Bug 1409628 – [RFE] Semi-automatic integration with external DNS using nsupdate

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1409628 - [RFE] Semi-automatic integration with external DNS using nsupdate

Summary:	[RFE] Semi-automatic integration with external DNS using nsupdate

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	7.3
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Pavel Picka
QA Contact:	Pavel Picka
Docs Contact:	Aneta Šteflová Petrová

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:	1399979 1411762 1422785
	Show dependency tree / graph

Reported:	2017-01-02 11:15 EST by Petr Vobornik
Modified:	2017-08-01 05:44 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	ipa-4.5.0-1.el7
Doc Type:	Enhancement
Doc Text:	IdM enables semi-automatic upgrades of the IdM DNS records on an external DNS server To simplify updating the Identity Management (IdM) DNS records on an external DNS server, IdM introduces the "ipa dns-update-system-records --dry-run --out [file]" command. The command generates a list of records in a format accepted by the nsupdate utility. You can use the generated file to update the records on the external DNS server by using a standard dynamic DNS update mechanism secured with the Transaction Signature (TSIG) protocol or the GSS algorithm for TSIG (GSS-TSIG). For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/dns-updates-external.html.
Story Points:	---
Clone Of:
Clones:	1422785 (view as bug list)
Environment:
Last Closed:	2017-08-01 05:44:33 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
output (4.96 KB, text/plain) 2017-05-22 08:48 EDT, Pavel Picka	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:2304	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2017-08-01 08:41:35 EDT

Groups: None (edit)

Description Petr Vobornik 2017-01-02 11:15:24 EST

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/6585

This is a lightweight, more manual version of integration with external DNS systems. Automatic integration will be covered by bug 1206607 .

`ipa dns-update-system-records` command provides a way to get a list of DNS records about of IPA servers and their services - the records which are maintained by IPA installers and DNS location support.

Output of this command is human readable, but it cannot be used for updating external DNS system without preprocessing. 

`ipa dns-update-system-records` command should be enhanced so that it will provide an option to change format of its output to such which can then be directly consumed by nsupdate command both as file and standard input. The directives should update external DNS system to match IPA cofiguration.

Goal is to enable integration with external DNS system with minimum changes. It should be tested with both TSIG and GSS-TSIG auth metods (doesn't have to be part of the command output).

Comment 1 Martin Bašti 2017-02-15 06:22:45 EST

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/7eb2ef61905a5c6ddf04237f0aa84e7585e1186d
https://fedorahosted.org/freeipa/changeset/5bd82174233095a3cccfbbf8524622440c31b10c

Comment 8 Pavel Picka 2017-05-22 08:48 EDT

Created attachment 1281039 [details]
output

verified on ipa-server-4.5.0-9.el7.x86_64 
BIND 9.10.4-P8, w2k16

Comment 9 Martin Kosek 2017-05-26 05:40:19 EDT

Please note that Red Hat officially released public RHEL-7.4 Beta this week, as announced here:
https://www.redhat.com/en/about/blog/red-hat-enterprise-linux-74-beta-now-available

The new RHEL-7.4 release includes a lot of new IdM functionality, including this RFE. Highlights can be found in RHEL-7.4 Release Notes, especially in the Authentication & Interoperability chapter:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_authentication_and_interoperability.html

IdM Engineering team would like to encourage everyone interested in this new functionality (and especially customers or community members requesting it) to try Beta and provide us with your feedback!

Comment 10 errata-xmlrpc 2017-08-01 05:44:33 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304

Note You need to log in before you can comment on or make changes to this bug.