Hide Forgot
Description of problem: opendnssec warning messages displayed suring ipa module installation Version-Release number of selected component (if applicable): ipa-server-4.7.90.pre1-3.module+el8.1.0+3389+a3c612fa.x86_64 opendnssec-1.4.14-1.module+el8.1.0+3389+a3c612fa.x86_64 How reproducible: Always Steps to Reproduce: 1. Setup IPA master for RHEL81Beta # dnf -y module reset idm # dnf -y module enable idm:DL1 # dnf -y module install idm:DL1/dns Actual results: While the module installation is in progress, following message is seen at console: Installing : opendnssec-1.4.14-1.module+el8.1.0+3389+a3c612fa 118/139 Running scriptlet: opendnssec-1.4.14-1.module+el8.1.0+3389+a3c612fa 118/139 The token has been initialized and is reassigned to slot 1035987422 INFO: The XML in /etc/opendnssec/conf.xml is valid INFO: The XML in /etc/opendnssec/zonelist.xml is valid INFO: The XML in /etc/opendnssec/kasp.xml is valid WARNING: In policy default, Y used in duration field for Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days WARNING: In policy lab, Y used in duration field for Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days *WARNING* This will erase all data in the database; are you sure? [y/N] fixing permissions on file /var/opendnssec/kasp.db zonelist filename set to /etc/opendnssec/zonelist.xml. kasp filename set to /etc/opendnssec/kasp.xml. Repository SoftHSM found No Maximum Capacity set. RequireBackup NOT set; please make sure that you know the potential problems of using keys which are not recoverable Policy default found Info: converting P1Y to seconds; M interpreted as 31 days, Y interpreted as 365 days Policy lab found Info: converting P1Y to seconds; M interpreted as 31 days, Y interpreted as 365 days Installing : giflib-5.1.4-3.el8.x86_64 119/139 Installing : java-1.8.0-openjdk-1:1.8.0.212.b04-3.el8.x86_64 120/139 Expected results: The above message should be suppressed and should not be observed
Moving to opendnssec component. The warnings: WARNING: In policy default, Y used in duration field for Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days WARNING: In policy lab, Y used in duration field for Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days should not be displayed of the config is ok.
Note that these messages were displayed in RHEL 8.0 as well, there is no regression. They should have been displayed in RHEL 7.x too because opendnssec 1.4.7 has exactly same code. I do not see the message as something that requires a change for the sake of change.
We do not want to deviate from upstream here.