On 27.6.2016 11:43, Martin Basti wrote: > > > On 27.06.2016 10:56, Petr Spacek wrote: >> On 24.6.2016 12:25, Martin Basti wrote: >>> >>> On 23.06.2016 18:26, Petr Spacek wrote: >>>> On 23.6.2016 16:38, Martin Basti wrote: >>>>> Patches attached. >>>>> >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/2008 >>>>> >>>>> >>>>> freeipa-mbasti-0538-Revert-DNS-Locations-do-not-generate-location-record.patch >>>>> >>>>> >>>>> >>>>> From 28499422115cbfbb343033511319c7c8710e1ff5 Mon Sep 17 00:00:00 2001 >>>>> From: Martin Basti <mba...@redhat.com> >>>>> Date: Tue, 21 Jun 2016 18:04:13 +0200 >>>>> Subject: [PATCH 1/4] Revert "DNS Locations: do not generate location >>>>> records >>>>> for unused locations" >>>>> >>>>> This reverts commit bbf8227e3fd678d4bd6659a12055ba3dbe1c8230. >>>>> >>>>> After deeper investigation, we found out that empty locations are needed >>>>> for clients, because clients may have cached records for longer time for >>>>> that particular location. Only way how to remove location is to remove >>>>> it using location-del >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/2008 >>>>> --- >>>>> ipaserver/dns_data_management.py | 11 ++++------- >>>>> 1 file changed, 4 insertions(+), 7 deletions(-) >>>>> >>>>> diff --git a/ipaserver/dns_data_management.py >>>>> b/ipaserver/dns_data_management.py >>>>> index >>>>> a9e9c0a3856961b5494c8d3ca30ddb2e4aa5c523..eac2e7d1a5618ea92372bd81b7d12752791ef117 >>>>> >>>>> 100644 >>>>> --- a/ipaserver/dns_data_management.py >>>>> +++ b/ipaserver/dns_data_management.py >>>>> @@ -68,7 +68,6 @@ class IPASystemRecords(object): >>>>> self.api_instance = api_instance >>>>> self.domain_abs = >>>>> DNSName(self.api_instance.env.domain).make_absolute() >>>>> self.servers_data = {} >>>>> - self.used_locations = set() >>>>> self.__init_data() >>>>> def reload_data(self): >>>>> @@ -92,7 +91,6 @@ class IPASystemRecords(object): >>>>> def __init_data(self): >>>>> self.servers_data = {} >>>>> - self.used_locations = set() >>>>> servers_result = self.api_instance.Command.server_find( >>>>> pkey_only=True)['result'] >>>>> @@ -104,8 +102,6 @@ class IPASystemRecords(object): >>>>> 'location': location, >>>>> 'roles': roles, >>>>> } >>>>> - if location: >>>>> - self.used_locations.add(location) >>>>> def __add_srv_records( >>>>> self, zone_obj, hostname, rname_port_map, >>>>> @@ -353,12 +349,13 @@ class IPASystemRecords(object): >>>>> pkey_only=True)['result'] >>>>> servers = [s['cn'][0] for s in servers_result] >>>>> - # generate only records for used location, records for >>>>> unassigned >>>>> - # locations are useless >>>>> + locations_result = >>>>> self.api_instance.Command.location_find()['result'] >>>>> + locations = [l['idnsname'][0] for l in locations_result] >>>>> + >>>>> for server in servers: >>>>> self._get_location_dns_records_for_server( >>>>> zone_obj, server, >>>>> - self.used_locations, roles=roles, >>>>> + locations, roles=roles, >>>>> include_master_role=include_master_role) >>>>> return zone_obj >>>>> -- 2.5.5 >>>>> >>>>> >>>>> freeipa-mbasti-0539-DNS-Locations-hide-option-no-msdcs-in-adtrust-instal.patch >>>>> >>>>> >>>>> >>>>> From 37cae4f05cd3c0a2c4de037402938a5437dbc072 Mon Sep 17 00:00:00 2001 >>>>> From: Martin Basti <mba...@redhat.com> >>>>> Date: Tue, 21 Jun 2016 18:17:55 +0200 >>>>> Subject: [PATCH 2/4] DNS Locations: hide option --no-msdcs in >>>>> adtrust-install >>>>> >>>>> Since DNS location mechanism is active, this option has no effect, >>>>> because records are generate dynamically. >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/2008 >>>>> --- >>>>> install/tools/ipa-adtrust-install | 10 +++++++--- >>>>> ipaserver/install/adtrustinstance.py | 21 ++++++++------------- >>>>> 2 files changed, 15 insertions(+), 16 deletions(-) >>>>> >>>>> diff --git a/install/tools/ipa-adtrust-install >>>>> b/install/tools/ipa-adtrust-install >>>>> index >>>>> 5babcdb7cb169e4a944acca55739064e0464d41e..5ba72a65d00ca683239a4ff3c5e7cfdc62c0bb6c >>>>> >>>>> 100755 >>>>> --- a/install/tools/ipa-adtrust-install >>>>> +++ b/install/tools/ipa-adtrust-install >>>>> @@ -29,6 +29,8 @@ import ldap >>>>> import six >>>>> +from optparse import SUPPRESS_HELP >>>>> + >>>>> from ipaserver.install import adtrustinstance >>>>> from ipaserver.install.installutils import ( >>>>> read_password, >>>>> @@ -54,9 +56,11 @@ def parse_options(): >>>>> default=False, help="print debugging >>>>> information") >>>>> parser.add_option("--netbios-name", dest="netbios_name", >>>>> help="NetBIOS name of the IPA domain") >>>>> + >>>>> + # no-msdcs has not effect, option is here just for backward >>>>> compatibility >>>>> parser.add_option("--no-msdcs", dest="no_msdcs", >>>>> action="store_true", >>>>> - default=False, help="Do not create DNS service >>>>> records " \ >>>>> - "for Windows in managed DNS >>>>> server") >>>>> + default=False, help=SUPPRESS_HELP) >>>>> + >>>>> parser.add_option("--rid-base", dest="rid_base", type=int, >>>>> default=1000, >>>>> help="Start value for mapping UIDs and GIDs to >>>>> RIDs") >>>>> parser.add_option("--secondary-rid-base", >>>>> dest="secondary_rid_base", >>>>> @@ -390,7 +394,7 @@ def main(): >>>>> smb.setup(api.env.host, api.env.realm, >>>>> netbios_name, reset_netbios_name, >>>>> options.rid_base, options.secondary_rid_base, >>>>> - options.no_msdcs, options.add_sids, >>>>> + options.add_sids, >>>>> enable_compat = options.enable_compat) >>>>> smb.find_local_id_range() >>>>> smb.create_instance() >>>>> diff --git a/ipaserver/install/adtrustinstance.py >>>>> b/ipaserver/install/adtrustinstance.py >>>>> index >>>>> 6ab15df27216580d440ce72386113d6872c046b2..0114a33a046b863b7e901c3d6f02044f18c45f85 >>>>> >>>>> 100644 >>>>> --- a/ipaserver/install/adtrustinstance.py >>>>> +++ b/ipaserver/install/adtrustinstance.py >>>>> @@ -124,7 +124,6 @@ class ADTRUSTInstance(service.Service): >>>>> def __init__(self, fstore=None): >>>>> self.netbios_name = None >>>>> self.reset_netbios_name = None >>>>> - self.no_msdcs = None >>>>> self.add_sids = None >>>>> self.smbd_user = None >>>>> self.smb_dn_pwd = None >>>>> @@ -585,17 +584,14 @@ class ADTRUSTInstance(service.Service): >>>>> err_msg = None >>>>> - if self.no_msdcs: >>>>> - err_msg = '--no-msdcs was given, special DNS service records >>>>> ' \ >>>>> - 'are not added to local DNS server' >>>>> + ret = api.Command['dns_is_enabled']() >>>>> + if not ret['result']: >>>>> + err_msg = "DNS management was not enabled at install time." >>>>> else: >>>>> - ret = api.Command['dns_is_enabled']() >>>>> - if not ret['result']: >>>>> - err_msg = "DNS management was not enabled at install >>>>> time." >>>>> - else: >>>>> - if not dns_zone_exists(zone): >>>>> - err_msg = "DNS zone %s cannot be managed " \ >>>>> - "as it is not defined in IPA" % zone >>>>> + if not dns_zone_exists(zone): >>>>> + err_msg = ( >>>>> + "DNS zone %s cannot be managed as it is not defined >>>>> in " >>>>> + "IPA" % zone) >>>>> if err_msg: >>>>> self.print_msg(err_msg) >>>>> @@ -766,7 +762,7 @@ class ADTRUSTInstance(service.Service): >>>>> def setup(self, fqdn, realm_name, netbios_name, >>>>> reset_netbios_name, rid_base, secondary_rid_base, >>>>> - no_msdcs=False, add_sids=False, smbd_user="samba", >>>>> + add_sids=False, smbd_user="samba", >>>>> enable_compat=False): >>>>> self.fqdn = fqdn >>>>> self.realm = realm_name >>>>> @@ -774,7 +770,6 @@ class ADTRUSTInstance(service.Service): >>>>> self.reset_netbios_name = reset_netbios_name >>>>> self.rid_base = rid_base >>>>> self.secondary_rid_base = secondary_rid_base >>>>> - self.no_msdcs = no_msdcs >>>>> self.add_sids = add_sids >>>>> self.enable_compat = enable_compat >>>>> self.smbd_user = smbd_user >>>>> -- 2.5.5 >>>>> >>>>> >>>>> freeipa-mbasti-0540-DNS-Locations-optimization-use-server-find-to-get-in.patch >>>>> >>>>> >>>>> >>>>> From 86a3e48bd2494867cdf538d6902ef65cbaada1af Mon Sep 17 00:00:00 2001 >>>>> From: Martin Basti <mba...@redhat.com> >>>>> Date: Wed, 22 Jun 2016 13:12:52 +0200 >>>>> Subject: [PATCH 3/4] DNS Locations: optimization: use server-find to get >>>>> information >>>>> >>>>> Because separated calls for of server-show, getting server data is quite >>>>> slow. This commit replaces several server-show with one server-find >>>>> command. There are future plans to improve speed of server-find that >>>>> will be beneficial for DNS locations. >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/2008 >>>>> --- >>>>> ipaserver/dns_data_management.py | 10 ++++------ >>>>> 1 file changed, 4 insertions(+), 6 deletions(-) >>>>> >>>>> diff --git a/ipaserver/dns_data_management.py >>>>> b/ipaserver/dns_data_management.py >>>>> index >>>>> eac2e7d1a5618ea92372bd81b7d12752791ef117..e7f65958fb908426ad186b327c3e8cb8f37d66f4 >>>>> >>>>> 100644 >>>>> --- a/ipaserver/dns_data_management.py >>>>> +++ b/ipaserver/dns_data_management.py >>>>> @@ -78,8 +78,7 @@ class IPASystemRecords(object): >>>>> """ >>>>> self.__init_data() >>>>> - def __get_server_attrs(self, hostname): >>>>> - server_result = >>>>> self.api_instance.Command.server_show(hostname)['result'] >>>>> + def __get_server_attrs(self, server_result): >>>>> weight = int(server_result.get('ipaserviceweight', >>>>> [u'100'])[0]) >>>>> location = server_result.get('ipalocation_location', [None])[0] >>>>> roles = set(server_result.get('enabled_role_servrole', ())) >>>>> @@ -93,11 +92,10 @@ class IPASystemRecords(object): >>>>> self.servers_data = {} >>>>> servers_result = self.api_instance.Command.server_find( >>>>> - pkey_only=True)['result'] >>>>> - servers = [s['cn'][0] for s in servers_result] >>>>> - for s in servers: >>>>> + no_members=False)['result'] >>>>> + for s in servers_result: >>>>> weight, location, roles = self.__get_server_attrs(s) >>>>> - self.servers_data[s] = { >>>>> + self.servers_data[s['cn'][0]] = { >>>>> 'weight': weight, >>>>> 'location': location, >>>>> 'roles': roles, >>>>> -- 2.5.5 >>>>> >>>>> >>>>> freeipa-mbasti-0541-DNS-Locations-cleanup-of-bininstance.patch >>>>> >>>>> >>>>> From 6161501cc11a25b811bd56ba0244b00eaa9edbe0 Mon Sep 17 00:00:00 2001 >>>>> From: Martin Basti <mba...@redhat.com> >>>>> Date: Thu, 23 Jun 2016 14:50:11 +0200 >>>>> Subject: [PATCH 4/4] DNS Locations: cleanup of bininstance >>>>> >>>>> We don't need anymore: >>>>> * sample of zone file - list of all records required by IPa will be >>>>> provided >>>>> >>>>> * NTP related params - DNS records will be updated automatically, >>>>> based on LDAP values >>>>> >>>>> * CA related params - DNS records will be updated automatically based >>>>> * on LDAP values >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/2008 >>>>> --- >>>>> install/share/bind.zone.db.template | 29 --------------- >>>>> ipaserver/dns_data_management.py | 9 +++++ >>>>> ipaserver/install/bindinstance.py | 58 >>>>> ++++++++---------------------- >>>>> ipaserver/install/dns.py | 5 ++- >>>>> ipaserver/install/server/install.py | 8 ++--- >>>>> ipaserver/install/server/replicainstall.py | 4 +-- >>>>> 6 files changed, 30 insertions(+), 83 deletions(-) >>>>> delete mode 100644 install/share/bind.zone.db.template >>>>> >>>>> diff --git a/install/share/bind.zone.db.template >>>>> b/install/share/bind.zone.db.template >>>>> deleted file mode 100644 >>>>> index >>>>> ec175c60825869ea9b86f7d1351a96189028b5d4..0000000000000000000000000000000000000000 >>>>> >>>>> >>>>> --- a/install/share/bind.zone.db.template >>>>> +++ /dev/null >>>>> @@ -1,29 +0,0 @@ >>>>> -$$ORIGIN $DOMAIN. >>>>> -$$TTL 86400 >>>>> -@ IN SOA $DOMAIN. $ZONEMGR ( >>>>> - 01 ; serial >>>>> - 3H ; refresh >>>>> - 15M ; retry >>>>> - 1W ; expiry >>>>> - 1D ) ; minimum >>>>> - >>>>> - IN NS $HOST >>>>> -$HOST IN A $IP >>>>> -; >>>>> -; ldap servers >>>>> -_ldap._tcp IN SRV 0 100 389 $HOST >>>>> - >>>>> -;kerberos realm >>>>> -_kerberos IN TXT $REALM >>>>> - >>>>> -; kerberos servers >>>>> -_kerberos._tcp IN SRV 0 100 88 $HOST >>>>> -_kerberos._udp IN SRV 0 100 88 $HOST >>>>> -_kerberos-master._tcp IN SRV 0 100 88 $HOST >>>>> -_kerberos-master._udp IN SRV 0 100 88 $HOST >>>>> -_kpasswd._tcp IN SRV 0 100 464 $HOST >>>>> -_kpasswd._udp IN SRV 0 100 464 $HOST >>>>> -$OPTIONAL_NTP >>>>> - >>>>> -; CNAME for IPA CA replicas (used for CRL, OCSP) >>>>> -$IPA_CA_RECORD >>>>> diff --git a/ipaserver/dns_data_management.py >>>>> b/ipaserver/dns_data_management.py >>>>> index >>>>> e7f65958fb908426ad186b327c3e8cb8f37d66f4..48717c7c478ea4ea62e6cdfe169fd9fe99c0880b >>>>> >>>>> 100644 >>>>> --- a/ipaserver/dns_data_management.py >>>>> +++ b/ipaserver/dns_data_management.py >>>>> @@ -477,3 +477,12 @@ class IPASystemRecords(object): >>>>> ) >>>>> ) >>>>> return records >>>>> + >>>>> + @classmethod >>>>> + def records_list_from_zone(cls, zone_obj, sort=True): >>>>> + records = [] >>>>> + for name, node in zone_obj.items(): >>>>> + records.extend(IPASystemRecords.records_list_from_node(name, >>>>> node)) >>>>> + if sort: >>>>> + records.sort() >>>>> + return records >>>>> diff --git a/ipaserver/install/bindinstance.py >>>>> b/ipaserver/install/bindinstance.py >>>>> index >>>>> 08c32f4837a5b4f72b78a52002a58c888db6cc91..a63b2dfd329f7cf535c2cf6e2d83b5c86fdddacf >>>>> >>>>> 100644 >>>>> --- a/ipaserver/install/bindinstance.py >>>>> +++ b/ipaserver/install/bindinstance.py >>>>> @@ -623,9 +623,9 @@ class BindInstance(service.Service): >>>>> suffix = ipautil.dn_attribute_property('_suffix') >>>>> def setup(self, fqdn, ip_addresses, realm_name, domain_name, >>>>> forwarders, >>>>> - forward_policy, ntp, reverse_zones, >>>>> + forward_policy, reverse_zones, >>>>> named_user=constants.NAMED_USER, zonemgr=None, >>>>> - ca_configured=None, no_dnssec_validation=False): >>>>> + no_dnssec_validation=False): >>>>> self.named_user = named_user >>>>> self.fqdn = fqdn >>>>> self.ip_addresses = ip_addresses >>>>> @@ -635,9 +635,7 @@ class BindInstance(service.Service): >>>>> self.forward_policy = forward_policy >>>>> self.host = fqdn.split(".")[0] >>>>> self.suffix = ipautil.realm_to_suffix(self.realm) >>>>> - self.ntp = ntp >>>>> self.reverse_zones = reverse_zones >>>>> - self.ca_configured = ca_configured >>>>> self.no_dnssec_validation=no_dnssec_validation >>>>> if not zonemgr: >>>>> @@ -666,12 +664,17 @@ class BindInstance(service.Service): >>>>> def host_in_default_domain(self): >>>>> return normalize_zone(self.host_domain) == >>>>> normalize_zone(self.domain) >>>>> - def create_sample_bind_zone(self): >>>>> - bind_txt = ipautil.template_file(ipautil.SHARE_DIR + >>>>> "bind.zone.db.template", self.sub_dict) >>>>> - [bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.") >>>>> - os.write(bind_fd, bind_txt) >>>>> - os.close(bind_fd) >>>>> - print("Sample zone file for bind has been created in "+bind_name) >>>>> + def create_file_with_system_records(self): >>>>> + system_records = IPASystemRecords(self.api) >>>>> + text = u'\n'.join( >>>>> + IPASystemRecords.records_list_from_zone( >>>>> + system_records.get_base_records() >>>>> + ) >>>>> + ) >>>>> + [fd, name] = tempfile.mkstemp(".db","ipa.system.records.") >>>>> + os.write(fd, text) >>>>> + os.close(fd) >>>>> + print("Please add records in this file to your DNS system:", >>>>> name) >>>>> def create_instance(self): >>>>> @@ -761,41 +764,10 @@ class BindInstance(service.Service): >>>>> root_logger.debug("Unable to mask named (%s)", e) >>>>> def __setup_sub_dict(self): >>>>> - if self.forwarders: >>>>> - fwds = "\n" >>>>> - for forwarder in self.forwarders: >>>>> - fwds += "\t\t%s;\n" % forwarder >>>>> - fwds += "\t" >>>>> - else: >>>>> - fwds = " " >>>>> - >>>>> - if self.ntp: >>>>> - optional_ntp = "\n;ntp server\n" >>>>> - optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" % >>>>> self.host_in_rr >>>>> - else: >>>>> - optional_ntp = "" >>>>> - >>>>> - ipa_ca = "" >>>>> - for addr in self.ip_addresses: >>>>> - if addr.version in (4, 6): >>>>> - ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % ( >>>>> - IPA_CA_RECORD, >>>>> - "A" if addr.version == 4 else "AAAA", >>>>> - str(addr)) >>>>> - >>>>> self.sub_dict = dict( >>>>> FQDN=self.fqdn, >>>>> - IP=[str(ip) for ip in self.ip_addresses], >>>>> - DOMAIN=self.domain, >>>>> - HOST=self.host, >>>>> - REALM=self.realm, >>>>> SERVER_ID=installutils.realm_to_serverid(self.realm), >>>>> - FORWARDERS=fwds, >>>>> - FORWARD_POLICY=self.forward_policy, >>>>> SUFFIX=self.suffix, >>>>> - OPTIONAL_NTP=optional_ntp, >>>>> - ZONEMGR=self.zonemgr, >>>>> - IPA_CA_RECORD=ipa_ca, >>>>> BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE, >>>>> MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR, >>>>> ROOT_KEY=paths.NAMED_ROOT_KEY, >>>>> @@ -1026,16 +998,14 @@ class BindInstance(service.Service): >>>>> ipautil.run([paths.GENERATE_RNDC_KEY]) >>>>> def add_master_dns_records(self, fqdn, ip_addresses, realm_name, >>>>> domain_name, >>>>> - reverse_zones, ntp=False, >>>>> ca_configured=None): >>>>> + reverse_zones): >>>>> self.fqdn = fqdn >>>>> self.ip_addresses = ip_addresses >>>>> self.realm = realm_name >>>>> self.domain = domain_name >>>>> self.host = fqdn.split(".")[0] >>>>> self.suffix = ipautil.realm_to_suffix(self.realm) >>>>> - self.ntp = ntp >>>>> self.reverse_zones = reverse_zones >>>>> - self.ca_configured = ca_configured >>>>> self.first_instance = False >>>>> self.zonemgr = 'hostmaster.%s' % self.domain >>>>> diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py >>>>> index >>>>> 2ea11739e07c73132bddee01309af618532e9815..44ebd39dfa7f1d947061c3b4c0347242f8502be0 >>>>> >>>>> 100644 >>>>> --- a/ipaserver/install/dns.py >>>>> +++ b/ipaserver/install/dns.py >>>>> @@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api): >>>>> bind = bindinstance.BindInstance(fstore, ldapi=True, api=api, >>>>> autobind=AUTOBIND_ENABLED) >>>>> bind.setup(api.env.host, ip_addresses, api.env.realm, >>>>> api.env.domain, >>>>> - options.forwarders, options.forward_policy, conf_ntp, >>>>> + options.forwarders, options.forward_policy, >>>>> reverse_zones, zonemgr=options.zonemgr, >>>>> - no_dnssec_validation=options.no_dnssec_validation, >>>>> - ca_configured=options.setup_ca) >>>>> + no_dnssec_validation=options.no_dnssec_validation) >>>>> if standalone and not options.unattended: >>>>> print("") >>>>> diff --git a/ipaserver/install/server/install.py >>>>> b/ipaserver/install/server/install.py >>>>> index >>>>> 930cca7b31ca06c04ab92deff49b6a4f198c2b6e..c28c095fb3cccd4cd412c0496374050434e438a1 >>>>> >>>>> 100644 >>>>> --- a/ipaserver/install/server/install.py >>>>> +++ b/ipaserver/install/server/install.py >>>>> @@ -848,17 +848,17 @@ def install(installer): >>>>> if setup_ca: >>>>> services.knownservices['pki_tomcatd'].restart('pki-tomcat') >>>>> + api.Backend.ldap2.connect(autobind=True) >>>>> if options.setup_dns: >>>>> - api.Backend.ldap2.connect(autobind=True) >>>>> dns.install(False, False, options) >>>>> else: >>>>> # Create a BIND instance >>>>> bind = bindinstance.BindInstance(fstore, dm_password) >>>>> bind.setup(host_name, ip_addresses, realm_name, >>>>> - domain_name, (), 'first', not options.no_ntp, (), >>>>> - zonemgr=options.zonemgr, ca_configured=setup_ca, >>>>> + domain_name, (), 'first', (), >>>>> + zonemgr=options.zonemgr, >>>>> no_dnssec_validation=options.no_dnssec_validation) >>>>> - bind.create_sample_bind_zone() >>>>> + bind.create_file_with_system_records() >>>>> # Restart httpd to pick up the new IPA configuration >>>>> service.print_msg("Restarting the web server") >>>>> diff --git a/ipaserver/install/server/replicainstall.py >>>>> b/ipaserver/install/server/replicainstall.py >>>>> index >>>>> 52b2ea5b0691cd99c6cb566af5a15af3b2dffb14..0277d324a60b2893dda57119453dabf5df28ea10 >>>>> >>>>> 100644 >>>>> --- a/ipaserver/install/server/replicainstall.py >>>>> +++ b/ipaserver/install/server/replicainstall.py >>>>> @@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api): >>>>> str(ip), >>>>> config.realm_name, >>>>> config.domain_name, >>>>> - reverse_zone, >>>>> - not options.no_ntp, >>>>> - options.setup_ca) >>>>> + reverse_zone) >>>>> except errors.NotFound as e: >>>>> root_logger.debug('Replica DNS records could not be added ' >>>>> 'on master: %s', str(e)) >>>>> -- 2.5.5 >>>> While testing this patch I've found out that ipa-dns-install does not work >>>> idempotently anymore and explodes when re-run. >>>> >>>> I'm not sure what is the root cause yet. >>>> >>>> # ipa-dns-install --forwarder 10.34.78.1 >>>> >>>> WARNING: yacc table file version is out of date >>>> >>>> The log file for this installation can be found in >>>> /var/log/ipaserver-install.log >>>> ============================================================================== >>>> >>>> This program will setup DNS for the FreeIPA Server. >>>> >>>> This includes: >>>> * Configure DNS (bind) >>>> * Configure SoftHSM (required by DNSSEC) >>>> * Configure ipa-dnskeysyncd (required by DNSSEC) >>>> >>>> NOTE: DNSSEC zone signing is not enabled by default >>>> >>>> >>>> To accept the default shown in brackets, press the Enter key. >>>> >>>> Checking DNS forwarders, please wait ... >>>> Do you want to search for missing reverse zones? [yes]: >>>> >>>> The following operations may take some minutes to complete. >>>> Please wait until the prompt is returned. >>>> >>>> Configuring DNS (named) >>>> [1/8]: generating rndc key file >>>> [2/8]: setting up our own record >>>> ipa : ERROR DNS query for >>>> vm-058-082.abc.idm.lab.eng.brq.redhat.com. A failed: The DNS operation >>>> timed >>>> out after 30.0012078285 seconds >>>> [error] DNSResolverError: The DNS operation timed out after >>>> 30.0012078285 >>>> seconds >>>> Unexpected error - see /var/log/ipaserver-install.log for details: >>>> DNSResolverError: The DNS operation timed out after 30.0012078285 seconds >>>> >>>> 2016-06-23T15:41:54Z DEBUG [2/8]: setting up our own record >>>> 2016-06-23T15:41:54Z DEBUG raw: >>>> dnszone_show(u'abc.idm.lab.eng.brq.redhat.com', version=u'2.199') >>>> 2016-06-23T15:41:54Z DEBUG dnszone_show(<DNS name >>>> abc.idm.lab.eng.brq.redhat.com.>, rights=False, all=False, raw=False, >>>> version=u'2.199') >>>> 2016-06-23T15:42:24Z ERROR DNS query for >>>> vm-058-082.abc.idm.lab.eng.brq.redhat.com. A failed: The DNS operation >>>> timed >>>> out after 30.0012078285 seconds >>>> 2016-06-23T15:42:24Z DEBUG Traceback (most recent call last): >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line >>>> 448, in start_creation >>>> run_step(full_msg, method) >>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >>>> line >>>> 438, in run_step >>>> method() >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", >>>> line 860, in __add_self >>>> self.__add_master_records(self.fqdn, self.ip_addresses) >>>> File >>>> "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", >>>> line 843, in __add_master_records >>>> verify_host_resolvable(fqdn) >>>> File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 76, in >>>> verify_host_resolvable >>>> raise errors.DNSResolverError(exception=ex) >>>> DNSResolverError: The DNS operation timed out after 30.0012078285 seconds >>> IMO this the same case as https://fedorahosted.org/freeipa/ticket/5962 we >>> changed resolving of server hostname from gethosbyname() to pure DNS >>> >>> Workaround is to set nameserver to /etc/resolv.conf >>>> >>>> >>>> I was not able to test replica installation because of some weird ACI >>>> problem >>>> somewhere, replica install is failing with ACIError while adding >>>> ldap/replica >>>> principal. This is probably a regression from some other patchset. >>>> >>>> https://fedorahosted.org/freeipa/ticket/5996 >> NACK >> >> make[5]: *** No rule to make target 'bind.zone.db.template', needed by >> 'all-am'. Stop. >> >> I'm not exactly sure how I missed this before, possibly git clean -xdf was >> missing ... >> > My bad > > updated patches attached.
ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code