Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.

Mon, 12 Jan 2015 09:36:13 -0800 

On 09/01/15 14:43, David Kupka wrote:

On 01/07/2015 04:15 PM, Martin Basti wrote:

On 07/01/15 12:27, David Kupka wrote:

https://fedorahosted.org/freeipa/ticket/4249


Thank you for patch:

1)
-        root_logger.error("Cannot update DNS records! "
-                          "Failed to connect to server '%s'.", server)
+        ips = get_local_ipaddresses()
+    except CalledProcessError as e:
+        root_logger.error("Cannot update DNS records. %s" % e)

IMO the error message should be more specific,  add there something like
"Unable to get local IP addresses". at least in log.debug()

2)
+    lines = ipresult[0].replace('\\', '').split('\n')

.replace() is not needed

3)
+    if len(ips) == 0:

if not ips:

is more pythonic by PEP8



Thanks for catching these. Updated patch attached.


merciful NACK


Thank you for the patch, unfortunately I hit one issue which needs to be 
resolved.



If "sync PTR" is activated in zone settings, and reverse zone doesn't 
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print 
Error message, 'DNS update failed'. In fact, all A/AAAA records was 
succesfully updated, only PTR records failed.


Bind log:

named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at 
'vm-101.example.com' AAAA



named-pkcs11[28652]: PTR record synchronization (addition) for A/AAAA 
'vm-101.example.com.' refused: unable to find active reverse zone for IP 
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found



With IPv6 we have several addresses from different reverse zones and 
this situation may happen often.

I suggest following:

1) Print list of addresses which will be updated. (Now if update fails, 
user needs to read log, which addresses installer tried to update)

2) Split nsupdates per A/AAAA record.

3a) If failed, check with DNS query if A/AAAA and PTR record are there 
and print proper error message
3b) Just print A/AAAA (or PTR) record may not be updated for particular 
IP address.


Any other suggestions are welcome.

--
Martin Basti

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel






















					Reply via email to