[Freeipa-devel] [PATCH] 490 add DNS lookup to new hosts/services
Rob Crittenden
rcritten at redhat.com
Thu Aug 5 12:45:19 UTC 2010
Adam Young wrote:
> On 07/30/2010 04:02 PM, Adam Young wrote:
>> On 07/22/2010 02:25 PM, Rob Crittenden wrote:
>>> Make sure that the host behind new host and service records is
>>> actually a resolvable DNS A record. There is a --force flag if you
>>> know what you are doing (or just feel like charging ahead anyway).
>>>
>>> We use a lot of made-up names in the self-tests, had to add the force
>>> flag to all of them.
>>>
>>> rob
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> I can't get this patch to apply:
>>
>> [ayoung at ayoung freeipa]$ git apply ~/Documents/IPA/freeipa-490-dns.patch
>> error: patch failed: ipalib/util.py:28
>> error: ipalib/util.py: patch does not apply
>>
>>
>>
>> I've tried it both with and without patch 484
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> OK, disregard that, I was able to apply it on top of 484, build and deploy.
>
> I'd give it an ACK except that I can't figure out how to work around
> service-add where the service is not yet resolvable. I understand that
> this is not desired, but I'm fairly certain that not being able to do
> this will mess up someone.
>
> ipa service-add-host --force --hosts=web.example.com HTTP/web.example.com
> Usage: ipa [global-options] service-add-host PRINCIPAL
>
> ipa: error: no such option: --force
>
>
Good catch, this was an oversight. The add-host option is for adding
hosts that are allowed to manage this service (keytab, certificate). I
completely forgot to disable enforcement of DNS on that. I'll resubmit
the patch once I get that worked out.
rob
More information about the Freeipa-devel
mailing list