diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-08-31 14:42:57 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-08-31 16:46:26 +0200 |
| commit | 5a495b91dea527f9ac051655e2fd26ca3f9deab5 (patch) | |
| tree | 5f276566f8f7f2089273bb8e2b24398d2b0bd262 /install/tools/ipa-server-install | |
| parent | 6e4132b108e792620b6410f15953906063813724 (diff) | |
| download | freeipa-5a495b91dea527f9ac051655e2fd26ca3f9deab5.tar.gz freeipa-5a495b91dea527f9ac051655e2fd26ca3f9deab5.tar.xz freeipa-5a495b91dea527f9ac051655e2fd26ca3f9deab5.zip | |
Let Bind track data changes
Integrate new bind-dyndb-ldap features to automatically track
DNS data changes:
1) Zone refresh
Set --zone-refresh in installation to define number of seconds
between bind-dyndb-ldap polls for new DNS zones. User now
doesn't have to restart name server when a new zone is added.
2) New zone notifications
Use LDAP persistent search mechanism to immediately get
notification when any new DNS zone is added. Use --zone-notif
install option to enable. This option is mutually exclusive
with Zone refresh.
To enable this functionality in existing IPA installations,
update a list of arguments for bind-dyndb-ldap in /etc/named.conf.
An example when zone refresh is disabled and DNS data change
notifications (argument psearch of bind-dyndb-ldap) are enabled:
dynamic-db "ipa" {
...
arg "zone_refresh 0";
arg "psearch yes";
};
This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later.
https://fedorahosted.org/freeipa/ticket/826
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 3828a9c48..e8a48fad2 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -61,6 +61,7 @@ from ipalib.parameters import IA5Str from ipapython.config import IPAOptionParser from ipalib.dn import DN from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file +from ipalib.constants import DNS_ZONE_REFRESH pw_name = None uninstalling = False @@ -140,6 +141,14 @@ def parse_options(): parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback, type="string", help="DNS zone manager e-mail address. Defaults to root") + parser.add_option("--zone-notif", dest="zone_notif", + action="store_true", default=False, + help="Let name server receive notification when a new zone is added." \ + "Zone refresh is turned off when zone notification is enabled") + parser.add_option("--zone-refresh", dest="zone_refresh", + default=DNS_ZONE_REFRESH, type="int", + help="A delay between checks for new DNS zones. Defaults to %d" \ + % DNS_ZONE_REFRESH) parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") parser.add_option("", "--uninstall", dest="uninstall", action="store_true", @@ -247,6 +256,12 @@ def parse_options(): if not options.pkinit_pkcs12 and not options.selfsign: options.setup_pkinit = False + if options.zone_refresh < 0: + parser.error("negative numbers not allowed for --zone-refresh") + + if options.zone_notif: # these 2 features are mutually exclusive + options.zone_refresh = 0 + return safe_options, options def signal_handler(signum, frame): @@ -992,7 +1007,10 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) - bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp, reverse_zone, zonemgr=options.zonemgr) + bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, + options.conf_ntp, reverse_zone, zonemgr=options.zonemgr, + zone_refresh=options.zone_refresh, + zone_notif=options.zone_notif) if options.setup_dns: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) |