DNS Locations: use dns_update_service_records in installers

use the dns_update_system_records command to set proper DNS records

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Basti 2016-06-12 18:05:48 +02:00
parent e23159596e
commit 45a9326574
7 changed files with 45 additions and 120 deletions

View File

@ -286,7 +286,7 @@ def del_master(realm, hostname, options):
if bindinstance.dns_container_exists(options.host, api.env.basedn,
dm_password=options.dirman_passwd):
bind = bindinstance.BindInstance()
bind.remove_ipa_ca_dns_records(hostname, realm.lower())
bind.update_system_records()
except Exception as e:
print("Failed to cleanup %s DNS entries: %s" % (hostname, e))
print("You may need to manually remove them from the tree")

View File

@ -898,7 +898,6 @@ def cleanup_server_dns_entries(realm, hostname, suffix, options):
dm_password=options.dirman_passwd):
bind = bindinstance.BindInstance()
bind.remove_master_dns_records(hostname, realm, realm.lower())
bind.remove_ipa_ca_dns_records(hostname, realm.lower())
bind.remove_server_ns_records(hostname)
keysyncd = dnskeysyncinstance.DNSKeySyncInstance()

View File

@ -30,6 +30,10 @@ import time
import ldap
import six
from ipaserver.dns_data_management import (
IPASystemRecords,
IPADomainIsNotManagedByIPAError,
)
from ipaserver.install import installutils
from ipaserver.install import service
from ipaserver.install import sysupgrade
@ -692,7 +696,6 @@ class BindInstance(service.Service):
self.step("setting up records for other masters", self.__add_others)
# all zones must be created before this step
self.step("adding NS record to the zones", self.__add_self_ns)
self.step("setting up CA record", self.__add_ipa_ca_record)
self.step("setting up kerberos principal", self.__setup_principal)
self.step("setting up named.conf", self.__setup_named_conf)
@ -858,15 +861,7 @@ class BindInstance(service.Service):
else:
host_in_rr = normalize_zone(fqdn)
srv_records = (
("_ldap._tcp", "0 100 389 %s" % host_in_rr),
("_kerberos._tcp", "0 100 88 %s" % host_in_rr),
("_kerberos._udp", "0 100 88 %s" % host_in_rr),
("_kerberos-master._tcp", "0 100 88 %s" % host_in_rr),
("_kerberos-master._udp", "0 100 88 %s" % host_in_rr),
("_kpasswd._tcp", "0 100 464 %s" % host_in_rr),
("_kpasswd._udp", "0 100 464 %s" % host_in_rr),
)
srv_records = ()
if self.ntp:
srv_records += (
("_ntp._udp", "0 100 123 %s" % host_in_rr),
@ -916,63 +911,6 @@ class BindInstance(service.Service):
root_logger.debug("Adding DNS records for master %s" % fqdn)
self.__add_master_records(fqdn, addrs)
def __add_ipa_ca_records(self, fqdn, addrs, ca_configured):
if ca_configured is False:
root_logger.debug("CA is not configured")
return
elif ca_configured is None:
# we do not know if CA is configured for this host and we can
# add the CA record. So we need to find out
root_logger.debug("Check if CA is enabled for this host")
base_dn = DN(('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'),
('cn', 'etc'), self.api.env.basedn)
ldap_filter = '(&(objectClass=ipaConfigObject)(cn=CA))'
try:
self.api.Backend.ldap2.find_entries(filter=ldap_filter, base_dn=base_dn)
except ipalib.errors.NotFound:
root_logger.debug("CA is not configured")
return
else:
root_logger.debug("CA is configured for this host")
try:
for addr in addrs:
add_fwd_rr(self.domain, IPA_CA_RECORD, addr, api=self.api)
except errors.ValidationError:
# there is a CNAME record in ipa-ca, we can't add A/AAAA records
pass
def __add_ipa_ca_record(self):
self.__add_ipa_ca_records(self.fqdn, self.ip_addresses,
self.ca_configured)
if self.first_instance:
ldap = self.api.Backend.ldap2
try:
entries = ldap.get_entries(
DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
self.api.env.basedn),
ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))',
['dn'])
except errors.NotFound:
root_logger.debug('No server with CA found')
entries = []
for entry in entries:
fqdn = entry.dn[1]['cn']
if fqdn == self.fqdn:
continue
host, zone = fqdn.split('.', 1)
if dns_zone_exists(zone, self.api):
addrs = get_fwd_rr(zone, host, api=self.api)
else:
addrs = dnsutil.resolve_ip_addresses(fqdn)
# hack, will go away with locations
addrs = [str(addr) for addr in addrs]
self.__add_ipa_ca_records(fqdn, addrs, True)
def __setup_principal(self):
dns_principal = "DNS/" + self.fqdn + "@" + self.realm
installutils.kadmin_addprinc(dns_principal)
@ -1088,28 +1026,14 @@ class BindInstance(service.Service):
self.zonemgr = 'hostmaster.%s' % self.domain
self.__add_self()
self.__add_ipa_ca_record()
def add_ipa_ca_dns_records(self, fqdn, domain_name, ca_configured=True):
host, zone = fqdn.split(".", 1)
if dns_zone_exists(zone, self.api):
addrs = get_fwd_rr(zone, host, api=self.api)
else:
addrs = dnsutil.resolve_ip_addresses(fqdn)
# hack, will go away with locations
addrs = [str(addr) for addr in addrs]
self.domain = domain_name
self.__add_ipa_ca_records(fqdn, addrs, ca_configured)
def convert_ipa_ca_cnames(self, domain_name):
def remove_ipa_ca_cnames(self, domain_name):
# get ipa-ca CNAMEs
cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME", api=self.api)
if not cnames:
return
root_logger.info('Converting IPA CA CNAME records to A/AAAA records')
root_logger.info('Removing IPA CA CNAME records')
# create CNAME to FQDN mapping
cname_fqdn = {}
@ -1136,34 +1060,21 @@ class BindInstance(service.Service):
fqdn = cname_fqdn[cname]
if fqdn not in masters:
root_logger.warning(
"Cannot convert IPA CA CNAME records to A/AAAA records, "
"please convert them manually if necessary")
"Cannot remove IPA CA CNAME please remove them manually "
"if necessary")
return
# delete all CNAMEs
for cname in cnames:
del_rr(domain_name, IPA_CA_RECORD, "CNAME", cname, api=self.api)
# add A/AAAA records
for cname in cnames:
fqdn = cname_fqdn[cname]
self.add_ipa_ca_dns_records(fqdn, domain_name, None)
def remove_master_dns_records(self, fqdn, realm_name, domain_name):
host, zone = fqdn.split(".", 1)
self.host = host
self.fqdn = fqdn
self.domain = domain_name
suffix = ipautil.realm_to_suffix(realm_name)
resource_records = (
("_ldap._tcp", "SRV", "0 100 389 %s" % self.host_in_rr),
("_kerberos._tcp", "SRV", "0 100 88 %s" % self.host_in_rr),
("_kerberos._udp", "SRV", "0 100 88 %s" % self.host_in_rr),
("_kerberos-master._tcp", "SRV", "0 100 88 %s" % self.host_in_rr),
("_kerberos-master._udp", "SRV", "0 100 88 %s" % self.host_in_rr),
("_kpasswd._tcp", "SRV", "0 100 464 %s" % self.host_in_rr),
("_kpasswd._udp", "SRV", "0 100 464 %s" % self.host_in_rr),
("_ntp._udp", "SRV", "0 100 123 %s" % self.host_in_rr),
)
@ -1179,18 +1090,7 @@ class BindInstance(service.Service):
record = get_reverse_record_name(rzone, rdata)
del_rr(rzone, record, "PTR", normalize_zone(fqdn),
api=self.api)
def remove_ipa_ca_dns_records(self, fqdn, domain_name):
host, zone = fqdn.split(".", 1)
if dns_zone_exists(zone, self.api):
addrs = get_fwd_rr(zone, host, api=self.api)
else:
addrs = dnsutil.resolve_ip_addresses(fqdn)
# hack, will go away with locations
addrs = [str(addr) for addr in addrs]
for addr in addrs:
del_fwd_rr(domain_name, IPA_CA_RECORD, addr, api=self.api)
self.update_system_records()
def remove_server_ns_records(self, fqdn):
"""
@ -1224,6 +1124,28 @@ class BindInstance(service.Service):
root_logger.debug("record %s in zone %s", record, zone)
del_ns_rr(zone, record, ns_rdata, api=self.api)
def update_system_records(self):
self.print_msg("Updating DNS system records")
system_records = IPASystemRecords(self.api)
try:
(
(_ipa_rec, failed_ipa_rec),
(_loc_rec, failed_loc_rec)
) = system_records.update_dns_records()
except IPADomainIsNotManagedByIPAError:
root_logger.error(
"IPA domain is not managed by IPA, please update records "
"manually")
else:
if failed_ipa_rec or failed_loc_rec:
root_logger.error("Update of following records failed:")
for attr in (failed_ipa_rec, failed_loc_rec):
for rname, node, error in attr:
for record, e in IPASystemRecords.records_list_from_node(
rname, node
):
root_logger.error("%s (%s)", record, e)
def check_global_configuration(self):
"""
Check global DNS configuration in LDAP server and inform user when it

View File

@ -253,7 +253,7 @@ def install_step_1(standalone, replica_config, options):
# Install CA DNS records
if bindinstance.dns_container_exists(host_name, basedn, dm_password):
bind = bindinstance.BindInstance(dm_password=dm_password)
bind.add_ipa_ca_dns_records(host_name, domain_name)
bind.update_system_records()
def uninstall():

View File

@ -359,6 +359,9 @@ def install(standalone, replica, options, api=api):
dnskeysyncd.start_dnskeysyncd()
bind.start_named()
# this must be done when bind is started and operational
bind.update_system_records()
if standalone:
print("==============================================================================")
print("Setup complete")

View File

@ -840,9 +840,11 @@ def install(installer):
if config.setup_ca:
services.knownservices['pki_tomcatd'].restart('pki-tomcat')
api.Backend.ldap2.connect(autobind=True)
if options.setup_dns:
api.Backend.ldap2.connect(autobind=True)
dns.install(False, True, options)
else:
api.Command.dns_update_system_records()
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
@ -1469,9 +1471,11 @@ def promote(installer):
server_api.bootstrap(in_server=True, context='installer')
server_api.finalize()
server_api.Backend.ldap2.connect(autobind=True)
if options.setup_dns:
server_api.Backend.ldap2.connect(autobind=True)
dns.install(False, True, options, server_api)
else:
server_api.Command.dns_update_system_records()
# Everything installed properly, activate ipa service.
services.knownservices.ipa.enable()

View File

@ -1105,12 +1105,9 @@ def add_ca_dns_records():
bind = bindinstance.BindInstance()
bind.convert_ipa_ca_cnames(api.env.domain)
bind.remove_ipa_ca_cnames(api.env.domain)
# DNS is enabled, so let bindinstance find out if CA is enabled
# and let it add the record in that case
bind.add_ipa_ca_dns_records(api.env.host, api.env.domain,
ca_configured=None)
bind.update_system_records()
sysupgrade.set_upgrade_state('dns', 'ipa_ca_records', True)