On 17.06.2016 15:17, Petr Spacek wrote:
On 17.6.2016 12:25, Martin Basti wrote:
On 17.06.2016 08:46, Petr Spacek wrote:
On 16.6.2016 22:14, Martin Basti wrote:
On 16.06.2016 15:59, Petr Spacek wrote:
On 16.6.2016 13:57, Martin Basti wrote:
On 16.06.2016 12:09, Petr Spacek wrote:
On 15.6.2016 17:24, Petr Spacek wrote:
On 15.6.2016 15:45, Martin Basti wrote:
On 15.06.2016 14:52, Martin Basti wrote:
<snip>
Hydra patching: Updated patches attached + new patches for dnsserver-*
commands attached
Updated+rebased patches after Honza's interactive review
Minor nitpick fixed
freeipa-mbasti-0503.3-DNS-Locations-add-index-for-ipalocation-attribute.patch
ACK
freeipa-mbasti-0505.3-DNS-Locations-add-idnsTemplateObject-objectclass.patch
ACK
I will get to the rest later on.
Problems I found (could be solved in separate patches if you wish):
1. NACK
# ipa dns-update-system-records --dry-run
ipa: ERROR: an internal error has occurred
ValueError: dns_update_system_records.validate_output(): unexpected keys
['summary'] in { ...
Fixed
2. NACK
Command ipa dns-update-system-records does not work with DNS Administrators
privilege when some record is missing:
ipa: WARNING: Update of system record
'_kpasswd._tcp.dom-046.abc.idm.lab.eng.brq.redhat.com. 86400 IN SRV 0
100 464
vm-046.abc.idm.lab.eng.brq.redhat.com.' failed with error: Insufficient
access: Insufficient 'write' privilege to the 'objectClass' attribute of
entry
'idnsname=_kpasswd._tcp,idnsname=dom-046.abc.idm.lab.eng.brq.redhat.com.,cn=dns,dc=suffix'.
Fixed (I hope)
3. NACK
IPA server upgrade does not create idnsServerConfigObjects in cn=dns
In fact the upgrade does not even add the object class into schema.
Fixed
These needs to be fixed before we can proceed.
Updated patches attached
4. NACK
ipa-ca-install does not add A/AAAA records for the new CA.
This should work, code is on the right place. Maybe it is a race condition.
... 2 hours later ...
I found that this is broken since 4.3.0, I will fix it separately
https://fedorahosted.org/freeipa/ticket/5966
Anyway I found bug in replicainstall (fixed) because copy&paste everywhere
5. NACK
ipa-replica-manage del <replica> does not delete SRV records from the
remaining master
# ipa-replica-manage del vm-046.abc.idm.lab.eng.brq.redhat.com
WARNING: yacc table file version is out of date
Checking connectivity in topology suffix 'domain'
Checking connectivity in topology suffix 'ca'
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com entries: invalid
'idnsserverid': must be Unicode text
You may need to manually remove them from the tree
Checking for deleted segments in suffix 'domain'
Agreements deleted
Checking for deleted segments in suffix 'ca'
Agreements deleted
Failed to cleanup vm-046.abc.idm.lab.eng.brq.redhat.com DNS entries:
abc.idm.lab.eng.brq.redhat.com.: DNS zone not found
You may need to manually remove them from the tree
Fixed
Manual execution of ipa dns-update-system-records fixes that.
Besides NACKs above one more thing is missing:
Following config options are not migrated from named.conf to LDAP object:
https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/PerServerConfigInLDAP#Upgrade
This can go to a separate patch set if you wish (at the very end).
I will leave this for later, bind-dyndb-ldap will continue working with local
configuration as before, patches are of course welcome.
Updated patches attached, + hydra patching
6. NACK
# ipa server-show $(hostname)
Managed suffixes: domain, ca
Min domain level: 0
Max domain level: 1
Location: l1
Enabled server roles: CA server, DNS server, NTP server
Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
[root@vm-046 review]# ipa server-mod $(hostname) --location=l2
ipa: ERROR: no modifications to be performed
Updated patches attached
ACK up to patch 519.
7th NACK to the rest:
It fails while attempting to add non-DNS to a location:
# ipa server-show vm-046.abc.idm.lab.eng.brq.redhat.com
Managed suffixes: domain
Min domain level: 0
Max domain level: 1
Location: l1
Enabled server roles:
Server name: vm-046.abc.idm.lab.eng.brq.redhat.com
# ipa server-mod vm-046.abc.idm.lab.eng.brq.redhat.com --location l2
ipa: ERROR: vm-046.abc.idm.lab.eng.brq.redhat.com: DNS server not found
Updated patches attached + 2 extra hydra patches :)
From 35ff385662853d5e2655473e8f3d68a7764ab631 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Jun 2016 16:10:26 +0200
Subject: [PATCH 1/9] DNS Locations: set proper substitution variable
DNS Server (bind-dyndb-ldap) needs to have set
'idnsSubstitutionVariable;ipalocation' in ldap to the proper location
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/plugins/server.py | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index 344756f00f6a0d6de4a8035260660860ad9138a7..a39d26885a8f1033532f583ec8d3ae5eb1e4f187 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -232,6 +232,26 @@ class server_mod(LDAPUpdate):
assert isinstance(dn, DN)
self.obj.get_enabled_roles(entry_attrs)
+ if 'ipalocation_location' in options:
+ ipalocation = entry_attrs.get('ipalocation')
+ if ipalocation:
+ ipalocation = ipalocation[0]['idnsname']
+ else:
+ ipalocation = u''
+ try:
+ self.api.Command.dnsserver_mod(
+ keys[0],
+ setattr=[
+ u'idnsSubstitutionVariable;ipalocation={loc}'.format(
+ loc=ipalocation)
+ ]
+ )
+ except errors.EmptyModlist:
+ pass
+ except errors.NotFound:
+ # server is not DNS server
+ pass
+
if 'ipalocation' or 'ipalocationweight' in entry_attrs:
result = self.api.Command.dns_update_system_records()
if not result.get('value'):
--
2.5.5
From bd2f9dc66738d0f2eaaac1f2e901dd5a61bfe491 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Jun 2016 16:22:26 +0200
Subject: [PATCH 2/9] DNS Locations: require to restart named-pkcs11 affter
location change
Send a warning message that named-pkcs11 service must be restarted after
changes related to locations or server weight
https://fedorahosted.org/freeipa/ticket/2008
---
ipalib/messages.py | 9 +++++++++
ipaserver/plugins/server.py | 7 ++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ipalib/messages.py b/ipalib/messages.py
index cae9d7867830db7356da1b0ef3d967d3b790a453..0f1dc63f29f8a056c5aa08582730b2ee21f3a2dc 100644
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@@ -428,6 +428,15 @@ class AutomaticDNSRecordsUpdateFailed(PublicMessage):
)
+class ServiceRestartRequired(PublicMessage):
+ errno = 13025
+ type = "warning"
+ format = _(
+ "Service %(service)s requires restart on IPA server %(server)s to "
+ "apply configuration changes."
+ )
+
+
def iter_messages(variables, base):
"""Return a tuple with all subclasses
"""
diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index a39d26885a8f1033532f583ec8d3ae5eb1e4f187..956e7e5e66a1d69e7cc8e292a48a339d09ac9d3d 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -18,6 +18,7 @@ from .baseldap import (
from ipalib.request import context
from ipalib import _, ngettext
from ipalib import output
+from ipaplatform import services
from ipapython.dn import DN
from ipapython.dnsutil import DNSName
from ipaserver.servroles import ENABLED
@@ -252,7 +253,11 @@ class server_mod(LDAPUpdate):
# server is not DNS server
pass
- if 'ipalocation' or 'ipalocationweight' in entry_attrs:
+ if 'ipalocation_location' or 'ipalocationweight' in options:
+ self.add_message(messages.ServiceRestartRequired(
+ service=services.service('named').systemd_name,
+ server=keys[0], ))
+
result = self.api.Command.dns_update_system_records()
if not result.get('value'):
self.add_message(messages.AutomaticDNSRecordsUpdateFailed())
--
2.5.5
From ac3c9a24d34a0a643ce2217298c61361a6629e9d Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Jun 2016 16:52:08 +0200
Subject: [PATCH 3/9] DNS Locations: show warning if there is no DNS servers in
location
DNS servers must be in each location, otherwise DNS location without DNS
server assigned will not work.
https://fedorahosted.org/freeipa/ticket/2008
---
ipalib/messages.py | 9 +++++++++
ipaserver/plugins/location.py | 14 ++++++++++++++
ipaserver/plugins/server.py | 14 ++++++++++++++
3 files changed, 37 insertions(+)
diff --git a/ipalib/messages.py b/ipalib/messages.py
index 0f1dc63f29f8a056c5aa08582730b2ee21f3a2dc..910a93e33864b85559a35dae9faaff24503154a5 100644
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@@ -437,6 +437,15 @@ class ServiceRestartRequired(PublicMessage):
)
+class LocationWithoutDNSServer(PublicMessage):
+ errno = 13026
+ type = "warning"
+ format = _(
+ "No DNS servers in IPA location %(location)s. Without DNS servers "
+ "location is not working as expected."
+ )
+
+
def iter_messages(variables, base):
"""Return a tuple with all subclasses
"""
diff --git a/ipaserver/plugins/location.py b/ipaserver/plugins/location.py
index be7291bb27bfe90b100ace9600d377456dcda7af..073c1f95746b5cddfdadf71ce95378aade313ebf 100644
--- a/ipaserver/plugins/location.py
+++ b/ipaserver/plugins/location.py
@@ -14,6 +14,7 @@ from ipalib import (
Str,
DNSNameParam,
output,
+ messages
)
from ipalib.plugable import Registry
from ipaserver.plugins.baseldap import (
@@ -180,6 +181,7 @@ class location_show(LDAPRetrieve):
def execute(self, *keys, **options):
result = super(location_show, self).execute(*keys, **options)
+ dns_server_in_loc = False
servers_additional_info = {}
if not options.get('raw'):
servers_name = []
@@ -197,6 +199,13 @@ class location_show(LDAPRetrieve):
'ipalocationweight', [u'100']),
}
+ if not dns_server_in_loc:
+ show_result = self.api.Command.server_show(
+ server['cn'][0])['result']
+ if 'DNS server' in show_result.get(
+ 'enabled_role_servrole', ()):
+ dns_server_in_loc = True
+
for server in servers_additional_info.values():
server['location_relative_weight'] = [
u'{:.1f}%'.format(
@@ -206,4 +215,9 @@ class location_show(LDAPRetrieve):
result['result']['servers_server'] = servers_name
result['servers'] = servers_additional_info
+ if not dns_server_in_loc and servers_additional_info:
+ self.add_message(messages.LocationWithoutDNSServer(
+ location=keys[0]
+ ))
+
return result
diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index 956e7e5e66a1d69e7cc8e292a48a339d09ac9d3d..d338595a8b0babecad9d7de42f4211f4cc95a0ce 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -263,6 +263,20 @@ class server_mod(LDAPUpdate):
self.add_message(messages.AutomaticDNSRecordsUpdateFailed())
self.obj.convert_location(entry_attrs, **options)
+ ipalocation = entry_attrs.get('ipalocation_location', [None])[0]
+ if ipalocation:
+ servers_in_loc = self.api.Command.server_find(
+ in_location=ipalocation, no_members=False)['result']
+ dns_server_in_loc = False
+ for server in servers_in_loc:
+ if 'DNS server' in server.get('enabled_role_servrole', ()):
+ dns_server_in_loc = True
+ break
+ if not dns_server_in_loc:
+ self.add_message(messages.LocationWithoutDNSServer(
+ location=ipalocation
+ ))
+
return dn
--
2.5.5
From 205ea2a7356769be1bd23fc58f7c0e8025d4774f Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 13 May 2016 18:39:47 +0200
Subject: [PATCH 4/9] DNS Locations: prevent to remove used locations
User should be notified that location is used by IPA server(s) and
deletion should be aborted.
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/plugins/location.py | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/ipaserver/plugins/location.py b/ipaserver/plugins/location.py
index 073c1f95746b5cddfdadf71ce95378aade313ebf..6c65970061343f993e11282380b8e17a56f55226 100644
--- a/ipaserver/plugins/location.py
+++ b/ipaserver/plugins/location.py
@@ -16,6 +16,7 @@ from ipalib import (
output,
messages
)
+from ipalib.errors import DependentEntry
from ipalib.plugable import Registry
from ipaserver.plugins.baseldap import (
LDAPCreate,
@@ -140,11 +141,16 @@ class location_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
assert isinstance(dn, DN)
- servers = self.api.Command.server_find(
- in_location=keys[-1])['result']
- for server in servers:
- self.api.Command.server_mod(server['cn'][0],
- ipalocation_location=None)
+ if not options.get('force'):
+ servers = self.api.Command.server_find(
+ in_location=keys[-1])['result']
+ location_member = servers[0]['cn'][0] if servers else None
+ if location_member:
+ raise DependentEntry(
+ label=_('IPA Server'),
+ key=keys[-1],
+ dependent=location_member
+ )
return dn
--
2.5.5
From fb34983f3efcad417f84c8274a9ec674c5500436 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 16 Jun 2016 15:24:08 +0200
Subject: [PATCH 5/9] DNS Locations: do not generate location records for
unused locations
Location records for locations without assigned servers are useless and
we should not generate them.
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/dns_data_management.py | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py
index b5b9c1c182e9cee3e8c7b216ed6081c77e455404..d01e1137c0b7fc354e4766bd611b6346520140f6 100644
--- a/ipaserver/dns_data_management.py
+++ b/ipaserver/dns_data_management.py
@@ -59,6 +59,7 @@ class IPASystemRecords(object):
self.api_instance = api_instance
self.domain_abs = DNSName(self.api_instance.env.domain).make_absolute()
self.servers_data = {}
+ self.used_locations = set()
self.__init_data()
def reload_data(self):
@@ -79,6 +80,7 @@ class IPASystemRecords(object):
def __init_data(self):
self.servers_data = {}
+ self.used_locations = set()
servers_result = self.api_instance.Command.server_find(
pkey_only=True)['result']
@@ -90,6 +92,8 @@ class IPASystemRecords(object):
'location': location,
'roles': roles,
}
+ if location:
+ self.used_locations.add(location)
def __add_srv_records(
self, zone_obj, hostname, rname_port_map,
@@ -306,13 +310,12 @@ class IPASystemRecords(object):
pkey_only=True)['result']
servers = [s['cn'][0] for s in servers_result]
- locations_result = self.api_instance.Command.location_find()['result']
- locations = [l['idnsname'][0] for l in locations_result]
-
+ # generate only records for used location, records for unassigned
+ # locations are useless
for server in servers:
self._get_location_dns_records_for_server(
zone_obj, server,
- locations, roles=roles,
+ self.used_locations, roles=roles,
include_master_role=include_master_role)
return zone_obj
--
2.5.5
From 5ff81c6f43d204f4581d83dd09ac37f0effd9558 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 16 Jun 2016 16:46:29 +0200
Subject: [PATCH 6/9] DNS Locations: location-del: remove location record
Remove unused location records
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/dns_data_management.py | 41 +++++++++++++++++++++++++++++++++++++---
ipaserver/plugins/location.py | 5 +++++
2 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py
index d01e1137c0b7fc354e4766bd611b6346520140f6..b6ae27ad3e754da148ffb4023500900bb6ba7b87 100644
--- a/ipaserver/dns_data_management.py
+++ b/ipaserver/dns_data_management.py
@@ -78,6 +78,9 @@ class IPASystemRecords(object):
return weight, location, roles
+ def __get_location_suffix(self, location):
+ return location + DNSName('_locations') + self.domain_abs
+
def __init_data(self):
self.servers_data = {}
self.used_locations = set()
@@ -104,9 +107,7 @@ class IPASystemRecords(object):
assert isinstance(weight, int)
if location:
- suffix = (
- location + DNSName('_locations') + self.domain_abs
- )
+ suffix = self.__get_location_suffix(location)
else:
suffix = self.domain_abs
@@ -388,6 +389,40 @@ class IPASystemRecords(object):
self.update_locations_records()
)
+ def remove_location_records(self, location):
+ """
+ Remove all location records
+ :param location: DNSName object
+ :return: list of successfuly removed record names, list of record
+ names that cannot be removed and returned exception in tuples
+ [rname1, ...], [(rname2, exc), ...]
+ """
+ success = []
+ failed = []
+
+ location = DNSName(location)
+ loc_records = []
+ for records in (
+ IPA_DEFAULT_MASTER_SRV_REC,
+ IPA_DEFAULT_ADTRUST_SRV_REC,
+ ):
+ for name, _port in records:
+ loc_records.append(
+ name + self.__get_location_suffix(location))
+
+ for rname in loc_records:
+ try:
+ self.api_instance.Command.dnsrecord_del(
+ self.domain_abs, rname, del_all=True)
+ except errors.NotFound:
+ pass
+ except errors.PublicError as e:
+ failed.append((rname, e))
+ else:
+ success.append(rname)
+ return success, failed
+
+
@classmethod
def records_list_from_node(cls, name, node):
records = []
diff --git a/ipaserver/plugins/location.py b/ipaserver/plugins/location.py
index 6c65970061343f993e11282380b8e17a56f55226..1de51df634ba798b592727add10092f1d7866cd9 100644
--- a/ipaserver/plugins/location.py
+++ b/ipaserver/plugins/location.py
@@ -18,6 +18,7 @@ from ipalib import (
)
from ipalib.errors import DependentEntry
from ipalib.plugable import Registry
+from ipaserver.dns_data_management import IPASystemRecords
from ipaserver.plugins.baseldap import (
LDAPCreate,
LDAPSearch,
@@ -151,6 +152,10 @@ class location_del(LDAPDelete):
key=keys[-1],
dependent=location_member
)
+ system_records =IPASystemRecords(self.api)
+ _success, failed = system_records.remove_location_records(keys[-1])
+ if failed:
+ self.add_message(messages.AutomaticDNSRecordsUpdateFailed())
return dn
--
2.5.5
From 296310ab439a3d159a518f5a660987f6b867b32e Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 16 Jun 2016 19:13:45 +0200
Subject: [PATCH 7/9] DNS Locations: Rename ipalocationweight to
ipaserviceweight
Service weight explains better meaning of attribute than location
weight, because location itself have no weight only services have.
https://fedorahosted.org/freeipa/ticket/2008
---
ACI.txt | 2 +-
API.txt | 2 +-
VERSION | 4 ++--
install/share/60ipadns.ldif | 4 ++--
install/ui/src/freeipa/topology.js | 8 ++++----
ipaserver/dns_data_management.py | 2 +-
ipaserver/plugins/location.py | 10 +++++-----
ipaserver/plugins/server.py | 22 +++++++++++-----------
ipatests/test_xmlrpc/test_location_plugin.py | 8 ++++----
ipatests/test_xmlrpc/tracker/location_plugin.py | 4 ++--
ipatests/test_xmlrpc/tracker/server_plugin.py | 6 +++---
11 files changed, 36 insertions(+), 36 deletions(-)
diff --git a/ACI.txt b/ACI.txt
index 717fa7a1db9f54f51ec709b2e528b72e5c4915d6..0646d0d24d0e8a427eabf5aca04566f269e96cd2 100644
--- a/ACI.txt
+++ b/ACI.txt
@@ -239,7 +239,7 @@ aci: (targetattr = "accesstime || cn || createtimestamp || description || entryu
dn: cn=usermap,cn=selinux,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Remove SELinux User Maps";allow (delete) groupdn = "ldap:///cn=System: Remove SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example
-aci: (targetattr = "cn || createtimestamp || entryusn || ipalocation || ipalocationweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
+aci: (targetattr = "cn || createtimestamp || entryusn || ipalocation || ipaserviceweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Status of Services on IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
diff --git a/API.txt b/API.txt
index 8dde37142095aea977d5c362af634af67bd0096b..f785252f05e49d98a688064f5a7d87fbbf804700 100644
--- a/API.txt
+++ b/API.txt
@@ -4200,7 +4200,7 @@ option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('delattr*', cli_name='delattr')
option: DNSNameParam('ipalocation_location?', autofill=False, cli_name='location')
-option: Int('ipalocationweight?', autofill=False, cli_name='location_weight')
+option: Int('ipaserviceweight?', autofill=False, cli_name='service_weight')
option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True, default=False)
diff --git a/VERSION b/VERSION
index 8ea9602f06a5cbe7fa93e88a77d9902388148e40..3f3ca759584d9dc94d0050f96f3cd5fc56638bbb 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=186
-# Last change: mbasti - added dnsserver-* commands
+IPA_API_VERSION_MINOR=187
+# Last change: mbasti - rename ipalocationweight to ipaserviceweight
diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
index 46a49174700413162f35ce26138915728a846819..b6eff3a2b6bae81dd0865594048ee7d193eef91a 100644
--- a/install/share/60ipadns.ldif
+++ b/install/share/60ipadns.ldif
@@ -75,7 +75,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.30 NAME 'idnsSubstitutionVariable' DES
attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion' DESC 'IPA DNS data version' EQUALITY integerMatch ORDERING integerOrderingMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'IPA v4.3' )
attributeTypes: ( 2.16.840.1.113730.3.8.5.31 NAME 'idnsServerId' DESC 'DNS server identifier' EQUALITY caseIgnoreMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.4' )
attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation' DESC 'Reference to IPA location' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
-attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaLocationWeight' DESC 'Weight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
+attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaServiceWeight' DESC 'Weight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRecord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPFRecord ) )
objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning $ nSEC3PARAMRecord ) )
objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) )
@@ -86,4 +86,4 @@ objectClasses: ( 2.16.840.1.113730.3.8.6.5 NAME 'idnsTemplateObject' DESC 'Templ
objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer' DESC 'IPA DNS container' AUXILIARY MUST ( ipaDNSVersion ) X-ORIGIN 'IPA v4.3' )
objectClasses: ( 2.16.840.1.113730.3.8.6.6 NAME 'idnsServerConfigObject' DESC 'DNS server configuration options' STRUCTURAL MUST ( idnsServerId ) MAY ( idnsSubstitutionVariable $ idnsSOAmName $ idnsForwarders $ idnsForwardPolicy ) X-ORIGIN 'IPA v4.4' )
objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject' DESC 'Object for storing IPA server location' STRUCTURAL MUST ( idnsName ) MAY ( description ) X-ORIGIN 'IPA v4.4' )
-objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Member object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaLocationWeight ) X-ORIGIN 'IPA v4.4' )
+objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Member object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaServiceWeight ) X-ORIGIN 'IPA v4.4' )
diff --git a/install/ui/src/freeipa/topology.js b/install/ui/src/freeipa/topology.js
index 139f9562506f338b32dc3afa56493ecb2c4a1cfc..4cd25ea3033542ea4fb41da345b5a8c91ab0bbcd 100644
--- a/install/ui/src/freeipa/topology.js
+++ b/install/ui/src/freeipa/topology.js
@@ -239,7 +239,7 @@ return {
flags: ['w_if_no_aci']
},
{
- name: 'ipalocationweight',
+ name: 'ipaserviceweight',
placeholder: '100'
},
{
@@ -412,10 +412,10 @@ return {
link: true
},
{
- name: 'ipalocationweight'
+ name: 'ipaserviceweight'
},
{
- name: 'location_relative_weight'
+ name: 'service_relative_weight'
}
]
}
@@ -586,7 +586,7 @@ topology.location_association_table_widget = function(spec) {
},
{
$type: 'text',
- name: 'ipalocationweight'
+ name: 'ipaserviceweight'
}
]
}
diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py
index b6ae27ad3e754da148ffb4023500900bb6ba7b87..4074b031836dc2dea59ad5d01954a76321dddae7 100644
--- a/ipaserver/dns_data_management.py
+++ b/ipaserver/dns_data_management.py
@@ -72,7 +72,7 @@ class IPASystemRecords(object):
def __get_server_attrs(self, hostname):
server_result = self.api_instance.Command.server_show(hostname)['result']
- weight = int(server_result.get('ipalocationweight', [u'100'])[0])
+ weight = int(server_result.get('ipaserviceweight', [u'100'])[0])
location = server_result.get('ipalocation_location', [None])[0]
roles = set(server_result.get('enabled_role_servrole', ()))
diff --git a/ipaserver/plugins/location.py b/ipaserver/plugins/location.py
index 1de51df634ba798b592727add10092f1d7866cd9..2a7e681aec9e314d0b11702cb23045593635f758 100644
--- a/ipaserver/plugins/location.py
+++ b/ipaserver/plugins/location.py
@@ -202,12 +202,12 @@ class location_show(LDAPRetrieve):
in_location=keys[0], no_members=False)['result']
for server in servers:
servers_name.append(server['cn'][0])
- weight = int(server.get('ipalocationweight', [100])[0])
+ weight = int(server.get('ipaserviceweight', [100])[0])
weight_sum += weight
servers_additional_info[server['cn'][0]] = {
'cn': server['cn'],
- 'ipalocationweight': server.get(
- 'ipalocationweight', [u'100']),
+ 'ipaserviceweight': server.get(
+ 'ipaserviceweight', [u'100']),
}
if not dns_server_in_loc:
@@ -218,9 +218,9 @@ class location_show(LDAPRetrieve):
dns_server_in_loc = True
for server in servers_additional_info.values():
- server['location_relative_weight'] = [
+ server['service_relative_weight'] = [
u'{:.1f}%'.format(
- int(server['ipalocationweight'][0])*100.0/weight_sum)
+ int(server['ipaserviceweight'][0])*100.0/weight_sum)
]
if servers_name:
result['result']['servers_server'] = servers_name
diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index d338595a8b0babecad9d7de42f4211f4cc95a0ce..41156db3b5714dd93c369dad8ce7f3b42fd03bc6 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -53,7 +53,7 @@ class server(LDAPObject):
search_attributes = ['cn']
default_attributes = [
'cn', 'iparepltopomanagedsuffix', 'ipamindomainlevel',
- 'ipamaxdomainlevel', 'ipalocation', 'ipalocationweight'
+ 'ipamaxdomainlevel', 'ipalocation', 'ipaserviceweight'
]
label = _('IPA Servers')
label_singular = _('IPA Server')
@@ -72,7 +72,7 @@ class server(LDAPObject):
'System: Read Locations of IPA Servers': {
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
- 'objectclass', 'cn', 'ipalocation', 'ipalocationweight',
+ 'objectclass', 'cn', 'ipalocation', 'ipaserviceweight',
},
'default_privileges': {'DNS Administrators'},
},
@@ -123,18 +123,18 @@ class server(LDAPObject):
flags={'no_search'},
),
Int(
- 'ipalocationweight?',
- cli_name='location_weight',
- label=_('Location weight'),
- doc=_('Location weight for server'),
+ 'ipaserviceweight?',
+ cli_name='service_weight',
+ label=_('Service weight'),
+ doc=_('Weight for server services'),
minvalue=0,
maxvalue=65535,
flags={'no_search'},
),
Str(
- 'location_relative_weight',
- label=_('Location relative weight'),
- doc=_('Location relative weight for server (counts per location)'),
+ 'service_relative_weight',
+ label=_('Service relative weight'),
+ doc=_('Relative weight for server services (counts per location)'),
flags={'virtual_attribute','no_create', 'no_update', 'no_search'},
),
Str(
@@ -219,7 +219,7 @@ class server_mod(LDAPUpdate):
self.api.Object.location.handle_not_found(
options['ipalocation_location'])
- if 'ipalocation' or 'ipalocationweight' in entry_attrs:
+ if 'ipalocation' or 'ipaserviceweight' in entry_attrs:
server_entry = ldap.get_entry(dn, ['objectclass'])
# we need to extend object with ipaLocationMember objectclass
@@ -253,7 +253,7 @@ class server_mod(LDAPUpdate):
# server is not DNS server
pass
- if 'ipalocation_location' or 'ipalocationweight' in options:
+ if 'ipalocation_location' or 'ipaserviceweight' in options:
self.add_message(messages.ServiceRestartRequired(
service=services.service('named').systemd_name,
server=keys[0], ))
diff --git a/ipatests/test_xmlrpc/test_location_plugin.py b/ipatests/test_xmlrpc/test_location_plugin.py
index 97e97a2bc9ec910b65c3fc5b551e226fc52e53b8..3f0edfbcf791feea1a9e1b584386215d84b44606 100644
--- a/ipatests/test_xmlrpc/test_location_plugin.py
+++ b/ipatests/test_xmlrpc/test_location_plugin.py
@@ -177,11 +177,11 @@ class TestLocationsServer(XMLRPC_test):
server.update(
dict(
ipalocation_location=location.idnsname_obj,
- ipalocationweight=200,
+ ipaserviceweight=200,
),
expected_updates=dict(
ipalocation_location=[location.idnsname_obj],
- ipalocationweight=[u'200'],
+ ipaserviceweight=[u'200'],
)
)
# remove invalid data from the previous test
@@ -195,6 +195,6 @@ class TestLocationsServer(XMLRPC_test):
location.remove_server_from_location(server.server_name)
location.retrieve()
- def test_remove_location_weight_from_server(self, location, server):
- server.update(dict(ipalocationweight=None))
+ def test_remove_service_weight_from_server(self, location, server):
+ server.update(dict(ipaserviceweight=None))
location.retrieve()
diff --git a/ipatests/test_xmlrpc/tracker/location_plugin.py b/ipatests/test_xmlrpc/tracker/location_plugin.py
index 8901b7e0015529ff612aa924647e33db84e42e2c..3bce6669aed59141c6cddf492afd478bcabff06d 100644
--- a/ipatests/test_xmlrpc/tracker/location_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/location_plugin.py
@@ -132,8 +132,8 @@ class LocationTracker(Tracker):
self.attrs.setdefault('servers_server', []).append(server_name)
self.servers[server_name] = {
'cn': [server_name],
- 'ipalocationweight': [unicode(weight)],
- 'location_relative_weight': [relative_weight]
+ 'ipaserviceweight': [unicode(weight)],
+ 'service_relative_weight': [relative_weight]
}
def remove_server_from_location(self, server_name):
diff --git a/ipatests/test_xmlrpc/tracker/server_plugin.py b/ipatests/test_xmlrpc/tracker/server_plugin.py
index 42e63d78f251623fc5088d79a9b0da439c52113b..7540f45bf5f222e603fb446f7f2935376cca6be6 100644
--- a/ipatests/test_xmlrpc/tracker/server_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/server_plugin.py
@@ -13,18 +13,18 @@ class ServerTracker(Tracker):
retrieve_keys = {
'cn', 'dn', 'ipamaxdomainlevel', 'ipamindomainlevel',
'iparepltopomanagedsuffix_topologysuffix', 'ipalocation_location',
- 'ipalocationweight',
+ 'ipaserviceweight',
}
retrieve_all_keys = retrieve_keys | {'objectclass'}
create_keys = retrieve_keys | {'objectclass'}
find_keys = {
'cn', 'dn', 'ipamaxdomainlevel', 'ipamindomainlevel',
- 'ipalocationweight',
+ 'ipaserviceweight',
}
find_all_keys = retrieve_all_keys
update_keys = {
'cn', 'ipamaxdomainlevel', 'ipamindomainlevel',
- 'ipalocation_location', 'ipalocationweight',
+ 'ipalocation_location', 'ipaserviceweight',
}
def __init__(self, name):
--
2.5.5
From 08886b9903d61b308d89655f0f931a5fb6471f2b Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 16 Jun 2016 21:16:39 +0200
Subject: [PATCH 8/9] DNS Locations: generate NTP records
Move NTP records to centralized record generator
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/dns_data_management.py | 27 ++++++++++++++++++++++++++-
ipaserver/install/bindinstance.py | 22 ----------------------
2 files changed, 26 insertions(+), 23 deletions(-)
diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py
index 4074b031836dc2dea59ad5d01954a76321dddae7..3ca40c785681a56fd6e7583c6b4db88c58317305 100644
--- a/ipaserver/dns_data_management.py
+++ b/ipaserver/dns_data_management.py
@@ -44,6 +44,11 @@ IPA_DEFAULT_ADTRUST_SRV_REC = (
(DNSName(u'_kerberos._udp.dc._msdcs'), 88),
)
+IPA_DEFAULT_NTP_SRV_REC = (
+ # srv record name, port
+ (DNSName("_ntp._udp"), 123),
+)
+
class IPADomainIsNotManagedByIPAError(Exception):
pass
@@ -180,6 +185,14 @@ class IPASystemRecords(object):
weight=server['weight']
)
+ if 'NTP server' in eff_roles:
+ self.__add_srv_records(
+ zone_obj,
+ hostname_abs,
+ IPA_DEFAULT_NTP_SRV_REC,
+ weight=server['weight']
+ )
+
def _get_location_dns_records_for_server(
self, zone_obj, hostname, locations,
roles=None, include_master_role=True):
@@ -217,6 +230,16 @@ class IPASystemRecords(object):
location=location
)
+ if 'NTP server' in eff_roles:
+ self.__add_srv_records(
+ zone_obj,
+ hostname_abs,
+ IPA_DEFAULT_NTP_SRV_REC,
+ weight=server['weight'],
+ priority=priority,
+ location=location
+ )
+
return zone_obj
def __prepare_records_update_dict(self, node):
@@ -332,7 +355,8 @@ class IPASystemRecords(object):
names_requiring_cname_templates = set(
rec[0].derelativize(self.domain_abs) for rec in (
IPA_DEFAULT_MASTER_SRV_REC +
- IPA_DEFAULT_ADTRUST_SRV_REC
+ IPA_DEFAULT_ADTRUST_SRV_REC +
+ IPA_DEFAULT_NTP_SRV_REC
)
)
@@ -405,6 +429,7 @@ class IPASystemRecords(object):
for records in (
IPA_DEFAULT_MASTER_SRV_REC,
IPA_DEFAULT_ADTRUST_SRV_REC,
+ IPA_DEFAULT_NTP_SRV_REC
):
for name, _port in records:
loc_records.append(
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index e49abce23d16c313ba46842965ede349defdd2a3..a335ff5f4f6a946c7a2de891538043e3d290ee41 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -859,21 +859,6 @@ class BindInstance(service.Service):
def __add_master_records(self, fqdn, addrs):
host, zone = fqdn.split(".", 1)
- if normalize_zone(zone) == normalize_zone(self.domain):
- host_in_rr = host
- else:
- host_in_rr = normalize_zone(fqdn)
-
- srv_records = ()
- if self.ntp:
- srv_records += (
- ("_ntp._udp", "0 100 123 %s" % host_in_rr),
- )
-
- for (rname, rdata) in srv_records:
- add_rr(self.domain, rname, "SRV", rdata, self.dns_backup,
- api=self.api)
-
if not dns_zone_exists(zone, self.api):
# check if master hostname is resolvable
try:
@@ -1097,13 +1082,6 @@ class BindInstance(service.Service):
self.fqdn = fqdn
self.domain = domain_name
- resource_records = (
- ("_ntp._udp", "SRV", "0 100 123 %s" % self.host_in_rr),
- )
-
- for (record, type, rdata) in resource_records:
- del_rr(self.domain, record, type, rdata, api=self.api)
-
areclist = get_fwd_rr(zone, host, api=self.api)
for rdata in areclist:
del_fwd_rr(zone, host, rdata, api=self.api)
--
2.5.5
From bede984fae3d43ded35c26ffdf32bd2498c4f2aa Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 16 Jun 2016 21:53:31 +0200
Subject: [PATCH 9/9] upgrade: don't fail if zone does not exists in in find
In case that zone is not managed by IPA, upgrade fails with not found
error. Prevent failure in this case.
---
ipaserver/install/bindinstance.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index a335ff5f4f6a946c7a2de891538043e3d290ee41..188f3dc0e4a38255ab48d7dc31e5b366fe1c588c 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -1037,7 +1037,11 @@ class BindInstance(service.Service):
def remove_ipa_ca_cnames(self, domain_name):
# get ipa-ca CNAMEs
- cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME", api=self.api)
+ try:
+ cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME", api=self.api)
+ except errors.NotFound:
+ # zone does not exists
+ cnames = None
if not cnames:
return
--
2.5.5
From a062c7bae5b9c18b2578b3a8cca788931d16a993 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 17 Jun 2016 14:56:57 +0200
Subject: [PATCH 1/2] DNS Location: add list of roles and DNS servers to
location-show
Add to output list of DNS servers which advertise location and list fo
roles per server
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/plugins/location.py | 39 +++++++++++++++++++++++++--------------
1 file changed, 25 insertions(+), 14 deletions(-)
diff --git a/ipaserver/plugins/location.py b/ipaserver/plugins/location.py
index 2a7e681aec9e314d0b11702cb23045593635f758..e24f7b7bc6d33dc877bdb2b8e4dde6d329236c77 100644
--- a/ipaserver/plugins/location.py
+++ b/ipaserver/plugins/location.py
@@ -117,6 +117,12 @@ class location(LDAPObject):
doc=_('Servers that belongs to the IPA location'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
),
+ Str(
+ 'dns_server*',
+ label=_('Advertised by servers'),
+ doc=_('List of servers which advertise the given location'),
+ flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
+ ),
)
def get_dn(self, *keys, **options):
@@ -192,30 +198,31 @@ class location_show(LDAPRetrieve):
def execute(self, *keys, **options):
result = super(location_show, self).execute(*keys, **options)
- dns_server_in_loc = False
servers_additional_info = {}
if not options.get('raw'):
servers_name = []
+ dns_servers = []
weight_sum = 0
servers = self.api.Command.server_find(
in_location=keys[0], no_members=False)['result']
for server in servers:
- servers_name.append(server['cn'][0])
+ s_name = server['cn'][0]
+ servers_name.append(s_name)
weight = int(server.get('ipaserviceweight', [100])[0])
weight_sum += weight
- servers_additional_info[server['cn'][0]] = {
+ servers_additional_info[s_name] = {
'cn': server['cn'],
'ipaserviceweight': server.get(
'ipaserviceweight', [u'100']),
}
- if not dns_server_in_loc:
- show_result = self.api.Command.server_show(
- server['cn'][0])['result']
- if 'DNS server' in show_result.get(
- 'enabled_role_servrole', ()):
- dns_server_in_loc = True
+ s_roles = server.get('enabled_role_servrole', ())
+ if s_roles:
+ servers_additional_info[s_name][
+ 'enabled_role_servrole'] = s_roles
+ if 'DNS server' in s_roles:
+ dns_servers.append(s_name)
for server in servers_additional_info.values():
server['service_relative_weight'] = [
@@ -224,11 +231,15 @@ class location_show(LDAPRetrieve):
]
if servers_name:
result['result']['servers_server'] = servers_name
+
+ if dns_servers:
+ result['result']['dns_server'] = dns_servers
+
+ if not dns_servers and servers_additional_info:
+ self.add_message(messages.LocationWithoutDNSServer(
+ location=keys[0]
+ ))
+
result['servers'] = servers_additional_info
- if not dns_server_in_loc and servers_additional_info:
- self.add_message(messages.LocationWithoutDNSServer(
- location=keys[0]
- ))
-
return result
--
2.5.5
From ea72cc060126429eb70daf002401720c9d28eeab Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 17 Jun 2016 16:42:13 +0200
Subject: [PATCH 2/2] DNS Locations: dnsserver: print specific error when DNS
is not installed
Print 'DNS is not configured' if there is no IPA DNS in domain
https://fedorahosted.org/freeipa/ticket/2008
---
ipaserver/plugins/dnsserver.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ipaserver/plugins/dnsserver.py b/ipaserver/plugins/dnsserver.py
index f22d6943eba73e37e9e3afaa3de11ac5595d47ab..beddec04230d810479fff9612721cf12260bbb3a 100644
--- a/ipaserver/plugins/dnsserver.py
+++ b/ipaserver/plugins/dnsserver.py
@@ -11,6 +11,7 @@ from ipalib import (
DNSNameParam,
Str,
StrEnum,
+ errors,
)
from ipalib.frontend import Local
from ipalib.plugable import Registry
@@ -27,6 +28,7 @@ from ipaserver.plugins.baseldap import (
LDAPCreate,
LDAPDelete,
)
+from .dns import dns_container_exists
__doc__ = _("""
@@ -138,6 +140,11 @@ class dnsserver(LDAPObject):
),
)
+ def get_dn(self, *keys, **options):
+ if not dns_container_exists(self.api.Backend.ldap2):
+ raise errors.NotFound(reason=_('DNS is not configured'))
+ return super(dnsserver, self).get_dn(*keys, **options)
+
@register()
class dnsserver_mod(LDAPUpdate):
--
2.5.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
