Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On Fri, 2011-05-27 at 22:09 +0200, Jan Cholasta wrote: On 27.5.2011 16:49, Jan Cholasta wrote: On 20.5.2011 20:29, Jan Cholasta wrote: On 12.5.2011 14:47, Jan Cholasta wrote: Rewrote host.py so that it doesn't use get_reverse_zone from ipaserver.bindinstance (which fixes the pylint errors). Honza Patch updated. Requires patch 18.1. Another update, requires patch 18.3. Honza Updated, requires 18.4. ACK, pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 20.5.2011 20:29, Jan Cholasta wrote: On 12.5.2011 14:47, Jan Cholasta wrote: Rewrote host.py so that it doesn't use get_reverse_zone from ipaserver.bindinstance (which fixes the pylint errors). Honza Patch updated. Requires patch 18.1. Another update, requires patch 18.3. Honza -- Jan Cholasta From d131dd9ea659bb1cc21aa2146b14a0832c45e42a Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Fri, 27 May 2011 13:52:07 +0200 Subject: [PATCH] Honor netmask in DNS reverse zone setup. ticket 910 --- install/tools/ipa-dns-install |3 +- install/tools/ipa-replica-install |6 +++- install/tools/ipa-replica-prepare | 32 +++--- install/tools/ipa-server-install |3 +- ipalib/plugins/host.py| 45 ipaserver/install/bindinstance.py | 52 - 6 files changed, 97 insertions(+), 44 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 491585b..d41a476 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -138,6 +138,7 @@ def main(): sys.exit(Unable to resolve IP address for host name) else: ip_address = read_ip_address(api.env.host, fstore) +ip_prefixlen = ip_address.prefixlen ip_address = str(ip_address) logging.debug(will use ip_address: %s\n, ip_address) @@ -183,7 +184,7 @@ def main(): create_reverse = not options.no_reverse elif not options.no_reverse: create_reverse = bindinstance.create_reverse() -bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) +bind.setup(api.env.host, ip_address, ip_prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) if bind.dm_password: api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2727fa6..65b5536 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -287,6 +287,7 @@ def install_bind(config, options): sys.exit(Unable to resolve IP address for host name) ip = installutils.parse_ip_address(ip_address) ip_address = str(ip) +ip_prefixlen = ip.prefixlen create_reverse = True if options.unattended: @@ -300,7 +301,7 @@ def install_bind(config, options): # specified, ask the user create_reverse = bindinstance.create_reverse() -bind.setup(config.host_name, ip_address, config.realm_name, +bind.setup(config.host_name, ip_address, ip_prefixlen, config.realm_name, config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() @@ -324,8 +325,9 @@ def install_dns_records(config, options): sys.exit(Unable to resolve IP address for host name) ip = installutils.parse_ip_address(ip_address) ip_address = str(ip) +ip_prefixlen = ip.prefixlen -bind.add_master_dns_records(config.host_name, ip_address, +bind.add_master_dns_records(config.host_name, ip_address, ip_prefixlen, config.realm_name, config.domain_name, options.conf_ntp) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index f54436d..69ebd4a 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -27,7 +27,7 @@ import krbV from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr +from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_zone_exists from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking from ipaserver.plugins.ldap2 import ldap2 from ipapython import version @@ -425,11 +425,33 @@ def main(): name = domain.pop(0) domain = ..join(domain) -ip_address = str(options.ip_address) +ip = options.ip_address +ip_address = str(ip) +ip_prefixlen = ip.prefixlen + +if ip.defaultnet: +revzone = ip.reverse_dns +if ip.version == 4: +prefix = 32 +dec = 8 +elif ip.version == 6: +prefix = 128 +dec = 4 + +while prefix 0: +dummy, dot, revzone = revzone.partition('.') +prefix = prefix - dec +if dns_zone_exists(revzone): +break + +if prefix 0: +ip_prefixlen = prefix +else: +add_reverse_zone(ip_address, ip_prefixlen) + zone =
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 11.5.2011 15:58, Martin Kosek wrote: On Tue, 2011-05-10 at 20:10 +0200, Jan Cholasta wrote: On 21.4.2011 09:36, Jan Cholasta wrote: On 20.4.2011 22:08, Rob Crittenden wrote: Jan Cholasta wrote: On 11.4.2011 12:48, Jan Cholasta wrote: On 8.4.2011 16:26, Rob Crittenden wrote: Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, inmodule File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? I'm going to resubmit it. Right now it disallows loopback, IANA reserved, link-local, network, multicast and broadcast IP addresses. Does it make sense to also allow only IP addresses attached to one of the local network interfaces? Perhaps it would be sufficient just to print a warning. Or should we not care about that at all? Sending the updated patch. This looks ok, just one question. Should we add a dependency on the iproute package because of the /sbin/ip package? Yes, we should. rob Split the patch to 3 smaller pieces: Patch 18 adds the ability to parse netmasks in IP addresses passed to server install. https://fedorahosted.org/freeipa/ticket/1212 This patch requires patch 18 and fixes DNS reverse zone setup to honor the netmask. https://fedorahosted.org/freeipa/ticket/910 Patch 19 requires patch 18 and adds stricter checking of IP addresses. https://fedorahosted.org/freeipa/ticket/1213 Honza Thanks for splitting of the patches, it is now much clearer what is done and where. Please fix pylint errors first before the review, there were several of them when I applied all 3 patches: ./make-lint ipalib/plugins/host.py:122: [E1120, remove_fwd_ptr] No value passed for parameter 'ip_prefix_len' in function call ipalib/plugins/host.py:325: [E1120, host_add.pre_callback] No value passed for parameter 'ip_prefix_len' in function call ipalib/plugins/host.py:384: [E1120, host_add.post_callback] No value passed for parameter 'ip_prefix_len' in function call Martin Rewrote host.py so that it doesn't use get_reverse_zone from ipaserver.bindinstance (which fixes the pylint errors). Honza -- Jan Cholasta From 23593bb03b54f043b1799e12f973ac9d9b826309 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 12 May 2011 14:37:18 +0200 Subject: [PATCH] Honor netmask in DNS reverse zone setup. ticket 910 --- install/tools/ipa-dns-install |2 +- install/tools/ipa-replica-install |2 +- install/tools/ipa-replica-prepare |8 +++--- install/tools/ipa-server-install |2 +- ipalib/plugins/host.py| 31 +++ ipaserver/install/bindinstance.py | 49 - 6 files changed, 64 insertions(+), 30 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 256c670..69b05bc 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -182,7 +182,7 @@ def main(): create_reverse = not options.no_reverse elif not options.no_reverse: create_reverse = bindinstance.create_reverse() -bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) +bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp,
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On Tue, 2011-05-10 at 20:10 +0200, Jan Cholasta wrote: On 21.4.2011 09:36, Jan Cholasta wrote: On 20.4.2011 22:08, Rob Crittenden wrote: Jan Cholasta wrote: On 11.4.2011 12:48, Jan Cholasta wrote: On 8.4.2011 16:26, Rob Crittenden wrote: Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? I'm going to resubmit it. Right now it disallows loopback, IANA reserved, link-local, network, multicast and broadcast IP addresses. Does it make sense to also allow only IP addresses attached to one of the local network interfaces? Perhaps it would be sufficient just to print a warning. Or should we not care about that at all? Sending the updated patch. This looks ok, just one question. Should we add a dependency on the iproute package because of the /sbin/ip package? Yes, we should. rob Split the patch to 3 smaller pieces: Patch 18 adds the ability to parse netmasks in IP addresses passed to server install. https://fedorahosted.org/freeipa/ticket/1212 This patch requires patch 18 and fixes DNS reverse zone setup to honor the netmask. https://fedorahosted.org/freeipa/ticket/910 Patch 19 requires patch 18 and adds stricter checking of IP addresses. https://fedorahosted.org/freeipa/ticket/1213 Honza Thanks for splitting of the patches, it is now much clearer what is done and where. Please fix pylint errors first before the review, there were several of them when I applied all 3 patches: ./make-lint ipalib/plugins/host.py:122: [E1120, remove_fwd_ptr] No value passed for parameter 'ip_prefix_len' in function call ipalib/plugins/host.py:325: [E1120, host_add.pre_callback] No value passed for parameter 'ip_prefix_len' in function call ipalib/plugins/host.py:384: [E1120, host_add.post_callback] No value passed for parameter 'ip_prefix_len' in function call Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 21.4.2011 09:36, Jan Cholasta wrote: On 20.4.2011 22:08, Rob Crittenden wrote: Jan Cholasta wrote: On 11.4.2011 12:48, Jan Cholasta wrote: On 8.4.2011 16:26, Rob Crittenden wrote: Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? I'm going to resubmit it. Right now it disallows loopback, IANA reserved, link-local, network, multicast and broadcast IP addresses. Does it make sense to also allow only IP addresses attached to one of the local network interfaces? Perhaps it would be sufficient just to print a warning. Or should we not care about that at all? Sending the updated patch. This looks ok, just one question. Should we add a dependency on the iproute package because of the /sbin/ip package? Yes, we should. rob Split the patch to 3 smaller pieces: Patch 18 adds the ability to parse netmasks in IP addresses passed to server install. https://fedorahosted.org/freeipa/ticket/1212 This patch requires patch 18 and fixes DNS reverse zone setup to honor the netmask. https://fedorahosted.org/freeipa/ticket/910 Patch 19 requires patch 18 and adds stricter checking of IP addresses. https://fedorahosted.org/freeipa/ticket/1213 Honza -- Jan Cholasta From 7ece02d6bce0ba80075cf7b570bbef22b74d381e Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 10 May 2011 19:59:56 +0200 Subject: [PATCH] Honor netmask in DNS reverse zone setup. ticket 910 --- install/tools/ipa-dns-install |2 +- install/tools/ipa-replica-install |2 +- install/tools/ipa-replica-prepare |8 +++--- install/tools/ipa-server-install |2 +- ipaserver/install/bindinstance.py | 49 - 5 files changed, 39 insertions(+), 24 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 256c670..69b05bc 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -182,7 +182,7 @@ def main(): create_reverse = not options.no_reverse elif not options.no_reverse: create_reverse = bindinstance.create_reverse() -bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) +bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) if bind.dm_password: api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 722da37..a767519 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -296,7 +296,7 @@ def install_bind(config, options): # In interactive mode, if the flag was not explicitly specified, ask the user create_reverse = bindinstance.create_reverse() -bind.setup(config.host_name, ip_address, config.realm_name, +bind.setup(config.host_name, ip_address, ip.prefixlen, config.realm_name, config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() diff --git a/install/tools/ipa-replica-prepare
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 20.4.2011 22:08, Rob Crittenden wrote: Jan Cholasta wrote: On 11.4.2011 12:48, Jan Cholasta wrote: On 8.4.2011 16:26, Rob Crittenden wrote: Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? I'm going to resubmit it. Right now it disallows loopback, IANA reserved, link-local, network, multicast and broadcast IP addresses. Does it make sense to also allow only IP addresses attached to one of the local network interfaces? Perhaps it would be sufficient just to print a warning. Or should we not care about that at all? Sending the updated patch. This looks ok, just one question. Should we add a dependency on the iproute package because of the /sbin/ip package? Yes, we should. rob -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote: On 11.4.2011 12:48, Jan Cholasta wrote: On 8.4.2011 16:26, Rob Crittenden wrote: Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? I'm going to resubmit it. Right now it disallows loopback, IANA reserved, link-local, network, multicast and broadcast IP addresses. Does it make sense to also allow only IP addresses attached to one of the local network interfaces? Perhaps it would be sufficient just to print a warning. Or should we not care about that at all? Sending the updated patch. This looks ok, just one question. Should we add a dependency on the iproute package because of the /sbin/ip package? rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 11.4.2011 12:48, Jan Cholasta wrote: On 8.4.2011 16:26, Rob Crittenden wrote: Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? I'm going to resubmit it. Right now it disallows loopback, IANA reserved, link-local, network, multicast and broadcast IP addresses. Does it make sense to also allow only IP addresses attached to one of the local network interfaces? Perhaps it would be sufficient just to print a warning. Or should we not care about that at all? Sending the updated patch. rob -- Jan Cholasta From 764ba2c6906749761ab6f2ffdc96d442ec5f4fa6 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Wed, 13 Apr 2011 13:12:03 +0200 Subject: [PATCH] Add ability to specify netmask/prefix length with IP addresses during install for proper DNS reverse zone setup. ticket 910 --- install/tools/ipa-dns-install |8 ++- install/tools/ipa-replica-install |4 +- install/tools/ipa-replica-prepare | 13 ++-- install/tools/ipa-server-install | 32 - ipaserver/install/bindinstance.py | 49 +- ipaserver/install/installutils.py | 135 +++- tests/test_install/test_utils.py | 66 ++ 7 files changed, 244 insertions(+), 63 deletions(-) create mode 100644 tests/test_install/test_utils.py diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index aac85bf..69b05bc 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -131,11 +131,13 @@ def main(): ip_address = options.ip_address else: ip_address = resolve_host(api.env.host) -if not ip_address or not verify_ip_address(ip_address): +ip = parse_ip_address(ip_address) +if not verify_ip_address(ip): if options.unattended: sys.exit(Unable to resolve IP address for host name) else: -ip_address = read_ip_address(api.env.host, fstore) +ip = read_ip_address(api.env.host, fstore) +ip_address = str(ip) logging.debug(will use ip_address: %s\n, ip_address) if options.no_forwarders: @@ -180,7 +182,7 @@ def main(): create_reverse = not options.no_reverse elif not options.no_reverse: create_reverse = bindinstance.create_reverse() -bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) +bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) if bind.dm_password: api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 999b5ee..b6b1407 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -285,6 +285,8 @@ def install_bind(config, options): ip_address = resolve_host(config.host_name) if not ip_address: sys.exit(Unable to resolve IP address for host name) +ip = installutils.parse_ip_address(ip_address) +ip_address = str(ip) create_reverse = True if options.unattended:
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. rob -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Dne 28.3.2011 15:50, Adam Young napsal(a): On 03/28/2011 06:54 AM, Jan Cholasta wrote: This patch enables the user to specify netmask/prefix length with IP addresses (see http://packages.python.org/netaddr/netaddr.ip.IPNetwork-class.html) during installation for proper DNS reverse zone setup. https://fedorahosted.org/freeipa/ticket/910 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel The approach makes sense on visual review. Haven't had the chance to test it yet. It appears to work for both IPv4 and V6 with and without netmasks. I'd like to a see a unit test for the parser that confirms that. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Unit test added. -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Sorry, forgot to attach the patch. -- Jan Cholasta From 0e859303c63b895efb82bd1fa4c09108baf18f43 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 29 Mar 2011 15:15:23 +0200 Subject: [PATCH] Add ability to specify netmask/prefix length with IP addresses during install for proper DNS reverse zone setup. ticket 910 --- install/tools/ipa-dns-install |8 +++-- install/tools/ipa-replica-install |4 ++- install/tools/ipa-replica-prepare | 15 +--- install/tools/ipa-server-install | 32 --- ipaserver/install/bindinstance.py | 49 +++-- ipaserver/install/installutils.py | 62 tests/test_install/test_utils.py | 46 +++ 7 files changed, 157 insertions(+), 59 deletions(-) create mode 100644 tests/test_install/test_utils.py diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index aac85bf..69b05bc 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -131,11 +131,13 @@ def main(): ip_address = options.ip_address else: ip_address = resolve_host(api.env.host) -if not ip_address or not verify_ip_address(ip_address): +ip = parse_ip_address(ip_address) +if not verify_ip_address(ip): if options.unattended: sys.exit(Unable to resolve IP address for host name) else: -ip_address = read_ip_address(api.env.host, fstore) +ip = read_ip_address(api.env.host, fstore) +ip_address = str(ip) logging.debug(will use ip_address: %s\n, ip_address) if options.no_forwarders: @@ -180,7 +182,7 @@ def main(): create_reverse = not options.no_reverse elif not options.no_reverse: create_reverse = bindinstance.create_reverse() -bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) +bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) if bind.dm_password: api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2bc9a17..1693da9 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -284,6 +284,8 @@ def install_bind(config, options): ip_address = resolve_host(config.host_name) if not ip_address: sys.exit(Unable to resolve IP address for host name) +ip = installutils.parse_ip_address(ip_address) +ip_address = str(ip) create_reverse = True if options.unattended: @@ -293,7 +295,7 @@ def install_bind(config, options): # In interactive mode, if the flag was not explicitly specified, ask the user create_reverse = bindinstance.create_reverse() -bind.setup(config.host_name, ip_address, config.realm_name, +bind.setup(config.host_name, ip_address, ip.prefixlen, config.realm_name, config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index e912235..63dc4ca 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -28,7 +28,7 @@ from optparse import OptionParser from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr +from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking from ipaserver.plugins.ldap2 import ldap2 from ipapython import version @@ -50,7 +50,7 @@ def parse_options(): help=PIN for the Apache Server PKCS#12 file) parser.add_option(--pkinit_pin, dest=pkinit_pin, help=PIN for the KDC pkinit PKCS#12 file) -parser.add_option(-p, --password, dest=password, +parser.add_option(-p, --password, dest=password, help=Directory Manager (existing master) password) parser.add_option(--ip-address, dest=ip_address, help=Add A and PTR records of the future replica) @@ -425,10 +425,13 @@ def main(): name = domain.pop(0) domain = ..join(domain) -zone = add_zone(domain, nsaddr=options.ip_address) -add_rr(zone, name, A, options.ip_address) -add_reverse_zone(options.ip_address) -add_ptr_rr(options.ip_address, replica_fqdn) +ip = installutils.parse_ip_address(options.ip_address) +ip_address = str(ip) + +zone = add_zone(domain, nsaddr=ip_address) +add_fwd_rr(zone, name, ip_address) +
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 03/29/2011 04:15 PM, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? No, otherwise I would not be able to test at home. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Dmitri Pal wrote: On 03/29/2011 04:15 PM, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, inmodule File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? No, otherwise I would not be able to test at home. Sorry, I mean that a .0 is considered a valid IP address to use for the server. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 03/28/2011 06:54 AM, Jan Cholasta wrote: This patch enables the user to specify netmask/prefix length with IP addresses (see http://packages.python.org/netaddr/netaddr.ip.IPNetwork-class.html) during installation for proper DNS reverse zone setup. https://fedorahosted.org/freeipa/ticket/910 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel The approach makes sense on visual review. Haven't had the chance to test it yet. It appears to work for both IPv4 and V6 with and without netmasks. I'd like to a see a unit test for the parser that confirms that. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel