FreeIPA: re-enable dnssec

The weird bug turned out to be caused by an internal DNS zone
in the new infra not being signed:
https://pagure.io/fedora-infrastructure/issue/9411
This is now resolved, so we can drop the workaround.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-11-09 16:54:21 -08:00
parent 46d89432ae
commit fa42229275
2 changed files with 2 additions and 2 deletions

View File

@ -56,7 +56,7 @@ sub run {
# deploy as a replica
my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
my $args = "--ip-address=$ip --setup-dns --no-dnssec-validation --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
assert_script_run "ipa-replica-install $args", 1500;
# enable and start the systemd service

View File

@ -38,7 +38,7 @@ sub run {
}
assert_script_run "systemctl restart firewalld.service";
# deploy the server
my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --no-dnssec-validation --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
assert_script_run "ipa-server-install $args", 1200;
# enable and start the systemd service
assert_script_run "systemctl enable ipa.service";