[Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.

David Kupka dkupka at redhat.com
Mon Jul 27 14:45:53 UTC 2015 

On 15/01/15 17:13, David Kupka wrote:
> On 01/15/2015 03:22 PM, David Kupka wrote:
>> On 01/15/2015 12:43 PM, David Kupka wrote:
>>> On 01/12/2015 06:34 PM, Martin Basti wrote:
>>>> On 09/01/15 14:43, David Kupka wrote:
>>>>> On 01/07/2015 04:15 PM, Martin Basti wrote:
>>>>>> On 07/01/15 12:27, David Kupka wrote:
>>>>>>> https://fedorahosted.org/freeipa/ticket/4249
>>>>>>
>>>>>> Thank you for patch:
>>>>>>
>>>>>> 1)
>>>>>> -        root_logger.error("Cannot update DNS records! "
>>>>>> -                          "Failed to connect to server '%s'.",
>>>>>> server)
>>>>>> +        ips = get_local_ipaddresses()
>>>>>> +    except CalledProcessError as e:
>>>>>> +        root_logger.error("Cannot update DNS records. %s" % e)
>>>>>>
>>>>>> IMO the error message should be more specific,  add there something
>>>>>> like
>>>>>> "Unable to get local IP addresses". at least in log.debug()
>>>>>>
>>>>>> 2)
>>>>>> +    lines = ipresult[0].replace('\\', '').split('\n')
>>>>>>
>>>>>> .replace() is not needed
>>>>>>
>>>>>> 3)
>>>>>> +    if len(ips) == 0:
>>>>>>
>>>>>> if not ips:
>>>>>>
>>>>>> is more pythonic by PEP8
>>>>>>
>>>>>>
>>>>> Thanks for catching these. Updated patch attached.
>>>>>
>>>> merciful NACK
>>>>
>>>> Thank you for the patch, unfortunately I hit one issue which needs
>>>> to be
>>>> resolved.
>>>>
>>>> If "sync PTR" is activated in zone settings, and reverse zone doesn't
>>>> exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
>>>> Error message, 'DNS update failed'. In fact, all A/AAAA records was
>>>> succesfully updated, only PTR records failed.
>>>>
>>>> Bind log:
>>>> named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
>>>> 'vm-101.example.com' AAAA
>>>>
>>>> named-pkcs11[28652]: PTR record synchronization (addition) for A/AAAA
>>>> 'vm-101.example.com.' refused: unable to find active reverse zone
>>>> for IP
>>>> address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
>>>>
>>>> With IPv6 we have several addresses from different reverse zones and
>>>> this situation may happen often.
>>>> I suggest following:
>>>> 1) Print list of addresses which will be updated. (Now if update fails,
>>>> user needs to read log, which addresses installer tried to update)
>>>> 2) Split nsupdates per A/AAAA record.
>>>> 3a) If failed, check with DNS query if A/AAAA and PTR record are there
>>>> and print proper error message
>>>> 3b) Just print A/AAAA (or PTR) record may not be updated for particular
>>>> IP address.
>>>>
>>>> Any other suggestions are welcome.
>>>>
>>>
>>> After long discussion with DNS and UX guru I've implemented it this way:
>>> 1. Call nsupdate only once with all updates.
>>> 2. Verify that the expected records are resolvable.
>>> 3. If no print list of missing A/AAAA, list of missing PTR records and
>>> list to mismatched PTR record.
>>>
>>> As this is running inside client we can't much more and it's up to user
>>> to check what's rotten in his DNS setup.
>>>
>>> Updated patch attached.
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>
>>
>>
>> One more change to behave well in -crazy- exotic environments that
>> resolves more PTR records for single IP.
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>
> Yet another change to make language nerds and our UX guru happy :-)
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>

Rebased patch attached.
-- 
David Kupka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-dkupka-0035-7-client-Update-DNS-with-all-available-local-IP-addres.patch
Type: text/x-patch
Size: 8527 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150727/ff5308d8/attachment.bin>

More information about the Freeipa-devel mailing list