Description of problem: If the dns key is created with algorithm other than HMAC-MD5 (assumed to be the default), the nsupdate commands for adding/removing domain names fail for oo-accept-broker and the nsupdate_plugin. How reproducible: Change the algorithm used in the dnssec-key command when creating the bind key from soemthing other than HMAC-MD5, then try to use op-accept-broker. It won't work because the interactive nsupdate command needs the key attribute to specify what the algorithm is.
The updated packages have landed in the latest internal puddle and are in enterprise-server/enterprise-2.0.
openshift enterprise: step 1: make sure old env exits the dns key which be create by HMAC-MD5. step 2: create new dns key by other algorithm HMAC-SHA256. step 3: delete existing app and throw some failure message. [root@broker named]# rhc app delete apps7 This is a non-reversible action! Your application code and data will be permanently deleted if you continue! Are you sure you want to delete the application 'apps7'? (yes|no): yes Deleting application 'apps7' ... error deleting app record apps7-nweidomain.ose-20140115.com.cn step 4: upgrade broker-util openshift-origin-broker-util-1.17.6.3-1.el6op, rubygem-openshift-origin-dns-nsupdate-1.15.2-1.el6op step 5: app delete successfully and run 'oo-accept-broker' pass [root@br215 ~]# oo-accept-broker NOTICE: SELinux is Enforcing NOTICE: SELinux is Enforcing pass
sure, I have added testing dns key case.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0209.html