Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote: Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin nack, it shouldn't allow the option if DNS is not configured, or at least it shouldn't blow up: # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com Directory Manager (existing master) password: Preparing replica for replica4.example.com from luna.example.com Creating SSL certificate for the Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-replica4.example.com.gpg Adding DNS records for replica4.example.com preparation of replica failed: no such entry no such entry File "/usr/sbin/ipa-replica-prepare", line 338, in main() File "/usr/sbin/ipa-replica-prepare", line 329, in main zone = add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 73, in add_zone idnsupdatepolicy=unicode(update_policy)) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 203, in execute ldap.add_entry(dn, entry_attrs) File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, in new_f return f(*new_args, **kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 334, in add_entry _handle_errors(e, **{}) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 71, in _handle_errors raise errors.NotFound(reason='no such entry') rob Thanks, new patches attached. Martin ack both, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > Hi, > > these patches will allow one to specify an ip address of the replica to > > ipa-replica-prepare. The dns records will then be added. This should > > make life better for QA :) > > > > Martin > > nack, it shouldn't allow the option if DNS is not configured, or at > least it shouldn't blow up: > > # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com > Directory Manager (existing master) password: > > Preparing replica for replica4.example.com from luna.example.com > Creating SSL certificate for the Directory Server > Creating SSL certificate for the Web Server > Exporting RA certificate > Copying additional files > Finalizing configuration > Packaging replica information into > /var/lib/ipa/replica-info-replica4.example.com.gpg > Adding DNS records for replica4.example.com > preparation of replica failed: no such entry > no such entry >File "/usr/sbin/ipa-replica-prepare", line 338, in > main() > >File "/usr/sbin/ipa-replica-prepare", line 329, in main > zone = add_zone(domain) > >File > "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", > line 73, in add_zone > idnsupdatepolicy=unicode(update_policy)) > >File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, > in __call__ > ret = self.run(*args, **options) > >File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, > in run > return self.execute(*args, **options) > >File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line > 203, in execute > ldap.add_entry(dn, entry_attrs) > >File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, > in new_f > return f(*new_args, **kwargs) > >File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 334, in add_entry > _handle_errors(e, **{}) > >File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 71, in _handle_errors > raise errors.NotFound(reason='no such entry') > > rob Thanks, new patches attached. Martin >From 738dd1f022a946ff0b574128e9ed358efb5d3451 Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Mon, 8 Feb 2010 14:21:46 +0100 Subject: [PATCH 1/2] Get rid of ipapython.config in ipa-replica-prepare Also get rid of functions get_host_name(), get_realm_name() and get_domain_name(). They used the old ipapython.config. Instead, use the variables from api.env. We also change them to bootstrap() and finalize() correctly. Additionally, we add the dns_container_exists() function that will be used in ipa-replica-prepare (next patch). --- install/tools/ipa-replica-install | 30 ++--- install/tools/ipa-replica-prepare | 86 ++--- ipaserver/install/bindinstance.py | 52 --- 3 files changed, 63 insertions(+), 105 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index af7128c..4b348f6 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -311,12 +311,21 @@ def main(): except ldap.INVALID_CREDENTIALS, e : sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) +# Create the management framework config file +# Note: We must do this before bootstraping and finalizing ipalib.api +fd = open("/etc/ipa/default.conf", "w") +fd.write("[global]\n") +fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") +fd.write("realm=" + config.realm_name + "\n") +fd.write("domain=" + config.domain_name + "\n") +fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name) +fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) if ipautil.file_exists(config.dir + "/ca.p12"): -ca_type = 'dogtag' -else: -ca_type = 'selfsign' +fd.write("enable_ra=True\n") +fd.write("ra_plugin=dogtag\n") +fd.close() -api.bootstrap(in_server=True, ra_plugin=ca_type) +api.bootstrap(in_server=True) api.finalize() # Install CA cert so that we can do SSL connections with ldap @@ -355,19 +364,6 @@ def main(): # generated ds.add_cert_to_service() -# Create the management framework config file -fd = open("/etc/ipa/default.conf", "w") -fd.write("[global]\n") -fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") -fd.write("realm=" + config.realm_name + "\n") -fd.write("domain=" + config.domain_name + "\n") -fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name) -fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) -if ipautil.file_exists(config.dir + "/ca.p12"): -fd.write("enable_ra=True\n") -fd.write("ra_plugin=dogtag\n") -fd.close()
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin nack, it shouldn't allow the option if DNS is not configured, or at least it shouldn't blow up: # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com Directory Manager (existing master) password: Preparing replica for replica4.example.com from luna.example.com Creating SSL certificate for the Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-replica4.example.com.gpg Adding DNS records for replica4.example.com preparation of replica failed: no such entry no such entry File "/usr/sbin/ipa-replica-prepare", line 338, in main() File "/usr/sbin/ipa-replica-prepare", line 329, in main zone = add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 73, in add_zone idnsupdatepolicy=unicode(update_policy)) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 203, in execute ldap.add_entry(dn, entry_attrs) File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, in new_f return f(*new_args, **kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 334, in add_entry _handle_errors(e, **{}) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 71, in _handle_errors raise errors.NotFound(reason='no such entry') rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin This looks suspiciously like something to add to the user doc. Can you elaborate a little? I don't have my ipa-server or test machine available atm to check man pages :-\ If necessary pls raise a bugzilla. thanks -- David O'Brien Senior Technical Writer, Engineering Content Services Red Hat Asia Pacific Pty Ltd 193 North Quay, Brisbane +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git He who asks is a fool for five minutes, but he who does not ask remains a fool forever." ~ Chinese proverb ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel