Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote:
On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote:
Martin Nagy wrote:
Hi,
these patches will allow one to specify an ip address of the replica to
ipa-replica-prepare. The dns records will then be added. This should
make life better for QA :)
Martin
nack, it shouldn't allow the option if DNS is not configured, or at
least it shouldn't blow up:
# ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com
Directory Manager (existing master) password:
Preparing replica for replica4.example.com from luna.example.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into
/var/lib/ipa/replica-info-replica4.example.com.gpg
Adding DNS records for replica4.example.com
preparation of replica failed: no such entry
no such entry
File "/usr/sbin/ipa-replica-prepare", line 338, in
main()
File "/usr/sbin/ipa-replica-prepare", line 329, in main
zone = add_zone(domain)
File
"/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
line 73, in add_zone
idnsupdatepolicy=unicode(update_policy))
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412,
in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680,
in run
return self.execute(*args, **options)
File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line
203, in execute
ldap.add_entry(dn, entry_attrs)
File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188,
in new_f
return f(*new_args, **kwargs)
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
line 334, in add_entry
_handle_errors(e, **{})
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
line 71, in _handle_errors
raise errors.NotFound(reason='no such entry')
rob
Thanks, new patches attached.
Martin
ack both, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote:
> Martin Nagy wrote:
> > Hi,
> > these patches will allow one to specify an ip address of the replica to
> > ipa-replica-prepare. The dns records will then be added. This should
> > make life better for QA :)
> >
> > Martin
>
> nack, it shouldn't allow the option if DNS is not configured, or at
> least it shouldn't blow up:
>
> # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com
> Directory Manager (existing master) password:
>
> Preparing replica for replica4.example.com from luna.example.com
> Creating SSL certificate for the Directory Server
> Creating SSL certificate for the Web Server
> Exporting RA certificate
> Copying additional files
> Finalizing configuration
> Packaging replica information into
> /var/lib/ipa/replica-info-replica4.example.com.gpg
> Adding DNS records for replica4.example.com
> preparation of replica failed: no such entry
> no such entry
>File "/usr/sbin/ipa-replica-prepare", line 338, in
> main()
>
>File "/usr/sbin/ipa-replica-prepare", line 329, in main
> zone = add_zone(domain)
>
>File
> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
> line 73, in add_zone
> idnsupdatepolicy=unicode(update_policy))
>
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412,
> in __call__
> ret = self.run(*args, **options)
>
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680,
> in run
> return self.execute(*args, **options)
>
>File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line
> 203, in execute
> ldap.add_entry(dn, entry_attrs)
>
>File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188,
> in new_f
> return f(*new_args, **kwargs)
>
>File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
> line 334, in add_entry
> _handle_errors(e, **{})
>
>File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
> line 71, in _handle_errors
> raise errors.NotFound(reason='no such entry')
>
> rob
Thanks, new patches attached.
Martin
>From 738dd1f022a946ff0b574128e9ed358efb5d3451 Mon Sep 17 00:00:00 2001
From: Martin Nagy
Date: Mon, 8 Feb 2010 14:21:46 +0100
Subject: [PATCH 1/2] Get rid of ipapython.config in ipa-replica-prepare
Also get rid of functions get_host_name(), get_realm_name() and
get_domain_name(). They used the old ipapython.config. Instead, use the
variables from api.env. We also change them to bootstrap() and
finalize() correctly.
Additionally, we add the dns_container_exists() function that will be
used in ipa-replica-prepare (next patch).
---
install/tools/ipa-replica-install | 30 ++---
install/tools/ipa-replica-prepare | 86 ++---
ipaserver/install/bindinstance.py | 52 ---
3 files changed, 63 insertions(+), 105 deletions(-)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index af7128c..4b348f6 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -311,12 +311,21 @@ def main():
except ldap.INVALID_CREDENTIALS, e :
sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
+# Create the management framework config file
+# Note: We must do this before bootstraping and finalizing ipalib.api
+fd = open("/etc/ipa/default.conf", "w")
+fd.write("[global]\n")
+fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
+fd.write("realm=" + config.realm_name + "\n")
+fd.write("domain=" + config.domain_name + "\n")
+fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name)
+fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
if ipautil.file_exists(config.dir + "/ca.p12"):
-ca_type = 'dogtag'
-else:
-ca_type = 'selfsign'
+fd.write("enable_ra=True\n")
+fd.write("ra_plugin=dogtag\n")
+fd.close()
-api.bootstrap(in_server=True, ra_plugin=ca_type)
+api.bootstrap(in_server=True)
api.finalize()
# Install CA cert so that we can do SSL connections with ldap
@@ -355,19 +364,6 @@ def main():
# generated
ds.add_cert_to_service()
-# Create the management framework config file
-fd = open("/etc/ipa/default.conf", "w")
-fd.write("[global]\n")
-fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
-fd.write("realm=" + config.realm_name + "\n")
-fd.write("domain=" + config.domain_name + "\n")
-fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name)
-fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
-if ipautil.file_exists(config.dir + "/ca.p12"):
-fd.write("enable_ra=True\n")
-fd.write("ra_plugin=dogtag\n")
-fd.close()
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote:
Hi,
these patches will allow one to specify an ip address of the replica to
ipa-replica-prepare. The dns records will then be added. This should
make life better for QA :)
Martin
nack, it shouldn't allow the option if DNS is not configured, or at
least it shouldn't blow up:
# ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com
Directory Manager (existing master) password:
Preparing replica for replica4.example.com from luna.example.com
Creating SSL certificate for the Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into
/var/lib/ipa/replica-info-replica4.example.com.gpg
Adding DNS records for replica4.example.com
preparation of replica failed: no such entry
no such entry
File "/usr/sbin/ipa-replica-prepare", line 338, in
main()
File "/usr/sbin/ipa-replica-prepare", line 329, in main
zone = add_zone(domain)
File
"/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
line 73, in add_zone
idnsupdatepolicy=unicode(update_policy))
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412,
in __call__
ret = self.run(*args, **options)
File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680,
in run
return self.execute(*args, **options)
File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line
203, in execute
ldap.add_entry(dn, entry_attrs)
File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188,
in new_f
return f(*new_args, **kwargs)
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
line 334, in add_entry
_handle_errors(e, **{})
File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
line 71, in _handle_errors
raise errors.NotFound(reason='no such entry')
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin This looks suspiciously like something to add to the user doc. Can you elaborate a little? I don't have my ipa-server or test machine available atm to check man pages :-\ If necessary pls raise a bugzilla. thanks -- David O'Brien Senior Technical Writer, Engineering Content Services Red Hat Asia Pacific Pty Ltd 193 North Quay, Brisbane +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git He who asks is a fool for five minutes, but he who does not ask remains a fool forever." ~ Chinese proverb ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
