summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2012-05-25 14:13:01 +0200
committerRob Crittenden <rcritten@redhat.com>2012-06-10 21:23:15 -0400
commitce97d6f8e7cb47927fccc27c258d32caf895a88c (patch)
tree9a6218678b2edf0f6fa9fd438f05a697fc67448a
parentc856fb60737612781fab30760bceeb8bbf6312d9 (diff)
downloadfreeipa-ce97d6f8e7cb47927fccc27c258d32caf895a88c.zip
freeipa-ce97d6f8e7cb47927fccc27c258d32caf895a88c.tar.gz
freeipa-ce97d6f8e7cb47927fccc27c258d32caf895a88c.tar.xz
Enable persistent search by default
From IPA version 3.0, the persistent search is a preferred mechanism to for DNS zone list management. It will be also a requirement for several bind-dyndb-ldap features, like SOA serial automatic updates or DNSSEC. Make this mechanism default in ipa-server-install and ipa-dns-istall. https://fedorahosted.org/freeipa/ticket/2524
-rw-r--r--freeipa.spec.in4
-rwxr-xr-xinstall/tools/ipa-dns-install24
-rwxr-xr-xinstall/tools/ipa-server-install25
-rw-r--r--install/tools/man/ipa-dns-install.16
-rw-r--r--install/tools/man/ipa-server-install.16
-rw-r--r--ipalib/constants.py3
-rw-r--r--ipaserver/install/bindinstance.py8
7 files changed, 41 insertions, 35 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 1ab2db2..3e1c844 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -158,7 +158,7 @@ Requires: python-dns
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
# that work for us.
-Conflicts: bind-dyndb-ldap < 1.1.0-0.9.b1
+Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1
Conflicts: bind < 9.8.2-0.4.rc2
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
@@ -705,6 +705,8 @@ fi
%changelog
* Fri Jun 8 2012 Martin Kosek <mkosek@redhat.com> - 2.99.0-32
- Add directory /var/lib/ipa/sysupgrade for package upgrade metadata
+- Set min for bind-dyndb-ldap to 1.1.0-0.12.rc1 to pick up persistent search
+ related bug fixes
* Mon Jun 4 2012 Alexander Bokovoy <abokovoy@redhat.com> - 2.99.0-31
- Add python-crypto to build dependencies for AD server-side code
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 063cf5b..6e9b998 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -27,7 +27,7 @@ from ipapython import version
from ipapython import ipautil, sysrestore
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
-from ipalib.constants import DNS_ZONE_REFRESH
+from optparse import OptionGroup, SUPPRESS_HELP
import krbV
import ldap
from ipapython.ipa_log_manager import *
@@ -52,14 +52,16 @@ def parse_options():
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
+ # this option name has been deprecated, persistent search has been enabled by default
parser.add_option("--zone-notif", dest="zone_notif",
- action="store_true", default=False,
- help="Let name server receive notification when a new zone is added." \
- "Zone refresh is turned off when zone notification is enabled")
+ action="store_true", default=False, help=SUPPRESS_HELP)
+ parser.add_option("--no-persistent-search", dest="persistent_search",
+ default=True, action="store_false",
+ help="Do not enable persistent search feature in the name server")
parser.add_option("--zone-refresh", dest="zone_refresh",
- default=DNS_ZONE_REFRESH, type="int",
- help="A delay between checks for new DNS zones. Defaults to %d" \
- % DNS_ZONE_REFRESH)
+ default=0, type="int",
+ help="When set to non-zero the name server will use DNS zone "
+ "detection based on polling instead of a persistent search")
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
default=False, help="unattended installation never prompts the user")
@@ -77,9 +79,11 @@ def parse_options():
if options.zone_refresh < 0:
parser.error("negative numbers not allowed for --zone-refresh")
+ elif options.zone_refresh > 0:
+ options.persistent_search = False # mutually exclusive features
- if options.zone_notif: # mutually exclusive features
- options.zone_refresh = 0
+ if options.zone_notif:
+ print >>sys.stderr, "WARNING: --zone-notif option is deprecated and has no effect"
return safe_options, options
@@ -220,7 +224,7 @@ def main():
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr,
zone_refresh=options.zone_refresh,
- zone_notif=options.zone_notif)
+ persistent_search=options.persistent_search)
bind.create_instance()
# Restart http instance to make sure that python-dns has the right resolver
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 61c2b9d..6dc02f6 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -38,7 +38,7 @@ import pickle
import random
import tempfile
import nss.error
-from optparse import OptionGroup, OptionValueError
+from optparse import OptionGroup, OptionValueError, SUPPRESS_HELP
from ipaserver.install import dsinstance
from ipaserver.install import krbinstance
@@ -62,7 +62,6 @@ from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
from ipalib.dn import DN
from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
-from ipalib.constants import DNS_ZONE_REFRESH
from ipalib.util import validate_domain_name
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
@@ -197,14 +196,16 @@ def parse_options():
dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
+ # this option name has been deprecated, persistent search has been enabled by default
dns_group.add_option("--zone-notif", dest="zone_notif",
- action="store_true", default=False,
- help="Let name server receive notification when a new zone is added." \
- "Zone refresh is turned off when zone notification is enabled")
+ action="store_true", default=False, help=SUPPRESS_HELP)
+ dns_group.add_option("--no-persistent-search", dest="persistent_search",
+ default=True, action="store_false",
+ help="Do not enable persistent search feature in the name server")
dns_group.add_option("--zone-refresh", dest="zone_refresh",
- default=DNS_ZONE_REFRESH, type="int",
- help="A delay between checks for new DNS zones. Defaults to %d" \
- % DNS_ZONE_REFRESH)
+ default=0, type="int",
+ help="When set to non-zero the name server will use DNS zone "
+ "detection based on polling instead of a persistent search")
dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
default=False,
help="Do not use DNS for hostname lookup during installation")
@@ -300,9 +301,11 @@ def parse_options():
if options.zone_refresh < 0:
parser.error("negative numbers not allowed for --zone-refresh")
+ elif options.zone_refresh > 0:
+ options.persistent_search = False # mutually exclusive features
- if options.zone_notif: # these 2 features are mutually exclusive
- options.zone_refresh = 0
+ if options.zone_notif:
+ print >>sys.stderr, "WARNING: --zone-notif option is deprecated and has no effect"
return safe_options, options
@@ -1033,7 +1036,7 @@ def main():
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders,
options.conf_ntp, reverse_zone, zonemgr=options.zonemgr,
zone_refresh=options.zone_refresh,
- zone_notif=options.zone_notif)
+ persistent_search=options.persistent_search)
if options.setup_dns:
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1
index 3f40ab7..9fe89ed 100644
--- a/install/tools/man/ipa-dns-install.1
+++ b/install/tools/man/ipa-dns-install.1
@@ -49,11 +49,11 @@ Do not create new reverse DNS zone. If used on a replica and a reverse DNS zone
\fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
.TP
-\fB\-\-zone\-notif\fR
-Let name server receive notifications when a new zone is added. New zone is then immediately loaded by the name server. This feature uses an LDAP Persistent Search mechanism to receive the data. Zone refresh is turned off when zone notifications are enabled.
+\fB\-\-no\-persistent\-search\fR
+Do not enable persistent search mechanism for updating the list of DNS zones in the name server. When persistent search is disabled and \fB\-\-zone\-refresh\fR option is not set to non-zero value, new zones won't be resolvable until the name server is reloaded.
.TP
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
-Number of seconds between regular checks for new DNS zones. When set to 0 the name server does not check for new zones and it needs to be reloaded when a new DNS zone is added.
+When set to non-zero value, persistent search zone update mechanism will be disabled and the name server will use a polling mechanism to load new DNS zones every \fIZONE_REFRESH\fR seconds.
.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index b69c720..77d4068 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -145,11 +145,11 @@ Do not create reverse DNS zone
\fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
.TP
-\fB\-\-zone\-notif\fR
-Let name server receive notifications when a new zone is added. New zone is then immediately loaded by the name server. This feature uses an LDAP Persistent Search mechanism to receive the data. Zone refresh is turned off when zone notifications are enabled.
+\fB\-\-no\-persistent\-search\fR
+Do not enable persistent search mechanism for updating the list of DNS zones in the name server. When persistent search is disabled and \fB\-\-zone\-refresh\fR option is not set to non-zero value, new zones won't be resolvable until the name server is reloaded.
.TP
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
-Number of seconds between regular checks for new DNS zones. When set to 0 the name server does not check for new zones and it needs to be reloaded when a new DNS zone is added.
+When set to non-zero value, persistent search zone update mechanism will be disabled and the name server will use a polling mechanism to load new DNS zones every \fIZONE_REFRESH\fR seconds.
.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 3376d30..8f87a18 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -192,6 +192,3 @@ DEFAULT_CONFIG = (
('log', object), # Path to context specific log file
)
-
-# Default DNS zone refresh interval in seconds (0 = disabled)
-DNS_ZONE_REFRESH = 30
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 2441555..623e397 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -30,7 +30,6 @@ from ipaserver.install.dsinstance import realm_to_serverid
from ipaserver.install.installutils import resolve_host
from ipapython import sysrestore
from ipapython import ipautil
-from ipalib.constants import DNS_ZONE_REFRESH
from ipalib.parameters import IA5Str
from ipalib.util import (validate_zonemgr, normalize_zonemgr,
get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy)
@@ -388,7 +387,7 @@ class BindInstance(service.Service):
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
reverse_zone, named_user="named", zonemgr=None,
- zone_refresh=DNS_ZONE_REFRESH, zone_notif=False):
+ zone_refresh=0, persistent_search=True):
self.named_user = named_user
self.fqdn = fqdn
self.ip_address = ip_address
@@ -400,7 +399,7 @@ class BindInstance(service.Service):
self.ntp = ntp
self.reverse_zone = reverse_zone
self.zone_refresh = zone_refresh
- self.zone_notif = zone_notif
+ self.persistent_search = persistent_search
if not zonemgr:
self.zonemgr = 'hostmaster.%s' % self.domain
@@ -497,6 +496,7 @@ class BindInstance(service.Service):
optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s""" % self.host_in_rr
else:
optional_ntp = ""
+ persistent_search = "yes" if self.persistent_search else "no"
self.sub_dict = dict(FQDN=self.fqdn,
IP=self.ip_address,
@@ -509,7 +509,7 @@ class BindInstance(service.Service):
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
ZONE_REFRESH=self.zone_refresh,
- PERSISTENT_SEARCH=self.zone_notif and "yes" or "no")
+ PERSISTENT_SEARCH=persistent_search)
def __setup_dns_container(self):
self._ldap_mod("dns.ldif", self.sub_dict)