I noticed a few bugs when DNS was reinstalling:
- Service.move_service returned None, because the service entry was
already in the right place - BindInstance didn't expect that.
- We were passing a unicode string to python-ldap although we know it
hates that.
- We were catching all exception alike when modifying the dnsserver
role group. It's no longer an error if the DNS principal is already present.
I think Martin has some work in progess on the bindinstance.py file, so
please don't push until he acks it. He might want to included these
changes in his own patch. I had to fix these to test my own code in the
installer and posted the patch to point out the bugs.
Pavel
From 2deba7ac45bb8dc2c52afb9fa7ecedb1d867fcbf Mon Sep 17 00:00:00 2001
From: Pavel Zuna pz...@redhat.com
Date: Wed, 14 Apr 2010 18:52:12 +0200
Subject: [PATCH] Fix ipa-dns-install. It was failing when DNS was reinstalling.
---
ipaserver/install/bindinstance.py | 11 +--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/bindinstance.py
b/ipaserver/install/bindinstance.py
index 105cf4e..ff1e4e4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -263,7 +263,12 @@ class BindInstance(service.Service):
# Store the keytab on disk
self.fstore.backup_file(/etc/named.keytab)
installutils.create_keytab(/etc/named.keytab, dns_principal)
-dns_principal = self.move_service(dns_principal)
+p = self.move_service(dns_principal)
+if p is None:
+# the service has already been moved, perhaps we're doing a DNS
reinstall
+dns_principal = krbprincipalname=%s,cn=services,cn=accounts,%s %
(dns_principal, self.suffix)
+else:
+dns_principal = p
# Make sure access is strictly reserved to the named user
pent = pwd.getpwnam(self.named_user)
@@ -284,10 +289,12 @@ class BindInstance(service.Service):
raise e
dns_group = cn=dnsserver,cn=rolegroups,cn=accounts,%s % self.suffix
-mod = [(ldap.MOD_ADD, 'member', dns_principal)]
+mod = [(ldap.MOD_ADD, 'member', str(dns_principal))]
try:
conn.modify_s(dns_group, mod)
+except ldap.TYPE_OR_VALUE_EXISTS:
+pass
except Exception, e:
logging.critical(Could not modify principal's %s entry %
dns_principal)
raise e
--
1.6.6
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel