[Freeipa-devel] [PATCH 0538-0540] DNS locations: epilogue
Martin Basti
mbasti at redhat.com
Mon Jun 27 09:43:03 UTC 2016
On 27.06.2016 10:56, Petr Spacek wrote:
> On 24.6.2016 12:25, Martin Basti wrote:
>>
>> On 23.06.2016 18:26, Petr Spacek wrote:
>>> On 23.6.2016 16:38, Martin Basti wrote:
>>>> Patches attached.
>>>>
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>>
>>>>
>>>> freeipa-mbasti-0538-Revert-DNS-Locations-do-not-generate-location-record.patch
>>>>
>>>>
>>>> From 28499422115cbfbb343033511319c7c8710e1ff5 Mon Sep 17 00:00:00 2001
>>>> From: Martin Basti <mbasti at redhat.com>
>>>> Date: Tue, 21 Jun 2016 18:04:13 +0200
>>>> Subject: [PATCH 1/4] Revert "DNS Locations: do not generate location records
>>>> for unused locations"
>>>>
>>>> This reverts commit bbf8227e3fd678d4bd6659a12055ba3dbe1c8230.
>>>>
>>>> After deeper investigation, we found out that empty locations are needed
>>>> for clients, because clients may have cached records for longer time for
>>>> that particular location. Only way how to remove location is to remove
>>>> it using location-del
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>> ---
>>>> ipaserver/dns_data_management.py | 11 ++++-------
>>>> 1 file changed, 4 insertions(+), 7 deletions(-)
>>>>
>>>> diff --git a/ipaserver/dns_data_management.py
>>>> b/ipaserver/dns_data_management.py
>>>> index
>>>> a9e9c0a3856961b5494c8d3ca30ddb2e4aa5c523..eac2e7d1a5618ea92372bd81b7d12752791ef117
>>>> 100644
>>>> --- a/ipaserver/dns_data_management.py
>>>> +++ b/ipaserver/dns_data_management.py
>>>> @@ -68,7 +68,6 @@ class IPASystemRecords(object):
>>>> self.api_instance = api_instance
>>>> self.domain_abs =
>>>> DNSName(self.api_instance.env.domain).make_absolute()
>>>> self.servers_data = {}
>>>> - self.used_locations = set()
>>>> self.__init_data()
>>>> def reload_data(self):
>>>> @@ -92,7 +91,6 @@ class IPASystemRecords(object):
>>>> def __init_data(self):
>>>> self.servers_data = {}
>>>> - self.used_locations = set()
>>>> servers_result = self.api_instance.Command.server_find(
>>>> pkey_only=True)['result']
>>>> @@ -104,8 +102,6 @@ class IPASystemRecords(object):
>>>> 'location': location,
>>>> 'roles': roles,
>>>> }
>>>> - if location:
>>>> - self.used_locations.add(location)
>>>> def __add_srv_records(
>>>> self, zone_obj, hostname, rname_port_map,
>>>> @@ -353,12 +349,13 @@ class IPASystemRecords(object):
>>>> pkey_only=True)['result']
>>>> servers = [s['cn'][0] for s in servers_result]
>>>> - # generate only records for used location, records for unassigned
>>>> - # locations are useless
>>>> + locations_result =
>>>> self.api_instance.Command.location_find()['result']
>>>> + locations = [l['idnsname'][0] for l in locations_result]
>>>> +
>>>> for server in servers:
>>>> self._get_location_dns_records_for_server(
>>>> zone_obj, server,
>>>> - self.used_locations, roles=roles,
>>>> + locations, roles=roles,
>>>> include_master_role=include_master_role)
>>>> return zone_obj
>>>> -- 2.5.5
>>>>
>>>>
>>>> freeipa-mbasti-0539-DNS-Locations-hide-option-no-msdcs-in-adtrust-instal.patch
>>>>
>>>>
>>>> From 37cae4f05cd3c0a2c4de037402938a5437dbc072 Mon Sep 17 00:00:00 2001
>>>> From: Martin Basti <mbasti at redhat.com>
