:59, Petr Spacek wrote:
On 16.6.2016 13:57, Martin Basti wrote:
On 16.06.2016 12:09, Petr Spacek wrote:
On 15.6.2016 17:24, Petr Spacek wrote:
On 15.6.2016 15:45, Martin Basti wrote:
On 15.06.2016 14:52, Martin Basti wrote:
Hydra patching: Updated patches attached + new patches for dnsserver-*
commands attached
Updated+rebased patches after Honza's interactive review

Minor nitpick fixed





I will get to the rest later on.
Problems I found (could be solved in separate patches if you wish):

# ipa dns-update-system-records --dry-run
ipa: ERROR: an internal error has occurred
ValueError: dns_update_system_records.validate_output(): unexpected keys
['summary'] in { ...
Command ipa dns-update-system-records does not work with DNS Administrators
privilege when some record is missing:

ipa: WARNING: Update of system record
'_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0
100 464
vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
access: Insufficient 'write' privilege to the 'objectClass' attribute of

Fixed (I hope)
IPA server upgrade does not create idnsServerConfigObjects in cn=dns
In fact the upgrade does not even add the object class into schema.

These needs to be fixed before we can proceed.

Updated patches attached
ipa-ca-install does not add A/AAAA records for the new CA.
This should work, code is on the right place. Maybe it is a race condition.

... 2 hours later ...

I found that this is broken since 4.3.0, I will fix it separately

Anyway I found bug in replicainstall (fixed) because copy&paste everywhere

ipa-replica-manage del <replica> does not delete SRV records from the
remaining master

# ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
WARNING: yacc table file version is out of date
Checking connectivity in topology suffix 'domain'
Checking connectivity in topology suffix 'ca'
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
'idnsserverid': must be Unicode text
You may need to manually remove them from the tree
Checking for deleted segments in suffix 'domain'
Agreements deleted
Checking for deleted segments in suffix 'ca'
Agreements deleted
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
You may need to manually remove them from the tree
Manual execution of ipa dns-update-system-records fixes that.

Besides NACKs above one more thing is missing:
Following config options are not migrated from named.conf to LDAP object:


This can go to a separate patch set if you wish (at the very end).
I will leave this for later, bind-dyndb-ldap will continue working with local
configuration as before, patches are of course welcome.

Updated patches attached, + hydra patching
# ipa server-show $(hostname)
Managed suffixes: domain, ca
    Min domain level: 0
    Max domain level: 1
    Location: l1
    Enabled server roles: CA server, DNS server, NTP server
    Server name: vm-046.abc.idm.lab.eng.brq.redhat.com

[root@vm-046 review]# ipa server-mod $(hostname) --location=l2
ipa: ERROR: no modifications to be performed

Updated patches attached
ACK up to patch 519.
* 0f5cca0e45481520d25b20b48f939b2581f4d27b DNS Locations: add index for ipalocation attribute
* d7671ee66786b674454b7b58c9558e0c7c853cd5 DNS Locations: fix location-del
* 745a2e6471b27faabeb5479b9d2845b18606d8b0 DNS Locations: add idnsTemplateObject objectclass * 87c23ba029df9227384b3f5e2028f3f0e429e9ab DNS Locations: DNS data management * 394b094fc22ef67742824ec03d4e851a2876fd81 DNS Locations: permission: allow to read status of services * cf634a4ff8a100589f99e57c51b2c4591853e88a DNS Locations: add ACI for template attribute * e23159596e1851f156461d00b9f9f99dc698e12b DNS Locations: command dns-update-system-records * 45a93265740fdfc14e6ee8785f844f8d34508fc4 DNS Locations: use dns_update_service_records in installers * a5a6ceafcd3418a6242bbf948d825f2b61c95f23 DNS Locations: adtrustinstance simplify dns management * a7e463948db5870d264f59954c9a2e9b5b59e1dd DNS Locations: use automatic records update in ipa-adtrust-install * 4076e8e4e50d527f613536138cd851cd068cd2d9 DNS Locations: server-mod: add automatic records update * 88a0952f26f9d1e2ee9d02126b27f3075dbad46a DNS Locations: dnsservers: add required objectclasses * 2157ea0e6d0d762bdc71022ddd55045406c4b300 DNS Locations: dnsserver-* commands * 52590d6fa581e3b53e2c9350dc307a1f360c40a3 DNS Locations: dnsserver: put server_id option into named.conf * 08265f1e92bd91d9e4ba3285b953ff9ccd79040b DNS Locations: dnsserver: use the newer config way in installer * d70e52b61b35f42ca2d34ef05310fd2c18c882ce DNS Locations: dnsserver: remove config when replica is removed

7th NACK to the rest:
Actually it is just 2nd NACK, because patches 520+ have just 2nd revision ;-)

It fails while attempting to add non-DNS to a location:

# ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com
   Managed suffixes: domain
   Min domain level: 0
   Max domain level: 1
   Location: l1
   Enabled server roles:
   Server name: vm-046.abc.idm.lab.eng.brq.redhat.com

# ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2
ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found

Will send fix, soon...

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to