diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-08-31 14:42:57 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-08-31 16:46:12 +0200 |
commit | 6a2dfde086bdda62964a9737a300818d2ab24a4b (patch) | |
tree | 2053bdc0213f0a204e14ffe9f2cb4407ec22a65b /install/tools/ipa-server-install | |
parent | ca1ca17cb61516dff6933b1b0381b32e1e38d44c (diff) | |
download | freeipa-6a2dfde086bdda62964a9737a300818d2ab24a4b.tar.gz freeipa-6a2dfde086bdda62964a9737a300818d2ab24a4b.tar.xz freeipa-6a2dfde086bdda62964a9737a300818d2ab24a4b.zip |
Let Bind track data changes
Integrate new bind-dyndb-ldap features to automatically track
DNS data changes:
1) Zone refresh
Set --zone-refresh in installation to define number of seconds
between bind-dyndb-ldap polls for new DNS zones. User now
doesn't have to restart name server when a new zone is added.
2) New zone notifications
Use LDAP persistent search mechanism to immediately get
notification when any new DNS zone is added. Use --zone-notif
install option to enable. This option is mutually exclusive
with Zone refresh.
To enable this functionality in existing IPA installations,
update a list of arguments for bind-dyndb-ldap in /etc/named.conf.
An example when zone refresh is disabled and DNS data change
notifications (argument psearch of bind-dyndb-ldap) are enabled:
dynamic-db "ipa" {
...
arg "zone_refresh 0";
arg "psearch yes";
};
This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later.
https://fedorahosted.org/freeipa/ticket/826
Diffstat (limited to 'install/tools/ipa-server-install')
-rwxr-xr-x | install/tools/ipa-server-install | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 3828a9c48..e8a48fad2 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -61,6 +61,7 @@ from ipalib.parameters import IA5Str from ipapython.config import IPAOptionParser from ipalib.dn import DN from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file +from ipalib.constants import DNS_ZONE_REFRESH pw_name = None uninstalling = False @@ -140,6 +141,14 @@ def parse_options(): parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback, type="string", help="DNS zone manager e-mail address. Defaults to root") + parser.add_option("--zone-notif", dest="zone_notif", + action="store_true", default=False, + help="Let name server receive notification when a new zone is added." \ + "Zone refresh is turned off when zone notification is enabled") + parser.add_option("--zone-refresh", dest="zone_refresh", + default=DNS_ZONE_REFRESH, type="int", + help="A delay between checks for new DNS zones. Defaults to %d" \ + % DNS_ZONE_REFRESH) parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") parser.add_option("", "--uninstall", dest="uninstall", action="store_true", @@ -247,6 +256,12 @@ def parse_options(): if not options.pkinit_pkcs12 and not options.selfsign: options.setup_pkinit = False + if options.zone_refresh < 0: + parser.error("negative numbers not allowed for --zone-refresh") + + if options.zone_notif: # these 2 features are mutually exclusive + options.zone_refresh = 0 + return safe_options, options def signal_handler(signum, frame): @@ -992,7 +1007,10 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) - bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp, reverse_zone, zonemgr=options.zonemgr) + bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, + options.conf_ntp, reverse_zone, zonemgr=options.zonemgr, + zone_refresh=options.zone_refresh, + zone_notif=options.zone_notif) if options.setup_dns: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) |