Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 08/18/2015 10:53 PM, Martin Basti wrote:
On 08/18/2015 08:02 PM, David Kupka wrote:
On 31/07/15 18:31, Martin Basti wrote:
On 28/07/15 09:52, David Kupka wrote:
On 27/07/15 16:45, David Kupka wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there
something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which
needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone
doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install
print
Error message, 'DNS update failed'. In fact, all A/
records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an
RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for
A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse
zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to
update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it
this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records
and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
Updated patch attached.
Just for record this patch is for dualstack/IPv6 support.
IMO this ticket also requires to fix ipa-join to support IPv6.
I still have doubts to have multihomed support as default, this may be
unexpected change of ipa-client-install behavior.
I know, is hard to detect which addresses user want to register in IPA
without crystal ball, but it should not be impossible :-) .
I propose following solution:
To add new options:
--multihomed or --all-ip-address - all IP addresses from client will be
used
--ip-address - adress which will be registered on (IPA) DNS server
--ip-address-interface - interface from which address will be
registered
0) without any option specified, current behavior will be used + IPv6
* detect which address is used to communicate with IPA server
* detect interface where this address belongs
* use ipv4 and all ipv6 addresses of this interface
* if --enable-dns-updates=true: configure SSSD as is configured now:
automatically detect which address is used + patched SSSD will also
updates proper IPv6 address
1) --multihomed or --all-ip-addresses (this is multihomed ticket)
* all adresses will be used
* if --enable-dns-updates=true: SSSD will be configured to send all
ip_addresses
2) --ip-address option specified:
* only specified addresses will be used (+ check if this addresses
exist
locally)
* if --enable-dns-updates=true: ERROR dynamic updates may change this
address (user should choose static vs dynamic)
3) --ip-address-interface option specified:
* only
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 31/07/15 18:31, Martin Basti wrote:
On 28/07/15 09:52, David Kupka wrote:
On 27/07/15 16:45, David Kupka wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there
something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone
doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for
A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records
and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
Updated patch attached.
Just for record this patch is for dualstack/IPv6 support.
IMO this ticket also requires to fix ipa-join to support IPv6.
I still have doubts to have multihomed support as default, this may be
unexpected change of ipa-client-install behavior.
I know, is hard to detect which addresses user want to register in IPA
without crystal ball, but it should not be impossible :-) .
I propose following solution:
To add new options:
--multihomed or --all-ip-address - all IP addresses from client will be
used
--ip-address - adress which will be registered on (IPA) DNS server
--ip-address-interface - interface from which address will be registered
0) without any option specified, current behavior will be used + IPv6
* detect which address is used to communicate with IPA server
* detect interface where this address belongs
* use ipv4 and all ipv6 addresses of this interface
* if --enable-dns-updates=true: configure SSSD as is configured now:
automatically detect which address is used + patched SSSD will also
updates proper IPv6 address
1) --multihomed or --all-ip-addresses (this is multihomed ticket)
* all adresses will be used
* if --enable-dns-updates=true: SSSD will be configured to send all
ip_addresses
2) --ip-address option specified:
* only specified addresses will be used (+ check if this addresses exist
locally)
* if --enable-dns-updates=true: ERROR dynamic updates may change this
address (user should choose static vs dynamic)
3) --ip-address-interface option specified:
* only addresses from specified interfaces will be used
* if --enable-dns-updates=true: SSSD will be configured to
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 08/18/2015 08:02 PM, David Kupka wrote:
On 31/07/15 18:31, Martin Basti wrote:
On 28/07/15 09:52, David Kupka wrote:
On 27/07/15 16:45, David Kupka wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there
something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone
doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install
print
Error message, 'DNS update failed'. In fact, all A/ records
was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an
RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for
A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse
zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records
and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
Updated patch attached.
Just for record this patch is for dualstack/IPv6 support.
IMO this ticket also requires to fix ipa-join to support IPv6.
I still have doubts to have multihomed support as default, this may be
unexpected change of ipa-client-install behavior.
I know, is hard to detect which addresses user want to register in IPA
without crystal ball, but it should not be impossible :-) .
I propose following solution:
To add new options:
--multihomed or --all-ip-address - all IP addresses from client will be
used
--ip-address - adress which will be registered on (IPA) DNS server
--ip-address-interface - interface from which address will be registered
0) without any option specified, current behavior will be used + IPv6
* detect which address is used to communicate with IPA server
* detect interface where this address belongs
* use ipv4 and all ipv6 addresses of this interface
* if --enable-dns-updates=true: configure SSSD as is configured now:
automatically detect which address is used + patched SSSD will also
updates proper IPv6 address
1) --multihomed or --all-ip-addresses (this is multihomed ticket)
* all adresses will be used
* if --enable-dns-updates=true: SSSD will be configured to send all
ip_addresses
2) --ip-address option specified:
* only specified addresses will be used (+ check if this addresses exist
locally)
* if --enable-dns-updates=true: ERROR dynamic updates may change this
address (user should choose static vs dynamic)
3) --ip-address-interface option specified:
* only addresses from specified interfaces will be used
* if
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 07/31/2015 06:31 PM, Martin Basti wrote:
On 28/07/15 09:52, David Kupka wrote:
On 27/07/15 16:45, David Kupka wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
Updated patch attached.
Just for record this patch is for dualstack/IPv6 support.
IMO this ticket also requires to fix ipa-join to support IPv6.
I still have doubts to have multihomed support as default, this may be
unexpected change of ipa-client-install behavior.
I know, is hard to detect which addresses user want to register in IPA without
crystal ball, but it should not be impossible :-) .
I propose following solution:
To add new options:
--multihomed or --all-ip-address - all IP addresses from client will be used
--ip-address - adress which will be registered on (IPA) DNS server
--ip-address-interface - interface from which address will be registered
0) without any option specified, current behavior will be used + IPv6
* detect which address is used to communicate with IPA server
* detect interface where this address belongs
* use ipv4 and all ipv6 addresses of this interface
* if --enable-dns-updates=true: configure SSSD as is configured now:
automatically detect which address is used + patched SSSD will also updates
proper IPv6 address
1) --multihomed or --all-ip-addresses (this is multihomed ticket)
* all adresses will be used
* if --enable-dns-updates=true: SSSD will be configured to send all ip_addresses
2) --ip-address option specified:
* only specified addresses will be used (+ check if this addresses exist
locally)
* if --enable-dns-updates=true: ERROR dynamic updates may change this address
(user should choose static vs dynamic)
3) --ip-address-interface option specified:
* only addresses from specified interfaces will be used
* if --enable-dns-updates=true: SSSD will be
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 28/07/15 09:52, David Kupka wrote:
On 27/07/15 16:45, David Kupka wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there
something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone
doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for
A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records
and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
Updated patch attached.
Just for record this patch is for dualstack/IPv6 support.
IMO this ticket also requires to fix ipa-join to support IPv6.
I still have doubts to have multihomed support as default, this may be
unexpected change of ipa-client-install behavior.
I know, is hard to detect which addresses user want to register in IPA
without crystal ball, but it should not be impossible :-) .
I propose following solution:
To add new options:
--multihomed or --all-ip-address - all IP addresses from client will be used
--ip-address - adress which will be registered on (IPA) DNS server
--ip-address-interface - interface from which address will be registered
0) without any option specified, current behavior will be used + IPv6
* detect which address is used to communicate with IPA server
* detect interface where this address belongs
* use ipv4 and all ipv6 addresses of this interface
* if --enable-dns-updates=true: configure SSSD as is configured now:
automatically detect which address is used + patched SSSD will also
updates proper IPv6 address
1) --multihomed or --all-ip-addresses (this is multihomed ticket)
* all adresses will be used
* if --enable-dns-updates=true: SSSD will be configured to send all
ip_addresses
2) --ip-address option specified:
* only specified addresses will be used (+ check if this addresses exist
locally)
* if --enable-dns-updates=true: ERROR dynamic updates may change this
address (user should choose static vs dynamic)
3) --ip-address-interface option specified:
* only addresses from specified interfaces will be used
* if --enable-dns-updates=true: SSSD will be configured to use these
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 27/07/15 16:45, David Kupka wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
Updated patch attached.
--
David Kupka
From 5c923daf7ce662e19b144e338557e1b8df7a061d Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 174 +++---
1 file changed, 113 insertions(+), 61 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 91323ae115a27d221bcbc43fee887c56d99c8635..947cb10d98e950498b9ea1e4a3b715de1ee33e3b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -32,6 +32,7 @@ try:
from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
import shutil
from krbV import Krb5Error
+import dns
import nss.nss as nss
import SSSDConfig
@@ -1285,6 +1286,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
if options.dns_updates:
domain.set_option('dyndns_update', True)
+domain.set_option('dyndns_iface', '*')
if options.krb5_offline_passwords:
domain.set_option('krb5_store_password_if_offline', True)
@@ -1500,40 +1502,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Rebased patch attached.
--
David Kupka
From 3ae6959cfd08c34cfcb0eaf29d057b5ea4ebbac4 Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 173 +++---
1 file changed, 112 insertions(+), 61 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 91323ae115a27d221bcbc43fee887c56d99c8635..eab20e6c44954834b736d3477db88c7708912002 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -32,6 +32,7 @@ try:
from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
import shutil
from krbV import Krb5Error
+import dns
import nss.nss as nss
import SSSDConfig
@@ -1500,40 +1501,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-Returns a tuple with the IP address and address family when
-connection was successful. Socket error is raised otherwise.
-
-last_socket_error = None
-
-for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC,
-socket.SOCK_STREAM):
-af, socktype, proto, canonname, sa = res
-try:
-s = socket.socket(af, socktype, proto)
-except socket.error,
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 15.1.2015 20:49, Lukas Slebodnik wrote:
On (15/01/15 20:38), Martin Basti wrote:
On 15/01/15 20:24, Martin Basti wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
Sorry, but NACK.
1) BIND/dyndb-ldap bug? (if sync_ptr is enabled)
+try:
+answers = dns.resolver.query(fqdn, record_type)
+except dns.resolver.NoAnswer:
+if record_type == dns.rdatatype.A:
+root_logger.debug('No A record for %s' % fqdn)
+elif record_type == dns.rdatatype.:
+root_logger.debug('No record for %s' % fqdn)
+except dns.exception.DNSException as e:
+root_logger.debug('DNS resolver error: ' % e)
+else:
+for rdata in answers:
+try:
+missing_ips.remove(rdata.address)
+except ValueError:
+extra_ips.append(rdata.address)
This somehow doesn't work, for missing A/ records (4 A/ records
expected)
$host `hostname`
vm-024.example.com has address 10.16.78.24
vm-024.example.com has IPv6 address fed0:babe:baab:0:21a:4aff:fe10:4e37
But I get *no warning*.
== Why ==
Probably bug in BIND, all /A records *exists for several seconds*, then
bind remove all A/ records without PTR record.
(Needs more investigation, maybe it is dependent on bind version, in
previous testing, the A/ records stay untouched )
This it the older journal from the *same machine* with same packages, where
record without PTR haven't been deleted after few seconds
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com'
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
--
David Kupka
From d667e108d0114e67aac51d35203a3dc2e15f2c4d Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 169 +++---
1 file changed, 108 insertions(+), 61 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index dfe0e3b7597c2ea63c299969b3a9d76cf8ecc273..78df2089739746beb9347c00e41c12d9f6eb0fbe 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,6 +31,7 @@ try:
from ConfigParser import RawConfigParser
from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
import shutil
+import dns
import nss.nss as nss
import SSSDConfig
@@ -1494,40 +1495,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-Returns a tuple with the IP address and address family when
-connection was successful. Socket error is raised otherwise.
-
-last_socket_error = None
-
-for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC,
-socket.SOCK_STREAM):
-af, socktype, proto, canonname, sa = res
-try:
-s = socket.socket(af, socktype, proto)
-except socket.error, e:
-last_socket_error = e
-s = None
+def get_local_ipaddresses():
+ipresult = ipautil.run([paths.IP, '-oneline', 'address', 'show'])
+lines = ipresult[0].split('\n')
+ips =
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
Sorry, but NACK.
1) BIND/dyndb-ldap bug? (if sync_ptr is enabled)
+try:
+answers = dns.resolver.query(fqdn, record_type)
+except dns.resolver.NoAnswer:
+if record_type == dns.rdatatype.A:
+root_logger.debug('No A record for %s' % fqdn)
+elif record_type == dns.rdatatype.:
+root_logger.debug('No record for %s' % fqdn)
+except dns.exception.DNSException as e:
+root_logger.debug('DNS resolver error: ' % e)
+else:
+for rdata in answers:
+try:
+missing_ips.remove(rdata.address)
+except ValueError:
+extra_ips.append(rdata.address)
This somehow doesn't work, for missing A/ records (4 A/ records
expected)
$host `hostname`
vm-024.example.com has address 10.16.78.24
vm-024.example.com has IPv6 address fed0:babe:baab:0:21a:4aff:fe10:4e37
But I get *no warning*.
== Why ==
Probably bug in BIND, all /A records *exists for several seconds*,
then bind remove all A/ records without PTR record.
(Needs more investigation, maybe it is dependent on bind version, in
previous testing, the A/ records stay untouched )
This it the older journal from the *same machine* with same packages,
where record without PTR haven't been deleted after few seconds
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com'
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
vm-101.example.com.' refused: unable to find active reverse zone for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
EXAMPLE.COM: updating zone 'idm.example.com/IN': adding an RR at
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 15/01/15 20:24, Martin Basti wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
Sorry, but NACK.
1) BIND/dyndb-ldap bug? (if sync_ptr is enabled)
+try:
+answers = dns.resolver.query(fqdn, record_type)
+except dns.resolver.NoAnswer:
+if record_type == dns.rdatatype.A:
+root_logger.debug('No A record for %s' % fqdn)
+elif record_type == dns.rdatatype.:
+root_logger.debug('No record for %s' % fqdn)
+except dns.exception.DNSException as e:
+root_logger.debug('DNS resolver error: ' % e)
+else:
+for rdata in answers:
+try:
+missing_ips.remove(rdata.address)
+except ValueError:
+extra_ips.append(rdata.address)
This somehow doesn't work, for missing A/ records (4 A/
records expected)
$host `hostname`
vm-024.example.com has address 10.16.78.24
vm-024.example.com has IPv6 address fed0:babe:baab:0:21a:4aff:fe10:4e37
But I get *no warning*.
== Why ==
Probably bug in BIND, all /A records *exists for several seconds*,
then bind remove all A/ records without PTR record.
(Needs more investigation, maybe it is dependent on bind version, in
previous testing, the A/ records stay untouched )
This it the older journal from the *same machine* with same packages,
where record without PTR haven't been deleted after few seconds
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com'
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
vm-101.example.com.' refused: unable to find active reverse zone for
IP address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
EXAMPLE.COM: updating zone
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On (15/01/15 20:38), Martin Basti wrote:
On 15/01/15 20:24, Martin Basti wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
Sorry, but NACK.
1) BIND/dyndb-ldap bug? (if sync_ptr is enabled)
+try:
+answers = dns.resolver.query(fqdn, record_type)
+except dns.resolver.NoAnswer:
+if record_type == dns.rdatatype.A:
+root_logger.debug('No A record for %s' % fqdn)
+elif record_type == dns.rdatatype.:
+root_logger.debug('No record for %s' % fqdn)
+except dns.exception.DNSException as e:
+root_logger.debug('DNS resolver error: ' % e)
+else:
+for rdata in answers:
+try:
+missing_ips.remove(rdata.address)
+except ValueError:
+extra_ips.append(rdata.address)
This somehow doesn't work, for missing A/ records (4 A/ records
expected)
$host `hostname`
vm-024.example.com has address 10.16.78.24
vm-024.example.com has IPv6 address fed0:babe:baab:0:21a:4aff:fe10:4e37
But I get *no warning*.
== Why ==
Probably bug in BIND, all /A records *exists for several seconds*, then
bind remove all A/ records without PTR record.
(Needs more investigation, maybe it is dependent on bind version, in
previous testing, the A/ records stay untouched )
This it the older journal from the *same machine* with same packages, where
record without PTR haven't been deleted after few seconds
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com'
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
vm-101.example.com.' refused: unable to find active reverse zone for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
EXAMPLE.COM: updating zone
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 15/01/15 20:24, Martin Basti wrote:
On 15/01/15 17:13, David Kupka wrote:
On 01/15/2015 03:22 PM, David Kupka wrote:
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'.,
server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs
to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone
for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update
fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are
there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for
particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this
way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to
user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yet another change to make language nerds and our UX guru happy :-)
Sorry, but NACK.
1) BIND/dyndb-ldap bug? (if sync_ptr is enabled)
+try:
+answers = dns.resolver.query(fqdn, record_type)
+except dns.resolver.NoAnswer:
+if record_type == dns.rdatatype.A:
+root_logger.debug('No A record for %s' % fqdn)
+elif record_type == dns.rdatatype.:
+root_logger.debug('No record for %s' % fqdn)
+except dns.exception.DNSException as e:
+root_logger.debug('DNS resolver error: ' % e)
+else:
+for rdata in answers:
+try:
+missing_ips.remove(rdata.address)
+except ValueError:
+extra_ips.append(rdata.address)
This somehow doesn't work, for missing A/ records (4 A/
records expected)
$host `hostname`
vm-024.example.com has address 10.16.78.24
vm-024.example.com has IPv6 address fed0:babe:baab:0:21a:4aff:fe10:4e37
But I get *no warning*.
== Why ==
Probably bug in BIND, all /A records *exists for several seconds*,
then bind remove all A/ records without PTR record.
(Needs more investigation, maybe it is dependent on bind version, in
previous testing, the A/ records stay untouched )
This it the older journal from the *same machine* with same packages,
where record without PTR haven't been deleted after few seconds
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': deleting rrset at
'vm-101.example.com'
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com' A
EXAMPLE.COM: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
vm-101.example.com.' refused: unable to find active reverse zone for
IP address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
EXAMPLE.COM: updating zone
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
--
David Kupka
From 9cd99ad800f7c2863805edc70f77eaeb829ddc7f Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 167 +++---
1 file changed, 106 insertions(+), 61 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index dfe0e3b7597c2ea63c299969b3a9d76cf8ecc273..0a45e51e4a80d1e16f8e63fb2ddfd173e2b9c273 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,6 +31,7 @@ try:
from ConfigParser import RawConfigParser
from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
import shutil
+import dns
import nss.nss as nss
import SSSDConfig
@@ -1494,40 +1495,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-Returns a tuple with the IP address and address family when
-connection was successful. Socket error is raised otherwise.
-
-last_socket_error = None
-
-for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC,
-socket.SOCK_STREAM):
-af, socktype, proto, canonname, sa = res
-try:
-s = socket.socket(af, socktype, proto)
-except socket.error, e:
-last_socket_error = e
-s = None
+def get_local_ipaddresses():
+ipresult = ipautil.run([paths.IP, '-oneline', 'address', 'show'])
+lines = ipresult[0].split('\n')
+ips = []
+for line in lines:
+fields = line.split()
+if len(fields) 6:
+continue
+if fields[2] not in ['inet', 'inet6']:
continue
-
+(ip, mask) = fields[3].rsplit('/', 1)
try:
-s.connect(sa)
-sockname = s.getsockname()
-
-# For both IPv4 and IPv6 own IP address is always the first item
-return (sockname[0], af)
-except socket.error, e:
-last_socket_error = e
-finally:
-if s:
-s.close()
-
-if
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 01/15/2015 12:43 PM, David Kupka wrote:
On 01/12/2015 06:34 PM, Martin Basti wrote:
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something
like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for particular
IP address.
Any other suggestions are welcome.
After long discussion with DNS and UX guru I've implemented it this way:
1. Call nsupdate only once with all updates.
2. Verify that the expected records are resolvable.
3. If no print list of missing A/, list of missing PTR records and
list to mismatched PTR record.
As this is running inside client we can't much more and it's up to user
to check what's rotten in his DNS setup.
Updated patch attached.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One more change to behave well in -crazy- exotic environments that
resolves more PTR records for single IP.
--
David Kupka
From 6af4567a732051a736e7151b03789740042874f3 Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 169 +++---
1 file changed, 108 insertions(+), 61 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index dfe0e3b7597c2ea63c299969b3a9d76cf8ecc273..29b49bfb03199add67295462e9958e3d52d80b1f 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,6 +31,7 @@ try:
from ConfigParser import RawConfigParser
from optparse import SUPPRESS_HELP, OptionGroup, OptionValueError
import shutil
+import dns
import nss.nss as nss
import SSSDConfig
@@ -1494,40 +1495,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-Returns a tuple with the IP address and address family when
-connection was successful. Socket error is raised otherwise.
-
-last_socket_error = None
-
-for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC,
-socket.SOCK_STREAM):
-af, socktype, proto, canonname, sa = res
-try:
-s = socket.socket(af, socktype, proto)
-except socket.error, e:
-last_socket_error = e
-s = None
+def get_local_ipaddresses():
+ipresult = ipautil.run([paths.IP, '-oneline', 'address', 'show'])
+lines = ipresult[0].split('\n')
+ips = []
+for line in lines:
+fields = line.split()
+if len(fields) 6:
+continue
+if fields[2] not in ['inet', 'inet6']:
continue
-
+(ip, mask) = fields[3].rsplit('/', 1)
try:
-s.connect(sa)
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 09/01/15 14:43, David Kupka wrote:
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
merciful NACK
Thank you for the patch, unfortunately I hit one issue which needs to be
resolved.
If sync PTR is activated in zone settings, and reverse zone doesn't
exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
Error message, 'DNS update failed'. In fact, all A/ records was
succesfully updated, only PTR records failed.
Bind log:
named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
'vm-101.example.com'
named-pkcs11[28652]: PTR record synchronization (addition) for A/
'vm-101.example.com.' refused: unable to find active reverse zone for IP
address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
With IPv6 we have several addresses from different reverse zones and
this situation may happen often.
I suggest following:
1) Print list of addresses which will be updated. (Now if update fails,
user needs to read log, which addresses installer tried to update)
2) Split nsupdates per A/ record.
3a) If failed, check with DNS query if A/ and PTR record are there
and print proper error message
3b) Just print A/ (or PTR) record may not be updated for particular
IP address.
Any other suggestions are welcome.
--
Martin Basti
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 01/07/2015 04:15 PM, Martin Basti wrote:
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
Thanks for catching these. Updated patch attached.
--
David Kupka
From 54e7aea7374bb6dd89e2438e648ad8df6f9225dd Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 104 +-
1 file changed, 46 insertions(+), 58 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index dfe0e3b7597c2ea63c299969b3a9d76cf8ecc273..34829f403e774278ec511958ae3c9e3dd4219682 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1494,40 +1494,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-Returns a tuple with the IP address and address family when
-connection was successful. Socket error is raised otherwise.
-
-last_socket_error = None
-
-for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC,
-socket.SOCK_STREAM):
-af, socktype, proto, canonname, sa = res
-try:
-s = socket.socket(af, socktype, proto)
-except socket.error, e:
-last_socket_error = e
-s = None
+def get_local_ipaddresses():
+ipresult = ipautil.run([paths.IP, '-oneline', 'address', 'show'])
+lines = ipresult[0].split('\n')
+ips = []
+for line in lines:
+fields = line.split()
+if len(fields) 6:
+continue
+if fields[2] not in ['inet', 'inet6']:
continue
-
+(ip, mask) = fields[3].rsplit('/', 1)
try:
-s.connect(sa)
-sockname = s.getsockname()
-
-# For both IPv4 and IPv6 own IP address is always the first item
-return (sockname[0], af)
-except socket.error, e:
-last_socket_error = e
-finally:
-if s:
-s.close()
-
-if last_socket_error is not None:
-raise last_socket_error # pylint: disable=E0702
+ips.append(ipautil.CheckedIPAddress(ip))
+except ValueError:
+continue
+return ips
def do_nsupdate(update_txt):
root_logger.debug(Writing nsupdate commands to %s:, UPDATE_FILE)
@@ -1552,21 +1534,24 @@ def do_nsupdate(update_txt):
return result
-UPDATE_TEMPLATE_A =
-debug
+DELETE_TEMPLATE_A =
update delete $HOSTNAME. IN A
show
send
-update add $HOSTNAME. $TTL IN A $IPADDRESS
-show
-send
-UPDATE_TEMPLATE_ =
-debug
+DELETE_TEMPLATE_ =
update delete $HOSTNAME. IN
show
send
+
+ADD_TEMPLATE_A =
+update add $HOSTNAME. $TTL IN A $IPADDRESS
+show
+send
+
+
+ADD_TEMPLATE_ =
update add $HOSTNAME. $TTL IN $IPADDRESS
show
send
@@ -1578,31 +1563,34 @@ CCACHE_FILE = paths.IPA_DNS_CCACHE
def update_dns(server, hostname):
try:
-(ip, af) = resolve_ipaddress(server)
-except socket.gaierror, e:
-root_logger.debug(update_dns: could not connect to server: %s, e)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
+root_logger.debug(Unable to get local IP addresses.)
return
-sub_dict = dict(HOSTNAME=hostname,
-IPADDRESS=ip,
-TTL=1200
-)
-
-if af == socket.AF_INET:
-template = UPDATE_TEMPLATE_A
-elif af == socket.AF_INET6:
-template = UPDATE_TEMPLATE_
-else:
-root_logger.info(Failed to determine this machine's ip address.)
-root_logger.warning(Failed to update DNS A record.)
+if not ips:
+root_logger.info(Failed to determine this machine's ip address(es).)
[Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
https://fedorahosted.org/freeipa/ticket/4249
--
David Kupka
From 3bd0b78b7b6f77d39478aa75d7f808a06fed562b Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Sun, 4 Jan 2015 15:04:18 -0500
Subject: [PATCH] client: Update DNS with all available local IP addresses.
Detect all usable IP addresses assigned to any interface and create
coresponding DNS records on server.
https://fedorahosted.org/freeipa/ticket/4249
---
ipa-client/ipa-install/ipa-client-install | 103 +-
1 file changed, 45 insertions(+), 58 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index dfe0e3b7597c2ea63c299969b3a9d76cf8ecc273..027dda2e04212fe90ab291adf23edb63b194475d 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1494,40 +1494,22 @@ def unconfigure_nisdomain():
if not enabled:
services.knownservices.domainname.disable()
-
-def resolve_ipaddress(server):
- Connect to the server's LDAP port in order to determine what ip
-address this machine uses as public ip (relative to the server).
-
-Returns a tuple with the IP address and address family when
-connection was successful. Socket error is raised otherwise.
-
-last_socket_error = None
-
-for res in socket.getaddrinfo(server, 389, socket.AF_UNSPEC,
-socket.SOCK_STREAM):
-af, socktype, proto, canonname, sa = res
-try:
-s = socket.socket(af, socktype, proto)
-except socket.error, e:
-last_socket_error = e
-s = None
+def get_local_ipaddresses():
+ipresult = ipautil.run([paths.IP, '-oneline', 'address', 'show'])
+lines = ipresult[0].replace('\\', '').split('\n')
+ips = []
+for line in lines:
+fields = line.split()
+if len(fields) 6:
+continue
+if fields[2] not in ['inet', 'inet6']:
continue
-
+(ip, mask) = fields[3].rsplit('/', 1)
try:
-s.connect(sa)
-sockname = s.getsockname()
-
-# For both IPv4 and IPv6 own IP address is always the first item
-return (sockname[0], af)
-except socket.error, e:
-last_socket_error = e
-finally:
-if s:
-s.close()
-
-if last_socket_error is not None:
-raise last_socket_error # pylint: disable=E0702
+ips.append(ipautil.CheckedIPAddress(ip))
+except ValueError:
+continue
+return ips
def do_nsupdate(update_txt):
root_logger.debug(Writing nsupdate commands to %s:, UPDATE_FILE)
@@ -1552,21 +1534,24 @@ def do_nsupdate(update_txt):
return result
-UPDATE_TEMPLATE_A =
-debug
+DELETE_TEMPLATE_A =
update delete $HOSTNAME. IN A
show
send
-update add $HOSTNAME. $TTL IN A $IPADDRESS
-show
-send
-UPDATE_TEMPLATE_ =
-debug
+DELETE_TEMPLATE_ =
update delete $HOSTNAME. IN
show
send
+
+ADD_TEMPLATE_A =
+update add $HOSTNAME. $TTL IN A $IPADDRESS
+show
+send
+
+
+ADD_TEMPLATE_ =
update add $HOSTNAME. $TTL IN $IPADDRESS
show
send
@@ -1578,31 +1563,33 @@ CCACHE_FILE = paths.IPA_DNS_CCACHE
def update_dns(server, hostname):
try:
-(ip, af) = resolve_ipaddress(server)
-except socket.gaierror, e:
-root_logger.debug(update_dns: could not connect to server: %s, e)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
return
-sub_dict = dict(HOSTNAME=hostname,
-IPADDRESS=ip,
-TTL=1200
-)
-
-if af == socket.AF_INET:
-template = UPDATE_TEMPLATE_A
-elif af == socket.AF_INET6:
-template = UPDATE_TEMPLATE_
-else:
-root_logger.info(Failed to determine this machine's ip address.)
-root_logger.warning(Failed to update DNS A record.)
+if len(ips) == 0:
+root_logger.info(Failed to determine this machine's ip address(es).)
return
-update_txt = ipautil.template_str(template, sub_dict)
+update_txt = debug\n
+update_txt += ipautil.template_str(DELETE_TEMPLATE_A, dict(HOSTNAME=hostname))
+update_txt += ipautil.template_str(DELETE_TEMPLATE_, dict(HOSTNAME=hostname))
+
+for ip in ips:
+sub_dict = dict(HOSTNAME=hostname,
+IPADDRESS=ip,
+TTL=1200
+ )
+if ip.version == 4:
+template = ADD_TEMPLATE_A
+elif ip.version == 6:
+template = ADD_TEMPLATE_
+update_txt += ipautil.template_str(template, sub_dict)
if do_nsupdate(update_txt):
-root_logger.info(DNS server record set to: %s - %s, hostname, ip)
+
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4249 Rather than scraping the output of ip is the python-netifaces package a viable alternative? Yes it adds another dep, and I'm not sure it is available for all platforms, but it makes the client less dependent upon output format changes in a cli utility. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 01/07/2015 03:12 PM, Rob Crittenden wrote: David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4249 Rather than scraping the output of ip is the python-netifaces package a viable alternative? Yes it adds another dep, and I'm not sure it is available for all platforms, but it makes the client less dependent upon output format changes in a cli utility. rob Yes, it would be much better and I originally wanted to use it. But it isn't available on all platforms that FreeIPA runs on. -- David Kupka ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.
On 07/01/15 12:27, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4249
Thank you for patch:
1)
-root_logger.error(Cannot update DNS records!
- Failed to connect to server '%s'., server)
+ips = get_local_ipaddresses()
+except CalledProcessError as e:
+root_logger.error(Cannot update DNS records. %s % e)
IMO the error message should be more specific, add there something like
Unable to get local IP addresses. at least in log.debug()
2)
+lines = ipresult[0].replace('\\', '').split('\n')
.replace() is not needed
3)
+if len(ips) == 0:
if not ips:
is more pythonic by PEP8
--
Martin Basti
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
