Improve user awareness about dnsconfig

Global DNS configuration is a nice tool to maintain a common DNS
settings stored in LDAP which are then used for all enrolled IPA
servers. However, the settings stored in LDAP override local
settings in named.conf on DNS servers.

This patch adds more information about global DNS configuration
options in install scripts and DNS module help.

https://fedorahosted.org/freeipa/ticket/2525

5 files changed, 52 insertions, 0 deletions

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 096020c5e..b540630f4 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -232,6 +232,9 @@ def main():
     print "=============================================================================="
     print "Setup complete"
     print ""
+    bind.check_global_configuration()
+    print ""
+    print ""
     print "\tYou must make sure these network ports are open:"
     print "\t\tTCP Ports:"
     print "\t\t  * 53: bind"
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 65f5229df..07b1781ee 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -229,6 +229,10 @@ def install_bind(config, options):
                config.domain_name, forwarders, options.conf_ntp, reverse_zone)
     bind.create_instance()
 
+    print ""
+    bind.check_global_configuration()
+    print ""
+
 def install_dns_records(config, options):
 
     if not bindinstance.dns_container_exists(config.master_host_name,
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 9c7388b40..1dd02ba87 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1019,6 +1019,9 @@ def main():
         api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
 
         bind.create_instance()
+        print ""
+        bind.check_global_configuration()
+        print ""
     else:
         bind.create_sample_bind_zone()
 
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index f47b180af..e69686cbf 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -189,6 +189,14 @@ EXAMPLES:
    ipa dns-resolve www.example.com
    ipa dns-resolve www
 
+
+GLOBAL DNS CONFIGURATION
+
+DNS configuration passed to command line install script is stored in a local
+configuration file on each IPA server where DNS service is configured. These
+local settings can be overridden with a common configuration stored in LDAP
+server:
+
  Show global DNS configuration:
    ipa dnsconfig-show
 
@@ -2701,16 +2709,30 @@ class dnsconfig(LDAPObject):
 
         return entry
 
+    def postprocess_result(self, result):
+        if not any(param in result['result'] for param in self.params):
+            result['summary'] = unicode(_('Global DNS configuration is empty'))
+
 api.register(dnsconfig)
 
 
 class dnsconfig_mod(LDAPUpdate):
     __doc__ = _('Modify global DNS configuration.')
 
+    def execute(self, *keys, **options):
+        result = super(dnsconfig_mod, self).execute(*keys, **options)
+        self.obj.postprocess_result(result)
+        return result
+
 api.register(dnsconfig_mod)
 
 
 class dnsconfig_show(LDAPRetrieve):
     __doc__ = _('Show the current global DNS configuration.')
 
+    def execute(self, *keys, **options):
+        result = super(dnsconfig_show, self).execute(*keys, **options)
+        self.obj.postprocess_result(result)
+        return result
+
 api.register(dnsconfig_show)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index a37a29303..ba8b7b5cc 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -637,6 +637,26 @@ class BindInstance(service.Service):
                 # remove also master NS record from the reverse zone
                 del_rr(rzone, "@", "NS", fqdn+".")
 
+    def check_global_configuration(self):
+        """
+        Check global DNS configuration in LDAP server and inform user when it
+        set and thus overrides his configured options in named.conf.
+        """
+        result = api.Command.dnsconfig_show()
+        global_conf_set = any(param in result['result'] for \
+                              param in api.Object['dnsconfig'].params)
+
+        if not global_conf_set:
+            print "Global DNS configuration in LDAP server is empty"
+            print "You can use 'dnsconfig-mod' command to set global DNS options that"
+            print "would override settings in local named.conf files"
+            return
+
+        print "Global DNS configuration in LDAP server is not empty"
+        print "The following configuration options override local settings in named.conf:"
+        print ""
+        textui = ipalib.cli.textui()
+        api.Command.dnsconfig_show.output_for_cli(textui, result, None, reverse=False)
 
     def uninstall(self):
         if self.is_configured():