DNS Locations: cleanup of bininstance

We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided

* NTP related params - DNS records will be updated automatically,
based on LDAP values

* CA related params - DNS records will be updated automatically based
* on LDAP values

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
This commit is contained in:
Martin Basti 2016-06-23 14:50:11 +02:00
parent a636842889
commit 104040cf36
7 changed files with 30 additions and 84 deletions

View File

@ -43,7 +43,6 @@ app_DATA = \
kerberos.ldif \
indices.ldif \
bind.named.conf.template \
bind.zone.db.template \
certmap.conf.template \
kdc.conf.template \
kdc_extensions.template \

View File

@ -1,29 +0,0 @@
$$ORIGIN $DOMAIN.
$$TTL 86400
@ IN SOA $DOMAIN. $ZONEMGR (
01 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS $HOST
$HOST IN A $IP
;
; ldap servers
_ldap._tcp IN SRV 0 100 389 $HOST
;kerberos realm
_kerberos IN TXT $REALM
; kerberos servers
_kerberos._tcp IN SRV 0 100 88 $HOST
_kerberos._udp IN SRV 0 100 88 $HOST
_kerberos-master._tcp IN SRV 0 100 88 $HOST
_kerberos-master._udp IN SRV 0 100 88 $HOST
_kpasswd._tcp IN SRV 0 100 464 $HOST
_kpasswd._udp IN SRV 0 100 464 $HOST
$OPTIONAL_NTP
; CNAME for IPA CA replicas (used for CRL, OCSP)
$IPA_CA_RECORD

View File

@ -477,3 +477,12 @@ class IPASystemRecords(object):
)
)
return records
@classmethod
def records_list_from_zone(cls, zone_obj, sort=True):
records = []
for name, node in zone_obj.items():
records.extend(IPASystemRecords.records_list_from_node(name, node))
if sort:
records.sort()
return records

View File

@ -623,9 +623,9 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders,
forward_policy, ntp, reverse_zones,
forward_policy, reverse_zones,
named_user=constants.NAMED_USER, zonemgr=None,
ca_configured=None, no_dnssec_validation=False):
no_dnssec_validation=False):
self.named_user = named_user
self.fqdn = fqdn
self.ip_addresses = ip_addresses
@ -635,9 +635,7 @@ class BindInstance(service.Service):
self.forward_policy = forward_policy
self.host = fqdn.split(".")[0]
self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp
self.reverse_zones = reverse_zones
self.ca_configured = ca_configured
self.no_dnssec_validation=no_dnssec_validation
if not zonemgr:
@ -666,12 +664,17 @@ class BindInstance(service.Service):
def host_in_default_domain(self):
return normalize_zone(self.host_domain) == normalize_zone(self.domain)
def create_sample_bind_zone(self):
bind_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.zone.db.template", self.sub_dict)
[bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.")
os.write(bind_fd, bind_txt)
os.close(bind_fd)
print("Sample zone file for bind has been created in "+bind_name)
def create_file_with_system_records(self):
system_records = IPASystemRecords(self.api)
text = u'\n'.join(
IPASystemRecords.records_list_from_zone(
system_records.get_base_records()
)
)
[fd, name] = tempfile.mkstemp(".db","ipa.system.records.")
os.write(fd, text)
os.close(fd)
print("Please add records in this file to your DNS system:", name)
def create_instance(self):
@ -761,41 +764,10 @@ class BindInstance(service.Service):
root_logger.debug("Unable to mask named (%s)", e)
def __setup_sub_dict(self):
if self.forwarders:
fwds = "\n"
for forwarder in self.forwarders:
fwds += "\t\t%s;\n" % forwarder
fwds += "\t"
else:
fwds = " "
if self.ntp:
optional_ntp = "\n;ntp server\n"
optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" % self.host_in_rr
else:
optional_ntp = ""
ipa_ca = ""
for addr in self.ip_addresses:
if addr.version in (4, 6):
ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % (
IPA_CA_RECORD,
"A" if addr.version == 4 else "AAAA",
str(addr))
self.sub_dict = dict(
FQDN=self.fqdn,
IP=[str(ip) for ip in self.ip_addresses],
DOMAIN=self.domain,
HOST=self.host,
REALM=self.realm,
SERVER_ID=installutils.realm_to_serverid(self.realm),
FORWARDERS=fwds,
FORWARD_POLICY=self.forward_policy,
SUFFIX=self.suffix,
OPTIONAL_NTP=optional_ntp,
ZONEMGR=self.zonemgr,
IPA_CA_RECORD=ipa_ca,
BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
ROOT_KEY=paths.NAMED_ROOT_KEY,
@ -1026,16 +998,14 @@ class BindInstance(service.Service):
ipautil.run([paths.GENERATE_RNDC_KEY])
def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
reverse_zones, ntp=False, ca_configured=None):
reverse_zones):
self.fqdn = fqdn
self.ip_addresses = ip_addresses
self.realm = realm_name
self.domain = domain_name
self.host = fqdn.split(".")[0]
self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp
self.reverse_zones = reverse_zones
self.ca_configured = ca_configured
self.first_instance = False
self.zonemgr = 'hostmaster.%s' % self.domain

View File

@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api):
bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
autobind=AUTOBIND_ENABLED)
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
options.forwarders, options.forward_policy, conf_ntp,
options.forwarders, options.forward_policy,
reverse_zones, zonemgr=options.zonemgr,
no_dnssec_validation=options.no_dnssec_validation,
ca_configured=options.setup_ca)
no_dnssec_validation=options.no_dnssec_validation)
if standalone and not options.unattended:
print("")

View File

@ -848,17 +848,17 @@ def install(installer):
if setup_ca:
services.knownservices['pki_tomcatd'].restart('pki-tomcat')
api.Backend.ldap2.connect(autobind=True)
if options.setup_dns:
api.Backend.ldap2.connect(autobind=True)
dns.install(False, False, options)
else:
# Create a BIND instance
bind = bindinstance.BindInstance(fstore, dm_password)
bind.setup(host_name, ip_addresses, realm_name,
domain_name, (), 'first', not options.no_ntp, (),
zonemgr=options.zonemgr, ca_configured=setup_ca,
domain_name, (), 'first', (),
zonemgr=options.zonemgr,
no_dnssec_validation=options.no_dnssec_validation)
bind.create_sample_bind_zone()
bind.create_file_with_system_records()
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")

View File

@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api):
str(ip),
config.realm_name,
config.domain_name,
reverse_zone,
not options.no_ntp,
options.setup_ca)
reverse_zone)
except errors.NotFound as e:
root_logger.debug('Replica DNS records could not be added '
'on master: %s', str(e))