IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove support for IPA deployments with no persistent search

Browse Source 
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.

https://fedorahosted.org/freeipa/ticket/3632
This commit is contained in:
Tomas Babej 2013-08-09 11:55:49 +02:00 committed by Martin Kosek
parent 49a621a257
commit 69394bab5a
16 changed files with 104 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
API.txt
View File

@ -673,7 +673,7 @@ option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False) option: Bool('idnsallowsyncptr', attribute=True, autofill=False, cli_name='allow_sync_ptr', multivalue=False, required=False)
option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False) option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none')) option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first', u'none'))
option: Int('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', minvalue=0, multivalue=False, required=False) option: DeprecatedParam('idnszonerefresh', attribute=True, autofill=False, cli_name='zone_refresh', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False) option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui')

2
freeipa.spec.in
View File

@ -156,7 +156,7 @@ Obsoletes: freeipa-server-selinux < 3.3.0
# IPA but if it is configured we need a way to require versions # IPA but if it is configured we need a way to require versions
# that work for us. # that work for us.
%if 0%{?fedora} >= 18 %if 0%{?fedora} >= 18
Conflicts: bind-dyndb-ldap < 2.3-2 Conflicts: bind-dyndb-ldap < 3.5
%else %else
Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1 Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1
%endif %endif

2
install/share/bind.named.conf.template
View File

@ -44,7 +44,5 @@ dynamic-db "ipa" {
arg "auth_method sasl"; arg "auth_method sasl";
arg "sasl_mech GSSAPI"; arg "sasl_mech GSSAPI";
arg "sasl_user DNS/$FQDN"; arg "sasl_user DNS/$FQDN";
arg "zone_refresh $ZONE_REFRESH";
arg "psearch $PERSISTENT_SEARCH";
arg "serial_autoincrement $SERIAL_AUTOINCREMENT"; arg "serial_autoincrement $SERIAL_AUTOINCREMENT";
}; };

24
install/tools/ipa-dns-install
View File

@ -52,16 +52,6 @@ def parse_options():
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string", type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN") help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
# this option name has been deprecated, persistent search has been enabled by default
parser.add_option("--zone-notif", dest="zone_notif",
action="store_true", default=False, help=SUPPRESS_HELP)
parser.add_option("--no-persistent-search", dest="persistent_search",
default=True, action="store_false",
help="Do not enable persistent search feature in the name server")
parser.add_option("--zone-refresh", dest="zone_refresh",
default=0, type="int",
help="When set to non-zero the name server will use DNS zone "
"detection based on polling instead of a persistent search")
parser.add_option("--no-serial-autoincrement", dest="serial_autoincrement", parser.add_option("--no-serial-autoincrement", dest="serial_autoincrement",
default=True, action="store_false", default=True, action="store_false",
help="Do not enable SOA serial autoincrement") help="Do not enable SOA serial autoincrement")
@ -80,18 +70,6 @@ def parse_options():
if not options.forwarders and not options.no_forwarders: if not options.forwarders and not options.no_forwarders:
parser.error("You must specify at least one --forwarder option or --no-forwarders option") parser.error("You must specify at least one --forwarder option or --no-forwarders option")
if options.zone_refresh < 0:
parser.error("negative numbers not allowed for --zone-refresh")
elif options.zone_refresh > 0:
options.persistent_search = False # mutually exclusive features
if options.zone_notif:
print >>sys.stderr, "WARNING: --zone-notif option is deprecated and has no effect"
if options.serial_autoincrement and not options.persistent_search:
parser.error('persistent search feature is required for '
'DNS SOA serial autoincrement')
return safe_options, options return safe_options, options
def main(): def main():
@ -232,8 +210,6 @@ def main():
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr, dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr,
zone_refresh=options.zone_refresh,
persistent_search=options.persistent_search,
serial_autoincrement=options.serial_autoincrement) serial_autoincrement=options.serial_autoincrement)
bind.create_instance() bind.create_instance()

24
install/tools/ipa-server-install
View File

@ -207,16 +207,6 @@ def parse_options():
dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string", type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN") help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
# this option name has been deprecated, persistent search has been enabled by default
dns_group.add_option("--zone-notif", dest="zone_notif",
action="store_true", default=False, help=SUPPRESS_HELP)
dns_group.add_option("--no-persistent-search", dest="persistent_search",
default=True, action="store_false",
help="Do not enable persistent search feature in the name server")
dns_group.add_option("--zone-refresh", dest="zone_refresh",
default=0, type="int",
help="When set to non-zero the name server will use DNS zone "
"detection based on polling instead of a persistent search")
dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
default=False, default=False,
help="Do not use DNS for hostname lookup during installation") help="Do not use DNS for hostname lookup during installation")
@ -326,18 +316,6 @@ def parse_options():
#Automatically disable pkinit w/ dogtag until that is supported #Automatically disable pkinit w/ dogtag until that is supported
options.setup_pkinit = False options.setup_pkinit = False
if options.zone_refresh < 0:
parser.error("negative numbers not allowed for --zone-refresh")
elif options.zone_refresh > 0:
options.persistent_search = False # mutually exclusive features
if options.serial_autoincrement and not options.persistent_search:
parser.error('persistent search feature is required for '
'DNS SOA serial autoincrement')
if options.zone_notif:
print >>sys.stderr, "WARNING: --zone-notif option is deprecated and has no effect"
return safe_options, options return safe_options, options
def signal_handler(signum, frame): def signal_handler(signum, frame):
@ -1159,8 +1137,6 @@ def main():
bind = bindinstance.BindInstance(fstore, dm_password) bind = bindinstance.BindInstance(fstore, dm_password)
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders,
options.conf_ntp, reverse_zone, zonemgr=options.zonemgr, options.conf_ntp, reverse_zone, zonemgr=options.zonemgr,
zone_refresh=options.zone_refresh,
persistent_search=options.persistent_search,
serial_autoincrement=options.serial_autoincrement, serial_autoincrement=options.serial_autoincrement,
ca_configured=setup_ca) ca_configured=setup_ca)
if options.setup_dns: if options.setup_dns:

137
install/tools/ipa-upgradeconfig
View File

@ -325,58 +325,76 @@ def upgrade_ipa_profile(ca, domain, fqdn):
return False return False
def named_enable_psearch(): def named_remove_deprecated_options():
""" """
From IPA 3.0, persistent search is a preferred mechanism for new DNS zone From IPA 3.3, persistent search is a default mechanism for new DNS zone
detection and is also needed for other features (DNSSEC, SOA serial detection.
updates). Enable psearch and make sure connections attribute is right.
This step is done just once for a case when user switched the persistent
search back to disabled.
When some change in named.conf is done, this functions returns True Remove psearch, zone_refresh and cache_ttl options, as they have been
deprecated in bind-dyndb-ldap configuration file.
When some change in named.conf is done, this functions returns True.
""" """
changed = False
root_logger.info('[Enabling persistent search in DNS]') root_logger.info('[Removing deprecated DNS configuration options]')
if not bindinstance.named_conf_exists(): if not bindinstance.named_conf_exists():
# DNS service may not be configured # DNS service may not be configured
root_logger.info('DNS is not configured') root_logger.info('DNS is not configured')
return return False
deprecated_options = ['zone_refresh', 'psearch', 'cache_ttl']
removed_options = []
try: try:
psearch = bindinstance.named_conf_get_directive('psearch') # Remove all the deprecated options
for option in deprecated_options:
value = bindinstance.named_conf_get_directive(option)
if value is not None:
bindinstance.named_conf_set_directive(option, None)
removed_options.append(option)
except IOError, e: except IOError, e:
root_logger.debug('Cannot retrieve psearch option from %s: %s', root_logger.error('Cannot modify DNS configuration in %s: %s',
bindinstance.NAMED_CONF, e) bindinstance.NAMED_CONF, e)
return
else: # Log only the changed options
psearch = None if psearch is None else psearch.lower() if not removed_options:
if not sysupgrade.get_upgrade_state('named.conf', 'psearch_enabled'): root_logger.debug('No changes made')
if psearch != "yes": return False
try:
bindinstance.named_conf_set_directive('zone_refresh', 0) root_logger.debug('The following configuration options have been removed: '
bindinstance.named_conf_set_directive('psearch', 'yes') '{options}'.format(options = ', '.join(removed_options)))
except IOError, e: return True
root_logger.error('Cannot enable psearch in %s: %s',
bindinstance.NAMED_CONF, e)
else: def named_set_minimum_connections():
changed = True """
psearch = "yes" Sets the minimal number of connections.
sysupgrade.set_upgrade_state('named.conf', 'psearch_enabled', True)
root_logger.debug('Persistent search enabled') When some change in named.conf is done, this functions returns True.
"""
changed = False
root_logger.info('[Ensuring minimal number of connections]')
if not bindinstance.named_conf_exists():
# DNS service may not be configured
root_logger.info('DNS is not configured')
return changed
# make sure number of connections is right # make sure number of connections is right
minimum_connections = 2 minimum_connections = 4
if psearch == 'yes':
# serial_autoincrement increased the minimal number of connections to 4
minimum_connections = 4
try: try:
connections = bindinstance.named_conf_get_directive('connections') connections = bindinstance.named_conf_get_directive('connections')
except IOError, e: except IOError, e:
root_logger.debug('Cannot retrieve connections option from %s: %s', root_logger.debug('Cannot retrieve connections option from %s: %s',
bindinstance.NAMED_CONF, e) bindinstance.NAMED_CONF, e)
return return changed
try: try:
if connections is not None: if connections is not None:
connections = int(connections) connections = int(connections)
@ -388,7 +406,7 @@ def named_enable_psearch():
if connections is not None and connections < minimum_connections: if connections is not None and connections < minimum_connections:
try: try:
bindinstance.named_conf_set_directive('connections', bindinstance.named_conf_set_directive('connections',
minimum_connections) minimum_connections)
root_logger.debug('Connections set to %d', minimum_connections) root_logger.debug('Connections set to %d', minimum_connections)
except IOError, e: except IOError, e:
root_logger.error('Cannot update connections in %s: %s', root_logger.error('Cannot update connections in %s: %s',
@ -398,8 +416,10 @@ def named_enable_psearch():
if not changed: if not changed:
root_logger.debug('No changes made') root_logger.debug('No changes made')
return changed return changed
def named_enable_serial_autoincrement(): def named_enable_serial_autoincrement():
""" """
Serial autoincrement is a requirement for zone transfers or DNSSEC. It Serial autoincrement is a requirement for zone transfers or DNSSEC. It
@ -417,7 +437,6 @@ def named_enable_serial_autoincrement():
return changed return changed
try: try:
psearch = bindinstance.named_conf_get_directive('psearch')
serial_autoincrement = bindinstance.named_conf_get_directive( serial_autoincrement = bindinstance.named_conf_get_directive(
'serial_autoincrement') 'serial_autoincrement')
except IOError, e: except IOError, e:
@ -425,28 +444,23 @@ def named_enable_serial_autoincrement():
bindinstance.NAMED_CONF, e) bindinstance.NAMED_CONF, e)
return changed return changed
else: else:
psearch = None if psearch is None else psearch.lower()
serial_autoincrement = None if serial_autoincrement is None \ serial_autoincrement = None if serial_autoincrement is None \
else serial_autoincrement.lower() else serial_autoincrement.lower()
# enable SOA serial autoincrement # enable SOA serial autoincrement
if not sysupgrade.get_upgrade_state('named.conf', 'autoincrement_enabled'): if not sysupgrade.get_upgrade_state('named.conf', 'autoincrement_enabled'):
if psearch != "yes": # psearch is required if serial_autoincrement != 'yes':
root_logger.error('Persistent search is disabled, ' try:
'serial autoincrement cannot be enabled') bindinstance.named_conf_set_directive('serial_autoincrement', 'yes')
else: except IOError, e:
if serial_autoincrement != 'yes': root_logger.error('Cannot enable serial_autoincrement in %s: %s',
try: bindinstance.NAMED_CONF, e)
bindinstance.named_conf_set_directive('serial_autoincrement', 'yes') return changed
except IOError, e:
root_logger.error('Cannot enable serial_autoincrement in %s: %s',
bindinstance.NAMED_CONF, e)
return changed
else:
root_logger.debug('Serial autoincrement enabled')
changed = True
else: else:
root_logger.debug('Serial autoincrement is alredy enabled') root_logger.debug('Serial autoincrement enabled')
changed = True
else:
root_logger.debug('Serial autoincrement is alredy enabled')
sysupgrade.set_upgrade_state('named.conf', 'autoincrement_enabled', True) sysupgrade.set_upgrade_state('named.conf', 'autoincrement_enabled', True)
else: else:
root_logger.debug('Skip serial autoincrement check') root_logger.debug('Skip serial autoincrement check')
@ -1049,12 +1063,18 @@ def main():
cleanup_kdc(fstore) cleanup_kdc(fstore)
setup_firefox_extension(fstore) setup_firefox_extension(fstore)
add_ca_dns_records() add_ca_dns_records()
changed_psearch = named_enable_psearch()
changed_autoincrement = named_enable_serial_autoincrement() # Any of the following functions returns True iff the named.conf file
changed_gssapi_conf = named_update_gssapi_configuration() # has been altered
changed_pid_file_conf = named_update_pid_file() named_conf_changes = (
if (changed_psearch or changed_autoincrement or changed_gssapi_conf named_remove_deprecated_options(),
or changed_pid_file_conf): named_set_minimum_connections(),
named_enable_serial_autoincrement(),
named_update_gssapi_configuration(),
named_update_pid_file(),
)
if any(named_conf_changes):
# configuration has changed, restart the name server # configuration has changed, restart the name server
root_logger.info('Changes to named.conf have been made, restart named') root_logger.info('Changes to named.conf have been made, restart named')
bind = bindinstance.BindInstance(fstore) bind = bindinstance.BindInstance(fstore)
@ -1062,6 +1082,7 @@ def main():
bind.restart() bind.restart()
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.error("Failed to restart %s: %s", bind.service_name, e) root_logger.error("Failed to restart %s: %s", bind.service_name, e)
ca_restart = any([ ca_restart = any([
ca_restart, ca_restart,
enable_certificate_renewal(ca), enable_certificate_renewal(ca),

6
install/tools/man/ipa-dns-install.1
View File

@ -49,12 +49,6 @@ Do not create new reverse DNS zone. If used on a replica and a reverse DNS zone
\fB\-\-zonemgr\fR \fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
.TP .TP
\fB\-\-no\-persistent\-search\fR
Do not enable persistent search mechanism for updating the list of DNS zones in the name server. When persistent search is disabled and \fB\-\-zone\-refresh\fR option is not set to non-zero value, new zones won't be resolvable until the name server is reloaded.
.TP
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
When set to non-zero value, persistent search zone update mechanism will be disabled and the name server will use a polling mechanism to load new DNS zones every \fIZONE_REFRESH\fR seconds.
.TP
\fB\-\-no\-serial\-autoincrement\fR \fB\-\-no\-serial\-autoincrement\fR
Do not enable SOA serial autoincrement feature. SOA serial will have to be updated automatically or other DNS features like zone transfer od DNSSEC will not function properly. This feature requires persistent search zone update mechanism. Do not enable SOA serial autoincrement feature. SOA serial will have to be updated automatically or other DNS features like zone transfer od DNSSEC will not function properly. This feature requires persistent search zone update mechanism.
.TP .TP

6
install/tools/man/ipa-server-install.1
View File

@ -146,12 +146,6 @@ Do not create reverse DNS zone
\fB\-\-zonemgr\fR \fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
.TP .TP
\fB\-\-no\-persistent\-search\fR
Do not enable persistent search mechanism for updating the list of DNS zones in the name server. When persistent search is disabled and \fB\-\-zone\-refresh\fR option is not set to non-zero value, new zones won't be resolvable until the name server is reloaded.
.TP
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
When set to non-zero value, persistent search zone update mechanism will be disabled and the name server will use a polling mechanism to load new DNS zones every \fIZONE_REFRESH\fR seconds.
.TP
\fB\-\-no\-host\-dns\fR \fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation Do not use DNS for hostname lookup during installation
.TP .TP

3
install/ui/src/freeipa/dns.js
View File

@ -82,8 +82,7 @@ return {
label: '@i18n:objects.dnsconfig.forward_none' label: '@i18n:objects.dnsconfig.forward_none'
} }
] ]
}, }
'idnszonerefresh'
] ]
} }
], ],

5
install/ui/test/data/dnsconfig_mod.json
View File

@ -9,8 +9,6 @@
"idnsallowsyncptr": "rscwo", "idnsallowsyncptr": "rscwo",
"idnsforwarders": "rscwo", "idnsforwarders": "rscwo",
"idnsforwardpolicy": "rscwo", "idnsforwardpolicy": "rscwo",
"idnspersistentsearch": "rscwo",
"idnszonerefresh": "rscwo",
"nsaccountlock": "rscwo", "nsaccountlock": "rscwo",
"objectclass": "rscwo" "objectclass": "rscwo"
}, },
@ -26,9 +24,6 @@
"idnsforwardpolicy": [ "idnsforwardpolicy": [
"first" "first"
], ],
"idnszonerefresh": [
"20"
],
"objectclass": [ "objectclass": [
"idnsConfigObject", "idnsConfigObject",
"nsContainer", "nsContainer",

5
install/ui/test/data/dnsconfig_show.json
View File

@ -9,8 +9,6 @@
"idnsallowsyncptr": "rscwo", "idnsallowsyncptr": "rscwo",
"idnsforwarders": "rscwo", "idnsforwarders": "rscwo",
"idnsforwardpolicy": "rscwo", "idnsforwardpolicy": "rscwo",
"idnspersistentsearch": "rscwo",
"idnszonerefresh": "rscwo",
"nsaccountlock": "rscwo", "nsaccountlock": "rscwo",
"objectclass": "rscwo" "objectclass": "rscwo"
}, },
@ -27,9 +25,6 @@
"idnsforwardpolicy": [ "idnsforwardpolicy": [
"first" "first"
], ],
"idnszonerefresh": [
"20"
],
"objectclass": [ "objectclass": [
"idnsConfigObject", "idnsConfigObject",
"nsContainer", "nsContainer",

11
install/ui/test/data/ipa_init_commands.json
View File

@ -2842,17 +2842,6 @@
"name": "idnsallowsyncptr", "name": "idnsallowsyncptr",
"type": "bool" "type": "bool"
}, },
{
"attribute": true,
"class": "Int",
"doc": "An interval between regular polls of the name server for new DNS zones",
"flags": [],
"label": "Zone refresh interval",
"maxvalue": 2147483647,
"minvalue": 0,
"name": "idnszonerefresh",
"type": "int"
},
{ {
"name": "setattr" "name": "setattr"
}, },

15
install/ui/test/data/ipa_init_objects.json
View File

@ -812,7 +812,6 @@
"idnsforwarders", "idnsforwarders",
"idnsforwardpolicy", "idnsforwardpolicy",
"idnsname", "idnsname",
"idnspersistentsearch",
"idnssoaexpire", "idnssoaexpire",
"idnssoaminimum", "idnssoaminimum",
"idnssoamname", "idnssoamname",
@ -822,7 +821,6 @@
"idnssoaserial", "idnssoaserial",
"idnsupdatepolicy", "idnsupdatepolicy",
"idnszoneactive", "idnszoneactive",
"idnszonerefresh",
"inetdomainbasedn", "inetdomainbasedn",
"inetdomainstatus", "inetdomainstatus",
"inetsubscriberaccountid", "inetsubscriberaccountid",
@ -1726,8 +1724,7 @@
"default_attributes": [ "default_attributes": [
"idnsforwardpolicy", "idnsforwardpolicy",
"idnsforwarders", "idnsforwarders",
"idnsallowsyncptr", "idnsallowsyncptr"
"idnszonerefresh"
], ],
"hidden_attributes": [ "hidden_attributes": [
"objectclass", "objectclass",
@ -1798,16 +1795,6 @@
"label": "Allow PTR sync", "label": "Allow PTR sync",
"name": "idnsallowsyncptr", "name": "idnsallowsyncptr",
"type": "bool" "type": "bool"
},
{
"class": "Int",
"doc": "An interval between regular polls of the name server for new DNS zones",
"flags": [],
"label": "Zone refresh interval",
"maxvalue": 2147483647,
"minvalue": 0,
"name": "idnszonerefresh",
"type": "int"
} }
], ],
"uuid_attribute": "" "uuid_attribute": ""

10
ipalib/plugins/dns.py
View File

@ -28,7 +28,8 @@ import dns.name
from ipalib.request import context from ipalib.request import context
from ipalib import api, errors, output from ipalib import api, errors, output
from ipalib import Command from ipalib import Command
from ipalib.parameters import Flag, Bool, Int, Decimal, Str, StrEnum, Any from ipalib.parameters import (Flag, Bool, Int, Decimal, Str, StrEnum, Any,
DeprecatedParam)
from ipalib.plugins.baseldap import * from ipalib.plugins.baseldap import *
from ipalib import _, ngettext from ipalib import _, ngettext
from ipalib.util import (validate_zonemgr, normalize_zonemgr, normalize_zone, from ipalib.util import (validate_zonemgr, normalize_zonemgr, normalize_zone,
@ -2978,8 +2979,7 @@ class dnsconfig(LDAPObject):
""" """
object_name = _('DNS configuration options') object_name = _('DNS configuration options')
default_attributes = [ default_attributes = [
'idnsforwardpolicy', 'idnsforwarders', 'idnsallowsyncptr', 'idnsforwardpolicy', 'idnsforwarders', 'idnsallowsyncptr'
'idnszonerefresh'
] ]
label = _('DNS Global Configuration') label = _('DNS Global Configuration')
@ -3006,11 +3006,9 @@ class dnsconfig(LDAPObject):
label=_('Allow PTR sync'), label=_('Allow PTR sync'),
doc=_('Allow synchronization of forward (A, AAAA) and reverse (PTR) records'), doc=_('Allow synchronization of forward (A, AAAA) and reverse (PTR) records'),
), ),
Int('idnszonerefresh?', DeprecatedParam('idnszonerefresh?',
cli_name='zone_refresh', cli_name='zone_refresh',
label=_('Zone refresh interval'), label=_('Zone refresh interval'),
doc=_('An interval between regular polls of the name server for new DNS zones'),
minvalue=0,
), ),
) )

38
ipaserver/install/bindinstance.py
View File

@ -463,8 +463,7 @@ class BindInstance(service.Service):
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
reverse_zone, named_user="named", zonemgr=None, reverse_zone, named_user="named", zonemgr=None,
zone_refresh=0, persistent_search=True, serial_autoincrement=True, serial_autoincrement=True, ca_configured=None):
ca_configured=None):
self.named_user = named_user self.named_user = named_user
self.fqdn = fqdn self.fqdn = fqdn
self.ip_address = ip_address self.ip_address = ip_address
@ -475,8 +474,6 @@ class BindInstance(service.Service):
self.suffix = ipautil.realm_to_suffix(self.realm) self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp self.ntp = ntp
self.reverse_zone = reverse_zone self.reverse_zone = reverse_zone
self.zone_refresh = zone_refresh
self.persistent_search = persistent_search
self.serial_autoincrement = serial_autoincrement self.serial_autoincrement = serial_autoincrement
self.ca_configured = ca_configured self.ca_configured = ca_configured
@ -593,24 +590,23 @@ class BindInstance(service.Service):
else: else:
ipa_ca = "" ipa_ca = ""
boolean_var = {} def bool_to_yesno(var):
for var in ('persistent_search', 'serial_autoincrement'): return "yes" if var else "no"
boolean_var[var] = "yes" if getattr(self, var, False) else "no"
self.sub_dict = dict(FQDN=self.fqdn, self.sub_dict = dict(
IP=self.ip_address, FQDN=self.fqdn,
DOMAIN=self.domain, IP=self.ip_address,
HOST=self.host, DOMAIN=self.domain,
REALM=self.realm, HOST=self.host,
SERVER_ID=realm_to_serverid(self.realm), REALM=self.realm,
FORWARDERS=fwds, SERVER_ID=realm_to_serverid(self.realm),
SUFFIX=self.suffix, FORWARDERS=fwds,
OPTIONAL_NTP=optional_ntp, SUFFIX=self.suffix,
ZONEMGR=self.zonemgr, OPTIONAL_NTP=optional_ntp,
ZONE_REFRESH=self.zone_refresh, ZONEMGR=self.zonemgr,
IPA_CA_RECORD=ipa_ca, IPA_CA_RECORD=ipa_ca,
PERSISTENT_SEARCH=boolean_var['persistent_search'], SERIAL_AUTOINCREMENT=bool_to_yesno(self.serial_autoincrement),
SERIAL_AUTOINCREMENT=boolean_var['serial_autoincrement'],) )
def __setup_dns_container(self): def __setup_dns_container(self):
self._ldap_mod("dns.ldif", self.sub_dict) self._ldap_mod("dns.ldif", self.sub_dict)

1
ipatests/test_xmlrpc/test_dns_plugin.py
View File

@ -83,7 +83,6 @@ class test_dns(Declarative):
('dnsconfig_mod', [], {'idnsforwarders' : None, ('dnsconfig_mod', [], {'idnsforwarders' : None,
'idnsforwardpolicy' : None, 'idnsforwardpolicy' : None,
'idnsallowsyncptr' : None, 'idnsallowsyncptr' : None,
'idnszonerefresh' : None,
}), }),
('permission_del', [dnszone1_permission], {'force': True}), ('permission_del', [dnszone1_permission], {'force': True}),
] ]