Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On Fri, 2011-05-27 at 22:09 +0200, Jan Cholasta wrote: On 27.5.2011 16:49, Jan Cholasta wrote: On 20.5.2011 20:29, Jan Cholasta wrote: On 12.5.2011 14:47, Jan Cholasta wrote: Rewrote host.py so that it doesn't use get_reverse_zone from ipaserver.bindinstance (which fixes the pylint errors). Honza Patch updated. Requires patch 18.1. Another update, requires patch 18.3. Honza Updated, requires 18.4. ACK, pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 20.5.2011 20:29, Jan Cholasta wrote:
On 12.5.2011 14:47, Jan Cholasta wrote:
Rewrote host.py so that it doesn't use get_reverse_zone from
ipaserver.bindinstance (which fixes the pylint errors).
Honza
Patch updated. Requires patch 18.1.
Another update, requires patch 18.3.
Honza
--
Jan Cholasta
From d131dd9ea659bb1cc21aa2146b14a0832c45e42a Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Fri, 27 May 2011 13:52:07 +0200
Subject: [PATCH] Honor netmask in DNS reverse zone setup.
ticket 910
---
install/tools/ipa-dns-install |3 +-
install/tools/ipa-replica-install |6 +++-
install/tools/ipa-replica-prepare | 32 +++---
install/tools/ipa-server-install |3 +-
ipalib/plugins/host.py| 45
ipaserver/install/bindinstance.py | 52 -
6 files changed, 97 insertions(+), 44 deletions(-)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 491585b..d41a476 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -138,6 +138,7 @@ def main():
sys.exit(Unable to resolve IP address for host name)
else:
ip_address = read_ip_address(api.env.host, fstore)
+ip_prefixlen = ip_address.prefixlen
ip_address = str(ip_address)
logging.debug(will use ip_address: %s\n, ip_address)
@@ -183,7 +184,7 @@ def main():
create_reverse = not options.no_reverse
elif not options.no_reverse:
create_reverse = bindinstance.create_reverse()
-bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
+bind.setup(api.env.host, ip_address, ip_prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
if bind.dm_password:
api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2727fa6..65b5536 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -287,6 +287,7 @@ def install_bind(config, options):
sys.exit(Unable to resolve IP address for host name)
ip = installutils.parse_ip_address(ip_address)
ip_address = str(ip)
+ip_prefixlen = ip.prefixlen
create_reverse = True
if options.unattended:
@@ -300,7 +301,7 @@ def install_bind(config, options):
# specified, ask the user
create_reverse = bindinstance.create_reverse()
-bind.setup(config.host_name, ip_address, config.realm_name,
+bind.setup(config.host_name, ip_address, ip_prefixlen, config.realm_name,
config.domain_name, forwarders, options.conf_ntp, create_reverse)
bind.create_instance()
@@ -324,8 +325,9 @@ def install_dns_records(config, options):
sys.exit(Unable to resolve IP address for host name)
ip = installutils.parse_ip_address(ip_address)
ip_address = str(ip)
+ip_prefixlen = ip.prefixlen
-bind.add_master_dns_records(config.host_name, ip_address,
+bind.add_master_dns_records(config.host_name, ip_address, ip_prefixlen,
config.realm_name, config.domain_name,
options.conf_ntp)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index f54436d..69ebd4a 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -27,7 +27,7 @@ import krbV
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs
-from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr
+from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_zone_exists
from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking
from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
@@ -425,11 +425,33 @@ def main():
name = domain.pop(0)
domain = ..join(domain)
-ip_address = str(options.ip_address)
+ip = options.ip_address
+ip_address = str(ip)
+ip_prefixlen = ip.prefixlen
+
+if ip.defaultnet:
+revzone = ip.reverse_dns
+if ip.version == 4:
+prefix = 32
+dec = 8
+elif ip.version == 6:
+prefix = 128
+dec = 4
+
+while prefix 0:
+dummy, dot, revzone = revzone.partition('.')
+prefix = prefix - dec
+if dns_zone_exists(revzone):
+break
+
+if prefix 0:
+ip_prefixlen = prefix
+else:
+add_reverse_zone(ip_address, ip_prefixlen)
+
zone =
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 11.5.2011 15:58, Martin Kosek wrote:
On Tue, 2011-05-10 at 20:10 +0200, Jan Cholasta wrote:
On 21.4.2011 09:36, Jan Cholasta wrote:
On 20.4.2011 22:08, Rob Crittenden wrote:
Jan Cholasta wrote:
On 11.4.2011 12:48, Jan Cholasta wrote:
On 8.4.2011 16:26, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, inmodule
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets
caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the
fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or
link-local
addresses too.
Are you going to resubmit the patch with these added or should we
open a
separate ticket?
I'm going to resubmit it. Right now it disallows loopback, IANA
reserved, link-local, network, multicast and broadcast IP addresses.
Does it make sense to also allow only IP addresses attached to one of
the local network interfaces? Perhaps it would be sufficient just to
print a warning. Or should we not care about that at all?
Sending the updated patch.
This looks ok, just one question. Should we add a dependency on the
iproute package because of the /sbin/ip package?
Yes, we should.
rob
Split the patch to 3 smaller pieces:
Patch 18 adds the ability to parse netmasks in IP addresses passed to
server install.
https://fedorahosted.org/freeipa/ticket/1212
This patch requires patch 18 and fixes DNS reverse zone setup to honor
the netmask.
https://fedorahosted.org/freeipa/ticket/910
Patch 19 requires patch 18 and adds stricter checking of IP addresses.
https://fedorahosted.org/freeipa/ticket/1213
Honza
Thanks for splitting of the patches, it is now much clearer what is done
and where. Please fix pylint errors first before the review, there were
several of them when I applied all 3 patches:
./make-lint
ipalib/plugins/host.py:122: [E1120, remove_fwd_ptr] No value passed for
parameter 'ip_prefix_len' in function call
ipalib/plugins/host.py:325: [E1120, host_add.pre_callback] No value passed for
parameter 'ip_prefix_len' in function call
ipalib/plugins/host.py:384: [E1120, host_add.post_callback] No value passed for
parameter 'ip_prefix_len' in function call
Martin
Rewrote host.py so that it doesn't use get_reverse_zone from
ipaserver.bindinstance (which fixes the pylint errors).
Honza
--
Jan Cholasta
From 23593bb03b54f043b1799e12f973ac9d9b826309 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Thu, 12 May 2011 14:37:18 +0200
Subject: [PATCH] Honor netmask in DNS reverse zone setup.
ticket 910
---
install/tools/ipa-dns-install |2 +-
install/tools/ipa-replica-install |2 +-
install/tools/ipa-replica-prepare |8 +++---
install/tools/ipa-server-install |2 +-
ipalib/plugins/host.py| 31 +++
ipaserver/install/bindinstance.py | 49 -
6 files changed, 64 insertions(+), 30 deletions(-)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 256c670..69b05bc 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -182,7 +182,7 @@ def main():
create_reverse = not options.no_reverse
elif not options.no_reverse:
create_reverse = bindinstance.create_reverse()
-bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
+bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp,
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On Tue, 2011-05-10 at 20:10 +0200, Jan Cholasta wrote:
On 21.4.2011 09:36, Jan Cholasta wrote:
On 20.4.2011 22:08, Rob Crittenden wrote:
Jan Cholasta wrote:
On 11.4.2011 12:48, Jan Cholasta wrote:
On 8.4.2011 16:26, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets
caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the
fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or
link-local
addresses too.
Are you going to resubmit the patch with these added or should we
open a
separate ticket?
I'm going to resubmit it. Right now it disallows loopback, IANA
reserved, link-local, network, multicast and broadcast IP addresses.
Does it make sense to also allow only IP addresses attached to one of
the local network interfaces? Perhaps it would be sufficient just to
print a warning. Or should we not care about that at all?
Sending the updated patch.
This looks ok, just one question. Should we add a dependency on the
iproute package because of the /sbin/ip package?
Yes, we should.
rob
Split the patch to 3 smaller pieces:
Patch 18 adds the ability to parse netmasks in IP addresses passed to
server install.
https://fedorahosted.org/freeipa/ticket/1212
This patch requires patch 18 and fixes DNS reverse zone setup to honor
the netmask.
https://fedorahosted.org/freeipa/ticket/910
Patch 19 requires patch 18 and adds stricter checking of IP addresses.
https://fedorahosted.org/freeipa/ticket/1213
Honza
Thanks for splitting of the patches, it is now much clearer what is done
and where. Please fix pylint errors first before the review, there were
several of them when I applied all 3 patches:
./make-lint
ipalib/plugins/host.py:122: [E1120, remove_fwd_ptr] No value passed for
parameter 'ip_prefix_len' in function call
ipalib/plugins/host.py:325: [E1120, host_add.pre_callback] No value passed for
parameter 'ip_prefix_len' in function call
ipalib/plugins/host.py:384: [E1120, host_add.post_callback] No value passed for
parameter 'ip_prefix_len' in function call
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 21.4.2011 09:36, Jan Cholasta wrote:
On 20.4.2011 22:08, Rob Crittenden wrote:
Jan Cholasta wrote:
On 11.4.2011 12:48, Jan Cholasta wrote:
On 8.4.2011 16:26, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets
caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the
fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or
link-local
addresses too.
