Enhancement #2915
DNS: remove role property from dns db key
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | <multiple packages> | |||
| Target version: | v6.5 | |||
| Resolution: | NEEDINFO: | No |
Description
Many packages rely on the property role inside dns key from configuration database.
none: all dns queries are submitted to remote dns server (seeNameServersproperty).resolver: all dns queries are submitted to localhost
The property is set to none on a clean install but it is automatically changed to resolver when nethserver-dnsmasq is installed.
This can lead to bad configuration in case of a configuration restore.
Example
- configuration backup from server with nethserver-dnsmasq installed
- restore the backup on a clean machine
- the value of
roleproperty becomesresolver, BUT no nethserver-dnsmasq package is installed - the server can't resolve any host name, so it can't even install the nethserver-dnsmasq from yum repositories
Workaround:
config setprop dns role none signal-event nethserver-base-update signal-event nethserver-hosts-save
Affected packages
- nethserver-base
- nethserver-dnsmasq
- nethserver-ipsec
- nethserver-mail-common
- nethserver-openvpn
- nethserver-squid
Possible solution
Use the following call in templates to check if dnsmasq is enabled:
use NethServer::Service;
NethServer::Service::is_enabled('dnsmasq')
Example for nethserver-base (only resolv.conf template):
--- /etc/e-smith/templates/etc/resolv.conf/40dnsRoleResolver 2014-10-16 13:27:59.000000000 +0000
+++ /etc/e-smith/templates-custom/etc/resolv.conf/40dnsRoleResolver 2014-10-16 14:23:03.123600379 +0000
@@ -2,9 +2,10 @@
#
# 40dnsRoleResolver
#
+ use NethServer::Service;
$OUT = '';
- if($dns{'role'} eq 'resolver') {
+ if( NethServer::Service::is_enabled('dnsmasq') ) {
$OUT .= "# dnsmasq is enabled on this machine:\n";
$OUT .= "nameserver 127.0.0.1\n";
}
-}
\ No newline at end of file
+}
--- /etc/e-smith/templates/etc/resolv.conf/20roleNone 2014-10-15 13:10:09.000000000 +0000
+++ /etc/e-smith/templates-custom/etc/resolv.conf/20roleNone 2014-10-16 14:22:38.690749589 +0000
@@ -1,6 +1,8 @@
-{
+{
+ use NethServer::Service;
+
# Ask the first two NameServers:
- if($dns{role} eq 'none') {
+ if( ! NethServer::Service::is_enabled('dnsmasq') ) {
foreach (split ',', $dns{NameServers}, 2) {
$OUT .= "nameserver $_\n";
}
Associated revisions
wpad: check if dnsmasq is enabled. Refs #2915
host-to-net: check if dnsmasq is enabled. Refs #2915
mx record: check if dnsmasq is enabled. Refs #2915
ppp: check if dnsmasq is enabled. Refs #2915
Fragment moved from nethserver-dnsmasq package.
resolv.conf: check if dnsmasq is enabled. Refs #2915
templates: remove role property. Refs #2915
db: remove role property. Refs #2915
createlinks: remove options.xl2tpd template. Refs #2915
mx record: check if dnsmasq is enabled. Refs #2915
mx record: check if dnsmasq is enabled and installed. Refs #2915
Merge branch 'b2915'. Refs #2915
resolv.conf: check if dnsmasq is installed. Refs #2915
Merge branch 'b2915'. Refs #2915
ppp: check if dnsmasq is installed and enabled. Refs #2915
Fragment moved from nethserver-dnsmasq package.
host-to-net: check if dnsmasq is installed and enabled. Refs #2915
Merge branch 'b2915'. Refs #2915
wpad: check if dnsmasq is installed and enabled. Refs #2915
Merge branch 'b2915'. Refs #2915
templates: remove role property. Refs #2915
createlinks: remove options.xl2tpd template. Refs #2915
wpad: check if dnsmasq is installed and enabled. Refs #2915
History
#1
Updated by Giacomo Sanchietti almost 7 years ago
- Description updated (diff)
#2
Updated by Filippo Carletti almost 7 years ago
- Target version set to v6.6-beta1
#3
Updated by Filippo Carletti almost 7 years ago
I'd remove the none option, NethServer should behave only as a resolver.
#4
Updated by Giacomo Sanchietti over 6 years ago
We should completely remove the role property.
By the way, fixes to all packages are still needed.
#5
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#6
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#7
Updated by Giacomo Sanchietti over 6 years ago
- nethserver-dnsmasq
- nethserver-ipsec
- nethserver-mail-common
- nethserver-openvpn
- nethserver-squid
- nethserver-base
#8
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
#9
Updated by Giacomo Sanchietti over 6 years ago
- Category changed from nethserver-dnsmasq to <multiple packages>
#10
Updated by Giacomo Sanchietti over 6 years ago
- Target version changed from v6.6-beta1 to v6.5
#11
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 60 to 30
The NethServer::Service doesn't automatically check if the package is installed or not.
All templates should be changed using following logic:
use NethServer::Service;
my $s = new NethServer::Service('dnsmasq');
if( $s->is_owned() && $s->is_enabled() ) {
...
}
#12
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Everything merged in master branch.
#13
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-base-2.5.3-16.0gita4660656.ns6.noarch.rpm
nethserver-dnsmasq-1.3.0-4.0gitbc8f8172.ns6.noarch.rpmnethserver-dnsmasq-1.3.1-2.0gitc9bb9324.ns6.noarch.rpm- nethserver-mail-common-1.4.1-1.4gita8d628a.ns6.noarch.rpm
- nethserver-openvpn-1.1.1-2.0gitb9284272.ns6.noarch.rpm
- nethserver-ipsec-1.0.1-2.0git2fde3724.ns6.noarch.rpm
- nethserver-squid-1.2.0-20.0git1a759fc7.ns6.noarch.rpm
- nethserver-dnsmasq not installed but enabled: all packages must apply the configuration as the
rolewas set tonone - nethserver-dnsmasq installed but disabled: the behavior should be the same as 1
- nethserver-dnsmasq installed and enabled : ll packages must apply the configuration as the
rolewas set toresolver
Test case 1: base
- Check
roleprop has been removed fromdnskey - In case 1 and 2, resolv.conf must point to external DNS servers
- In case 3, resolv.conf must point to 127.0.0.1
Test case 2: dnsmasq
- In case 1 and 2, resolv.conf must point to external DNS servers
- In case 3, resolv.conf must point to 127.0.0.1
Test case 3: mail-common
- In case 1 and 2, not smtp, imap pop and pop3 aliases should be added in
/etc/hosts - In case 3, below alias should be present in
/etc/hosts
Test case 4: openvpn
- In case 1 and 2,
/etc/openvpn/host-to-net.conffollowing options should be added:- dhcp-option DNS <remote_dns>
- dhcp-option WINS <remote_dns>
- dhcp-option NBDD <remote_dns>
- In case 3, following options should be added:
- dhcp-option DNS <green_address>
- dhcp-option WINS <green_address>
- dhcp-option NBDD <green_address>
Test case 5: squid
- In case 1 and 2, not wpad/proxy hosts should be added in
/etc/hosts - In case 3, wpad and proxy hosts should be present in
/etc/hosts
Test case 5: ipsec
- In case 1 and 2, dns inside file
/etc/ppp/options.xl2tpdshould be the public one (dns[NameServers] property) - In case 3, dns should be the local ip address
#14
Updated by Stefano Fancello over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
#15
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-base-2.5.4-1.ns6.noarch.rpm
- nethserver-dnsmasq-1.4.0-1.ns6.noarch.rpm
- nethserver-ipsec-1.0.2-1.ns6.noarch.rpm
- nethserver-mail-common-1.4.2-1.ns6.noarch.rpm
- nethserver-openvpn-1.1.2-1.ns6.noarch.rpm
- nethserver-squid-1.2.1-1.ns6.noarch.rpm (cherry-picked in branch release2915)