Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 7.8.2013 16:52, Tomas Babej wrote: Petr, can bind-dyndb-ldap handle idnsConfigObject containing idnsPersistentSearch and idnsZoneRefresh attributes? Yes, it should work. Old attributes will be ignored by bind-dyndb-ldap v4.0 and higher. -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 08/07/2013 04:52 PM, Tomas Babej wrote: On 08/05/2013 05:59 PM, Martin Kosek wrote: On 07/17/2013 01:47 PM, Tomas Babej wrote: I will release version 3.5 before end of this week. I have some small fixes ready so it is worth to release it now. To summarize the discussion - please remove following options from configuration file and LDAP schema: cache_ttl psearch (attribute idnsPersistentSearch in idnsConfigObject) zone_refresh (attribute idnsZoneRefresh in idnsConfigObject) -- Petr^2 Spacek I have a patch ready, but it can't be tested until 3.5 is out. Tomas I did not test the patch yet, I just want to comment on one thing I just noticed. I is it a good idea to remove idnsZoneRefresh and idnsPersistentSearch attribute types and modify idnsConfigObject objectclass? This will affect not only new instances, but also the old ones (i.e. RHEL-6.4) which may still use these attributes. DNS config object would suddenly become unusable because DS would refuse to operate the entry as it does not follow the schema. The same applies for ACIs. I would personally not do these changes yet, I think just hiding and marking as DeprecatedParam is enough for now. Alexander, what do you think? Martin We discussed this with Martin. I agreed it would be less cumbersome to keep the attributes in schema for now. I retested the patches, updated versions attached. Petr, can bind-dyndb-ldap handle idnsConfigObject containing idnsPersistentSearch and idnsZoneRefresh attributes? I still see some schema and aci changes: --- a/install/updates/10-bind-schema.update +++ b/install/updates/10-bind-schema.update @@ -44,7 +44,7 @@ add:attributeTypes: SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v2' ) -add:attributeTypes: +remove:attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zone refresh interval' @@ -52,7 +52,7 @@ add:attributeTypes: SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v2' ) -add:attributeTypes: +remove:attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DESC 'allow persistent searches' @@ -65,8 +65,7 @@ add:objectClasses: NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL - MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$ -idnsZoneRefresh $$ idnsPersistentSearch + MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR ) ) add:objectClasses: ( 2.16.840.1.113730.3.8.12.18 AND -_write_dns_aci_entry = ['add:aci:\'(targetattr = idnsforwardpolicy || idnsforwarders || idnsallowsyncptr || idnszonerefresh || idnspersistentsearch)(target = ldap:///cn=dns,%(realm)s)(version 3.0;acl permission:Write DNS Configuration;allow (write) groupdn = ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s;)\'' % dict(realm=api.env.basedn)] +_write_dns_aci_entry = ['add:aci:\'(targetattr = idnsforwardpolicy || idnsforwarders || idnsallowsyncptr)(target = ldap:///cn=dns,%(realm)s)(version 3.0;acl permission:Write DNS Configuration;allow (write) groupdn = ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s;)\'' % dict(realm=api.env.basedn)] Besides these, patch worked fine on both upgrade and new installation. So when you remove these chunks, it will be ack. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 08/05/2013 05:59 PM, Martin Kosek wrote:
On 07/17/2013 01:47 PM, Tomas Babej wrote:
I will release version 3.5 before end of this week. I have some small fixes
ready so it is worth to release it now.
To summarize the discussion - please remove following options from
configuration file and LDAP schema:
cache_ttl
psearch (attribute idnsPersistentSearch in idnsConfigObject)
zone_refresh (attribute idnsZoneRefresh in idnsConfigObject)
--
Petr^2 Spacek
I have a patch ready, but it can't be tested until 3.5 is out.
Tomas
I did not test the patch yet, I just want to comment on one thing I just
noticed.
I is it a good idea to remove idnsZoneRefresh and idnsPersistentSearch
attribute types and modify idnsConfigObject objectclass?
This will affect not only new instances, but also the old ones (i.e. RHEL-6.4)
which may still use these attributes. DNS config object would suddenly become
unusable because DS would refuse to operate the entry as it does not follow the
schema. The same applies for ACIs.
I would personally not do these changes yet, I think just hiding and marking as
DeprecatedParam is enough for now. Alexander, what do you think?
Martin
We discussed this with Martin. I agreed it would be less cumbersome to
keep the attributes in schema for now.
I retested the patches, updated versions attached.
Petr, can bind-dyndb-ldap handle idnsConfigObject containing
idnsPersistentSearch
and idnsZoneRefresh attributes?
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 6c67f480d412a8d55582a4abd713bf360947afed Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 7 Aug 2013 16:12:35 +0200
Subject: [PATCH] Remove support for IPA deployments with no persistent search
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
---
API.txt | 2 +-
freeipa.spec.in | 2 +-
install/share/bind.named.conf.template | 2 -
install/tools/ipa-dns-install | 24 -
install/tools/ipa-server-install| 24 -
install/tools/ipa-upgradeconfig | 137
install/tools/man/ipa-dns-install.1 | 6 --
install/tools/man/ipa-server-install.1 | 6 --
install/ui/src/freeipa/dns.js | 3 +-
install/ui/test/data/dnsconfig_mod.json | 5 -
install/ui/test/data/dnsconfig_show.json| 5 -
install/ui/test/data/ipa_init_commands.json | 11 ---
install/ui/test/data/ipa_init_objects.json | 15 +--
install/updates/10-bind-schema.update | 7 +-
ipalib/plugins/dns.py | 10 +-
ipaserver/install/bindinstance.py | 38
ipaserver/install/plugins/dns.py| 2 +-
ipatests/test_xmlrpc/test_dns_plugin.py | 1 -
18 files changed, 108 insertions(+), 192 deletions(-)
diff --git a/API.txt b/API.txt
index 44b3dd444964c8dac595177f8601c82d0235eabe..8142bbc37406686dd8bafe94569aab4278259917 100644
--- a/API.txt
+++ b/API.txt
@@ -669,7 +669,7 @@ option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
-option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False)
+option: DeprecatedParam('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr', exclude='webui')
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b0beb16a4d29e414f4f7587038c311f5aa2272bd..aa365095cbbe44ceeaf65d7ce121b0ac 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -156,7 +156,7 @@ Obsoletes: freeipa-server-selinux 3.3.0
# IPA but if it is configured we need a way to require versions
# that work for us.
%if 0%{?fedora} = 18
-Conflicts: bind-dyndb-ldap 2.3-2
+Conflicts: bind-dyndb-ldap 3.5
%else
Conflicts: bind-dyndb-ldap 1.1.0-0.12.rc1
%endif
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index e4ce6058399e8d9a1f112f55907e060075dff00b..a244957fafaf6ff9903abb8c00c1d361a49ec9f6 100644
--- a/install/share/bind.named.conf.template
+++
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
I will release version 3.5 before end of this week. I have some small fixes
ready so it is worth to release it now.
To summarize the discussion - please remove following options from
configuration file and LDAP schema:
cache_ttl
psearch (attribute idnsPersistentSearch in idnsConfigObject)
zone_refresh (attribute idnsZoneRefresh in idnsConfigObject)
--
Petr^2 Spacek
I have a patch ready, but it can't be tested until 3.5 is out.
