Hello,
dns: Handle SERVFAIL in check if domain already exists.
In cases where domain is already delegated to IPA prior installation
we might get timeout or SERVFAIL. The answer depends on the recursive
server we are using for the check.
--
Petr^2 Spacek
From 37741a8ed01ada5059791f38c52ed2159396c0cc Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Wed, 16 Dec 2015 13:37:39 +0100
Subject: [PATCH] dns: Handle SERVFAIL in check if domain already exists.
In cases where domain is already delegated to IPA prior installation
we might get timeout or SERVFAIL. The answer depends on the recursive
server we are using for the check.
---
ipapython/ipautil.py | 11 +++++------
ipaserver/install/bindinstance.py | 2 +-
ipaserver/install/dns.py | 6 ++++--
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 466667879c4afa17e119bd4fa32c9a297b993113..bd1cf78fac79c7816db4b96f46c9c5c1b4b2f1d9 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -41,7 +41,7 @@ import locale
import collections
from dns import resolver, rdatatype, reversename
-from dns.exception import DNSException, Timeout
+from dns.exception import DNSException
import six
from six.moves import input
from six.moves import urllib
@@ -1046,7 +1046,7 @@ def reverse_record_exists(ip_address):
return True
-def check_zone_overlap(zone, raise_on_timeout=True):
+def check_zone_overlap(zone, raise_on_error=True):
root_logger.info("Checking DNS domain %s, please wait ..." % zone)
if not isinstance(zone, DNSName):
zone = DNSName(zone).make_absolute()
@@ -1058,10 +1058,9 @@ def check_zone_overlap(zone, raise_on_timeout=True):
try:
containing_zone = resolver.zone_for_name(zone)
- except Timeout as e:
- msg = ("DNS check for domain %s failed: %s. Please make sure that the "
- "domain is properly delegated to this IPA server." % (zone, e))
- if raise_on_timeout:
+ except DNSException as e:
+ msg = ("DNS check for domain %s failed: %s." % (zone, e))
+ if raise_on_error:
raise ValueError(msg)
else:
root_logger.warning(msg)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 93744875ef895e93aff5fdf7b55fdadcc6c6d227..8daca552d58f4c1ce795d4a0be352fc9f9c51762 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -291,7 +291,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False):
continue
if not allow_zone_overlap:
try:
- ipautil.check_zone_overlap(zone, raise_on_timeout=False)
+ ipautil.check_zone_overlap(zone, raise_on_error=False)
except ValueError as e:
root_logger.error("Reverse zone %s will not be used: %s"
% (zone, e))
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 94e9017b6f33ef28bc8cb88aee79ce39462f11a7..763b2aca475d5f5b25d2aded05bc540ce3836f81 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -126,10 +126,12 @@ def install_check(standalone, replica, options, hostname):
domain = dnsutil.DNSName(util.normalize_zone(api.env.domain))
print("Checking DNS domain %s, please wait ..." % domain)
try:
- ipautil.check_zone_overlap(domain, raise_on_timeout=False)
+ ipautil.check_zone_overlap(domain, raise_on_error=False)
except ValueError as e:
if options.force or options.allow_zone_overlap:
- root_logger.warning(e.message)
+ root_logger.warning("%s Please make sure that the domain is "
+ "properly delegated to this IPA server.",
+ e.message)
else:
raise e
--
2.5.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
