mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 00:20:04 -06:00
Extend installers with --forward-policy option
This option specified forward policy for global forwarders. The value is put inside /etc/named.conf. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
9ee6d379c4
commit
8997454889
@ -8,7 +8,7 @@ options {
|
||||
statistics-file "data/named_stats.txt";
|
||||
memstatistics-file "data/named_mem_stats.txt";
|
||||
|
||||
forward first;
|
||||
forward $FORWARD_POLICY;
|
||||
forwarders {$FORWARDERS};
|
||||
|
||||
// Any host is permitted to issue recursive queries
|
||||
|
@ -57,6 +57,9 @@ def parse_options():
|
||||
parser.add_option("--auto-forwarders", dest="auto_forwarders",
|
||||
action="store_true", default=False,
|
||||
help="Use DNS forwarders configured in /etc/resolv.conf")
|
||||
parser.add_option("--forward-policy", dest="forward_policy",
|
||||
choices=("first", "only"), default="first",
|
||||
help="DNS forwarding policy for global forwarders")
|
||||
parser.add_option("--reverse-zone", dest="reverse_zones",
|
||||
default=[], action="append", metavar="REVERSE_ZONE",
|
||||
help="The reverse DNS zone to use. This option can be used multiple times")
|
||||
|
@ -41,6 +41,9 @@ Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root se
|
||||
\fB\-\-auto\-forwarders\fR
|
||||
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
|
||||
.TP
|
||||
\fB\-\-forward\-policy\fR=\fIfirst|only\fR
|
||||
DNS forwarding policy for global forwarders specified using other options. Defaults to first.
|
||||
.TP
|
||||
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
|
||||
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
|
||||
.TP
|
||||
|
@ -149,6 +149,9 @@ Do not add any DNS forwarders. Root DNS servers will be used instead.
|
||||
\fB\-\-auto\-forwarders\fR
|
||||
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
|
||||
.TP
|
||||
\fB\-\-forward\-policy\fR=\fIfirst|only\fR
|
||||
DNS forwarding policy for global forwarders specified using other options. Defaults to first.
|
||||
.TP
|
||||
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
|
||||
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
|
||||
.TP
|
||||
|
@ -158,6 +158,9 @@ Do not add any DNS forwarders. Root DNS servers will be used instead.
|
||||
\fB\-\-auto\-forwarders\fR
|
||||
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
|
||||
.TP
|
||||
\fB\-\-forward\-policy\fR=\fIfirst|only\fR
|
||||
DNS forwarding policy for global forwarders specified using other options. Defaults to first.
|
||||
.TP
|
||||
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
|
||||
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
|
||||
.TP
|
||||
|
@ -609,8 +609,9 @@ class BindInstance(service.Service):
|
||||
|
||||
suffix = ipautil.dn_attribute_property('_suffix')
|
||||
|
||||
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
|
||||
reverse_zones, named_user=constants.NAMED_USER, zonemgr=None,
|
||||
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders,
|
||||
forward_policy, ntp, reverse_zones,
|
||||
named_user=constants.NAMED_USER, zonemgr=None,
|
||||
ca_configured=None, no_dnssec_validation=False):
|
||||
self.named_user = named_user
|
||||
self.fqdn = fqdn
|
||||
@ -618,6 +619,7 @@ class BindInstance(service.Service):
|
||||
self.realm = realm_name
|
||||
self.domain = domain_name
|
||||
self.forwarders = forwarders
|
||||
self.forward_policy = forward_policy
|
||||
self.host = fqdn.split(".")[0]
|
||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||
self.ntp = ntp
|
||||
@ -775,6 +777,7 @@ class BindInstance(service.Service):
|
||||
REALM=self.realm,
|
||||
SERVER_ID=installutils.realm_to_serverid(self.realm),
|
||||
FORWARDERS=fwds,
|
||||
FORWARD_POLICY=self.forward_policy,
|
||||
SUFFIX=self.suffix,
|
||||
OPTIONAL_NTP=optional_ntp,
|
||||
ZONEMGR=self.zonemgr,
|
||||
|
@ -318,8 +318,8 @@ def install(standalone, replica, options, api=api):
|
||||
bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
|
||||
autobind=AUTOBIND_ENABLED)
|
||||
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
|
||||
options.forwarders, conf_ntp, reverse_zones,
|
||||
zonemgr=options.zonemgr,
|
||||
options.forwarders, options.forward_policy, conf_ntp,
|
||||
reverse_zones, zonemgr=options.zonemgr,
|
||||
no_dnssec_validation=options.no_dnssec_validation,
|
||||
ca_configured=options.setup_ca)
|
||||
|
||||
|
@ -169,6 +169,11 @@ class BaseServerDNS(common.Installable, core.Group, core.Composite):
|
||||
cli_name='forwarder',
|
||||
)
|
||||
|
||||
forward_policy = Knob(
|
||||
{'only', 'first'}, 'first',
|
||||
description=("DNS forwarding policy for global forwarders"),
|
||||
)
|
||||
|
||||
auto_forwarders = Knob(
|
||||
bool, False,
|
||||
description="Use DNS forwarders configured in /etc/resolv.conf",
|
||||
@ -431,6 +436,10 @@ class BaseServer(common.Installable, common.Interactive, core.Composite):
|
||||
raise RuntimeError(
|
||||
"You cannot specify a --no-forwarders option without the "
|
||||
"--setup-dns option")
|
||||
if self.dns.forward_policy:
|
||||
raise RuntimeError(
|
||||
"You cannot specify a --forward-policy option without the "
|
||||
"--setup-dns option")
|
||||
if self.dns.reverse_zones:
|
||||
raise RuntimeError(
|
||||
"You cannot specify a --reverse-zone option without the "
|
||||
|
@ -733,10 +733,11 @@ def install_check(installer):
|
||||
|
||||
if options.setup_dns:
|
||||
print("BIND DNS server will be configured to serve IPA domain with:")
|
||||
print("Forwarders: %s" % (
|
||||
print("Forwarders: %s" % (
|
||||
"No forwarders" if not options.forwarders
|
||||
else ", ".join([str(ip) for ip in options.forwarders])
|
||||
))
|
||||
print('Forward policy: %s' % options.forward_policy)
|
||||
print("Reverse zone(s): %s" % (
|
||||
"No reverse zone" if options.no_reverse or not dns.reverse_zones
|
||||
else ", ".join(str(rz) for rz in dns.reverse_zones)
|
||||
@ -967,7 +968,7 @@ def install(installer):
|
||||
# Create a BIND instance
|
||||
bind = bindinstance.BindInstance(fstore, dm_password)
|
||||
bind.setup(host_name, ip_addresses, realm_name,
|
||||
domain_name, (), not options.no_ntp, (),
|
||||
domain_name, (), 'first', not options.no_ntp, (),
|
||||
zonemgr=options.zonemgr, ca_configured=setup_ca,
|
||||
no_dnssec_validation=options.no_dnssec_validation)
|
||||
bind.create_sample_bind_zone()
|
||||
|
Loading…
Reference in New Issue
Block a user