Tomas
From 076296b54e0137da343ebbd61ac96ef5da3efcfc Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 3 Jun 2013 14:37:20 +0200
Subject: [PATCH] Remove support for IPA deployments with no persistent search
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
---
API.txt | 2 +-
freeipa.spec.in | 2 +-
install/share/60ipadns.ldif | 4 +-
install/share/bind.named.conf.template | 2 -
install/share/dns.ldif | 2 +-
install/tools/ipa-dns-install | 24 -
install/tools/ipa-server-install| 24 -
install/tools/ipa-upgradeconfig | 137
install/tools/man/ipa-dns-install.1 | 6 --
install/tools/man/ipa-server-install.1 | 6 --
install/ui/src/freeipa/dns.js | 3 +-
install/ui/test/data/dnsconfig_mod.json | 5 -
install/ui/test/data/dnsconfig_show.json| 5 -
install/ui/test/data/ipa_init_commands.json | 11 ---
install/ui/test/data/ipa_init_objects.json | 15 +--
install/updates/10-bind-schema.update | 7 +-
ipalib/plugins/dns.py | 10 +-
ipaserver/install/bindinstance.py | 39
ipaserver/install/plugins/dns.py| 2 +-
ipatests/test_xmlrpc/test_dns_plugin.py | 1 -
20 files changed, 111 insertions(+), 196 deletions(-)
diff --git a/API.txt b/API.txt
index 44b3dd444964c8dac595177f8601c82d0235eabe..8142bbc37406686dd8bafe94569aab4278259917 100644
--- a/API.txt
+++ b/API.txt
@@ -669,7 +669,7 @@ option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
-option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False)
+option: DeprecatedParam('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr', exclude='webui')
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b0beb16a4d29e414f4f7587038c311f5aa2272bd..aa365095cbbe44ceeaf65d7ce121b0ac 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -156,7 +156,7 @@ Obsoletes: freeipa-server-selinux 3.3.0
# IPA but if it is configured we need a way to require versions
# that work for us.
%if 0%{?fedora} = 18
-Conflicts: bind-dyndb-ldap 2.3-2
+Conflicts: bind-dyndb-ldap 3.5
%else
Conflicts: bind-dyndb-ldap 1.1.0-0.12.rc1
%endif
diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
index 437986d3912f56c01d919b8bff2205a5eccfaf04..58673c0a204faf159dcade852b5c9e2677d2422c 100644
--- a/install/share/60ipadns.ldif
+++ b/install/share/60ipadns.ldif
@@ -47,9 +47,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.12 NAME 'idnsAllowTransfer' DESC 'BIND
attributeTypes: ( 2.16.840.1.113730.3.8.5.13 NAME 'idnsAllowSyncPTR' DESC 'permit synchronization of PTR records' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: ( 2.16.840.1.113730.3.8.5.14 NAME 'idnsForwardPolicy' DESC 'forward policy: only or first' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: ( 2.16.840.1.113730.3.8.5.15 NAME 'idnsForwarders' DESC 'list of forwarders' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v2' )
-attributeTypes: ( 2.16.840.1.113730.3.8.5.16 NAME 'idnsZoneRefresh' DESC 'zone refresh interval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v2' )
-attributeTypes: ( 2.16.840.1.113730.3.8.5.17 NAME 'idnsPersistentSearch' DESC 'allow
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 15.7.2013 18:36, Martin Kosek wrote:
On 07/15/2013 06:28 PM, Simo Sorce wrote:
On Mon, 2013-07-15 at 16:41 +0200, Petr Spacek wrote:
On 15.7.2013 16:15, Simo Sorce wrote:
On Mon, 2013-07-15 at 15:57 +0200, Martin Kosek wrote:
On 07/15/2013 03:44 PM, Petr Spacek wrote:
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the respective
option from ipa global DNS configuration? That's idnszonerefresh attribute.
We may want to mark the attribute as invisible in CLI + remove it from Web UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please remove the
option from web UI.
Ok, Tomas please do the changes as proposed above.
The latest development shows that persistent search will be replaced by RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
Ah, so this means that psearch option will be also removed from
bind-dyndb-ldap? In Fedora 19 we just plan to hard-code it to yes, will that
cause issues with Fedora 20? Should we already avoid using the psearch option
and assume that bind-dyndb-ldap in Fedora 19 is using persistent search by
default?
Won't the new bind-dyndb-ldap simply ignore the psearch option when it
moves to syncrepl ?
I can do it, but I think that cleanest way is to remove the 'psearch' option
in upgrade script.
Sure, but if the upgrade, for whatever reason, fails to remove it
bind-dyndb-ldap should just ignore.
Another option is to release new bind-dyndb-ldap to Fedora 19 and change
default values to 'psearch yes' right now. Do you agree?
Too much churn, I think it is ok to change it when we are done with
syncrepl and upgrade config, with the fallback failsafe that even if
upgrade doesn't remove the option bind-dyndb-ldap will simply ignore it.
This will be safer even for people using stuff like cfengine/puppet to
manage configurations and not realizing we changed the conf on upgrade,
their confsystems will push again a conf file with psearch yes but
bnid-dyndb-ldap won't break.
Simo.
Hmm, that's right, it should be safer. Can bind-dyndb-ldap just yell to error
log that there is an unknown configuration option? (if it does not do that
already).
Yes, I can do that. Generally, bind-dyndb-ldap refuses to load invalid
configuration, but I can handle psearch and related options as special-case
(for some small number of releases).
I will release version 3.5 before end of this week. I have some small fixes
ready so it is worth to release it now.
To summarize the discussion - please remove following options from
configuration file and LDAP schema:
cache_ttl
psearch (attribute idnsPersistentSearch in idnsConfigObject)
zone_refresh (attribute idnsZoneRefresh in idnsConfigObject)
--
Petr^2 Spacek
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I don't
see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the respective
option from ipa global DNS configuration? That's idnszonerefresh attribute.
We may want to mark the attribute as invisible in CLI + remove it from Web UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Thanks,
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I don't see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the respective
option from ipa global DNS configuration? That's idnszonerefresh attribute.
We may want to mark the attribute as invisible in CLI + remove it from Web UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please remove
the option from web UI.
The latest development shows that persistent search will be replaced by RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
--
Petr^2 Spacek
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On Mon, 2013-07-15 at 15:57 +0200, Martin Kosek wrote:
On 07/15/2013 03:44 PM, Petr Spacek wrote:
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the respective
option from ipa global DNS configuration? That's idnszonerefresh attribute.
We may want to mark the attribute as invisible in CLI + remove it from Web
UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please remove
the
option from web UI.
Ok, Tomas please do the changes as proposed above.
The latest development shows that persistent search will be replaced by RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
Ah, so this means that psearch option will be also removed from
bind-dyndb-ldap? In Fedora 19 we just plan to hard-code it to yes, will that
cause issues with Fedora 20? Should we already avoid using the psearch
option
and assume that bind-dyndb-ldap in Fedora 19 is using persistent search by
default?
Won't the new bind-dyndb-ldap simply ignore the psearch option when it
moves to syncrepl ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 15.7.2013 16:15, Simo Sorce wrote:
On Mon, 2013-07-15 at 15:57 +0200, Martin Kosek wrote:
On 07/15/2013 03:44 PM, Petr Spacek wrote:
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the respective
option from ipa global DNS configuration? That's idnszonerefresh attribute.
We may want to mark the attribute as invisible in CLI + remove it from Web UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please remove the
option from web UI.
Ok, Tomas please do the changes as proposed above.
The latest development shows that persistent search will be replaced by RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
Ah, so this means that psearch option will be also removed from
bind-dyndb-ldap? In Fedora 19 we just plan to hard-code it to yes, will that
cause issues with Fedora 20? Should we already avoid using the psearch option
and assume that bind-dyndb-ldap in Fedora 19 is using persistent search by
default?
Won't the new bind-dyndb-ldap simply ignore the psearch option when it
moves to syncrepl ?
I can do it, but I think that cleanest way is to remove the 'psearch' option
in upgrade script.
Another option is to release new bind-dyndb-ldap to Fedora 19 and change
default values to 'psearch yes' right now. Do you agree?
--
Petr^2 Spacek
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 07/15/2013 04:41 PM, Petr Spacek wrote:
On 15.7.2013 16:15, Simo Sorce wrote:
On Mon, 2013-07-15 at 15:57 +0200, Martin Kosek wrote:
On 07/15/2013 03:44 PM, Petr Spacek wrote:
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it
with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the respective
option from ipa global DNS configuration? That's idnszonerefresh
attribute.
We may want to mark the attribute as invisible in CLI + remove it from Web
UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please remove
the
option from web UI.
Ok, Tomas please do the changes as proposed above.
The latest development shows that persistent search will be replaced by RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't
matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
Ah, so this means that psearch option will be also removed from
bind-dyndb-ldap? In Fedora 19 we just plan to hard-code it to yes, will
that
cause issues with Fedora 20? Should we already avoid using the psearch
option
and assume that bind-dyndb-ldap in Fedora 19 is using persistent search by
default?
Won't the new bind-dyndb-ldap simply ignore the psearch option when it
moves to syncrepl ?
I can do it, but I think that cleanest way is to remove the 'psearch' option
in
upgrade script.
Hm, right, this should make the upgrade script a lot simpler - it would just
remove all psearch or zone_refresh references.
Another option is to release new bind-dyndb-ldap to Fedora 19 and change
default values to 'psearch yes' right now. Do you agree?
Looks OK to me and would let us avoid doing any additional upgrade process for
Fedora 20 - are you planning to do a Fedora 19 release any time soon? If yes,
we can do the changes we are talking about in next 3.2.x release.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On Mon, 2013-07-15 at 16:41 +0200, Petr Spacek wrote:
On 15.7.2013 16:15, Simo Sorce wrote:
On Mon, 2013-07-15 at 15:57 +0200, Martin Kosek wrote:
On 07/15/2013 03:44 PM, Petr Spacek wrote:
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it
with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the
respective
option from ipa global DNS configuration? That's idnszonerefresh
attribute.
We may want to mark the attribute as invisible in CLI + remove it from
Web UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please
remove the
option from web UI.
Ok, Tomas please do the changes as proposed above.
The latest development shows that persistent search will be replaced by
RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't
matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
Ah, so this means that psearch option will be also removed from
bind-dyndb-ldap? In Fedora 19 we just plan to hard-code it to yes, will
that
cause issues with Fedora 20? Should we already avoid using the psearch
option
and assume that bind-dyndb-ldap in Fedora 19 is using persistent search by
default?
Won't the new bind-dyndb-ldap simply ignore the psearch option when it
moves to syncrepl ?
I can do it, but I think that cleanest way is to remove the 'psearch' option
in upgrade script.
Sure, but if the upgrade, for whatever reason, fails to remove it
bind-dyndb-ldap should just ignore.
Another option is to release new bind-dyndb-ldap to Fedora 19 and change
default values to 'psearch yes' right now. Do you agree?
Too much churn, I think it is ok to change it when we are done with
syncrepl and upgrade config, with the fallback failsafe that even if
upgrade doesn't remove the option bind-dyndb-ldap will simply ignore it.
This will be safer even for people using stuff like cfengine/puppet to
manage configurations and not realizing we changed the conf on upgrade,
their confsystems will push again a conf file with psearch yes but
bnid-dyndb-ldap won't break.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 07/15/2013 06:28 PM, Simo Sorce wrote:
On Mon, 2013-07-15 at 16:41 +0200, Petr Spacek wrote:
On 15.7.2013 16:15, Simo Sorce wrote:
On Mon, 2013-07-15 at 15:57 +0200, Martin Kosek wrote:
On 07/15/2013 03:44 PM, Petr Spacek wrote:
On 15.7.2013 15:31, Martin Kosek wrote:
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it
with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
Thanks for patches! I am just thinking, should we also hide the
respective
option from ipa global DNS configuration? That's idnszonerefresh
attribute.
We may want to mark the attribute as invisible in CLI + remove it from
Web UI.
Petr - what is your take on this? Do you plan to remove idnszonerefresh
attribute support in the future (Fedora 20) as persistent search will be
mandatory in that time?
Yes, you are right. We completely forgot to web UI. And yes - please
remove the
option from web UI.
Ok, Tomas please do the changes as proposed above.
The latest development shows that persistent search will be replaced by
RFC
4533 (known as 'syncrepl'), but from user's point of view it doesn't
matter.
All options related to persistent search and zone_refresh will simply
disappear. Syncrepl itself doesn't require explicit configuration.
Ah, so this means that psearch option will be also removed from
bind-dyndb-ldap? In Fedora 19 we just plan to hard-code it to yes, will
that
cause issues with Fedora 20? Should we already avoid using the psearch
option
and assume that bind-dyndb-ldap in Fedora 19 is using persistent search by
default?
Won't the new bind-dyndb-ldap simply ignore the psearch option when it
moves to syncrepl ?
I can do it, but I think that cleanest way is to remove the 'psearch' option
in upgrade script.
Sure, but if the upgrade, for whatever reason, fails to remove it
bind-dyndb-ldap should just ignore.
Another option is to release new bind-dyndb-ldap to Fedora 19 and change
default values to 'psearch yes' right now. Do you agree?
Too much churn, I think it is ok to change it when we are done with
syncrepl and upgrade config, with the fallback failsafe that even if
upgrade doesn't remove the option bind-dyndb-ldap will simply ignore it.
This will be safer even for people using stuff like cfengine/puppet to
manage configurations and not realizing we changed the conf on upgrade,
their confsystems will push again a conf file with psearch yes but
bnid-dyndb-ldap won't break.
Simo.
Hmm, that's right, it should be safer. Can bind-dyndb-ldap just yell to error
log that there is an unknown configuration option? (if it does not do that
already).
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On Friday 21 of June 2013 13:52:40 Ana Krivokapic wrote:
On 06/12/2013 02:28 PM, Tomas Babej wrote:
Hi,
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated, but rather removes it altogether.
https://fedorahosted.org/freeipa/ticket/3632
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
1) ipa-server-install (with no DNS), followed by ipa-dns-install now fails,
because you missed one reference to options.persistent_search in
ipa-dns-install:
if options.serial_autoincrement and not options.persistent_search:
parser.error('persistent search feature is required for '
'DNS SOA serial autoincrement')
2) I wonder if we can also remove the '--zone-notif' option from
ipa-server-install and ipa-dns-install. It is already deprecated so maybe this
is a good time to drop it altogether?
3) You can remove the 'persistant_search' attribute of the BindInstance class,
and just hardcode the value to yes in the '__setup_sub_dict()' method.
Updated patch adresses all 3 issues.
Tomas___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
-for var in ('persistent_search', 'serial_autoincrement'):
+for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
-
PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I don't see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
-for var in ('persistent_search', 'serial_autoincrement'):
+for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
-
PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I don't
see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
TomasFrom d56b32cb1961315bc1a23573ea7da843eaff36c2 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 3 Jun 2013 14:37:20 +0200
Subject: [PATCH] Remove support for IPA deployments with no persistent search
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
---
install/share/bind.named.conf.template | 1 -
install/tools/ipa-dns-install | 24 -
install/tools/ipa-server-install | 24 -
install/tools/ipa-upgradeconfig| 3 ++-
install/tools/man/ipa-dns-install.1| 6 --
install/tools/man/ipa-server-install.1 | 6 --
ipaserver/install/bindinstance.py | 39 --
7 files changed, 20 insertions(+), 83 deletions(-)
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index e4ce6058399e8d9a1f112f55907e060075dff00b..f78e18b5fd1d44e4d75d8b412994f2810ede8d97 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -44,7 +44,6 @@ dynamic-db ipa {
arg auth_method sasl;
arg sasl_mech GSSAPI;
arg sasl_user DNS/$FQDN;
- arg zone_refresh $ZONE_REFRESH;
arg psearch $PERSISTENT_SEARCH;
arg serial_autoincrement $SERIAL_AUTOINCREMENT;
};
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 47bc31b4786c32caf97f20de3cbf20bc767dfe1d..1119093042e987dfdf8fd734ebbf4b19bfd8600f 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -52,16 +52,6 @@ def parse_options():
parser.add_option(--zonemgr, action=callback, callback=bindinstance.zonemgr_callback,
type=string,
help=DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN)
-# this option name has been deprecated, persistent search has been enabled by default
-parser.add_option(--zone-notif, dest=zone_notif,
- action=store_true, default=False, help=SUPPRESS_HELP)
-parser.add_option(--no-persistent-search, dest=persistent_search,
- default=True, action=store_false,
- help=Do not enable persistent search feature in the name server)
-parser.add_option(--zone-refresh, dest=zone_refresh,
- default=0, type=int,
- help=When set to non-zero the name server will use DNS zone
- detection based on polling instead of a persistent search)
parser.add_option(--no-serial-autoincrement, dest=serial_autoincrement,
default=True, action=store_false,
help=Do not enable SOA serial autoincrement)
@@ -80,18 +70,6 @@ def parse_options():
if not options.forwarders and not options.no_forwarders:
parser.error(You must specify at least one --forwarder option or --no-forwarders option)
-if options.zone_refresh 0:
-parser.error(negative numbers not allowed for --zone-refresh)
-elif options.zone_refresh 0:
-options.persistent_search = False # mutually exclusive features
-
-if options.zone_notif:
-print sys.stderr, WARNING: --zone-notif option is deprecated and has no effect
-
-if options.serial_autoincrement and not options.persistent_search:
-parser.error('persistent search feature is required for '
-
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 07/11/2013 05:10 PM, Tomas Babej wrote:
On Thursday 11 of July 2013 16:10:33 Ana Krivokapic wrote:
On 07/11/2013 11:20 AM, Tomas Babej wrote:
boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
+ for var in ('serial_autoincrement'):
This won't work - a one element tuple needs a comma at the end:
('serial_autoincrement', )
boolean_var[var] = yes if getattr(self, var, False) else no
self.sub_dict = dict(FQDN=self.fqdn,
@@ -607,9 +604,8 @@ class BindInstance(service.Service):
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
+ PERSISTENT_SEARCH=yes,
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
But anyway, I think this piece of code is unnecessarily complicated, I
don't see
a need for the 'boolean_var' dict here. I would suggest replacing it with
something like:
serial_autoincrement = yes if self.serial_autoincrement else no
and then pass serial_autoincrement to self.sub_dict = dict(...)
Attached patch refactored the relevant part of the code.
Tomas
ACK
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 06/21/2013 01:52 PM, Ana Krivokapic wrote: On 06/12/2013 02:28 PM, Tomas Babej wrote: ... 2) I wonder if we can also remove the '--zone-notif' option from ipa-server-install and ipa-dns-install. It is already deprecated so maybe this is a good time to drop it altogether? +1, this zone was already hidden and deprecated for a year now, so I think it is safe for it to be removed. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0073] Remove support for IPA deployments with no persistent search
On 06/12/2013 02:28 PM, Tomas Babej wrote:
Hi,
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated, but rather removes it altogether.
https://fedorahosted.org/freeipa/ticket/3632
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
1) ipa-server-install (with no DNS), followed by ipa-dns-install now fails,
because you missed one reference to options.persistent_search in
ipa-dns-install:
if options.serial_autoincrement and not options.persistent_search:
parser.error('persistent search feature is required for '
'DNS SOA serial autoincrement')
2) I wonder if we can also remove the '--zone-notif' option from
ipa-server-install and ipa-dns-install. It is already deprecated so maybe this
is a good time to drop it altogether?
3) You can remove the 'persistant_search' attribute of the BindInstance class,
and just hardcode the value to yes in the '__setup_sub_dict()' method.
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