>>>> Date: Tue, 21 Jun 2016 18:17:55 +0200
>>>> Subject: [PATCH 2/4] DNS Locations: hide option --no-msdcs in adtrust-install
>>>>
>>>> Since DNS location mechanism is active, this option has no effect,
>>>> because records are generate dynamically.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>> ---
>>>> install/tools/ipa-adtrust-install | 10 +++++++---
>>>> ipaserver/install/adtrustinstance.py | 21 ++++++++-------------
>>>> 2 files changed, 15 insertions(+), 16 deletions(-)
>>>>
>>>> diff --git a/install/tools/ipa-adtrust-install
>>>> b/install/tools/ipa-adtrust-install
>>>> index
>>>> 5babcdb7cb169e4a944acca55739064e0464d41e..5ba72a65d00ca683239a4ff3c5e7cfdc62c0bb6c
>>>> 100755
>>>> --- a/install/tools/ipa-adtrust-install
>>>> +++ b/install/tools/ipa-adtrust-install
>>>> @@ -29,6 +29,8 @@ import ldap
>>>> import six
>>>> +from optparse import SUPPRESS_HELP
>>>> +
>>>> from ipaserver.install import adtrustinstance
>>>> from ipaserver.install.installutils import (
>>>> read_password,
>>>> @@ -54,9 +56,11 @@ def parse_options():
>>>> default=False, help="print debugging information")
>>>> parser.add_option("--netbios-name", dest="netbios_name",
>>>> help="NetBIOS name of the IPA domain")
>>>> +
>>>> + # no-msdcs has not effect, option is here just for backward compatibility
>>>> parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true",
>>>> - default=False, help="Do not create DNS service
>>>> records " \
>>>> - "for Windows in managed DNS
>>>> server")
>>>> + default=False, help=SUPPRESS_HELP)
>>>> +
>>>> parser.add_option("--rid-base", dest="rid_base", type=int, default=1000,
>>>> help="Start value for mapping UIDs and GIDs to RIDs")
>>>> parser.add_option("--secondary-rid-base", dest="secondary_rid_base",
>>>> @@ -390,7 +394,7 @@ def main():
>>>> smb.setup(api.env.host, api.env.realm,
>>>> netbios_name, reset_netbios_name,
>>>> options.rid_base, options.secondary_rid_base,
>>>> - options.no_msdcs, options.add_sids,
>>>> + options.add_sids,
>>>> enable_compat = options.enable_compat)
>>>> smb.find_local_id_range()
>>>> smb.create_instance()
>>>> diff --git a/ipaserver/install/adtrustinstance.py
>>>> b/ipaserver/install/adtrustinstance.py
>>>> index
>>>> 6ab15df27216580d440ce72386113d6872c046b2..0114a33a046b863b7e901c3d6f02044f18c45f85
>>>> 100644
>>>> --- a/ipaserver/install/adtrustinstance.py
>>>> +++ b/ipaserver/install/adtrustinstance.py
>>>> @@ -124,7 +124,6 @@ class ADTRUSTInstance(service.Service):
>>>> def __init__(self, fstore=None):
>>>> self.netbios_name = None
>>>> self.reset_netbios_name = None
>>>> - self.no_msdcs = None
>>>> self.add_sids = None
>>>> self.smbd_user = None
>>>> self.smb_dn_pwd = None
>>>> @@ -585,17 +584,14 @@ class ADTRUSTInstance(service.Service):
>>>> err_msg = None
>>>> - if self.no_msdcs:
>>>> - err_msg = '--no-msdcs was given, special DNS service records ' \
>>>> - 'are not added to local DNS server'
>>>> + ret = api.Command['dns_is_enabled']()
>>>> + if not ret['result']:
>>>> + err_msg = "DNS management was not enabled at install time."
>>>> else:
>>>> - ret = api.Command['dns_is_enabled']()
>>>> - if not ret['result']:
>>>> - err_msg = "DNS management was not enabled at install time."
>>>> - else:
>>>> - if not dns_zone_exists(zone):
>>>> - err_msg = "DNS zone %s cannot be managed " \
>>>> - "as it is not defined in IPA" % zone
>>>> + if not dns_zone_exists(zone):
>>>> + err_msg = (
>>>> + "DNS zone %s cannot be managed as it is not defined in "
>>>> + "IPA" % zone)
>>>> if err_msg:
>>>> self.print_msg(err_msg)
>>>> @@ -766,7 +762,7 @@ class ADTRUSTInstance(service.Service):
>>>> def setup(self, fqdn, realm_name, netbios_name,
>>>> reset_netbios_name, rid_base, secondary_rid_base,
>>>> - no_msdcs=False, add_sids=False, smbd_user="samba",
>>>> + add_sids=False, smbd_user="samba",
>>>> enable_compat=False):
>>>> self.fqdn = fqdn
>>>> self.realm = realm_name
>>>> @@ -774,7 +770,6 @@ class ADTRUSTInstance(service.Service):
>>>> self.reset_netbios_name = reset_netbios_name
>>>> self.rid_base = rid_base
>>>> self.secondary_rid_base = secondary_rid_base
>>>> - self.no_msdcs = no_msdcs
>>>> self.add_sids = add_sids
>>>> self.enable_compat = enable_compat
>>>> self.smbd_user = smbd_user
>>>> -- 2.5.5
>>>>
>>>>
>>>> freeipa-mbasti-0540-DNS-Locations-optimization-use-server-find-to-get-in.patch
>>>>
>>>>
>>>> From 86a3e48bd2494867cdf538d6902ef65cbaada1af Mon Sep 17 00:00:00 2001
>>>> From: Martin Basti <mbasti at redhat.com>
>>>> Date: Wed, 22 Jun 2016 13:12:52 +0200
>>>> Subject: [PATCH 3/4] DNS Locations: optimization: use server-find to get
>>>> information
>>>>
>>>> Because separated calls for of server-show, getting server data is quite
>>>> slow. This commit replaces several server-show with one server-find
>>>> command. There are future plans to improve speed of server-find that
>>>> will be beneficial for DNS locations.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>> ---
>>>> ipaserver/dns_data_management.py | 10 ++++------
>>>> 1 file changed, 4 insertions(+), 6 deletions(-)
>>>>
>>>> diff --git a/ipaserver/dns_data_management.py
>>>> b/ipaserver/dns_data_management.py
>>>> index
>>>> eac2e7d1a5618ea92372bd81b7d12752791ef117..e7f65958fb908426ad186b327c3e8cb8f37d66f4
>>>> 100644
>>>> --- a/ipaserver/dns_data_management.py
>>>> +++ b/ipaserver/dns_data_management.py
>>>> @@ -78,8 +78,7 @@ class IPASystemRecords(object):
>>>> """
>>>> self.__init_data()
>>>> - def __get_server_attrs(self, hostname):
>>>> - server_result =
>>>> self.api_instance.Command.server_show(hostname)['result']
>>>> + def __get_server_attrs(self, server_result):
>>>> weight = int(server_result.get('ipaserviceweight', [u'100'])[0])
>>>> location = server_result.get('ipalocation_location', [None])[0]
>>>> roles = set(server_result.get('enabled_role_servrole', ()))
>>>> @@ -93,11 +92,10 @@ class IPASystemRecords(object):
>>>> self.servers_data = {}
>>>> servers_result = self.api_instance.Command.server_find(
>>>> - pkey_only=True)['result']
>>>> - servers = [s['cn'][0] for s in servers_result]
>>>> - for s in servers:
>>>> + no_members=False)['result']
>>>> + for s in servers_result:
>>>> weight, location, roles = self.__get_server_attrs(s)
>>>> - self.servers_data[s] = {
>>>> + self.servers_data[s['cn'][0]] = {
>>>> 'weight': weight,
>>>> 'location': location,
>>>> 'roles': roles,
>>>> -- 2.5.5
>>>>
>>>>
>>>> freeipa-mbasti-0541-DNS-Locations-cleanup-of-bininstance.patch
>>>>
>>>>
>>>> From 6161501cc11a25b811bd56ba0244b00eaa9edbe0 Mon Sep 17 00:00:00 2001
>>>> From: Martin Basti <mbasti at redhat.com>
>>>> Date: Thu, 23 Jun 2016 14:50:11 +0200
>>>> Subject: [PATCH 4/4] DNS Locations: cleanup of bininstance
>>>>
>>>> We don't need anymore:
>>>> * sample of zone file - list of all records required by IPa will be
>>>> provided
>>>>
>>>> * NTP related params - DNS records will be updated automatically,
>>>> based on LDAP values
>>>>
>>>> * CA related params - DNS records will be updated automatically based
>>>> * on LDAP values
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>> ---
>>>> install/share/bind.zone.db.template | 29 ---------------
>>>> ipaserver/dns_data_management.py | 9 +++++
>>>> ipaserver/install/bindinstance.py | 58
>>>> ++++++++----------------------
>>>> ipaserver/install/dns.py | 5 ++-
>>>> ipaserver/install/server/install.py | 8 ++---
>>>> ipaserver/install/server/replicainstall.py | 4 +--
>>>> 6 files changed, 30 insertions(+), 83 deletions(-)
>>>> delete mode 100644 install/share/bind.zone.db.template
>>>>
>>>> diff --git a/install/share/bind.zone.db.template
>>>> b/install/share/bind.zone.db.template
>>>> deleted file mode 100644
>>>> index
>>>> ec175c60825869ea9b86f7d1351a96189028b5d4..0000000000000000000000000000000000000000
>>>>
>>>> --- a/install/share/bind.zone.db.template
>>>> +++ /dev/null
>>>> @@ -1,29 +0,0 @@
>>>> -$$ORIGIN $DOMAIN.
>>>> -$$TTL 86400
>>>> -@ IN SOA $DOMAIN. $ZONEMGR (
>>>> - 01 ; serial
>>>> - 3H ; refresh
>>>> - 15M ; retry
>>>> - 1W ; expiry
>>>> - 1D ) ; minimum
>>>> -
>>>> - IN NS $HOST
>>>> -$HOST IN A $IP
>>>> -;
>>>> -; ldap servers
>>>> -_ldap._tcp IN SRV 0 100 389 $HOST
>>>> -
>>>> -;kerberos realm
>>>> -_kerberos IN TXT $REALM
>>>> -
>>>> -; kerberos servers
>>>> -_kerberos._tcp IN SRV 0 100 88 $HOST
>>>> -_kerberos._udp IN SRV 0 100 88 $HOST
>>>> -_kerberos-master._tcp IN SRV 0 100 88 $HOST
>>>> -_kerberos-master._udp IN SRV 0 100 88 $HOST
>>>> -_kpasswd._tcp IN SRV 0 100 464 $HOST
>>>> -_kpasswd._udp IN SRV 0 100 464 $HOST
>>>> -$OPTIONAL_NTP
>>>> -
>>>> -; CNAME for IPA CA replicas (used for CRL, OCSP)
>>>> -$IPA_CA_RECORD
>>>> diff --git a/ipaserver/dns_data_management.py
>>>> b/ipaserver/dns_data_management.py
>>>> index
>>>> e7f65958fb908426ad186b327c3e8cb8f37d66f4..48717c7c478ea4ea62e6cdfe169fd9fe99c0880b
>>>> 100644
>>>> --- a/ipaserver/dns_data_management.py
>>>> +++ b/ipaserver/dns_data_management.py
>>>> @@ -477,3 +477,12 @@ class IPASystemRecords(object):
>>>> )
>>>> )
>>>> return records
>>>> +
>>>> + @classmethod
>>>> + def records_list_from_zone(cls, zone_obj, sort=True):
>>>> + records = []
>>>> + for name, node in zone_obj.items():
>>>> + records.extend(IPASystemRecords.records_list_from_node(name,
>>>> node))
>>>> + if sort:
>>>> + records.sort()
>>>> + return records
>>>> diff --git a/ipaserver/install/bindinstance.py
>>>> b/ipaserver/install/bindinstance.py
>>>> index
>>>> 08c32f4837a5b4f72b78a52002a58c888db6cc91..a63b2dfd329f7cf535c2cf6e2d83b5c86fdddacf
>>>> 100644
>>>> --- a/ipaserver/install/bindinstance.py
>>>> +++ b/ipaserver/install/bindinstance.py
>>>> @@ -623,9 +623,9 @@ class BindInstance(service.Service):
>>>> suffix = ipautil.dn_attribute_property('_suffix')
>>>> def setup(self, fqdn, ip_addresses, realm_name, domain_name,
>>>> forwarders,
