rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0067-DNS-server-upgrade-do-not-fail-when-DNS-server-did-n.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   53a374936ca448d4897930910a79131c0085a284
  2.   SOURCES
  3.   0067-DNS-server-upgrade-do-not-fail-when-DNS-server-did-n.patch
Blob History Raw
403b09 
From 78ef6581483190fc60fc928fb2263f5520a5edfa Mon Sep 17 00:00:00 2001
403b09 
From: Petr Spacek <pspacek@redhat.com>
403b09 
Date: Thu, 11 Aug 2016 13:44:29 +0200
403b09 
Subject: [PATCH] DNS server upgrade: do not fail when DNS server did not
403b09 
 respond
403b09
403b09 
Previously, update_dnsforward_emptyzones failed with an exeception if
403b09 
DNS query failed for some reason. Now the error is logged and upgrade
403b09 
continues.
403b09
403b09 
I assume that this is okay because the DNS query is used as heuristics
403b09 
of last resort in the upgrade logic and failure to do so should not have
403b09 
catastrophics consequences: In the worst case, the admin needs to
403b09 
manually change forwarding policy from 'first' to 'only'.
403b09
403b09 
In the end I have decided not to auto-start BIND because BIND depends on
403b09 
GSSAPI for authentication, which in turn depends on KDC ... Alternative
403b09 
like reconfiguring BIND to use LDAPI+EXTERNAL and reconfiguring DS to
403b09 
accept LDAP external bind from named user are too complicated.
403b09
403b09 
https://fedorahosted.org/freeipa/ticket/6205
403b09
403b09 
Reviewed-By: Martin Basti <mbasti@redhat.com>
403b09 
---
403b09 
 ipaserver/install/plugins/dns.py | 14 ++++++++++++--
403b09 
 1 file changed, 12 insertions(+), 2 deletions(-)
403b09
403b09 
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
403b09 
index 32247eedbac7fc7e00c7277ef0bc593a74cd22e4..7b06a5c0d3a59e5825af75fae87c9739a53d9913 100644
403b09 
--- a/ipaserver/install/plugins/dns.py
403b09 
+++ b/ipaserver/install/plugins/dns.py
403b09 
@@ -17,6 +17,9 @@
403b09 
 # You should have received a copy of the GNU General Public License
403b09 
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
403b09
403b09 
+from __future__ import absolute_import
403b09 
+
403b09 
+import dns.exception
403b09 
 import re
403b09 
 import traceback
403b09 
 import time
403b09 
@@ -489,8 +492,15 @@ class update_dnsforward_emptyzones(DNSUpdater):
403b09 
         self.api.Command['dnsconfig_mod'](ipadnsversion=2)
403b09
403b09 
         self.update_zones()
403b09 
-        if dnsutil.has_empty_zone_addresses(self.api.env.host):
403b09 
-            self.update_global_ldap_forwarder()
403b09 
+        try:
403b09 
+            if dnsutil.has_empty_zone_addresses(self.api.env.host):
403b09 
+                self.update_global_ldap_forwarder()
403b09 
+        except dns.exception.DNSException as ex:
403b09 
+            self.log.error('Skipping update of global DNS forwarder in LDAP: '
403b09 
+                           'Unable to determine if local server is using an '
403b09 
+                           'IP address belonging to an automatic empty zone. '
403b09 
+                           'Consider changing forwarding policy to "only". '
403b09 
+                           'DNS exception: %s', ex)
403b09
403b09 
         return False, []
403b09
403b09 
--
403b09 
2.7.4
403b09

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation