FEDORA-2019-ef8b8ce122 created by abbra 6 months ago for Fedora 31
stable

FreeIPA 4.8.4 release

How to install

sudo dnf upgrade --advisory=FEDORA-2019-ef8b8ce122

This update has been submitted for testing by abbra.

6 months ago

This update's test gating status has been changed to 'waiting'.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago
User Icon adamwill commented & provided feedback 6 months ago
karma

I think this update broke the --allow-zone-overlap option to ipa-server-install.

We have a little problem with the openQA FreeIPA test environment, which is that the IPs we use for the VMs that run the tests actually overlap with RH's internal DNS zones. So if we just use ipa-server-install to deploy our server we get an error "DNS zone 2.0.10.in-addr.arpa. already exists in DNS and is handled by server(s): blahblahblah". Fortunately, ipa-server-install has the --allow-zone-overlap option which is supposed to accept this situation and go ahead anyway, so the tests use that. But the tests for this update failed with that error even though the option was passed, which suggests the option is broken...

zdzichu points out this commit as the likely suspect, and indeed I think he's right. That commit missed changing at least one place to catch a dnsutil.DNSZoneAlreadyExists exception instead of a ValueError: the bit of ipaserver/install/dns.py where it checks the reverse zone. Here's the relevant bit of the traceback:

  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line 562, in main
    master_install_check(self)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 276, in decorated
    func(installer)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 673, in install_check
    dns.install_check(False, api, False, options, host_name)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/dns.py", line 145, in install_check
    dnsutil.check_zone_overlap(reverse_zone)
  File "/usr/lib/python3.7/site-packages/ipapython/dnsutil.py", line 383, in check_zone_overlap
    raise DNSZoneAlreadyExists(zone=zone.to_text(), ns=ns)

the block with the dnsutil.check_zone_overlap(reverse_zone) call isn't touched by that commit, but obviously should have been.

I'm flying back to Finland from USA tonight and most likely will not have time to do the fix myself (on the phone now). Feel free to submit the fix upstream (and add it to the fedora builds), we'll handle that next week.

This update has been pushed to testing.

6 months ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

6 months ago

adamwill edited this update.

New build(s):

  • freeipa-4.8.4-2.fc31

Removed build(s):

  • freeipa-4.8.4-1.fc31

Karma has been reset.

6 months ago

This update has been submitted for testing by adamwill.

6 months ago

This update has been pushed to testing.

6 months ago
User Icon abbra provided feedback 6 months ago

Thank you, @adamwill, new build works fine.

This update can be pushed to stable now if the maintainer wishes

6 months ago

This update has been submitted for stable by abbra.

6 months ago

This update has been pushed to stable.

5 months ago

Please login to add feedback.

Metadata
Type
enhancement
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
6 months ago
in testing
6 months ago
in stable
5 months ago

Automated Test Results