On 17.06.2016 18:00, Petr Spacek wrote:
On 17.6.2016 17:05, Martin Basti wrote:

On 17.06.2016 15:17, Petr Spacek wrote:
On 17.6.2016 12:25, Martin Basti wrote:
On 17.06.2016 08:46, Petr Spacek wrote:
On 16.6.2016 22:14, Martin Basti wrote:
On 16.06.2016 15:59, Petr Spacek wrote:
On 16.6.2016 13:57, Martin Basti wrote:
On 16.06.2016 12:09, Petr Spacek wrote:
On 15.6.2016 17:24, Petr Spacek wrote:
On 15.6.2016 15:45, Martin Basti wrote:
On 15.06.2016 14:52, Martin Basti wrote:
Hydra patching: Updated patches attached + new patches for dnsserver-*
commands attached
Updated+rebased patches after Honza's interactive review

Minor nitpick fixed





I will get to the rest later on.
Problems I found (could be solved in separate patches if you wish):

# ipa dns-update-system-records --dry-run
ipa: ERROR: an internal error has occurred
ValueError: dns_update_system_records.validate_output(): unexpected keys
['summary'] in { ...
Command ipa dns-update-system-records does not work with DNS
privilege when some record is missing:

ipa: WARNING: Update of system record
'_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0
100 464
vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
access: Insufficient 'write' privilege to the 'objectClass' attribute of

Fixed (I hope)
IPA server upgrade does not create idnsServerConfigObjects in cn=dns
In fact the upgrade does not even add the object class into schema.

These needs to be fixed before we can proceed.

Updated patches attached
ipa-ca-install does not add A/AAAA records for the new CA.
This should work, code is on the right place. Maybe it is a race condition.

... 2 hours later ...

I found that this is broken since 4.3.0, I will fix it separately

Anyway I found bug in replicainstall (fixed) because copy&paste everywhere

ipa-replica-manage del <replica> does not delete SRV records from the
remaining master

# ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
WARNING: yacc table file version is out of date
Checking connectivity in topology suffix 'domain'
Checking connectivity in topology suffix 'ca'
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
'idnsserverid': must be Unicode text
You may need to manually remove them from the tree
Checking for deleted segments in suffix 'domain'
Agreements deleted
Checking for deleted segments in suffix 'ca'
Agreements deleted
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
You may need to manually remove them from the tree
Manual execution of ipa dns-update-system-records fixes that.

Besides NACKs above one more thing is missing:
Following config options are not migrated from named.conf to LDAP object:


This can go to a separate patch set if you wish (at the very end).
I will leave this for later, bind-dyndb-ldap will continue working with
configuration as before, patches are of course welcome.

Updated patches attached, + hydra patching
# ipa server-show $(hostname)
Managed suffixes: domain, ca
     Min domain level: 0
     Max domain level: 1
     Location: l1
     Enabled server roles: CA server, DNS server, NTP server
     Server name: vm-046.abc.idm.lab.eng.brq.redhat.com

[root@vm-046 review]# ipa server-mod $(hostname) --location=l2
ipa: ERROR: no modifications to be performed

Updated patches attached
ACK up to patch 519.

7th NACK to the rest:

It fails while attempting to add non-DNS to a location:

# ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com
    Managed suffixes: domain
    Min domain level: 0
    Max domain level: 1
    Location: l1
    Enabled server roles:
    Server name: vm-046.abc.idm.lab.eng.brq.redhat.com

# ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2
ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found

Updated patches attached + 2 extra hydra patches :)
ACK with full force!

pushed to master:
* ef12cad30b3fc867b3b09abe6521c168dbc3ceaf DNS Locations: set proper substitution variable * 1997733cdf60bbd5fee8a5286d567580fa4e0198 DNS Locations: require to restart named-pkcs11 affter location change * 8dde1201ed9b0ca839ffe7421be7efd04b666e11 DNS Locations: show warning if there is no DNS servers in location * b2931210eb794e52eac4b0e295fcbdfc5bb07f87 DNS Locations: prevent to remove used locations * bbf8227e3fd678d4bd6659a12055ba3dbe1c8230 DNS Locations: do not generate location records for unused locations * 3c50e42036427d7c5e36828f24bd3c180e18a677 DNS Locations: location-del: remove location record * 4155eb7b13b20605886ba79c02c232f83a7b439c DNS Locations: Rename ipalocationweight to ipaserviceweight * 313e63e3e4ba1aa3dd2ae5de54f6d277329fffee DNS Locations: generate NTP records * 88ac58a1ce0641e65bcc7934020f85ef39d8e82b upgrade: don't fail if zone does not exists in in find * e82ce439c4c8a4d2f5b4ef384158de93de1644cc DNS Location: add list of roles and DNS servers to location-show * 8253727de1f823bb6c06d4687019e64dab825ec3 DNS Locations: dnsserver: print specific error when DNS is not installed

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to