Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Mon, 2011-11-28 at 18:16 +0100, Sumit Bose wrote: > On Mon, Nov 28, 2011 at 02:26:00PM +0200, Alexander Bokovoy wrote: > > On Fri, 25 Nov 2011, Sumit Bose wrote: > > > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > > > > Alexander Bokovoy wrote: > > > > >Hi Sumit, > > > > > > > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > > > > >>>It would make more clear what is the default and that it is really > > > > >>>optional setting -- I'm thinking from the perspective of maintenance > > > > >>>of the code in future. > > > > >> > > > > >>Thank you for your comments, new version attached. > > > > >Finally got to test it. ACK. > > > > > > > > > > > > > pushed to master. > > > > > > Sorry, I think you pushed the first version and not -3- which was ACKed > > > by Alexander. > > Hm. Sumit, could you please rebase -3- on top of current master > > HEAD+(1)? > > > > I tried that briefly myself and failed. > > > > (1) Right now I'm also getting make-lint failing due to more strict > > PyLint in F16/Rawhide and those seems to be corect and also affect > > adtrustinstance. > > > > I'm sending the patch shortly, so please rebase on top of it. > > ok, rebased version is attached. To push this upstream you still have to > revert the wrong commit. > > bye, > Sumit I reverted the wrong version of patch so that Sumit can provide correct rebased version: master: ac45a5eee8382ab62b7c8b7c78c2bca36e5bf8a6 Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Mon, Nov 28, 2011 at 02:26:00PM +0200, Alexander Bokovoy wrote:
> On Fri, 25 Nov 2011, Sumit Bose wrote:
> > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote:
> > > Alexander Bokovoy wrote:
> > > >Hi Sumit,
> > > >
> > > >On Fri, 14 Oct 2011, Sumit Bose wrote:
> > > >>>It would make more clear what is the default and that it is really
> > > >>>optional setting -- I'm thinking from the perspective of maintenance
> > > >>>of the code in future.
> > > >>
> > > >>Thank you for your comments, new version attached.
> > > >Finally got to test it. ACK.
> > > >
> > >
> > > pushed to master.
> >
> > Sorry, I think you pushed the first version and not -3- which was ACKed
> > by Alexander.
> Hm. Sumit, could you please rebase -3- on top of current master
> HEAD+(1)?
>
> I tried that briefly myself and failed.
>
> (1) Right now I'm also getting make-lint failing due to more strict
> PyLint in F16/Rawhide and those seems to be corect and also affect
> adtrustinstance.
>
> I'm sending the patch shortly, so please rebase on top of it.
ok, rebased version is attached. To push this upstream you still have to
revert the wrong commit.
bye,
Sumit
>
> --
> / Alexander Bokovoy
>From 9d8f35baa97c332e4eb676d01815cc68050f37ef Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 13 Oct 2011 12:01:57 +0200
Subject: [PATCH] Add DNS service records for Windows
https://fedorahosted.org/freeipa/ticket/1939
---
install/tools/ipa-adtrust-install |5 ++-
install/tools/man/ipa-adtrust-install.1 |3 ++
ipaserver/install/adtrustinstance.py| 59 +-
3 files changed, 64 insertions(+), 3 deletions(-)
diff --git a/install/tools/ipa-adtrust-install
b/install/tools/ipa-adtrust-install
index
9a6e61c2c5e8148a13d51718edc4e38a65af1fec..87fecbfb4834d65fdccc3f8536a5665ba75e48a5
100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -45,6 +45,9 @@ def parse_options():
type="ip", ip_local=True, help="Master Server IP
Address")
parser.add_option("--netbios-name", dest="netbios_name",
help="NetBIOS name of the IPA domain")
+parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true",
+ default=False, help="Do not create DNS service records "
\
+ "for Windows in managed DNS server")
parser.add_option("-U", "--unattended", dest="unattended",
action="store_true",
default=False, help="unattended installation never
prompts the user")
@@ -197,7 +200,7 @@ def main():
api.Backend.ldap2.connect(ccache)
smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
- netbios_name)
+ netbios_name, options.no_msdcs)
smb.create_instance()
print
"=="
diff --git a/install/tools/man/ipa-adtrust-install.1
b/install/tools/man/ipa-adtrust-install.1
index
a3981adf48d14cc0e540c646fff099490203f862..b61da19088b40d6a9e53784f9a061913ecda4321
100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this
is determined based
\fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR
The NetBIOS name for the IPA domain. If not provided then this is determined
based on the leading component of the DNS domain name.
.TP
+\fB\-\-no\-msdcs\fR
+Do not create DNS service records for Windows in managed DNS server
+.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.SH "EXIT STATUS"
diff --git a/ipaserver/install/adtrustinstance.py
b/ipaserver/install/adtrustinstance.py
index
1fcf9e03716a1b31aac47e206adc6ee86eee1cd9..bbda11cc752923e010a06daac87aaba532cfbbb4
100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -25,7 +25,9 @@ import tempfile
import installutils
from ipaserver import ipaldap
from ipaserver.install.dsinstance import realm_to_serverid
-from ipalib import errors
+from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \
+ dns_zone_exists
+from ipalib import errors, api
from ipapython import sysrestore
from ipapython import ipautil
from ipapython.ipa_log_manager import *
@@ -245,6 +247,56 @@ class ADTRUSTInstance(service.Service):
except ipautil.CalledProcessError, e:
root_logger.critical("Failed to add key for %s" % cifs_principal)
+def __add_dns_service_records(self):
+"""
+Add DNS service records for Windows if DNS is enabled and the DNS zone
+is managed. If there are already service records for LDAP and Kerberos
+their values are used. Otherwise default values are used.
+"""
+
+zone = self.domain_name
+host = self.fqdn.split(".")[0]
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, 25 Nov 2011, Sumit Bose wrote: > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > > Alexander Bokovoy wrote: > > >Hi Sumit, > > > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > > >>>It would make more clear what is the default and that it is really > > >>>optional setting -- I'm thinking from the perspective of maintenance > > >>>of the code in future. > > >> > > >>Thank you for your comments, new version attached. > > >Finally got to test it. ACK. > > > > > > > pushed to master. > > Sorry, I think you pushed the first version and not -3- which was ACKed > by Alexander. Hm. Sumit, could you please rebase -3- on top of current master HEAD+(1)? I tried that briefly myself and failed. (1) Right now I'm also getting make-lint failing due to more strict PyLint in F16/Rawhide and those seems to be corect and also affect adtrustinstance. I'm sending the patch shortly, so please rebase on top of it. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote: > Alexander Bokovoy wrote: > >Hi Sumit, > > > >On Fri, 14 Oct 2011, Sumit Bose wrote: > >>>It would make more clear what is the default and that it is really > >>>optional setting -- I'm thinking from the perspective of maintenance > >>>of the code in future. > >> > >>Thank you for your comments, new version attached. > >Finally got to test it. ACK. > > > > pushed to master. Sorry, I think you pushed the first version and not -3- which was ACKed by Alexander. bye, Sumit ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
Alexander Bokovoy wrote: Hi Sumit, On Fri, 14 Oct 2011, Sumit Bose wrote: It would make more clear what is the default and that it is really optional setting -- I'm thinking from the perspective of maintenance of the code in future. Thank you for your comments, new version attached. Finally got to test it. ACK. pushed to master. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
Hi Sumit, On Fri, 14 Oct 2011, Sumit Bose wrote: > > It would make more clear what is the default and that it is really > > optional setting -- I'm thinking from the perspective of maintenance > > of the code in future. > > Thank you for your comments, new version attached. Finally got to test it. ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, 14 Oct 2011, Sumit Bose wrote: > Thank you for your comments, new version attached. ACK from code reading. I'll try to test it once 2.1.3 is released, if you don't mind. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, Oct 14, 2011 at 08:21:51PM +0300, Alexander Bokovoy wrote:
> On Fri, 14 Oct 2011, Sumit Bose wrote:
> > On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > this patch adds DNS service records for for Windows systems during the
> > > setup of trust support.
> > >
> > > Fixes https://fedorahosted.org/freeipa/ticket/1939.
> > >
> > > bye,
> > > Sumit
> >
> > Alexander made some comments on irc which I tried to integrate into this
> > new version of the patch.
> Looks good now. I haven't tested it in real life and there are very
> few minor comments bellow.
>
> > +err_msg = None
> > +ret = api.Command.dns_is_enabled()
> > +if not ret['result']:
> > +err_msg = "DNS is not enabled in this IPA server."
> Maybe "DNS management was not enabled at install time."?
>
> > +else:
> > +if not dns_zone_exists(zone):
> > +err_msg = "The DNS zone %s is not managed on this IPA
> > server" % \
> > + zone
> Same here -- "DNS zone %s cannot be managed as it is not defined in IPA"?
>
> > def setup(self, fqdn, ip_address, realm_name, domain_name,
> > netbios_name,
> > - smbd_user="samba"):
> > + no_msdcs, smbd_user="samba"):
> Maybe we could make no_msdcs defaulting to False here? I.e.
> +no_msdcs=False, smbd_user="samba"):
>
> It would make more clear what is the default and that it is really
> optional setting -- I'm thinking from the perspective of maintenance
> of the code in future.
Thank you for your comments, new version attached.
bye,
Sumit
>
> --
> / Alexander Bokovoy
>From c189f360c15aa24d1e896218856e63cfdfadaa40 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 13 Oct 2011 12:01:57 +0200
Subject: [PATCH] Add DNS service records for Windows
https://fedorahosted.org/freeipa/ticket/1939
---
install/tools/ipa-adtrust-install |5 ++-
install/tools/man/ipa-adtrust-install.1 |3 ++
ipaserver/install/adtrustinstance.py| 59 +-
3 files changed, 64 insertions(+), 3 deletions(-)
diff --git a/install/tools/ipa-adtrust-install
b/install/tools/ipa-adtrust-install
index
cc99b5551ede7787ce296bae594553da74da0ffa..4230094742e5c390dd7f8b671500ca75639611b8
100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -44,6 +44,9 @@ def parse_options():
type="ip", ip_local=True, help="Master Server IP
Address")
parser.add_option("--netbios-name", dest="netbios_name",
help="NetBIOS name of the IPA domain")
+parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true",
+ default=False, help="Do not create DNS service records "
\
+ "for Windows in managed DNS server")
parser.add_option("-U", "--unattended", dest="unattended",
action="store_true",
default=False, help="unattended installation never
prompts the user")
@@ -196,7 +199,7 @@ def main():
api.Backend.ldap2.connect(ccache)
smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
- netbios_name)
+ netbios_name, options.no_msdcs)
smb.create_instance()
print
"=="
diff --git a/install/tools/man/ipa-adtrust-install.1
b/install/tools/man/ipa-adtrust-install.1
index
a3981adf48d14cc0e540c646fff099490203f862..b61da19088b40d6a9e53784f9a061913ecda4321
100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this
is determined based
\fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR
The NetBIOS name for the IPA domain. If not provided then this is determined
based on the leading component of the DNS domain name.
.TP
+\fB\-\-no\-msdcs\fR
+Do not create DNS service records for Windows in managed DNS server
+.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.SH "EXIT STATUS"
diff --git a/ipaserver/install/adtrustinstance.py
b/ipaserver/install/adtrustinstance.py
index
d1dc759c611f03215b461b8fe7ebc32d15dc857a..17140a372f3c61d4b14503b5f28ff6c87d88b8dc
100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -27,7 +27,9 @@ import tempfile
import installutils
from ipaserver import ipaldap
from ipaserver.install.dsinstance import realm_to_serverid
-from ipalib import errors
+from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \
+ dns_zone_exists
+from ipalib import errors, api
from ipapython import sysrestore
from ipapython import ipautil
@@ -246,6 +248,56 @@ class ADTRUSTInstance(service.Service):
except ipautil.CalledProcessError, e:
lo
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, 14 Oct 2011, Sumit Bose wrote: > On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote: > > Hi, > > > > this patch adds DNS service records for for Windows systems during the > > setup of trust support. > > > > Fixes https://fedorahosted.org/freeipa/ticket/1939. > > > > bye, > > Sumit > > Alexander made some comments on irc which I tried to integrate into this > new version of the patch. Looks good now. I haven't tested it in real life and there are very few minor comments bellow. > +err_msg = None > +ret = api.Command.dns_is_enabled() > +if not ret['result']: > +err_msg = "DNS is not enabled in this IPA server." Maybe "DNS management was not enabled at install time."? > +else: > +if not dns_zone_exists(zone): > +err_msg = "The DNS zone %s is not managed on this IPA > server" % \ > + zone Same here -- "DNS zone %s cannot be managed as it is not defined in IPA"? > def setup(self, fqdn, ip_address, realm_name, domain_name, netbios_name, > - smbd_user="samba"): > + no_msdcs, smbd_user="samba"): Maybe we could make no_msdcs defaulting to False here? I.e. +no_msdcs=False, smbd_user="samba"): It would make more clear what is the default and that it is really optional setting -- I'm thinking from the perspective of maintenance of the code in future. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 8 Add DNS service records for Windows
On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote:
> Hi,
>
> this patch adds DNS service records for for Windows systems during the
> setup of trust support.
>
> Fixes https://fedorahosted.org/freeipa/ticket/1939.
>
> bye,
> Sumit
Alexander made some comments on irc which I tried to integrate into this
new version of the patch.
bye,
Sumit
>From 71a4c7940d3726225e5e2c4c1fb88609707b6f18 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 13 Oct 2011 12:01:57 +0200
Subject: [PATCH] Add DNS service records for Windows
https://fedorahosted.org/freeipa/ticket/1939
---
install/tools/ipa-adtrust-install |5 ++-
install/tools/man/ipa-adtrust-install.1 |3 ++
ipaserver/install/adtrustinstance.py| 59 +-
3 files changed, 64 insertions(+), 3 deletions(-)
diff --git a/install/tools/ipa-adtrust-install
b/install/tools/ipa-adtrust-install
index
cc99b5551ede7787ce296bae594553da74da0ffa..4230094742e5c390dd7f8b671500ca75639611b8
100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -44,6 +44,9 @@ def parse_options():
type="ip", ip_local=True, help="Master Server IP
Address")
parser.add_option("--netbios-name", dest="netbios_name",
help="NetBIOS name of the IPA domain")
+parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true",
+ default=False, help="Do not create DNS service records "
\
+ "for Windows in managed DNS server")
parser.add_option("-U", "--unattended", dest="unattended",
action="store_true",
default=False, help="unattended installation never
prompts the user")
@@ -196,7 +199,7 @@ def main():
api.Backend.ldap2.connect(ccache)
smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
- netbios_name)
+ netbios_name, options.no_msdcs)
smb.create_instance()
print
"=="
diff --git a/install/tools/man/ipa-adtrust-install.1
b/install/tools/man/ipa-adtrust-install.1
index
a3981adf48d14cc0e540c646fff099490203f862..b61da19088b40d6a9e53784f9a061913ecda4321
100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this
is determined based
\fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR
The NetBIOS name for the IPA domain. If not provided then this is determined
based on the leading component of the DNS domain name.
.TP
+\fB\-\-no\-msdcs\fR
+Do not create DNS service records for Windows in managed DNS server
+.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.SH "EXIT STATUS"
diff --git a/ipaserver/install/adtrustinstance.py
b/ipaserver/install/adtrustinstance.py
index
d1dc759c611f03215b461b8fe7ebc32d15dc857a..0723e31fff67451aefd62fb1b756b19ba0a422f9
100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -27,7 +27,9 @@ import tempfile
import installutils
from ipaserver import ipaldap
from ipaserver.install.dsinstance import realm_to_serverid
-from ipalib import errors
+from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \
+ dns_zone_exists
+from ipalib import errors, api
from ipapython import sysrestore
from ipapython import ipautil
@@ -246,6 +248,56 @@ class ADTRUSTInstance(service.Service):
except ipautil.CalledProcessError, e:
logging.critical("Failed to add key for %s" % cifs_principal)
+def __add_dns_service_records(self):
+"""
+Add DNS service records for Windows if DNS is enabled and the DNS zone
+is managed. If there are already service records for LDAP and Kerberos
+their values are used. Otherwise default values are used.
+"""
+
+zone = self.domain_name
+host = self.fqdn.split(".")[0]
+
+ipa_srv_rec = (
+("_ldap._tcp", ["0 100 389 %s" % host]),
+("_kerberos._tcp", ["0 100 88 %s" % host]),
+("_kerberos._udp", ["0 100 88 %s" % host])
+)
+win_srv_suffix = (".Default-First-Site-Name._sites.dc._msdcs",
+ ".dc._msdcs")
+
+err_msg = None
+ret = api.Command.dns_is_enabled()
+if not ret['result']:
+err_msg = "DNS is not enabled in this IPA server."
+else:
+if not dns_zone_exists(zone):
+err_msg = "The DNS zone %s is not managed on this IPA server"
% \
+ zone
+
+if err_msg:
+print err_msg
+print "Add the following service records to your DNS server " \
+ "for DNS zone %s: " % zone
+for (srv, rdata) in ipa_srv_rec:
+