>>>> - forward_policy, ntp, reverse_zones,
>>>> + forward_policy, reverse_zones,
>>>> named_user=constants.NAMED_USER, zonemgr=None,
>>>> - ca_configured=None, no_dnssec_validation=False):
>>>> + no_dnssec_validation=False):
>>>> self.named_user = named_user
>>>> self.fqdn = fqdn
>>>> self.ip_addresses = ip_addresses
>>>> @@ -635,9 +635,7 @@ class BindInstance(service.Service):
>>>> self.forward_policy = forward_policy
>>>> self.host = fqdn.split(".")[0]
>>>> self.suffix = ipautil.realm_to_suffix(self.realm)
>>>> - self.ntp = ntp
>>>> self.reverse_zones = reverse_zones
>>>> - self.ca_configured = ca_configured
>>>> self.no_dnssec_validation=no_dnssec_validation
>>>> if not zonemgr:
>>>> @@ -666,12 +664,17 @@ class BindInstance(service.Service):
>>>> def host_in_default_domain(self):
>>>> return normalize_zone(self.host_domain) ==
>>>> normalize_zone(self.domain)
>>>> - def create_sample_bind_zone(self):
>>>> - bind_txt = ipautil.template_file(ipautil.SHARE_DIR +
>>>> "bind.zone.db.template", self.sub_dict)
>>>> - [bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.")
>>>> - os.write(bind_fd, bind_txt)
>>>> - os.close(bind_fd)
>>>> - print("Sample zone file for bind has been created in "+bind_name)
>>>> + def create_file_with_system_records(self):
>>>> + system_records = IPASystemRecords(self.api)
>>>> + text = u'\n'.join(
>>>> + IPASystemRecords.records_list_from_zone(
>>>> + system_records.get_base_records()
>>>> + )
>>>> + )
>>>> + [fd, name] = tempfile.mkstemp(".db","ipa.system.records.")
>>>> + os.write(fd, text)
>>>> + os.close(fd)
>>>> + print("Please add records in this file to your DNS system:", name)
>>>> def create_instance(self):
>>>> @@ -761,41 +764,10 @@ class BindInstance(service.Service):
>>>> root_logger.debug("Unable to mask named (%s)", e)
>>>> def __setup_sub_dict(self):
>>>> - if self.forwarders:
>>>> - fwds = "\n"
>>>> - for forwarder in self.forwarders:
>>>> - fwds += "\t\t%s;\n" % forwarder
>>>> - fwds += "\t"
>>>> - else:
>>>> - fwds = " "
>>>> -
>>>> - if self.ntp:
>>>> - optional_ntp = "\n;ntp server\n"
>>>> - optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" %
>>>> self.host_in_rr
>>>> - else:
>>>> - optional_ntp = ""
>>>> -
>>>> - ipa_ca = ""
>>>> - for addr in self.ip_addresses:
>>>> - if addr.version in (4, 6):
>>>> - ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % (
>>>> - IPA_CA_RECORD,
>>>> - "A" if addr.version == 4 else "AAAA",
>>>> - str(addr))
>>>> -
>>>> self.sub_dict = dict(
>>>> FQDN=self.fqdn,
>>>> - IP=[str(ip) for ip in self.ip_addresses],
>>>> - DOMAIN=self.domain,
>>>> - HOST=self.host,
>>>> - REALM=self.realm,
>>>> SERVER_ID=installutils.realm_to_serverid(self.realm),
>>>> - FORWARDERS=fwds,
>>>> - FORWARD_POLICY=self.forward_policy,
>>>> SUFFIX=self.suffix,
>>>> - OPTIONAL_NTP=optional_ntp,
>>>> - ZONEMGR=self.zonemgr,
>>>> - IPA_CA_RECORD=ipa_ca,
>>>> BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
>>>> MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
>>>> ROOT_KEY=paths.NAMED_ROOT_KEY,
>>>> @@ -1026,16 +998,14 @@ class BindInstance(service.Service):
>>>> ipautil.run([paths.GENERATE_RNDC_KEY])
>>>> def add_master_dns_records(self, fqdn, ip_addresses, realm_name,
>>>> domain_name,
>>>> - reverse_zones, ntp=False, ca_configured=None):
>>>> + reverse_zones):
>>>> self.fqdn = fqdn
>>>> self.ip_addresses = ip_addresses
>>>> self.realm = realm_name
>>>> self.domain = domain_name
>>>> self.host = fqdn.split(".")[0]
>>>> self.suffix = ipautil.realm_to_suffix(self.realm)
>>>> - self.ntp = ntp
>>>> self.reverse_zones = reverse_zones
>>>> - self.ca_configured = ca_configured
>>>> self.first_instance = False
>>>> self.zonemgr = 'hostmaster.%s' % self.domain
>>>> diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
>>>> index
>>>> 2ea11739e07c73132bddee01309af618532e9815..44ebd39dfa7f1d947061c3b4c0347242f8502be0
>>>> 100644
>>>> --- a/ipaserver/install/dns.py
>>>> +++ b/ipaserver/install/dns.py
>>>> @@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api):
>>>> bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
>>>> autobind=AUTOBIND_ENABLED)
>>>> bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
>>>> - options.forwarders, options.forward_policy, conf_ntp,
>>>> + options.forwarders, options.forward_policy,
>>>> reverse_zones, zonemgr=options.zonemgr,
>>>> - no_dnssec_validation=options.no_dnssec_validation,
>>>> - ca_configured=options.setup_ca)
>>>> + no_dnssec_validation=options.no_dnssec_validation)
>>>> if standalone and not options.unattended:
>>>> print("")
>>>> diff --git a/ipaserver/install/server/install.py
>>>> b/ipaserver/install/server/install.py
>>>> index
>>>> 930cca7b31ca06c04ab92deff49b6a4f198c2b6e..c28c095fb3cccd4cd412c0496374050434e438a1
>>>> 100644
>>>> --- a/ipaserver/install/server/install.py
>>>> +++ b/ipaserver/install/server/install.py
>>>> @@ -848,17 +848,17 @@ def install(installer):
>>>> if setup_ca:
>>>> services.knownservices['pki_tomcatd'].restart('pki-tomcat')
>>>> + api.Backend.ldap2.connect(autobind=True)
>>>> if options.setup_dns:
>>>> - api.Backend.ldap2.connect(autobind=True)
>>>> dns.install(False, False, options)
>>>> else:
>>>> # Create a BIND instance
>>>> bind = bindinstance.BindInstance(fstore, dm_password)
>>>> bind.setup(host_name, ip_addresses, realm_name,
>>>> - domain_name, (), 'first', not options.no_ntp, (),
>>>> - zonemgr=options.zonemgr, ca_configured=setup_ca,
>>>> + domain_name, (), 'first', (),
>>>> + zonemgr=options.zonemgr,
>>>> no_dnssec_validation=options.no_dnssec_validation)
>>>> - bind.create_sample_bind_zone()
>>>> + bind.create_file_with_system_records()
>>>> # Restart httpd to pick up the new IPA configuration
>>>> service.print_msg("Restarting the web server")
>>>> diff --git a/ipaserver/install/server/replicainstall.py
>>>> b/ipaserver/install/server/replicainstall.py
>>>> index
>>>> 52b2ea5b0691cd99c6cb566af5a15af3b2dffb14..0277d324a60b2893dda57119453dabf5df28ea10
>>>> 100644
>>>> --- a/ipaserver/install/server/replicainstall.py
>>>> +++ b/ipaserver/install/server/replicainstall.py
>>>> @@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api):
>>>> str(ip),
>>>> config.realm_name,
>>>> config.domain_name,
>>>> - reverse_zone,
>>>> - not options.no_ntp,
>>>> - options.setup_ca)
>>>> + reverse_zone)
>>>> except errors.NotFound as e:
>>>> root_logger.debug('Replica DNS records could not be added '
>>>> 'on master: %s', str(e))
>>>> -- 2.5.5
>>> While testing this patch I've found out that ipa-dns-install does not work
>>> idempotently anymore and explodes when re-run.
>>>
>>> I'm not sure what is the root cause yet.
