mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
wintest: Rework support for the internal DNS server
We still have to run BIND, the change is if BIND is run to support our own zone, or if we forward to as well as to windows. This also adapts to the new defaults. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
fee75752fb
commit
ee4d1c4062
@ -16,11 +16,17 @@ VM_RESET : virsh reboot ${VMNAME}
|
||||
|
||||
# interfaces to create
|
||||
INTERFACE : virbr0:0
|
||||
NAMED_INTERFACE : virbr0:1
|
||||
|
||||
# this is an additional IP that will be used for named to listen
|
||||
# on. It should not be the primary IP of the interface
|
||||
INTERFACE_IP : 192.168.122.2
|
||||
INTERFACE_NET : 192.168.122.2/24
|
||||
# on. It should not be the primary IP of the interface. We need one
|
||||
# for BIND (which redirects to the other hosts) and one for Samba,
|
||||
# which might be running our own DNS
|
||||
|
||||
INTERFACE_IP : 192.168.122.3
|
||||
INTERFACE_NET : 192.168.122.3/24
|
||||
NAMED_INTERFACE_IP : 192.168.122.2
|
||||
NAMED_INTERFACE_NET : 192.168.122.2/24
|
||||
|
||||
# how to run bind9
|
||||
BIND9 : /usr/sbin/named
|
||||
|
@ -40,8 +40,6 @@ def provision_s4(t, func_level="2008"):
|
||||
'--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
|
||||
'${USE_NTVFS}',
|
||||
'--dns-backend=${NAMESERVER_BACKEND}',
|
||||
'${ALLOW_DNS_UPDATES}',
|
||||
'${DNS_RECURSIVE_QUERIES}',
|
||||
'${DNS_FORWARDER}']
|
||||
if t.getvar('INTERFACE_IPV6'):
|
||||
provision.append('--host-ip6=${INTERFACE_IPV6}')
|
||||
@ -191,7 +189,7 @@ def test_dcpromo(t, vm):
|
||||
smbclient = t.getvar("smbclient")
|
||||
t.chdir('${PREFIX}')
|
||||
t.port_wait("${WIN_IP}", 139)
|
||||
t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
|
||||
t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}",
|
||||
['${WIN_HOSTNAME}.${LCREALM} has address'],
|
||||
retries=30, delay=10, casefold=True)
|
||||
t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
|
||||
@ -567,11 +565,10 @@ def test_howto(t):
|
||||
# we don't need fsync safety in these tests
|
||||
t.putenv('TDB_NO_FSYNC', '1')
|
||||
|
||||
if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
|
||||
if not t.skip("configure_bind"):
|
||||
t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
|
||||
if not t.skip("stop_bind"):
|
||||
t.stop_bind()
|
||||
if not t.skip("configure_bind"):
|
||||
t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
|
||||
if not t.skip("stop_bind"):
|
||||
t.stop_bind()
|
||||
|
||||
if not t.skip("stop_vms"):
|
||||
t.stop_vms()
|
||||
@ -592,13 +589,10 @@ def test_howto(t):
|
||||
if not t.skip("smbclient"):
|
||||
test_smbclient(t)
|
||||
|
||||
t.set_nameserver(t.getvar('INTERFACE_IP'))
|
||||
|
||||
if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
|
||||
if not t.skip("configure_bind2"):
|
||||
t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
|
||||
if not t.skip("start_bind"):
|
||||
t.start_bind()
|
||||
if not t.skip("configure_bind2"):
|
||||
t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
|
||||
if not t.skip("start_bind"):
|
||||
t.start_bind()
|
||||
|
||||
if not t.skip("dns"):
|
||||
test_dns(t)
|
||||
|
@ -26,6 +26,11 @@ class wintest():
|
||||
self.run_cmd('ifconfig ${INTERFACE} inet6 del ${INTERFACE_IPV6}/64', checkfail=False)
|
||||
self.run_cmd('ifconfig ${INTERFACE} inet6 add ${INTERFACE_IPV6}/64 up')
|
||||
|
||||
self.run_cmd('ifconfig ${NAMED_INTERFACE} ${NAMED_INTERFACE_NET} up')
|
||||
if self.getvar('NAMED_INTERFACE_IPV6'):
|
||||
self.run_cmd('ifconfig ${NAMED_INTERFACE} inet6 del ${NAMED_INTERFACE_IPV6}/64', checkfail=False)
|
||||
self.run_cmd('ifconfig ${NAMED_INTERFACE} inet6 add ${NAMED_INTERFACE_IPV6}/64 up')
|
||||
|
||||
def stop_vms(self):
|
||||
'''Shut down any existing alive VMs, so they do not collide with what we are doing'''
|
||||
self.info('Shutting down any of our VMs already running')
|
||||
@ -325,15 +330,15 @@ nameserver %s
|
||||
def configure_bind(self, kerberos_support=False, include=None):
|
||||
self.chdir('${PREFIX}')
|
||||
|
||||
if self.getvar('INTERFACE_IPV6'):
|
||||
ipv6_listen = 'listen-on-v6 port 53 { ${INTERFACE_IPV6}; };'
|
||||
if self.getvar('NAMED_INTERFACE_IPV6'):
|
||||
ipv6_listen = 'listen-on-v6 port 53 { ${NAMED_INTERFACE_IPV6}; };'
|
||||
else:
|
||||
ipv6_listen = ''
|
||||
self.setvar('BIND_LISTEN_IPV6', ipv6_listen)
|
||||
|
||||
if not kerberos_support:
|
||||
self.setvar("NAMED_TKEY_OPTION", "")
|
||||
else:
|
||||
elif self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
|
||||
if self.named_supports_gssapi_keytab():
|
||||
self.setvar("NAMED_TKEY_OPTION",
|
||||
'tkey-gssapi-keytab "${PREFIX}/private/dns.keytab";')
|
||||
@ -345,8 +350,10 @@ nameserver %s
|
||||
''')
|
||||
self.putenv('KEYTAB_FILE', '${PREFIX}/private/dns.keytab')
|
||||
self.putenv('KRB5_KTNAME', '${PREFIX}/private/dns.keytab')
|
||||
else:
|
||||
self.setvar("NAMED_TKEY_OPTION", "")
|
||||
|
||||
if include:
|
||||
if include and self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
|
||||
self.setvar("NAMED_INCLUDE", 'include "%s";' % include)
|
||||
else:
|
||||
self.setvar("NAMED_INCLUDE", '')
|
||||
@ -355,7 +362,7 @@ nameserver %s
|
||||
|
||||
self.write_file("etc/named.conf", '''
|
||||
options {
|
||||
listen-on port 53 { ${INTERFACE_IP}; };
|
||||
listen-on port 53 { ${NAMED_INTERFACE_IP}; };
|
||||
${BIND_LISTEN_IPV6}
|
||||
directory "${PREFIX}/var/named";
|
||||
dump-file "${PREFIX}/var/named/data/cache_dump.db";
|
||||
@ -381,15 +388,30 @@ key "rndc-key" {
|
||||
};
|
||||
|
||||
controls {
|
||||
inet ${INTERFACE_IP} port 953
|
||||
inet ${NAMED_INTERFACE_IP} port 953
|
||||
allow { any; } keys { "rndc-key"; };
|
||||
};
|
||||
|
||||
${NAMED_INCLUDE}
|
||||
''')
|
||||
|
||||
if self.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
|
||||
self.write_file('etc/named.conf',
|
||||
'''
|
||||
zone "%s" IN {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders {
|
||||
%s;
|
||||
};
|
||||
};
|
||||
''' % (self.getvar('LCREALM'), self.getvar('INTERFACE_IP')),
|
||||
mode='a')
|
||||
|
||||
|
||||
# add forwarding for the windows domains
|
||||
domains = self.get_domains()
|
||||
|
||||
for d in domains:
|
||||
self.write_file('etc/named.conf',
|
||||
'''
|
||||
@ -413,7 +435,7 @@ key "rndc-key" {
|
||||
|
||||
options {
|
||||
default-key "rndc-key";
|
||||
default-server ${INTERFACE_IP};
|
||||
default-server ${NAMED_INTERFACE_IP};
|
||||
default-port 953;
|
||||
};
|
||||
''')
|
||||
@ -422,7 +444,7 @@ options {
|
||||
def stop_bind(self):
|
||||
'''Stop our private BIND from listening and operating'''
|
||||
self.rndc_cmd("stop", checkfail=False)
|
||||
self.port_wait("${INTERFACE_IP}", 53, wait_for_fail=True)
|
||||
self.port_wait("${NAMED_INTERFACE_IP}", 53, wait_for_fail=True)
|
||||
|
||||
self.run_cmd("rm -rf var/named")
|
||||
|
||||
@ -432,12 +454,14 @@ options {
|
||||
self.info("Restarting bind9")
|
||||
self.chdir('${PREFIX}')
|
||||
|
||||
self.set_nameserver(self.getvar('NAMED_INTERFACE_IP'))
|
||||
|
||||
self.run_cmd("mkdir -p var/named/data")
|
||||
self.run_cmd("chown -R ${BIND_USER} var/named")
|
||||
|
||||
self.bind_child = self.run_child("${BIND9} -u ${BIND_USER} -n 1 -c ${PREFIX}/etc/named.conf -g")
|
||||
|
||||
self.port_wait("${INTERFACE_IP}", 53)
|
||||
self.port_wait("${NAMED_INTERFACE_IP}", 53)
|
||||
self.rndc_cmd("flush")
|
||||
|
||||
def restart_bind(self, kerberos_support=False, include=None):
|
||||
@ -598,7 +622,7 @@ options {
|
||||
child.expect("C:")
|
||||
|
||||
def set_dns(self, child):
|
||||
child.sendline('netsh interface ip set dns "${WIN_NIC}" static ${INTERFACE_IP} primary')
|
||||
child.sendline('netsh interface ip set dns "${WIN_NIC}" static ${NAMED_INTERFACE_IP} primary')
|
||||
i = child.expect(['C:', pexpect.EOF, pexpect.TIMEOUT], timeout=5)
|
||||
if i > 0:
|
||||
return True
|
||||
@ -918,7 +942,7 @@ RebootOnCompletion=No
|
||||
self.load_config(self.opts.conf)
|
||||
|
||||
nameserver = self.get_nameserver()
|
||||
if nameserver == self.getvar('INTERFACE_IP'):
|
||||
if nameserver == self.getvar('NAMED_INTERFACE_IP'):
|
||||
raise RuntimeError("old /etc/resolv.conf must not contain %s as a nameserver, this will create loops with the generated dns configuration" % nameserver)
|
||||
self.setvar('DNSSERVER', nameserver)
|
||||
|
||||
@ -951,12 +975,4 @@ RebootOnCompletion=No
|
||||
|
||||
self.setvar('NAMESERVER_BACKEND', self.opts.dns_backend)
|
||||
|
||||
if self.opts.dns_backend == 'SAMBA_INTERNAL':
|
||||
self.setvar('ALLOW_DNS_UPDATES', '')
|
||||
# we need recursive queries, since host expects answers with RA-bit
|
||||
self.setvar('DNS_RECURSIVE_QUERIES', '--option="dns recursive queries=Yes"')
|
||||
self.setvar('DNS_FORWARDER', '--option="dns forwarder=%s"' % nameserver)
|
||||
else:
|
||||
self.setvar('ALLOW_DNS_UPDATES', '')
|
||||
self.setvar('DNS_RECURSIVE_QUERIES', '')
|
||||
self.setvar('DNS_FORWARDER', '')
|
||||
self.setvar('DNS_FORWARDER', "--option=dns forwarder=%s" % nameserver)
|
||||
|
Loading…
Reference in New Issue
Block a user