Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Mon, 2011-11-28 at 18:16 +0100, Sumit Bose wrote: > On Mon, Nov 28, 2011 at 02:26:00PM +0200, Alexander Bokovoy wrote: > > On Fri, 25 Nov 2011, Sumit Bose wrote: > > > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > > > > Alexander Bokovoy wrote: > > > > >Hi Sumit, > > > > > > > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > > > > >>>It would make more clear what is the default and that it is really > > > > >>>optional setting -- I'm thinking from the perspective of maintenance > > > > >>>of the code in future. > > > > >> > > > > >>Thank you for your comments, new version attached. > > > > >Finally got to test it. ACK. > > > > > > > > > > > > > pushed to master. > > > > > > Sorry, I think you pushed the first version and not -3- which was ACKed > > > by Alexander. > > Hm. Sumit, could you please rebase -3- on top of current master > > HEAD+(1)? > > > > I tried that briefly myself and failed. > > > > (1) Right now I'm also getting make-lint failing due to more strict > > PyLint in F16/Rawhide and those seems to be corect and also affect > > adtrustinstance. > > > > I'm sending the patch shortly, so please rebase on top of it. > > ok, rebased version is attached. To push this upstream you still have to > revert the wrong commit. > > bye, > Sumit I reverted the wrong version of patch so that Sumit can provide correct rebased version: master: ac45a5eee8382ab62b7c8b7c78c2bca36e5bf8a6 Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Mon, Nov 28, 2011 at 02:26:00PM +0200, Alexander Bokovoy wrote: > On Fri, 25 Nov 2011, Sumit Bose wrote: > > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > > > Alexander Bokovoy wrote: > > > >Hi Sumit, > > > > > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > > > >>>It would make more clear what is the default and that it is really > > > >>>optional setting -- I'm thinking from the perspective of maintenance > > > >>>of the code in future. > > > >> > > > >>Thank you for your comments, new version attached. > > > >Finally got to test it. ACK. > > > > > > > > > > pushed to master. > > > > Sorry, I think you pushed the first version and not -3- which was ACKed > > by Alexander. > Hm. Sumit, could you please rebase -3- on top of current master > HEAD+(1)? > > I tried that briefly myself and failed. > > (1) Right now I'm also getting make-lint failing due to more strict > PyLint in F16/Rawhide and those seems to be corect and also affect > adtrustinstance. > > I'm sending the patch shortly, so please rebase on top of it. ok, rebased version is attached. To push this upstream you still have to revert the wrong commit. bye, Sumit > > -- > / Alexander Bokovoy >From 9d8f35baa97c332e4eb676d01815cc68050f37ef Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 13 Oct 2011 12:01:57 +0200 Subject: [PATCH] Add DNS service records for Windows https://fedorahosted.org/freeipa/ticket/1939 --- install/tools/ipa-adtrust-install |5 ++- install/tools/man/ipa-adtrust-install.1 |3 ++ ipaserver/install/adtrustinstance.py| 59 +- 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 9a6e61c2c5e8148a13d51718edc4e38a65af1fec..87fecbfb4834d65fdccc3f8536a5665ba75e48a5 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -45,6 +45,9 @@ def parse_options(): type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--netbios-name", dest="netbios_name", help="NetBIOS name of the IPA domain") +parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true", + default=False, help="Do not create DNS service records " \ + "for Windows in managed DNS server") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") @@ -197,7 +200,7 @@ def main(): api.Backend.ldap2.connect(ccache) smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain, - netbios_name) + netbios_name, options.no_msdcs) smb.create_instance() print "==" diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index a3981adf48d14cc0e540c646fff099490203f862..b61da19088b40d6a9e53784f9a061913ecda4321 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this is determined based \fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name. .TP +\fB\-\-no\-msdcs\fR +Do not create DNS service records for Windows in managed DNS server +.TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .SH "EXIT STATUS" diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 1fcf9e03716a1b31aac47e206adc6ee86eee1cd9..bbda11cc752923e010a06daac87aaba532cfbbb4 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -25,7 +25,9 @@ import tempfile import installutils from ipaserver import ipaldap from ipaserver.install.dsinstance import realm_to_serverid -from ipalib import errors +from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \ + dns_zone_exists +from ipalib import errors, api from ipapython import sysrestore from ipapython import ipautil from ipapython.ipa_log_manager import * @@ -245,6 +247,56 @@ class ADTRUSTInstance(service.Service): except ipautil.CalledProcessError, e: root_logger.critical("Failed to add key for %s" % cifs_principal) +def __add_dns_service_records(self): +""" +Add DNS service records for Windows if DNS is enabled and the DNS zone +is managed. If there are already service records for LDAP and Kerberos +their values are used. Otherwise default values are used. +""" + +zone = self.domain_name +host = self.fqdn.split(".")[0]
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, 25 Nov 2011, Sumit Bose wrote: > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > > Alexander Bokovoy wrote: > > >Hi Sumit, > > > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > > >>>It would make more clear what is the default and that it is really > > >>>optional setting -- I'm thinking from the perspective of maintenance > > >>>of the code in future. > > >> > > >>Thank you for your comments, new version attached. > > >Finally got to test it. ACK. > > > > > > > pushed to master. > > Sorry, I think you pushed the first version and not -3- which was ACKed > by Alexander. Hm. Sumit, could you please rebase -3- on top of current master HEAD+(1)? I tried that briefly myself and failed. (1) Right now I'm also getting make-lint failing due to more strict PyLint in F16/Rawhide and those seems to be corect and also affect adtrustinstance. I'm sending the patch shortly, so please rebase on top of it. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > Alexander Bokovoy wrote: > >Hi Sumit, > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > >>>It would make more clear what is the default and that it is really > >>>optional setting -- I'm thinking from the perspective of maintenance > >>>of the code in future. > >> > >>Thank you for your comments, new version attached. > >Finally got to test it. ACK. > > > > pushed to master. Sorry, I think you pushed the first version and not -3- which was ACKed by Alexander. bye, Sumit ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
Alexander Bokovoy wrote: Hi Sumit, On Fri, 14 Oct 2011, Sumit Bose wrote: It would make more clear what is the default and that it is really optional setting -- I'm thinking from the perspective of maintenance of the code in future. Thank you for your comments, new version attached. Finally got to test it. ACK. pushed to master. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
Hi Sumit, On Fri, 14 Oct 2011, Sumit Bose wrote: > > It would make more clear what is the default and that it is really > > optional setting -- I'm thinking from the perspective of maintenance > > of the code in future. > > Thank you for your comments, new version attached. Finally got to test it. ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, 14 Oct 2011, Sumit Bose wrote: > Thank you for your comments, new version attached. ACK from code reading. I'll try to test it once 2.1.3 is released, if you don't mind. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, Oct 14, 2011 at 08:21:51PM +0300, Alexander Bokovoy wrote: > On Fri, 14 Oct 2011, Sumit Bose wrote: > > On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote: > > > Hi, > > > > > > this patch adds DNS service records for for Windows systems during the > > > setup of trust support. > > > > > > Fixes https://fedorahosted.org/freeipa/ticket/1939. > > > > > > bye, > > > Sumit > > > > Alexander made some comments on irc which I tried to integrate into this > > new version of the patch. > Looks good now. I haven't tested it in real life and there are very > few minor comments bellow. > > > +err_msg = None > > +ret = api.Command.dns_is_enabled() > > +if not ret['result']: > > +err_msg = "DNS is not enabled in this IPA server." > Maybe "DNS management was not enabled at install time."? > > > +else: > > +if not dns_zone_exists(zone): > > +err_msg = "The DNS zone %s is not managed on this IPA > > server" % \ > > + zone > Same here -- "DNS zone %s cannot be managed as it is not defined in IPA"? > > > def setup(self, fqdn, ip_address, realm_name, domain_name, > > netbios_name, > > - smbd_user="samba"): > > + no_msdcs, smbd_user="samba"): > Maybe we could make no_msdcs defaulting to False here? I.e. > +no_msdcs=False, smbd_user="samba"): > > It would make more clear what is the default and that it is really > optional setting -- I'm thinking from the perspective of maintenance > of the code in future. Thank you for your comments, new version attached. bye, Sumit > > -- > / Alexander Bokovoy >From c189f360c15aa24d1e896218856e63cfdfadaa40 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 13 Oct 2011 12:01:57 +0200 Subject: [PATCH] Add DNS service records for Windows https://fedorahosted.org/freeipa/ticket/1939 --- install/tools/ipa-adtrust-install |5 ++- install/tools/man/ipa-adtrust-install.1 |3 ++ ipaserver/install/adtrustinstance.py| 59 +- 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index cc99b5551ede7787ce296bae594553da74da0ffa..4230094742e5c390dd7f8b671500ca75639611b8 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -44,6 +44,9 @@ def parse_options(): type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--netbios-name", dest="netbios_name", help="NetBIOS name of the IPA domain") +parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true", + default=False, help="Do not create DNS service records " \ + "for Windows in managed DNS server") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") @@ -196,7 +199,7 @@ def main(): api.Backend.ldap2.connect(ccache) smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain, - netbios_name) + netbios_name, options.no_msdcs) smb.create_instance() print "==" diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index a3981adf48d14cc0e540c646fff099490203f862..b61da19088b40d6a9e53784f9a061913ecda4321 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this is determined based \fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name. .TP +\fB\-\-no\-msdcs\fR +Do not create DNS service records for Windows in managed DNS server +.TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .SH "EXIT STATUS" diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index d1dc759c611f03215b461b8fe7ebc32d15dc857a..17140a372f3c61d4b14503b5f28ff6c87d88b8dc 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -27,7 +27,9 @@ import tempfile import installutils from ipaserver import ipaldap from ipaserver.install.dsinstance import realm_to_serverid -from ipalib import errors +from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \ + dns_zone_exists +from ipalib import errors, api from ipapython import sysrestore from ipapython import ipautil @@ -246,6 +248,56 @@ class ADTRUSTInstance(service.Service): except ipautil.CalledProcessError, e: lo
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, 14 Oct 2011, Sumit Bose wrote: > On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote: > > Hi, > > > > this patch adds DNS service records for for Windows systems during the > > setup of trust support. > > > > Fixes https://fedorahosted.org/freeipa/ticket/1939. > > > > bye, > > Sumit > > Alexander made some comments on irc which I tried to integrate into this > new version of the patch. Looks good now. I haven't tested it in real life and there are very few minor comments bellow. > +err_msg = None > +ret = api.Command.dns_is_enabled() > +if not ret['result']: > +err_msg = "DNS is not enabled in this IPA server." Maybe "DNS management was not enabled at install time."? > +else: > +if not dns_zone_exists(zone): > +err_msg = "The DNS zone %s is not managed on this IPA > server" % \ > + zone Same here -- "DNS zone %s cannot be managed as it is not defined in IPA"? > def setup(self, fqdn, ip_address, realm_name, domain_name, netbios_name, > - smbd_user="samba"): > + no_msdcs, smbd_user="samba"): Maybe we could make no_msdcs defaulting to False here? I.e. +no_msdcs=False, smbd_user="samba"): It would make more clear what is the default and that it is really optional setting -- I'm thinking from the perspective of maintenance of the code in future. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote: > Hi, > > this patch adds DNS service records for for Windows systems during the > setup of trust support. > > Fixes https://fedorahosted.org/freeipa/ticket/1939. > > bye, > Sumit Alexander made some comments on irc which I tried to integrate into this new version of the patch. bye, Sumit >From 71a4c7940d3726225e5e2c4c1fb88609707b6f18 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 13 Oct 2011 12:01:57 +0200 Subject: [PATCH] Add DNS service records for Windows https://fedorahosted.org/freeipa/ticket/1939 --- install/tools/ipa-adtrust-install |5 ++- install/tools/man/ipa-adtrust-install.1 |3 ++ ipaserver/install/adtrustinstance.py| 59 +- 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index cc99b5551ede7787ce296bae594553da74da0ffa..4230094742e5c390dd7f8b671500ca75639611b8 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -44,6 +44,9 @@ def parse_options(): type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--netbios-name", dest="netbios_name", help="NetBIOS name of the IPA domain") +parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true", + default=False, help="Do not create DNS service records " \ + "for Windows in managed DNS server") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") @@ -196,7 +199,7 @@ def main(): api.Backend.ldap2.connect(ccache) smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain, - netbios_name) + netbios_name, options.no_msdcs) smb.create_instance() print "==" diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index a3981adf48d14cc0e540c646fff099490203f862..b61da19088b40d6a9e53784f9a061913ecda4321 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this is determined based \fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name. .TP +\fB\-\-no\-msdcs\fR +Do not create DNS service records for Windows in managed DNS server +.TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .SH "EXIT STATUS" diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index d1dc759c611f03215b461b8fe7ebc32d15dc857a..0723e31fff67451aefd62fb1b756b19ba0a422f9 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -27,7 +27,9 @@ import tempfile import installutils from ipaserver import ipaldap from ipaserver.install.dsinstance import realm_to_serverid -from ipalib import errors +from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \ + dns_zone_exists +from ipalib import errors, api from ipapython import sysrestore from ipapython import ipautil @@ -246,6 +248,56 @@ class ADTRUSTInstance(service.Service): except ipautil.CalledProcessError, e: logging.critical("Failed to add key for %s" % cifs_principal) +def __add_dns_service_records(self): +""" +Add DNS service records for Windows if DNS is enabled and the DNS zone +is managed. If there are already service records for LDAP and Kerberos +their values are used. Otherwise default values are used. +""" + +zone = self.domain_name +host = self.fqdn.split(".")[0] + +ipa_srv_rec = ( +("_ldap._tcp", ["0 100 389 %s" % host]), +("_kerberos._tcp", ["0 100 88 %s" % host]), +("_kerberos._udp", ["0 100 88 %s" % host]) +) +win_srv_suffix = (".Default-First-Site-Name._sites.dc._msdcs", + ".dc._msdcs") + +err_msg = None +ret = api.Command.dns_is_enabled() +if not ret['result']: +err_msg = "DNS is not enabled in this IPA server." +else: +if not dns_zone_exists(zone): +err_msg = "The DNS zone %s is not managed on this IPA server" % \ + zone + +if err_msg: +print err_msg +print "Add the following service records to your DNS server " \ + "for DNS zone %s: " % zone +for (srv, rdata) in ipa_srv_rec: +