diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-05-11 14:38:09 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-05-24 13:55:56 +0200 |
commit | f1ed123caddd7525a0081c4a9de931cabdfda43f (patch) | |
tree | f615dabc3535203fbd2777166dbe150f6d31197e /ipa-client/ipa-install/ipa-client-install | |
parent | 6bb462e26a814e683b3ec5b39d2ff9a1db8fa4ec (diff) | |
download | freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.tar.gz freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.tar.xz freeipa-f1ed123caddd7525a0081c4a9de931cabdfda43f.zip |
Replace DNS client based on acutil with python-dns
IPA client and server tool set used authconfig acutil module to
for client DNS operations. This is not optimal DNS interface for
several reasons:
- does not provide native Python object oriented interface
but but rather C-like interface based on functions and
structures which is not easy to use and extend
- acutil is not meant to be used by third parties besides
authconfig and thus can break without notice
Replace the acutil with python-dns package which has a feature rich
interface for dealing with all different aspects of DNS including
DNSSEC. The main target of this patch is to replace all uses of
acutil DNS library with a use python-dns. In most cases, even
though the larger parts of the code are changed, the actual
functionality is changed only in the following cases:
- redundant DNS checks were removed from verify_fqdn function
in installutils to make the whole DNS check simpler and
less error-prone. Logging was improves for the remaining
checks
- improved logging for ipa-client-install DNS discovery
https://fedorahosted.org/freeipa/ticket/2730
https://fedorahosted.org/freeipa/ticket/1837
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 67279b3ed..6854581d2 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -25,6 +25,7 @@ try: import os import time import socket + from ipapython.ipa_log_manager import * import tempfile import getpass @@ -35,7 +36,6 @@ try: from ipapython.ipautil import run, user_input, CalledProcessError, file_exists, realm_to_suffix import ipapython.services as ipaservices from ipapython import ipautil - from ipapython import dnsclient from ipapython import sysrestore from ipapython import version from ipapython import certmonger @@ -996,18 +996,10 @@ def update_dns(server, hostname): def client_dns(server, hostname, dns_updates=False): - dns_ok = False + dns_ok = ipautil.is_host_resolvable(hostname) - # Check if the client has an A record registered in its name. - rs = dnsclient.query(hostname+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_A) - if len([ rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA ]) > 0: - dns_ok = True - else: - rs = dnsclient.query(hostname+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_AAAA) - if len([ rec for rec in rs if rec.dns_type is not dnsclient.DNS_T_SOA ]) > 0: - dns_ok = True - else: - print "Warning: Hostname (%s) not found in DNS" % hostname + if not dns_ok: + print "Warning: Hostname (%s) not found in DNS" % hostname if dns_updates or not dns_ok: update_dns(server, hostname) @@ -1243,15 +1235,15 @@ def install(options, env, fstore, statestore): # We assume that NTP servers are discoverable through SRV records in the DNS # If that fails, we try to sync directly with IPA server, assuming it runs NTP print 'Synchronizing time with KDC...' - ntp_servers = ipautil.parse_items(ds.ipadnssearchntp(cli_domain)) + ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False) synced_ntp = False - if len(ntp_servers) > 0: + if ntp_servers: for s in ntp_servers: - synced_ntp = ipaclient.ntpconf.synconce_ntp(s) + synced_ntp = ipaclient.ntpconf.synconce_ntp(s, debug=True) if synced_ntp: break if not synced_ntp: - synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server) + synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server, debug=True) if not synced_ntp: print "Unable to sync time with IPA NTP server, assuming the time is in sync." (krb_fd, krb_name) = tempfile.mkstemp() |