Re: [Freeipa-devel] [PATCHES 0080-0081] DNSSEC: Add experimental support for DNSSEC

2014-07-03 Thread Petr Spacek 

On 2.7.2014 18:44, Petr Viktorin wrote:

On 07/02/2014 06:25 PM, Petr Spacek wrote:

On 27.6.2014 17:11, Martin Basti wrote:

Ticket: https://fedorahosted.org/freeipa/ticket/4408
Patches attached.


Both patches works for me. I have tested clean installation and upgrade
from 3.3.5.



Code looks okay, pushed to master: 3b310d6b4f8063149d1abe823b64bc9796a97ab2

Is this all for the ticket? Can we close it?


Not yet, we need to push mbasti's patch 0083.

--
Petr^2 Spacek

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 0080-0081] DNSSEC: Add experimental support for DNSSEC

2014-07-02 Thread Petr Spacek 

On 27.6.2014 17:11, Martin Basti wrote:

Ticket: https://fedorahosted.org/freeipa/ticket/4408
Patches attached.


Both patches works for me. I have tested clean installation and upgrade from 
3.3.5.


--
Petr^2 Spacek

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 0080-0081] DNSSEC: Add experimental support for DNSSEC

2014-07-02 Thread Petr Viktorin 

On 07/02/2014 06:25 PM, Petr Spacek wrote:

On 27.6.2014 17:11, Martin Basti wrote:

Ticket: https://fedorahosted.org/freeipa/ticket/4408
Patches attached.


Both patches works for me. I have tested clean installation and upgrade
from 3.3.5.



Code looks okay, pushed to master: 3b310d6b4f8063149d1abe823b64bc9796a97ab2

Is this all for the ticket? Can we close it?

--
PetrĀ³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCHES 0080-0081] DNSSEC: Add experimental support for DNSSEC

2014-06-27 Thread Martin Basti 
Ticket: https://fedorahosted.org/freeipa/ticket/4408
Patches attached.
-- 
Martin^2 Basti
From 294ef8aa1abe4d0ebf0d858f66f12d747b2a1d48 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Fri, 27 Jun 2014 17:04:15 +0200
Subject: [PATCH 1/2] Allow to add non string values to named conf

Non string values should not start and end with '' in options section
in named.conf

Required by ticket: https://fedorahosted.org/freeipa/ticket/4408
---
 ipaserver/install/bindinstance.py | 30 --
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 78810297a17601eb4c6e5faaf0c89502e9a2d9b0..9a27c781764f3dc311d20cfcf9150fde31307b03 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -51,6 +51,9 @@ named_conf_arg_ipa_re = re.compile(r'(?Pindent\s*)arg\s+(?Pname\S+)\s(?Pva
 named_conf_arg_options_re = re.compile(r'(?Pindent\s*)(?Pname\S+)\s+(?Pvalue[^]+)\s*;')
 named_conf_arg_ipa_template = %(indent)sarg \%(name)s %(value)s\;\n
 named_conf_arg_options_template = %(indent)s%(name)s \%(value)s\;\n
+# non string args for options section
+named_conf_arg_options_re_nonstr = re.compile(r'(?Pindent\s*)(?Pname\S+)\s+(?Pvalue[^]+)\s*;')
+named_conf_arg_options_template_nonstr = %(indent)s%(name)s %(value)s;\n
 
 def check_inst(unattended):
 has_bind = True
@@ -94,14 +97,21 @@ def named_conf_exists():
 
 NAMED_SECTION_OPTIONS = options
 NAMED_SECTION_IPA = ipa
-def named_conf_get_directive(name, section=NAMED_SECTION_IPA):
-Get a configuration option in bind-dyndb-ldap section of named.conf
+def named_conf_get_directive(name, section=NAMED_SECTION_IPA, str_val=True):
+Get a configuration option in bind-dyndb-ldap section of named.conf
+
+:str_val - set to True if directive value is string
+(only for NAMED_SECTION_OPTIONS)
+
 if section == NAMED_SECTION_IPA:
 named_conf_section_start_re = named_conf_section_ipa_start_re
 named_conf_arg_re = named_conf_arg_ipa_re
 elif section == NAMED_SECTION_OPTIONS:
 named_conf_section_start_re = named_conf_section_options_start_re
-named_conf_arg_re = named_conf_arg_options_re
+if str_val:
+named_conf_arg_re = named_conf_arg_options_re
+else:
+named_conf_arg_re = named_conf_arg_options_re_nonstr
 else:
 raise NotImplementedError('Section %s is not supported' % section)
 
@@ -121,7 +131,8 @@ def named_conf_get_directive(name, section=NAMED_SECTION_IPA):
 if match and name == match.group('name'):
 return match.group('value')
 
-def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA):
+def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA,
+ str_val=True):
 
 Set configuration option in bind-dyndb-ldap section of named.conf.
 
@@ -130,6 +141,9 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA):
 
 If the value is set to None, the configuration option is removed
 from named.conf.
+
+:str_val - set to True if directive value is string
+(only for NAMED_SECTION_OPTIONS)
 
 new_lines = []
 
@@ -139,8 +153,12 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA):
 named_conf_arg_template = named_conf_arg_ipa_template
 elif section == NAMED_SECTION_OPTIONS:
 named_conf_section_start_re = named_conf_section_options_start_re
-named_conf_arg_re = named_conf_arg_options_re
-named_conf_arg_template = named_conf_arg_options_template
+if str_val:
+named_conf_arg_re = named_conf_arg_options_re
+named_conf_arg_template = named_conf_arg_options_template
+else:
+named_conf_arg_re = named_conf_arg_options_re_nonstr
+named_conf_arg_template = named_conf_arg_options_template_nonstr
 else:
 raise NotImplementedError('Section %s is not supported' % section)
 
-- 
1.8.3.1

From c6a2df79463e67979ddbe2c540273df95165025d Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Fri, 27 Jun 2014 17:07:00 +0200
Subject: [PATCH 2/2] DNSSEC: Add experimental support for DNSSEC

Ticket: https://fedorahosted.org/freeipa/ticket/4408
---
 install/share/bind.named.conf.template |  2 ++
 install/tools/ipa-upgradeconfig| 21 +
 2 files changed, 23 insertions(+)

diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 0984febb11633c171710a4d7f181f738e02fa637..6db17120f983d3762d4fb728d262eae10a18f74e 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -16,6 +16,8 @@ options {
 
 	tkey-gssapi-keytab /etc/named.keytab;
 	pid-file /run/named/named.pid;
+
+	dnssec-enable yes;
 };
 
 /* If you want to enable debugging, eg. using the 'rndc trace' command,
diff --git