Add A and PTR records during ipa-replica-prepare

Fixes #528996
This commit is contained in:
Martin Nagy 2009-11-23 16:16:58 +01:00 committed by Rob Crittenden
parent 206d2d48fa
commit 8fd41d0434
2 changed files with 25 additions and 1 deletions

View File

@ -27,7 +27,8 @@ import krbV
from optparse import OptionParser from optparse import OptionParser
from ipapython import ipautil from ipapython import ipautil
from ipaserver.install import dsinstance, installutils, certs, httpinstance from ipaserver.install import bindinstance, dsinstance, installutils, certs, httpinstance
from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr
from ipaserver import ipaldap from ipaserver import ipaldap
from ipapython import version from ipapython import version
from ipalib import api from ipalib import api
@ -48,6 +49,8 @@ def parse_options():
help="PIN for the Apache Server PKCS#12 file") help="PIN for the Apache Server PKCS#12 file")
parser.add_option("-p", "--password", dest="password", parser.add_option("-p", "--password", dest="password",
help="Directory Manager (existing master) password") help="Directory Manager (existing master) password")
parser.add_option("--ip-address", dest="ip_address",
help="Add A and PTR records of the future replica")
options, args = parser.parse_args() options, args = parser.parse_args()
@ -206,6 +209,11 @@ def main():
api.bootstrap(in_server=True) api.bootstrap(in_server=True)
api.finalize() api.finalize()
if options.ip_address:
if not bindinstance.dns_container_exists(api.env.host, api.env.realm):
print "You can't add a DNS record because DNS is not set up."
sys.exit(1)
if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin: if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin:
sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
@ -314,6 +322,19 @@ def main():
remove_file(replicafile) remove_file(replicafile)
shutil.rmtree(dir) shutil.rmtree(dir)
if options.ip_address:
print "Adding DNS records for %s" % replica_fqdn
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dirman_password)
domain = replica_fqdn.split(".")
name = domain.pop(0)
domain = ".".join(domain)
zone = add_zone(domain)
add_rr(zone, name, "A", options.ip_address)
add_reverze_zone(options.ip_address)
add_ptr_rr(options.ip_address, replica_fqdn)
try: try:
if not os.geteuid()==0: if not os.geteuid()==0:
sys.exit("\nYou must be root to run this script.\n") sys.exit("\nYou must be root to run this script.\n")

View File

@ -42,6 +42,9 @@ The password of the Directory Server PKCS#12 file
.TP .TP
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR \fB\-\-http_pin\fR=\fIHTTP_PIN\fR
The password of the Apache Server PKCS#12 file The password of the Apache Server PKCS#12 file
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS.
.SH "EXIT STATUS" .SH "EXIT STATUS"
0 if the command was successful 0 if the command was successful