Enhancement #2915

DNS: remove role property from dns db key

Added by Giacomo Sanchietti about 5 years ago. Updated almost 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:<multiple packages>
Target version:v6.5
Resolution: NEEDINFO:No

Description

Many packages rely on the property role inside dns key from configuration database.

The property can have two values:
  • none: all dns queries are submitted to remote dns server (see NameServers property).
  • resolver: all dns queries are submitted to localhost

The property is set to none on a clean install but it is automatically changed to resolver when nethserver-dnsmasq is installed.
This can lead to bad configuration in case of a configuration restore.

Example

  • configuration backup from server with nethserver-dnsmasq installed
  • restore the backup on a clean machine
  • the value of role property becomes resolver, BUT no nethserver-dnsmasq package is installed
  • the server can't resolve any host name, so it can't even install the nethserver-dnsmasq from yum repositories

Workaround:

config setprop dns role none
signal-event nethserver-base-update
signal-event nethserver-hosts-save

Affected packages

  • nethserver-base
  • nethserver-dnsmasq
  • nethserver-ipsec
  • nethserver-mail-common
  • nethserver-openvpn
  • nethserver-squid

Possible solution

Use the following call in templates to check if dnsmasq is enabled:

use NethServer::Service;
NethServer::Service::is_enabled('dnsmasq')

Example for nethserver-base (only resolv.conf template):

--- /etc/e-smith/templates/etc/resolv.conf/40dnsRoleResolver    2014-10-16 13:27:59.000000000 +0000
+++ /etc/e-smith/templates-custom/etc/resolv.conf/40dnsRoleResolver    2014-10-16 14:23:03.123600379 +0000
@@ -2,9 +2,10 @@
     #
     # 40dnsRoleResolver
     #
+    use NethServer::Service;
     $OUT = '';
-    if($dns{'role'} eq 'resolver') {
+    if( NethServer::Service::is_enabled('dnsmasq') ) {
     $OUT .= "# dnsmasq is enabled on this machine:\n";
     $OUT .= "nameserver 127.0.0.1\n";
     }
-}
\ No newline at end of file
+}

--- /etc/e-smith/templates/etc/resolv.conf/20roleNone    2014-10-15 13:10:09.000000000 +0000
+++ /etc/e-smith/templates-custom/etc/resolv.conf/20roleNone    2014-10-16 14:22:38.690749589 +0000
@@ -1,6 +1,8 @@
-{ 
+{
+    use NethServer::Service;
+ 
     # Ask the first two NameServers:
-    if($dns{role} eq 'none') {
+    if( ! NethServer::Service::is_enabled('dnsmasq') ) {
         foreach (split ',', $dns{NameServers}, 2) {       
         $OUT .= "nameserver $_\n";
     }

Associated revisions

Revision 5bc508b6
Added by Giacomo Sanchietti almost 5 years ago

wpad: check if dnsmasq is enabled. Refs #2915

Revision 58e53144
Added by Giacomo Sanchietti almost 5 years ago

host-to-net: check if dnsmasq is enabled. Refs #2915

Revision 16eec23f
Added by Giacomo Sanchietti almost 5 years ago

mx record: check if dnsmasq is enabled. Refs #2915

Revision 6f0842ef
Added by Giacomo Sanchietti almost 5 years ago

ppp: check if dnsmasq is enabled. Refs #2915

Fragment moved from nethserver-dnsmasq package.

Revision 362f8ed8
Added by Giacomo Sanchietti almost 5 years ago

resolv.conf: check if dnsmasq is enabled. Refs #2915

Revision 22a23c6e
Added by Giacomo Sanchietti almost 5 years ago

templates: remove role property. Refs #2915

Revision 4adab204
Added by Giacomo Sanchietti almost 5 years ago

db: remove role property. Refs #2915

Revision 18a7c1c4
Added by Giacomo Sanchietti almost 5 years ago

createlinks: remove options.xl2tpd template. Refs #2915

Revision a2473d10
Added by Giacomo Sanchietti almost 5 years ago

mx record: check if dnsmasq is enabled. Refs #2915

Revision 4cb5de7b
Added by Giacomo Sanchietti almost 5 years ago

mx record: check if dnsmasq is enabled and installed. Refs #2915

Revision a8d628a7
Added by Giacomo Sanchietti almost 5 years ago

Merge branch 'b2915'. Refs #2915

Revision 1c7f909a
Added by Giacomo Sanchietti almost 5 years ago

resolv.conf: check if dnsmasq is installed. Refs #2915

Revision bc8f8172
Added by Giacomo Sanchietti almost 5 years ago

Merge branch 'b2915'. Refs #2915

Revision 2fde3724
Added by Giacomo Sanchietti almost 5 years ago

ppp: check if dnsmasq is installed and enabled. Refs #2915

Fragment moved from nethserver-dnsmasq package.

Revision 474d6f53
Added by Giacomo Sanchietti almost 5 years ago

host-to-net: check if dnsmasq is installed and enabled. Refs #2915

Revision b9284272
Added by Giacomo Sanchietti almost 5 years ago

Merge branch 'b2915'. Refs #2915

Revision c80dd1e4
Added by Giacomo Sanchietti almost 5 years ago

wpad: check if dnsmasq is installed and enabled. Refs #2915

Revision 1a759fc7
Added by Giacomo Sanchietti almost 5 years ago

Merge branch 'b2915'. Refs #2915

Revision 6b5a78af
Added by Giacomo Sanchietti almost 5 years ago

templates: remove role property. Refs #2915

Revision c9bb9324
Added by Giacomo Sanchietti almost 5 years ago

createlinks: remove options.xl2tpd template. Refs #2915

Revision 68818411
Added by Giacomo Sanchietti almost 5 years ago

wpad: check if dnsmasq is installed and enabled. Refs #2915

History

#1 Updated by Giacomo Sanchietti about 5 years ago

  • Description updated (diff)

#2 Updated by Filippo Carletti about 5 years ago

  • Target version set to v6.6-beta1

#3 Updated by Filippo Carletti about 5 years ago

I'd remove the none option, NethServer should behave only as a resolver.

#4 Updated by Giacomo Sanchietti almost 5 years ago

We should completely remove the role property.
By the way, fixes to all packages are still needed.

#5 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#6 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#7 Updated by Giacomo Sanchietti almost 5 years ago

Implementation in branch b2915:
  • nethserver-dnsmasq
  • nethserver-ipsec
  • nethserver-mail-common
  • nethserver-openvpn
  • nethserver-squid
Implementation in branch b2785:
  • nethserver-base

#8 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 60

#9 Updated by Giacomo Sanchietti almost 5 years ago

  • Category changed from nethserver-dnsmasq to <multiple packages>

#10 Updated by Giacomo Sanchietti almost 5 years ago

  • Target version changed from v6.6-beta1 to v6.5

#11 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from MODIFIED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 60 to 30

The NethServer::Service doesn't automatically check if the package is installed or not.
All templates should be changed using following logic:

use NethServer::Service;
my $s = new NethServer::Service('dnsmasq');
if( $s->is_owned() && $s->is_enabled() )  {
    ...
}

#12 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Everything merged in master branch.

#13 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-base-2.5.3-16.0gita4660656.ns6.noarch.rpm
  • nethserver-dnsmasq-1.3.0-4.0gitbc8f8172.ns6.noarch.rpm nethserver-dnsmasq-1.3.1-2.0gitc9bb9324.ns6.noarch.rpm
  • nethserver-mail-common-1.4.1-1.4gita8d628a.ns6.noarch.rpm
  • nethserver-openvpn-1.1.1-2.0gitb9284272.ns6.noarch.rpm
  • nethserver-ipsec-1.0.1-2.0git2fde3724.ns6.noarch.rpm
  • nethserver-squid-1.2.0-20.0git1a759fc7.ns6.noarch.rpm
All tests case should check two conditions:
  1. nethserver-dnsmasq not installed but enabled: all packages must apply the configuration as the role was set to none
  2. nethserver-dnsmasq installed but disabled: the behavior should be the same as 1
  3. nethserver-dnsmasq installed and enabled : ll packages must apply the configuration as the role was set to resolver

Test case 1: base

  • Check role prop has been removed from dns key
  • In case 1 and 2, resolv.conf must point to external DNS servers
  • In case 3, resolv.conf must point to 127.0.0.1

Test case 2: dnsmasq

  • In case 1 and 2, resolv.conf must point to external DNS servers
  • In case 3, resolv.conf must point to 127.0.0.1

Test case 3: mail-common

  • In case 1 and 2, not smtp, imap pop and pop3 aliases should be added in /etc/hosts
  • In case 3, below alias should be present in /etc/hosts

Test case 4: openvpn

  • In case 1 and 2, /etc/openvpn/host-to-net.conf following options should be added:
    • dhcp-option DNS <remote_dns>
    • dhcp-option WINS <remote_dns>
    • dhcp-option NBDD <remote_dns>
  • In case 3, following options should be added:
    • dhcp-option DNS <green_address>
    • dhcp-option WINS <green_address>
    • dhcp-option NBDD <green_address>

Test case 5: squid

  • In case 1 and 2, not wpad/proxy hosts should be added in /etc/hosts
  • In case 3, wpad and proxy hosts should be present in /etc/hosts

Test case 5: ipsec

  • In case 1 and 2, dns inside file /etc/ppp/options.xl2tpd should be the public one (dns[NameServers] property)
  • In case 3, dns should be the local ip address

#14 Updated by Stefano Fancello almost 5 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

#15 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver
  • nethserver-base-2.5.4-1.ns6.noarch.rpm
  • nethserver-dnsmasq-1.4.0-1.ns6.noarch.rpm
  • nethserver-ipsec-1.0.2-1.ns6.noarch.rpm
  • nethserver-mail-common-1.4.2-1.ns6.noarch.rpm
  • nethserver-openvpn-1.1.2-1.ns6.noarch.rpm
  • nethserver-squid-1.2.1-1.ns6.noarch.rpm (cherry-picked in branch release2915)

Also available in: Atom PDF