Re: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
On Mon, 2010-04-19 at 11:28 +0200, Pavel Zuna wrote: > On 04/14/2010 07:35 PM, Rob Crittenden wrote: > > Pavel Zůna wrote: > >> I noticed a few bugs when DNS was reinstalling: > >> > >> - Service.move_service returned None, because the service entry was > >> already in the right place - BindInstance didn't expect that. > >> > >> - We were passing a unicode string to python-ldap although we know it > >> hates that. > >> > >> - We were catching all exception alike when modifying the "dnsserver" > >> role group. It's no longer an error if the DNS principal is already > >> present. > >> > >> I think Martin has some work in progess on the bindinstance.py file, > >> so please don't push until he acks it. He might want to included these > >> changes in his own patch. I had to fix these to test my own code in > >> the installer and posted the patch to point out the bugs. > > > > Interesting. Do we want to support re-installing the DNS server? Or > > should we catch it and exit? Not crashing is definitely a good way to > > start though :-) > > > > rob > Improved version of the patch attached. > > Pavel Ack, pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
On 04/14/2010 07:35 PM, Rob Crittenden wrote: Pavel Zůna wrote: I noticed a few bugs when DNS was reinstalling: - Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. - We were passing a unicode string to python-ldap although we know it hates that. - We were catching all exception alike when modifying the "dnsserver" role group. It's no longer an error if the DNS principal is already present. I think Martin has some work in progess on the bindinstance.py file, so please don't push until he acks it. He might want to included these changes in his own patch. I had to fix these to test my own code in the installer and posted the patch to point out the bugs. Interesting. Do we want to support re-installing the DNS server? Or should we catch it and exit? Not crashing is definitely a good way to start though :-) rob Improved version of the patch attached. Pavel 0001-Fix-ipa-dns-install.-It-was-failing-when-DNS-was-rei.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
Pavel Zůna wrote: I noticed a few bugs when DNS was reinstalling: - Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. - We were passing a unicode string to python-ldap although we know it hates that. - We were catching all exception alike when modifying the "dnsserver" role group. It's no longer an error if the DNS principal is already present. I think Martin has some work in progess on the bindinstance.py file, so please don't push until he acks it. He might want to included these changes in his own patch. I had to fix these to test my own code in the installer and posted the patch to point out the bugs. Interesting. Do we want to support re-installing the DNS server? Or should we catch it and exit? Not crashing is definitely a good way to start though :-) rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
I noticed a few bugs when DNS was reinstalling: - Service.move_service returned None, because the service entry was already in the right place - BindInstance didn't expect that. - We were passing a unicode string to python-ldap although we know it hates that. - We were catching all exception alike when modifying the "dnsserver" role group. It's no longer an error if the DNS principal is already present. I think Martin has some work in progess on the bindinstance.py file, so please don't push until he acks it. He might want to included these changes in his own patch. I had to fix these to test my own code in the installer and posted the patch to point out the bugs. Pavel From 2deba7ac45bb8dc2c52afb9fa7ecedb1d867fcbf Mon Sep 17 00:00:00 2001 From: Pavel Zuna Date: Wed, 14 Apr 2010 18:52:12 +0200 Subject: [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling. --- ipaserver/install/bindinstance.py | 11 +-- 1 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 105cf4e..ff1e4e4 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -263,7 +263,12 @@ class BindInstance(service.Service): # Store the keytab on disk self.fstore.backup_file("/etc/named.keytab") installutils.create_keytab("/etc/named.keytab", dns_principal) -dns_principal = self.move_service(dns_principal) +p = self.move_service(dns_principal) +if p is None: +# the service has already been moved, perhaps we're doing a DNS reinstall +dns_principal = "krbprincipalname=%s,cn=services,cn=accounts,%s" % (dns_principal, self.suffix) +else: +dns_principal = p # Make sure access is strictly reserved to the named user pent = pwd.getpwnam(self.named_user) @@ -284,10 +289,12 @@ class BindInstance(service.Service): raise e dns_group = "cn=dnsserver,cn=rolegroups,cn=accounts,%s" % self.suffix -mod = [(ldap.MOD_ADD, 'member', dns_principal)] +mod = [(ldap.MOD_ADD, 'member', str(dns_principal))] try: conn.modify_s(dns_group, mod) +except ldap.TYPE_OR_VALUE_EXISTS: +pass except Exception, e: logging.critical("Could not modify principal's %s entry" % dns_principal) raise e -- 1.6.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel