FreeIPA 4.8.4 release
sudo dnf upgrade --advisory=FEDORA-2019-ef8b8ce122
This update has been submitted for testing by abbra.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
I think this update broke the --allow-zone-overlap option to ipa-server-install.
We have a little problem with the openQA FreeIPA test environment, which is that the IPs we use for the VMs that run the tests actually overlap with RH's internal DNS zones. So if we just use ipa-server-install to deploy our server we get an error "DNS zone 2.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): blahblahblah". Fortunately, ipa-server-install has the --allow-zone-overlap option which is supposed to accept this situation and go ahead anyway, so the tests use that. But the tests for this update failed with that error even though the option was passed, which suggests the option is broken...
zdzichu points out this commit as the likely suspect, and indeed I think he's right. That commit missed changing at least one place to catch a dnsutil.DNSZoneAlreadyExists exception instead of a ValueError: the bit of ipaserver/install/dns.py where it checks the reverse zone. Here's the relevant bit of the traceback:
File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line 562, in main
File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 276, in decorated
File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 673, in install_check
dns.install_check(False, api, False, options, host_name)
File "/usr/lib/python3.7/site-packages/ipaserver/install/dns.py", line 145, in install_check
File "/usr/lib/python3.7/site-packages/ipapython/dnsutil.py", line 383, in check_zone_overlap
raise DNSZoneAlreadyExists(zone=zone.to_text(), ns=ns)
the block with the dnsutil.check_zone_overlap(reverse_zone) call isn't touched by that commit, but obviously should have been.
I'm flying back to Finland from USA tonight and most likely will not have time to do the fix myself (on the phone now). Feel free to submit the fix upstream (and add it to the fedora builds), we'll handle that next week.
This update has been pushed to testing.
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
adamwill edited this update.
Karma has been reset.
This update has been submitted for testing by adamwill.
Thank you, @adamwill, new build works fine.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by abbra.
This update has been pushed to stable.
Please login to add feedback.
Submitting this will the tests again.
Copyright © 2007-2019 Red Hat, Inc. and
bodhi is Free Software.
if you have any problems. Read the documentation.