IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Extend installers with --forward-policy option

Browse Source 
This option specified forward policy for global forwarders.
The value is put inside /etc/named.conf.

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Petr Spacek
2016-03-01 11:13:18 +01:00
committed by Petr Vobornik
parent 9ee6d379c4
commit 8997454889
9 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/share/bind.named.conf.template
View File

@@ -8,7 +8,7 @@ options {
statistics-file "data/named_stats.txt"; statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt"; memstatistics-file "data/named_mem_stats.txt";
forward first; forward $FORWARD_POLICY;
forwarders {$FORWARDERS}; forwarders {$FORWARDERS};
// Any host is permitted to issue recursive queries // Any host is permitted to issue recursive queries

3
install/tools/ipa-dns-install
View File

@@ -57,6 +57,9 @@ def parse_options():
parser.add_option("--auto-forwarders", dest="auto_forwarders", parser.add_option("--auto-forwarders", dest="auto_forwarders",
action="store_true", default=False, action="store_true", default=False,
help="Use DNS forwarders configured in /etc/resolv.conf") help="Use DNS forwarders configured in /etc/resolv.conf")
parser.add_option("--forward-policy", dest="forward_policy",
choices=("first", "only"), default="first",
help="DNS forwarding policy for global forwarders")
parser.add_option("--reverse-zone", dest="reverse_zones", parser.add_option("--reverse-zone", dest="reverse_zones",
default=[], action="append", metavar="REVERSE_ZONE", default=[], action="append", metavar="REVERSE_ZONE",
help="The reverse DNS zone to use. This option can be used multiple times") help="The reverse DNS zone to use. This option can be used multiple times")

3
install/tools/man/ipa-dns-install.1
View File

@@ -41,6 +41,9 @@ Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root se
\fB\-\-auto\-forwarders\fR \fB\-\-auto\-forwarders\fR
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
.TP .TP
\fB\-\-forward\-policy\fR=\fIfirst|only\fR
DNS forwarding policy for global forwarders specified using other options. Defaults to first.
.TP
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR \fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones. The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
.TP .TP

3
install/tools/man/ipa-replica-install.1
View File

@@ -149,6 +149,9 @@ Do not add any DNS forwarders. Root DNS servers will be used instead.
\fB\-\-auto\-forwarders\fR \fB\-\-auto\-forwarders\fR
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
.TP .TP
\fB\-\-forward\-policy\fR=\fIfirst|only\fR
DNS forwarding policy for global forwarders specified using other options. Defaults to first.
.TP
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR \fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones. The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
.TP .TP

3
install/tools/man/ipa-server-install.1
View File

@@ -158,6 +158,9 @@ Do not add any DNS forwarders. Root DNS servers will be used instead.
\fB\-\-auto\-forwarders\fR \fB\-\-auto\-forwarders\fR
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
.TP .TP
\fB\-\-forward\-policy\fR=\fIfirst|only\fR
DNS forwarding policy for global forwarders specified using other options. Defaults to first.
.TP
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR \fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones. The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
.TP .TP

7
ipaserver/install/bindinstance.py
View File

@@ -609,8 +609,9 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix') suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp, def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders,
reverse_zones, named_user=constants.NAMED_USER, zonemgr=None, forward_policy, ntp, reverse_zones,
named_user=constants.NAMED_USER, zonemgr=None,
ca_configured=None, no_dnssec_validation=False): ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user self.named_user = named_user
self.fqdn = fqdn self.fqdn = fqdn
@@ -618,6 +619,7 @@ class BindInstance(service.Service):
self.realm = realm_name self.realm = realm_name
self.domain = domain_name self.domain = domain_name
self.forwarders = forwarders self.forwarders = forwarders
self.forward_policy = forward_policy
self.host = fqdn.split(".")[0] self.host = fqdn.split(".")[0]
self.suffix = ipautil.realm_to_suffix(self.realm) self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp self.ntp = ntp
@@ -775,6 +777,7 @@ class BindInstance(service.Service):
REALM=self.realm, REALM=self.realm,
SERVER_ID=installutils.realm_to_serverid(self.realm), SERVER_ID=installutils.realm_to_serverid(self.realm),
FORWARDERS=fwds, FORWARDERS=fwds,
FORWARD_POLICY=self.forward_policy,
SUFFIX=self.suffix, SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp, OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr, ZONEMGR=self.zonemgr,

4
ipaserver/install/dns.py
View File

@@ -318,8 +318,8 @@ def install(standalone, replica, options, api=api):
bind = bindinstance.BindInstance(fstore, ldapi=True, api=api, bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
autobind=AUTOBIND_ENABLED) autobind=AUTOBIND_ENABLED)
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain, bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
options.forwarders, conf_ntp, reverse_zones, options.forwarders, options.forward_policy, conf_ntp,
zonemgr=options.zonemgr, reverse_zones, zonemgr=options.zonemgr,
no_dnssec_validation=options.no_dnssec_validation, no_dnssec_validation=options.no_dnssec_validation,
ca_configured=options.setup_ca) ca_configured=options.setup_ca)

9
ipaserver/install/server/common.py
View File

@@ -169,6 +169,11 @@ class BaseServerDNS(common.Installable, core.Group, core.Composite):
cli_name='forwarder', cli_name='forwarder',
) )
forward_policy = Knob(
{'only', 'first'}, 'first',
description=("DNS forwarding policy for global forwarders"),
)
auto_forwarders = Knob( auto_forwarders = Knob(
bool, False, bool, False,
description="Use DNS forwarders configured in /etc/resolv.conf", description="Use DNS forwarders configured in /etc/resolv.conf",
@@ -431,6 +436,10 @@ class BaseServer(common.Installable, common.Interactive, core.Composite):
raise RuntimeError( raise RuntimeError(
"You cannot specify a --no-forwarders option without the " "You cannot specify a --no-forwarders option without the "
"--setup-dns option") "--setup-dns option")
if self.dns.forward_policy:
raise RuntimeError(
"You cannot specify a --forward-policy option without the "
"--setup-dns option")
if self.dns.reverse_zones: if self.dns.reverse_zones:
raise RuntimeError( raise RuntimeError(
"You cannot specify a --reverse-zone option without the " "You cannot specify a --reverse-zone option without the "

5
ipaserver/install/server/install.py
View File

@@ -733,10 +733,11 @@ def install_check(installer):
if options.setup_dns: if options.setup_dns:
print("BIND DNS server will be configured to serve IPA domain with:") print("BIND DNS server will be configured to serve IPA domain with:")
print("Forwarders: %s" % ( print("Forwarders: %s" % (
"No forwarders" if not options.forwarders "No forwarders" if not options.forwarders
else ", ".join([str(ip) for ip in options.forwarders]) else ", ".join([str(ip) for ip in options.forwarders])
)) ))
print('Forward policy: %s' % options.forward_policy)
print("Reverse zone(s): %s" % ( print("Reverse zone(s): %s" % (
"No reverse zone" if options.no_reverse or not dns.reverse_zones "No reverse zone" if options.no_reverse or not dns.reverse_zones
else ", ".join(str(rz) for rz in dns.reverse_zones) else ", ".join(str(rz) for rz in dns.reverse_zones)
@@ -967,7 +968,7 @@ def install(installer):
# Create a BIND instance # Create a BIND instance
bind = bindinstance.BindInstance(fstore, dm_password) bind = bindinstance.BindInstance(fstore, dm_password)
bind.setup(host_name, ip_addresses, realm_name, bind.setup(host_name, ip_addresses, realm_name,
domain_name, (), not options.no_ntp, (), domain_name, (), 'first', not options.no_ntp, (),
zonemgr=options.zonemgr, ca_configured=setup_ca, zonemgr=options.zonemgr, ca_configured=setup_ca,
no_dnssec_validation=options.no_dnssec_validation) no_dnssec_validation=options.no_dnssec_validation)
bind.create_sample_bind_zone() bind.create_sample_bind_zone()