Patch attached. -- Martin^2 Basti
>From e29d8a89485fa9f36446517b69a0082c4a85f747 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 30 Jun 2014 12:32:31 +0200 Subject: [PATCH] Add DNSSEC experimental support warning message
Ticket: https://fedorahosted.org/freeipa/ticket/4408 --- ipalib/plugins/dns.py | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index b693bb9c3ce091fa26ed14d27213b84ef61f8f0c..5314cce242ffaf54a91b9e24ada331ccf9e02a0b 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -274,6 +274,24 @@ You may want to use forward zones (dnsforwardzone-*) instead. For more details r """ ) +dnssec_experimental_true_warning = _( +"""DNSSEC support is experimental. +You have to manually generate DNSSEC signing keys and distribute them to all IPA DNS servers. +# In the following text, please replace %s with zone name without trailing period +$ cd "/var/named/dyndb-ldap/ipa/%s/keys" +$ dnssec-keygen -3 -b 2048 -f KSK "%s" +$ dnssec-keygen -3 -b 2048 "%s" +# please distribute all keys in this directory to all IPA DNS servers +$ chown named: * +$ rndc sign "%s" +""" +) + +dnssec_experimental_false_warning = _( +"""DNSSEC support is experimental. +If you encounter any problems please report them and restart 'named' service on affected IPA server. +""" +) def _rname_validator(ugettext, zonemgr): try: @@ -2220,6 +2238,17 @@ class dnszone(DNSZoneBase): messages.PublicMessage(type='warning', message=forwarders_warning)) + def _warning_dnssec_experimental(self, result, **options): + # add warning when user use option --dnssec + if 'idnssecinlinesigning' in options: + if options['idnssecinlinesigning'] is True: + messages.add_message(options['version'], result, + messages.PublicMessage(type='warning', + message=dnssec_experimental_true_warning)) + else: + messages.add_message(options['version'], result, + messages.PublicMessage(type='warning', + message=dnssec_experimental_false_warning)) @register() @@ -2311,6 +2340,7 @@ class dnszone_add(DNSZoneBase_add): def execute(self, *keys, **options): result = super(dnszone_add, self).execute(*keys, **options) self.obj._warning_forwarding(result, **options) + self.obj._warning_dnssec_experimental(result, **options) return result def post_callback(self, ldap, dn, entry_attrs, *keys, **options): @@ -2393,6 +2423,7 @@ class dnszone_mod(DNSZoneBase_mod): def execute(self, *keys, **options): result = super(dnszone_mod, self).execute(*keys, **options) self.obj._warning_forwarding(result, **options) + self.obj._warning_dnssec_experimental(result, **options) return result def post_callback(self, ldap, dn, entry_attrs, *keys, **options): -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel