Re: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
On Mon, 2010-04-19 at 11:28 +0200, Pavel Zuna wrote: > On 04/14/2010 07:35 PM, Rob Crittenden wrote: > > Pavel Zůna wrote: > >> I noticed a few bugs when DNS was reinstalling: > >> > >> - Service.move_service returned None, because the service entry was > >> already in the right place - BindInstance didn't expect that. > >> > >> - We were passing a unicode string to python-ldap although we know it > >> hates that. > >> > >> - We were catching all exception alike when modifying the "dnsserver" > >> role group. It's no longer an error if the DNS principal is already > >> present. > >> > >> I think Martin has some work in progess on the bindinstance.py file, > >> so please don't push until he acks it. He might want to included these > >> changes in his own patch. I had to fix these to test my own code in > >> the installer and posted the patch to point out the bugs. > > > > Interesting. Do we want to support re-installing the DNS server? Or > > should we catch it and exit? Not crashing is definitely a good way to > > start though :-) > > > > rob > Improved version of the patch attached. > > Pavel Ack, pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
On 04/14/2010 07:35 PM, Rob Crittenden wrote: Pavel Zůna wrote: I noticed a few bugs when DNS was reinstalling: - Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. - We were passing a unicode string to python-ldap although we know it hates that. - We were catching all exception alike when modifying the "dnsserver" role group. It's no longer an error if the DNS principal is already present. I think Martin has some work in progess on the bindinstance.py file, so please don't push until he acks it. He might want to included these changes in his own patch. I had to fix these to test my own code in the installer and posted the patch to point out the bugs. Interesting. Do we want to support re-installing the DNS server? Or should we catch it and exit? Not crashing is definitely a good way to start though :-) rob Improved version of the patch attached. Pavel 0001-Fix-ipa-dns-install.-It-was-failing-when-DNS-was-rei.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
Pavel Zůna wrote: I noticed a few bugs when DNS was reinstalling: - Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. - We were passing a unicode string to python-ldap although we know it hates that. - We were catching all exception alike when modifying the "dnsserver" role group. It's no longer an error if the DNS principal is already present. I think Martin has some work in progess on the bindinstance.py file, so please don't push until he acks it. He might want to included these changes in his own patch. I had to fix these to test my own code in the installer and posted the patch to point out the bugs. Interesting. Do we want to support re-installing the DNS server? Or should we catch it and exit? Not crashing is definitely a good way to start though :-) rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
I noticed a few bugs when DNS was reinstalling:
- Service.move_service returned None, because the service entry was
already in the right place - BindInstance didn't expect that.
- We were passing a unicode string to python-ldap although we know it
hates that.
- We were catching all exception alike when modifying the "dnsserver"
role group. It's no longer an error if the DNS principal is already present.
I think Martin has some work in progess on the bindinstance.py file, so
please don't push until he acks it. He might want to included these
changes in his own patch. I had to fix these to test my own code in the
installer and posted the patch to point out the bugs.
Pavel
From 2deba7ac45bb8dc2c52afb9fa7ecedb1d867fcbf Mon Sep 17 00:00:00 2001
From: Pavel Zuna
Date: Wed, 14 Apr 2010 18:52:12 +0200
Subject: [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
---
ipaserver/install/bindinstance.py | 11 +--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/bindinstance.py
b/ipaserver/install/bindinstance.py
index 105cf4e..ff1e4e4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -263,7 +263,12 @@ class BindInstance(service.Service):
# Store the keytab on disk
self.fstore.backup_file("/etc/named.keytab")
installutils.create_keytab("/etc/named.keytab", dns_principal)
-dns_principal = self.move_service(dns_principal)
+p = self.move_service(dns_principal)
+if p is None:
+# the service has already been moved, perhaps we're doing a DNS
reinstall
+dns_principal = "krbprincipalname=%s,cn=services,cn=accounts,%s" %
(dns_principal, self.suffix)
+else:
+dns_principal = p
# Make sure access is strictly reserved to the named user
pent = pwd.getpwnam(self.named_user)
@@ -284,10 +289,12 @@ class BindInstance(service.Service):
raise e
dns_group = "cn=dnsserver,cn=rolegroups,cn=accounts,%s" % self.suffix
-mod = [(ldap.MOD_ADD, 'member', dns_principal)]
+mod = [(ldap.MOD_ADD, 'member', str(dns_principal))]
try:
conn.modify_s(dns_group, mod)
+except ldap.TYPE_OR_VALUE_EXISTS:
+pass
except Exception, e:
logging.critical("Could not modify principal's %s entry" %
dns_principal)
raise e
--
1.6.6
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
