[Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install

Jenny Galipeau jgalipea at redhat.com
Tue Feb 1 13:47:46 UTC 2011 

Jakub Hrozek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/01/2011 04:15 AM, Rob Crittenden wrote:
>   
>> Jakub Hrozek wrote:
>>     
>>> On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote:
>>>       
>>>> On Mon, 31 Jan 2011 22:44:43 +0100
>>>> Jakub Hrozek<jhrozek at redhat.com>  wrote:
>>>>
>>>>         
>>>>> https://fedorahosted.org/freeipa/ticket/881
>>>>>
>>>>> We've run into a chicken-and-egg problem during installation. If the
>>>>> hostname of the IPA server is not resolvable with DNS during
>>>>> installation, we'd add it as a NS server for a zone in both the SOA
>>>>> entry and a NS record -- but no records from the new zone are
>>>>> resolvable until Bind is restarted, including the new A/AAAA records
>>>>> for the nameserver.
>>>>>
>>>>> I tried restarting the named service during Bind instance creation but
>>>>> that didn't help..not exactly sure why. Anyway, attached is a patch
>>>>> that forces the NS record creation.
>>>>>
>>>>> Please note that the --force flag is available via XML-RPC only, it is
>>>>> completely hidden from the user otherwise.
>>>>>           
>>>> Minor issue but requires NACK.
>>>>
>>>> You changed the add_zone() signature to always require some parameters,
>>>> but did not update it in ipa-replica-prepare
>>>>
>>>> Simo.
>>>>         
>>> Good catch, thank you!
>>>
>>> Attached is a new patch. I also found out that I don't have to require
>>> all the parameters as some (such as admin email) have nice defaults in
>>> the DNS plugin.
>>>       
>> This fixes it but I did have problems with overall approach.
>>
>> To test this I changed the host entry of my machine from slinky to
>> spanky and ran the installer with --hostname=spanky.domain.
>>
>> This worked for the initial install and I was able to find the previous
>> problem with ipa-replica-prepare.
>>
>> But I ran into other problems when testing this fix. The `hostname` of
>> the machine is still slinky and very little actually worked. Restarting
>> httpd failed and running ipa-replica-prepare failed because both were
>> trying to contact the LDAP server on slinky, etc.
>>
>> Once I ran hostname spanky.domain everything worked fine.
>>
>> So ack for this bug but how should we handle these other problems?
>>
>> Oh, and I've pushed it to master.
>>
>> rob
>>
>>     
>
> This makes me wonder if we tested the same setup as QE did - I was under
> the impression that before I introduced the "NS must be resolvable"
> constraint, their setup just worked even after installation.
>   
It seemed to just work before :-)
> I think I tested a little differently, too - I just added a
> ipaserver.testdomain entry to /etc/hosts and ran "ipa-server-install
> - --hostname ipaserver.testdomain --no-host-dns -r TESTDOMAIN -n TESTDOMAIN"
>   
you used --no-host-dns .......
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk1HzggACgkQHsardTLnvCWR2ACfUjcxyhByWq/p/Mj0h9uwfsMy
> p0EAnAz/rHVnN/GRz0d71jHWgaRk9n55
> =5n7k
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>   


-- 
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/

More information about the Freeipa-devel mailing list