URL: https://github.com/freeipa/freeipa/pull/1551
Author: flo-renaud
Title: #1551: ipa host-add --ip-address: properly handle NoNameservers
Action: opened
PR body:
"""
When ipa host-add --ip-address is called but no DNS server is able to answer
for the reverse zone, get_reverse_zone raises a NoNameservers exception.
The exception is not managed by add_records_for_host_validation, and this
leads to the command exiting on failure with an InternalError:
$ ipa host-add testhost.ipadomain.com --ip-address 172.16.30.22
ipa: ERROR: an internal error has occurred
A traceback is also logged in httpd error_log.
This commit properly handles the exception, and adds a test.
https://pagure.io/freeipa/issue/7397
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1551/head:pr1551
git checkout pr1551
From 34e6532b4f80dd5c36d745d19bd54f19848db661 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Thu, 8 Feb 2018 16:55:20 +0100
Subject: [PATCH] ipa host-add --ip-address: properly handle NoNameservers
When ipa host-add --ip-address is called but no DNS server is able to answer
for the reverse zone, get_reverse_zone raises a NoNameservers exception.
The exception is not managed by add_records_for_host_validation, and this
leads to the command exiting on failure with an InternalError:
$ ipa host-add testhost.ipadomain.com --ip-address 172.16.30.22
ipa: ERROR: an internal error has occurred
A traceback is also logged in httpd error_log.
This commit properly handles the exception, and adds a test.
https://pagure.io/freeipa/issue/7397
---
ipaserver/plugins/dns.py | 9 +++-
ipatests/test_xmlrpc/test_host_plugin.py | 71 ++++++++++++++++++++++++++++++++
2 files changed, 79 insertions(+), 1 deletion(-)
diff --git a/ipaserver/plugins/dns.py b/ipaserver/plugins/dns.py
index e6a1f580e9..016be0c6f1 100644
--- a/ipaserver/plugins/dns.py
+++ b/ipaserver/plugins/dns.py
@@ -539,7 +539,14 @@ def get_reverse_zone(ipaddr):
"""
ip = netaddr.IPAddress(str(ipaddr))
revdns = DNSName(unicode(ip.reverse_dns))
- revzone = DNSName(dns.resolver.zone_for_name(revdns))
+ try:
+ revzone = DNSName(dns.resolver.zone_for_name(revdns))
+ except dns.resolver.NoNameservers:
+ raise errors.NotFound(
+ reason=_(
+ 'All nameservers failed to answer the query '
+ 'for DNS reverse zone %(revdns)s') % dict(revdns=revdns)
+ )
try:
api.Command['dnszone_show'](revzone)
diff --git a/ipatests/test_xmlrpc/test_host_plugin.py b/ipatests/test_xmlrpc/test_host_plugin.py
index e0df6bc04c..d516abaa87 100644
--- a/ipatests/test_xmlrpc/test_host_plugin.py
+++ b/ipatests/test_xmlrpc/test_host_plugin.py
@@ -100,6 +100,8 @@
host_cert = get_testcert(DN(('CN', api.env.host), subject_base()),
'host/%s@%s' % (api.env.host, api.env.realm))
+missingrevzone = u'22.30.16.172.in-addr.arpa.'
+ipv4_in_missingrevzone_ip = u'172.16.30.22'
@pytest.fixture(scope='class')
def host(request):
@@ -119,6 +121,12 @@ def host3(request):
return tracker.make_fixture(request)
+@pytest.fixture(scope='class')
+def host4(request):
+ tracker = HostTracker(name=u'testhost4')
+ return tracker.make_fixture(request)
+
+
@pytest.fixture(scope='class')
def lab_host(request):
name = u'testhost1'
@@ -590,6 +598,69 @@ def test_join_host(self, host, keytabname):
command()
+@yield_fixture(scope='class')
+def dns_setup_nonameserver(host4):
+ # Make sure that the server does not handle the reverse zone used
+ # for the test
+ try:
+ host4.run_command('dnszone_del', missingrevzone, **{'continue': True})
+ except (errors.NotFound, errors.EmptyModlist):
+ pass
+
+ # Save the current forward policy
+ result = host4.run_command('dnsserver_show', api.env.host)
+ current_fwd_pol = result['result']['idnsforwardpolicy'][0]
+
+ # Configure the forward policy to none to make sure that no DNS
+ # server will answer for the reverse zone either
+ try:
+ host4.run_command('dnsserver_mod', api.env.host,
+ idnsforwardpolicy=u'none')
+ except errors.EmptyModlist:
+ pass
+
+ try:
+ yield
+ finally:
+ # Restore the previous forward-policy
+ try:
+ host4.run_command('dnsserver_mod', api.env.host,
+ idnsforwardpolicy=current_fwd_pol)
+ except errors.EmptyModlist:
+ pass
+
+
+@pytest.mark.tier1
+class TestHostNoNameserversForRevZone(XMLRPC_test):
+ def test_create_host_with_ip(self, dns_setup_nonameserver, host4):
+ """
+ Regression test for ticket 7397
+
+ Configure the master with forward-policy = none to make sure
+ that no DNS server will answer for the reverse zone
+ Try to add a new host with an IP address in the missing reverse
+ zone.
+ With issue 7397, a NoNameserver exception generates a Traceback in
+ httpd error_log, and the command returns an InternalError.
+ """
+ try:
+ command = host4.make_create_command()
+ with raises_exact(errors.NonFatalError(
+ reason=u'The host was added but the DNS update failed with'
+ ': All nameservers failed to answer the query for DNS '
+ 'reverse zone %s' % missingrevzone)):
+ command(ip_address=ipv4_in_missingrevzone_ip)
+ # Make sure the host is added
+ host4.run_command('host_show', host4.fqdn)
+ finally:
+ # Delete the host entry
+ command = host4.make_delete_command()
+ try:
+ command(updatedns=True)
+ except Exception:
+ pass
+
+
@yield_fixture(scope='class')
def dns_setup(host):
try:
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
