IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 08:06:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

DNS Locations: dnsserver: use the newer config way in installer

Browse Source 
Store some parts of DNS configuration in LDAP tree instead of named.conf

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Basti 2016-06-13 20:38:00 +02:00
parent 52590d6fa5
commit 08265f1e92
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/share/bind.named.conf.template
View File

@ -8,9 +8,6 @@ options {
statistics-file "data/named_stats.txt"; statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt"; memstatistics-file "data/named_mem_stats.txt";
forward $FORWARD_POLICY;
forwarders {$FORWARDERS};
// Any host is permitted to issue recursive queries // Any host is permitted to issue recursive queries
allow-recursion { any; }; allow-recursion { any; };
@ -50,7 +47,6 @@ dynamic-db "ipa" {
library "ldap.so"; library "ldap.so";
arg "uri ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket"; arg "uri ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
arg "base cn=dns, $SUFFIX"; arg "base cn=dns, $SUFFIX";
arg "fake_mname $FQDN.";
arg "server_id $FQDN"; arg "server_id $FQDN";
arg "auth_method sasl"; arg "auth_method sasl";
arg "sasl_mech GSSAPI"; arg "sasl_mech GSSAPI";

23
ipaserver/install/bindinstance.py
View File

@ -40,6 +40,7 @@ from ipaserver.install import sysupgrade
from ipaserver.install.cainstance import IPA_CA_RECORD from ipaserver.install.cainstance import IPA_CA_RECORD
from ipapython import sysrestore, ipautil, ipaldap from ipapython import sysrestore, ipautil, ipaldap
from ipapython import dnsutil from ipapython import dnsutil
from ipapython.dnsutil import DNSName
from ipapython.ipa_log_manager import root_logger from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN from ipapython.dn import DN
import ipalib import ipalib
@ -699,6 +700,8 @@ class BindInstance(service.Service):
self.step("setting up kerberos principal", self.__setup_principal) self.step("setting up kerberos principal", self.__setup_principal)
self.step("setting up named.conf", self.__setup_named_conf) self.step("setting up named.conf", self.__setup_named_conf)
self.step("setting up server configuration",
self.__setup_server_configuration)
# named has to be started after softhsm initialization # named has to be started after softhsm initialization
# self.step("restarting named", self.__start) # self.step("restarting named", self.__start)
@ -983,6 +986,26 @@ class BindInstance(service.Service):
'forward_policy_conflict_with_empty_zones_handled', True 'forward_policy_conflict_with_empty_zones_handled', True
) )
def __setup_server_configuration(self):
try:
self.api.Command.dnsserver_add(
self.fqdn, idnssoamname=DNSName(self.fqdn).make_absolute(),
)
except errors.DuplicateEntry:
# probably reinstallation of DNS
pass
try:
self.api.Command.dnsserver_mod(
self.fqdn,
idnsforwarders=[unicode(f) for f in self.forwarders],
idnsforwardpolicy=unicode(self.forward_policy)
)
except errors.EmptyModlist:
pass
sysupgrade.set_upgrade_state('dns', 'server_config_to_ldap', True)
def __setup_resolv_conf(self): def __setup_resolv_conf(self):
if not self.fstore.has_file(RESOLV_CONF): if not self.fstore.has_file(RESOLV_CONF):
self.fstore.backup_file(RESOLV_CONF) self.fstore.backup_file(RESOLV_CONF)