>>>
>>> # ipa-dns-install --forwarder 10.34.78.1
>>>
>>> WARNING: yacc table file version is out of date
>>>
>>> The log file for this installation can be found in
>>> /var/log/ipaserver-install.log
>>> ==============================================================================
>>> This program will setup DNS for the FreeIPA Server.
>>>
>>> This includes:
>>> * Configure DNS (bind)
>>> * Configure SoftHSM (required by DNSSEC)
>>> * Configure ipa-dnskeysyncd (required by DNSSEC)
>>>
>>> NOTE: DNSSEC zone signing is not enabled by default
>>>
>>>
>>> To accept the default shown in brackets, press the Enter key.
>>>
>>> Checking DNS forwarders, please wait ...
>>> Do you want to search for missing reverse zones? [yes]:
>>>
>>> The following operations may take some minutes to complete.
>>> Please wait until the prompt is returned.
>>>
>>> Configuring DNS (named)
>>> [1/8]: generating rndc key file
>>> [2/8]: setting up our own record
>>> ipa : ERROR DNS query for
>>> vm-058-082.abc.idm.lab.eng.brq.redhat.com. A failed: The DNS operation timed
>>> out after 30.0012078285 seconds
>>> [error] DNSResolverError: The DNS operation timed out after 30.0012078285
>>> seconds
>>> Unexpected error - see /var/log/ipaserver-install.log for details:
>>> DNSResolverError: The DNS operation timed out after 30.0012078285 seconds
>>>
>>> 2016-06-23T15:41:54Z DEBUG [2/8]: setting up our own record
>>> 2016-06-23T15:41:54Z DEBUG raw:
>>> dnszone_show(u'abc.idm.lab.eng.brq.redhat.com', version=u'2.199')
>>> 2016-06-23T15:41:54Z DEBUG dnszone_show(<DNS name
>>> abc.idm.lab.eng.brq.redhat.com.>, rights=False, all=False, raw=False,
>>> version=u'2.199')
>>> 2016-06-23T15:42:24Z ERROR DNS query for
>>> vm-058-082.abc.idm.lab.eng.brq.redhat.com. A failed: The DNS operation timed
>>> out after 30.0012078285 seconds
>>> 2016-06-23T15:42:24Z DEBUG Traceback (most recent call last):
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 448, in start_creation
>>> run_step(full_msg, method)
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 438, in run_step
>>> method()
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
>>> line 860, in __add_self
>>> self.__add_master_records(self.fqdn, self.ip_addresses)
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py",
>>> line 843, in __add_master_records
>>> verify_host_resolvable(fqdn)
>>> File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 76, in
>>> verify_host_resolvable
>>> raise errors.DNSResolverError(exception=ex)
>>> DNSResolverError: The DNS operation timed out after 30.0012078285 seconds
>> IMO this the same case as https://fedorahosted.org/freeipa/ticket/5962 we
>> changed resolving of server hostname from gethosbyname() to pure DNS
>>
>> Workaround is to set nameserver to /etc/resolv.conf
>>>
>>>
>>> I was not able to test replica installation because of some weird ACI problem
>>> somewhere, replica install is failing with ACIError while adding ldap/replica
>>> principal. This is probably a regression from some other patchset.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5996
> NACK
>
> make[5]: *** No rule to make target 'bind.zone.db.template', needed by
> 'all-am'. Stop.
>
> I'm not exactly sure how I missed this before, possibly git clean -xdf was
> missing ...
>
My bad
updated patches attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0538.2-Revert-DNS-Locations-do-not-generate-location-record.patch
Type: text/x-patch
Size: 2535 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160627/b7e65606/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0539.2-DNS-Locations-hide-option-no-msdcs-in-adtrust-instal.patch
Type: text/x-patch
Size: 4588 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160627/b7e65606/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0540.2-DNS-Locations-optimization-use-server-find-to-get-in.patch
Type: text/x-patch
Size: 1992 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160627/b7e65606/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0541.2-DNS-Locations-cleanup-of-bininstance.patch
Type: text/x-patch
Size: 10729 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160627/b7e65606/attachment-0003.bin>
More information about the Freeipa-devel
mailing list