On 24.6.2016 12:25, Martin Basti wrote:
> 
> 
> On 23.06.2016 18:26, Petr Spacek wrote:
>> On 23.6.2016 16:38, Martin Basti wrote:
>>> Patches attached.
>>>
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>>
>>>
>>> freeipa-mbasti-0538-Revert-DNS-Locations-do-not-generate-location-record.patch
>>>
>>>
>>>  From 28499422115cbfbb343033511319c7c8710e1ff5 Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mba...@redhat.com>
>>> Date: Tue, 21 Jun 2016 18:04:13 +0200
>>> Subject: [PATCH 1/4] Revert "DNS Locations: do not generate location records
>>>   for unused locations"
>>>
>>> This reverts commit bbf8227e3fd678d4bd6659a12055ba3dbe1c8230.
>>>
>>> After deeper investigation, we found out that empty locations are needed
>>> for clients, because clients may have cached records for longer time for
>>> that particular location. Only way how to remove location is to remove
>>> it using location-del
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>>   ipaserver/dns_data_management.py | 11 ++++-------
>>>   1 file changed, 4 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/ipaserver/dns_data_management.py
>>> b/ipaserver/dns_data_management.py
>>> index
>>> a9e9c0a3856961b5494c8d3ca30ddb2e4aa5c523..eac2e7d1a5618ea92372bd81b7d12752791ef117
>>> 100644
>>> --- a/ipaserver/dns_data_management.py
>>> +++ b/ipaserver/dns_data_management.py
>>> @@ -68,7 +68,6 @@ class IPASystemRecords(object):
>>>           self.api_instance = api_instance
>>>           self.domain_abs =
>>> DNSName(self.api_instance.env.domain).make_absolute()
>>>           self.servers_data = {}
>>> -        self.used_locations = set()
>>>           self.__init_data()
>>>         def reload_data(self):
>>> @@ -92,7 +91,6 @@ class IPASystemRecords(object):
>>>         def __init_data(self):
>>>           self.servers_data = {}
>>> -        self.used_locations = set()
>>>             servers_result = self.api_instance.Command.server_find(
>>>               pkey_only=True)['result']
>>> @@ -104,8 +102,6 @@ class IPASystemRecords(object):
>>>                   'location': location,
>>>                   'roles': roles,
>>>               }
>>> -            if location:
>>> -                self.used_locations.add(location)
>>>         def __add_srv_records(
>>>           self, zone_obj, hostname, rname_port_map,
>>> @@ -353,12 +349,13 @@ class IPASystemRecords(object):
>>>                   pkey_only=True)['result']
>>>               servers = [s['cn'][0] for s in servers_result]
>>>   -        # generate only records for used location, records for unassigned
>>> -        # locations are useless
>>> +        locations_result =
>>> self.api_instance.Command.location_find()['result']
>>> +        locations = [l['idnsname'][0] for l in locations_result]
>>> +
>>>           for server in servers:
>>>               self._get_location_dns_records_for_server(
>>>                   zone_obj, server,
>>> -                self.used_locations, roles=roles,
>>> +                locations, roles=roles,
>>>                   include_master_role=include_master_role)
>>>           return zone_obj
>>>   -- 2.5.5
>>>
>>>
>>> freeipa-mbasti-0539-DNS-Locations-hide-option-no-msdcs-in-adtrust-instal.patch
>>>
>>>
>>>  From 37cae4f05cd3c0a2c4de037402938a5437dbc072 Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mba...@redhat.com>
>>> Date: Tue, 21 Jun 2016 18:17:55 +0200
>>> Subject: [PATCH 2/4] DNS Locations: hide option --no-msdcs in 
>>> adtrust-install
>>>
>>> Since DNS location mechanism is active, this option has no effect,
>>> because records are generate dynamically.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>>   install/tools/ipa-adtrust-install    | 10 +++++++---
>>>   ipaserver/install/adtrustinstance.py | 21 ++++++++-------------
>>>   2 files changed, 15 insertions(+), 16 deletions(-)
>>>
>>> diff --git a/install/tools/ipa-adtrust-install
>>> b/install/tools/ipa-adtrust-install
>>> index
>>> 5babcdb7cb169e4a944acca55739064e0464d41e..5ba72a65d00ca683239a4ff3c5e7cfdc62c0bb6c
>>> 100755
>>> --- a/install/tools/ipa-adtrust-install
>>> +++ b/install/tools/ipa-adtrust-install
>>> @@ -29,6 +29,8 @@ import ldap
>>>     import six
>>>   +from optparse import SUPPRESS_HELP
>>> +
>>>   from ipaserver.install import adtrustinstance
>>>   from ipaserver.install.installutils import (
>>>       read_password,
>>> @@ -54,9 +56,11 @@ def parse_options():
>>>                         default=False, help="print debugging information")
>>>       parser.add_option("--netbios-name", dest="netbios_name",
>>>                         help="NetBIOS name of the IPA domain")
>>> +
>>> +    # no-msdcs has not effect, option is here just for backward 
>>> compatibility
>>>       parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true",
>>> -                      default=False, help="Do not create DNS service
>>> records " \
>>> -                                          "for Windows in managed DNS
>>> server")
>>> +                      default=False, help=SUPPRESS_HELP)
>>> +
>>>       parser.add_option("--rid-base", dest="rid_base", type=int, 
>>> default=1000,
>>>                         help="Start value for mapping UIDs and GIDs to 
>>> RIDs")
>>>       parser.add_option("--secondary-rid-base", dest="secondary_rid_base",
>>> @@ -390,7 +394,7 @@ def main():
>>>       smb.setup(api.env.host, api.env.realm,
>>>                 netbios_name, reset_netbios_name,
>>>                 options.rid_base, options.secondary_rid_base,
>>> -              options.no_msdcs, options.add_sids,
>>> +              options.add_sids,
>>>                 enable_compat = options.enable_compat)
>>>       smb.find_local_id_range()
>>>       smb.create_instance()
>>> diff --git a/ipaserver/install/adtrustinstance.py
>>> b/ipaserver/install/adtrustinstance.py
>>> index
>>> 6ab15df27216580d440ce72386113d6872c046b2..0114a33a046b863b7e901c3d6f02044f18c45f85
>>> 100644
>>> --- a/ipaserver/install/adtrustinstance.py
>>> +++ b/ipaserver/install/adtrustinstance.py
>>> @@ -124,7 +124,6 @@ class ADTRUSTInstance(service.Service):
>>>       def __init__(self, fstore=None):
>>>           self.netbios_name = None
>>>           self.reset_netbios_name = None
>>> -        self.no_msdcs = None
>>>           self.add_sids = None
>>>           self.smbd_user = None
>>>           self.smb_dn_pwd = None
>>> @@ -585,17 +584,14 @@ class ADTRUSTInstance(service.Service):
>>>             err_msg = None
>>>   -        if self.no_msdcs:
>>> -            err_msg = '--no-msdcs was given, special DNS service records ' 
>>> \
>>> -                      'are not added to local DNS server'
>>> +        ret = api.Command['dns_is_enabled']()
>>> +        if not ret['result']:
>>> +            err_msg = "DNS management was not enabled at install time."
>>>           else:
>>> -            ret = api.Command['dns_is_enabled']()
>>> -            if not ret['result']:
>>> -                err_msg = "DNS management was not enabled at install time."
>>> -            else:
>>> -                if not dns_zone_exists(zone):
>>> -                    err_msg = "DNS zone %s cannot be managed " \
>>> -                              "as it is not defined in IPA" % zone
>>> +            if not dns_zone_exists(zone):
>>> +                err_msg = (
>>> +                    "DNS zone %s cannot be managed as it is not defined in 
>>> "
>>> +                    "IPA" % zone)
>>>             if err_msg:
>>>               self.print_msg(err_msg)
>>> @@ -766,7 +762,7 @@ class ADTRUSTInstance(service.Service):
>>>         def setup(self, fqdn, realm_name, netbios_name,
>>>                 reset_netbios_name, rid_base, secondary_rid_base,
>>> -              no_msdcs=False, add_sids=False, smbd_user="samba",
>>> +              add_sids=False, smbd_user="samba",
>>>                 enable_compat=False):
>>>           self.fqdn = fqdn
>>>           self.realm = realm_name
>>> @@ -774,7 +770,6 @@ class ADTRUSTInstance(service.Service):
>>>           self.reset_netbios_name = reset_netbios_name
>>>           self.rid_base = rid_base
>>>           self.secondary_rid_base = secondary_rid_base
>>> -        self.no_msdcs = no_msdcs
>>>           self.add_sids = add_sids
>>>           self.enable_compat = enable_compat
>>>           self.smbd_user = smbd_user
>>> -- 2.5.5
>>>
>>>
>>> freeipa-mbasti-0540-DNS-Locations-optimization-use-server-find-to-get-in.patch
>>>
>>>
>>>  From 86a3e48bd2494867cdf538d6902ef65cbaada1af Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mba...@redhat.com>
>>> Date: Wed, 22 Jun 2016 13:12:52 +0200
>>> Subject: [PATCH 3/4] DNS Locations: optimization: use server-find to get
>>>   information
>>>
>>> Because separated calls for of server-show, getting server data is quite
>>> slow. This commit replaces several server-show with one server-find
>>> command. There are future plans to improve speed of server-find that
>>> will be beneficial for DNS locations.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>>   ipaserver/dns_data_management.py | 10 ++++------
>>>   1 file changed, 4 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/ipaserver/dns_data_management.py
>>> b/ipaserver/dns_data_management.py
>>> index
>>> eac2e7d1a5618ea92372bd81b7d12752791ef117..e7f65958fb908426ad186b327c3e8cb8f37d66f4
>>> 100644
>>> --- a/ipaserver/dns_data_management.py
>>> +++ b/ipaserver/dns_data_management.py
>>> @@ -78,8 +78,7 @@ class IPASystemRecords(object):
>>>           """
>>>           self.__init_data()
>>>   -    def __get_server_attrs(self, hostname):
>>> -        server_result =
>>> self.api_instance.Command.server_show(hostname)['result']
>>> +    def __get_server_attrs(self, server_result):
>>>           weight = int(server_result.get('ipaserviceweight', [u'100'])[0])
>>>           location = server_result.get('ipalocation_location', [None])[0]
>>>           roles = set(server_result.get('enabled_role_servrole', ()))
>>> @@ -93,11 +92,10 @@ class IPASystemRecords(object):
>>>           self.servers_data = {}
>>>             servers_result = self.api_instance.Command.server_find(
>>> -            pkey_only=True)['result']
>>> -        servers = [s['cn'][0] for s in servers_result]
>>> -        for s in servers:
>>> +            no_members=False)['result']
>>> +        for s in servers_result:
>>>               weight, location, roles = self.__get_server_attrs(s)
>>> -            self.servers_data[s] = {
>>> +            self.servers_data[s['cn'][0]] = {
>>>                   'weight': weight,
>>>                   'location': location,
>>>                   'roles': roles,
>>> -- 2.5.5
>>>
>>>
>>> freeipa-mbasti-0541-DNS-Locations-cleanup-of-bininstance.patch
>>>
>>>
>>>  From 6161501cc11a25b811bd56ba0244b00eaa9edbe0 Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mba...@redhat.com>
>>> Date: Thu, 23 Jun 2016 14:50:11 +0200
>>> Subject: [PATCH 4/4] DNS Locations: cleanup of bininstance
>>>
>>> We don't need anymore:
>>> * sample of zone file - list of all records required by IPa will be
>>> provided
>>>
>>> * NTP related params - DNS records will be updated automatically,
>>> based on LDAP values
>>>
>>> * CA related params - DNS records will be updated automatically based
>>> * on LDAP values
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>>   install/share/bind.zone.db.template        | 29 ---------------
>>>   ipaserver/dns_data_management.py           |  9 +++++
>>>   ipaserver/install/bindinstance.py          | 58
>>> ++++++++----------------------
>>>   ipaserver/install/dns.py                   |  5 ++-
>>>   ipaserver/install/server/install.py        |  8 ++---
>>>   ipaserver/install/server/replicainstall.py |  4 +--
>>>   6 files changed, 30 insertions(+), 83 deletions(-)
>>>   delete mode 100644 install/share/bind.zone.db.template
>>>
>>> diff --git a/install/share/bind.zone.db.template
>>> b/install/share/bind.zone.db.template
>>> deleted file mode 100644
>>> index
>>> ec175c60825869ea9b86f7d1351a96189028b5d4..0000000000000000000000000000000000000000
>>>
>>> --- a/install/share/bind.zone.db.template
>>> +++ /dev/null
>>> @@ -1,29 +0,0 @@
>>> -$$ORIGIN $DOMAIN.
>>> -$$TTL    86400
>>> -@            IN SOA    $DOMAIN. $ZONEMGR (
>>> -                01        ; serial
>>> -                3H        ; refresh
>>> -                15M        ; retry
>>> -                1W        ; expiry
>>> -                1D )        ; minimum
>>> -
>>> -                IN NS            $HOST
>>> -$HOST            IN A            $IP
>>> -;
>>> -; ldap servers
>>> -_ldap._tcp        IN SRV 0 100 389    $HOST
>>> -
>>> -;kerberos realm
>>> -_kerberos        IN TXT $REALM
>>> -
>>> -; kerberos servers
>>> -_kerberos._tcp        IN SRV 0 100 88        $HOST
>>> -_kerberos._udp        IN SRV 0 100 88        $HOST
>>> -_kerberos-master._tcp    IN SRV 0 100 88        $HOST
>>> -_kerberos-master._udp    IN SRV 0 100 88        $HOST
>>> -_kpasswd._tcp        IN SRV 0 100 464    $HOST
>>> -_kpasswd._udp        IN SRV 0 100 464    $HOST
>>> -$OPTIONAL_NTP
>>> -
>>> -; CNAME for IPA CA replicas (used for CRL, OCSP)
>>> -$IPA_CA_RECORD
>>> diff --git a/ipaserver/dns_data_management.py
>>> b/ipaserver/dns_data_management.py
>>> index
>>> e7f65958fb908426ad186b327c3e8cb8f37d66f4..48717c7c478ea4ea62e6cdfe169fd9fe99c0880b
>>> 100644
>>> --- a/ipaserver/dns_data_management.py
>>> +++ b/ipaserver/dns_data_management.py
>>> @@ -477,3 +477,12 @@ class IPASystemRecords(object):
>>>                       )
>>>                   )
>>>           return records
>>> +
>>> +    @classmethod
>>> +    def records_list_from_zone(cls, zone_obj, sort=True):
>>> +        records = []
>>> +        for name, node in zone_obj.items():
>>> +            records.extend(IPASystemRecords.records_list_from_node(name,
>>> node))
>>> +        if sort:
>>> +            records.sort()
>>> +        return records
>>> diff --git a/ipaserver/install/bindinstance.py
>>> b/ipaserver/install/bindinstance.py
>>> index
>>> 08c32f4837a5b4f72b78a52002a58c888db6cc91..a63b2dfd329f7cf535c2cf6e2d83b5c86fdddacf
>>> 100644
>>> --- a/ipaserver/install/bindinstance.py
>>> +++ b/ipaserver/install/bindinstance.py
>>> @@ -623,9 +623,9 @@ class BindInstance(service.Service):
>>>       suffix = ipautil.dn_attribute_property('_suffix')
>>>         def setup(self, fqdn, ip_addresses, realm_name, domain_name,
>>> forwarders,
>>> -              forward_policy, ntp, reverse_zones,
>>> +              forward_policy, reverse_zones,
>>>                 named_user=constants.NAMED_USER, zonemgr=None,
>>> -              ca_configured=None, no_dnssec_validation=False):
>>> +              no_dnssec_validation=False):
>>>           self.named_user = named_user
>>>           self.fqdn = fqdn
>>>           self.ip_addresses = ip_addresses
>>> @@ -635,9 +635,7 @@ class BindInstance(service.Service):
>>>           self.forward_policy = forward_policy
>>>           self.host = fqdn.split(".")[0]
>>>           self.suffix = ipautil.realm_to_suffix(self.realm)
>>> -        self.ntp = ntp
>>>           self.reverse_zones = reverse_zones
>>> -        self.ca_configured = ca_configured
>>>           self.no_dnssec_validation=no_dnssec_validation
>>>             if not zonemgr:
>>> @@ -666,12 +664,17 @@ class BindInstance(service.Service):
>>>       def host_in_default_domain(self):
>>>           return normalize_zone(self.host_domain) ==
>>> normalize_zone(self.domain)
>>>   -    def create_sample_bind_zone(self):
>>> -        bind_txt = ipautil.template_file(ipautil.SHARE_DIR +
>>> "bind.zone.db.template", self.sub_dict)
>>> -        [bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.")
>>> -        os.write(bind_fd, bind_txt)
>>> -        os.close(bind_fd)
>>> -        print("Sample zone file for bind has been created in "+bind_name)
>>> +    def create_file_with_system_records(self):
>>> +        system_records = IPASystemRecords(self.api)
>>> +        text = u'\n'.join(
>>> +            IPASystemRecords.records_list_from_zone(
>>> +                system_records.get_base_records()
>>> +            )
>>> +        )
>>> +        [fd, name] = tempfile.mkstemp(".db","ipa.system.records.")
>>> +        os.write(fd, text)
>>> +        os.close(fd)
>>> +        print("Please add records in this file to your DNS system:", name)
>>>         def create_instance(self):
>>>   @@ -761,41 +764,10 @@ class BindInstance(service.Service):
>>>               root_logger.debug("Unable to mask named (%s)", e)
>>>         def __setup_sub_dict(self):
>>> -        if self.forwarders:
>>> -            fwds = "\n"
>>> -            for forwarder in self.forwarders:
>>> -                fwds += "\t\t%s;\n" % forwarder
>>> -            fwds += "\t"
>>> -        else:
>>> -            fwds = " "
>>> -
>>> -        if self.ntp:
>>> -            optional_ntp =  "\n;ntp server\n"
>>> -            optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" %
>>> self.host_in_rr
>>> -        else:
>>> -            optional_ntp = ""
>>> -
>>> -        ipa_ca = ""
>>> -        for addr in self.ip_addresses:
>>> -            if addr.version in (4, 6):
>>> -                ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % (
>>> -                    IPA_CA_RECORD,
>>> -                    "A" if addr.version == 4 else "AAAA",
>>> -                    str(addr))
>>> -
>>>           self.sub_dict = dict(
>>>               FQDN=self.fqdn,
>>> -            IP=[str(ip) for ip in self.ip_addresses],
>>> -            DOMAIN=self.domain,
>>> -            HOST=self.host,
>>> -            REALM=self.realm,
>>>               SERVER_ID=installutils.realm_to_serverid(self.realm),
>>> -            FORWARDERS=fwds,
>>> -            FORWARD_POLICY=self.forward_policy,
>>>               SUFFIX=self.suffix,
>>> -            OPTIONAL_NTP=optional_ntp,
>>> -            ZONEMGR=self.zonemgr,
>>> -            IPA_CA_RECORD=ipa_ca,
>>>               BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
>>>               MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
>>>               ROOT_KEY=paths.NAMED_ROOT_KEY,
>>> @@ -1026,16 +998,14 @@ class BindInstance(service.Service):
>>>           ipautil.run([paths.GENERATE_RNDC_KEY])
>>>         def add_master_dns_records(self, fqdn, ip_addresses, realm_name,
>>> domain_name,
>>> -                               reverse_zones, ntp=False, 
>>> ca_configured=None):
>>> +                               reverse_zones):
>>>           self.fqdn = fqdn
>>>           self.ip_addresses = ip_addresses
>>>           self.realm = realm_name
>>>           self.domain = domain_name
>>>           self.host = fqdn.split(".")[0]
>>>           self.suffix = ipautil.realm_to_suffix(self.realm)
>>> -        self.ntp = ntp
>>>           self.reverse_zones = reverse_zones
>>> -        self.ca_configured = ca_configured
>>>           self.first_instance = False
>>>           self.zonemgr = 'hostmaster.%s' % self.domain
>>>   diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
>>> index
>>> 2ea11739e07c73132bddee01309af618532e9815..44ebd39dfa7f1d947061c3b4c0347242f8502be0
>>> 100644
>>> --- a/ipaserver/install/dns.py
>>> +++ b/ipaserver/install/dns.py
>>> @@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api):
>>>       bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
>>>                                        autobind=AUTOBIND_ENABLED)
>>>       bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
>>> -               options.forwarders, options.forward_policy, conf_ntp,
>>> +               options.forwarders, options.forward_policy,
>>>                  reverse_zones, zonemgr=options.zonemgr,
>>> -               no_dnssec_validation=options.no_dnssec_validation,
>>> -               ca_configured=options.setup_ca)
>>> +               no_dnssec_validation=options.no_dnssec_validation)
>>>         if standalone and not options.unattended:
>>>           print("")
>>> diff --git a/ipaserver/install/server/install.py
>>> b/ipaserver/install/server/install.py
>>> index
>>> 930cca7b31ca06c04ab92deff49b6a4f198c2b6e..c28c095fb3cccd4cd412c0496374050434e438a1
>>> 100644
>>> --- a/ipaserver/install/server/install.py
>>> +++ b/ipaserver/install/server/install.py
>>> @@ -848,17 +848,17 @@ def install(installer):
>>>       if setup_ca:
>>>           services.knownservices['pki_tomcatd'].restart('pki-tomcat')
>>>   +    api.Backend.ldap2.connect(autobind=True)
>>>       if options.setup_dns:
>>> -        api.Backend.ldap2.connect(autobind=True)
>>>           dns.install(False, False, options)
>>>       else:
>>>           # Create a BIND instance
>>>           bind = bindinstance.BindInstance(fstore, dm_password)
>>>           bind.setup(host_name, ip_addresses, realm_name,
>>> -                   domain_name, (), 'first', not options.no_ntp, (),
>>> -                   zonemgr=options.zonemgr, ca_configured=setup_ca,
>>> +                   domain_name, (), 'first', (),
>>> +                   zonemgr=options.zonemgr,
>>>                      no_dnssec_validation=options.no_dnssec_validation)
>>> -        bind.create_sample_bind_zone()
>>> +        bind.create_file_with_system_records()
>>>         # Restart httpd to pick up the new IPA configuration
>>>       service.print_msg("Restarting the web server")
>>> diff --git a/ipaserver/install/server/replicainstall.py
>>> b/ipaserver/install/server/replicainstall.py
>>> index
>>> 52b2ea5b0691cd99c6cb566af5a15af3b2dffb14..0277d324a60b2893dda57119453dabf5df28ea10
>>> 100644
>>> --- a/ipaserver/install/server/replicainstall.py
>>> +++ b/ipaserver/install/server/replicainstall.py
>>> @@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api):
>>>                                           str(ip),
>>>                                           config.realm_name,
>>>                                           config.domain_name,
>>> -                                        reverse_zone,
>>> -                                        not options.no_ntp,
>>> -                                        options.setup_ca)
>>> +                                        reverse_zone)
>>>       except errors.NotFound as e:
>>>           root_logger.debug('Replica DNS records could not be added '
>>>                             'on master: %s', str(e))
>>> -- 2.5.5
>> While testing this patch I've found out that ipa-dns-install does not work
>> idempotently anymore and explodes when re-run.
>>
>> I'm not sure what is the root cause yet.
>>
>> # ipa-dns-install --forwarder 10.34.78.1
>>
>> WARNING: yacc table file version is out of date
>>
>> The log file for this installation can be found in
>> /var/log/ipaserver-install.log
>> ==============================================================================
>> This program will setup DNS for the FreeIPA Server.
>>
>> This includes:
>>    * Configure DNS (bind)
>>    * Configure SoftHSM (required by DNSSEC)
>>    * Configure ipa-dnskeysyncd (required by DNSSEC)
>>
>> NOTE: DNSSEC zone signing is not enabled by default
>>
>>
>> To accept the default shown in brackets, press the Enter key.
>>
>> Checking DNS forwarders, please wait ...
>> Do you want to search for missing reverse zones? [yes]:
>>
>> The following operations may take some minutes to complete.
>> Please wait until the prompt is returned.
>>
>> Configuring DNS (named)
>>    [1/8]: generating rndc key file
>>    [2/8]: setting up our own record
>> ipa         : ERROR    DNS query for
>> vm-058-082.abc.idm.lab.eng.brq.redhat.com. A failed: The DNS operation timed
>> out after 30.0012078285 seconds
>>    [error] DNSResolverError: The DNS operation timed out after 30.0012078285
>> seconds
>> Unexpected error - see /var/log/ipaserver-install.log for details:
>> DNSResolverError: The DNS operation timed out after 30.0012078285 seconds
>>
>> 2016-06-23T15:41:54Z DEBUG   [2/8]: setting up our own record
>> 2016-06-23T15:41:54Z DEBUG raw:
>> dnszone_show(u'abc.idm.lab.eng.brq.redhat.com', version=u'2.199')
>> 2016-06-23T15:41:54Z DEBUG dnszone_show(<DNS name
>> abc.idm.lab.eng.brq.redhat.com.>, rights=False, all=False, raw=False,
>> version=u'2.199')
>> 2016-06-23T15:42:24Z ERROR DNS query for
>> vm-058-082.abc.idm.lab.eng.brq.redhat.com. A failed: The DNS operation timed
>> out after 30.0012078285 seconds
>> 2016-06-23T15:42:24Z DEBUG Traceback (most recent call last):
>>    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 448, in start_creation
>>      run_step(full_msg, method)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 438, in run_step
>>      method()
>>    File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
>> line 860, in __add_self
>>      self.__add_master_records(self.fqdn, self.ip_addresses)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
>> line 843, in __add_master_records
>>      verify_host_resolvable(fqdn)
>>    File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 76, in
>> verify_host_resolvable
>>      raise errors.DNSResolverError(exception=ex)
>> DNSResolverError: The DNS operation timed out after 30.0012078285 seconds
> IMO this the same case as https://fedorahosted.org/freeipa/ticket/5962  we
> changed resolving of server hostname from gethosbyname() to pure DNS
> 
> Workaround is to set nameserver to /etc/resolv.conf
>>
>>
>>
>> I was not able to test replica installation because of some weird ACI problem
>> somewhere, replica install is failing with ACIError while adding ldap/replica
>> principal. This is probably a regression from some other patchset.
>>
>> https://fedorahosted.org/freeipa/ticket/5996

NACK

make[5]: *** No rule to make target 'bind.zone.db.template', needed by
'all-am'.  Stop.

I'm not exactly sure how I missed this before, possibly git clean -xdf was
missing ...

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to