IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Detect and configure all usable IP addresses.

Browse Source 
Find, verify and configure all IP addresses that can be used to reach the server
FreeIPA is being installed on. Ignore some IP address only if user specifies
subset of detected addresses using --ip-address option.
This change simplyfies FreeIPA installation on multihomed and dual-stacked servers.

https://fedorahosted.org/freeipa/ticket/3575

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
David Kupka
2014-08-27 13:50:21 +02:00
committed by Martin Kosek
parent f866186239
commit 947c7398ed
6 changed files with 253 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
install/tools/ipa-dns-install
View File

@@ -42,13 +42,16 @@ def parse_options():
sensitive=True, help="admin password") sensitive=True, help="admin password")
parser.add_option("-d", "--debug", dest="debug", action="store_true", parser.add_option("-d", "--debug", dest="debug", action="store_true",
default=False, help="print debugging information") default=False, help="print debugging information")
parser.add_option("--ip-address", dest="ip_address", parser.add_option("--ip-address", dest="ip_addresses",
default=[], action="append",
type="ip", ip_local=True, help="Master Server IP Address") type="ip", ip_local=True, help="Master Server IP Address")
parser.add_option("--forwarder", dest="forwarders", action="append", parser.add_option("--forwarder", dest="forwarders", action="append",
type="ip", help="Add a DNS forwarder") type="ip", help="Add a DNS forwarder")
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead") default=False, help="Do not add any DNS forwarders, use root servers instead")
parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") parser.add_option("--reverse-zone", dest="reverse_zones",
default=[], action="append",
help="The reverse DNS zone to use")
parser.add_option("--no-reverse", dest="no_reverse", action="store_true", parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create new reverse DNS zone") default=False, help="Do not create new reverse DNS zone")
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
@@ -62,7 +65,7 @@ def parse_options():
if options.forwarders and options.no_forwarders: if options.forwarders and options.no_forwarders:
parser.error("You cannot specify a --forwarder option together with --no-forwarders") parser.error("You cannot specify a --forwarder option together with --no-forwarders")
elif options.reverse_zone and options.no_reverse: elif options.reverse_zones and options.no_reverse:
parser.error("You cannot specify a --reverse-zone option together with --no-reverse") parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
if options.unattended: if options.unattended:
@@ -130,46 +133,8 @@ def main():
except errors.ACIError: except errors.ACIError:
sys.exit("Password is not valid!") sys.exit("Password is not valid!")
# Check we have a public IP that is associated with the hostname ip_addresses = get_server_ip_address(api.env.host, fstore,
if options.ip_address: options.unattended, True, options.ip_addresses)
ip = options.ip_address
else:
hostaddr = resolve_host(api.env.host)
try:
if len(hostaddr) > 1:
print >> sys.stderr, "The server hostname resolves to more than one address:"
for addr in hostaddr:
print >> sys.stderr, " %s" % addr
if options.ip_address:
if str(options.ip_address) not in hostaddr:
print >> sys.stderr, "Address passed in --ip-address did not match any resolved"
print >> sys.stderr, "address!"
sys.exit(1)
print "Selected IP address:", str(options.ip_address)
ip = options.ip_address
else:
if options.unattended:
print >> sys.stderr, "Please use --ip-address option to specify the address"
sys.exit(1)
else:
ip = read_ip_address(api.env.host, fstore)
else:
ip = hostaddr and ipautil.CheckedIPAddress(hostaddr[0], match_local=True)
except Exception, e:
print "Error: Invalid IP Address %s: %s" % (ip, e)
ip = None
if not ip:
if options.unattended:
sys.exit("Unable to resolve IP address for host name")
else:
ip = read_ip_address(api.env.host, fstore)
ip_address = str(ip)
root_logger.debug("will use ip_address: %s\n", ip_address)
if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip):
sys.exit(1)
if options.no_forwarders: if options.no_forwarders:
dns_forwarders = () dns_forwarders = ()
@@ -186,19 +151,11 @@ def main():
ccache = krbV.default_context().default_ccache() ccache = krbV.default_context().default_ccache()
api.Backend.ldap2.connect(ccache) api.Backend.ldap2.connect(ccache)
if options.reverse_zone: reverse_zones = bindinstance.check_reverse_zones(ip_addresses,
reverse_zone = bindinstance.normalize_zone(options.reverse_zone) options.reverse_zones, options, options.unattended, True)
else:
reverse_zone = bindinstance.find_reverse_zone(ip)
if reverse_zone is None and not options.no_reverse:
if options.unattended:
reverse_zone = util.get_reverse_zone_default(ip)
elif bindinstance.create_reverse():
reverse_zone = util.get_reverse_zone_default(ip)
reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip)
if reverse_zone is not None: if reverse_zones is not None:
print "Using reverse zone %s" % reverse_zone print "Using reverse zone %s" % ', '.join(reverse_zones)
conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled() conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
@@ -208,8 +165,8 @@ def main():
print "Please wait until the prompt is returned." print "Please wait until the prompt is returned."
print "" print ""
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr) dns_forwarders, conf_ntp, reverse_zones, zonemgr=options.zonemgr)
bind.create_instance() bind.create_instance()
# Restart http instance to make sure that python-dns has the right resolver # Restart http instance to make sure that python-dns has the right resolver

57
install/tools/ipa-replica-install
View File

@@ -67,8 +67,8 @@ def parse_options():
default=False, help="configure a dogtag CA") default=False, help="configure a dogtag CA")
basic_group.add_option("--setup-kra", dest="setup_kra", action="store_true", basic_group.add_option("--setup-kra", dest="setup_kra", action="store_true",
default=False, help="configure a dogtag KRA") default=False, help="configure a dogtag KRA")
basic_group.add_option("--ip-address", dest="ip_address", basic_group.add_option("--ip-address", dest="ip_addresses",
type="ip", ip_local=True, type="ip", ip_local=True, action="append", default=[],
help="Replica server IP Address") help="Replica server IP Address")
basic_group.add_option("-p", "--password", dest="password", sensitive=True, basic_group.add_option("-p", "--password", dest="password", sensitive=True,
help="Directory Manager (existing master) password") help="Directory Manager (existing master) password")
@@ -112,7 +112,8 @@ def parse_options():
type="ip", help="Add a DNS forwarder") type="ip", help="Add a DNS forwarder")
dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true", dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead") default=False, help="Do not add any DNS forwarders, use root servers instead")
dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") dns_group.add_option("--reverse-zone", dest="reverse_zones", default=[],
action="append", help="The reverse DNS zone to use")
dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true", dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create new reverse DNS zone") default=False, help="Do not create new reverse DNS zone")
dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
@@ -133,7 +134,7 @@ def parse_options():
parser.error("You cannot specify a --forwarder option without the --setup-dns option") parser.error("You cannot specify a --forwarder option without the --setup-dns option")
if options.no_forwarders: if options.no_forwarders:
parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") parser.error("You cannot specify a --no-forwarders option without the --setup-dns option")
if options.reverse_zone: if options.reverse_zones:
parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") parser.error("You cannot specify a --reverse-zone option without the --setup-dns option")
if options.no_reverse: if options.no_reverse:
parser.error("You cannot specify a --no-reverse option without the --setup-dns option") parser.error("You cannot specify a --no-reverse option without the --setup-dns option")
@@ -141,7 +142,7 @@ def parse_options():
parser.error("You cannot specify a --forwarder option together with --no-forwarders") parser.error("You cannot specify a --forwarder option together with --no-forwarders")
elif not options.forwarders and not options.no_forwarders: elif not options.forwarders and not options.no_forwarders:
parser.error("You must specify at least one --forwarder option or --no-forwarders option") parser.error("You must specify at least one --forwarder option or --no-forwarders option")
elif options.reverse_zone and options.no_reverse: elif options.reverse_zones and options.no_reverse:
parser.error("You cannot specify a --reverse-zone option together with --no-reverse") parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
return safe_options, options, args[0] return safe_options, options, args[0]
@@ -264,23 +265,9 @@ def install_bind(config, options):
forwarders = () forwarders = ()
bind = bindinstance.BindInstance(dm_password=config.dirman_password) bind = bindinstance.BindInstance(dm_password=config.dirman_password)
if options.reverse_zone: bind.setup(config.host_name, config.ips, config.realm_name,
if not bindinstance.verify_reverse_zone(options.reverse_zone, config.ip): config.domain_name, forwarders, options.conf_ntp,
sys.exit(1) config.reverse_zones, ca_configured=options.setup_ca)
reverse_zone = bindinstance.normalize_zone(options.reverse_zone)
else:
reverse_zone = bindinstance.find_reverse_zone(config.ip)
if reverse_zone is None and not options.no_reverse:
reverse_zone = util.get_reverse_zone_default(config.ip)
if not options.unattended and bindinstance.create_reverse():
reverse_zone = bindinstance.read_reverse_zone(reverse_zone, config.ip)
if reverse_zone is not None:
print "Using reverse zone %s" % reverse_zone
bind.setup(config.host_name, config.ip_address, config.realm_name,
config.domain_name, forwarders, options.conf_ntp, reverse_zone,
ca_configured=options.setup_ca)
bind.create_instance() bind.create_instance()
print "" print ""
@@ -326,12 +313,16 @@ def install_dns_records(config, options):
config.master_host_name, config.dirman_password): config.master_host_name, config.dirman_password):
try: try:
bind = bindinstance.BindInstance(dm_password=config.dirman_password) bind = bindinstance.BindInstance(dm_password=config.dirman_password)
