[Freeipa-devel] [PATCH 0064-0065] ipa-dns-install offers IP addresses from resolv.conf as default forwarder
Jan Cholasta
jcholast at redhat.com
Thu Nov 26 08:01:43 UTC 2015
On 11.11.2015 15:27, Petr Spacek wrote:
> On 11.11.2015 09:36, Martin Babinsky wrote:
>> On 11/11/2015 09:32 AM, Jan Cholasta wrote:
>>> On 11.11.2015 09:27, Martin Babinsky wrote:
>>>> On 11/11/2015 08:12 AM, Jan Cholasta wrote:
>>>>> On 10.11.2015 16:58, Petr Spacek wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Patch 64:
>>>>>> ipa-dns-install offer IP addresses from resolv.conf as default
>>>>>> forwarders
>>>>>>
>>>>>> In non-interactive more option --auto-forwarders can be used to do the
>>>>>> same. --forward option can be used to supply additional IP addresses.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/5438
>>>>>
>>>>> IMO it's perverse to add option which effectively means "use default
>>>>> value" instead of actually using the value as default. This is
>>>>> inconsistent with every other option and I don't see what makes
>>>>> forwarders so special to require this.
>>>>>
>>>>> NACK unless you have a strong justification for this.
>
> Motivation:
> /etc/resolv.conf holds nearest DNS servers. On the other hand, you want to
> have backup forwarder which may not be local but could work even if local ones
> fail.
>
> Option --default-forwarders reads list of "local" servers from resolv.conf and
> --forwarder option allows you to add additional IP addresses to it.
>
> So your Ansible script can contain call like:
> ipa-server-install --setup-dns --default-forwarder
> --forwarder=<company-wide-fallback>
> and you do not need to worry about mapping sites to nearest servers etc.
>
>>>> Is it possible to use default_getter decorator to fetch defaults for the
>>>> 'forwarders' knob from the resolver if it is avaliable like so (warning:
>>>> untested and possibly wrong)?
>>>
>>> Yes, this is exactly how it should be used (although the exception
>>> handling could be better).
>>>
>> That was just a quick example off the top of my head without much thought
>> going into it.
>>
>> Anyway, when running in interactive mode the installer can inform the user
>> that he found these forwarders as defaults and prompt whether they shoud be used.
>
> After discussion in person we decided to not use default_getter decorator
> because that would change current behavior in an unexpected way.
>
> Original option --auto-forwarders was renamed to --default-forwarders because
> it sounds nicer :-D
Turns out I misunderstood the intent here and after another discussion
in person we decided to go with the --auto-forwarders option.
ACK on the original patch.
Petr, could you please rebase patch 65 on top of current master?
--
Jan Cholasta
More information about the Freeipa-devel
mailing list