Fix reverse zone creation in ipa-replica-prepare

When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223
2025-02-25 18:55:28 -06:00 · 2011-05-27 17:05:45 +02:00
parent 58c1950566
commit 17c3f9e84e
6 changed files with 37 additions and 67 deletions
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -62,31 +62,6 @@ def parse_options():

    return safe_options, options

-def resolve_host(host_name):
-    ip = None
-    try:
-        addrinfos = socket.getaddrinfo(host_name, None,
-                                       socket.AF_UNSPEC, socket.SOCK_DGRAM)
-    except:
-        print "Unable to lookup the IP address of the provided host"
-        return None
-
-    for ai in addrinfos:
-        ip = ai[4][0]
-        if ip == "127.0.0.1" or ip == "::1":
-            print "The hostname resolves to the localhost address (127.0.0.1/::1)"
-            print "Please change your /etc/hosts file so that the hostname."
-            print "resolves to the ip address of your network interface."
-            print ""
-            print "Please fix your /etc/hosts file and restart the setup program."
-            print ""
-            sys.exit("Aborting installation.")
-
-    if addrinfos:
-        ip = addrinfos[0][4][0]
-
-    return ip
-
 def main():
    safe_options, options = parse_options()

@@ -211,6 +186,13 @@ except KeyboardInterrupt:
    print "Installation cancelled."
 except RuntimeError, e:
    print str(e)
+except HostnameLocalhost:
+    print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+    print "Please change your /etc/hosts file so that the hostname"
+    print "resolves to the ip address of your network interface."
+    print "The KDC service does not listen on localhost"
+    print ""
+    print "Please fix your /etc/hosts file and restart the setup program"
 except Exception, e:
    message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
    print message
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -30,6 +30,7 @@ from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install.replication import check_replication_plugin
+from ipaserver.install.installutils import HostnameLocalhost, resolve_host
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
 from ipalib import api, errors, util
@@ -38,9 +39,6 @@ from ipapython import sysrestore

 CACERT="/etc/ipa/ca.crt"

-class HostnameLocalhost(Exception):
-    pass
-
 class ReplicaConfig:
    def __init__(self):
        self.realm_name = ""
@@ -131,19 +129,6 @@ def get_host_name(no_host_dns):

    return hostname

-def resolve_host(host_name):
-    try:
-        addrinfos = socket.getaddrinfo(host_name, None,
-                                       socket.AF_UNSPEC, socket.SOCK_STREAM)
-        for ai in addrinfos:
-            ip = ai[4][0]
-            if ip == "127.0.0.1" or ip == "::1":
-                raise HostnameLocalhost
-
-        return addrinfos[0][4][0]
-    except:
-        return None
-
 def set_owner(config, dir):
    pw = pwd.getpwnam(dsinstance.DS_USER)
    os.chown(dir, pw.pw_uid, pw.pw_gid)
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -30,6 +30,7 @@ from ipapython import ipautil
 from ipaserver.install import bindinstance, dsinstance, installutils, certs
 from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr
 from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking
+from ipaserver.install.installutils import resolve_host
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
 from ipalib import api, errors, util
@@ -427,7 +428,8 @@ def main():

        zone = add_zone(domain, nsaddr=options.ip_address)
        add_rr(zone, name, "A", options.ip_address)
-        add_reverse_zone(options.ip_address)
+        ns_ip_address = resolve_host(api.env.host)
+        add_reverse_zone(options.ip_address, ns_ip_address)
        add_ptr_rr(options.ip_address, replica_fqdn)

 try:
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -28,7 +28,6 @@

 import sys
 import os
-import socket
 import errno
 import logging
 import grp
@@ -303,27 +302,6 @@ def read_host_name(host_default,no_host_dns=False):
            break
    return host_name

-def resolve_host(host_name):
-    ip = None
-    try:
-        addrinfos = socket.getaddrinfo(host_name, None,
-                                       socket.AF_UNSPEC, socket.SOCK_DGRAM)
-        for ai in addrinfos:
-            ip = ai[4][0]
-            if ip == "127.0.0.1" or ip == "::1":
-                print "The hostname resolves to the localhost address (127.0.0.1/::1)"
-                print "Please change your /etc/hosts file so that the hostname"
-                print "resolves to the ip address of your network interface."
-                print "The KDC service does not listen on localhost"
-                print ""
-                print "Please fix your /etc/hosts file and restart the setup program"
-                return None
-
-        ip = addrinfos[0][4][0]
-    except:
-        print "Unable to lookup the IP address of the provided host"
-    return ip
-
 def read_domain_name(domain_name, unattended):
    print "The domain name has been calculated based on the host name."
    print ""
@@ -987,6 +965,13 @@ try:
        sys.exit(main())
    except SystemExit, e:
        sys.exit(e)
+    except HostnameLocalhost:
+        print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+        print "Please change your /etc/hosts file so that the hostname"
+        print "resolves to the ip address of your network interface."
+        print "The KDC service does not listen on localhost"
+        print ""
+        print "Please fix your /etc/hosts file and restart the setup program"
    except Exception, e:
        if uninstalling:
            message = "Unexpected error - see ipaserver-uninstall.log for details:\n %s" % str(e)
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -138,7 +138,7 @@ def add_zone(name, zonemgr=None, dns_backup=None, nsaddr=None, update_policy=Non
    add_rr(name, "@", "NS", api.env.host+'.', dns_backup, force=True)
    return name

-def add_reverse_zone(ip_address, update_policy=None, dns_backup=None):
+def add_reverse_zone(ip_address, ns_ip_address, update_policy=None, dns_backup=None):
    zone, name = get_reverse_zone(ip_address)
    if not update_policy:
        update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone)
@@ -146,7 +146,7 @@ def add_reverse_zone(ip_address, update_policy=None, dns_backup=None):
        api.Command.dnszone_add(unicode(zone),
                                idnssoamname=unicode(api.env.host+"."),
                                idnsallowdynupdate=True,
-                                ip_address=unicode(ip_address),
+                                ip_address=unicode(ns_ip_address),
                                idnsupdatepolicy=unicode(update_policy))
    except (errors.DuplicateEntry, errors.EmptyModlist):
        pass
@@ -394,7 +394,8 @@ class BindInstance(service.Service):
            add_ptr_rr(self.ip_address, self.fqdn)

    def __setup_reverse_zone(self):
-        add_reverse_zone(self.ip_address, dns_backup=self.dns_backup)
+        add_reverse_zone(self.ip_address, self.ip_address,
+                dns_backup=self.dns_backup)

    def __setup_principal(self):
        dns_principal = "DNS/" + self.fqdn + "@" + self.realm
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -33,6 +33,9 @@ import time
 from ipapython import ipautil
 from ipapython import dnsclient

+class HostnameLocalhost(Exception):
+    pass
+
 def get_fqdn():
    fqdn = ""
    try:
@@ -421,3 +424,15 @@ def wait_for_open_ports(host, ports, timeout=0):
                else:
                    raise e

+def resolve_host(host_name):
+    try:
+        addrinfos = socket.getaddrinfo(host_name, None,
+                                       socket.AF_UNSPEC, socket.SOCK_STREAM)
+        for ai in addrinfos:
+            ip = ai[4][0]
+            if ip == "127.0.0.1" or ip == "::1":
+                raise HostnameLocalhost("The hostname resolves to the localhost address")
+
+        return addrinfos[0][4][0]
+    except:
+        return None