Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-10-02 Thread Martin Basti 



On 10/01/2015 02:48 PM, Martin Basti wrote:



On 10/01/2015 02:43 PM, Oleg Fayans wrote:

Hi Martin,

On 10/01/2015 11:18 AM, Martin Basti wrote:



On 09/30/2015 01:24 PM, Martin Basti wrote:



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)


There is probably no point in specifying --name-from-ip because you
did that
already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+ prepare_reverse_zone(master, replica.ip)

will not break if the reverse zone already exists (think about case
where two
or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right now.






 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch



ACK, please send rebased version for ipa-4-2


Here it is


Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0
Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37



In rebased patch for ipa-4-2 you removed import for function and I 
didn't noticed that.

This breaks builds of ipa-4-2.

Patch that fix this attached.

From 7c54dd6cd11dca3056bd0decc7bd6f70ce315f49 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 2 Oct 2015 16:07:02 +0200
Subject: [PATCH] Fix import get_reverse_zone_default in tasks

https://fedorahosted.org/freeipa/ticket/5306
---
 ipatests/test_integration/tasks.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 5fc9329d62622eb6157c1e780687b3a2c5ecc4fd..c9ecf2645183d5f368694d3446ddf2853de22a2a 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -37,6 +37,7 @@ from ipapython.ipa_log_manager import log_mgr
 from ipatests.test_integration import util
 from ipatests.test_integration.env_config import env_to_script
 from ipatests.test_integration.host import Host
+from ipalib.util import get_reverse_zone_default
 
 log = log_mgr.get_logger(__name__)
 
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-10-02 Thread Milan Kubík 

On 10/02/2015 04:11 PM, Martin Basti wrote:



On 10/01/2015 02:48 PM, Martin Basti wrote:



On 10/01/2015 02:43 PM, Oleg Fayans wrote:

Hi Martin,

On 10/01/2015 11:18 AM, Martin Basti wrote:



On 09/30/2015 01:24 PM, Martin Basti wrote:



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], 
raiseonerr=False)


There is probably no point in specifying --name-from-ip because you
did that
already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+ prepare_reverse_zone(master, replica.ip)

will not break if the reverse zone already exists (think about case
where two
or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right 
now.







 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch



ACK, please send rebased version for ipa-4-2


Here it is


Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0
Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37



In rebased patch for ipa-4-2 you removed import for function and I 
didn't noticed that.

This breaks builds of ipa-4-2.

Patch that fix this attached.




ACK

--
Milan Kubik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-10-02 Thread Martin Basti 



On 10/02/2015 04:14 PM, Milan Kubík wrote:

On 10/02/2015 04:11 PM, Martin Basti wrote:



On 10/01/2015 02:48 PM, Martin Basti wrote:



On 10/01/2015 02:43 PM, Oleg Fayans wrote:

Hi Martin,

On 10/01/2015 11:18 AM, Martin Basti wrote:



On 09/30/2015 01:24 PM, Martin Basti wrote:



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], 
raiseonerr=False)


There is probably no point in specifying --name-from-ip because 
you

did that
already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+ prepare_reverse_zone(master, replica.ip)
will not break if the reverse zone already exists (think about 
case

where two
or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right 
now.







 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch



ACK, please send rebased version for ipa-4-2


Here it is


Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0
Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37



In rebased patch for ipa-4-2 you removed import for function and I 
didn't noticed that.

This breaks builds of ipa-4-2.

Patch that fix this attached.




ACK

--
Milan Kubik

Pushed to ipa-4-2: e7a33b71256dbda37308c4fd0ac5394472c753f7
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-10-01 Thread Martin Basti 



On 10/01/2015 02:43 PM, Oleg Fayans wrote:

Hi Martin,

On 10/01/2015 11:18 AM, Martin Basti wrote:



On 09/30/2015 01:24 PM, Martin Basti wrote:



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)


There is probably no point in specifying --name-from-ip because you
did that
already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+prepare_reverse_zone(master, replica.ip)

will not break if the reverse zone already exists (think about case
where two
or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right now.






 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch



ACK, please send rebased version for ipa-4-2


Here it is


Pushed to ipa-4-2: c898c968d3979a0d8c2fe0db8e125dfc2268eba0
Pushed to master: 03d696f224642c1c4c4f1a434fecefd1c6270e37

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-10-01 Thread Oleg Fayans 

Hi Martin,

On 10/01/2015 11:18 AM, Martin Basti wrote:



On 09/30/2015 01:24 PM, Martin Basti wrote:



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)


There is probably no point in specifying --name-from-ip because you
did that
already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+prepare_reverse_zone(master, replica.ip)

will not break if the reverse zone already exists (think about case
where two
or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right now.






 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch



ACK, please send rebased version for ipa-4-2


Here it is

--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 112c6dca2cc462bb78c568bed12b2a4a51d34ee9 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Thu, 1 Oct 2015 14:08:08 +0200
Subject: [PATCH] Added a proper workaround for dnssec test failures in Beaker
 environment

In beaker lab the situation when master and replica have ip addresses from
different subnets is quite frequent. When a replica has ip from different
subnet than master's, ipa-replica-prepare looks up a proper reverse zone to
add a pointer record, and if it does not find it, it asks a user for permission
to create it automatically. It breaks the tests adding the unexpected input.
The workaround is to always create a reverse zone for a new replica.

Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306
---
 ipatests/test_integration/tasks.py | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index f579f286826f749a8c5f8433f2a8bf7348664ba9..0fcc860a20865063ffb76b0553eb2c2831321bd1 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -41,6 +41,11 @@ from ipatests.test_integration.host import Host
 log = log_mgr.get_logger(__name__)
 
 
+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone], raiseonerr=False)
 def prepare_host(host):
 if isinstance(host, Host):
 env_filename = os.path.join(host.config.test_dir, 'env.sh')
@@ -221,17 +226,17 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False):
 
 apply_common_fixes(replica)
 fix_apache_semaphores(replica)
-
+prepare_reverse_zone(master, replica.ip)
 master.run_command(['ipa-replica-prepare',
 '-p', replica.config.dirman_password,
-'--ip-address', replica.ip, '--no-reverse',
+'--ip-address', replica.ip,
 replica.hostname])
 replica_bundle = master.get_file_contents(
 paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
 replica_filename = os.path.join(replica.config.test_dir,
 'replica-info.gpg')
 replica.put_file_contents(replica_filename, replica_bundle)
-args = ['ipa-replica-install', '-U', '--no-host-dns',
+args = ['ipa-replica-install', '-U',
 '-p', replica.config.dirman_password,
 '-w', replica.config.admin_password,
 '--ip-address', replica.ip,
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-10-01 Thread Martin Basti 



On 09/30/2015 01:24 PM, Martin Basti wrote:



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)


There is probably no point in specifying --name-from-ip because you 
did that

already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+prepare_reverse_zone(master, replica.ip)
will not break if the reverse zone already exists (think about case 
where two

or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right now.






 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch



ACK, please send rebased version for ipa-4-2
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-09-30 Thread Oleg Fayans 

Guys,

could you please review this patch again? I'd like to have this fix in 
the new ipa-tests package for downstream team



On 09/29/2015 09:12 AM, Oleg Fayans wrote:

Hi all,

On 09/23/2015 09:13 AM, Petr Spacek wrote:

On 22.9.2015 10:42, Oleg Fayans wrote:

+++ b/ipatests/test_integration/tasks.py
@@ -58,6 +58,14 @@ def check_arguments_are(slice, instanceof):
  return wrapped
  return wrapper

+def prepare_reverse_zone(host, ip):
+nums = ip.split('.')[:-1]
+zone = ".".join(reversed(nums)) + ".in-addr.arpa."
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)
+


NACK:
- this will break IPv6-only hosts
- you should use DNSName class or other functions from python-dns for
DNS name
manipulation

I hope this helps.


Thanks, it did :)
Used a ipalib.util get_reverse_zone_default function that does just
that: creates a reverse zone name.





--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-09-30 Thread Martin Basti 



On 09/30/2015 12:19 PM, Oleg Fayans wrote:



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)


There is probably no point in specifying --name-from-ip because you 
did that

already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+prepare_reverse_zone(master, replica.ip)
will not break if the reverse zone already exists (think about case 
where two

or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right now.






 LGTM, I will test it soon, but it needs rebase for ipa-4-2 branch
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-09-30 Thread Petr Spacek 
On 29.9.2015 09:12, Oleg Fayans wrote:
> +def prepare_reverse_zone(host, ip):
> +zone = get_reverse_zone_default(ip)
> +host.run_command(["ipa",
> +  "dnszone-add",
> +  zone,
> +  "--name-from-ip=%s" % ip], raiseonerr=False)

There is probably no point in specifying --name-from-ip because you did that
already by calling get_reverse_zone_default(ip).

Anyway, I'm not sure that this
> +prepare_reverse_zone(master, replica.ip)
will not break if the reverse zone already exists (think about case where two
or more replicas are in the same subnet).

I did not test the code, I simply do not have time for it right now.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-09-30 Thread Oleg Fayans 



On 09/30/2015 11:46 AM, Petr Spacek wrote:

On 29.9.2015 09:12, Oleg Fayans wrote:

+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)


There is probably no point in specifying --name-from-ip because you did that
already by calling get_reverse_zone_default(ip).


Agree. Fixed



Anyway, I'm not sure that this

+prepare_reverse_zone(master, replica.ip)

will not break if the reverse zone already exists (think about case where two
or more replicas are in the same subnet).


That's why I am using the raiseonerr=False here.



I did not test the code, I simply do not have time for it right now.



--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From c4e662394ad9b2dd6ce6a6c5aae570724d1028b0 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Wed, 30 Sep 2015 12:17:53 +0200
Subject: [PATCH] Added a proper workaround for dnssec test failures in Beaker
 environment

In beaker lab the situation when master and replica have ip addresses from
different subnets is quite frequent. When a replica has ip from different
subnet than master's, ipa-replica-prepare looks up a proper reverse zone to
add a pointer record, and if it does not find it, it asks a user for permission
to create it automatically. It breaks the tests adding the unexpected input.
The workaround is to always create a reverse zone for a new replica.

Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306
---
 ipatests/test_integration/tasks.py | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 06049d4ae01332e0af4d8775b745342406fc868d..63e1018388efbee282f657052f93bb255287d899 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -37,6 +37,7 @@ from ipapython.ipa_log_manager import log_mgr
 from ipatests.test_integration import util
 from ipatests.test_integration.env_config import env_to_script
 from ipatests.test_integration.host import Host
+from ipalib.util import get_reverse_zone_default
 
 log = log_mgr.get_logger(__name__)
 
@@ -58,6 +59,11 @@ def check_arguments_are(slice, instanceof):
 return wrapped
 return wrapper
 
+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone], raiseonerr=False)
 
 def prepare_host(host):
 if isinstance(host, Host):
@@ -240,17 +246,17 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False):
 
 apply_common_fixes(replica)
 fix_apache_semaphores(replica)
-
+prepare_reverse_zone(master, replica.ip)
 master.run_command(['ipa-replica-prepare',
 '-p', replica.config.dirman_password,
-'--ip-address', replica.ip, '--no-reverse',
+'--ip-address', replica.ip,
 replica.hostname])
 replica_bundle = master.get_file_contents(
 paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
 replica_filename = os.path.join(replica.config.test_dir,
 'replica-info.gpg')
 replica.put_file_contents(replica_filename, replica_bundle)
-args = ['ipa-replica-install', '-U', '--no-host-dns',
+args = ['ipa-replica-install', '-U',
 '-p', replica.config.dirman_password,
 '-w', replica.config.admin_password,
 '--ip-address', replica.ip,
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-09-29 Thread Oleg Fayans 

Hi all,

On 09/23/2015 09:13 AM, Petr Spacek wrote:

On 22.9.2015 10:42, Oleg Fayans wrote:

+++ b/ipatests/test_integration/tasks.py
@@ -58,6 +58,14 @@ def check_arguments_are(slice, instanceof):
  return wrapped
  return wrapper

+def prepare_reverse_zone(host, ip):
+nums = ip.split('.')[:-1]
+zone = ".".join(reversed(nums)) + ".in-addr.arpa."
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)
+


NACK:
- this will break IPv6-only hosts
- you should use DNSName class or other functions from python-dns for DNS name
manipulation

I hope this helps.


Thanks, it did :)
Used a ipalib.util get_reverse_zone_default function that does just 
that: creates a reverse zone name.


--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 931638cf3babd9e1650bbfe24ce01a0e11fead25 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Wed, 23 Sep 2015 16:18:50 +0200
Subject: [PATCH] Added a proper workaround for dnssec test failures in Beaker
 environment

In beaker lab the situation when master and replica have ip addresses from
different subnets is quite frequent. When a replica has ip from different
subnet than master's, ipa-replica-prepare looks up a proper reverse zone to
add a pointer record, and if it does not find it, it asks a user for permission
to create it automatically. It breaks the tests adding the unexpected input.
The workaround is to always create a reverse zone for a new replica.

Corresponding ticket is https://fedorahosted.org/freeipa/ticket/5306
---
 ipatests/test_integration/tasks.py | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 06049d4ae01332e0af4d8775b745342406fc868d..07a5d592d2f3980cfc521ec0b4f38dba71be87ec 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -37,6 +37,7 @@ from ipapython.ipa_log_manager import log_mgr
 from ipatests.test_integration import util
 from ipatests.test_integration.env_config import env_to_script
 from ipatests.test_integration.host import Host
+from ipalib.util import get_reverse_zone_default
 
 log = log_mgr.get_logger(__name__)
 
@@ -58,6 +59,13 @@ def check_arguments_are(slice, instanceof):
 return wrapped
 return wrapper
 
+def prepare_reverse_zone(host, ip):
+zone = get_reverse_zone_default(ip)
+host.run_command(["ipa",
+  "dnszone-add",
+  zone,
+  "--name-from-ip=%s" % ip], raiseonerr=False)
+
 
 def prepare_host(host):
 if isinstance(host, Host):
@@ -240,17 +248,17 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False):
 
 apply_common_fixes(replica)
 fix_apache_semaphores(replica)
-
+prepare_reverse_zone(master, replica.ip)
 master.run_command(['ipa-replica-prepare',
 '-p', replica.config.dirman_password,
-'--ip-address', replica.ip, '--no-reverse',
+'--ip-address', replica.ip,
 replica.hostname])
 replica_bundle = master.get_file_contents(
 paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
 replica_filename = os.path.join(replica.config.test_dir,
 'replica-info.gpg')
 replica.put_file_contents(replica_filename, replica_bundle)
-args = ['ipa-replica-install', '-U', '--no-host-dns',
+args = ['ipa-replica-install', '-U',
 '-p', replica.config.dirman_password,
 '-w', replica.config.admin_password,
 '--ip-address', replica.ip,
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] Proper fix for ticket 5306

2015-09-23 Thread Petr Spacek 
On 22.9.2015 10:42, Oleg Fayans wrote:
> +++ b/ipatests/test_integration/tasks.py
> @@ -58,6 +58,14 @@ def check_arguments_are(slice, instanceof):
>  return wrapped
>  return wrapper
>  
> +def prepare_reverse_zone(host, ip):
> +nums = ip.split('.')[:-1]
> +zone = ".".join(reversed(nums)) + ".in-addr.arpa."
> +host.run_command(["ipa",
> +  "dnszone-add",
> +  zone,
> +  "--name-from-ip=%s" % ip], raiseonerr=False)
> +

NACK:
- this will break IPv6-only hosts
- you should use DNSName class or other functions from python-dns for DNS name
manipulation

I hope this helps.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code