mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Change DNS installer code to use passed in api
Fixes a number of places where api was not passed around internally. Also allows to install dns in replica promotion which requires an alternative api to be created with the right configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Simo Sorce
Jan Cholasta
@@ -343,27 +343,31 @@ def add_ptr_rr(zone, ip_address, fqdn, dns_backup=None, api=api):
|
||||
name = get_reverse_record_name(zone, ip_address)
|
||||
add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api)
|
||||
|
||||
def add_ns_rr(zone, hostname, dns_backup=None, force=True):
|
||||
|
||||
def add_ns_rr(zone, hostname, dns_backup=None, force=True, api=api):
|
||||
hostname = normalize_zone(hostname)
|
||||
add_rr(zone, "@", "NS", hostname, dns_backup=dns_backup,
|
||||
force=force)
|
||||
force=force, api=api)
|
||||
|
||||
def del_rr(zone, name, type, rdata):
|
||||
|
||||
def del_rr(zone, name, type, rdata, api=api):
|
||||
delkw = { '%srecord' % str(type.lower()) : unicode(rdata) }
|
||||
try:
|
||||
api.Command.dnsrecord_del(unicode(zone), unicode(name), **delkw)
|
||||
except (errors.NotFound, errors.AttrValueNotFound, errors.EmptyModlist):
|
||||
pass
|
||||
|
||||
def del_fwd_rr(zone, host, ip_address):
|
||||
|
||||
def del_fwd_rr(zone, host, ip_address, api=api):
|
||||
addr = netaddr.IPAddress(ip_address)
|
||||
if addr.version == 4:
|
||||
del_rr(zone, host, "A", ip_address)
|
||||
del_rr(zone, host, "A", ip_address, api=api)
|
||||
elif addr.version == 6:
|
||||
del_rr(zone, host, "AAAA", ip_address)
|
||||
del_rr(zone, host, "AAAA", ip_address, api=api)
|
||||
|
||||
def del_ns_rr(zone, name, rdata):
|
||||
del_rr(zone, name, 'NS', rdata)
|
||||
|
||||
def del_ns_rr(zone, name, rdata, api=api):
|
||||
del_rr(zone, name, 'NS', rdata, api=api)
|
||||
|
||||
def get_rr(zone, name, type, api=api):
|
||||
rectype = '%srecord' % unicode(type.lower())
|
||||
@@ -622,7 +626,7 @@ class BindInstance(service.Service):
|
||||
if self.first_instance:
|
||||
self.step("adding DNS container", self.__setup_dns_container)
|
||||
|
||||
if not dns_zone_exists(self.domain):
|
||||
if not dns_zone_exists(self.domain, self.api):
|
||||
self.step("setting up our zone", self.__setup_zone)
|
||||
if self.reverse_zones:
|
||||
self.step("setting up reverse zone", self.__setup_reverse_zone)
|
||||
@@ -737,12 +741,12 @@ class BindInstance(service.Service):
|
||||
self.__fix_dns_privilege_members()
|
||||
|
||||
def __fix_dns_privilege_members(self):
|
||||
ldap = api.Backend.ldap2
|
||||
ldap = self.api.Backend.ldap2
|
||||
|
||||
cn = 'Update PBAC memberOf %s' % time.time()
|
||||
task_dn = DN(('cn', cn), ('cn', 'memberof task'), ('cn', 'tasks'),
|
||||
('cn', 'config'))
|
||||
basedn = DN(api.env.container_privilege, api.env.basedn)
|
||||
basedn = DN(self.api.env.container_privilege, self.api.env.basedn)
|
||||
entry = ldap.make_entry(
|
||||
task_dn,
|
||||
objectclass=['top', 'extensibleObject'],
|
||||
@@ -767,24 +771,25 @@ class BindInstance(service.Service):
|
||||
def __setup_zone(self):
|
||||
# Always use force=True as named is not set up yet
|
