I noticed a few bugs when DNS was reinstalling:
- Service.move_service returned None, because the service entry was
already in the right place - BindInstance didn't expect that.
- We were passing a unicode string to python-ldap although we know it
hates that.
- We were catching all exception alike when modifying the "dnsserver"
role group. It's no longer an error if the DNS principal is already present.
I think Martin has some work in progess on the bindinstance.py file, so
please don't push until he acks it. He might want to included these
changes in his own patch. I had to fix these to test my own code in the
installer and posted the patch to point out the bugs.
Pavel
From 2deba7ac45bb8dc2c52afb9fa7ecedb1d867fcbf Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Wed, 14 Apr 2010 18:52:12 +0200
Subject: [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
---
ipaserver/install/bindinstance.py | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/bindinstance.py
b/ipaserver/install/bindinstance.py
index 105cf4e..ff1e4e4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -263,7 +263,12 @@ class BindInstance(service.Service):
# Store the keytab on disk
self.fstore.backup_file("/etc/named.keytab")
installutils.create_keytab("/etc/named.keytab", dns_principal)
- dns_principal = self.move_service(dns_principal)
+ p = self.move_service(dns_principal)
+ if p is None:
+ # the service has already been moved, perhaps we're doing a DNS
reinstall
+ dns_principal = "krbprincipalname=%s,cn=services,cn=accounts,%s" %
(dns_principal, self.suffix)
+ else:
+ dns_principal = p
# Make sure access is strictly reserved to the named user
pent = pwd.getpwnam(self.named_user)
@@ -284,10 +289,12 @@ class BindInstance(service.Service):
raise e
dns_group = "cn=dnsserver,cn=rolegroups,cn=accounts,%s" % self.suffix
- mod = [(ldap.MOD_ADD, 'member', dns_principal)]
+ mod = [(ldap.MOD_ADD, 'member', str(dns_principal))]
try:
conn.modify_s(dns_group, mod)
+ except ldap.TYPE_OR_VALUE_EXISTS:
+ pass
except Exception, e:
logging.critical("Could not modify principal's %s entry" %
dns_principal)
raise e
--
1.6.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel