summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-dns-install
Commit message (Collapse)AuthorAgeFilesLines
* Enable persistent search by defaultMartin Kosek2012-06-101-10/+14
| | | | | | | | | | | From IPA version 3.0, the persistent search is a preferred mechanism to for DNS zone list management. It will be also a requirement for several bind-dyndb-ldap features, like SOA serial automatic updates or DNSSEC. Make this mechanism default in ipa-server-install and ipa-dns-istall. https://fedorahosted.org/freeipa/ticket/2524
* Move install script error handling to a common functionPetr Viktorin2012-05-311-27/+7
| | | | | | | | | | | | | | All of our install/admin scripts had a try/except block calling the main function and handling common exceptions. These were copy-pasted from each other and modified to various levels of sophistication. This refactors them out of installers to a single function, which includes a final pass/fail message for all of the scripts. Non-install scripts that set up the same log handler levels for stderr and log file are not changed, as it's not possible to log to only the logfile without changing the logger configuration. https://fedorahosted.org/freeipa/ticket/2071
* Replace DNS client based on acutil with python-dnsMartin Kosek2012-05-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | IPA client and server tool set used authconfig acutil module to for client DNS operations. This is not optimal DNS interface for several reasons: - does not provide native Python object oriented interface but but rather C-like interface based on functions and structures which is not easy to use and extend - acutil is not meant to be used by third parties besides authconfig and thus can break without notice Replace the acutil with python-dns package which has a feature rich interface for dealing with all different aspects of DNS including DNSSEC. The main target of this patch is to replace all uses of acutil DNS library with a use python-dns. In most cases, even though the larger parts of the code are changed, the actual functionality is changed only in the following cases: - redundant DNS checks were removed from verify_fqdn function in installutils to make the whole DNS check simpler and less error-prone. Logging was improves for the remaining checks - improved logging for ipa-client-install DNS discovery https://fedorahosted.org/freeipa/ticket/2730 https://fedorahosted.org/freeipa/ticket/1837
* Improve user awareness about dnsconfigMartin Kosek2012-03-261-0/+3
| | | | | | | | | | | | Global DNS configuration is a nice tool to maintain a common DNS settings stored in LDAP which are then used for all enrolled IPA servers. However, the settings stored in LDAP override local settings in named.conf on DNS servers. This patch adds more information about global DNS configuration options in install scripts and DNS module help. https://fedorahosted.org/freeipa/ticket/2525
* Refresh resolvers after DNS installMartin Kosek2012-03-111-1/+6
| | | | | | | | | | | | | | Server framework calls acutil.res_send() to send DNS queries used for various DNS tests. However, once acutil is imported it does not change its list of configured resolvers even when /etc/resolv.conf is changed. This may lead to unexpected resolution issues. We should at least reload httpd when we change /etc/resolv.conf to point to FreeIPA nameserver to force a new import of acutil and thus workaround this bug until it is resolved in authconfig. https://fedorahosted.org/freeipa/ticket/2481
* Ease zonemgr restrictionsMartin Kosek2012-02-201-1/+1
| | | | | | | | | | | | Admin e-mail validator currently requires an email to be in a second-level domain (hostmaster@example.com). This is too restrictive. Top level domain e-mails (hostmaster@testrelm) should also be allowed. This patch also fixes default zonemgr value in help texts and man pages. https://fedorahosted.org/freeipa/ticket/2272
* Fix 'no-reverse' option descriptionOndrej Hamada2012-02-021-1/+1
| | | | | | | The description of 'no-reverse' option was fixed in both code and manpages of ipa-replica-install and ipa-dns-install. https://fedorahosted.org/freeipa/ticket/2161
* Fix ipa-server-install for dual NICsMartin Kosek2012-01-221-1/+20
| | | | | | | | | | | | | A server may have 2 or more NICs and its hostname may thus resolve to 2 and more forward addresses. IP address checks in install scripts does not expect this setup and may fail or crash. This script adds a support for multiple forward addresses for a hostname. The install scripts do not crash now. When one IP address is needed, user is asked to choose from all detected server IP addresses. https://fedorahosted.org/freeipa/ticket/2154
* ticket 2022 - modify codebase to utilize IPALogManager, obsoletes loggingJohn Dennis2011-11-231-6/+7
| | | | | | | | | | | | change default_logger_level to debug in configure_standard_logging add new ipa_log_manager module, move log_mgr there, also export root_logger from log_mgr. change all log_manager imports to ipa_log_manager and change log_manager.root_logger to root_logger. add missing import for parse_log_level()
* Add --zonemgr/--admin-mail validatorMartin Kosek2011-10-261-1/+2
| | | | | | | | | | | Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966
* Install tools crash when password prompt is interruptedMartin Kosek2011-10-061-0/+2
| | | | | | | | | When getpass.getpass() function is interrupted via CTRL+D, EOFError exception is thrown. Most of the install tools are not prepared for this event and crash with this exception. Make sure that it is handled properly and nice error message is printed. https://fedorahosted.org/freeipa/ticket/1916
* Call standard_logging_setup() before any logging is doneSumit Bose2011-09-131-2/+2
|
* Let Bind track data changesMartin Kosek2011-08-311-1/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Integrate new bind-dyndb-ldap features to automatically track DNS data changes: 1) Zone refresh Set --zone-refresh in installation to define number of seconds between bind-dyndb-ldap polls for new DNS zones. User now doesn't have to restart name server when a new zone is added. 2) New zone notifications Use LDAP persistent search mechanism to immediately get notification when any new DNS zone is added. Use --zone-notif install option to enable. This option is mutually exclusive with Zone refresh. To enable this functionality in existing IPA installations, update a list of arguments for bind-dyndb-ldap in /etc/named.conf. An example when zone refresh is disabled and DNS data change notifications (argument psearch of bind-dyndb-ldap) are enabled: dynamic-db "ipa" { ... arg "zone_refresh 0"; arg "psearch yes"; }; This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later. https://fedorahosted.org/freeipa/ticket/826
* Ask for reverse DNS zone information in attended install right after asking ↵Jan Cholasta2011-08-091-23/+23
| | | | | | for DNS forwarders, so that DNS configuration is done in one place. ticket 1522
* Clean up of IP address checks in install scripts.Jan Cholasta2011-07-191-7/+5
| | | | | | Fixes ipa-dns-install incorrect warning. ticket 1486
* Check IPA configuration in install toolsMartin Kosek2011-07-181-0/+3
| | | | | | | | | Install tools may fail with unexpected error when IPA server is not installed on a system. Improve user experience by implementing a check to affected tools. https://fedorahosted.org/freeipa/ticket/1327 https://fedorahosted.org/freeipa/ticket/1347
* Fix ipa-dns-installMartin Kosek2011-07-151-19/+13
| | | | | | | | | | | | | When DNS plugin is installed via ipa-dns-install and user has a valid Kerberos ticket at the time, the DNS installation is corrupt and named won't start, reporting Preauthentication error. When the non-DM identity is used for authentication, krbprincipalkey attribute in DNS service LDAP record is not created, thus leading to the error. This patch makes sure that authentication with Directory Manager password is used every time. https://fedorahosted.org/freeipa/ticket/1483
* Fix creation of reverse DNS zones.Jan Cholasta2011-07-151-20/+30
| | | | | | | | | | | | | Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by default instead of using the netmask from the --ip-address option. Custom reverse DNS zone can be specified using new --reverse-zone option, which replaces the old --ip-address netmask way of creating reverse zones. The reverse DNS zone name is printed to the user during the install. ticket 1398
