summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/bindinstance.py
Commit message (Collapse)AuthorAgeFilesLines
* DNS: Reinitialize DNS resolver after changing resolv.confPetr Spacek2016-06-301-0/+6
| | | | | | | | | | | | | | Previously the installer did not reinitialize resolver so queries for records created using --ip-address option might not be answered. This led to incorrect results during 'Updating DNS system records' phase at the end of installation. This is kind of hack but right now we do not have enough time to extend python-dns's interface with resolver_reinit() method. https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS: Remove unnecessary DNS check from installerPetr Spacek2016-06-291-9/+1
| | | | | | | | | | | | | | Previously we were checking content of DNS before actually adding DNS records for replicas. This is causing cycle in logic and adds weird corner cases to the installer which can blow up on DNS timeout or so. The check was completely unnecessary because the installer knows IP addresses and name of the machine. Removal of the check makes the installer more reliable. https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use NSS for name->resolution in IPA installerPetr Spacek2016-06-291-3/+1
| | | | | | | | | | | | This fixes scenarios where IPA server is not able to resolve own name and option --ip-address was not specified by the user. This partially reverts changes from commit dc405005f537cf278fd6ddfe6b87060bd13d9a67 https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* CA replica promotion: add proper CA DNS recordsMartin Basti2016-06-281-1/+1
| | | | | | | | Update 'ipa-ca' records with A/AAAA records of the newly added replica https://fedorahosted.org/freeipa/ticket/5966 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS Locations: cleanup of bininstanceMartin Basti2016-06-281-44/+14
| | | | | | | | | | | | | | | | We don't need anymore: * sample of zone file - list of all records required by IPa will be provided * NTP related params - DNS records will be updated automatically, based on LDAP values * CA related params - DNS records will be updated automatically based * on LDAP values https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* delegate removal of master DNS record and replica keys to separate functionsMartin Babinsky2016-06-171-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/5588 Reviewed-By: Martin Basti <mbasti@redhat.com>
* upgrade: don't fail if zone does not exists in in findMartin Basti2016-06-171-1/+5
| | | | | | | In case that zone is not managed by IPA, upgrade fails with not found error. Prevent failure in this case. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS Locations: generate NTP recordsMartin Basti2016-06-171-22/+0
| | | | | | | | Move NTP records to centralized record generator https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS Locations: dnsserver: use the newer config way in installerMartin Basti2016-06-171-0/+23
| | | | | | | | | Store some parts of DNS configuration in LDAP tree instead of named.conf https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS Locations: use dns_update_service_records in installersMartin Basti2016-06-171-110/+32
| | | | | | | | | use the dns_update_system_records command to set proper DNS records https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Roles: make *config-show consume relevant roles/attributesMartin Babinsky2016-06-131-2/+6
| | | | | | | | | | | | | | | | | | | | | This patch modifies config objects so that the roles/attributes relevant to the configuration are shown in the output: * config-{show,mod} will show list of all IPA masters, CA servers and CA renewal master * dnsconfig-{show,mod} will list all DNS server and DNS key master * trustconfig-{show,mod} will list all AD trust controllers and agents * vaultconfig-show will list all Key Recovery Agents http://www.freeipa.org/page/V4/Server_Roles https://fedorahosted.org/freeipa/ticket/5181 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* DNS upgrade: change global forwarding policy in named.conf to "only" if ↵Petr Spacek2016-05-301-0/+7
| | | | | | | | | | | | | private IPs are used This change is necessary to override automatic empty zone configuration in latest BIND and bind-dyndb-ldap 9.0+. This upgrade has to be done on each IPA DNS server independently. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move IP address resolution from ipaserver.install.installutils to ↵Petr Spacek2016-05-301-4/+12
| | | | | | | | | | | ipapython.dnsutil This is to make it reusable from other modules and to avoid future code duplication. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use root_logger for verify_host_resolvable()Petr Spacek2016-05-301-1/+1
| | | | | | | | | | After discussion with Martin Basti we decided to standardize on root_logger with hope that one day we will use root_logger.getLogger('module') to make logging prettier and tunable per module. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move check_zone_overlap() from ipapython.ipautil to ipapython.dnsutilPetr Spacek2016-05-301-3/+4
| | | | | | | | | This is preparatory work to avoid (future) cyclic import between ipapython.dnsutil and ipapython.ipautil. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Extend installers with --forward-policy optionPetr Spacek2016-04-281-2/+5
| | | | | | | | | This option specified forward policy for global forwarders. The value is put inside /etc/named.conf. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipaplatform: Move remaining user/group constants to ipaplatform.constants.Timo Aaltonen2016-03-231-1/+1
| | | | | | | | | Use ipaplatform.constants in every corner instead of importing other bits or calling some platform specific things, and remove most of the remaining hardcoded uid's. https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka <dkupka@redhat.com>
* pylint: remove bare exceptMartin Basti2016-03-221-2/+2
| | | | | | | Bare except should not be used. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Fix: Use unattended parameter instead of options.unattendedDavid Kupka2016-01-111-1/+1
| | | | | | | | | Attribute 'unattended' is not always present in 'options' so function parameter 'unattended' should be used. https://fedorahosted.org/freeipa/ticket/5563 Reviewed-By: Martin Basti <mbasti@redhat.com>
* installer: Change reverse zones question to better reflect reality.David Kupka2016-01-111-1/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5563 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix --auto-reverse option in --unattended mode.Petr Spacek2016-01-081-1/+2
| | | | | | | | | | | | | Now the option correctly adds missing reverse zones even in unattended mode. Still, this is not sufficient in all cases because 'automatic empty zones' created by BIND (as specified in RFC 6303) can shadow the reverse zones hosted on other servers. This needs to be solved in a separate patch. https://fedorahosted.org/freeipa/ticket/5559 Reviewed-By: David Kupka <dkupka@redhat.com>
* Enable pylint unnecessary-pass checkMartin Basti2015-12-231-1/+0
| | | | | | Enables check and removes extra pass statement from code. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove wildcard importsMartin Basti2015-12-231-1/+1
| | | | | | | | | | | Wildcard imports should not be used. Check for wildcard imports has been enabled in pylint. Pylint note: options 'wildcard-import' causes too much false positive results, so instead it I used 'unused-wildcard-import' option which has almost the same effect. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-231-1/+0
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* dns: Handle SERVFAIL in check if domain already exists.Petr Spacek2015-12-161-1/+1
| | | | | | | | In cases where domain is already delegated to IPA prior installation we might get timeout or SERVFAIL. The answer depends on the recursive server we are using for the check. Reviewed-By: David Kupka <dkupka@redhat.com>
* dns: Add --auto-reverse option.David Kupka2015-12-141-1/+4
| | | | | | | | Introducing '--auto-reverse' option. When specified reverse records for all server's IP addresses are checked and when record nor reverse zone does not exist reverse zone is created. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* dns: Check if domain already exists.David Kupka2015-12-141-59/+109
| | | | | | | | | Raise an error when the domain already exists. This can be overriden using --force or --allow-zone-overlap options. https://fedorahosted.org/freeipa/ticket/3681 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* remove Kerberos authenticators when installing/uninstalling service instanceMartin Babinsky2015-11-111-0/+3
| | | | | | | | | | each service possessing Kerberos keytab/ccache will now perform their removal before service principal creation and during service uninstall https://fedorahosted.org/freeipa/ticket/5243 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* ipaplatform: Add NAMED_USER to constantsTimo Aaltonen2015-11-041-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* always ask the resolver for the reverse zone when manipulating PTR recordsMartin Babinsky2015-10-221-2/+0
| | | | | | | | | | | | | Instead of searching for all zones to identify the correct reverse zone, we will first ask the resolver to return the name of zone that should contain the desired record and then see if IPA manages this zone. This patch also removes a duplicate function in bindinstance.py that is not used anywhere. https://fedorahosted.org/freeipa/ticket/5200 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Change DNS installer code to use passed in apiSimo Sorce2015-10-151-46/+54
| | | | | | | | | Fixes a number of places where api was not passed around internally. Also allows to install dns in replica promotion which requires an alternative api to be created with the right configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove bind configuration detected questionGabe2015-10-131-7/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5351 Reviewed-By: Martin Basti <mbasti@redhat.com>
* paths: Add GENERATE_RNDC_KEY.Timo Aaltonen2015-10-051-1/+1
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-171-0/+3
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-15/+17
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-011-1/+2
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use absolute importsPetr Viktorin2015-08-121-2/+2
| | | | | | | In Python 3, implicit relative imports will not be supported. Use fully-qualified imports everywhere. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-4/+4
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-311-1/+1
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS: check if DNS package is installedMartin Basti2015-07-211-18/+1
| | | | | | | | | | | Instead of separate checking of DNS required packages, we need just check if IPA DNS package is installed. https://fedorahosted.org/freeipa/ticket/4058 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* plugable: Pass API to plugins on initialization rather than using set_apiJan Cholasta2015-07-011-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: Improve global forwarders validationMartin Basti2015-06-111-11/+21
| | | | | | | | | | Validation now provides more detailed information and less false positives failures. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* move realm_to_serverid to installutils moduleMartin Basti2015-05-051-2/+1
| | | | | | | | | To avoid cyclic imports realm_to_serverid function had to be moved to installutils from dsinstance. Required for: https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-dns-install: use LDAPI to connect to DSMartin Babinsky2015-03-181-5/+5
| | | | | | | | | | | | | ipa-dns-install now uses LDAPI/autobind to connect to DS during the setup of DNS/DNSSEC-related service and thus makes -p option obsolete. Futhermore, now it makes more sense to use LDAPI also for API Backend connections to DS and thus all forms of Kerberos auth were removed. This fixes https://fedorahosted.org/freeipa/ticket/4933 and brings us closer to fixing https://fedorahosted.org/freeipa/ticket/2957 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-dns-install: use STARTTLS to connect to DSMartin Babinsky2015-03-181-4/+7
| | | | | | | BindInstance et al. now use STARTTLS to set up secure connection to DS during ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933 Reviewed-By: Martin Basti <mbasti@redhat.com>
* replica-install: Use different API instance for the remote serverJan Cholasta2015-03-051-26/+27
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix saving named restore statusMartin Basti2015-02-181-2/+4
| | | | | | | Accidentaly status was stored after service was stopped by installer Ticket: https://fedorahosted.org/freeipa/ticket/4869 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix restoring services status during uninstallMartin Basti2015-02-181-6/+5
| | | | | | | | | Services hasn't been restored correctly, which causes disabling already disabled services, or some service did not start. This patch fix these issues. Ticket: https://fedorahosted.org/freeipa/ticket/4869 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix traceback if zonemgr error contains unicodeMartin Basti2015-01-121-1/+8
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4805 Reviewed-By: David Kupka <dkupka@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-08 21:20:42 +0000