https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote:
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
Ugh, sorry, I thought I tested the patch..apparently I was wrong.
Maybe we can abuse the fact that IPA installer only ever puts the local replica hostname to the ipa_server parameter and not use any resolve plugin in the server mode?
See attached patch. I'm wondering whether to extend it with a warning for cases where some admin overriden the ipa_server directive.
Or even better, read the ipa_server list, if there is no _srv_ keyword, proceed as the attached patch, if there is a _srv_ keyword, then don't enable the AD sites? (This I think would be mostly sanity checking, I don't think anyone would run such a setup)
On 08/27/2013 02:57 PM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote:
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
Ugh, sorry, I thought I tested the patch..apparently I was wrong.
Maybe we can abuse the fact that IPA installer only ever puts the local replica hostname to the ipa_server parameter and not use any resolve plugin in the server mode?
See attached patch. I'm wondering whether to extend it with a warning for cases where some admin overriden the ipa_server directive.
Or even better, read the ipa_server list, if there is no _srv_ keyword, proceed as the attached patch, if there is a _srv_ keyword, then don't enable the AD sites? (This I think would be mostly sanity checking, I don't think anyone would run such a setup)
This solution sounds good.
At the moment if sssd is in ipa server mode, ipa_enable_dns_sites = false (default) and _srv_ is set, no plugin is specified and srv resolution won't work. Thus I will actually require you to implement the last paragraph before I give it a go :-)
Otherwise LGTM.
On Tue, Aug 27, 2013 at 03:10:51PM +0200, Pavel Březina wrote:
On 08/27/2013 02:57 PM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote:
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
Ugh, sorry, I thought I tested the patch..apparently I was wrong.
Maybe we can abuse the fact that IPA installer only ever puts the local replica hostname to the ipa_server parameter and not use any resolve plugin in the server mode?
See attached patch. I'm wondering whether to extend it with a warning for cases where some admin overriden the ipa_server directive.
Or even better, read the ipa_server list, if there is no _srv_ keyword, proceed as the attached patch, if there is a _srv_ keyword, then don't enable the AD sites? (This I think would be mostly sanity checking, I don't think anyone would run such a setup)
This solution sounds good.
At the moment if sssd is in ipa server mode, ipa_enable_dns_sites = false (default) and _srv_ is set, no plugin is specified and srv resolution won't work. Thus I will actually require you to implement the last paragraph before I give it a go :-)
Otherwise LGTM.
OK, see attached patch.
On 08/28/2013 12:31 PM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 03:10:51PM +0200, Pavel Březina wrote:
On 08/27/2013 02:57 PM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote:
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
Ugh, sorry, I thought I tested the patch..apparently I was wrong.
Maybe we can abuse the fact that IPA installer only ever puts the local replica hostname to the ipa_server parameter and not use any resolve plugin in the server mode?
See attached patch. I'm wondering whether to extend it with a warning for cases where some admin overriden the ipa_server directive.
Or even better, read the ipa_server list, if there is no _srv_ keyword, proceed as the attached patch, if there is a _srv_ keyword, then don't enable the AD sites? (This I think would be mostly sanity checking, I don't think anyone would run such a setup)
This solution sounds good.
At the moment if sssd is in ipa server mode, ipa_enable_dns_sites = false (default) and _srv_ is set, no plugin is specified and srv resolution won't work. Thus I will actually require you to implement the last paragraph before I give it a go :-)
Otherwise LGTM.
OK, see attached patch.
Ack.
On Wed, Aug 28, 2013 at 03:48:25PM +0200, Pavel Březina wrote:
On 08/28/2013 12:31 PM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 03:10:51PM +0200, Pavel Březina wrote:
On 08/27/2013 02:57 PM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote:
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
Ugh, sorry, I thought I tested the patch..apparently I was wrong.
Maybe we can abuse the fact that IPA installer only ever puts the local replica hostname to the ipa_server parameter and not use any resolve plugin in the server mode?
See attached patch. I'm wondering whether to extend it with a warning for cases where some admin overriden the ipa_server directive.
Or even better, read the ipa_server list, if there is no _srv_ keyword, proceed as the attached patch, if there is a _srv_ keyword, then don't enable the AD sites? (This I think would be mostly sanity checking, I don't think anyone would run such a setup)
This solution sounds good.
At the moment if sssd is in ipa server mode, ipa_enable_dns_sites = false (default) and _srv_ is set, no plugin is specified and srv resolution won't work. Thus I will actually require you to implement the last paragraph before I give it a go :-)
Otherwise LGTM.
OK, see attached patch.
Ack.
Pushed to master.
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Pavel Březina