From fa422292756778dcb1908458de20fd8ffd74ea5e Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Mon, 9 Nov 2020 16:54:21 -0800
Subject: [PATCH] FreeIPA: re-enable dnssec

The weird bug turned out to be caused by an internal DNS zone
in the new infra not being signed:
https://pagure.io/fedora-infrastructure/issue/9411
This is now resolved, so we can drop the workaround.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 tests/realmd_join_sssd.pm              | 2 +-
 tests/role_deploy_domain_controller.pm | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/realmd_join_sssd.pm b/tests/realmd_join_sssd.pm
index 8ebe17ab..855fb903 100644
--- a/tests/realmd_join_sssd.pm
+++ b/tests/realmd_join_sssd.pm
@@ -56,7 +56,7 @@ sub run {
 
         # deploy as a replica
         my ($ip, $hostname) = split(/ /, get_var("POST_STATIC"));
-        my $args = "--ip-address=$ip --setup-dns --no-dnssec-validation --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
+        my $args = "--ip-address=$ip --setup-dns --auto-forwarders --setup-ca --allow-zone-overlap -U --principal admin --admin-password monkeys123";
         assert_script_run "ipa-replica-install $args", 1500;
 
         # enable and start the systemd service
diff --git a/tests/role_deploy_domain_controller.pm b/tests/role_deploy_domain_controller.pm
index f24c429f..0580e757 100644
--- a/tests/role_deploy_domain_controller.pm
+++ b/tests/role_deploy_domain_controller.pm
@@ -38,7 +38,7 @@ sub run {
     }
     assert_script_run "systemctl restart firewalld.service";
     # deploy the server
-    my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --no-dnssec-validation --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
+    my $args = "-U --auto-forwarders --realm=DOMAIN.LOCAL --domain=domain.local --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
     assert_script_run "ipa-server-install $args", 1200;
     # enable and start the systemd service
     assert_script_run "systemctl enable ipa.service";