Enhancement #2915
DNS: remove role property from dns db key
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | <multiple packages> | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
Many packages rely on the property role
inside dns
key from configuration
database.
none
: all dns queries are submitted to remote dns server (seeNameServers
property).resolver
: all dns queries are submitted to localhost
The property is set to none
on a clean install but it is automatically changed to resolver
when nethserver-dnsmasq is installed.
This can lead to bad configuration in case of a configuration restore.
Example
- configuration backup from server with nethserver-dnsmasq installed
- restore the backup on a clean machine
- the value of
role
property becomesresolver
, BUT no nethserver-dnsmasq package is installed - the server can't resolve any host name, so it can't even install the nethserver-dnsmasq from yum repositories
Workaround:
config setprop dns role none signal-event nethserver-base-update signal-event nethserver-hosts-save
Affected packages
- nethserver-base
- nethserver-dnsmasq
- nethserver-ipsec
- nethserver-mail-common
- nethserver-openvpn
- nethserver-squid
Possible solution
Use the following call in templates to check if dnsmasq is enabled:
use NethServer::Service; NethServer::Service::is_enabled('dnsmasq')
Example for nethserver-base (only resolv.conf template):
--- /etc/e-smith/templates/etc/resolv.conf/40dnsRoleResolver 2014-10-16 13:27:59.000000000 +0000 +++ /etc/e-smith/templates-custom/etc/resolv.conf/40dnsRoleResolver 2014-10-16 14:23:03.123600379 +0000 @@ -2,9 +2,10 @@ # # 40dnsRoleResolver # + use NethServer::Service; $OUT = ''; - if($dns{'role'} eq 'resolver') { + if( NethServer::Service::is_enabled('dnsmasq') ) { $OUT .= "# dnsmasq is enabled on this machine:\n"; $OUT .= "nameserver 127.0.0.1\n"; } -} \ No newline at end of file +} --- /etc/e-smith/templates/etc/resolv.conf/20roleNone 2014-10-15 13:10:09.000000000 +0000 +++ /etc/e-smith/templates-custom/etc/resolv.conf/20roleNone 2014-10-16 14:22:38.690749589 +0000 @@ -1,6 +1,8 @@ -{ +{ + use NethServer::Service; + # Ask the first two NameServers: - if($dns{role} eq 'none') { + if( ! NethServer::Service::is_enabled('dnsmasq') ) { foreach (split ',', $dns{NameServers}, 2) { $OUT .= "nameserver $_\n"; }
Associated revisions
wpad: check if dnsmasq is enabled. Refs #2915
host-to-net: check if dnsmasq is enabled. Refs #2915
mx record: check if dnsmasq is enabled. Refs #2915
ppp: check if dnsmasq is enabled. Refs #2915
Fragment moved from nethserver-dnsmasq package.
resolv.conf: check if dnsmasq is enabled. Refs #2915
templates: remove role property. Refs #2915
db: remove role property. Refs #2915
createlinks: remove options.xl2tpd template. Refs #2915
mx record: check if dnsmasq is enabled. Refs #2915
mx record: check if dnsmasq is enabled and installed. Refs #2915
Merge branch 'b2915'. Refs #2915
resolv.conf: check if dnsmasq is installed. Refs #2915
Merge branch 'b2915'. Refs #2915
ppp: check if dnsmasq is installed and enabled. Refs #2915
Fragment moved from nethserver-dnsmasq package.
host-to-net: check if dnsmasq is installed and enabled. Refs #2915
Merge branch 'b2915'. Refs #2915
wpad: check if dnsmasq is installed and enabled. Refs #2915
Merge branch 'b2915'. Refs #2915
templates: remove role property. Refs #2915
createlinks: remove options.xl2tpd template. Refs #2915
wpad: check if dnsmasq is installed and enabled. Refs #2915
History
#1 Updated by Giacomo Sanchietti almost 7 years ago
- Description updated (diff)
#2 Updated by Filippo Carletti almost 7 years ago
- Target version set to v6.6-beta1
#3 Updated by Filippo Carletti almost 7 years ago
I'd remove the none option, NethServer should behave only as a resolver.
#4 Updated by Giacomo Sanchietti over 6 years ago
We should completely remove the role
property.
By the way, fixes to all packages are still needed.
#5 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#6 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#7 Updated by Giacomo Sanchietti over 6 years ago
- nethserver-dnsmasq
- nethserver-ipsec
- nethserver-mail-common
- nethserver-openvpn
- nethserver-squid
- nethserver-base
#8 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
#9 Updated by Giacomo Sanchietti over 6 years ago
- Category changed from nethserver-dnsmasq to <multiple packages>
#10 Updated by Giacomo Sanchietti over 6 years ago
- Target version changed from v6.6-beta1 to v6.5
#11 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 60 to 30
The NethServer::Service doesn't automatically check if the package is installed or not.
All templates should be changed using following logic:
use NethServer::Service; my $s = new NethServer::Service('dnsmasq'); if( $s->is_owned() && $s->is_enabled() ) { ... }
#12 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Everything merged in master branch.
#13 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-base-2.5.3-16.0gita4660656.ns6.noarch.rpm
nethserver-dnsmasq-1.3.0-4.0gitbc8f8172.ns6.noarch.rpmnethserver-dnsmasq-1.3.1-2.0gitc9bb9324.ns6.noarch.rpm- nethserver-mail-common-1.4.1-1.4gita8d628a.ns6.noarch.rpm
- nethserver-openvpn-1.1.1-2.0gitb9284272.ns6.noarch.rpm
- nethserver-ipsec-1.0.1-2.0git2fde3724.ns6.noarch.rpm
- nethserver-squid-1.2.0-20.0git1a759fc7.ns6.noarch.rpm
- nethserver-dnsmasq not installed but enabled: all packages must apply the configuration as the
role
was set tonone
- nethserver-dnsmasq installed but disabled: the behavior should be the same as 1
- nethserver-dnsmasq installed and enabled : ll packages must apply the configuration as the
role
was set toresolver
Test case 1: base
- Check
role
prop has been removed fromdns
key - In case 1 and 2, resolv.conf must point to external DNS servers
- In case 3, resolv.conf must point to 127.0.0.1
Test case 2: dnsmasq
- In case 1 and 2, resolv.conf must point to external DNS servers
- In case 3, resolv.conf must point to 127.0.0.1
Test case 3: mail-common
- In case 1 and 2, not smtp, imap pop and pop3 aliases should be added in
/etc/hosts
- In case 3, below alias should be present in
/etc/hosts
Test case 4: openvpn
- In case 1 and 2,
/etc/openvpn/host-to-net.conf
following options should be added:- dhcp-option DNS <remote_dns>
- dhcp-option WINS <remote_dns>
- dhcp-option NBDD <remote_dns>
- In case 3, following options should be added:
- dhcp-option DNS <green_address>
- dhcp-option WINS <green_address>
- dhcp-option NBDD <green_address>
Test case 5: squid
- In case 1 and 2, not wpad/proxy hosts should be added in
/etc/hosts
- In case 3, wpad and proxy hosts should be present in
/etc/hosts
Test case 5: ipsec
- In case 1 and 2, dns inside file
/etc/ppp/options.xl2tpd
should be the public one (dns[NameServers] property) - In case 3, dns should be the local ip address
#14 Updated by Stefano Fancello over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
#15 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-base-2.5.4-1.ns6.noarch.rpm
- nethserver-dnsmasq-1.4.0-1.ns6.noarch.rpm
- nethserver-ipsec-1.0.2-1.ns6.noarch.rpm
- nethserver-mail-common-1.4.2-1.ns6.noarch.rpm
- nethserver-openvpn-1.1.2-1.ns6.noarch.rpm
- nethserver-squid-1.2.1-1.ns6.noarch.rpm (cherry-picked in branch release2915)