[Freeipa-devel] [PATCH] 404 Do not add ipa-ca records on CA-less installs
Martin Kosek
mkosek at redhat.com
Thu May 9 15:57:37 UTC 2013
On 05/09/2013 05:44 PM, Jan Cholasta wrote:
> On 9.5.2013 15:14, Martin Kosek wrote:
>> On 05/09/2013 02:39 PM, Petr Viktorin wrote:
>>> On 05/09/2013 02:06 PM, Martin Kosek wrote:
>>>> This should get to 3.2 GA.
>>>>
>>>> --
>>>> ipa-dns-install crashed when it was run on a CA-less server.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3617
>>>>
>>>
>>> This solves the issue, ACK
>>>
>>
>> Thanks. Pushed to master.
>>
>> Martin
>>
>
> Sorry for this, but NACK. With this patch ipa-ca records are not created for
> existing masters unless ipa-dns-install is run on a replica which has CA
> configured. You should instead put the ldap.get_entries() call in a try/except
> block and ignore the NotFound exception which causes the crash.
>
> You can test it by installing IPA without --setup-dns and without --external-ca
> on server1 and then installing a replica with --setup-dns and without
> --setup-ca on server2. After this, ipa-ca record for server1 should be created.
>
> Honza
>
Sending updated patch, please review if you can.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-405-fix-ipa-ca-dns-name-creation.patch
Type: text/x-patch
Size: 1766 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130509/82a9d1d7/attachment.bin>
More information about the Freeipa-devel
mailing list