IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

dns: check if container exists using ldapi

Browse Source 
Previously an adhoc connection was established for checking if
dns(sec) container exists. A simple or external bind was used.
Instead, always connect with ldapi through api.Backend.ldap2.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Tomas Krizek
2016-11-11 12:45:11 +01:00
committed by Martin Babinsky
parent 28bc54f91d
commit f183f70e01
7 changed files with 15 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
install/tools/ipa-csreplica-manage
View File

@@ -281,8 +281,7 @@ def del_master(realm, hostname, options):
# 7. And clean up the removed replica DNS entries if any.
try:
if bindinstance.dns_container_exists(options.host, api.env.basedn,
dm_password=options.dirman_passwd):
if bindinstance.dns_container_exists(api.env.basedn):
bind = bindinstance.BindInstance()
bind.update_system_records()
except Exception as e:

3
install/tools/ipa-replica-manage
View File

@@ -903,8 +903,7 @@ def ensure_last_services(conn, hostname, masters, options):
def cleanup_server_dns_entries(realm, hostname, suffix, options):
try:
if bindinstance.dns_container_exists(options.host, suffix,
dm_password=options.dirman_passwd):
if bindinstance.dns_container_exists(suffix):
bindinstance.remove_master_dns_records(hostname, realm)
dnskeysyncinstance.remove_replica_public_keys(hostname)
except Exception as e:

23
ipaserver/install/bindinstance.py
View File

@@ -39,7 +39,7 @@ from ipaserver.dns_data_management import (
from ipaserver.install import installutils
from ipaserver.install import service
from ipaserver.install import sysupgrade
from ipapython import ipautil, ipaldap
from ipapython import ipautil
from ipapython import dnsutil
from ipapython.dnsutil import DNSName
from ipapython.ipa_log_manager import root_logger
@@ -58,7 +58,6 @@ from ipalib.util import (validate_zonemgr_str, normalize_zonemgr,
zone_is_reverse, validate_dnssec_global_forwarder,
DNSSECSignatureMissingError, EDNS0UnsupportedError,
UnresolvableRecordError)
from ipalib.constants import CACERT
if six.PY3:
unicode = str
@@ -229,26 +228,13 @@ def named_conf_add_include(path):
f.write(named_conf_include_template % {'path': path})
def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False,
realm=None):
def dns_container_exists(suffix):
"""
Test whether the dns container exists.
"""
assert isinstance(suffix, DN)
try:
# At install time we may need to use LDAPI to avoid chicken/egg
# issues with SSL certs and truting CAs
ldap_uri = ipaldap.get_ldap_uri(fqdn, 636, ldapi=ldapi, realm=realm,
cacert=CACERT)
conn = ipaldap.LDAPClient(ldap_uri, cacert=CACERT)
conn.simple_bind(ipaldap.DIRMAN_DN, dm_password)
except ldap.SERVER_DOWN:
raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn)
return api.Backend.ldap2.entry_exists(DN(('cn', 'dns'), suffix))
ret = conn.entry_exists(DN(('cn', 'dns'), suffix))
conn.unbind()
return ret
def dns_zone_exists(name, api=api):
try:
@@ -656,8 +642,7 @@ class BindInstance(service.Service):
else:
self.zonemgr = normalize_zonemgr(zonemgr)
self.first_instance = not dns_container_exists(
self.fqdn, self.suffix, realm=self.realm, ldapi=True)
self.first_instance = not dns_container_exists(self.suffix)
self.__setup_sub_dict()

3
ipaserver/install/ca.py
View File

@@ -223,7 +223,6 @@ def install_step_1(standalone, replica_config, options):
return
realm_name = options.realm_name
dm_password = options.dm_password
host_name = options.host_name
subject_base = options.subject
@@ -285,7 +284,7 @@ def install_step_1(standalone, replica_config, options):
if standalone:
# Install CA DNS records
if bindinstance.dns_container_exists(host_name, basedn, dm_password):
if bindinstance.dns_container_exists(basedn):
bind = bindinstance.BindInstance()
bind.update_system_records()

28
ipaserver/install/dnskeysyncinstance.py
View File

@@ -19,12 +19,10 @@ from ipaserver.install import service
from ipaserver.install import installutils
from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
from ipapython import ipaldap
from ipapython import ipautil
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipalib import errors, api
from ipalib.constants import CACERT
from ipaserver.install.bindinstance import dns_container_exists
softhsm_token_label = u'ipaDNSSEC'
@@ -32,26 +30,13 @@ softhsm_slot = 0
replica_keylabel_template = u"dnssec-replica:%s"
def dnssec_container_exists(fqdn, suffix, dm_password=None, ldapi=False,
realm=None):
def dnssec_container_exists(suffix):
"""
Test whether the dns container exists.
"""
assert isinstance(suffix, DN)
try:
# At install time we may need to use LDAPI to avoid chicken/egg
# issues with SSL certs and truting CAs
ldap_uri = ipaldap.get_ldap_uri(fqdn, 636, ldapi=ldapi, realm=realm,
cacert=CACERT)
conn = ipaldap.LDAPClient(ldap_uri, cacert=CACERT)
conn.simple_bind(ipaldap.DIRMAN_DN, dm_password)
except ldap.SERVER_DOWN:
raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn)
ret = conn.entry_exists(DN(('cn', 'sec'), ('cn', 'dns'), suffix))
conn.unbind()
return ret
return api.Backend.ldap2.entry_exists(
DN(('cn', 'sec'), ('cn', 'dns'), suffix))
def remove_replica_public_keys(hostname):
@@ -161,9 +146,7 @@ class DNSKeySyncInstance(service.Service):
except KeyError:
raise RuntimeError("OpenDNSSEC GID not found")
if not dns_container_exists(
self.fqdn, self.suffix, realm=self.realm, ldapi=True
):
if not dns_container_exists(self.suffix):
raise RuntimeError("DNS container does not exist")
# ready to be installed, storing a state is required to run uninstall
@@ -173,8 +156,7 @@ class DNSKeySyncInstance(service.Service):
"""
Setup LDAP containers for DNSSEC
"""
if dnssec_container_exists(self.fqdn, self.suffix, ldapi=True,
realm=self.realm):
if dnssec_container_exists(self.suffix):
self.logger.info("DNSSEC container exists (step skipped)")
return

9
ipaserver/install/ipa_replica_prepare.py
View File

@@ -253,10 +253,7 @@ class ReplicaPrepare(admintool.AdminTool):
except installutils.BadHostError as e:
if isinstance(e, installutils.HostLookupError):
if not options.ip_addresses:
if dns_container_exists(
api.env.host, api.env.basedn,
dm_password=self.dirman_password,
ldapi=True, realm=api.env.realm):
if dns_container_exists(api.env.basedn):
self.log.info('You might use the --ip-address option '
'to create a DNS entry if the DNS zone '
'is managed by IPA.')
@@ -268,9 +265,7 @@ class ReplicaPrepare(admintool.AdminTool):
raise
if options.ip_addresses:
if not dns_container_exists(api.env.host, api.env.basedn,
dm_password=self.dirman_password,
ldapi=True, realm=api.env.realm):
if not dns_container_exists(api.env.basedn):
self.log.error(
"It is not possible to add a DNS record automatically "
"because DNS is not managed by IPA. Please create DNS "

4
ipaserver/install/server/replicainstall.py
View File

@@ -171,9 +171,7 @@ def install_http(config, auto_redirect, ca_is_configured, ca_file,
def install_dns_records(config, options, remote_api):
if not bindinstance.dns_container_exists(
config.host_name,
ipautil.realm_to_suffix(config.realm_name),
realm=config.realm_name, ldapi=True):
ipautil.realm_to_suffix(config.realm_name)):
return
try: