On 08/05/2013 05:59 PM, Martin Kosek wrote:
On 07/17/2013 01:47 PM, Tomas Babej wrote:
I will release version 3.5 before end of this week. I have some small fixes
ready so it is worth to release it now.
To summarize the discussion - please remove following options from
configuration file and LDAP schema:
cache_ttl
psearch (attribute idnsPersistentSearch in idnsConfigObject)
zone_refresh (attribute idnsZoneRefresh in idnsConfigObject)
--
Petr^2 Spacek
I have a patch ready, but it can't be tested until 3.5 is out.
Tomas
I did not test the patch yet, I just want to comment on one thing I just
noticed.
I is it a good idea to remove idnsZoneRefresh and idnsPersistentSearch
attribute types and modify idnsConfigObject objectclass?
This will affect not only new instances, but also the old ones (i.e. RHEL-6.4)
which may still use these attributes. DNS config object would suddenly become
unusable because DS would refuse to operate the entry as it does not follow the
schema. The same applies for ACIs.
I would personally not do these changes yet, I think just hiding and marking as
DeprecatedParam is enough for now. Alexander, what do you think?
Martin
We discussed this with Martin. I agreed it would be less cumbersome to
keep the attributes in schema for now.
I retested the patches, updated versions attached.
Petr, can bind-dyndb-ldap handle idnsConfigObject containing
idnsPersistentSearch
and idnsZoneRefresh attributes?
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 6c67f480d412a8d55582a4abd713bf360947afed Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 7 Aug 2013 16:12:35 +0200
Subject: [PATCH] Remove support for IPA deployments with no persistent search
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
---
API.txt | 2 +-
freeipa.spec.in | 2 +-
install/share/bind.named.conf.template | 2 -
install/tools/ipa-dns-install | 24 -----
install/tools/ipa-server-install | 24 -----
install/tools/ipa-upgradeconfig | 137 ++++++++++++++++------------
install/tools/man/ipa-dns-install.1 | 6 --
install/tools/man/ipa-server-install.1 | 6 --
install/ui/src/freeipa/dns.js | 3 +-
install/ui/test/data/dnsconfig_mod.json | 5 -
install/ui/test/data/dnsconfig_show.json | 5 -
install/ui/test/data/ipa_init_commands.json | 11 ---
install/ui/test/data/ipa_init_objects.json | 15 +--
install/updates/10-bind-schema.update | 7 +-
ipalib/plugins/dns.py | 10 +-
ipaserver/install/bindinstance.py | 38 ++++----
ipaserver/install/plugins/dns.py | 2 +-
ipatests/test_xmlrpc/test_dns_plugin.py | 1 -
18 files changed, 108 insertions(+), 192 deletions(-)
diff --git a/API.txt b/API.txt
index 44b3dd444964c8dac595177f8601c82d0235eabe..8142bbc37406686dd8bafe94569aab4278259917 100644
--- a/API.txt
+++ b/API.txt
@@ -669,7 +669,7 @@ option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
-option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False)
+option: DeprecatedParam('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr', exclude='webui')
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b0beb16a4d29e414f4f7587038c311f5aa2272bd..aa365095cbbe44ceebbbbaf65d7ce121b0a2222c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -156,7 +156,7 @@ Obsoletes: freeipa-server-selinux < 3.3.0
# IPA but if it is configured we need a way to require versions
# that work for us.
%if 0%{?fedora} >= 18
-Conflicts: bind-dyndb-ldap < 2.3-2
+Conflicts: bind-dyndb-ldap < 3.5
%else
Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1
%endif
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index e4ce6058399e8d9a1f112f55907e060075dff00b..a244957fafaf6ff9903abb8c00c1d361a49ec9f6 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -44,7 +44,5 @@ dynamic-db "ipa" {
arg "auth_method sasl";
arg "sasl_mech GSSAPI";
arg "sasl_user DNS/$FQDN";
- arg "zone_refresh $ZONE_REFRESH";
- arg "psearch $PERSISTENT_SEARCH";
arg "serial_autoincrement $SERIAL_AUTOINCREMENT";
};
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 47bc31b4786c32caf97f20de3cbf20bc767dfe1d..1119093042e987dfdf8fd734ebbf4b19bfd8600f 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -52,16 +52,6 @@ def parse_options():
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
- # this option name has been deprecated, persistent search has been enabled by default
- parser.add_option("--zone-notif", dest="zone_notif",
- action="store_true", default=False, help=SUPPRESS_HELP)
- parser.add_option("--no-persistent-search", dest="persistent_search",
- default=True, action="store_false",
- help="Do not enable persistent search feature in the name server")
- parser.add_option("--zone-refresh", dest="zone_refresh",
- default=0, type="int",
- help="When set to non-zero the name server will use DNS zone "
- "detection based on polling instead of a persistent search")
parser.add_option("--no-serial-autoincrement", dest="serial_autoincrement",
default=True, action="store_false",
help="Do not enable SOA serial autoincrement")
@@ -80,18 +70,6 @@ def parse_options():
if not options.forwarders and not options.no_forwarders:
parser.error("You must specify at least one --forwarder option or --no-forwarders option")
- if options.zone_refresh < 0:
- parser.error("negative numbers not allowed for --zone-refresh")
- elif options.zone_refresh > 0:
- options.persistent_search = False # mutually exclusive features
-
- if options.zone_notif:
- print >>sys.stderr, "WARNING: --zone-notif option is deprecated and has no effect"
-
- if options.serial_autoincrement and not options.persistent_search:
- parser.error('persistent search feature is required for '
- 'DNS SOA serial autoincrement')
-
return safe_options, options
def main():
@@ -232,8 +210,6 @@ def main():
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr,
- zone_refresh=options.zone_refresh,
- persistent_search=options.persistent_search,
serial_autoincrement=options.serial_autoincrement)
bind.create_instance()
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index cc88a0b1991bd467076038772dcac232a2d0b64b..bdd88628ae2fd4091570614dd145376d43b57fc5 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -207,16 +207,6 @@ def parse_options():
dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
- # this option name has been deprecated, persistent search has been enabled by default
- dns_group.add_option("--zone-notif", dest="zone_notif",
- action="store_true", default=False, help=SUPPRESS_HELP)
- dns_group.add_option("--no-persistent-search", dest="persistent_search",
- default=True, action="store_false",
- help="Do not enable persistent search feature in the name server")
- dns_group.add_option("--zone-refresh", dest="zone_refresh",
- default=0, type="int",
- help="When set to non-zero the name server will use DNS zone "
- "detection based on polling instead of a persistent search")
dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
default=False,
help="Do not use DNS for hostname lookup during installation")
@@ -319,18 +309,6 @@ def parse_options():
#Automatically disable pkinit w/ dogtag until that is supported
options.setup_pkinit = False
- if options.zone_refresh < 0:
- parser.error("negative numbers not allowed for --zone-refresh")
- elif options.zone_refresh > 0:
- options.persistent_search = False # mutually exclusive features
-
- if options.serial_autoincrement and not options.persistent_search:
- parser.error('persistent search feature is required for '
- 'DNS SOA serial autoincrement')
-
- if options.zone_notif:
- print >>sys.stderr, "WARNING: --zone-notif option is deprecated and has no effect"
-
return safe_options, options
def signal_handler(signum, frame):
@@ -1130,8 +1108,6 @@ def main():
bind = bindinstance.BindInstance(fstore, dm_password)
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders,
options.conf_ntp, reverse_zone, zonemgr=options.zonemgr,
- zone_refresh=options.zone_refresh,
- persistent_search=options.persistent_search,
serial_autoincrement=options.serial_autoincrement,
ca_configured=setup_ca)
if options.setup_dns:
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 4e9216964a045b5a87c22f6eb87bb1844f4adce9..b613d760434e0afbf9133faedb492b45f93ebb1e 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -325,58 +325,76 @@ def upgrade_ipa_profile(ca, domain, fqdn):
return False
-def named_enable_psearch():
+def named_remove_deprecated_options():
"""
- From IPA 3.0, persistent search is a preferred mechanism for new DNS zone
- detection and is also needed for other features (DNSSEC, SOA serial
- updates). Enable psearch and make sure connections attribute is right.