||||
add_zone(self.domain, self.zonemgr, dns_backup=self.dns_backup,
|
||||
ns_hostname=api.env.host, force=True)
|
||||
ns_hostname=self.api.env.host, force=True, api=self.api)
|
||||
|
||||
add_rr(self.domain, "_kerberos", "TXT", self.realm)
|
||||
add_rr(self.domain, "_kerberos", "TXT", self.realm, api=self.api)
|
||||
|
||||
def __add_self_ns(self):
|
||||
# add NS record to all zones
|
||||
ns_hostname = normalize_zone(api.env.host)
|
||||
result = api.Command.dnszone_find()
|
||||
ns_hostname = normalize_zone(self.api.env.host)
|
||||
result = self.api.Command.dnszone_find()
|
||||
for zone in result['result']:
|
||||
zone = unicode(zone['idnsname'][0]) # we need unicode due to backup
|
||||
root_logger.debug("adding self NS to zone %s apex", zone)
|
||||
add_ns_rr(zone, ns_hostname, self.dns_backup, force=True)
|
||||
add_ns_rr(zone, ns_hostname, self.dns_backup, force=True,
|
||||
api=self.api)
|
||||
|
||||
def __setup_reverse_zone(self):
|
||||
# Always use force=True as named is not set up yet
|
||||
for reverse_zone in self.reverse_zones:
|
||||
add_zone(reverse_zone, self.zonemgr, ns_hostname=api.env.host,
|
||||
dns_backup=self.dns_backup, force=True)
|
||||
add_zone(reverse_zone, self.zonemgr, ns_hostname=self.api.env.host,
|
||||
dns_backup=self.dns_backup, force=True, api=self.api)
|
||||
|
||||
def __add_master_records(self, fqdn, addrs):
|
||||
host, zone = fqdn.split(".", 1)
|
||||
@@ -809,7 +814,8 @@ class BindInstance(service.Service):
|
||||
)
|
||||
|
||||
for (rname, rdata) in srv_records:
|
||||
add_rr(self.domain, rname, "SRV", rdata, self.dns_backup, self.api)
|
||||
add_rr(self.domain, rname, "SRV", rdata, self.dns_backup,
|
||||
api=self.api)
|
||||
|
||||
if not dns_zone_exists(zone, self.api):
|
||||
# add DNS domain for host first
|
||||
@@ -823,11 +829,11 @@ class BindInstance(service.Service):
|
||||
|
||||
# Add forward and reverse records to self
|
||||
for addr in addrs:
|
||||
add_fwd_rr(zone, host, addr, self.api)
|
||||
add_fwd_rr(zone, host, addr, api=self.api)
|
||||
|
||||
reverse_zone = find_reverse_zone(addr, self.api)
|
||||
if reverse_zone:
|
||||
add_ptr_rr(reverse_zone, addr, fqdn, None, self.api)
|
||||
add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api)
|
||||
|
||||
def __add_self(self):
|
||||
self.__add_master_records(self.fqdn, self.ip_addresses)
|
||||
@@ -869,7 +875,7 @@ class BindInstance(service.Service):
|
||||
|
||||
try:
|
||||
for addr in addrs:
|
||||
add_fwd_rr(self.domain, IPA_CA_RECORD, addr, self.api)
|
||||
add_fwd_rr(self.domain, IPA_CA_RECORD, addr, api=self.api)
|
||||
except errors.ValidationError:
|
||||
# there is a CNAME record in ipa-ca, we can't add A/AAAA records
|
||||
pass
|
||||
@@ -883,7 +889,7 @@ class BindInstance(service.Service):
|
||||
try:
|
||||
entries = ldap.get_entries(
|
||||
DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
|
||||
api.env.basedn),
|
||||
self.api.env.basedn),
|
||||
ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))',
|
||||
['dn'])
|
||||
except errors.NotFound:
|
||||
@@ -897,7 +903,7 @@ class BindInstance(service.Service):
|
||||
|
||||
host, zone = fqdn.split('.', 1)
