Add DNS service records for Windows

https://fedorahosted.org/freeipa/ticket/1939
2025-01-27 16:46:42 -06:00 · 2011-10-13 12:01:57 +02:00 · 2011-10-13 12:01:57 +02:00 · 2ac9d4816a
commit 2ac9d4816a
parent e727dc50cc
3 changed files with 64 additions and 3 deletions
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@ -45,6 +45,9 @@ def parse_options():
                      type="ip", ip_local=True, help="Master Server IP Address")
    parser.add_option("--netbios-name", dest="netbios_name",
                      help="NetBIOS name of the IPA domain")
+    parser.add_option("--no-msdcs", dest="no_msdcs", action="store_true",
+                      default=False, help="Do not create DNS service records " \
+                                          "for Windows in managed DNS server")
    parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
                      default=False, help="unattended installation never prompts the user")

@ -197,7 +200,7 @@ def main():
        api.Backend.ldap2.connect(ccache)

    smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
-              netbios_name)
+              netbios_name, options.no_msdcs)
    smb.create_instance()

    print "=============================================================================="
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@ -39,6 +39,9 @@ The IP address of the IPA server. If not provided then this is determined based
 \fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR
 The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name.
 .TP
+\fB\-\-no\-msdcs\fR
+Do not create DNS service records for Windows in managed DNS server
+.TP
 \fB\-U\fR, \fB\-\-unattended\fR
 An unattended installation that will never prompt for user input
 .SH "EXIT STATUS"
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@ -25,7 +25,9 @@ import tempfile
 import installutils
 from ipaserver import ipaldap
 from ipaserver.install.dsinstance import realm_to_serverid
-from ipalib import errors
+from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \
+                                           dns_zone_exists
+from ipalib import errors, api
 from ipapython import sysrestore
 from ipapython import ipautil
 from ipapython.ipa_log_manager import *
@ -245,6 +247,56 @@ class ADTRUSTInstance(service.Service):
        except ipautil.CalledProcessError, e:
            root_logger.critical("Failed to add key for %s" % cifs_principal)

+    def __add_dns_service_records(self):
+        """
+        Add DNS service records for Windows if DNS is enabled and the DNS zone
+        is managed. If there are already service records for LDAP and Kerberos
+        their values are used. Otherwise default values are used.
+        """
+
+        zone = self.domain_name
+        host = self.fqdn.split(".")[0]
+
+        ipa_srv_rec = (
+            ("_ldap._tcp", ["0 100 389 %s" % host]),
+            ("_kerberos._tcp", ["0 100 88 %s" % host]),
+            ("_kerberos._udp", ["0 100 88 %s" % host])
+        )
+        win_srv_suffix = (".Default-First-Site-Name._sites.dc._msdcs",
+                          ".dc._msdcs")
+
+        err_msg = None
+        ret = api.Command.dns_is_enabled()
+        if not ret['result']:
+            err_msg = "DNS management was not enabled at install time."
+        else:
+            if not dns_zone_exists(zone):
+                err_msg = "DNS zone %s cannot be managed " \
+                          "as it is not defined in IPA" % zone
+
+        if err_msg:
+            print err_msg
+            print "Add the following service records to your DNS server " \
+                  "for DNS zone %s: " % zone
+            for (srv, rdata) in ipa_srv_rec:
+                for suff in win_srv_suffix:
+                    print " - %s%s"  % (srv, suff)
+            return
+
+        for (srv, rdata) in ipa_srv_rec:
+            ipa_rdata = get_rr(zone, srv, "SRV")
+            if not ipa_rdata:
+                ipa_rdata = rdata
+
+            for suff in win_srv_suffix:
+                win_srv = srv+suff
+                win_rdata = get_rr(zone, win_srv, "SRV")
+                if win_rdata:
+                    for rec in win_rdata:
+                        del_rr(zone, win_srv, "SRV", rec)
+                for rec in ipa_rdata:
+                    add_rr(zone, win_srv, "SRV", rec)
+
    def __start(self):
        try:
            self.start()
@ -277,12 +329,13 @@ class ADTRUSTInstance(service.Service):
                             LDAPI_SOCKET = self.ldapi_socket)

    def setup(self, fqdn, ip_address, realm_name, domain_name, netbios_name,
-              smbd_user="samba"):
+              no_msdcs=False, smbd_user="samba"):
        self.fqdn =fqdn
        self.ip_address = ip_address
        self.realm_name = realm_name
        self.domain_name = domain_name
        self.netbios_name = netbios_name
+        self.no_msdcs = no_msdcs
        self.smbd_user = smbd_user
        self.suffix = ipautil.realm_to_suffix(self.realm_name)
        self.ldapi_socket = "%%2fvar%%2frun%%2fslapd-%s.socket" % realm_to_serverid(self.realm_name)
@ -311,6 +364,8 @@ class ADTRUSTInstance(service.Service):
        self.step("Adding cifs Kerberos principal", self.__setup_principal)
        self.step("Adding admin(group) SIDs", self.__add_admin_sids)
        self.step("configuring smbd to start on boot", self.__enable)
+        if not self.no_msdcs:
+            self.step("adding special DNS service records", self.__add_dns_service_records)
        self.step("starting smbd", self.__start)

        self.start_creation("Configuring smbd:")