* Improve IP address handling in IPA option parserMartin Kosek2011-06-191-2/+2
| | | | | | | | | | | Implements a way to pass match_local and parse_netmask parameters to IP option checker. Now, there is just one common option type "ip" with new optional attributes "ip_local" and "ip_netmask" which can be used to pass IP address validation parameters. https://fedorahosted.org/freeipa/ticket/1333
* IPA installation with --no-host-dns failsMartin Kosek2011-06-101-1/+8
| | | | | | | | | | | | --no-host-dns option should allow installing IPA server on a host without a DNS resolvable name. Update parse_ip_address and verify_ip_address functions has been changed not to return None and print error messages in case of an error, but rather let the Exception be handled by the calling routine. https://fedorahosted.org/freeipa/ticket/1246
* Honor netmask in DNS reverse zone setup.Jan Cholasta2011-05-301-1/+2
| | | | ticket 910
* Parse netmasks in IP addresses passed to server install.Jan Cholasta2011-05-301-3/+6
| | | | ticket 1212
* Fix reverse zone creation in ipa-replica-prepareMartin Kosek2011-05-271-25/+7
| | | | | | | | | When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223
* ipa-dns-install does not exit on errorMartin Kosek2011-02-111-12/+17
| | | | | | | This patch fixes behavior of ipa-dns-install, which does not exit when an invalid configuration of /etc/hosts is detected. https://fedorahosted.org/freeipa/ticket/736
* Create the reverse zone by defaultJakub Hrozek2011-01-071-1/+8
| | | | | | A new option to specify reverse zone creation for unattended installs https://fedorahosted.org/freeipa/ticket/678
* Allow ipa-dns-install to install with just admin credentialsSimo Sorce2011-01-071-20/+31
| | | | | | | Do this by creating a common way to attach to the ldap server for each instance. Fixes: https://fedorahosted.org/freeipa/ticket/686
* Allow ipa-dns-install to configure DNS on a replica.Simo Sorce2011-01-071-1/+1
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/645
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Make the IPA installer IPv6 friendlyJakub Hrozek2010-12-201-10/+13
| | | | | | | | | Notable changes include: * parse AAAA records in dnsclient * also ask for AAAA records when verifying FQDN * do not use functions that are not IPv6 aware - notably socket.gethostbyname() The complete list of functions was taken from http://www.akkadia.org/drepper/userapi-ipv6.html section "Interface Checklist"
* Do not create reverse zone by defaultJakub Hrozek2010-12-021-1/+2
| | | | | | | Prompt for creation of reverse zone, with the default for unattended installations being False. https://fedorahosted.org/freeipa/ticket/418
* Use sys.exit to quit scriptsJakub Hrozek2010-11-221-6/+3
| | | | | | | Instead of print and return, use sys.exit() to quit scripts with an error message and a non zero return code. https://fedorahosted.org/freeipa/ticket/425
* Log interactive options in install scriptsJakub Hrozek2010-11-191-0/+3
|
* Log script options to logfileJakub Hrozek2010-11-091-5/+8
| | | | | | | | Uses a new subclass IPAOptionParser in scripts instead of OptionParser from the standard python library. IPAOptionParser uses its own IPAOption class to store options, which adds a new 'sensitive' attribute. https://fedorahosted.org/freeipa/ticket/393
* Detect if DNS is already configured in IPA, or if IPA is not yet installed.Rob Crittenden2010-10-081-0/+5
| | | | | | | ipa-dns-manage could fail in very odd ways depending on the current configuration of the server. Handle things a bit better. ticket 210
* Add new DNS install argument for setting the zone mgr e-mail addr.Rob Crittenden2010-09-231-1/+3
| | | | ticket 125
* Use ldap2 instead of legacy LDAP code from v1 in installer scripts.Pavel Zuna2010-04-191-9/+9
|
* Add ipa-dns-install scriptMartin Nagy2010-02-091-0/+184
Unfortunately, for now there is no --uninstall option.
generated by cgit (git 2.34.1) at 2024-06-10 16:41:22 +0000