On Tue, 2012-03-13 at 10:54 +0100, Petr Spacek wrote:
> On 03/12/2012 07:10 PM, Rob Crittenden wrote:
> > Martin Kosek wrote:
> >> On Thu, 2012-03-01 at 13:19 +0100, Martin Kosek wrote:
> >>> These 2 patches changes the DNS API to support the last missing bits in
> >>> new bind-dyndb-ldap:
> >>>
> >>> 1) Both global and per-zone forwarders now support a conditional custom
> >>> port (with format "IP_ADDRESS PORT")
> >>> 2) Missing global configuration options have been added:
> >>> * idnsforwardpolicy: Default policy for conditional forwarding
> >>> * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
> >>> updates
> >>> * idnszonerefresh: Default interval between regular polls of the
> >>> name server for new DNS zones
> >>>
> >>> Before these patches are pushed, I will just have to update the minimal
> >>> bind-dyndb-ldap version (it has not been built yet) which have a full
> >>> support for these.
> >>>
> >>> Martin
> >>
> >> New version of bind-dyndb-ldap has been released, attaching a rebased
> >> patch with fixed bind-dyndb-ldap version in spec file.
> >>
> >> I also fixed the forwarder format, it should be "$IP port $PORT", not
> >> "$IP $PORT" as it was in a previous version of the patch. I tested this
> >> new format with bind-dyndb-ldap it forwards the queries properly.
> >>
> >> Unfortunately, fixed version of bind have not been released yet, i.e.
> >> bind will crash if forwarders are defined both in named.conf and LDAP
> >> global configuration (dnsconfig-mod).
> >>
> >> Martin
> >
> > The patch itself looks ok, just a couple of general concerns:
> >
> > 1. By default dnsconfig-show displays nothing. This is a little
> > disconcerting. I don't believe we show empty attributes anywhere else,
> > not sure if we should make an exception here or show some other message,
> > perhaps a varying summary?
> >
> > 2. I don't think there is a lot we can do but this still conflicts with
> > the file-based configuration. For example, someone can add a forwarder
> > and caused named to not restart the next time because there is also one
> > defined in named.conf. I'd almost prefer that one win rather than the
> > daemon not start at all. But for our purposes people may get confused
> > because they don't see the forwarders they configured at install time
> > and merely managing this list can break your name server at some
> > undetermined future point.
> >
> > rob
> 
> This problem is in BZ https://bugzilla.redhat.com/show_bug.cgi?id=795414 .
> 
> Patch for this is ON_QA in RHEL6 and will be pushed to Fedora at some 
> point this week. (This Adam said yesterday on IRC.)
> 
> Current solution prefers value from LDAP before local configuration.
> 
> Petr^2 Spacek
> 

The fix for this BZ has been backported to Fedora 16 and released to
updates-testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-4091/bind-9.8.2-0.4.rc2.fc16

Attaching a patch which properly forbids conflicts with older versions
of bind. The new bind should no longer crash when a configuration
options like forwarders is defined both in LDAP and named.conf.

Martin
>From 60be622a83d62be05776a715397c99ece17a3944 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Wed, 7 Mar 2012 15:53:38 +0100
Subject: [PATCH 1/2] Allow port numbers for idnsForwarders

Let user enter custom ports for zone conditional forwarders or
global forwarders in dnsconfig. Ports can be specified in
a standard BIND format: IP_ADDRESS [port PORT]

https://fedorahosted.org/freeipa/ticket/2462
---
 freeipa.spec.in       |    7 +++++--
 ipalib/plugins/dns.py |   28 ++++++++++++++++++++++++----
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index e5089cad87a9ab12956bb758d0ff7f1b658c395d..f5612869f0464e077a8b7787e8de10d36fd203d4 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -159,8 +159,8 @@ Requires(postun): python initscripts chkconfig
 # We have a soft-requires on bind. It is an optional part of
 # IPA but if it is configured we need a way to require versions
 # that work for us.
-Conflicts: bind-dyndb-ldap < 1.1.0-0.8.a2
-Conflicts: bind < 9.8.1-1
+Conflicts: bind-dyndb-ldap < 1.1.0-0.9.b1
+Conflicts: bind < 9.8.2-0.4.rc2
 
 # mod_proxy provides a single API to communicate over SSL. If mod_ssl
 # is even loaded into Apache then it grabs this interface.
@@ -678,6 +678,9 @@ fi
 
 %changelog
 
+* Wed Mar 19 2012 Martin Kosek <mko...@redhat.com> - 2.2.0-16
+- Set min for bind-dyndb-ldap and bind to pick up new features and bug fixes
+
 * Thu Mar 1 2012 Jan Cholasta <jchol...@redhat.com> - 2.2.0-15
 - Set min nvr of sssd to 1.8.0 for SSH support
 - Add BuildRequires on sssd >= 1.8.0
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index a10960a2c20b8915b199ed82462a844ce8f5915c..251db476ed3029759ffd2238ad33fc7320de4ef2 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -348,6 +348,24 @@ def _dns_record_name_validator(ugettext, value):
     except ValueError, e:
         return unicode(e)
 
+def _validate_bind_forwarder(ugettext, forwarder):
+    ip_address, sep, port = forwarder.partition(u' port ')
+
+    ip_address_validation = _validate_ipaddr(ugettext, ip_address)
+
+    if ip_address_validation is not None:
+        return ip_address_validation
+
+    if sep:
+        try:
+            port = int(port)
+            if port < 0 or port > 65535:
+                raise ValueError()
+        except ValueError:
+            return _('%(port)s is not a valid port' % dict(port=port))
+
+    return None
+
 def _domain_name_validator(ugettext, value):
     try:
         validate_domain_name(value)
@@ -1614,10 +1632,11 @@ class dnszone(LDAPObject):
             autofill=True,
         ),
         Str('idnsforwarders*',
-            _validate_ipaddr,
+            _validate_bind_forwarder,
             cli_name='forwarder',
             label=_('Zone forwarders'),
-            doc=_('A list of zone forwarders'),
+            doc=_('A list of global forwarders. A custom port can be specified ' \
+                  'for each forwarder using a standard format "IP_ADDRESS port PORT"'),
             csv=True,
         ),
         StrEnum('idnsforwardpolicy?',
@@ -2628,10 +2647,11 @@ class dnsconfig(LDAPObject):
 
     takes_params = (
         Str('idnsforwarders*',
-            _validate_ipaddr,
+            _validate_bind_forwarder,
             cli_name='forwarder',
             label=_('Global forwarders'),
-            doc=_('A list of global forwarders'),
+            doc=_('A list of global forwarders. A custom port can be specified ' \
+                  'for each forwarder using a standard format "IP_ADDRESS port PORT"'),
             csv=True,
         ),
     )
-- 
1.7.7.6

>From cae5c281cfdefb85c35a53dc741871134e060f2b Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Wed, 7 Mar 2012 15:54:38 +0100
Subject: [PATCH 2/2] Add missing global options in dnsconfig

Add a support for new global options in bind-dyndb-ldap, that is:
 * idnsforwardpolicy: Default policy for conditional forwarding
 * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
   updates
 * idnszonerefresh: Default interval between regular polls of the
   name server for new DNS zones

https://fedorahosted.org/freeipa/ticket/2439
---
 API.txt                              |    5 ++++-
 VERSION                              |    2 +-
 ipalib/plugins/dns.py                |   21 ++++++++++++++++++++-
 tests/test_xmlrpc/test_dns_plugin.py |    6 +++++-
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/API.txt b/API.txt
index f21dce7a81079a5f214ecb6a8e451eca4237af2e..363ba5a5edeb177e95cb2633b29689333f76a6be 100644
--- a/API.txt
+++ b/API.txt
@@ -611,8 +611,11 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'bool'>, None)
 output: Output('value', <type 'unicode'>, None)
 command: dnsconfig_mod
-args: 0,8,3
+args: 0,11,3
 option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
+option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
+option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
+option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Str('delattr*', cli_name='delattr', exclude='webui')
diff --git a/VERSION b/VERSION
index b0d1ec26622a3d585ecc508895f86597eab05a11..9095067296d1fda253f5cac396e48b85b9be9b70 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=30
+IPA_API_VERSION_MINOR=31
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 251db476ed3029759ffd2238ad33fc7320de4ef2..a1d495449d9ac616447c4b280b3efe63b13af8b8 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2640,7 +2640,10 @@ class dnsconfig(LDAPObject):
     DNS global configuration object
     """
     object_name = _('DNS configuration options')
-    default_attributes = [ 'idnsforwarders', ]
+    default_attributes = [
+        'idnsforwardpolicy', 'idnsforwarders', 'idnsallowsyncptr',
+        'idnszonerefresh'
+    ]
 
     label = _('DNS Global Configuration')
     label_singular = _('DNS Global Configuration')
@@ -2654,6 +2657,22 @@ class dnsconfig(LDAPObject):
                   'for each forwarder using a standard format "IP_ADDRESS port PORT"'),
             csv=True,
         ),
+        StrEnum('idnsforwardpolicy?',
+            cli_name='forward_policy',
+            label=_('Forward policy'),
+            values=(u'only', u'first',),
+        ),
+        Bool('idnsallowsyncptr?',
+            cli_name='allow_sync_ptr',
+            label=_('Allow PTR sync'),
+            doc=_('Allow synchronization of forward (A, AAAA) and reverse (PTR) records'),
+        ),
+        Int('idnszonerefresh?',
+            cli_name='zone_refresh',
+            label=_('Zone refresh interval'),
+            doc=_('An interval between regular polls of the name server for new DNS zones'),
+            minvalue=0,
+        ),
     )
 
     def get_dn(self, *keys, **kwargs):
diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py
index e3958d23f5b656b9c7a4a87fb23d5fa1051daafc..e310d31947c71a7e1fc4215e2c069904c1588003 100644
--- a/tests/test_xmlrpc/test_dns_plugin.py
+++ b/tests/test_xmlrpc/test_dns_plugin.py
@@ -66,7 +66,11 @@ class test_dns(Declarative):
         ('dnsrecord_del', [dnszone1, dnsres1], {'del_all' : True}),
         ('dnszone_del', [dnszone2], {}),
         ('dnszone_del', [revdnszone1], {}),
-        ('dnsconfig_mod', [], {'idnsforwarders' : None,})
+        ('dnsconfig_mod', [], {'idnsforwarders' : None,
+                               'idnsforwardpolicy' : None,
+                               'idnsallowsyncptr' : None,
+                               'idnszonerefresh' : None,
+                               })
     ]
 
     tests = [
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to