Are you going to resubmit the patch with these added or should we
open a
separate ticket?
I'm going to resubmit it. Right now it disallows loopback, IANA
reserved, link-local, network, multicast and broadcast IP addresses.
Does it make sense to also allow only IP addresses attached to one of
the local network interfaces? Perhaps it would be sufficient just to
print a warning. Or should we not care about that at all?
Sending the updated patch.
This looks ok, just one question. Should we add a dependency on the
iproute package because of the /sbin/ip package?
Yes, we should.
rob
Split the patch to 3 smaller pieces:
Patch 18 adds the ability to parse netmasks in IP addresses passed to
server install.
https://fedorahosted.org/freeipa/ticket/1212
This patch requires patch 18 and fixes DNS reverse zone setup to honor
the netmask.
https://fedorahosted.org/freeipa/ticket/910
Patch 19 requires patch 18 and adds stricter checking of IP addresses.
https://fedorahosted.org/freeipa/ticket/1213
Honza
--
Jan Cholasta
From 7ece02d6bce0ba80075cf7b570bbef22b74d381e Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 10 May 2011 19:59:56 +0200
Subject: [PATCH] Honor netmask in DNS reverse zone setup.
ticket 910
---
install/tools/ipa-dns-install |2 +-
install/tools/ipa-replica-install |2 +-
install/tools/ipa-replica-prepare |8 +++---
install/tools/ipa-server-install |2 +-
ipaserver/install/bindinstance.py | 49 -
5 files changed, 39 insertions(+), 24 deletions(-)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 256c670..69b05bc 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -182,7 +182,7 @@ def main():
create_reverse = not options.no_reverse
elif not options.no_reverse:
create_reverse = bindinstance.create_reverse()
-bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
+bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
if bind.dm_password:
api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 722da37..a767519 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -296,7 +296,7 @@ def install_bind(config, options):
# In interactive mode, if the flag was not explicitly specified, ask the user
create_reverse = bindinstance.create_reverse()
-bind.setup(config.host_name, ip_address, config.realm_name,
+bind.setup(config.host_name, ip_address, ip.prefixlen, config.realm_name,
config.domain_name, forwarders, options.conf_ntp, create_reverse)
bind.create_instance()
diff --git a/install/tools/ipa-replica-prepare
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 20.4.2011 22:08, Rob Crittenden wrote:
Jan Cholasta wrote:
On 11.4.2011 12:48, Jan Cholasta wrote:
On 8.4.2011 16:26, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets
caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or
link-local
addresses too.
Are you going to resubmit the patch with these added or should we
open a
separate ticket?
I'm going to resubmit it. Right now it disallows loopback, IANA
reserved, link-local, network, multicast and broadcast IP addresses.
Does it make sense to also allow only IP addresses attached to one of
the local network interfaces? Perhaps it would be sufficient just to
print a warning. Or should we not care about that at all?
Sending the updated patch.
This looks ok, just one question. Should we add a dependency on the
iproute package because of the /sbin/ip package?
Yes, we should.
rob
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote:
On 11.4.2011 12:48, Jan Cholasta wrote:
On 8.4.2011 16:26, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets
caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or link-local
addresses too.
Are you going to resubmit the patch with these added or should we open a
separate ticket?
I'm going to resubmit it. Right now it disallows loopback, IANA
reserved, link-local, network, multicast and broadcast IP addresses.
Does it make sense to also allow only IP addresses attached to one of
the local network interfaces? Perhaps it would be sufficient just to
print a warning. Or should we not care about that at all?
Sending the updated patch.
This looks ok, just one question. Should we add a dependency on the
iproute package because of the /sbin/ip package?
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 11.4.2011 12:48, Jan Cholasta wrote:
On 8.4.2011 16:26, Rob Crittenden wrote:
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or link-local
addresses too.
Are you going to resubmit the patch with these added or should we open a
separate ticket?
I'm going to resubmit it. Right now it disallows loopback, IANA
reserved, link-local, network, multicast and broadcast IP addresses.
Does it make sense to also allow only IP addresses attached to one of
the local network interfaces? Perhaps it would be sufficient just to
print a warning. Or should we not care about that at all?
Sending the updated patch.
rob
--
Jan Cholasta
From 764ba2c6906749761ab6f2ffdc96d442ec5f4fa6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 13 Apr 2011 13:12:03 +0200
Subject: [PATCH] Add ability to specify netmask/prefix length with IP addresses during install for proper DNS reverse zone setup.
ticket 910
---
install/tools/ipa-dns-install |8 ++-
install/tools/ipa-replica-install |4 +-
install/tools/ipa-replica-prepare | 13 ++--
install/tools/ipa-server-install | 32 -
ipaserver/install/bindinstance.py | 49 +-
ipaserver/install/installutils.py | 135 +++-
tests/test_install/test_utils.py | 66 ++
7 files changed, 244 insertions(+), 63 deletions(-)
create mode 100644 tests/test_install/test_utils.py
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index aac85bf..69b05bc 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -131,11 +131,13 @@ def main():
ip_address = options.ip_address
else:
ip_address = resolve_host(api.env.host)
-if not ip_address or not verify_ip_address(ip_address):
+ip = parse_ip_address(ip_address)
+if not verify_ip_address(ip):
if options.unattended:
sys.exit(Unable to resolve IP address for host name)
else:
-ip_address = read_ip_address(api.env.host, fstore)
+ip = read_ip_address(api.env.host, fstore)
+ip_address = str(ip)
logging.debug(will use ip_address: %s\n, ip_address)
if options.no_forwarders:
@@ -180,7 +182,7 @@ def main():
create_reverse = not options.no_reverse
elif not options.no_reverse:
create_reverse = bindinstance.create_reverse()
-bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
+bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
if bind.dm_password:
api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 999b5ee..b6b1407 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -285,6 +285,8 @@ def install_bind(config, options):
ip_address = resolve_host(config.host_name)
if not ip_address:
sys.exit(Unable to resolve IP address for host name)
+ip = installutils.parse_ip_address(ip_address)
+ip_address = str(ip)
create_reverse = True
if options.unattended:
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote:
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or link-local
addresses too.
Are you going to resubmit the patch with these added or should we open a
separate ticket?
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 29.3.2011 22:15, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
https://github.com/drkjam/netaddr/issues/closed#issue/5
https://github.com/drkjam/netaddr/issues/closed#issue/6
https://github.com/drkjam/netaddr/issues/closed#issue/8
Apparently it's already been fixed for the next release.
IMHO it's not much of an issue for us, because the exception gets caught
in parse_ip_address and that's currently the only place where
_IPAddressWithPrefix is used.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
I've been down that road and it would need a rewrite of the fragile IP
address handling logic of ipa-server-install, which is something I'd
rather avoid.
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
If you mean network and broadcast addresses, it probably should. It
might be a good idea to disallow localhost, multicast and/or link-local
addresses too.
rob
--
Jan Cholasta
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Dne 28.3.2011 15:50, Adam Young napsal(a): On 03/28/2011 06:54 AM, Jan Cholasta wrote: This patch enables the user to specify netmask/prefix length with IP addresses (see http://packages.python.org/netaddr/netaddr.ip.IPNetwork-class.html) during installation for proper DNS reverse zone setup. https://fedorahosted.org/freeipa/ticket/910 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel The approach makes sense on visual review. Haven't had the chance to test it yet. It appears to work for both IPv4 and V6 with and without netmasks. I'd like to a see a unit test for the parser that confirms that. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Unit test added. -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Sorry, forgot to attach the patch. -- Jan Cholasta From 0e859303c63b895efb82bd1fa4c09108baf18f43 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 29 Mar 2011 15:15:23 +0200 Subject: [PATCH] Add ability to specify netmask/prefix length with IP addresses during install for proper DNS reverse zone setup. ticket 910 --- install/tools/ipa-dns-install |8 +++-- install/tools/ipa-replica-install |4 ++- install/tools/ipa-replica-prepare | 15 +--- install/tools/ipa-server-install | 32 --- ipaserver/install/bindinstance.py | 49 +++-- ipaserver/install/installutils.py | 62 tests/test_install/test_utils.py | 46 +++ 7 files changed, 157 insertions(+), 59 deletions(-) create mode 100644 tests/test_install/test_utils.py diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index aac85bf..69b05bc 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -131,11 +131,13 @@ def main(): ip_address = options.ip_address else: ip_address = resolve_host(api.env.host) -if not ip_address or not verify_ip_address(ip_address): +ip = parse_ip_address(ip_address) +if not verify_ip_address(ip): if options.unattended: sys.exit(Unable to resolve IP address for host name) else: -ip_address = read_ip_address(api.env.host, fstore) +ip = read_ip_address(api.env.host, fstore) +ip_address = str(ip) logging.debug(will use ip_address: %s\n, ip_address) if options.no_forwarders: @@ -180,7 +182,7 @@ def main(): create_reverse = not options.no_reverse elif not options.no_reverse: create_reverse = bindinstance.create_reverse() -bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) +bind.setup(api.env.host, ip_address, ip.prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) if bind.dm_password: api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, bind_pw=bind.dm_password) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2bc9a17..1693da9 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -284,6 +284,8 @@ def install_bind(config, options): ip_address = resolve_host(config.host_name) if not ip_address: sys.exit(Unable to resolve IP address for host name) +ip = installutils.parse_ip_address(ip_address) +ip_address = str(ip) create_reverse = True if options.unattended: @@ -293,7 +295,7 @@ def install_bind(config, options): # In interactive mode, if the flag was not explicitly specified, ask the user create_reverse = bindinstance.create_reverse() -bind.setup(config.host_name, ip_address, config.realm_name, +bind.setup(config.host_name, ip_address, ip.prefixlen, config.realm_name, config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index e912235..63dc4ca 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -28,7 +28,7 @@ from optparse import OptionParser from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr +from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking from ipaserver.plugins.ldap2 import ldap2 from ipapython import version @@ -50,7 +50,7 @@ def parse_options(): help=PIN for the Apache Server PKCS#12 file) parser.add_option(--pkinit_pin, dest=pkinit_pin, help=PIN for the KDC pkinit PKCS#12 file) -parser.add_option(-p, --password, dest=password, +parser.add_option(-p, --password, dest=password, help=Directory Manager (existing master) password) parser.add_option(--ip-address, dest=ip_address, help=Add A and PTR records of the future replica) @@ -425,10 +425,13 @@ def main(): name = domain.pop(0) domain = ..join(domain) -zone = add_zone(domain, nsaddr=options.ip_address) -add_rr(zone, name, A, options.ip_address) -add_reverse_zone(options.ip_address) -add_ptr_rr(options.ip_address, replica_fqdn) +ip = installutils.parse_ip_address(options.ip_address) +ip_address = str(ip) + +zone = add_zone(domain, nsaddr=ip_address) +add_fwd_rr(zone, name, ip_address) +
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 03/29/2011 04:15 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, in module
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
No, otherwise I would not be able to test at home.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Dmitri Pal wrote:
On 03/29/2011 04:15 PM, Rob Crittenden wrote:
Jan Cholasta wrote:
Sorry, forgot to attach the patch.
Is this why you have some blind excepts?
installutils._IPAddressWithPrefix('192.168.0.1/33')
Traceback (most recent call last):
File stdin, line 1, inmodule
File ipaserver/install/installutils.py, line 167, in __init__
net = netaddr.IPNetwork(addr)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
919, in __init__
implicit_prefix, flags)
File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line
782, in parse_ip_network
value = ip._value
UnboundLocalError: local variable 'ip' referenced before assignment
We should get an upstream bug filed on python-netaddr about this.
Shoudl parse_ip_address() raise an exception on bad data rather than
returning 0.0.0.0?
installutils.parse_ip_address('355.555.3.3')
_IPAddressWithPrefix('0.0.0.0')
or
installutils.parse_ip_address('192.168.0.1/55')
_IPAddressWithPrefix('0.0.0.0')
Should it disallow net addresses like 192.168.0.0?
No, otherwise I would not be able to test at home.
Sorry, I mean that a .0 is considered a valid IP address to use for the
server.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
On 03/28/2011 06:54 AM, Jan Cholasta wrote: This patch enables the user to specify netmask/prefix length with IP addresses (see http://packages.python.org/netaddr/netaddr.ip.IPNetwork-class.html) during installation for proper DNS reverse zone setup. https://fedorahosted.org/freeipa/ticket/910 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel The approach makes sense on visual review. Haven't had the chance to test it yet. It appears to work for both IPv4 and V6 with and without netmasks. I'd like to a see a unit test for the parser that confirms that. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
