freeipa.git/install/tools/ipa-dns-install, branch adwork FreeIPA project Enable persistent search by default 2012-06-11T01:23:15+00:00 Martin Kosek mkosek@redhat.com 2012-05-25T12:13:01+00:00 ce97d6f8e7cb47927fccc27c258d32caf895a88c From IPA version 3.0, the persistent search is a preferred mechanism to for DNS zone list management. It will be also a requirement for several bind-dyndb-ldap features, like SOA serial automatic updates or DNSSEC. Make this mechanism default in ipa-server-install and ipa-dns-istall. https://fedorahosted.org/freeipa/ticket/2524 
From IPA version 3.0, the persistent search is a preferred mechanism
to for DNS zone list management. It will be also a requirement for
several bind-dyndb-ldap features, like SOA serial automatic updates
or DNSSEC.

Make this mechanism default in ipa-server-install and ipa-dns-istall.

https://fedorahosted.org/freeipa/ticket/2524
Move install script error handling to a common function 2012-05-31T12:37:27+00:00 Petr Viktorin pviktori@redhat.com 2012-05-31T12:34:09+00:00 0ca29fac9af4cd437a8536f28ffd25923ec3f8cd All of our install/admin scripts had a try/except block calling the main function and handling common exceptions. These were copy-pasted from each other and modified to various levels of sophistication. This refactors them out of installers to a single function, which includes a final pass/fail message for all of the scripts. Non-install scripts that set up the same log handler levels for stderr and log file are not changed, as it's not possible to log to only the logfile without changing the logger configuration. https://fedorahosted.org/freeipa/ticket/2071 
All of our install/admin scripts had a try/except block calling the
main function and handling common exceptions. These were copy-pasted
from each other and modified to various levels of sophistication.
This refactors them out of installers to a single function, which
includes a final pass/fail message for all of the scripts.

Non-install scripts that set up the same log handler levels for
stderr and log file are not changed, as it's not possible to log
to only the logfile without changing the logger configuration.

https://fedorahosted.org/freeipa/ticket/2071
Replace DNS client based on acutil with python-dns 2012-05-24T11:55:56+00:00 Martin Kosek mkosek@redhat.com 2012-05-11T12:38:09+00:00 f1ed123caddd7525a0081c4a9de931cabdfda43f IPA client and server tool set used authconfig acutil module to for client DNS operations. This is not optimal DNS interface for several reasons: - does not provide native Python object oriented interface but but rather C-like interface based on functions and structures which is not easy to use and extend - acutil is not meant to be used by third parties besides authconfig and thus can break without notice Replace the acutil with python-dns package which has a feature rich interface for dealing with all different aspects of DNS including DNSSEC. The main target of this patch is to replace all uses of acutil DNS library with a use python-dns. In most cases, even though the larger parts of the code are changed, the actual functionality is changed only in the following cases: - redundant DNS checks were removed from verify_fqdn function in installutils to make the whole DNS check simpler and less error-prone. Logging was improves for the remaining checks - improved logging for ipa-client-install DNS discovery https://fedorahosted.org/freeipa/ticket/2730 https://fedorahosted.org/freeipa/ticket/1837 
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
  but but rather C-like interface based on functions and
  structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
  authconfig and thus can break without notice

Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
  in installutils to make the whole DNS check simpler and
  less error-prone. Logging was improves for the remaining
  checks
- improved logging for ipa-client-install DNS discovery

https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
Improve user awareness about dnsconfig 2012-03-26T04:33:45+00:00 Martin Kosek mkosek@redhat.com 2012-03-15T12:51:59+00:00 52aa008b8719f4ea678efa8957794bb6dcd13893 Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers. This patch adds more information about global DNS configuration options in install scripts and DNS module help. https://fedorahosted.org/freeipa/ticket/2525 
Global DNS configuration is a nice tool to maintain a common DNS
settings stored in LDAP which are then used for all enrolled IPA
servers. However, the settings stored in LDAP override local
settings in named.conf on DNS servers.

This patch adds more information about global DNS configuration
options in install scripts and DNS module help.

https://fedorahosted.org/freeipa/ticket/2525
Refresh resolvers after DNS install 2012-03-12T02:11:41+00:00 Martin Kosek mkosek@redhat.com 2012-03-06T12:26:45+00:00 c956b3cd2ba12d87054909af3dce7d231f034240 Server framework calls acutil.res_send() to send DNS queries used for various DNS tests. However, once acutil is imported it does not change its list of configured resolvers even when /etc/resolv.conf is changed. This may lead to unexpected resolution issues. We should at least reload httpd when we change /etc/resolv.conf to point to FreeIPA nameserver to force a new import of acutil and thus workaround this bug until it is resolved in authconfig. https://fedorahosted.org/freeipa/ticket/2481 
Server framework calls acutil.res_send() to send DNS queries used
for various DNS tests. However, once acutil is imported it does
not change its list of configured resolvers even when
/etc/resolv.conf is changed. This may lead to unexpected
resolution issues.

We should at least reload httpd when we change /etc/resolv.conf to
point to FreeIPA nameserver to force a new import of acutil and
thus workaround this bug until it is resolved in authconfig.

https://fedorahosted.org/freeipa/ticket/2481
Ease zonemgr restrictions 2012-02-20T14:34:45+00:00 Martin Kosek mkosek@redhat.com 2012-02-20T12:40:13+00:00 e10af0b764fb2d042c6ad730866af508f231c8cb Admin e-mail validator currently requires an email to be in a second-level domain (hostmaster@example.com). This is too restrictive. Top level domain e-mails (hostmaster@testrelm) should also be allowed. This patch also fixes default zonemgr value in help texts and man pages. https://fedorahosted.org/freeipa/ticket/2272 
Admin e-mail validator currently requires an email to be in
a second-level domain (hostmaster@example.com). This is too
restrictive. Top level domain e-mails (hostmaster@testrelm)
should also be allowed.

This patch also fixes default zonemgr value in help texts and man
pages.

https://fedorahosted.org/freeipa/ticket/2272
Fix 'no-reverse' option description 2012-02-02T22:50:55+00:00 Ondrej Hamada ohamada@redhat.com 2012-01-31T14:16:56+00:00 2e860f6d070db3b2fe8799891c3e568ac48a1fac The description of 'no-reverse' option was fixed in both code and manpages of ipa-replica-install and ipa-dns-install. https://fedorahosted.org/freeipa/ticket/2161 
The description of 'no-reverse' option was fixed in both code and
manpages of ipa-replica-install and ipa-dns-install.

https://fedorahosted.org/freeipa/ticket/2161
Fix ipa-server-install for dual NICs 2012-01-23T04:01:42+00:00 Martin Kosek mkosek@redhat.com 2012-01-20T07:30:40+00:00 6141919fba30487e3c4eb19b0c87a10384fd9d20 A server may have 2 or more NICs and its hostname may thus resolve to 2 and more forward addresses. IP address checks in install scripts does not expect this setup and may fail or crash. This script adds a support for multiple forward addresses for a hostname. The install scripts do not crash now. When one IP address is needed, user is asked to choose from all detected server IP addresses. https://fedorahosted.org/freeipa/ticket/2154 
A server may have 2 or more NICs and its hostname may thus resolve
to 2 and more forward addresses. IP address checks in install
scripts does not expect this setup and may fail or crash.

This script adds a support for multiple forward addresses for
a hostname. The install scripts do not crash now. When one IP
address is needed, user is asked to choose from all detected
server IP addresses.

https://fedorahosted.org/freeipa/ticket/2154
ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23T08:36:18+00:00 John Dennis jdennis@redhat.com 2011-11-15T19:39:31+00:00 56401c1abe7d4c78650acfcd9bbe8c8edc1dac57 change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level() 
change default_logger_level to debug in configure_standard_logging

add new ipa_log_manager module, move log_mgr there, also export
root_logger from log_mgr.

change all log_manager imports to ipa_log_manager and change
log_manager.root_logger to root_logger.

add missing import for parse_log_level()
Add --zonemgr/--admin-mail validator 2011-10-26T06:52:50+00:00 Martin Kosek mkosek@redhat.com 2011-10-24T16:35:48+00:00 b26d0dcc04e821543b8582328e99e630b752768f Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966 
Do at least a basic validation of DNS zone manager mail address.

Do not require '@' to be in the mail address as the SOA record
stores this value without it and people may be used to configure
it that way. '@' is always removed by the installer/dns plugin before
the DNS zone is created.

https://fedorahosted.org/freeipa/ticket/1966