Merge pull request #361 from sdodson/bz1162052

sdodson · sdodson · commit 4a8aba506783 · 2014-12-10T14:40:40.000-05:00
Fix GSS-TSIG nsupdate
diff --git a/manifests/plugins/dns/nsupdate.pp b/manifests/plugins/dns/nsupdate.pp
@@ -29,8 +29,8 @@
     warning "Use the last field in the generated key file /var/named/K${openshift_origin::domain}*.key"
     fail 'bind_key is required.'
   }
-  if !$::openshift_origin::bind_krb_principal == '' and $::openshift_origin::bind_krb_keytab == '' {
-    warning "Kerberos keytab for the DNS service was not found. Please generate a keytab for DNS/${::openshift_origin::nameserver_fqdn}"
+  if $::openshift_origin::bind_krb_principal != '' and $::openshift_origin::bind_krb_keytab == '' {
+    warning "Kerberos keytab for the DNS service was not set. Please generate a keytab for DNS/${::openshift_origin::nameserver_fqdn} and provide a path for the keytab."
     fail 'bind_krb_keytab is required.'
   }
 
@@ -41,7 +41,7 @@
     ],
   }
 
-  if !$::openshift_origin::bind_krb_principal == '' {
+  if $::openshift_origin::bind_krb_principal != '' {
     file { 'broker-dns-keytab':
       ensure  => present,
       path    => $::openshift_origin::bind_krb_keytab,
diff --git a/manifests/register_dns.pp b/manifests/register_dns.pp
@@ -13,7 +13,7 @@
 #  limitations under the License.
 #
 class openshift_origin::register_dns {
-  if $::openshift_origin::register_host_with_nameserver {
+  if $::openshift_origin::register_host_with_nameserver and $::openshift_origin::bind_krb_principal == '' {
     if $::fqdn != 'localhost' {
       package { 'bind-utils' :
           ensure  => present,
@@ -47,5 +47,9 @@
         require  => Package['bind-utils'],
       }
     }
+  } elsif $::openshift_origin::register_host_with_nameserver and $::openshift_origin::bind_krb_principal != '' {
+    warning "You cannot use register_host_with_nameserver when using GSS-TSIG DNS updates"
+    fail "You cannot use register_host_with_nameserver when using GSS-TSIG DNS updates"
   }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,8 @@`
`29`	`29`	`warning "Use the last field in the generated key file /var/named/K${openshift_origin::domain}*.key"`
`30`	`30`	`fail 'bind_key is required.'`
`31`	`31`	`}`
`32`		`- if !$::openshift_origin::bind_krb_principal == '' and $::openshift_origin::bind_krb_keytab == '' {`
`33`		`- warning "Kerberos keytab for the DNS service was not found. Please generate a keytab for DNS/${::openshift_origin::nameserver_fqdn}"`
	`32`	`+ if $::openshift_origin::bind_krb_principal != '' and $::openshift_origin::bind_krb_keytab == '' {`
	`33`	`+ warning "Kerberos keytab for the DNS service was not set. Please generate a keytab for DNS/${::openshift_origin::nameserver_fqdn} and provide a path for the keytab."`
`34`	`34`	`fail 'bind_krb_keytab is required.'`
`35`	`35`	`}`
`36`	`36`
`@@ -41,7 +41,7 @@`
`41`	`41`	`],`
`42`	`42`	`}`
`43`	`43`
`44`		`- if !$::openshift_origin::bind_krb_principal == '' {`
	`44`	`+ if $::openshift_origin::bind_krb_principal != '' {`
`45`	`45`	`file { 'broker-dns-keytab':`
`46`	`46`	`ensure => present,`
`47`	`47`	`path => $::openshift_origin::bind_krb_keytab,`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`# limitations under the License.`
`14`	`14`	`#`
`15`	`15`	`class openshift_origin::register_dns {`
`16`		`- if $::openshift_origin::register_host_with_nameserver {`
	`16`	`+ if $::openshift_origin::register_host_with_nameserver and $::openshift_origin::bind_krb_principal == '' {`
`17`	`17`	`if $::fqdn != 'localhost' {`
`18`	`18`	`package { 'bind-utils' :`
`19`	`19`	`ensure => present,`
`@@ -47,5 +47,9 @@`
`47`	`47`	`require => Package['bind-utils'],`
`48`	`48`	`}`
`49`	`49`	`}`
	`50`	`+ } elsif $::openshift_origin::register_host_with_nameserver and $::openshift_origin::bind_krb_principal != '' {`
	`51`	`+ warning "You cannot use register_host_with_nameserver when using GSS-TSIG DNS updates"`
	`52`	`+ fail "You cannot use register_host_with_nameserver when using GSS-TSIG DNS updates"`
`50`	`53`	`}`
	`54`	`+`
`51`	`55`	`}`