reverse_zone = bindinstance.find_reverse_zone(config.ip) for ip in config.ips:
reverse_zone = bindinstance.find_reverse_zone(ip)
bind.add_master_dns_records(config.host_name, config.ip_address, bind.add_master_dns_records(config.host_name,
config.realm_name, config.domain_name, str(ip),
reverse_zone, options.conf_ntp, config.realm_name,
options.setup_ca) config.domain_name,
reverse_zone,
options.conf_ntp,
options.setup_ca)
except errors.NotFound, e: except errors.NotFound, e:
root_logger.debug('Replica DNS records could not be added ' root_logger.debug('Replica DNS records could not be added '
'on master: %s', str(e)) 'on master: %s', str(e))
@@ -534,8 +525,16 @@ def main():
# check replica host IP resolution # check replica host IP resolution
config.ip = installutils.get_server_ip_address(config.host_name, fstore, True, options) config.ips = installutils.get_server_ip_address(config.host_name, fstore,
config.ip_address = str(config.ip) options.unattended, options.setup_dns, options.ip_addresses)
ip_addresses = [str(ip) for ip in config.ips]
config.reverse_zones = bindinstance.check_reverse_zones(ip_addresses,
options.reverse_zones, options, True)
if config.reverse_zones is not None:
print "Using reverse zone(s) %s" % ', '.join(config.reverse_zones)
# Create the management framework config file # Create the management framework config file
# Note: We must do this before bootstraping and finalizing ipalib.api # Note: We must do this before bootstraping and finalizing ipalib.api

54
install/tools/ipa-server-install
View File

@@ -175,8 +175,8 @@ def parse_options():
help="create home directories for users " help="create home directories for users "
"on their first login") "on their first login")
basic_group.add_option("--hostname", dest="host_name", help="fully qualified name of server") basic_group.add_option("--hostname", dest="host_name", help="fully qualified name of server")
basic_group.add_option("--ip-address", dest="ip_address", basic_group.add_option("--ip-address", dest="ip_addresses",
type="ip", ip_local=True, type="ip", ip_local=True, action="append", default=[],
help="Master Server IP Address") help="Master Server IP Address")
basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false", basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
help="do not configure ntp", default=True) help="do not configure ntp", default=True)
@@ -236,7 +236,8 @@ def parse_options():
type="ip", help="Add a DNS forwarder") type="ip", help="Add a DNS forwarder")
dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true", dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead") default=False, help="Do not add any DNS forwarders, use root servers instead")
dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") dns_group.add_option("--reverse-zone", dest="reverse_zones", help="The reverse DNS zone to use",
action="append", default=[])
dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true", dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create reverse DNS zone") default=False, help="Do not create reverse DNS zone")
dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
@@ -280,13 +281,13 @@ def parse_options():
parser.error("You cannot specify a --forwarder option without the --setup-dns option") parser.error("You cannot specify a --forwarder option without the --setup-dns option")
if options.no_forwarders: if options.no_forwarders:
parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") parser.error("You cannot specify a --no-forwarders option without the --setup-dns option")
if options.reverse_zone: if options.reverse_zones:
parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") parser.error("You cannot specify a --reverse-zone option without the --setup-dns option")
if options.no_reverse: if options.no_reverse:
parser.error("You cannot specify a --no-reverse option without the --setup-dns option") parser.error("You cannot specify a --no-reverse option without the --setup-dns option")
elif options.forwarders and options.no_forwarders: elif options.forwarders and options.no_forwarders:
parser.error("You cannot specify a --forwarder option together with --no-forwarders") parser.error("You cannot specify a --forwarder option together with --no-forwarders")
elif options.reverse_zone and options.no_reverse: elif options.reverse_zones and options.no_reverse:
parser.error("You cannot specify a --reverse-zone option together with --no-reverse") parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
if options.uninstall: if options.uninstall:
@@ -829,11 +830,11 @@ def main():
realm_name = "" realm_name = ""
host_name = "" host_name = ""
domain_name = "" domain_name = ""
ip_address = "" ip_addresses = []
master_password = "" master_password = ""
dm_password = "" dm_password = ""
admin_password = "" admin_password = ""
reverse_zone = None reverse_zones = []
if not options.setup_dns and not options.unattended: if not options.setup_dns and not options.unattended:
if ipautil.user_input("Do you want to configure integrated DNS (BIND)?", False): if ipautil.user_input("Do you want to configure integrated DNS (BIND)?", False):
@@ -892,11 +893,8 @@ def main():
domain_name = domain_name.lower() domain_name = domain_name.lower()
ip = get_server_ip_address(host_name, fstore, options.unattended, options) ip_addresses = get_server_ip_address(host_name, fstore,
ip_address = str(ip) options.unattended, options.setup_dns, options.ip_addresses)
if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip):
sys.exit(1)
if not options.realm_name: if not options.realm_name:
realm_name = read_realm_name(domain_name, options.unattended) realm_name = read_realm_name(domain_name, options.unattended)
@@ -973,35 +971,29 @@ def main():
else: else:
dns_forwarders = read_dns_forwarders() dns_forwarders = read_dns_forwarders()
if options.reverse_zone: reverse_zones = bindinstance.check_reverse_zones(ip_addresses,
reverse_zone = bindinstance.normalize_zone(options.reverse_zone) options.reverse_zones, options, options.unattended)
elif not options.no_reverse:
if options.unattended:
reverse_zone = util.get_reverse_zone_default(ip)
elif bindinstance.create_reverse():
reverse_zone = util.get_reverse_zone_default(ip)
reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip)
if reverse_zone is not None: if reverse_zones:
print "Using reverse zone %s" % reverse_zone print "Using reverse zone(s) %s" % ", ".join(str(rz) for rz in reverse_zones)
else: else:
dns_forwarders = () dns_forwarders = ()
root_logger.debug("will use dns_forwarders: %s\n" % str(dns_forwarders)) root_logger.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
print print
print "The IPA Master Server will be configured with:" print "The IPA Master Server will be configured with:"
print "Hostname: %s" % host_name print "Hostname: %s" % host_name
print "IP address: %s" % ip_address print "IP address(es): %s" % ", ".join(str(ip) for ip in ip_addresses)
print "Domain name: %s" % domain_name print "Domain name: %s" % domain_name
print "Realm name: %s" % realm_name print "Realm name: %s" % realm_name
print print
if options.setup_dns: if options.setup_dns:
print "BIND DNS server will be configured to serve IPA domain with:" print "BIND DNS server will be configured to serve IPA domain with:"
print "Forwarders: %s" % ("No forwarders" if not dns_forwarders \ print "Forwarders: %s" % ("No forwarders" if not dns_forwarders \
else ", ".join([str(ip) for ip in dns_forwarders])) else ", ".join([str(ip) for ip in dns_forwarders]))
print "Reverse zone: %s" % ("No reverse zone" if options.no_reverse \ print "Reverse zone(s): %s" % ("No reverse zone" if options.no_reverse \
or reverse_zone is None else reverse_zone) or reverse_zones is None else ", ".join(str(rz) for rz in reverse_zones))
print print
# If domain name and realm does not match, IPA server will not be able # If domain name and realm does not match, IPA server will not be able
@@ -1112,7 +1104,7 @@ def main():
options.host_name = host_name options.host_name = host_name
options.unattended = True options.unattended = True
options.forwarders = dns_forwarders options.forwarders = dns_forwarders
options.reverse_zone = reverse_zone options.reverse_zones = reverse_zones
write_cache(vars(options)) write_cache(vars(options))
ca.configure_instance(host_name, domain_name, dm_password, ca.configure_instance(host_name, domain_name, dm_password,
dm_password, csr_file=paths.ROOT_IPA_CSR, dm_password, csr_file=paths.ROOT_IPA_CSR,
@@ -1206,8 +1198,8 @@ def main():
# Create a BIND instance # Create a BIND instance
bind = bindinstance.BindInstance(fstore, dm_password) bind = bindinstance.BindInstance(fstore, dm_password)
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, bind.setup(host_name, ip_addresses, realm_name, domain_name, dns_forwarders,
options.conf_ntp, reverse_zone, zonemgr=options.zonemgr, options.conf_ntp, reverse_zones, zonemgr=options.zonemgr,
ca_configured=setup_ca) ca_configured=setup_ca)
if options.setup_dns: if options.setup_dns:
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password) api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)

110
ipaserver/install/bindinstance.py
View File

@@ -22,6 +22,7 @@ import os
import pwd import pwd
import netaddr import netaddr
import re import re
import sys
import ldap import ldap
@@ -250,7 +251,6 @@ def verify_reverse_zone(zone, ip_address):
try: try:
get_reverse_record_name(zone, ip_address) get_reverse_record_name(zone, ip_address)
except ValueError: except ValueError:
print "Invalid reverse zone %s" % zone
return False return False
return True return True
@@ -276,6 +276,8 @@ def read_reverse_zone(default, ip_address):
return None return None
if verify_reverse_zone(zone, ip_address): if verify_reverse_zone(zone, ip_address):
break break
else:
print "Invalid reverse zone %s for IP address %s" % (zone, ip_address)
return normalize_zone(zone) return normalize_zone(zone)
@@ -378,6 +380,48 @@ def zonemgr_callback(option, opt_str, value, parser):
parser.values.zonemgr = value parser.values.zonemgr = value
def check_reverse_zones(ip_addresses, reverse_zones, options, unattended, search_reverse_zones=False):
reverse_asked = False
ret_reverse_zones = []
# check that there is IP address in every reverse zone
if reverse_zones:
for rz in reverse_zones:
for ip in ip_addresses:
if verify_reverse_zone(rz, ip):
ret_reverse_zones.append(normalize_zone(rz))
break
else:
# no ip matching reverse zone found
sys.exit("There is no IP address matching reverse zone %s." % rz)
if not options.no_reverse:
