Alexander Bokovoy
Alexander Bokovoy
If I specify `ipa-server-install --dns-over-tls --dns-policy=relaxed` but didn't specify `--dot-forwarder`, I later get ``` File "/usr/lib/python3.13/site-packages/ipaserver/install/server/install.py", line 1020, in install dns.install(False, False, options) ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.13/site-packages/ipaserver/install/dns.py", line 459, in install...
I think this could be addressed by skipping forwarders if they aren't specified. This is needed for hermetic setups where IPA DNS server is the root of DNS in the...
I re-tested my use case with intentionally not specified DoT forwarder and got IPA server properly deployed. It didn't resolve anything outside because unbound returned SERVFAIL as there was no...
Frankly speaking, I don't like to add a half-baked solution. A proper support for multi-host setup (including reverse proxying) would need to take into account more than just a referrer...
This is actually can be seen in the CI tests: ``` [Thu May 16 18:23:27.406873 2024] [wsgi:error] [pid 7089:tid 7403] [remote 2001:db8:1:1::2:60302] ipa: ERROR: WSGI jsonserver_kerb.__call__(): [Thu May 16 18:23:27.406901...
When you get `self.api.env.allowed_referers`, it might be None, so you should check for it: ``` [Wed Jul 17 15:25:13.966142 2024] [wsgi:error] [pid 7080:tid 7401] [remote 2001:db8:1:1::2:39558] ipa: ERROR: WSGI jsonserver_kerb.__call__():...
Tox failure: ``` 2024-07-30T10:14:31.5175563Z # Test using DEFAULT_CONFIG: 2024-07-30T10:14:31.5208115Z defaults = dict(constants.DEFAULT_CONFIG) 2024-07-30T10:14:31.5208636Z (o, home) = self.finalize_core(None, **defaults) 2024-07-30T10:14:31.5209097Z list_o = [key for key in o if key != 'fips_mode']...
Thanks. Yes, making an enable option is preferred. We can default to enable but you can disable in your cross-compilation build.
Yes, this looks good. I launched full CI run.
I think it is a side-effect of how automake works with `nodist_var_DATA`. If you want to avoid installing even a directory, then the whole ``` selinuxpolicydir = $(datarootdir)/selinux/packages/$(SELINUXTYPE) nodist_selinuxpolicy_DATA =...