On 17.6.2016 17:05, Martin Basti wrote: > > > On 17.06.2016 15:17, Petr Spacek wrote: >> On 17.6.2016 12:25, Martin Basti wrote: >>> >>> On 17.06.2016 08:46, Petr Spacek wrote: >>>> On 16.6.2016 22:14, Martin Basti wrote: >>>>> On 16.06.2016 15:59, Petr Spacek wrote: >>>>>> On 16.6.2016 13:57, Martin Basti wrote: >>>>>>> On 16.06.2016 12:09, Petr Spacek wrote: >>>>>>>> On 15.6.2016 17:24, Petr Spacek wrote: >>>>>>>>> On 15.6.2016 15:45, Martin Basti wrote: >>>>>>>>>> On 15.06.2016 14:52, Martin Basti wrote: >>>>>>>>>>> <snip> >>>>>>>>>>> Hydra patching: Updated patches attached + new patches for >>>>>>>>>>> dnsserver-* >>>>>>>>>>> commands attached >>>>>>>>>>> Updated+rebased patches after Honza's interactive review >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Minor nitpick fixed >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ACK >>>>>>>>> >>>>>>>>> freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch >>>>>>>>> >>>>>>>>> >>>>>>>>> ACK >>>>>>>>> >>>>>>>>> >>>>>>>>> I will get to the rest later on. >>>>>>>> Problems I found (could be solved in separate patches if you wish): >>>>>>>> >>>>>>>> 1. NACK >>>>>>>> # ipa dns-update-system-records --dry-run >>>>>>>> ipa: ERROR: an internal error has occurred >>>>>>>> ValueError: dns_update_system_records.validate_output(): unexpected >>>>>>>> keys >>>>>>>> ['summary'] in { ... >>>>>>> Fixed >>>>>>>> 2. NACK >>>>>>>> Command ipa dns-update-system-records does not work with DNS >>>>>>>> Administrators >>>>>>>> privilege when some record is missing: >>>>>>>> >>>>>>>> ipa: WARNING: Update of system record >>>>>>>> '_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0 >>>>>>>> 100 464 >>>>>>>> vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient >>>>>>>> access: Insufficient 'write' privilege to the 'objectClass' attribute >>>>>>>> of >>>>>>>> entry >>>>>>>> 'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Fixed (I hope) >>>>>>>> 3. NACK >>>>>>>> IPA server upgrade does not create idnsServerConfigObjects in cn=dns >>>>>>>> In fact the upgrade does not even add the object class into schema. >>>>>>>> >>>>>>> Fixed >>>>>>>> These needs to be fixed before we can proceed. >>>>>>>> >>>>>>> Updated patches attached >>>>>> 4. NACK >>>>>> ipa-ca-install does not add A/AAAA records for the new CA. >>>>> This should work, code is on the right place. Maybe it is a race >>>>> condition. >>>>> >>>>> ... 2 hours later ... >>>>> >>>>> I found that this is broken since 4.3.0, I will fix it separately >>>>> https://fedorahosted.org/freeipa/ticket/5966 >>>>> >>>>> Anyway I found bug in replicainstall (fixed) because copy&paste everywhere >>>>> >>>>>> 5. NACK >>>>>> ipa-replica-manage del <replica> does not delete SRV records from the >>>>>> remaining master >>>>>> >>>>>> # ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com >>>>>> WARNING: yacc table file version is out of date >>>>>> Checking connectivity in topology suffix 'domain' >>>>>> Checking connectivity in topology suffix 'ca' >>>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid >>>>>> 'idnsserverid': must be Unicode text >>>>>> You may need to manually remove them from the tree >>>>>> Checking for deleted segments in suffix 'domain' >>>>>> Agreements deleted >>>>>> Checking for deleted segments in suffix 'ca' >>>>>> Agreements deleted >>>>>> Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries: >>>>>> abc.idm.lab.eng.brq.redhat.com.: DNS zone not found >>>>>> You may need to manually remove them from the tree >>>>> Fixed >>>>>> Manual execution of ipa dns-update-system-records fixes that. >>>>>> >>>>>> >>>>>> >>>>>> Besides NACKs above one more thing is missing: >>>>>> Following config options are not migrated from named.conf to LDAP object: >>>>>> >>>>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> This can go to a separate patch set if you wish (at the very end). >>>>> I will leave this for later, bind-dyndb-ldap will continue working with >>>>> local >>>>> configuration as before, patches are of course welcome. >>>>> >>>>> Updated patches attached, + hydra patching >>>> 6. NACK >>>> # ipa server-show $(hostname) >>>> Managed suffixes: domain, ca >>>> Min domain level: 0 >>>> Max domain level: 1 >>>> Location: l1 >>>> Enabled server roles: CA server, DNS server, NTP server >>>> Server name: vm-046.abc.idm.lab.eng.brq.redhat.com >>>> >>>> [root@vm-046 review]# ipa server-mod $(hostname) --location=l2 >>>> ipa: ERROR: no modifications to be performed >>>> >>> Updated patches attached >> ACK up to patch 519. >> >> 7th NACK to the rest: >> >> It fails while attempting to add non-DNS to a location: >> >> # ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com >> Managed suffixes: domain >> Min domain level: 0 >> Max domain level: 1 >> Location: l1 >> Enabled server roles: >> Server name: vm-046.abc.idm.lab.eng.brq.redhat.com >> >> # ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2 >> ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found >> > > Updated patches attached + 2 extra hydra patches :)
ACK with full force! -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code