[Pkg-freeipa-devel] Bug#768122: Bug#768122: freeipa-server: Bind fails to start during ipa-server-install because of wrong configuration template

Timo Aaltonen tjaalton at debian.org
Wed Nov 5 11:43:55 UTC 2014 

On 05.11.2014 08:01, Michal Kaspar wrote:
> Package: freeipa-server Version: 4.0.4-2 Severity: normal
> 
> Dear Maintainer, Bind configuration template 
> (/usr/share/ipa/bind.named.conf.template) fits Fedora conventions of 
> config and other files placement, which leads to inability to start 
> bind9 service during ipa-server-install which in turn leads to 
> failure of the server configuration.

Indeed, though it doesn't fail the server install phase here, which is
why I didn't catch this earlier..

> There are 3 main problems in the template:
> 
> 1) It presumes bind's zone and other data files are placed in 
> /var/named. It doesn't exist on my Debian system and these files are 
> placed in /var/cache/bind. The quick and easy fix is to change 
> directory directive in template to /var/cache/bind and create bind 
> owned /var/cache/bind/data directory.

Yep, fixing all paths.. upstream has changed this in git master so that
the paths can be changed in the platform code, which is good

> 2) Template replaces existing /etc/bind/named.conf.local. But my 
> Debian has options section of bind configuration placed in 
> /etc/bind/named.conf.options (IMHO default). It causes 2 options 
> sections in the configuration and bind refuses to start because of 
> incorrect config. Comment out options in /etc/bind/named.conf.options
> is enough to make it continue.
> 
> 3) Template includes file /etc/named.rfc1912.zones, where some 
> default zones are placed on Fedora. In Debian, I think those zones 
> are being set via /etc/bind/named.conf.default-zones. The nicest 
> thing would be to break template into files corresponding to Debian 
> configuration and make ipa-server-install apply those, but maybe 
> replacing /etc/bind/named.conf instead of /etc/named.conf.local
> would be enough (with some template tweaks).

I'll just replace named.conf.

> Thank you for packaging freeipa though, because it's quite nice piece
> of software missing in Debian ecosystem in my opinion.

Thanks, nice to know at least someone else is using it (or trying to) :)



-- 
t

More information about the Pkg-freeipa-devel mailing list