Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers.
This patch adds more information about global DNS configuration options in install scripts and DNS module help. https://fedorahosted.org/freeipa/ticket/2525
>From 1f08ae0f10117ea279843615745e88c81201dbba Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 15 Mar 2012 13:51:59 +0100 Subject: [PATCH] Improve user awareness about dnsconfig Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers. This patch adds more information about global DNS configuration options in install scripts and DNS module help. https://fedorahosted.org/freeipa/ticket/2525 --- install/tools/ipa-dns-install | 3 +++ install/tools/ipa-replica-install | 4 ++++ install/tools/ipa-server-install | 3 +++ ipalib/plugins/dns.py | 22 ++++++++++++++++++++++ ipaserver/install/bindinstance.py | 20 ++++++++++++++++++++ 5 files changed, 52 insertions(+), 0 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 096020c5e2619c3719eed15098ec2b1239b720ce..b540630f4f2782603c31ce1905870c38c9af98ab 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -232,6 +232,9 @@ def main(): print "==============================================================================" print "Setup complete" print "" + bind.check_global_configuration() + print "" + print "" print "\tYou must make sure these network ports are open:" print "\t\tTCP Ports:" print "\t\t * 53: bind" diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 65f5229df222a54a6a159d6f2f31067015369d8d..07b1781ee7f99cacf1a3abbd6207b95f38da1807 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -229,6 +229,10 @@ def install_bind(config, options): config.domain_name, forwarders, options.conf_ntp, reverse_zone) bind.create_instance() + print "" + bind.check_global_configuration() + print "" + def install_dns_records(config, options): if not bindinstance.dns_container_exists(config.master_host_name, diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 9c7388b40dc00385e816bd939a1a843070eea662..1dd02ba870a02e902c4c345d9f5802ef09f78a7a 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1019,6 +1019,9 @@ def main(): api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) bind.create_instance() + print "" + bind.check_global_configuration() + print "" else: bind.create_sample_bind_zone() diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index a10960a2c20b8915b199ed82462a844ce8f5915c..a70d889dc28ef029bf7cd12d7b2bfb8d3e741679 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -189,6 +189,14 @@ EXAMPLES: ipa dns-resolve www.example.com ipa dns-resolve www + +GLOBAL DNS CONFIGURATION + +DNS configuration passed to command line install script is stored in a local +configuration file on each IPA server where DNS service is configured. These +local settings can be overridden with a common configuration stored in LDAP +server: + Show global DNS configuration: ipa dnsconfig-show @@ -2645,16 +2653,30 @@ class dnsconfig(LDAPObject): return entry + def postprocess_result(self, result): + if not any(param in result['result'] for param in self.params): + result['summary'] = unicode(_('Global DNS configuration is empty')) + api.register(dnsconfig) class dnsconfig_mod(LDAPUpdate): __doc__ = _('Modify global DNS configuration.') + def execute(self, *keys, **options): + result = super(dnsconfig_mod, self).execute(*keys, **options) + self.obj.postprocess_result(result) + return result + api.register(dnsconfig_mod) class dnsconfig_show(LDAPRetrieve): __doc__ = _('Show the current global DNS configuration.') + def execute(self, *keys, **options): + result = super(dnsconfig_show, self).execute(*keys, **options) + self.obj.postprocess_result(result) + return result + api.register(dnsconfig_show) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index a37a29303909b89c3f2c42e5561e5c6279344cb5..ba8b7b5cc3c7f327fb86b98a3cc6d11720ed1d47 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -637,6 +637,26 @@ class BindInstance(service.Service): # remove also master NS record from the reverse zone del_rr(rzone, "@", "NS", fqdn+".") + def check_global_configuration(self): + """ + Check global DNS configuration in LDAP server and inform user when it + set and thus overrides his configured options in named.conf. + """ + result = api.Command.dnsconfig_show() + global_conf_set = any(param in result['result'] for \ + param in api.Object['dnsconfig'].params) + + if not global_conf_set: + print "Global DNS configuration in LDAP server is empty" + print "You can use 'dnsconfig-mod' command to set global DNS options that" + print "would override settings in local named.conf files" + return + + print "Global DNS configuration in LDAP server is not empty" + print "The following configuration options override local settings in named.conf:" + print "" + textui = ipalib.cli.textui() + api.Command.dnsconfig_show.output_for_cli(textui, result, None, reverse=False) def uninstall(self): if self.is_configured(): -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
