Re: [Freeipa-devel] [PATCH] 260 Replace DNS client based on acutil with python-dns
On 05/23/2012 02:30 PM, Martin Kosek wrote:
On Wed, 2012-05-23 at 14:24 +0200, Martin Kosek wrote:
On Tue, 2012-05-22 at 14:41 +0200, Petr Viktorin wrote:
On 05/16/2012 09:44 AM, Martin Kosek wrote:
On Tue, 2012-05-15 at 14:02 +0200, Petr Viktorin wrote:
On 05/11/2012 06:52 PM, Martin Kosek wrote:
python-dns is very feature-rich and it can help us a lot with our DNS
related code. This patch does the first step, i.e. replaces acutil use
with python-dns, which is more convenient to use as you will see in the
patch. More integration will follow in the future.
I send this patch rather early, so that I can get responses to this
patch early and also so that we are able to catch issues in a safe
distance from the next release.
---
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
[...]
Fixed.
Martin
I've been testing the patches in various setups and haven't found a
regression so far. ACK on 261, for 260 I have a comment below.
diff --git a/ipa-client/ipaclient/ipadiscovery.py
b/ipa-client/ipaclient/ipadiscovery.py
index
86bef28b2d7fdfc8111b493bddec7ac6888f021a..1889d1918c01fe0c80a3d56b9a7ef304c5a7d97c
100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -310,84 +313,74 @@ class IPADiscovery:
os.rmdir(temp_ca_dir)
-def ipadnssearchldap(self, tdomain):
-servers =
-rserver =
+def ipadns_search_srv(self, domain, srv_record_name, default_port,
+ get_first=True):
+
+Search for SRV records in given domain. When no record is found,
+en empty string is returned
-qname = _ldap._tcp.+tdomain
-# terminate the name
-if not qname.endswith(.):
-qname += .
-results = ipapython.dnsclient.query(qname,
ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV)
+:param domain: Search domain name
+:param srv_record_name: SRV record name, e.g. _ldap._tcp
+:param default_port: When default_port is not None, it is being
+checked with the port in SRV record and if they don't
+match, the port from SRV record is appended to
+found hostname in this format: hostname:port
+:param get_first: break on first find, otherwise multiple finds
+separated by : may be returned
They are separated by ,.
In the calling code, for splitting a comma-separated string it is better
to use servers.split(',') than ipautil.parse_items(servers). Or, return
a list directly from here.
I did not want to get too intrusive with the patch, but I took your
advice and rather return now a list of servers - its more effective than
to returning a comma-joined list and then splitting it back to standard
list :-) That made parse_items function redundant.
Good riddance.
Martin
I forgot to include a change in the spec file - authconfig should be no
longer needed for build.
Martin
I tested several installs and couldn't find a regression. ACK.
--
PetrĀ³
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 260 Replace DNS client based on acutil with python-dns
On Thu, 2012-05-24 at 13:53 +0200, Petr Viktorin wrote:
On 05/23/2012 02:30 PM, Martin Kosek wrote:
On Wed, 2012-05-23 at 14:24 +0200, Martin Kosek wrote:
On Tue, 2012-05-22 at 14:41 +0200, Petr Viktorin wrote:
On 05/16/2012 09:44 AM, Martin Kosek wrote:
On Tue, 2012-05-15 at 14:02 +0200, Petr Viktorin wrote:
On 05/11/2012 06:52 PM, Martin Kosek wrote:
python-dns is very feature-rich and it can help us a lot with
our DNS
related code. This patch does the first step, i.e. replaces
acutil use
with python-dns, which is more convenient to use as you will
see in the
patch. More integration will follow in the future.
I send this patch rather early, so that I can get responses to
this
patch early and also so that we are able to catch issues in a
safe
distance from the next release.
---
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature
rich
interface for dealing with all different aspects of DNS
including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
[...]
Fixed.
Martin
I've been testing the patches in various setups and haven't found a
regression so far. ACK on 261, for 260 I have a comment below.
diff --git a/ipa-client/ipaclient/ipadiscovery.py
b/ipa-client/ipaclient/ipadiscovery.py
index
86bef28b2d7fdfc8111b493bddec7ac6888f021a..1889d1918c01fe0c80a3d56b9a7ef304c5a7d97c
100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -310,84 +313,74 @@ class IPADiscovery:
os.rmdir(temp_ca_dir)
-def ipadnssearchldap(self, tdomain):
-servers =
-rserver =
+def ipadns_search_srv(self, domain, srv_record_name, default_port,
+ get_first=True):
+
+Search for SRV records in given domain. When no record is found,
+en empty string is returned
-qname = _ldap._tcp.+tdomain
-# terminate the name
-if not qname.endswith(.):
-qname += .
-results = ipapython.dnsclient.query(qname,
ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV)
+:param domain: Search domain name
+:param srv_record_name: SRV record name, e.g. _ldap._tcp
+:param default_port: When default_port is not None, it is being
+checked with the port in SRV record and if they
don't
+match, the port from SRV record is appended to
+found hostname in this format: hostname:port
+:param get_first: break on first find, otherwise multiple finds
+separated by : may be returned
They are separated by ,.
In the calling code, for splitting a comma-separated string it is better
to use servers.split(',') than ipautil.parse_items(servers). Or, return
a list directly from here.
I did not want to get too intrusive with the patch, but I took your
advice and rather return now a list of servers - its more effective than
to returning a comma-joined list and then splitting it back to standard
list :-) That made parse_items function redundant.
Good riddance.
Martin
I forgot to include a change in the spec file - authconfig should be no
longer needed for build.
Martin
I tested several installs and couldn't find a regression. ACK.
Thanks, pushed both to master.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 260 Replace DNS client based on acutil with python-dns
On Tue, 2012-05-22 at 14:41 +0200, Petr Viktorin wrote:
On 05/16/2012 09:44 AM, Martin Kosek wrote:
On Tue, 2012-05-15 at 14:02 +0200, Petr Viktorin wrote:
On 05/11/2012 06:52 PM, Martin Kosek wrote:
python-dns is very feature-rich and it can help us a lot with our
DNS
related code. This patch does the first step, i.e. replaces acutil
use
with python-dns, which is more convenient to use as you will see in
the
patch. More integration will follow in the future.
I send this patch rather early, so that I can get responses to this
patch early and also so that we are able to catch issues in a safe
distance from the next release.
---
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
[...]
Fixed.
Martin
I've been testing the patches in various setups and haven't found a
regression so far. ACK on 261, for 260 I have a comment below.
diff --git a/ipa-client/ipaclient/ipadiscovery.py
b/ipa-client/ipaclient/ipadiscovery.py
index
86bef28b2d7fdfc8111b493bddec7ac6888f021a..1889d1918c01fe0c80a3d56b9a7ef304c5a7d97c
100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -310,84 +313,74 @@ class IPADiscovery:
os.rmdir(temp_ca_dir)
-def ipadnssearchldap(self, tdomain):
-servers =
-rserver =
+def ipadns_search_srv(self, domain, srv_record_name, default_port,
+ get_first=True):
+
+Search for SRV records in given domain. When no record is found,
+en empty string is returned
-qname = _ldap._tcp.+tdomain
-# terminate the name
-if not qname.endswith(.):
-qname += .
-results = ipapython.dnsclient.query(qname,
ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV)
+:param domain: Search domain name
+:param srv_record_name: SRV record name, e.g. _ldap._tcp
+:param default_port: When default_port is not None, it is being
+checked with the port in SRV record and if they don't
+match, the port from SRV record is appended to
+found hostname in this format: hostname:port
+:param get_first: break on first find, otherwise multiple finds
+separated by : may be returned
They are separated by ,.
In the calling code, for splitting a comma-separated string it is better
to use servers.split(',') than ipautil.parse_items(servers). Or, return
a list directly from here.
I did not want to get too intrusive with the patch, but I took your
advice and rather return now a list of servers - its more effective than
to returning a comma-joined list and then splitting it back to standard
list :-) That made parse_items function redundant.
Martin
From 6d4dcf8b62187a58b9c32f6aa8c420fba1553a4b Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Fri, 11 May 2012 14:38:09 +0200
Subject: [PATCH 1/2] Replace DNS client based on acutil with python-dns
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger
Re: [Freeipa-devel] [PATCH] 260 Replace DNS client based on acutil with python-dns
On Wed, 2012-05-23 at 14:24 +0200, Martin Kosek wrote:
On Tue, 2012-05-22 at 14:41 +0200, Petr Viktorin wrote:
On 05/16/2012 09:44 AM, Martin Kosek wrote:
On Tue, 2012-05-15 at 14:02 +0200, Petr Viktorin wrote:
On 05/11/2012 06:52 PM, Martin Kosek wrote:
python-dns is very feature-rich and it can help us a lot with our
DNS
related code. This patch does the first step, i.e. replaces
acutil use
with python-dns, which is more convenient to use as you will see
in the
patch. More integration will follow in the future.
I send this patch rather early, so that I can get responses to
this
patch early and also so that we are able to catch issues in a safe
distance from the next release.
---
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature
rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
[...]
Fixed.
Martin
I've been testing the patches in various setups and haven't found a
regression so far. ACK on 261, for 260 I have a comment below.
diff --git a/ipa-client/ipaclient/ipadiscovery.py
b/ipa-client/ipaclient/ipadiscovery.py
index
86bef28b2d7fdfc8111b493bddec7ac6888f021a..1889d1918c01fe0c80a3d56b9a7ef304c5a7d97c
100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -310,84 +313,74 @@ class IPADiscovery:
os.rmdir(temp_ca_dir)
-def ipadnssearchldap(self, tdomain):
-servers =
-rserver =
+def ipadns_search_srv(self, domain, srv_record_name, default_port,
+ get_first=True):
+
+Search for SRV records in given domain. When no record is found,
+en empty string is returned
-qname = _ldap._tcp.+tdomain
-# terminate the name
-if not qname.endswith(.):
-qname += .
-results = ipapython.dnsclient.query(qname,
ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV)
+:param domain: Search domain name
+:param srv_record_name: SRV record name, e.g. _ldap._tcp
+:param default_port: When default_port is not None, it is being
+checked with the port in SRV record and if they don't
+match, the port from SRV record is appended to
+found hostname in this format: hostname:port
+:param get_first: break on first find, otherwise multiple finds
+separated by : may be returned
They are separated by ,.
In the calling code, for splitting a comma-separated string it is better
to use servers.split(',') than ipautil.parse_items(servers). Or, return
a list directly from here.
I did not want to get too intrusive with the patch, but I took your
advice and rather return now a list of servers - its more effective than
to returning a comma-joined list and then splitting it back to standard
list :-) That made parse_items function redundant.
Martin
I forgot to include a change in the spec file - authconfig should be no
longer needed for build.
Martin
From 5a58bdb3308e2a689ce2203e6b5df41a27045342 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Fri, 11 May 2012 14:38:09 +0200
Subject: [PATCH 1/2] Replace DNS client based on acutil with python-dns
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the
Re: [Freeipa-devel] [PATCH] 260 Replace DNS client based on acutil with python-dns
On 05/16/2012 09:44 AM, Martin Kosek wrote:
On Tue, 2012-05-15 at 14:02 +0200, Petr Viktorin wrote:
On 05/11/2012 06:52 PM, Martin Kosek wrote:
python-dns is very feature-rich and it can help us a lot with our DNS
related code. This patch does the first step, i.e. replaces acutil use
with python-dns, which is more convenient to use as you will see in the
patch. More integration will follow in the future.
I send this patch rather early, so that I can get responses to this
patch early and also so that we are able to catch issues in a safe
distance from the next release.
---
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
[...]
Fixed.
Martin
I've been testing the patches in various setups and haven't found a
regression so far. ACK on 261, for 260 I have a comment below.
diff --git a/ipa-client/ipaclient/ipadiscovery.py
b/ipa-client/ipaclient/ipadiscovery.py
index
86bef28b2d7fdfc8111b493bddec7ac6888f021a..1889d1918c01fe0c80a3d56b9a7ef304c5a7d97c
100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -310,84 +313,74 @@ class IPADiscovery:
os.rmdir(temp_ca_dir)
-def ipadnssearchldap(self, tdomain):
-servers =
-rserver =
+def ipadns_search_srv(self, domain, srv_record_name, default_port,
+ get_first=True):
+
+Search for SRV records in given domain. When no record is found,
+en empty string is returned
-qname = _ldap._tcp.+tdomain
-# terminate the name
-if not qname.endswith(.):
-qname += .
-results = ipapython.dnsclient.query(qname,
ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV)
+:param domain: Search domain name
+:param srv_record_name: SRV record name, e.g. _ldap._tcp
+:param default_port: When default_port is not None, it is being
+checked with the port in SRV record and if they don't
+match, the port from SRV record is appended to
+found hostname in this format: hostname:port
+:param get_first: break on first find, otherwise multiple finds
+separated by : may be returned
They are separated by ,.
In the calling code, for splitting a comma-separated string it is better
to use servers.split(',') than ipautil.parse_items(servers). Or, return
a list directly from here.
--
PetrĀ³
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
