Re: [Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/01/2011 04:15 AM, Rob Crittenden wrote: Jakub Hrozek wrote: On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote: On Mon, 31 Jan 2011 22:44:43 +0100 Jakub Hrozekjhro...@redhat.com wrote: https://fedorahosted.org/freeipa/ticket/881 We've run into a chicken-and-egg problem during installation. If the hostname of the IPA server is not resolvable with DNS during installation, we'd add it as a NS server for a zone in both the SOA entry and a NS record -- but no records from the new zone are resolvable until Bind is restarted, including the new A/ records for the nameserver. I tried restarting the named service during Bind instance creation but that didn't help..not exactly sure why. Anyway, attached is a patch that forces the NS record creation. Please note that the --force flag is available via XML-RPC only, it is completely hidden from the user otherwise. Minor issue but requires NACK. You changed the add_zone() signature to always require some parameters, but did not update it in ipa-replica-prepare Simo. Good catch, thank you! Attached is a new patch. I also found out that I don't have to require all the parameters as some (such as admin email) have nice defaults in the DNS plugin. This fixes it but I did have problems with overall approach. To test this I changed the host entry of my machine from slinky to spanky and ran the installer with --hostname=spanky.domain. This worked for the initial install and I was able to find the previous problem with ipa-replica-prepare. But I ran into other problems when testing this fix. The `hostname` of the machine is still slinky and very little actually worked. Restarting httpd failed and running ipa-replica-prepare failed because both were trying to contact the LDAP server on slinky, etc. Once I ran hostname spanky.domain everything worked fine. So ack for this bug but how should we handle these other problems? Oh, and I've pushed it to master. rob This makes me wonder if we tested the same setup as QE did - I was under the impression that before I introduced the NS must be resolvable constraint, their setup just worked even after installation. I think I tested a little differently, too - I just added a ipaserver.testdomain entry to /etc/hosts and ran ipa-server-install - --hostname ipaserver.testdomain --no-host-dns -r TESTDOMAIN -n TESTDOMAIN -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1HzggACgkQHsardTLnvCWR2ACfUjcxyhByWq/p/Mj0h9uwfsMy p0EAnAz/rHVnN/GRz0d71jHWgaRk9n55 =5n7k -END PGP SIGNATURE- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install
https://fedorahosted.org/freeipa/ticket/881
We've run into a chicken-and-egg problem during installation. If the
hostname of the IPA server is not resolvable with DNS during
installation, we'd add it as a NS server for a zone in both the SOA
entry and a NS record -- but no records from the new zone are resolvable
until Bind is restarted, including the new A/ records for the
nameserver.
I tried restarting the named service during Bind instance creation but
that didn't help..not exactly sure why. Anyway, attached is a patch that
forces the NS record creation.
Please note that the --force flag is available via XML-RPC only, it is
completely hidden from the user otherwise.
From 9fab50b971543746b2c9afab423874bdcb9f44e4 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek jhro...@redhat.com
Date: Mon, 31 Jan 2011 18:05:07 +0100
Subject: [PATCH] Add an address for a nameserver when a new zone is created
during
install
https://fedorahosted.org/freeipa/ticket/881
---
API.txt |5 +++--
ipalib/plugins/dns.py | 11 ++-
ipaserver/install/bindinstance.py | 20
3 files changed, 25 insertions(+), 11 deletions(-)
diff --git a/API.txt b/API.txt
index f936c4f..e08a35f 100644
--- a/API.txt
+++ b/API.txt
@@ -486,13 +486,14 @@ output: Output('summary', (type 'unicode', type
'NoneType'), 'User-friendly
output: Output('result', type 'bool', 'True means the operation was
successful')
output: Output('value', type 'unicode', The primary_key value of the entry,
e.g. 'jdoe' for a user)
command: dnsrecord_add
-args: 2,45,3
+args: 2,46,3
arg: Str('dnszoneidnsname', cli_name='dnszone', label=Gettext('Zone name',
domain='ipa', localedir=None), query=True, required=True)
arg: Str('idnsname', attribute=True, cli_name='name', label=Gettext('Record
name', domain='ipa', localedir=None), multivalue=False, primary_key=True,
required=True)
option: Int('dnsttl', attribute=True, cli_name='ttl', label=Gettext('Time to
live', domain='ipa', localedir=None), multivalue=False, required=False)
option: StrEnum('dnsclass', attribute=True, cli_name='class',
label=Gettext('Class', domain='ipa', localedir=None), multivalue=False,
required=False, values=(u'IN', u'CS', u'CH', u'HS'))
option: Str('addattr*', validate_add_attribute, cli_name='addattr',
exclude='webui')
option: Str('setattr*', validate_set_attribute, cli_name='setattr',
exclude='webui')
+option: Flag('force', autofill=True, default=False, flags=['no_option',
'no_output'])
option: Flag('all', autofill=True, cli_name='all', default=False,
exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False,
exclude='webui', flags=['no_output'])
option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
@@ -723,7 +724,7 @@ option: Str('idnsupdatepolicy', attribute=True,
cli_name='update_policy', label=
option: Flag('idnsallowdynupdate', attribute=True, autofill=True,
cli_name='allow_dynupdate', default=False, label=Gettext('Dynamic update',
domain='ipa', localedir=None), multivalue=False, required=True)
option: Str('addattr*', validate_add_attribute, cli_name='addattr',
exclude='webui')
option: Str('setattr*', validate_set_attribute, cli_name='setattr',
exclude='webui')
-option: Flag('force', autofill=True, default=False,lag('force', autofill=True,
default=False, doc=Gettext('force DNS zone even if name server not in DNS',
domain='ipa', localedir=None))
+option: Flag('force', autofill=True, default=False,lag('force', autofill=True,
default=False, doc=Gettext('force DNS zone creation even if name server not in
DNS', domain='ipa', localedir=None))
option: Str('ip_address?', _validate_ipaddr,tr('ip_address?',
_validate_ipaddr, doc=Gettext('Add the nameserver to DNS with this IP address',
domain='ipa', localedir=None))
option: Flag('all', autofill=True, cli_name='all', default=False,
exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False,
exclude='webui', flags=['no_output'])
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index f770af3..ed117e2 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -286,7 +286,7 @@ class dnszone_add(LDAPCreate):
takes_options = LDAPCreate.takes_options + (
Flag('force',
- doc=_('force DNS zone even if name server not in DNS'),
+ doc=_('force DNS zone creation even if name server not in DNS'),
),
Str('ip_address?', _validate_ipaddr,
doc=_('Add the nameserver to DNS with this IP address'),
@@ -577,6 +577,12 @@ class dnsrecord_add(LDAPCreate,
dnsrecord_cmd_w_record_options):
Add new DNS resource record.
no_option_msg = 'No options to add a specific record provided.'
+takes_options = LDAPCreate.takes_options + (
+Flag('force',
+ flags=['no_option', 'no_output'],
+ doc=_('force NS record creation even if its
Re: [Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install
On Mon, 31 Jan 2011 22:44:43 +0100 Jakub Hrozek jhro...@redhat.com wrote: https://fedorahosted.org/freeipa/ticket/881 We've run into a chicken-and-egg problem during installation. If the hostname of the IPA server is not resolvable with DNS during installation, we'd add it as a NS server for a zone in both the SOA entry and a NS record -- but no records from the new zone are resolvable until Bind is restarted, including the new A/ records for the nameserver. I tried restarting the named service during Bind instance creation but that didn't help..not exactly sure why. Anyway, attached is a patch that forces the NS record creation. Please note that the --force flag is available via XML-RPC only, it is completely hidden from the user otherwise. Minor issue but requires NACK. You changed the add_zone() signature to always require some parameters, but did not update it in ipa-replica-prepare Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install
On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote:
On Mon, 31 Jan 2011 22:44:43 +0100
Jakub Hrozek jhro...@redhat.com wrote:
https://fedorahosted.org/freeipa/ticket/881
We've run into a chicken-and-egg problem during installation. If the
hostname of the IPA server is not resolvable with DNS during
installation, we'd add it as a NS server for a zone in both the SOA
entry and a NS record -- but no records from the new zone are
resolvable until Bind is restarted, including the new A/ records
for the nameserver.
I tried restarting the named service during Bind instance creation but
that didn't help..not exactly sure why. Anyway, attached is a patch
that forces the NS record creation.
Please note that the --force flag is available via XML-RPC only, it is
completely hidden from the user otherwise.
Minor issue but requires NACK.
You changed the add_zone() signature to always require some parameters,
but did not update it in ipa-replica-prepare
Simo.
Good catch, thank you!
Attached is a new patch. I also found out that I don't have to require
all the parameters as some (such as admin email) have nice defaults in
the DNS plugin.
From c08b08c006c51b8d6da5e1deba72544741c21dbf Mon Sep 17 00:00:00 2001
From: Jakub Hrozek jhro...@redhat.com
Date: Mon, 31 Jan 2011 18:05:07 +0100
Subject: [PATCH] Add an address for a nameserver when a new zone is created
during
install
https://fedorahosted.org/freeipa/ticket/881
---
API.txt |5 +++--
install/tools/ipa-replica-prepare |6 +++---
ipalib/plugins/dns.py | 11 ++-
ipaserver/install/bindinstance.py | 20
4 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/API.txt b/API.txt
index f936c4f..e08a35f 100644
--- a/API.txt
+++ b/API.txt
@@ -486,13 +486,14 @@ output: Output('summary', (type 'unicode', type
'NoneType'), 'User-friendly
output: Output('result', type 'bool', 'True means the operation was
successful')
output: Output('value', type 'unicode', The primary_key value of the entry,
e.g. 'jdoe' for a user)
command: dnsrecord_add
-args: 2,45,3
+args: 2,46,3
arg: Str('dnszoneidnsname', cli_name='dnszone', label=Gettext('Zone name',
domain='ipa', localedir=None), query=True, required=True)
arg: Str('idnsname', attribute=True, cli_name='name', label=Gettext('Record
name', domain='ipa', localedir=None), multivalue=False, primary_key=True,
required=True)
option: Int('dnsttl', attribute=True, cli_name='ttl', label=Gettext('Time to
live', domain='ipa', localedir=None), multivalue=False, required=False)
option: StrEnum('dnsclass', attribute=True, cli_name='class',
label=Gettext('Class', domain='ipa', localedir=None), multivalue=False,
required=False, values=(u'IN', u'CS', u'CH', u'HS'))
option: Str('addattr*', validate_add_attribute, cli_name='addattr',
exclude='webui')
option: Str('setattr*', validate_set_attribute, cli_name='setattr',
exclude='webui')
+option: Flag('force', autofill=True, default=False, flags=['no_option',
'no_output'])
option: Flag('all', autofill=True, cli_name='all', default=False,
exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False,
exclude='webui', flags=['no_output'])
option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
@@ -723,7 +724,7 @@ option: Str('idnsupdatepolicy', attribute=True,
cli_name='update_policy', label=
option: Flag('idnsallowdynupdate', attribute=True, autofill=True,
cli_name='allow_dynupdate', default=False, label=Gettext('Dynamic update',
domain='ipa', localedir=None), multivalue=False, required=True)
option: Str('addattr*', validate_add_attribute, cli_name='addattr',
exclude='webui')
option: Str('setattr*', validate_set_attribute, cli_name='setattr',
exclude='webui')
-option: Flag('force', autofill=True, default=False,lag('force', autofill=True,
default=False, doc=Gettext('force DNS zone even if name server not in DNS',
domain='ipa', localedir=None))
+option: Flag('force', autofill=True, default=False,lag('force', autofill=True,
default=False, doc=Gettext('force DNS zone creation even if name server not in
DNS', domain='ipa', localedir=None))
option: Str('ip_address?', _validate_ipaddr,tr('ip_address?',
_validate_ipaddr, doc=Gettext('Add the nameserver to DNS with this IP address',
domain='ipa', localedir=None))
option: Flag('all', autofill=True, cli_name='all', default=False,
exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False,
exclude='webui', flags=['no_output'])
diff --git a/install/tools/ipa-replica-prepare
b/install/tools/ipa-replica-prepare
index 38d31aa..aaa1f2d 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -28,7 +28,7 @@ from optparse import OptionParser
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs
-from
Re: [Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install
Jakub Hrozek wrote: On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote: On Mon, 31 Jan 2011 22:44:43 +0100 Jakub Hrozek jhro...@redhat.com wrote: https://fedorahosted.org/freeipa/ticket/881 We've run into a chicken-and-egg problem during installation. If the hostname of the IPA server is not resolvable with DNS during installation, we'd add it as a NS server for a zone in both the SOA entry and a NS record -- but no records from the new zone are resolvable until Bind is restarted, including the new A/ records for the nameserver. I tried restarting the named service during Bind instance creation but that didn't help..not exactly sure why. Anyway, attached is a patch that forces the NS record creation. Please note that the --force flag is available via XML-RPC only, it is completely hidden from the user otherwise. Minor issue but requires NACK. You changed the add_zone() signature to always require some parameters, but did not update it in ipa-replica-prepare Simo. Good catch, thank you! Attached is a new patch. I also found out that I don't have to require all the parameters as some (such as admin email) have nice defaults in the DNS plugin. Well. I just opened a bug for this exact issue. https://bugzilla.redhat.com/show_bug.cgi?id=674200 I wouldn't have if I had seen this email thread first. I'm sorry if I'm creating more work unnecessarily. I'll quietly ignore this issue, as it's already being worked on. Michael- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 047 Add an address for a nameserver when a new zone is created during install
Jakub Hrozek wrote: On Mon, Jan 31, 2011 at 05:52:08PM -0500, Simo Sorce wrote: On Mon, 31 Jan 2011 22:44:43 +0100 Jakub Hrozekjhro...@redhat.com wrote: https://fedorahosted.org/freeipa/ticket/881 We've run into a chicken-and-egg problem during installation. If the hostname of the IPA server is not resolvable with DNS during installation, we'd add it as a NS server for a zone in both the SOA entry and a NS record -- but no records from the new zone are resolvable until Bind is restarted, including the new A/ records for the nameserver. I tried restarting the named service during Bind instance creation but that didn't help..not exactly sure why. Anyway, attached is a patch that forces the NS record creation. Please note that the --force flag is available via XML-RPC only, it is completely hidden from the user otherwise. Minor issue but requires NACK. You changed the add_zone() signature to always require some parameters, but did not update it in ipa-replica-prepare Simo. Good catch, thank you! Attached is a new patch. I also found out that I don't have to require all the parameters as some (such as admin email) have nice defaults in the DNS plugin. This fixes it but I did have problems with overall approach. To test this I changed the host entry of my machine from slinky to spanky and ran the installer with --hostname=spanky.domain. This worked for the initial install and I was able to find the previous problem with ipa-replica-prepare. But I ran into other problems when testing this fix. The `hostname` of the machine is still slinky and very little actually worked. Restarting httpd failed and running ipa-replica-prepare failed because both were trying to contact the LDAP server on slinky, etc. Once I ran hostname spanky.domain everything worked fine. So ack for this bug but how should we handle these other problems? Oh, and I've pushed it to master. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
