mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Remove --no-serial-autoincrement
Deprecate this option and do not offer it in installation tools. Without this option enabled, advanced DNS features like DNSSEC would not work. https://fedorahosted.org/freeipa/ticket/3962
This commit is contained in:
parent
5e8aab8558
commit
cb9331ebfc
@ -45,5 +45,5 @@ dynamic-db "ipa" {
|
|||||||
arg "auth_method sasl";
|
arg "auth_method sasl";
|
||||||
arg "sasl_mech GSSAPI";
|
arg "sasl_mech GSSAPI";
|
||||||
arg "sasl_user DNS/$FQDN";
|
arg "sasl_user DNS/$FQDN";
|
||||||
arg "serial_autoincrement $SERIAL_AUTOINCREMENT";
|
arg "serial_autoincrement yes";
|
||||||
};
|
};
|
||||||
|
@ -52,9 +52,6 @@ def parse_options():
|
|||||||
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
|
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
|
||||||
type="string",
|
type="string",
|
||||||
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
|
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
|
||||||
parser.add_option("--no-serial-autoincrement", dest="serial_autoincrement",
|
|
||||||
default=True, action="store_false",
|
|
||||||
help="Do not enable SOA serial autoincrement")
|
|
||||||
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
||||||
default=False, help="unattended installation never prompts the user")
|
default=False, help="unattended installation never prompts the user")
|
||||||
|
|
||||||
@ -209,8 +206,7 @@ def main():
|
|||||||
print ""
|
print ""
|
||||||
|
|
||||||
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
|
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
|
||||||
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr,
|
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr)
|
||||||
serial_autoincrement=options.serial_autoincrement)
|
|
||||||
bind.create_instance()
|
bind.create_instance()
|
||||||
|
|
||||||
# Restart http instance to make sure that python-dns has the right resolver
|
# Restart http instance to make sure that python-dns has the right resolver
|
||||||
|
@ -212,9 +212,6 @@ def parse_options():
|
|||||||
help="Do not use DNS for hostname lookup during installation")
|
help="Do not use DNS for hostname lookup during installation")
|
||||||
dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false",
|
dns_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false",
|
||||||
help="Do not automatically create DNS SSHFP records")
|
help="Do not automatically create DNS SSHFP records")
|
||||||
dns_group.add_option("--no-serial-autoincrement", dest="serial_autoincrement",
|
|
||||||
default=True, action="store_false",
|
|
||||||
help="Do not enable SOA serial autoincrement")
|
|
||||||
parser.add_option_group(dns_group)
|
parser.add_option_group(dns_group)
|
||||||
|
|
||||||
uninstall_group = OptionGroup(parser, "uninstall options")
|
uninstall_group = OptionGroup(parser, "uninstall options")
|
||||||
@ -1181,7 +1178,6 @@ def main():
|
|||||||
bind = bindinstance.BindInstance(fstore, dm_password)
|
bind = bindinstance.BindInstance(fstore, dm_password)
|
||||||
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders,
|
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders,
|
||||||
options.conf_ntp, reverse_zone, zonemgr=options.zonemgr,
|
options.conf_ntp, reverse_zone, zonemgr=options.zonemgr,
|
||||||
serial_autoincrement=options.serial_autoincrement,
|
|
||||||
ca_configured=setup_ca)
|
ca_configured=setup_ca)
|
||||||
if options.setup_dns:
|
if options.setup_dns:
|
||||||
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
|
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
|
||||||
|
@ -49,9 +49,6 @@ Do not create new reverse DNS zone. If used on a replica and a reverse DNS zone
|
|||||||
\fB\-\-zonemgr\fR
|
\fB\-\-zonemgr\fR
|
||||||
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
|
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
|
||||||
.TP
|
.TP
|
||||||
\fB\-\-no\-serial\-autoincrement\fR
|
|
||||||
Do not enable SOA serial autoincrement feature. SOA serial will have to be updated automatically or other DNS features like zone transfer od DNSSEC will not function properly. This feature requires persistent search zone update mechanism.
|
|
||||||
.TP
|
|
||||||
\fB\-U\fR, \fB\-\-unattended\fR
|
\fB\-U\fR, \fB\-\-unattended\fR
|
||||||
An unattended installation that will never prompt for user input
|
An unattended installation that will never prompt for user input
|
||||||
.SH "EXIT STATUS"
|
.SH "EXIT STATUS"
|
||||||
|
@ -151,9 +151,6 @@ Do not use DNS for hostname lookup during installation
|
|||||||
.TP
|
.TP
|
||||||
\fB\-\-no\-dns\-sshfp\fR
|
\fB\-\-no\-dns\-sshfp\fR
|
||||||
Do not automatically create DNS SSHFP records.
|
Do not automatically create DNS SSHFP records.
|
||||||
.TP
|
|
||||||
\fB\-\-no\-serial\-autoincrement\fR
|
|
||||||
Do not enable SOA serial autoincrement feature. SOA serial will have to be updated automatically or other DNS features like zone transfer od DNSSEC will not function properly. This feature requires persistent search zone update mechanism.
|
|
||||||
|
|
||||||
.SS "UNINSTALL OPTIONS"
|
.SS "UNINSTALL OPTIONS"
|
||||||
.TP
|
.TP
|
||||||
|
@ -463,7 +463,7 @@ class BindInstance(service.Service):
|
|||||||
|
|
||||||
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
|
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
|
||||||
reverse_zone, named_user="named", zonemgr=None,
|
reverse_zone, named_user="named", zonemgr=None,
|
||||||
serial_autoincrement=True, ca_configured=None):
|
ca_configured=None):
|
||||||
self.named_user = named_user
|
self.named_user = named_user
|
||||||
self.fqdn = fqdn
|
self.fqdn = fqdn
|
||||||
self.ip_address = ip_address
|
self.ip_address = ip_address
|
||||||
@ -474,7 +474,6 @@ class BindInstance(service.Service):
|
|||||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||||
self.ntp = ntp
|
self.ntp = ntp
|
||||||
self.reverse_zone = reverse_zone
|
self.reverse_zone = reverse_zone
|
||||||
self.serial_autoincrement = serial_autoincrement
|
|
||||||
self.ca_configured = ca_configured
|
self.ca_configured = ca_configured
|
||||||
|
|
||||||
if not zonemgr:
|
if not zonemgr:
|
||||||
@ -590,9 +589,6 @@ class BindInstance(service.Service):
|
|||||||
else:
|
else:
|
||||||
ipa_ca = ""
|
ipa_ca = ""
|
||||||
|
|
||||||
def bool_to_yesno(var):
|
|
||||||
return "yes" if var else "no"
|
|
||||||
|
|
||||||
self.sub_dict = dict(
|
self.sub_dict = dict(
|
||||||
FQDN=self.fqdn,
|
FQDN=self.fqdn,
|
||||||
IP=self.ip_address,
|
IP=self.ip_address,
|
||||||
@ -605,7 +601,6 @@ class BindInstance(service.Service):
|
|||||||
OPTIONAL_NTP=optional_ntp,
|
OPTIONAL_NTP=optional_ntp,
|
||||||
ZONEMGR=self.zonemgr,
|
ZONEMGR=self.zonemgr,
|
||||||
IPA_CA_RECORD=ipa_ca,
|
IPA_CA_RECORD=ipa_ca,
|
||||||
SERIAL_AUTOINCREMENT=bool_to_yesno(self.serial_autoincrement),
|
|
||||||
)
|
)
|
||||||
|
|
||||||
def __setup_dns_container(self):
|
def __setup_dns_container(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user