FreeIPA: disable dnssec validation till weird bug is fixed
I noticed today that if we deploy FreeIPA with dnssec validation enabled, dnf can't resolve dl.fedoraproject.org afterwards, which is a problem because it means we wind up falling through to random mirrors for metadata and package download once the server is deployed, which can be slow and give old packages. This seems to be why the server upgrade test on F33 is sometimes failing because we get an older FreeIPA package on upgrade, even though the newer one has been stable for a week. It's difficult to pin down exactly where this bug is and fix it, I've mailed some folks to try and work it out, but until that's figured out, let's just disable dnssec validation. Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
parent
0d8ceec820
commit
a9704de4bd
@ -56,7 +56,7 @@ sub run {
|
||||
|
||||
# deploy as a replica
|
||||
my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
|
||||
my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
|
||||
my $args = "--ip-address=$ip --setup-dns --no-dnssec-validation --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
|
||||
assert_script_run "ipa-replica-install $args", 1500;
|
||||
|
||||
# enable and start the systemd service
|
||||
|
@ -38,7 +38,7 @@ sub run {
|
||||
}
|
||||
assert_script_run "systemctl restart firewalld.service";
|
||||
# deploy the server
|
||||
my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
|
||||
my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --no-dnssec-validation --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
|
||||
assert_script_run "ipa-server-install $args", 1200;
|
||||
# enable and start the systemd service
|
||||
assert_script_run "systemctl enable ipa.service";
|
||||
|
Loading…
Reference in New Issue
Block a user