Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

2014-10-14 Thread Petr Spacek 

On 10.10.2014 08:05, David Kupka wrote:

On 10/03/2014 12:45 PM, Martin Basti wrote:

Hello!

Patch 131:
https://fedorahosted.org/freeipa/ticket/3801#comment:31

Patch 132:
I modified named.conf in 131, so I change the rest of paths to be
ipaplatform specified.

Patches attached



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel



Hi!
The upgrade processes looks fine to me. And I didn't find any surprise in the
code. So it's A and C/2 from me. For the rest go to Petr^2.


Full ACK. Thank you!

--
Petr^2 Spacek

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

2014-10-14 Thread Petr Spacek 

On 14.10.2014 13:44, Petr Spacek wrote:

On 10.10.2014 08:05, David Kupka wrote:

On 10/03/2014 12:45 PM, Martin Basti wrote:

Hello!

Patch 131:
https://fedorahosted.org/freeipa/ticket/3801#comment:31

Patch 132:
I modified named.conf in 131, so I change the rest of paths to be
ipaplatform specified.

Patches attached



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel



Hi!
The upgrade processes looks fine to me. And I didn't find any surprise in the
code. So it's A and C/2 from me. For the rest go to Petr^2.


Full ACK. Thank you!


BTW this can be pushed right away. It should not depend on other DNSSEC 
patches and should not break anything.


--
Petr^2 Spacek

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

2014-10-14 Thread Martin Kosek 
On 10/14/2014 01:44 PM, Petr Spacek wrote:
 On 10.10.2014 08:05, David Kupka wrote:
 On 10/03/2014 12:45 PM, Martin Basti wrote:
 Hello!

 Patch 131:
 https://fedorahosted.org/freeipa/ticket/3801#comment:31

 Patch 132:
 I modified named.conf in 131, so I change the rest of paths to be
 ipaplatform specified.

 Patches attached



 ___
 Freeipa-devel mailing list
 Freeipa-devel@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-devel


 Hi!
 The upgrade processes looks fine to me. And I didn't find any surprise in the
 code. So it's A and C/2 from me. For the rest go to Petr^2.
 
 Full ACK. Thank you!
 

Pushed to:
master: 7ad70025eb2deaf5c7c79149673dc2fbde2b7c2c
ipa-4-1: bac2cc979907b1069ccb0c563636b6e06f9a0721

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

2014-10-10 Thread David Kupka 

On 10/03/2014 12:45 PM, Martin Basti wrote:

Hello!

Patch 131:
https://fedorahosted.org/freeipa/ticket/3801#comment:31

Patch 132:
I modified named.conf in 131, so I change the rest of paths to be
ipaplatform specified.

Patches attached



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel



Hi!
The upgrade processes looks fine to me. And I didn't find any surprise 
in the code. So it's A and C/2 from me. For the rest go to Petr^2.


--
David Kupka

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0131-0132] Add missing attributes to named.conf

2014-10-03 Thread Martin Basti 

Hello!

Patch 131:
https://fedorahosted.org/freeipa/ticket/3801#comment:31

Patch 132:
I modified named.conf in 131, so I change the rest of paths to be 
ipaplatform specified.


Patches attached

--
Martin Basti

From 4fe9f258c272d9d7c98b084579bafbef6ba6bc83 Mon Sep 17 00:00:00 2001
From: Martin Basti mba...@redhat.com
Date: Thu, 2 Oct 2014 14:55:10 +0200
Subject: [PATCH 1/2] Add missing attributes to named.conf

Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31
---
 install/share/bind.named.conf.template |   6 ++
 install/tools/ipa-upgradeconfig| 120 +
 ipaplatform/base/paths.py  |   3 +
 ipaserver/install/bindinstance.py  |  28 
 4 files changed, 157 insertions(+)

diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 6db17120f983d3762d4fb728d262eae10a18f74e..cdf21c1429f204e6ce5d4e4bcb1460f9fd0bb5b8 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -18,6 +18,11 @@ options {
 	pid-file /run/named/named.pid;
 
 	dnssec-enable yes;
+
+	/* Path to ISC DLV key */
+	bindkeys-file $BINDKEYS_FILE;
+
+	managed-keys-directory $MANAGED_KEYS_DIR;
 };
 
 /* If you want to enable debugging, eg. using the 'rndc trace' command,
@@ -38,6 +43,7 @@ zone . IN {
 };
 
 include /etc/named.rfc1912.zones;
+include $ROOT_KEY;
 
 dynamic-db ipa {
 	library ldap.so;
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3914eb59066b515d33bebc19ca5afb4f50548bb2..93ce71dd5fb198e986230dbfac63ef910b8b6beb 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -624,6 +624,123 @@ def named_enable_dnssec():
 return True
 
 
+def named_bindkey_file_option():
+
+Add options bindkey_file to named.conf
+
+if not bindinstance.named_conf_exists():
+# DNS service may not be configured
+root_logger.info('DNS is not configured')
+return False
+
+if sysupgrade.get_upgrade_state('named.conf', 'bindkey-file_updated'):
+root_logger.debug('Skip bindkey-file configuration check')
+return False
+
+try:
+bindkey_file = bindinstance.named_conf_get_directive('bindkey-file',
+bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot retrieve bindkey-file option from %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+else:
+if bindkey_file:
+root_logger.debug('bindkey-file configuration already updated')
+sysupgrade.set_upgrade_state('named.conf', 'bindkey-file_updated', True)
+return False
+
+root_logger.info('[Setting bindkeys-file option in named.conf]')
+try:
+bindinstance.named_conf_set_directive('bindkeys-file',
+  paths.NAMED_BINDKEYS_FILE,
+  bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot update bindkeys-file configuration in %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+
+
+sysupgrade.set_upgrade_state('named.conf', 'bindkey-file_updated', True)
+return True
+
+def named_managed_keys_dir_option():
+
+Add options managed_keys_directory to named.conf
+
+if not bindinstance.named_conf_exists():
+# DNS service may not be configured
+root_logger.info('DNS is not configured')
+return False
+
+if sysupgrade.get_upgrade_state('named.conf', 'managed-keys-directory_updated'):
+root_logger.debug('Skip managed-keys-directory configuration check')
+return False
+
+try:
+managed_keys = bindinstance.named_conf_get_directive('managed-keys-directory',
+bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot retrieve managed-keys-directory option from %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+else:
+if managed_keys:
+root_logger.debug('managed_keys_directory configuration already updated')
+sysupgrade.set_upgrade_state('named.conf', 'managed-keys-directory_updated', True)
+return False
+
+root_logger.info('[Setting managed-keys-directory option in named.conf]')
+try:
+bindinstance.named_conf_set_directive('managed-keys-directory',
+  paths.NAMED_MANAGED_KEYS_DIR,
+  bindinstance.NAMED_SECTION_OPTIONS)
+except IOError, e:
+root_logger.error('Cannot update managed-keys-directory configuration in %s: %s',
+bindinstance.NAMED_CONF, e)
+return False
+
+
+sysupgrade.set_upgrade_state('named.conf', 'managed-keys-directory_updated', True)
+return True
+
+def named_root_key_include():
+
+Add