On 20.05.2016 12:19, Petr Spacek wrote:
On 11.5.2016 12:08, Martin Basti wrote:
On 03.05.2016 14:59, Petr Spacek wrote:
Hello,
DNS upgrade: change forwarding policy to "only" if private IPs are used.
https://fedorahosted.org/freeipa/ticket/5710
This is the upgrade part. I will add one more patch to print a warning in
dnsforwardzone* commands to avoid surprises. Please do not close the ticket
yet.
1)
Upgrade failed with 'BindInstance' object has no attribute
'named_conf_get_directive'
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
('IPA upgrade failed.', 1)
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more
information
2016-05-11T08:26:20Z ERROR Upgrade failed with 'BindInstance' object has no
attribute 'named_conf_get_directive'
2016-05-11T08:26:20Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line
213, in __upgrade
self.modified = (ld.update(self.files) or self.modified)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 917, in update
self._run_updates(all_updates)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 889, in _run_updates
self._run_update_plugin(update['plugin'])
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 862, in _run_update_plugin
restart_ds, updates = self.api.Updater[plugin_name]()
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
1418, in
__call__
return self.execute(**options)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py",
line 547, in execute
self.update_global_named_conf_forwarder(bind)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py",
line 508, in update_global_named_conf_forwarder
if bind.named_conf_get_directive(
AttributeError: 'BindInstance' object has no attribute
'named_conf_get_directive'
2016-05-11T08:26:20Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line
447, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line
437, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line
221, in __upgrade
raise RuntimeError(e)
RuntimeError: 'BindInstance' object has no attribute
'named_conf_get_directive'
PATCH * Add ipaDNSVersion option to dnsconfig* commands and use new
attribute *
2)
+ Int('ipadnsversion?',
+ label=_('IPA DNS version'),
+ ),
Shouldn't be this part of System: Read DNS Configuration permission?
3)
- def postprocess_result(self, result):
+ def postprocess_result(self, result, show_version):
if not any(param in result['result'] for param in self.params):
result['summary'] = unicode(_('Global DNS configuration is
empty'))
show_version param was added but I don't see it used in this patch.
4)
+ Int('ipadnsversion?',
+ label=_('IPA DNS version'),
+ ),
Could we add comment here that this option is accessible only from
installers
and upgrade?
5)
+ for config_option in container_entry.get("ipaConfigString", []):
+ matched = re.match("^DNSVersion\s+(?P<version>\d+)$",
+ config_option, flags=re.I)
+ if matched:
+ version = int(matched.group("version"))
Shouldn't we print error if version cannot be parsed?
PATCH * DNS upgrade: separate backup logic to make it reusable *
LGTM
PATCH * Add function ipapython.dnsutil.related_to_auto_empty_zone() *
7)
I'm curious why do you need to check superdomains?
PATCH * DNS upgrade: change forwarding policy to = only for conflicting
forward zones*
8)
+ self.log.debug('Zone %s was sucessfully modified to use '
+ 'forward policy "only"', zone['idnsname'][0])
<---missing empty line---->
+ def execute(self, **options):
PATCH * DNS upgrade: change global forwarding policy in LDAP to "only" if
private IPs are used *
9)
- dnsutil.related_to_auto_empty_zone(zone.get('idnsname')[0])
+ dnsutil.related_to_auto_empty_zone(
+ dnsutil.DNSName(zone.get('idnsname')[0]))
Should be in previous commit
10)
- return
+ return False, []
This should be fixed in the previous commit
PATCH * DNS upgrade: change global forwarding policy in named.conf to "only"
if private IPs are used *
11)
IMO this is an upgrade of configuration and this should be in
ipaserver/install/server/upgrade.py, upgrade plugins are used only for
updating of LDAP values
Unless you really want to use this as precedence, but then it requires
broader
discussion.
12)
bind.named_conf_get_directive
should be
bindinstance.named_conf_get_directive
see 1)
This new patchset completely obsoletes the old one. I had to reshuffle few
things to to make the split between server config & LDAP upgrade possible.
Hopefully I addressed all your comment.
commits
* Move IP address resolution from ipaserver.install.installutils to
ipapython.dnsutil * and * Turn verify_host_resolvable() into a wrapper around
ipapython.dnsutil *
cause regression in case that dns.python resolver returns NoNameservers
exception, it is handled as 'Internal server error'
In original code every exception was caught and transformed to
DNSNotARecordError.