# check that there is reverse zone for every IP
for ip in ip_addresses:
if search_reverse_zones and find_reverse_zone(str(ip)):
# reverse zone is already in LDAP
continue
for rz in ret_reverse_zones:
if verify_reverse_zone(rz, ip):
# reverse zone was entered by user
break
else:
# no reverse zone for ip found
if not reverse_asked:
if not unattended and not reverse_zones:
# user did not specify reverse_zone nor no_reverse
options.no_reverse = not create_reverse()
if options.no_reverse:
# user decided not to create reverse zone
return []
reverse_asked = True
rz = get_reverse_zone_default(str(ip))
if not unattended:
rz = read_reverse_zone(rz, str(ip))
ret_reverse_zones.append(rz)
return ret_reverse_zones
class DnsBackup(object): class DnsBackup(object):
def __init__(self, service): def __init__(self, service):
self.service = service self.service = service
@@ -437,11 +481,11 @@ class BindInstance(service.Service):
self.named_user = None self.named_user = None
self.domain = None self.domain = None
self.host = None self.host = None
self.ip_address = None self.ip_addresses = []
self.realm = None self.realm = None
self.forwarders = None self.forwarders = None
self.sub_dict = None self.sub_dict = None
self.reverse_zone = None self.reverse_zones = []
self.dm_password = dm_password self.dm_password = dm_password
if fstore: if fstore:
@@ -451,19 +495,19 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix') suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
reverse_zone, named_user="named", zonemgr=None, reverse_zones, named_user="named", zonemgr=None,
ca_configured=None): ca_configured=None):
self.named_user = named_user self.named_user = named_user
self.fqdn = fqdn self.fqdn = fqdn
self.ip_address = ip_address self.ip_addresses = ip_addresses
self.realm = realm_name self.realm = realm_name
self.domain = domain_name self.domain = domain_name
self.forwarders = forwarders self.forwarders = forwarders
self.host = fqdn.split(".")[0] self.host = fqdn.split(".")[0]
self.suffix = ipautil.realm_to_suffix(self.realm) self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp self.ntp = ntp
self.reverse_zone = reverse_zone self.reverse_zones = reverse_zones
self.ca_configured = ca_configured self.ca_configured = ca_configured
if not zonemgr: if not zonemgr:
@@ -509,8 +553,9 @@ class BindInstance(service.Service):
# get a connection to the DS # get a connection to the DS
self.ldap_connect() self.ldap_connect()
if installutils.record_in_hosts(self.ip_address, self.fqdn) is None: for ip_address in self.ip_addresses:
installutils.add_record_to_hosts(self.ip_address, self.fqdn) if installutils.record_in_hosts(str(ip_address), self.fqdn) is None:
installutils.add_record_to_hosts(str(ip_address), self.fqdn)
# Make sure generate-rndc-key.sh runs before named restart # Make sure generate-rndc-key.sh runs before named restart
self.step("generating rndc key file", self.__generate_rndc_key) self.step("generating rndc key file", self.__generate_rndc_key)
@@ -520,8 +565,7 @@ class BindInstance(service.Service):
if not dns_zone_exists(self.domain): if not dns_zone_exists(self.domain):
self.step("setting up our zone", self.__setup_zone) self.step("setting up our zone", self.__setup_zone)
if self.reverse_zones:
if self.reverse_zone is not None:
self.step("setting up reverse zone", self.__setup_reverse_zone) self.step("setting up reverse zone", self.__setup_reverse_zone)
self.step("setting up our own record", self.__add_self) self.step("setting up our own record", self.__add_self)
@@ -574,18 +618,17 @@ class BindInstance(service.Service):
else: else:
optional_ntp = "" optional_ntp = ""
addr = netaddr.IPAddress(self.ip_address) ipa_ca = ""
if addr.version in (4, 6): for addr in self.ip_addresses:
ipa_ca = "%s\t\t\tIN %s\t\t\t%s\n" % ( if addr.version in (4, 6):
IPA_CA_RECORD, ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % (
"A" if addr.version == 4 else "AAAA", IPA_CA_RECORD,
self.ip_address) "A" if addr.version == 4 else "AAAA",
else: str(addr))
ipa_ca = ""
self.sub_dict = dict( self.sub_dict = dict(
FQDN=self.fqdn, FQDN=self.fqdn,
IP=self.ip_address, IP=[str(ip) for ip in self.ip_addresses],
DOMAIN=self.domain, DOMAIN=self.domain,
HOST=self.host, HOST=self.host,
REALM=self.realm, REALM=self.realm,
@@ -618,7 +661,8 @@ class BindInstance(service.Service):
def __setup_reverse_zone(self): def __setup_reverse_zone(self):
# Always use force=True as named is not set up yet # Always use force=True as named is not set up yet
add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host, for reverse_zone in self.reverse_zones:
add_zone(reverse_zone, self.zonemgr, ns_hostname=api.env.host,
dns_backup=self.dns_backup, force=True) dns_backup=self.dns_backup, force=True)
def __add_master_records(self, fqdn, addrs): def __add_master_records(self, fqdn, addrs):
@@ -665,7 +709,7 @@ class BindInstance(service.Service):
add_ptr_rr(reverse_zone, addr, fqdn) add_ptr_rr(reverse_zone, addr, fqdn)
def __add_self(self): def __add_self(self):
self.__add_master_records(self.fqdn, [self.ip_address]) self.__add_master_records(self.fqdn, self.ip_addresses)
def __add_others(self): def __add_others(self):
entries = self.admin_conn.get_entries( entries = self.admin_conn.get_entries(
@@ -710,7 +754,7 @@ class BindInstance(service.Service):
pass pass
def __add_ipa_ca_record(self): def __add_ipa_ca_record(self):
self.__add_ipa_ca_records(self.fqdn, [self.ip_address], self.__add_ipa_ca_records(self.fqdn, self.ip_addresses,
self.ca_configured) self.ca_configured)
if self.first_instance: if self.first_instance:
@@ -798,7 +842,17 @@ class BindInstance(service.Service):
def __setup_resolv_conf(self): def __setup_resolv_conf(self):
self.fstore.backup_file(RESOLV_CONF) self.fstore.backup_file(RESOLV_CONF)
resolv_txt = "search "+self.domain+"\nnameserver "+self.ip_address+"\n" resolv_txt = "search "+self.domain+"\n"
for ip_address in self.ip_addresses:
if ip_address.version == 4:
resolv_txt += "nameserver 127.0.0.1\n"
break
for ip_address in self.ip_addresses:
if ip_address.version == 6:
resolv_txt += "nameserver ::1\n"
break
try: try:
resolv_fd = open(RESOLV_CONF, 'w') resolv_fd = open(RESOLV_CONF, 'w')
resolv_fd.seek(0) resolv_fd.seek(0)
@@ -812,16 +866,16 @@ class BindInstance(service.Service):
installutils.check_entropy() installutils.check_entropy()
ipautil.run(['/usr/libexec/generate-rndc-key.sh']) ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name, def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
reverse_zone, ntp=False, ca_configured=None): reverse_zones, ntp=False, ca_configured=None):
self.fqdn = fqdn self.fqdn = fqdn
self.ip_address = ip_address self.ip_addresses = ip_addresses
self.realm = realm_name self.realm = realm_name
self.domain = domain_name self.domain = domain_name
self.host = fqdn.split(".")[0] self.host = fqdn.split(".")[0]
self.suffix = ipautil.realm_to_suffix(self.realm) self.suffix = ipautil.realm_to_suffix(self.realm)
self.ntp = ntp self.ntp = ntp
self.reverse_zone = reverse_zone self.reverse_zones = reverse_zones
self.ca_configured = ca_configured self.ca_configured = ca_configured
self.first_instance = False self.first_instance = False
self.zonemgr = 'hostmaster.%s' % self.domain self.zonemgr = 'hostmaster.%s' % self.domain

124
ipaserver/install/installutils.py
View File

@@ -222,6 +222,7 @@ def add_record_to_hosts(ip, host_name, conf_file=paths.HOSTS):
hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n') hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
hosts_fd.close() hosts_fd.close()
# TODO: Remove when removing usage from ipa-adtrust-install
def read_ip_address(host_name, fstore): def read_ip_address(host_name, fstore):
while True: while True:
ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = False) ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = False)
@@ -235,6 +236,22 @@ def read_ip_address(host_name, fstore):
return ip_parsed return ip_parsed
def read_ip_addresses(host_name, fstore):
ips = []
print "Enter the IP address to use, or press Enter to finish."
while True:
ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = True)
if not ip:
break
try:
ip_parsed = ipautil.CheckedIPAddress(ip, match_local=True)
except Exception, e:
print "Error: Invalid IP Address %s: %s" % (ip, e)
continue
ips.append(ip)
return ips
def read_dns_forwarders(): def read_dns_forwarders():
addrs = [] addrs = []
if ipautil.user_input("Do you want to configure DNS forwarders?", True): if ipautil.user_input("Do you want to configure DNS forwarders?", True):
@@ -426,7 +443,7 @@ def get_host_name(no_host_dns):
verify_fqdn(hostname, no_host_dns) verify_fqdn(hostname, no_host_dns)
return hostname return hostname
def get_server_ip_address(host_name, fstore, unattended, options): def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses):
# Check we have a public IP that is associated with the hostname # Check we have a public IP that is associated with the hostname
try: try:
hostaddr = resolve_host(host_name) hostaddr = resolve_host(host_name)
@@ -441,74 +458,59 @@ def get_server_ip_address(host_name, fstore, unattended, options):
ip_add_to_hosts = False ip_add_to_hosts = False
if len(hostaddr) > 1: ips = []
print >> sys.stderr, "The server hostname resolves to more than one address:" if len(hostaddr):
for addr in hostaddr: for ha in hostaddr:
print >> sys.stderr, " %s" % addr try:
ips.append(ipautil.CheckedIPAddress(ha, match_local=True))
except ValueError, e:
root_logger.warning("Invalid IP address %s for %s: %s", ha, host_name, unicode(e))
if options.ip_address: if not ips and not ip_addresses:
if str(options.ip_address) not in hostaddr: if not unattended:
print >> sys.stderr, "Address passed in --ip-address did not match any resolved" ip_addresses = read_ip_addresses(host_name, fstore)
print >> sys.stderr, "address!"
sys.exit(1) if ip_addresses:
print "Selected IP address:", str(options.ip_address) if setup_dns:
ip = options.ip_address ips = ip_addresses
else: else:
if unattended: # all specified addresses was resolved for this host
print >> sys.stderr, "Please use --ip-address option to specify the address" if set(ip_addresses) <= set(ips):
sys.exit(1) ips = ip_addresses
else: else:
ip = read_ip_address(host_name, fstore) print >>sys.stderr, "Error: the hostname resolves to IP address(es) that are different"
elif len(hostaddr) == 1: print >>sys.stderr, "from those provided on the command line. Please fix your DNS"
try: print >>sys.stderr, "or /etc/hosts file and restart the installation."
ip = ipautil.CheckedIPAddress(hostaddr[0], match_local=True) print >>sys.stderr, "Provided but not resolved address(es): %s" % \
except ValueError, e: ", ".join(str(ip) for ip in (set(ip_addresses) - set(ips)))
sys.exit("Invalid IP Address %s for %s: %s" % (hostaddr[0], host_name, unicode(e))) sys.exit(1)
else:
# hostname is not resolvable
ip = options.ip_address
ip_add_to_hosts = True ip_add_to_hosts = True
if ip is None: if not ips:
print "Unable to resolve IP address for host name" print >> sys.stderr, "No usable IP address provided nor resolved."
if unattended: sys.exit(1)
sys.exit(1)
if options.ip_address: for ip_address in ips:
if options.ip_address != ip and not options.setup_dns: # check /etc/hosts sanity, add a record when needed
print >>sys.stderr, "Error: the hostname resolves to an IP address that is different" hosts_record = record_in_hosts(str(ip_address))
print >>sys.stderr, "from the one provided on the command line. Please fix your DNS"
print >>sys.stderr, "or /etc/hosts file and restart the installation."
sys.exit(1)
ip = options.ip_address if hosts_record is None:
if ip_add_to_hosts:
print "Adding ["+str(ip_address)+" "+host_name+"] to your /etc/hosts file"
fstore.backup_file(paths.HOSTS)
add_record_to_hosts(str(ip_address), host_name)
else:
primary_host = hosts_record[1][0]
if primary_host != host_name:
print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \
% ip_address
print >>sys.stderr, hosts_record[0], " ".join(hosts_record[1])
print >>sys.stderr, "Chosen hostname %s does not match configured canonical hostname %s" \
% (host_name, primary_host)
print >>sys.stderr, "Please fix your /etc/hosts file and restart the installation."
sys.exit(1)
if ip is None: return ips
ip = read_ip_address(host_name, fstore)
root_logger.debug("read ip_address: %s\n" % str(ip))
ip_address = str(ip)
# check /etc/hosts sanity, add a record when needed
hosts_record = record_in_hosts(ip_address)
if hosts_record is None:
if ip_add_to_hosts or options.setup_dns:
print "Adding ["+ip_address+" "+host_name+"] to your /etc/hosts file"
fstore.backup_file(paths.HOSTS)
add_record_to_hosts(ip_address, host_name)
else:
primary_host = hosts_record[1][0]
if primary_host != host_name:
print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \
% ip_address
print >>sys.stderr, hosts_record[0], " ".join(hosts_record[1])
print >>sys.stderr, "Chosen hostname %s does not match configured canonical hostname %s" \
% (host_name, primary_host)
print >>sys.stderr, "Please fix your /etc/hosts file and restart the installation."
sys.exit(1)
return ip
def expand_replica_info(filename, password): def expand_replica_info(filename, password):
""" """

82
ipaserver/install/ipa_replica_prepare.py
View File

@@ -54,9 +54,11 @@ class ReplicaPrepare(admintool.AdminTool):
parser.add_option("-p", "--password", dest="password", parser.add_option("-p", "--password", dest="password",
help="Directory Manager password (for the existing master)") help="Directory Manager password (for the existing master)")
parser.add_option("--ip-address", dest="ip_address", type="ip", parser.add_option("--ip-address", dest="ip_addresses", type="ip",
action="append", default=[],
help="add A and PTR records of the future replica") help="add A and PTR records of the future replica")
parser.add_option("--reverse-zone", dest="reverse_zone", parser.add_option("--reverse-zone", dest="reverse_zones",
action="append", default=[],
help="the reverse DNS zone to use") help="the reverse DNS zone to use")
parser.add_option("--no-reverse", dest="no_reverse", parser.add_option("--no-reverse", dest="no_reverse",
action="store_true", default=False, action="store_true", default=False,
@@ -95,14 +97,14 @@ class ReplicaPrepare(admintool.AdminTool):
super(ReplicaPrepare, self).validate_options(needs_root=True) super(ReplicaPrepare, self).validate_options(needs_root=True)
installutils.check_server_configuration() installutils.check_server_configuration()
if not options.ip_address: if not options.ip_addresses:
if options.reverse_zone: if options.reverse_zones:
self.option_parser.error("You cannot specify a --reverse-zone " self.option_parser.error("You cannot specify a --reverse-zone "
"option without the --ip-address option") "option without the --ip-address option")
if options.no_reverse: if options.no_reverse:
self.option_parser.error("You cannot specify a --no-reverse " self.option_parser.error("You cannot specify a --no-reverse "
"option without the --ip-address option") "option without the --ip-address option")
elif options.reverse_zone and options.no_reverse: elif options.reverse_zones and options.no_reverse:
self.option_parser.error("You cannot specify a --reverse-zone " self.option_parser.error("You cannot specify a --reverse-zone "
"option together with --no-reverse") "option together with --no-reverse")
@@ -192,7 +194,7 @@ class ReplicaPrepare(admintool.AdminTool):
except installutils.BadHostError, e: except installutils.BadHostError, e:
msg = str(e) msg = str(e)
if isinstance(e, installutils.HostLookupError): if isinstance(e, installutils.HostLookupError):
if options.ip_address is None: if not options.ip_addresses:
if dns_container_exists( if dns_container_exists(
api.env.host, api.env.basedn, api.env.host, api.env.basedn,
dm_password=self.dirman_password, dm_password=self.dirman_password,
@@ -206,7 +208,7 @@ class ReplicaPrepare(admintool.AdminTool):
else: else:
raise raise
if options.ip_address: if options.ip_addresses:
if not dns_container_exists(api.env.host, api.env.basedn, if not dns_container_exists(api.env.host, api.env.basedn,
dm_password=self.dirman_password, dm_password=self.dirman_password,
ldapi=True, realm=api.env.realm): ldapi=True, realm=api.env.realm):
@@ -215,9 +217,19 @@ class ReplicaPrepare(admintool.AdminTool):
"because DNS is not managed by IPA. Please create DNS " "because DNS is not managed by IPA. Please create DNS "
"record manually and then omit --ip-address option.") "record manually and then omit --ip-address option.")
raise admintool.ScriptError("Cannot add DNS record") raise admintool.ScriptError("Cannot add DNS record")
if options.reverse_zone and not bindinstance.verify_reverse_zone(
options.reverse_zone, options.ip_address): disconnect = False
raise admintool.ScriptError("Invalid reverse zone") if not api.Backend.ldap2.isconnected():
api.Backend.ldap2.connect(
bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=self.dirman_password)
disconnect = True
options.reverse_zones = bindinstance.check_reverse_zones(
options.ip_addresses, options.reverse_zones, options, False,
True)
if disconnect:
api.Backend.ldap2.disconnect()
if options.http_pkcs12: if options.http_pkcs12:
if options.http_pin is None: if options.http_pin is None:
@@ -293,7 +305,7 @@ class ReplicaPrepare(admintool.AdminTool):
finally: finally:
shutil.rmtree(self.top_dir) shutil.rmtree(self.top_dir)
if options.ip_address: if options.ip_addresses:
self.add_dns_records() self.add_dns_records()
if options.wait_for_dns: if options.wait_for_dns:
@@ -420,46 +432,38 @@ class ReplicaPrepare(admintool.AdminTool):
options = self.options options = self.options
self.log.info("Adding DNS records for %s", self.replica_fqdn) self.log.info("Adding DNS records for %s", self.replica_fqdn)
api.Backend.ldap2.connect(
bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=self.dirman_password)
name, domain = self.replica_fqdn.split(".", 1) name, domain = self.replica_fqdn.split(".", 1)
ip = options.ip_address if not api.Backend.ldap2.isconnected():
ip_address = str(ip) api.Backend.ldap2.connect(
bind_dn=DN(('cn', 'Directory Manager')),
if options.reverse_zone: bind_pw=self.dirman_password)
reverse_zone = bindinstance.normalize_zone(options.reverse_zone)
else:
reverse_zone = bindinstance.find_reverse_zone(ip)
if reverse_zone is None and not options.no_reverse:
reverse_zone = bindinstance.get_reverse_zone_default(ip)
try: try:
add_zone(domain) add_zone(domain)
except errors.PublicError, e: except errors.PublicError, e:
raise admintool.ScriptError( raise admintool.ScriptError(
"Could not create forward DNS zone for the replica: %s" % e) "Could not create forward DNS zone for the replica: %s" % e)
try: for reverse_zone in options.reverse_zones:
add_fwd_rr(domain, name, ip_address) self.log.info("Adding reverse zone %s", reverse_zone)
except errors.PublicError, e: add_zone(reverse_zone)
raise admintool.ScriptError(
"Could not add forward DNS record for the replica: %s" % e)
if reverse_zone is not None: for ip in options.ip_addresses:
self.log.info("Using reverse zone %s", reverse_zone) ip_address = str(ip)
try: try:
add_zone(reverse_zone) add_fwd_rr(domain, name, ip_address)
except errors.PublicError, e: except errors.PublicError, e:
raise admintool.ScriptError( raise admintool.ScriptError(
"Could not create reverse DNS zone for replica: %s" % e) "Could not add forward DNS record for the replica: %s" % e)
try:
add_ptr_rr(reverse_zone, ip_address, self.replica_fqdn) if not options.no_reverse:
except errors.PublicError, e: reverse_zone = bindinstance.find_reverse_zone(ip)
raise admintool.ScriptError( try:
"Could not add reverse DNS record for the replica: %s" % e) add_ptr_rr(reverse_zone, ip_address, self.replica_fqdn)
except errors.PublicError, e:
raise admintool.ScriptError(
"Could not add reverse DNS record for the replica: %s"
% e)
def check_dns(self, replica_fqdn): def check_dns(self, replica_fqdn):
"""Return true if the replica hostname is resolvable""" """Return true if the replica hostname is resolvable"""