[Freeipa-devel] [PATCHES] 126-127 Use A/AAAA records instead of CNAME records in ipa-ca
Martin Kosek
mkosek at redhat.com
Fri Apr 12 12:53:28 UTC 2013
On 04/12/2013 02:30 PM, Jan Cholasta wrote:
> On 12.4.2013 14:19, Petr Viktorin wrote:
>> On 04/12/2013 01:24 PM, Jan Cholasta wrote:
>>> Hi,
>>>
>>> the attached patches fix <https://fedorahosted.org/freeipa/ticket/3547>.
>>>
>>> Honza
>>
>> We used short names in the CNAMEs:
>>
>> $ ipa dnsrecord-find idm.lab.eng.brq.redhat.com ipa-ca
>> Record name: ipa-ca
>> CNAME record: vm-109
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>>
>>
>> But it seems the patch assumes a FQDN with a dot at the end. When
>> upgrading a 3.1 server I get:
>>
>> 2013-04-12T12:16:43Z INFO File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 613, in run_script
>> return_value = main_function()
>>
>> File "/usr/sbin/ipa-upgradeconfig", line 853, in main
>> add_ca_dns_records()
>>
>> File "/usr/sbin/ipa-upgradeconfig", line 752, in add_ca_dns_records
>> bind.convert_ipa_ca_cnames(api.env.domain)
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
>> line 785, in convert_ipa_ca_cnames
>> self.add_ipa_ca_dns_records(cname[:-1], domain_name, None)
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
>> line 772, in add_ipa_ca_dns_records
>> host, zone = fqdn.split(".", 1)
>>
>> Unexpected error
>> ValueError: need more than 1 value to unpack
>>
>
> Hmm, in my test setup the CNAMEs contained FQDNs. Fixed.
IIRC, ipa-ca will contain FQDNs if the server is from different domain in DNS.
I.e. for example if managed domain is example.com, but one replica runs in
domain testrelm.com.
This is something that needs to be supported&tested too.
Martin
More information about the Freeipa-devel
mailing list