Bug 1442880
Summary: | setup-ds-admin.pl -u with nsslapd-localhost changed | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | mreynolds | |
Component: | 389-ds-base | Assignee: | mreynolds | |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 7.4 | CC: | batkisso, mreynolds, msauton, nhosoi, nkinder, rmeggins, spichugi, vashirov | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | 389-ds-base-1.3.6.1-9.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1394006 | |||
: | 1444951 1445178 (view as bug list) | Environment: | ||
Last Closed: | 2017-08-01 21:16:38 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1394006 | |||
Bug Blocks: | 1444951, 1445178 |
Description
mreynolds
2017-04-17 21:00:03 UTC
Upstream ticket: https://pagure.io/389-ds-base/issue/49221 Fixed upstream *** Bug 1394006 has been marked as a duplicate of this bug. *** *** Bug 1444951 has been marked as a duplicate of this bug. *** Hi Mark, after reading the source and the comments I had a thought that this can be verified with a simple DS setup without using Console interface etc. Am I right? The steps: 1. Install the instance with setup-ds-admin.pl 2. Set any FQDN to nsslapd-localhost at cn=config via ldapmodify 3. Run setup-ds-admin.pl -s -u -f /tmp/setup.inf with the file from above 4. Check nsslapd-localhost with ldapsearch cli. It should not be changed to the new FQDN from /tmp/setup.inf Please, verify if I understood it right and no graphical Console interface is required. (In reply to Simon Pichugin from comment #8) > Hi Mark, > after reading the source and the comments I had a thought that this can be > verified with a simple DS setup without using Console interface etc. Am I > right? Correct - it's really a setup INF file processing issue. > > The steps: > 1. Install the instance with setup-ds-admin.pl > 2. Set any FQDN to nsslapd-localhost at cn=config via ldapmodify > 3. Run setup-ds-admin.pl -s -u -f /tmp/setup.inf with the file from above > 4. Check nsslapd-localhost with ldapsearch cli. It should not be changed to > the new FQDN from /tmp/setup.inf Well, correct it should not update nsslapd-localhost, but that's not what this is addressing. This is addressing an issue where the server is behind a load balancer with a different hostname. So its must do the online update/upgrade using the FullMachineName specified in the INF file, and NOT nsslapd-localhost. So basically we need to verify that the INF file machine name is overriding nsslapd-localhost during the upgrade. So your test doesn't even need to successfully perform the upgrade, but it needs to verify that the FullMachineName is always being used (whether the upgrade works or not). So its actually quite simple to test: Use a bogus hostname in the INF file, and make sure the upgrade fails :) > > Please, verify if I understood it right and no graphical Console interface > is required. Build tested: 389-ds-base-1.3.6.1-13.el7.x86_64 Verification steps: 1. Install the instance and admin server with setup-ds-admin.pl 2. Create setup.inf file with a bogus FQDN in FullMachineName [root@inst ~]# cat /tmp/setup.inf [General] StrictHostCheck= False FullMachineName= bogus.example.com SuiteSpotUserID= ldap SuiteSpotGroup= ldap AdminDomain= CORP_LDAP ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= Secret123 ConfigDirectoryLdapURL= ldap://inst.test.redhat.com:389/o=NetscapeRoot UserDirectoryAdminID= cn=Directory Manager UserDirectoryAdminPwd= Secret123 UserDirectoryLdapURL= ldap://inst.test.redhat.com:389/o=NetscapeRoot [slapd] SlapdConfigForMC= No SecurityOn= No UseExistingMC= Yes UseExistingUG= No ServerPort= 389 ServerIdentifier= corpldap Suffix= dc=example,dc=com RootDN= cn=Directory Manager AddSampleEntries= No InstallLdifFile= none AddOrgEntries= No DisableSchemaChecking= No RootDNPwd= Secret123 [admin] SysUser= ldap Port= 9830 ServerAdminID= admin ServerAdminPwd= Secret123 3. Run a silent upgrade from INF file. It should fail because FullMachineName is always being used: [root@inst ~]# setup-ds-admin.pl -s -u -f /tmp/setup.inf Updating instance (slapd-inst)... Could not open a connection to bogus.example.com:389 Could not open a connection to the server at bogus.example.com port 389 as 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot'. Please make sure the server is up and running before using online mode, or use offline mode. Could not reconfigure the admin server. Exiting . . . Log file is '/tmp/setupMACcxO.log' Results: FullMachineName is always being used. Marking as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2086 |