diff options
Diffstat (limited to 'install/tools/ipa-upgradeconfig')
-rw-r--r-- | install/tools/ipa-upgradeconfig | 68 |
1 files changed, 63 insertions, 5 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 248232ac6..b82f039d4 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -302,7 +302,7 @@ def upgrade_httpd_selinux(fstore): http = httpinstance.HTTPInstance(fstore) http.configure_selinux_for_httpd() -def enable_psearch_for_named(): +def named_enable_psearch(): """ From IPA 3.0, persistent search is a preferred mechanism for new DNS zone detection and is also needed for other features (DNSSEC, SOA serial @@ -322,11 +322,13 @@ def enable_psearch_for_named(): return try: - psearch = bindinstance.named_conf_get_directive('psearch').lower() + psearch = bindinstance.named_conf_get_directive('psearch') except IOError, e: root_logger.debug('Cannot retrieve psearch option from %s: %s', bindinstance.NAMED_CONF, e) return + else: + psearch = None if psearch is None else psearch.lower() if not sysupgrade.get_upgrade_state('named.conf', 'psearch_enabled'): if psearch != "yes": try: @@ -343,7 +345,8 @@ def enable_psearch_for_named(): # make sure number of connections is right minimum_connections = 2 if psearch == 'yes': - minimum_connections = 3 + # serial_autoincrement increased the minimal number of connections to 4 + minimum_connections = 4 try: connections = bindinstance.named_conf_get_directive('connections') except IOError, e: @@ -373,6 +376,59 @@ def enable_psearch_for_named(): root_logger.debug('No changes made') return changed +def named_enable_serial_autoincrement(): + """ + Serial autoincrement is a requirement for zone transfers or DNSSEC. It + should be enabled both for new installs and upgraded servers. + + When some change in named.conf is done, this functions returns True + """ + changed = False + + root_logger.info('[Enabling serial autoincrement in DNS]') + + if not bindinstance.named_conf_exists(): + # DNS service may not be configured + root_logger.debug('DNS not configured') + return changed + + try: + psearch = bindinstance.named_conf_get_directive('psearch') + serial_autoincrement = bindinstance.named_conf_get_directive( + 'serial_autoincrement') + except IOError, e: + root_logger.debug('Cannot retrieve psearch option from %s: %s', + bindinstance.NAMED_CONF, e) + return changed + else: + psearch = None if psearch is None else psearch.lower() + serial_autoincrement = None if serial_autoincrement is None \ + else serial_autoincrement.lower() + + # enable SOA serial autoincrement + if not sysupgrade.get_upgrade_state('named.conf', 'autoincrement_enabled'): + if psearch != "yes": # psearch is required + root_logger.debug('Persistent search is disabled, ' + 'serial autoincrement cannot be enabled') + else: + if serial_autoincrement != 'yes': + try: + bindinstance.named_conf_set_directive('serial_autoincrement', 'yes') + except IOError, e: + root_logger.error('Cannot enable serial_autoincrement in %s: %s', + bindinstance.NAMED_CONF, e) + return changed + else: + root_logger.debug('Serial autoincrement enabled') + changed = True + else: + root_logger.debug('Serial autoincrement is alredy enabled') + sysupgrade.set_upgrade_state('named.conf', 'autoincrement_enabled', True) + else: + root_logger.debug('Skip serial autoincrement check') + + return changed + def main(): """ Get some basics about the system. If getting those basics fail then @@ -435,9 +491,11 @@ def main(): cleanup_kdc(fstore) upgrade_ipa_profile(krbctx.default_realm) - changed = enable_psearch_for_named() - if changed: + changed_psearch = named_enable_psearch() + changed_autoincrement = named_enable_serial_autoincrement() + if changed_psearch or changed_autoincrement: # configuration has changed, restart the name server + root_logger.info('Changes to named.conf have been made, restart named') bindinstance.BindInstance(fstore).restart() if __name__ == '__main__': |