Hello!
Patch 131:
https://fedorahosted.org/freeipa/ticket/3801#comment:31
Patch 132:
I modified named.conf in 131, so I change the rest of paths to be
ipaplatform specified.
Patches attached
--
Martin Basti
From 4fe9f258c272d9d7c98b084579bafbef6ba6bc83 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 2 Oct 2014 14:55:10 +0200
Subject: [PATCH 1/2] Add missing attributes to named.conf
Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31
---
install/share/bind.named.conf.template | 6 ++
install/tools/ipa-upgradeconfig| 120 +
ipaplatform/base/paths.py | 3 +
ipaserver/install/bindinstance.py | 28
4 files changed, 157 insertions(+)
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 6db17120f983d3762d4fb728d262eae10a18f74e..cdf21c1429f204e6ce5d4e4bcb1460f9fd0bb5b8 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -18,6 +18,11 @@ options {
pid-file /run/named/named.pid;
dnssec-enable yes;
+
+ /* Path to ISC DLV key */
+ bindkeys-file $BINDKEYS_FILE;
+
+ managed-keys-directory $MANAGED_KEYS_DIR;
};
/* If you want to enable debugging, eg. using the 'rndc trace' command,
@@ -38,6 +43,7 @@ zone . IN {
};
include /etc/named.rfc1912.zones;
+include $ROOT_KEY;
dynamic-db ipa {
library ldap.so;
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3914eb59066b515d33bebc19ca5afb4f50548bb2..93ce71dd5fb198e986230dbfac63ef910b8b6beb 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -624,6 +624,123 @@ def named_enable_dnssec():
return True
+def named_bindkey_file_option():
+
+Add options bindkey_file to named.conf
+
+if not bindinstance.named_conf_exists():
+# DNS service may not be configured
+root_logger.info('DNS is not configured')
+return False
+
+if sysupgrade.get_upgrade_state('named.conf', 'bindkey-file_updated'):
+root_logger.debug('Skip bindkey-file configuration check')
+return False
+
+try:
+bindkey_file = bindinstance.named_conf_get_directive('bindkey-file',
+bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot retrieve bindkey-file option from %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+else:
+if bindkey_file:
+root_logger.debug('bindkey-file configuration already updated')
+sysupgrade.set_upgrade_state('named.conf', 'bindkey-file_updated', True)
+return False
+
+root_logger.info('[Setting bindkeys-file option in named.conf]')
+try:
+bindinstance.named_conf_set_directive('bindkeys-file',
+ paths.NAMED_BINDKEYS_FILE,
+ bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot update bindkeys-file configuration in %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+
+
+sysupgrade.set_upgrade_state('named.conf', 'bindkey-file_updated', True)
+return True
+
+def named_managed_keys_dir_option():
+
+Add options managed_keys_directory to named.conf
+
+if not bindinstance.named_conf_exists():
+# DNS service may not be configured
+root_logger.info('DNS is not configured')
+return False
+
+if sysupgrade.get_upgrade_state('named.conf', 'managed-keys-directory_updated'):
+root_logger.debug('Skip managed-keys-directory configuration check')
+return False
+
+try:
+managed_keys = bindinstance.named_conf_get_directive('managed-keys-directory',
+bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot retrieve managed-keys-directory option from %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+else:
+if managed_keys:
+root_logger.debug('managed_keys_directory configuration already updated')
+sysupgrade.set_upgrade_state('named.conf', 'managed-keys-directory_updated', True)
+return False
+
+root_logger.info('[Setting managed-keys-directory option in named.conf]')
+try:
+bindinstance.named_conf_set_directive('managed-keys-directory',
+ paths.NAMED_MANAGED_KEYS_DIR,
+ bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot update managed-keys-directory configuration in %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+
+
+sysupgrade.set_upgrade_state('named.conf', 'managed-keys-directory_updated', True)
+return True
+
+def named_root_key_include():
+
+Add