mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
DNS Locations: cleanup of bininstance
We don't need anymore: * sample of zone file - list of all records required by IPa will be provided * NTP related params - DNS records will be updated automatically, based on LDAP values * CA related params - DNS records will be updated automatically based * on LDAP values https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
This commit is contained in:
parent
a636842889
commit
104040cf36
@ -43,7 +43,6 @@ app_DATA = \
|
||||
kerberos.ldif \
|
||||
indices.ldif \
|
||||
bind.named.conf.template \
|
||||
bind.zone.db.template \
|
||||
certmap.conf.template \
|
||||
kdc.conf.template \
|
||||
kdc_extensions.template \
|
||||
|
@ -1,29 +0,0 @@
|
||||
$$ORIGIN $DOMAIN.
|
||||
$$TTL 86400
|
||||
@ IN SOA $DOMAIN. $ZONEMGR (
|
||||
01 ; serial
|
||||
3H ; refresh
|
||||
15M ; retry
|
||||
1W ; expiry
|
||||
1D ) ; minimum
|
||||
|
||||
IN NS $HOST
|
||||
$HOST IN A $IP
|
||||
;
|
||||
; ldap servers
|
||||
_ldap._tcp IN SRV 0 100 389 $HOST
|
||||
|
||||
;kerberos realm
|
||||
_kerberos IN TXT $REALM
|
||||
|
||||
; kerberos servers
|
||||
_kerberos._tcp IN SRV 0 100 88 $HOST
|
||||
_kerberos._udp IN SRV 0 100 88 $HOST
|
||||
_kerberos-master._tcp IN SRV 0 100 88 $HOST
|
||||
_kerberos-master._udp IN SRV 0 100 88 $HOST
|
||||
_kpasswd._tcp IN SRV 0 100 464 $HOST
|
||||
_kpasswd._udp IN SRV 0 100 464 $HOST
|
||||
$OPTIONAL_NTP
|
||||
|
||||
; CNAME for IPA CA replicas (used for CRL, OCSP)
|
||||
$IPA_CA_RECORD
|
@ -477,3 +477,12 @@ class IPASystemRecords(object):
|
||||
)
|
||||
)
|
||||
return records
|
||||
|
||||
@classmethod
|
||||
def records_list_from_zone(cls, zone_obj, sort=True):
|
||||
records = []
|
||||
for name, node in zone_obj.items():
|
||||
records.extend(IPASystemRecords.records_list_from_node(name, node))
|
||||
if sort:
|
||||
records.sort()
|
||||
return records
|
||||
|
@ -623,9 +623,9 @@ class BindInstance(service.Service):
|
||||
suffix = ipautil.dn_attribute_property('_suffix')
|
||||
|
||||
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders,
|
||||
forward_policy, ntp, reverse_zones,
|
||||
forward_policy, reverse_zones,
|
||||
named_user=constants.NAMED_USER, zonemgr=None,
|
||||
ca_configured=None, no_dnssec_validation=False):
|
||||
no_dnssec_validation=False):
|
||||
self.named_user = named_user
|
||||
self.fqdn = fqdn
|
||||
self.ip_addresses = ip_addresses
|
||||
@ -635,9 +635,7 @@ class BindInstance(service.Service):
|
||||
self.forward_policy = forward_policy
|
||||
self.host = fqdn.split(".")[0]
|
||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||
self.ntp = ntp
|
||||
self.reverse_zones = reverse_zones
|
||||
self.ca_configured = ca_configured
|
||||
self.no_dnssec_validation=no_dnssec_validation
|
||||
|
||||
if not zonemgr:
|
||||
@ -666,12 +664,17 @@ class BindInstance(service.Service):
|
||||
def host_in_default_domain(self):
|
||||
return normalize_zone(self.host_domain) == normalize_zone(self.domain)
|
||||
|
||||
def create_sample_bind_zone(self):
|
||||
bind_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.zone.db.template", self.sub_dict)
|
||||
[bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.")
|
||||
os.write(bind_fd, bind_txt)
|
||||
os.close(bind_fd)
|
||||
print("Sample zone file for bind has been created in "+bind_name)
|
||||
def create_file_with_system_records(self):
|
||||
system_records = IPASystemRecords(self.api)
|
||||
text = u'\n'.join(
|
||||
IPASystemRecords.records_list_from_zone(
|
||||
system_records.get_base_records()
|
||||
)
|
||||
)
|
||||
[fd, name] = tempfile.mkstemp(".db","ipa.system.records.")
