diff options
| author | Petr Spacek <pspacek@redhat.com> | 2016-08-11 13:44:29 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-08-16 14:23:30 +0200 |
| commit | f2fe35721967531257bc952b766a7c77e71be826 (patch) | |
| tree | d5f489d3da0dff49049aa74633918f371435d38e | |
| parent | 64c5340329b8eeaf7d8995a3c86b9bdf10ea9252 (diff) | |
| download | freeipa-f2fe35721967531257bc952b766a7c77e71be826.tar.gz freeipa-f2fe35721967531257bc952b766a7c77e71be826.tar.xz freeipa-f2fe35721967531257bc952b766a7c77e71be826.zip | |
DNS server upgrade: do not fail when DNS server did not respond
Previously, update_dnsforward_emptyzones failed with an exeception if
DNS query failed for some reason. Now the error is logged and upgrade
continues.
I assume that this is okay because the DNS query is used as heuristics
of last resort in the upgrade logic and failure to do so should not have
catastrophics consequences: In the worst case, the admin needs to
manually change forwarding policy from 'first' to 'only'.
In the end I have decided not to auto-start BIND because BIND depends on
GSSAPI for authentication, which in turn depends on KDC ... Alternative
like reconfiguring BIND to use LDAPI+EXTERNAL and reconfiguring DS to
accept LDAP external bind from named user are too complicated.
https://fedorahosted.org/freeipa/ticket/6205
Reviewed-By: Martin Basti <mbasti@redhat.com>
| -rw-r--r-- | ipaserver/install/plugins/dns.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index 32247eedb..7b06a5c0d 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -17,6 +17,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +from __future__ import absolute_import + +import dns.exception import re import traceback import time @@ -489,8 +492,15 @@ class update_dnsforward_emptyzones(DNSUpdater): self.api.Command['dnsconfig_mod'](ipadnsversion=2) self.update_zones() - if dnsutil.has_empty_zone_addresses(self.api.env.host): - self.update_global_ldap_forwarder() + try: + if dnsutil.has_empty_zone_addresses(self.api.env.host): + self.update_global_ldap_forwarder() + except dns.exception.DNSException as ex: + self.log.error('Skipping update of global DNS forwarder in LDAP: ' + 'Unable to determine if local server is using an ' + 'IP address belonging to an automatic empty zone. ' + 'Consider changing forwarding policy to "only". ' + 'DNS exception: %s', ex) return False, [] |