- This step is done just once for a case when user switched the persistent
- search back to disabled.
+ From IPA 3.3, persistent search is a default mechanism for new DNS zone
+ detection.
- When some change in named.conf is done, this functions returns True
+ Remove psearch, zone_refresh and cache_ttl options, as they have been
+ deprecated in bind-dyndb-ldap configuration file.
+
+ When some change in named.conf is done, this functions returns True.
"""
- changed = False
- root_logger.info('[Enabling persistent search in DNS]')
+ root_logger.info('[Removing deprecated DNS configuration options]')
if not bindinstance.named_conf_exists():
# DNS service may not be configured
root_logger.info('DNS is not configured')
- return
+ return False
+
+ deprecated_options = ['zone_refresh', 'psearch', 'cache_ttl']
+ removed_options = []
try:
- psearch = bindinstance.named_conf_get_directive('psearch')
+ # Remove all the deprecated options
+ for option in deprecated_options:
+ value = bindinstance.named_conf_get_directive(option)
+
+ if value is not None:
+ bindinstance.named_conf_set_directive(option, None)
+ removed_options.append(option)
+
except IOError, e:
- root_logger.debug('Cannot retrieve psearch option from %s: %s',
- bindinstance.NAMED_CONF, e)
- return
- else:
- psearch = None if psearch is None else psearch.lower()
- if not sysupgrade.get_upgrade_state('named.conf', 'psearch_enabled'):
- if psearch != "yes":
- try:
- bindinstance.named_conf_set_directive('zone_refresh', 0)
- bindinstance.named_conf_set_directive('psearch', 'yes')
- except IOError, e:
- root_logger.error('Cannot enable psearch in %s: %s',
- bindinstance.NAMED_CONF, e)
- else:
- changed = True
- psearch = "yes"
- sysupgrade.set_upgrade_state('named.conf', 'psearch_enabled', True)
- root_logger.debug('Persistent search enabled')
+ root_logger.error('Cannot modify DNS configuration in %s: %s',
+ bindinstance.NAMED_CONF, e)
+
+ # Log only the changed options
+ if not removed_options:
+ root_logger.debug('No changes made')
+ return False
+
+ root_logger.debug('The following configuration options have been removed: '
+ '{options}'.format(options = ', '.join(removed_options)))
+ return True
+
+
+def named_set_minimum_connections():
+ """
+ Sets the minimal number of connections.
+
+ When some change in named.conf is done, this functions returns True.
+ """
+
+ changed = False
+
+ root_logger.info('[Ensuring minimal number of connections]')
+
+ if not bindinstance.named_conf_exists():
+ # DNS service may not be configured
+ root_logger.info('DNS is not configured')
+ return changed
# make sure number of connections is right
- minimum_connections = 2
- if psearch == 'yes':
- # serial_autoincrement increased the minimal number of connections to 4
- minimum_connections = 4
+ minimum_connections = 4
+
try:
connections = bindinstance.named_conf_get_directive('connections')
except IOError, e:
root_logger.debug('Cannot retrieve connections option from %s: %s',
bindinstance.NAMED_CONF, e)
- return
+ return changed
+
try:
if connections is not None:
connections = int(connections)
@@ -388,7 +406,7 @@ def named_enable_psearch():
if connections is not None and connections < minimum_connections:
try:
bindinstance.named_conf_set_directive('connections',
- minimum_connections)
+ minimum_connections)
root_logger.debug('Connections set to %d', minimum_connections)
except IOError, e:
root_logger.error('Cannot update connections in %s: %s',
@@ -398,8 +416,10 @@ def named_enable_psearch():
if not changed:
root_logger.debug('No changes made')
+
return changed
+
def named_enable_serial_autoincrement():
"""
Serial autoincrement is a requirement for zone transfers or DNSSEC. It
@@ -417,7 +437,6 @@ def named_enable_serial_autoincrement():
return changed
try:
- psearch = bindinstance.named_conf_get_directive('psearch')
serial_autoincrement = bindinstance.named_conf_get_directive(
'serial_autoincrement')
except IOError, e:
@@ -425,28 +444,23 @@ def named_enable_serial_autoincrement():
bindinstance.NAMED_CONF, e)
return changed
else:
- psearch = None if psearch is None else psearch.lower()
serial_autoincrement = None if serial_autoincrement is None \
else serial_autoincrement.lower()
# enable SOA serial autoincrement
if not sysupgrade.get_upgrade_state('named.conf', 'autoincrement_enabled'):
- if psearch != "yes": # psearch is required
- root_logger.error('Persistent search is disabled, '
- 'serial autoincrement cannot be enabled')
- else:
- if serial_autoincrement != 'yes':
- try:
- bindinstance.named_conf_set_directive('serial_autoincrement', 'yes')
- except IOError, e:
- root_logger.error('Cannot enable serial_autoincrement in %s: %s',
- bindinstance.NAMED_CONF, e)
- return changed
- else:
- root_logger.debug('Serial autoincrement enabled')
- changed = True
+ if serial_autoincrement != 'yes':
+ try:
+ bindinstance.named_conf_set_directive('serial_autoincrement', 'yes')
+ except IOError, e:
+ root_logger.error('Cannot enable serial_autoincrement in %s: %s',
+ bindinstance.NAMED_CONF, e)
+ return changed
else:
- root_logger.debug('Serial autoincrement is alredy enabled')
+ root_logger.debug('Serial autoincrement enabled')
+ changed = True
+ else:
+ root_logger.debug('Serial autoincrement is alredy enabled')
sysupgrade.set_upgrade_state('named.conf', 'autoincrement_enabled', True)
else:
root_logger.debug('Skip serial autoincrement check')
@@ -947,12 +961,18 @@ def main():
cleanup_kdc(fstore)
setup_firefox_extension(fstore)
add_ca_dns_records()
- changed_psearch = named_enable_psearch()
- changed_autoincrement = named_enable_serial_autoincrement()
- changed_gssapi_conf = named_update_gssapi_configuration()
- changed_pid_file_conf = named_update_pid_file()
- if (changed_psearch or changed_autoincrement or changed_gssapi_conf
- or changed_pid_file_conf):
+
+ # Any of the following functions returns True iff the named.conf file
+ # has been altered
+ named_conf_changes = (
+ named_remove_deprecated_options(),
+ named_set_minimum_connections(),
+ named_enable_serial_autoincrement(),
+ named_update_gssapi_configuration(),
+ named_update_pid_file(),
+ )
+
+ if any(named_conf_changes):
# configuration has changed, restart the name server
root_logger.info('Changes to named.conf have been made, restart named')
bind = bindinstance.BindInstance(fstore)
@@ -960,6 +980,7 @@ def main():
bind.restart()
except ipautil.CalledProcessError, e:
root_logger.error("Failed to restart %s: %s", bind.service_name, e)
+
ca_restart = any([
ca_restart,
enable_certificate_renewal(ca),
diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1
index b0bdca94f4aea4a17fecc3362a92a9885bbafed0..646601eecaded0d8490bb41945f4bd83ee81c087 100644
--- a/install/tools/man/ipa-dns-install.1
+++ b/install/tools/man/ipa-dns-install.1
@@ -49,12 +49,6 @@ Do not create new reverse DNS zone. If used on a replica and a reverse DNS zone
\fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
.TP
-\fB\-\-no\-persistent\-search\fR
-Do not enable persistent search mechanism for updating the list of DNS zones in the name server. When persistent search is disabled and \fB\-\-zone\-refresh\fR option is not set to non-zero value, new zones won't be resolvable until the name server is reloaded.
-.TP
-\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
-When set to non-zero value, persistent search zone update mechanism will be disabled and the name server will use a polling mechanism to load new DNS zones every \fIZONE_REFRESH\fR seconds.
-.TP
\fB\-\-no\-serial\-autoincrement\fR
Do not enable SOA serial autoincrement feature. SOA serial will have to be updated automatically or other DNS features like zone transfer od DNSSEC will not function properly. This feature requires persistent search zone update mechanism.
.TP
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 59219c14727c5a3062d06d5ef02eb0eebdc9c4f2..5f81cec94afa241449c5d7dbde573d0c2c687d71 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -146,12 +146,6 @@ Do not create reverse DNS zone
\fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
.TP
-\fB\-\-no\-persistent\-search\fR
-Do not enable persistent search mechanism for updating the list of DNS zones in the name server. When persistent search is disabled and \fB\-\-zone\-refresh\fR option is not set to non-zero value, new zones won't be resolvable until the name server is reloaded.
-.TP
-\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
-When set to non-zero value, persistent search zone update mechanism will be disabled and the name server will use a polling mechanism to load new DNS zones every \fIZONE_REFRESH\fR seconds.
-.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
.TP
diff --git a/install/ui/src/freeipa/dns.js b/install/ui/src/freeipa/dns.js
index 52cbb81f36f863afd61bf3b6cc04affe59809a48..1b0650a0c483cb558ab8bde3b993bc56383507f4 100644
--- a/install/ui/src/freeipa/dns.js
+++ b/install/ui/src/freeipa/dns.js
@@ -82,8 +82,7 @@ return {
label: '@i18n:objects.dnsconfig.forward_none'
}
]
- },
- 'idnszonerefresh'
+ }
]
}
],
diff --git a/install/ui/test/data/dnsconfig_mod.json b/install/ui/test/data/dnsconfig_mod.json
index d6e1b8c2d4c2cf7085281d0be5658a18026d855b..d1149f7c06c127d0d94608dae5721d24b6eab04c 100644
--- a/install/ui/test/data/dnsconfig_mod.json
+++ b/install/ui/test/data/dnsconfig_mod.json
@@ -9,8 +9,6 @@
"idnsallowsyncptr": "rscwo",
"idnsforwarders": "rscwo",
"idnsforwardpolicy": "rscwo",
- "idnspersistentsearch": "rscwo",
- "idnszonerefresh": "rscwo",
"nsaccountlock": "rscwo",
"objectclass": "rscwo"
},
@@ -26,9 +24,6 @@
"idnsforwardpolicy": [
"first"
],
- "idnszonerefresh": [
- "20"
- ],
"objectclass": [
"idnsConfigObject",
"nsContainer",
diff --git a/install/ui/test/data/dnsconfig_show.json b/install/ui/test/data/dnsconfig_show.json
index 4ee15cd2f0ba290f747dbd7fb739c780e89d9667..f847baeb314c1a0a518d2ac642595e456ee2c285 100644
--- a/install/ui/test/data/dnsconfig_show.json
+++ b/install/ui/test/data/dnsconfig_show.json
@@ -9,8 +9,6 @@
"idnsallowsyncptr": "rscwo",
"idnsforwarders": "rscwo",
"idnsforwardpolicy": "rscwo",
- "idnspersistentsearch": "rscwo",
- "idnszonerefresh": "rscwo",
"nsaccountlock": "rscwo",
"objectclass": "rscwo"
},
@@ -27,9 +25,6 @@
"idnsforwardpolicy": [
"first"
],
- "idnszonerefresh": [
- "20"
- ],
"objectclass": [
"idnsConfigObject",
"nsContainer",
diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json
index f83059bcdb3eefa3b254c764c5d42234f697fcfd..a05db14b68148b215f9e5409649dbae3f72794dc 100644
--- a/install/ui/test/data/ipa_init_commands.json
+++ b/install/ui/test/data/ipa_init_commands.json
@@ -2843,17 +2843,6 @@
"type": "bool"
},
{
- "attribute": true,
- "class": "Int",
- "doc": "An interval between regular polls of the name server for new DNS zones",
- "flags": [],
- "label": "Zone refresh interval",
- "maxvalue": 2147483647,
- "minvalue": 0,
- "name": "idnszonerefresh",
- "type": "int"
- },
- {
"name": "setattr"
},
{
diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json
index 5d1fd65aaa2be6e1ed346ebb6072f618db944cf6..cd07b30cebc2fea4ab1fb355e8e0c2451d6b9689 100644
--- a/install/ui/test/data/ipa_init_objects.json
+++ b/install/ui/test/data/ipa_init_objects.json
@@ -812,7 +812,6 @@
"idnsforwarders",
"idnsforwardpolicy",
"idnsname",
- "idnspersistentsearch",
"idnssoaexpire",
"idnssoaminimum",
"idnssoamname",
@@ -822,7 +821,6 @@
"idnssoaserial",
"idnsupdatepolicy",
"idnszoneactive",
- "idnszonerefresh",
"inetdomainbasedn",
"inetdomainstatus",
"inetsubscriberaccountid",
@@ -1726,8 +1724,7 @@
"default_attributes": [
"idnsforwardpolicy",
"idnsforwarders",
- "idnsallowsyncptr",
- "idnszonerefresh"
+ "idnsallowsyncptr"
],
"hidden_attributes": [
"objectclass",
@@ -1798,16 +1795,6 @@
"label": "Allow PTR sync",
"name": "idnsallowsyncptr",
"type": "bool"
- },
- {
- "class": "Int",
- "doc": "An interval between regular polls of the name server for new DNS zones",
- "flags": [],
- "label": "Zone refresh interval",
- "maxvalue": 2147483647,
- "minvalue": 0,
- "name": "idnszonerefresh",
- "type": "int"
}
],
"uuid_attribute": ""
diff --git a/install/updates/10-bind-schema.update b/install/updates/10-bind-schema.update
index 2f3fa0abaceb6e6e195a62edc7b3b714340b145b..466007936a4d2ba973defdfd3a776f7e34f53b2e 100644
--- a/install/updates/10-bind-schema.update
+++ b/install/updates/10-bind-schema.update
@@ -44,7 +44,7 @@ add:attributeTypes:
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
X-ORIGIN 'IPA v2' )
-add:attributeTypes:
+remove:attributeTypes:
( 2.16.840.1.113730.3.8.5.16
NAME 'idnsZoneRefresh'
DESC 'zone refresh interval'
@@ -52,7 +52,7 @@ add:attributeTypes:
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
X-ORIGIN 'IPA v2' )
-add:attributeTypes:
+remove:attributeTypes:
( 2.16.840.1.113730.3.8.5.17
NAME 'idnsPersistentSearch'
DESC 'allow persistent searches'
@@ -65,8 +65,7 @@ add:objectClasses:
NAME 'idnsConfigObject'
DESC 'DNS global config options'
STRUCTURAL
- MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$
- idnsZoneRefresh $$ idnsPersistentSearch
+ MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR
) )
add:objectClasses:
( 2.16.840.1.113730.3.8.12.18
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 621d60ec9a5304c12e545a6a495179f6069712c9..07523dc72466892f0e7d5fdd9261024d0e898548 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -28,7 +28,8 @@ import dns.name
from ipalib.request import context
from ipalib import api, errors, output
from ipalib import Command
-from ipalib.parameters import Flag, Bool, Int, Decimal, Str, StrEnum, Any
+from ipalib.parameters import (Flag, Bool, Int, Decimal, Str, StrEnum, Any,
+ DeprecatedParam)
from ipalib.plugins.baseldap import *
from ipalib import _, ngettext
from ipalib.util import (validate_zonemgr, normalize_zonemgr, normalize_zone,
@@ -2978,8 +2979,7 @@ class dnsconfig(LDAPObject):
"""
object_name = _('DNS configuration options')
default_attributes = [
- 'idnsforwardpolicy', 'idnsforwarders', 'idnsallowsyncptr',
- 'idnszonerefresh'
+ 'idnsforwardpolicy', 'idnsforwarders', 'idnsallowsyncptr'
]
label = _('DNS Global Configuration')
@@ -3006,11 +3006,9 @@ class dnsconfig(LDAPObject):
label=_('Allow PTR sync'),
doc=_('Allow synchronization of forward (A, AAAA) and reverse (PTR) records'),
),
- Int('idnszonerefresh?',
+ DeprecatedParam('idnszonerefresh?',
cli_name='zone_refresh',
label=_('Zone refresh interval'),
- doc=_('An interval between regular polls of the name server for new DNS zones'),
- minvalue=0,
),
)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index ac86e9e7d5713172772b7868233cfa7da91a9fab..2d4da087175d8b2c4f283c59418002b0104f31ee 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -463,8 +463,7 @@ class BindInstance(service.Service):
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
reverse_zone, named_user="named", zonemgr=None,
- zone_refresh=0, persistent_search=True, serial_autoincrement=True,
- ca_configured=None):
+ serial_autoincrement=True, ca_configured=None):
self.named_user = named_user
self.fqdn = fqdn
self.ip_address = ip_address
@@ -475,8 +474,6 @@ class BindInstance(service.Service):
self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp
self.reverse_zone = reverse_zone
- self.zone_refresh = zone_refresh
- self.persistent_search = persistent_search
self.serial_autoincrement = serial_autoincrement
self.ca_configured = ca_configured
@@ -593,24 +590,23 @@ class BindInstance(service.Service):
else:
ipa_ca = ""
- boolean_var = {}
- for var in ('persistent_search', 'serial_autoincrement'):
- boolean_var[var] = "yes" if getattr(self, var, False) else "no"
+ def bool_to_yesno(var):
+ return "yes" if var else "no"
- self.sub_dict = dict(FQDN=self.fqdn,
- IP=self.ip_address,
- DOMAIN=self.domain,
- HOST=self.host,
- REALM=self.realm,
- SERVER_ID=realm_to_serverid(self.realm),
- FORWARDERS=fwds,
- SUFFIX=self.suffix,
- OPTIONAL_NTP=optional_ntp,
- ZONEMGR=self.zonemgr,
- ZONE_REFRESH=self.zone_refresh,
- IPA_CA_RECORD=ipa_ca,
- PERSISTENT_SEARCH=boolean_var['persistent_search'],
- SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],)
+ self.sub_dict = dict(
+ FQDN=self.fqdn,
+ IP=self.ip_address,
+ DOMAIN=self.domain,
+ HOST=self.host,
+ REALM=self.realm,
+ SERVER_ID=realm_to_serverid(self.realm),
+ FORWARDERS=fwds,
+ SUFFIX=self.suffix,
+ OPTIONAL_NTP=optional_ntp,
+ ZONEMGR=self.zonemgr,
+ IPA_CA_RECORD=ipa_ca,
+ SERIAL_AUTOINCREMENT=bool_to_yesno(self.serial_autoincrement),
+ )
def __setup_dns_container(self):
self._ldap_mod("dns.ldif", self.sub_dict)
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index b875ff019942a37b39593bf0ad30ce3f579d13c3..80a7dd8f385c582276d3a0f043c6555d801d4c8a 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -113,7 +113,7 @@ class update_dns_permissions(PostUpdate):
api.env.basedn),]
_write_dns_aci_dn = DN(api.env.basedn)
- _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || idnsforwarders || idnsallowsyncptr || idnszonerefresh || idnspersistentsearch")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS Configuration";allow (write) groupdn = "ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % dict(realm=api.env.basedn)]
+ _write_dns_aci_entry = ['add:aci:\'(targetattr = "idnsforwardpolicy || idnsforwarders || idnsallowsyncptr")(target = "ldap:///cn=dns,%(realm)s")(version 3.0;acl "permission:Write DNS Configuration";allow (write) groupdn = "ldap:///cn=Write DNS Configuration,cn=permissions,cn=pbac,%(realm)s";)\'' % dict(realm=api.env.basedn)]
_read_dns_aci_dn = DN(api.env.container_dns, api.env.basedn)
_read_dns_aci_entry = ['add:aci:\'(targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS Entries,cn=permissions,cn=pbac,%(realm)s" or userattr = "parent[0,1].managedby#GROUPDN";)\'' % dict(realm=api.env.basedn) ]
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index ea9b70e36e3bb2dc9eb333d822cc403f94b91487..9a3ce667b5ac18624d840cf34ae8438efac06c18 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -83,7 +83,6 @@ class test_dns(Declarative):
('dnsconfig_mod', [], {'idnsforwarders' : None,
'idnsforwardpolicy' : None,
'idnsallowsyncptr' : None,
- 'idnszonerefresh' : None,
}),
('permission_del', [dnszone1_permission], {'force': True}),
]
--
1.8.3.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
