Always add DNS records when installing a replica

Even if the replica is not running a DNS server other replicas might. So if the DNS container is present, then try to add DNS records. Fixes: https://fedorahosted.org/freeipa/ticket/824
2025-02-25 18:55:28 -06:00 · 2011-01-21 14:46:58 -05:00 · 2011-01-21 14:46:58 -05:00 · cec3978c79
commit cec3978c79
parent bc7ed9b1e3
3 changed files with 101 additions and 4 deletions
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@ -245,6 +245,8 @@ def install_http(config):
            sys.exit(1)

 def install_bind(config, options):
+    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
+                              bind_pw=config.dirman_password)
    if options.forwarders:
        forwarders = options.forwarders
    else:
@ -266,6 +268,23 @@ def install_bind(config, options):
               config.domain_name, forwarders, options.conf_ntp, create_reverse)
    bind.create_instance()

+def install_dns_records(config, options):
+
+    if not bindinstance.dns_container_exists(config.host_name,
+                                             util.realm_to_suffix(config.realm_name)):
+        return
+
+    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
+                              bind_pw=config.dirman_password)
+    bind = bindinstance.BindInstance(dm_password=config.dirman_password)
+    ip_address = resolve_host(config.host_name)
+    if not ip_address:
+        sys.exit("Unable to resolve IP address for host name")
+
+    bind.add_master_dns_records(config.host_name, ip_address,
+                                config.realm_name, config.domain_name,
+                                options.conf_ntp)
+
 def check_dirsrv():
    serverids = dsinstance.check_existing_installation()
    if serverids:
@ -432,10 +451,9 @@ def main():
    service.restart("httpd")

    if options.setup_dns:
-        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
-                                  bind_pw=config.dirman_password)
-
        install_bind(config, options)
+    else:
+        install_dns_records(config, options)

    # Call client install script
    try:
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@ -24,9 +24,10 @@ import traceback, logging

 from ipapython import ipautil
 from ipaserver.install import replication, dsinstance, installutils
+from ipaserver.install import bindinstance
 from ipaserver import ipaldap
 from ipapython import version
-from ipalib import errors, util
+from ipalib import api, errors, util

 CACERT = "/etc/ipa/ca.crt"

@ -274,6 +275,21 @@ def del_master(realm, hostname, options):
        print "Failed to cleanup %s entries: %s" % (hostname, str(e))
        print "You may need to manually remove them from the tree"

+    # 5. And clean up the removed replica DNS entries if any.
+    try:
+        if bindinstance.dns_container_exists(options.host, thisrepl.suffix):
+            if options.dirman_passwd:
+                api.Backend.ldap2.connect(bind_dn='cn=Directory Manager',
+                                          bind_pw=options.dirman_passwd)
+            else:
+                ccache = krbV.default_context().default_ccache().name
+                api.Backend.ldap2.connect(ccache=ccache)
+            bind = bindinstance.BindInstance()
+            bind.remove_master_dns_records(hostname, realm, realm.lower())
+    except Exception, e:
+        print "Failed to cleanup %s DNS entries: %s" % (hostname, str(e))
+        print "You may need to manually remove them from the tree"
+
 def add_link(realm, replica1, replica2, dirman_passwd, options):

    if options.winsync:
@ -355,6 +371,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
 def main():
    options, args = parse_options()

+    # Just initialize the environment. This is so the installer can have
+    # access to the plugin environment
+    api.bootstrap(in_server=True)
+    api.finalize()
+
    dirman_passwd = None
    realm = krbV.default_context().default_realm

--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@ -162,6 +162,23 @@ def add_ptr_rr(ip_address, fqdn, dns_backup=None):
    zone, name = get_reverse_zone(ip_address)
    add_rr(zone, name, "PTR", fqdn+".", dns_backup)

+def del_rr(zone, name, type, rdata):
+    delkw = { '%srecord' % unicode(type.lower()) : unicode(rdata) }
+    try:
+        api.Command.dnsrecord_del(unicode(zone), unicode(name), **delkw)
+    except (errors.NotFound, errors.EmptyModlist):
+        pass
+
+def get_rr(zone, name, type):
+    rectype = '%srecord' % unicode(type.lower())
+    ret = api.Command.dnsrecord_find(unicode(zone), unicode(name))
+    if ret['count'] > 0:
+        for r in ret['result']:
+            if rectype in r:
+                return r[rectype]
+
+    return []
+

 class DnsBackup(object):
    def __init__(self, service):
@ -415,6 +432,47 @@ class BindInstance(service.Service):
        resolv_fd.write(resolv_txt)
        resolv_fd.close()

+    def add_master_dns_records(self, fqdn, ip_address,
+                               realm_name, domain_name, ntp=False):
+        self.fqdn = fqdn
+        self.ip_address = ip_address
+        self.realm = realm_name
+        self.domain = domain_name
+        self.host = fqdn.split(".")[0]
+        self.suffix = util.realm_to_suffix(self.realm)
+        self.ntp = ntp
+
+        self.__add_self()
+
+    def remove_master_dns_records(self, fqdn, realm_name, domain_name):
+        host = fqdn.split(".")[0]
+        suffix = util.realm_to_suffix(realm_name)
+
+        zone = domain_name
+        resource_records = (
+            ("_ldap._tcp", "SRV", "0 100 389 %s" % host),
+            ("_kerberos._tcp", "SRV", "0 100 88 %s" % host),
+            ("_kerberos._udp", "SRV", "0 100 88 %s" % host),
+            ("_kerberos-master._tcp", "SRV", "0 100 88 %s" % host),
+            ("_kerberos-master._udp", "SRV", "0 100 88 %s" % host),
+            ("_kpasswd._tcp", "SRV", "0 100 464 %s" % host),
+            ("_kpasswd._udp", "SRV", "0 100 464 %s" % host),
+            ("_ntp._udp", "SRV", "0 100 123 %s" % host),
+        )
+
+        for (record, type, rdata) in resource_records:
+            del_rr(zone, record, type, rdata)
+
+        areclist = get_rr(zone, host, "A")
+        if len(areclist) != 0:
+            for rdata in areclist:
+                del_rr(zone, host, "A", rdata)
+
+                rzone, record = get_reverse_zone(rdata)
+                if dns_zone_exists(rzone):
+                    del_rr(rzone, record, "PTR", fqdn+".")
+
+
    def uninstall(self):
        if self.is_configured():
            self.print_msg("Unconfiguring %s" % self.service_name)