DNS install check: allow overlapping zone to be from the master itself

When re-running `ipa-server-install --setup-dns` on already installed server, we do not get to the check of being already installed because DNS zone overlap forces us to fail earlier. Change exception returned for this case from check_zone_overlap() to return structured information that allows to understand whether we are finding a conflict with ourselves. Use the returned information to only fail DNS check at this point if DNS zone overlap is generated by a different name server than ourselves. Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-12-10 00:39:43 +02:00
parent 6462cc0f3a
commit dd7fdaa77d
5 changed files with 23 additions and 15 deletions
--- a/ipaserver/plugins/dns.py
+++ b/ipaserver/plugins/dns.py
@@ -79,7 +79,7 @@ from ipalib.util import (normalize_zonemgr,
 from ipaplatform import services
 from ipapython.dn import DN
 from ipapython.ipautil import CheckedIPAddress
-from ipapython.dnsutil import check_zone_overlap
+from ipapython.dnsutil import check_zone_overlap, DNSZoneAlreadyExists
 from ipapython.dnsutil import DNSName
 from ipapython.dnsutil import related_to_auto_empty_zone
 from ipaserver.dns_data_management import (
@@ -2153,7 +2153,7 @@ class DNSZoneBase_add(LDAPCreate):
        if not options['skip_overlap_check']:
            try:
                check_zone_overlap(keys[-1], raise_on_error=False)
-            except ValueError as e:
+            except DNSZoneAlreadyExists as e:
                raise errors.InvocationError(str(e))

        return dn