So we have following options:
* keep the old behavior in 'resolve_rrsets' and catch all exceptions there
* or catch all DNS errors in 'verify_host_resolvable' and raise it as new
PublicError (DNSGenericError (doesn't exist) for example)
E InternalError: an internal error has occurred
../ipalib/rpc.py:1100: InternalError
test_forwardzone_delegation_warnings.test_command[0017: dnsrecord_mod:
Delete
(using dnsrecord-mod) NS record which delegates zone
u'fw.sub2.sub.dnszone.test.' from zone u'dnszone.test' (expected warning for
u'fw.sub2.sub.dnszone.test.')]
[Wed May 25 12:17:00.172143 2016] [wsgi:error] [pid 62789] Traceback (most
recent call last):
[Wed May 25 12:17:00.172152 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 350, in
wsgi_execute
[Wed May 25 12:17:00.172158 2016] [wsgi:error] [pid 62789] result =
self.Command[name](*args, **options)
[Wed May 25 12:17:00.172164 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 434, in __call__
[Wed May 25 12:17:00.172168 2016] [wsgi:error] [pid 62789] return
self.__do_call(*args, **options)
[Wed May 25 12:17:00.172173 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 460, in __do_call
[Wed May 25 12:17:00.172178 2016] [wsgi:error] [pid 62789] ret =
self.run(*args, **options)
[Wed May 25 12:17:00.172183 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 777, in run
[Wed May 25 12:17:00.172189 2016] [wsgi:error] [pid 62789] return
self.execute(*args, **options)
[Wed May 25 12:17:00.172194 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 3774, in
execute
[Wed May 25 12:17:00.172199 2016] [wsgi:error] [pid 62789] result =
super(dnsrecord_add, self).execute(*keys, **options)
[Wed May 25 12:17:00.172204 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line 1230, in
execute
[Wed May 25 12:17:00.172209 2016] [wsgi:error] [pid 62789] *keys, **options)
[Wed May 25 12:17:00.172213 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 3719, in
pre_callback
[Wed May 25 12:17:00.172229 2016] [wsgi:error] [pid 62789]
self.obj.run_precallback_validators(dn, entry_attrs, *keys, **options)
[Wed May 25 12:17:00.172237 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 3135, in
run_precallback_validators
[Wed May 25 12:17:00.172242 2016] [wsgi:error] [pid 62789] rtype_cb(ldap, dn,
entry_attrs, *keys, **options)
[Wed May 25 12:17:00.172247 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 3057, in
_nsrecord_pre_callback
[Wed May 25 12:17:00.172252 2016] [wsgi:error] [pid 62789]
check_ns_rec_resolvable(keys[0], DNSName(nsrecord), self.log)
[Wed May 25 12:17:00.172256 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 1577, in
check_ns_rec_resolvable
[Wed May 25 12:17:00.172261 2016] [wsgi:error] [pid 62789]
verify_host_resolvable(name)
[Wed May 25 12:17:00.172265 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipalib/util.py", line 70, in
verify_host_resolvable
[Wed May 25 12:17:00.172270 2016] [wsgi:error] [pid 62789] if not
resolve_ip_addresses(fqdn):
[Wed May 25 12:17:00.172274 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 328, in
resolve_ip_addresses
[Wed May 25 12:17:00.172278 2016] [wsgi:error] [pid 62789] rrsets =
resolve_rrsets(fqdn, ['A', 'AAAA'])
[Wed May 25 12:17:00.172282 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/ipapython/dnsutil.py", line 305, in
resolve_rrsets
[Wed May 25 12:17:00.172287 2016] [wsgi:error] [pid 62789] answer =
dns.resolver.query(fqdn, rdtype)
[Wed May 25 12:17:00.172292 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/dns/resolver.py", line 1029, in query
[Wed May 25 12:17:00.172296 2016] [wsgi:error] [pid 62789] raise_on_no_answer,
source_port)
[Wed May 25 12:17:00.172301 2016] [wsgi:error] [pid 62789] File
"/usr/lib/python2.7/site-packages/dns/resolver.py", line 856, in query
[Wed May 25 12:17:00.172328 2016] [wsgi:error] [pid 62789] raise
NoNameservers(request=request, errors=errors)
