Bug 1573671
Summary: | Upgrade to freeipa-server-4.6.90.pre1-6.1.fc28.x86_64 breaks DNS-less configuration (/etc/named.conf missing) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | James <james> |
Component: | freeipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | abokovoy, ipa-maint, jcholast, jhrozek, pvoborni, rcritten, ssorce |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | freeipa-4.6.90.pre1-7.fc28 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-16 13:07:04 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
James
2018-05-01 22:10:02 UTC
OK, found the bug. Look in /usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py at the named_add_crypto_policy() function. All its neighbour functions use bindinstance.named_conf_exists() and bind.is_configured() to first check bind is configured. I modified named_add_crypto_policy() to read: def named_add_crypto_policy(): """Add crypto policy include """ if not bindinstance.named_conf_exists() or not bind.is_configured(): # DNS service may not be configured logger.info('DNS is not configured') return False (... rest of the function as before ...) and the upgrade worked. FreeIPA now working as before. Yes, this is fixed upstream with https://pagure.io/freeipa/issue/4853. We are planning to do another upstream freeipa release once blocker bugs in NSS and Dogtag are fixed. Meanwhile, I'll add the patch from https://pagure.io/freeipa/issue/4853 to the F28 build as I need anyway to bump slapi-nis dependency. slapi-nis-0.56.2-6.fc28 freeipa-4.6.90.pre1-7.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a22497315b freeipa-4.6.90.pre1-7.fc28, slapi-nis-0.56.2-6.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a22497315b freeipa-4.6.90.pre1-7.fc28, slapi-nis-0.56.2-6.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |