New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sort SRV records by priority #689
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor style nitpicks
ipaclient/install/ipadiscovery.py
Outdated
| from dns.exception import DNSException | ||
| from dns import resolver, rdatatype |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please leave the order of imports.
ipaclient/install/ipadiscovery.py
Outdated
| from ipalib import errors | ||
| from ipapython import ipaldap | ||
| from ipaplatform.paths import paths | ||
| from ipapython.ipautil import valid_ip, realm_to_suffix | ||
| from ipapython.dn import DN | ||
| from operator import attrgetter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use import operator and move the import before import socket. The operator module is a stdlib module and belongs in the top section.
|
@alex-zel Please merge your commits into one, thanks. |
|
Sorry I think I messed up trying to squash the commits |
should help |
In some cases where multiple SRV records are present, LDAP and Kerberos records were returned in different order, causing replication issues in a multi master enviorment. Update ipadiscovery.py
|
I squashed your commits, please check |
|
Thanks, sorry I didn't get to it. |
|
master:
|
In some cases where multiple SRV records are present, LDAP and Kerberos records were returned in different order, causing replication issues in a multi master enviorment.
Replication:
DNS configuration (using PfSense):
Client installation:
Host record is added beforehand from web UI on server01.example.com ONLY.
/usr/sbin/ipa-client-install --force-join --principal=bind_user --password=bind_pass --hostname=hostname -f--unattended/var/log/ipaclient-install.log:
Notice the records are not in the same order, ipa-client-install did not return any error and the client machine could see user, groups, netgroups, but users could not authenticate.
Looking at the web UI, server01.example.com shows the client is not enrolled and no kerberos key is present, but server02.example.com shows the client is enrolled and has a key.
In cases were either server01 or server02 were returned first in IPA Discovery the installation and replication went fine.