|
||||
os.write(fd, text)
|
||||
os.close(fd)
|
||||
print("Please add records in this file to your DNS system:", name)
|
||||
|
||||
def create_instance(self):
|
||||
|
||||
@ -761,41 +764,10 @@ class BindInstance(service.Service):
|
||||
root_logger.debug("Unable to mask named (%s)", e)
|
||||
|
||||
def __setup_sub_dict(self):
|
||||
if self.forwarders:
|
||||
fwds = "\n"
|
||||
for forwarder in self.forwarders:
|
||||
fwds += "\t\t%s;\n" % forwarder
|
||||
fwds += "\t"
|
||||
else:
|
||||
fwds = " "
|
||||
|
||||
if self.ntp:
|
||||
optional_ntp = "\n;ntp server\n"
|
||||
optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" % self.host_in_rr
|
||||
else:
|
||||
optional_ntp = ""
|
||||
|
||||
ipa_ca = ""
|
||||
for addr in self.ip_addresses:
|
||||
if addr.version in (4, 6):
|
||||
ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % (
|
||||
IPA_CA_RECORD,
|
||||
"A" if addr.version == 4 else "AAAA",
|
||||
str(addr))
|
||||
|
||||
self.sub_dict = dict(
|
||||
FQDN=self.fqdn,
|
||||
IP=[str(ip) for ip in self.ip_addresses],
|
||||
DOMAIN=self.domain,
|
||||
HOST=self.host,
|
||||
REALM=self.realm,
|
||||
SERVER_ID=installutils.realm_to_serverid(self.realm),
|
||||
FORWARDERS=fwds,
|
||||
FORWARD_POLICY=self.forward_policy,
|
||||
SUFFIX=self.suffix,
|
||||
OPTIONAL_NTP=optional_ntp,
|
||||
ZONEMGR=self.zonemgr,
|
||||
IPA_CA_RECORD=ipa_ca,
|
||||
BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
|
||||
MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
|
||||
ROOT_KEY=paths.NAMED_ROOT_KEY,
|
||||
@ -1026,16 +998,14 @@ class BindInstance(service.Service):
|
||||
ipautil.run([paths.GENERATE_RNDC_KEY])
|
||||
|
||||
def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
|
||||
reverse_zones, ntp=False, ca_configured=None):
|
||||
reverse_zones):
|
||||
self.fqdn = fqdn
|
||||
self.ip_addresses = ip_addresses
|
||||
self.realm = realm_name
|
||||
self.domain = domain_name
|
||||
self.host = fqdn.split(".")[0]
|
||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||
self.ntp = ntp
|
||||
self.reverse_zones = reverse_zones
|
||||
self.ca_configured = ca_configured
|
||||
self.first_instance = False
|
||||
self.zonemgr = 'hostmaster.%s' % self.domain
|
||||
|
||||
|
@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api):
|
||||
bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
|
||||
autobind=AUTOBIND_ENABLED)
|
||||
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
|
||||
options.forwarders, options.forward_policy, conf_ntp,
|
||||
options.forwarders, options.forward_policy,
|
||||
reverse_zones, zonemgr=options.zonemgr,
|
||||
no_dnssec_validation=options.no_dnssec_validation,
|
||||
ca_configured=options.setup_ca)
|
||||
no_dnssec_validation=options.no_dnssec_validation)
|
||||
|
||||
if standalone and not options.unattended:
|
||||
print("")
|
||||
|
@ -848,17 +848,17 @@ def install(installer):
|
||||
if setup_ca:
|
||||
services.knownservices['pki_tomcatd'].restart('pki-tomcat')
|
||||
|
||||
api.Backend.ldap2.connect(autobind=True)
|
||||
if options.setup_dns:
|
||||
api.Backend.ldap2.connect(autobind=True)
|
||||
dns.install(False, False, options)
|
||||
else:
|
||||
# Create a BIND instance
|
||||
bind = bindinstance.BindInstance(fstore, dm_password)
|
||||
bind.setup(host_name, ip_addresses, realm_name,
|
||||
domain_name, (), 'first', not options.no_ntp, (),
|
||||
zonemgr=options.zonemgr, ca_configured=setup_ca,
|
||||
domain_name, (), 'first', (),
|
||||
zonemgr=options.zonemgr,
|
||||
no_dnssec_validation=options.no_dnssec_validation)
|
||||
bind.create_sample_bind_zone()
|
||||
bind.create_file_with_system_records()
|
||||
|
||||
# Restart httpd to pick up the new IPA configuration
|
||||
service.print_msg("Restarting the web server")
|
||||
|
@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api):
|
||||
str(ip),
|
||||
config.realm_name,
|
||||
config.domain_name,
|
||||
reverse_zone,
|
||||
not options.no_ntp,
|
||||
options.setup_ca)
|
||||
reverse_zone)
|
||||
except errors.NotFound as e:
|
||||
root_logger.debug('Replica DNS records could not be added '
|
||||
'on master: %s', str(e))
|
||||
|
Loading…
Reference in New Issue
Block a user