mirror of
https://pagure.io/fedora-qa/os-autoinst-distri-fedora.git
synced 2024-12-22 10:23:09 +00:00
Disable dnssec on FreeIPA server for upgrades (#1999321)
To work around #1999321, we'll disable dnssec validation on the FreeIPA server when doing an upgrade to Fedora 35 or later. This sucks but I can't find a better option. Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
parent
60bfdd53b9
commit
2ec41b1f43
@ -14,14 +14,9 @@ sub run {
|
||||
# test (in which case we're on the 'old' release at this point;
|
||||
# one of the upgrade test modules does repo_setup later)
|
||||
repo_setup() unless get_var("UPGRADE");
|
||||
# use --enablerepo=fedora for Modular compose testing (we need to
|
||||
# create and use a non-Modular repo to get some packages which
|
||||
# aren't in Modular Server composes)
|
||||
my $extraparams = '';
|
||||
$extraparams = '--enablerepo=fedora' if (get_var("MODULAR"));
|
||||
# we need a lot of entropy for this, and we don't care how good
|
||||
# it is, so let's use haveged
|
||||
assert_script_run "dnf ${extraparams} -y install haveged", 300;
|
||||
assert_script_run "dnf -y install haveged", 300;
|
||||
assert_script_run 'systemctl start haveged.service';
|
||||
# per ab, this should get us extra debug logging from the web UI
|
||||
# in error_log
|
||||
@ -39,6 +34,10 @@ sub run {
|
||||
assert_script_run "systemctl restart firewalld.service";
|
||||
# deploy the server
|
||||
my $args = "-U --auto-forwarders --realm=TEST.OPENQA.FEDORAPROJECT.ORG --domain=test.openqa.fedoraproject.org --ds-password=monkeys123 --admin-password=monkeys123 --setup-dns --reverse-zone=2.16.172.in-addr.arpa --allow-zone-overlap";
|
||||
# FIXME: this is a workaround for #1999321 - we just have to turn
|
||||
# off dnssec on the server end to avoid hitting it
|
||||
my $relnum = get_release_number;
|
||||
$args .= ' --no-dnssec-validation' if (get_var("UPGRADE") && $relnum > 34);
|
||||
assert_script_run "ipa-server-install $args", 1200;
|
||||
# enable and start the systemd service
|
||||
assert_script_run "systemctl enable ipa.service";
|
||||
|
Loading…
Reference in New Issue
Block a user