IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Make --setup-dns work on replica installation

Browse Source 
The ipa-replica-install script will setup the DNS if user specifies the
--setup-dns option. It will only add the zone into LDAP if the
cn=dns,$SUFFIX container doesn't exist. For now, however, we do not add
the records.
This commit is contained in:
Martin Nagy
2009-06-26 19:37:49 +02:00
parent a09d2c3498
commit de53d0a26e
4 changed files with 79 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
install/share/Makefile.am
View File

@@ -14,8 +14,9 @@ app_DATA = \
caJarSigningCert.cfg.template \ caJarSigningCert.cfg.template \
default-aci.ldif \ default-aci.ldif \
default-keytypes.ldif \ default-keytypes.ldif \
delegation.ldif \ delegation.ldif \
dns.ldif \ dns.ldif \
dns_reverse.ldif \
kerberos.ldif \ kerberos.ldif \
indices.ldif \ indices.ldif \
bind.named.conf.template \ bind.named.conf.template \

41
install/tools/ipa-replica-install
View File

@@ -19,6 +19,7 @@
# #
import sys import sys
import socket
import tempfile, os, pwd, traceback, logging, shutil import tempfile, os, pwd, traceback, logging, shutil
from ConfigParser import SafeConfigParser from ConfigParser import SafeConfigParser
@@ -27,13 +28,16 @@ import ldap
from ipapython import ipautil from ipapython import ipautil
from ipaserver.install import dsinstance, replication, installutils, krbinstance, service from ipaserver.install import dsinstance, replication, installutils, krbinstance, service
from ipaserver.install import httpinstance, ntpinstance, certs from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver import ipaldap from ipaserver import ipaldap
from ipapython import version from ipapython import version
from ipalib import util from ipalib import util
CACERT="/usr/share/ipa/html/ca.crt" CACERT="/usr/share/ipa/html/ca.crt"
class HostnameLocalhost(Exception):
pass
class ReplicaConfig: class ReplicaConfig:
def __init__(self): def __init__(self):
self.realm_name = "" self.realm_name = ""
@@ -54,6 +58,8 @@ def parse_options():
default=False, help="gather extra debugging information") default=False, help="gather extra debugging information")
parser.add_option("-p", "--password", dest="password", parser.add_option("-p", "--password", dest="password",
help="Directory Manager (existing master) password") help="Directory Manager (existing master) password")
parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
default=False, help="configure bind with our zone")
options, args = parser.parse_args() options, args = parser.parse_args()
@@ -97,6 +103,14 @@ def get_host_name():
return hostname return hostname
def resolve_host(host_name):
ip = socket.gethostbyname(host_name)
if ip == "127.0.0.1" or ip == "::1":
raise HostnameLocalhost
return ip
def set_owner(config, dir): def set_owner(config, dir):
pw = pwd.getpwnam(config.ds_user) pw = pwd.getpwnam(config.ds_user)
os.chown(dir, pw.pw_uid, pw.pw_gid) os.chown(dir, pw.pw_uid, pw.pw_gid)
@@ -175,6 +189,12 @@ def install_http(config):
print "error copying files: " + str(e) print "error copying files: " + str(e)
sys.exit(1) sys.exit(1)
def install_bind(config):
bind = bindinstance.BindInstance(dm_password=config.dirman_password)
ip_address = resolve_host(config.host_name)
bind.setup(config.host_name, ip_address, config.realm_name, config.domain_name)
bind.create_instance()
def check_dirsrv(): def check_dirsrv():
serverids = dsinstance.check_existing_installation() serverids = dsinstance.check_existing_installation()
if serverids: if serverids:
@@ -204,6 +224,13 @@ def check_dirsrv():
print "\t636" print "\t636"
sys.exit(1) sys.exit(1)
def check_bind():
if not bindinstance.check_inst():
print "--setup-dns was specified but bind or the BIND LDAP plug-in"
print "is not installed on the system"
print "Please install bind and the LDAP plug-in and restart the setup program"
sys.exit(1)
def main(): def main():
options, filename = parse_options() options, filename = parse_options()
installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug) installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug)
@@ -211,6 +238,8 @@ def main():
if not ipautil.file_exists(filename): if not ipautil.file_exists(filename):
sys.exit("Replica file %s does not exist" % filename) sys.exit("Replica file %s does not exist" % filename)
if options.setup_dns:
check_bind()
check_dirsrv() check_dirsrv()
# get the directory manager password # get the directory manager password
@@ -281,6 +310,8 @@ def main():
install_krb(config) install_krb(config)
install_http(config) install_http(config)
if options.setup_dns:
install_bind(config)
if CA: if CA:
CA.import_ra_cert(dir + "/ra.p12") CA.import_ra_cert(dir + "/ra.p12")
CA.fix_ra_perms() CA.fix_ra_perms()
@@ -330,6 +361,14 @@ try:
sys.exit(0) sys.exit(0)
except SystemExit, e: except SystemExit, e:
sys.exit(e) sys.exit(e)
except socket.error, (errno, errstr):
print errstr
except HostnameLocalhost:
print "The hostname resolves to the localhost address (127.0.0.1/::1)"
print "Please change your /etc/hosts file so that the hostname"
print "resolves to the ip address of your network interface."
print ""
print "Please fix your /etc/hosts file and restart the setup program"
except Exception, e: except Exception, e:
print "creation of replica failed: %s" % str(e) print "creation of replica failed: %s" % str(e)
message = str(e) message = str(e)

3
install/tools/man/ipa-replica-install.1
View File

@@ -35,6 +35,9 @@ Do not configure NTP
.TP .TP
\fB\-p\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR \fB\-p\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password Directory Manager (existing master) password
.TP
\fB\-\-setup\-dns\fR
Generate a DNS zone if it does not exist already and configure the DNS server
.SH "EXIT STATUS" .SH "EXIT STATUS"
0 if the command was successful 0 if the command was successful

38
ipaserver/install/bindinstance.py
View File

@@ -93,10 +93,7 @@ class BindInstance(service.Service):
except: except:
pass pass
# FIXME: this need to be split off, as only the first server can do self.__add_zone_steps()
# this operation
self.step("Setting up our zone", self.__setup_zone)
self.step("setting up reverse zone", self.__setup_reverse_zone)
self.step("setting up kerberos principal", self.__setup_principal) self.step("setting up kerberos principal", self.__setup_principal)
self.step("setting up named.conf", self.__setup_named_conf) self.step("setting up named.conf", self.__setup_named_conf)
@@ -107,6 +104,39 @@ class BindInstance(service.Service):
self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf) self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf)
self.start_creation("Configuring named:") self.start_creation("Configuring named:")
def __add_zone_steps(self):
"""
Add steps necessary to add records and zones, if they don't exist
already.
"""
def object_exists(dn):
"""
Test whether the given object exists in LDAP.
"""
try:
server.search_ext_s(dn, ldap.SCOPE_BASE)
except ldap.NO_SUCH_OBJECT:
return False
else:
return True
zone_dn = "idnsName=%s,cn=dns,%s" % (self.domain, self.suffix)
reverse_zone_dn = "idnsName=%s.in-addr.arpa,cn=dns,%s" % (self.reverse_subnet, self.suffix)
server = ldap.initialize("ldap://" + self.fqdn)
server.simple_bind_s()
if object_exists(zone_dn):
pass # TODO: Add dns records to the zone
else:
self.step("setting up our zone", self.__setup_zone)
if object_exists(reverse_zone_dn):
pass # TODO: Add dns records to the reverse zone
else:
self.step("setting up reverse zone", self.__setup_reverse_zone)
server.unbind_s()
def __start(self): def __start(self):
try: try:
self.backup_state("running", self.is_running()) self.backup_state("running", self.is_running())