[Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.

Wed, 14 Apr 2010 10:20:38 -0700 

I noticed a few bugs when DNS was reinstalling:
- Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. 


- We were passing a unicode string to python-ldap although we know it 
hates that.



- We were catching all exception alike when modifying the "dnsserver" 
role group. It's no longer an error if the DNS principal is already present.



I think Martin has some work in progess on the bindinstance.py file, so 
please don't push until he acks it. He might want to included these 
changes in his own patch. I had to fix these to test my own code in the 
installer and posted the patch to point out the bugs.


Pavel

From 2deba7ac45bb8dc2c52afb9fa7ecedb1d867fcbf Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Wed, 14 Apr 2010 18:52:12 +0200
Subject: [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.

---
 ipaserver/install/bindinstance.py |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/bindinstance.py 
b/ipaserver/install/bindinstance.py
index 105cf4e..ff1e4e4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -263,7 +263,12 @@ class BindInstance(service.Service):
         # Store the keytab on disk
         self.fstore.backup_file("/etc/named.keytab")
         installutils.create_keytab("/etc/named.keytab", dns_principal)
-        dns_principal = self.move_service(dns_principal)
+        p = self.move_service(dns_principal)
+        if p is None:
+            # the service has already been moved, perhaps we're doing a DNS 
reinstall
+            dns_principal = "krbprincipalname=%s,cn=services,cn=accounts,%s" % 
(dns_principal, self.suffix)
+        else:
+            dns_principal = p
 
         # Make sure access is strictly reserved to the named user
         pent = pwd.getpwnam(self.named_user)
@@ -284,10 +289,12 @@ class BindInstance(service.Service):
             raise e
 
         dns_group = "cn=dnsserver,cn=rolegroups,cn=accounts,%s" % self.suffix
-        mod = [(ldap.MOD_ADD, 'member', dns_principal)]
+        mod = [(ldap.MOD_ADD, 'member', str(dns_principal))]
 
         try:
             conn.modify_s(dns_group, mod)
+        except ldap.TYPE_OR_VALUE_EXISTS:
+            pass
         except Exception, e:
             logging.critical("Could not modify principal's %s entry" % 
dns_principal)
             raise e
-- 
1.6.6


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to