On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote: > On Mon, 31 Jan 2011 22:44:43 +0100 > Jakub Hrozek <jhro...@redhat.com> wrote: > > > https://fedorahosted.org/freeipa/ticket/881 > > > > We've run into a chicken-and-egg problem during installation. If the > > hostname of the IPA server is not resolvable with DNS during > > installation, we'd add it as a NS server for a zone in both the SOA > > entry and a NS record -- but no records from the new zone are > > resolvable until Bind is restarted, including the new A/AAAA records > > for the nameserver. > > > > I tried restarting the named service during Bind instance creation but > > that didn't help..not exactly sure why. Anyway, attached is a patch > > that forces the NS record creation. > > > > Please note that the --force flag is available via XML-RPC only, it is > > completely hidden from the user otherwise. > > Minor issue but requires NACK. > > You changed the add_zone() signature to always require some parameters, > but did not update it in ipa-replica-prepare > > Simo.
Good catch, thank you! Attached is a new patch. I also found out that I don't have to require all the parameters as some (such as admin email) have nice defaults in the DNS plugin.
>From c08b08c006c51b8d6da5e1deba72544741c21dbf Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Mon, 31 Jan 2011 18:05:07 +0100 Subject: [PATCH] Add an address for a nameserver when a new zone is created during install https://fedorahosted.org/freeipa/ticket/881 --- API.txt | 5 +++-- install/tools/ipa-replica-prepare | 6 +++--- ipalib/plugins/dns.py | 11 ++++++++++- ipaserver/install/bindinstance.py | 20 ++++++++++++-------- 4 files changed, 28 insertions(+), 14 deletions(-) diff --git a/API.txt b/API.txt index f936c4f..e08a35f 100644 --- a/API.txt +++ b/API.txt @@ -486,13 +486,14 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly output: Output('result', <type 'bool'>, 'True means the operation was successful') output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user") command: dnsrecord_add -args: 2,45,3 +args: 2,46,3 arg: Str('dnszoneidnsname', cli_name='dnszone', label=Gettext('Zone name', domain='ipa', localedir=None), query=True, required=True) arg: Str('idnsname', attribute=True, cli_name='name', label=Gettext('Record name', domain='ipa', localedir=None), multivalue=False, primary_key=True, required=True) option: Int('dnsttl', attribute=True, cli_name='ttl', label=Gettext('Time to live', domain='ipa', localedir=None), multivalue=False, required=False) option: StrEnum('dnsclass', attribute=True, cli_name='class', label=Gettext('Class', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'IN', u'CS', u'CH', u'HS')) option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui') option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui') +option: Flag('force', autofill=True, default=False, flags=['no_option', 'no_output']) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output']) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output']) option: Str('version?', exclude='webui', flags=['no_option', 'no_output']) @@ -723,7 +724,7 @@ option: Str('idnsupdatepolicy', attribute=True, cli_name='update_policy', label= option: Flag('idnsallowdynupdate', attribute=True, autofill=True, cli_name='allow_dynupdate', default=False, label=Gettext('Dynamic update', domain='ipa', localedir=None), multivalue=False, required=True) option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui') option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui') -option: Flag('force', autofill=True, default=False,lag('force', autofill=True, default=False, doc=Gettext('force DNS zone even if name server not in DNS', domain='ipa', localedir=None)) +option: Flag('force', autofill=True, default=False,lag('force', autofill=True, default=False, doc=Gettext('force DNS zone creation even if name server not in DNS', domain='ipa', localedir=None)) option: Str('ip_address?', _validate_ipaddr,tr('ip_address?', _validate_ipaddr, doc=Gettext('Add the nameserver to DNS with this IP address', domain='ipa', localedir=None)) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output']) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output']) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 38d31aa..aaa1f2d 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -28,7 +28,7 @@ from optparse import OptionParser from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr +from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr from ipaserver.install.replication import check_replication_plugin from ipaserver.plugins.ldap2 import ldap2 from ipapython import version @@ -417,9 +417,9 @@ def main(): name = domain.pop(0) domain = ".".join(domain) - zone = add_zone(domain) + zone = add_zone(domain, nsaddr=options.ip_address) add_rr(zone, name, "A", options.ip_address) - add_reverze_zone(options.ip_address) + add_reverse_zone(options.ip_address) add_ptr_rr(options.ip_address, replica_fqdn) try: diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index f770af3..ed117e2 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -286,7 +286,7 @@ class dnszone_add(LDAPCreate): """ takes_options = LDAPCreate.takes_options + ( Flag('force', - doc=_('force DNS zone even if name server not in DNS'), + doc=_('force DNS zone creation even if name server not in DNS'), ), Str('ip_address?', _validate_ipaddr, doc=_('Add the nameserver to DNS with this IP address'), @@ -577,6 +577,12 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options): Add new DNS resource record. """ no_option_msg = 'No options to add a specific record provided.' + takes_options = LDAPCreate.takes_options + ( + Flag('force', + flags=['no_option', 'no_output'], + doc=_('force NS record creation even if its hostname is not in DNS'), + ), + ) def get_options(self): for option in super(dnsrecord_add, self).get_options(): @@ -589,6 +595,9 @@ class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options): return super(dnsrecord_add, self).args_options_2_entry(*keys, **options) def _nsrecord_pre_callback(self, ldap, dn, entry_attrs, *keys, **options): + if options.get('force', False): + return dn + for ns in options['nsrecord']: is_ns_rec_resolvable(ns) return dn diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 2424e7c..a2989e1 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -116,7 +116,7 @@ def dns_zone_exists(name): else: return True -def add_zone(name, update_policy=None, zonemgr=None, dns_backup=None): +def add_zone(name, zonemgr=None, dns_backup=None, nsaddr=None, update_policy=None): if not update_policy: update_policy = "grant %s krb5-self * A;" % api.env.realm @@ -124,16 +124,16 @@ def add_zone(name, update_policy=None, zonemgr=None, dns_backup=None): api.Command.dnszone_add(unicode(name), idnssoamname=unicode(api.env.host+"."), idnssoarname=unicode(zonemgr), + ip_address=unicode(nsaddr), idnsallowdynupdate=True, idnsupdatepolicy=unicode(update_policy)) except (errors.DuplicateEntry, errors.EmptyModlist): pass - add_rr(name, "@", "NS", api.env.host+".", dns_backup) - + add_rr(name, "@", "NS", api.env.host+'.', dns_backup, force=True) return name -def add_reverze_zone(ip_address, update_policy=None, dns_backup=None): +def add_reverse_zone(ip_address, update_policy=None, dns_backup=None): zone, name = get_reverse_zone(ip_address) if not update_policy: update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone) @@ -141,16 +141,18 @@ def add_reverze_zone(ip_address, update_policy=None, dns_backup=None): api.Command.dnszone_add(unicode(zone), idnssoamname=unicode(api.env.host+"."), idnsallowdynupdate=True, + ip_address=unicode(ip_address), idnsupdatepolicy=unicode(update_policy)) except (errors.DuplicateEntry, errors.EmptyModlist): pass - add_rr(zone, "@", "NS", api.env.host+".", dns_backup) + add_rr(zone, "@", "NS", api.env.host+".", dns_backup, force=True) return zone -def add_rr(zone, name, type, rdata, dns_backup=None): +def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs): addkw = { '%srecord' % unicode(type.lower()) : unicode(rdata) } + addkw.update(kwargs) try: api.Command.dnsrecord_add(unicode(zone), unicode(name), **addkw) except (errors.DuplicateEntry, errors.EmptyModlist): @@ -348,7 +350,9 @@ class BindInstance(service.Service): self._ldap_mod("dns.ldif", self.sub_dict) def __setup_zone(self): - zone = add_zone(self.domain, zonemgr=self.zonemgr, dns_backup=self.dns_backup) + zone = add_zone(self.domain, self.zonemgr, + self.dns_backup, self.ip_address) + def __add_self(self): zone = self.domain @@ -376,7 +380,7 @@ class BindInstance(service.Service): add_ptr_rr(self.ip_address, self.fqdn) def __setup_reverse_zone(self): - add_reverze_zone(self.ip_address, dns_backup=self.dns_backup) + add_reverse_zone(self.ip_address, dns_backup=self.dns_backup) def __setup_principal(self): dns_principal = "DNS/" + self.fqdn + "@" + self.realm -- 1.7.3.5
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel