mbasti-rh's pull request #81: "Fix emptyzones dns upgrade" was opened
PR body: """ """ See the full pull-request at https://github.com/freeipa/freeipa/pull/81 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/81/head:pr81 git checkout pr81
From b1aeee9e57fdaa39545a437d65f6520f1cfbff53 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 13 Sep 2016 18:37:43 +0200 Subject: [PATCH 1/2] Start named during configuration upgrade. Some upgrade steps require bind running, to be succesfull. Upgrader makes sure that bind starts. https://fedorahosted.org/freeipa/ticket/6205 --- ipaserver/install/server/upgrade.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index aec84dc..19ea8ca 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1706,6 +1706,15 @@ def upgrade_configuration(): cleanup_kdc(fstore) cleanup_adtrust(fstore) setup_firefox_extension(fstore) + + bind = bindinstance.BindInstance(fstore) + if bind.is_configured() and not bind.is_running(): + # some upgrade steps may require bind running + bind_started = True + bind.start() + else: + bind_started = False + add_ca_dns_records() # Any of the following functions returns True iff the named.conf file @@ -1737,6 +1746,9 @@ def upgrade_configuration(): except ipautil.CalledProcessError as e: root_logger.error("Failed to restart %s: %s", bind.service_name, e) + if bind_started: + bind.stop() + custodia = custodiainstance.CustodiaInstance(api.env.host, api.env.realm) custodia.upgrade_instance() From ecb518b96747e304516ab5ce9998f162e82c3ad7 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 13 Sep 2016 19:12:40 +0200 Subject: [PATCH 2/2] Catch DNS exceptions during emptyzones named.conf upgrade For some reasons named may not be runnig and this cause fail of this upgrade step. This step is not critical so only ERROR message with recommendation is shown. https://fedorahosted.org/freeipa/ticket/6205 --- ipaserver/install/server/upgrade.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 19ea8ca..248ab1d 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -11,6 +11,8 @@ import fileinput import sys +import dns.exception + import six from six.moves.configparser import SafeConfigParser @@ -840,9 +842,18 @@ def named_update_global_forwarder_policy(): 'forward_policy_conflict_with_empty_zones_handled', True ) - if not dnsutil.has_empty_zone_addresses(api.env.host): - # guess: local server does not have IP addresses from private ranges - # so hopefully automatic empty zones are not a problem + try: + if not dnsutil.has_empty_zone_addresses(api.env.host): + # guess: local server does not have IP addresses from private ranges + # so hopefully automatic empty zones are not a problem + return False + except dns.exception.DNSException as ex: + root_logger.error( + 'Skipping update of global DNS forwarder in named.conf: ' + 'Unable to determine if local server is using an ' + 'IP address belonging to an automatic empty zone. ' + 'Consider changing forwarding policy to "only". ' + 'DNS exception: %s', ex) return False if bindinstance.named_conf_get_directive(
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