|
||||
if dns_zone_exists(zone, self.api):
|
||||
addrs = get_fwd_rr(zone, host, self.api)
|
||||
addrs = get_fwd_rr(zone, host, api=self.api)
|
||||
else:
|
||||
addrs = installutils.resolve_host(fqdn)
|
||||
|
||||
@@ -1016,8 +1022,8 @@ class BindInstance(service.Service):
|
||||
|
||||
def add_ipa_ca_dns_records(self, fqdn, domain_name, ca_configured=True):
|
||||
host, zone = fqdn.split(".", 1)
|
||||
if dns_zone_exists(zone):
|
||||
addrs = get_fwd_rr(zone, host)
|
||||
if dns_zone_exists(zone, self.api):
|
||||
addrs = get_fwd_rr(zone, host, api=self.api)
|
||||
else:
|
||||
addrs = installutils.resolve_host(fqdn)
|
||||
|
||||
@@ -1027,7 +1033,7 @@ class BindInstance(service.Service):
|
||||
|
||||
def convert_ipa_ca_cnames(self, domain_name):
|
||||
# get ipa-ca CNAMEs
|
||||
cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME")
|
||||
cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME", api=self.api)
|
||||
if not cnames:
|
||||
return
|
||||
|
||||
@@ -1043,11 +1049,11 @@ class BindInstance(service.Service):
|
||||
cname_fqdn[cname] = fqdn
|
||||
|
||||
# get FQDNs of all IPA masters
|
||||
ldap = api.Backend.ldap2
|
||||
ldap = self.api.Backend.ldap2
|
||||
try:
|
||||
entries = ldap.get_entries(
|
||||
DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
|
||||
api.env.basedn),
|
||||
self.api.env.basedn),
|
||||
ldap.SCOPE_ONELEVEL, None, ['cn'])
|
||||
masters = set(e['cn'][0] for e in entries)
|
||||
except errors.NotFound:
|
||||
@@ -1064,7 +1070,7 @@ class BindInstance(service.Service):
|
||||
|
||||
# delete all CNAMEs
|
||||
for cname in cnames:
|
||||
del_rr(domain_name, IPA_CA_RECORD, "CNAME", cname)
|
||||
del_rr(domain_name, IPA_CA_RECORD, "CNAME", cname, api=self.api)
|
||||
|
||||
# add A/AAAA records
|
||||
for cname in cnames:
|
||||
@@ -1090,32 +1096,33 @@ class BindInstance(service.Service):
|
||||
)
|
||||
|
||||
for (record, type, rdata) in resource_records:
|
||||
del_rr(self.domain, record, type, rdata)
|
||||
del_rr(self.domain, record, type, rdata, api=self.api)
|
||||
|
||||
areclist = get_fwd_rr(zone, host)
|
||||
areclist = get_fwd_rr(zone, host, api=self.api)
|
||||
for rdata in areclist:
|
||||
del_fwd_rr(zone, host, rdata)
|
||||
del_fwd_rr(zone, host, rdata, api=self.api)
|
||||
|
||||
rzone = find_reverse_zone(rdata)
|
||||
if rzone is not None:
|
||||
record = get_reverse_record_name(rzone, rdata)
|
||||
del_rr(rzone, record, "PTR", normalize_zone(fqdn))
|
||||
del_rr(rzone, record, "PTR", normalize_zone(fqdn),
|
||||
api=self.api)
|
||||
|
||||
def remove_ipa_ca_dns_records(self, fqdn, domain_name):
|
||||
host, zone = fqdn.split(".", 1)
|
||||
if dns_zone_exists(zone):
|
||||
addrs = get_fwd_rr(zone, host)
|
||||
if dns_zone_exists(zone, self.api):
|
||||
addrs = get_fwd_rr(zone, host, api=self.api)
|
||||
else:
|
||||
addrs = installutils.resolve_host(fqdn)
|
||||
|
||||
for addr in addrs:
|
||||
del_fwd_rr(domain_name, IPA_CA_RECORD, addr)
|
||||
del_fwd_rr(domain_name, IPA_CA_RECORD, addr, api=self.api)
|
||||
|
||||
def remove_server_ns_records(self, fqdn):
|
||||
"""
|
||||
Remove all NS records pointing to this server
|
||||
"""
|
||||
ldap = api.Backend.ldap2
|
||||
ldap = self.api.Backend.ldap2
|
||||
ns_rdata = normalize_zone(fqdn)
|
||||
|
||||
# find all NS records pointing to this server
|
||||
@@ -1123,7 +1130,7 @@ class BindInstance(service.Service):
|
||||
search_kw['nsrecord'] = ns_rdata
|
||||
attr_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
|
||||
attributes = ['idnsname', 'objectclass']
|
||||
dn = DN(api.env.container_dns, api.env.basedn)
|
||||
dn = DN(self.api.env.container_dns, self.api.env.basedn)
|
||||
|
||||
entries, truncated = ldap.find_entries(attr_filter, attributes, base_dn=dn)
|
||||
|
||||
@@ -1136,21 +1143,21 @@ class BindInstance(service.Service):
|
||||
# zone record
|
||||
zone = entry.single_value['idnsname']
|
||||
root_logger.debug("zone record %s", zone)
|
||||
del_ns_rr(zone, u'@', ns_rdata)
|
||||
del_ns_rr(zone, u'@', ns_rdata, api=self.api)
|
||||
else:
|
||||
zone = entry.dn[1].value # get zone from DN
|
||||
record = entry.single_value['idnsname']
|
||||
root_logger.debug("record %s in zone %s", record, zone)
|
||||
del_ns_rr(zone, record, ns_rdata)
|
||||
del_ns_rr(zone, record, ns_rdata, api=self.api)
|
||||
|
||||
def check_global_configuration(self):
|
||||
"""
|
||||
Check global DNS configuration in LDAP server and inform user when it
|
||||
set and thus overrides his configured options in named.conf.
|
||||
"""
|
||||
result = api.Command.dnsconfig_show()
|
||||
result = self.api.Command.dnsconfig_show()
|
||||
global_conf_set = any(param in result['result'] for \
|
||||
param in api.Object['dnsconfig'].params)
|
||||
param in self.api.Object['dnsconfig'].params)
|
||||
|
||||
if not global_conf_set:
|
||||
print("Global DNS configuration in LDAP server is empty")
|
||||
@@ -1161,8 +1168,9 @@ class BindInstance(service.Service):
|
||||
print("Global DNS configuration in LDAP server is not empty")
|
||||
print("The following configuration options override local settings in named.conf:")
|
||||
print("")
|
||||
textui = ipalib.cli.textui(api)
|
||||
api.Command.dnsconfig_show.output_for_cli(textui, result, None, reverse=False)
|
||||
textui = ipalib.cli.textui(self.api)
|
||||
self.api.Command.dnsconfig_show.output_for_cli(textui, result, None,
|
||||
reverse=False)
|
||||
|
||||
def uninstall(self):
|
||||
if self.is_configured():
|
||||
@@ -1173,7 +1181,7 @@ class BindInstance(service.Service):
|
||||
named_regular_running = self.restore_state("named-regular-running")
|
||||
named_regular_enabled = self.restore_state("named-regular-enabled")
|
||||
|
||||
self.dns_backup.clear_records(api.Backend.ldap2.isconnected())
|
||||
self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected())
|
||||
|
||||
|
||||
for f in [NAMED_CONF, RESOLV_CONF]:
|
||||
|
||||
@@ -262,7 +262,7 @@ def install_check(standalone, replica, options, hostname):
|
||||
print("Using reverse zone(s) %s" % ', '.join(reverse_zones))
|
||||
|
||||
|
||||
def install(standalone, replica, options):
|
||||
def install(standalone, replica, options, api=api):
|
||||
global ip_addresses
|
||||
global dns_forwarders
|
||||
global reverse_zones
|
||||
@@ -280,7 +280,7 @@ def install(standalone, replica, options):
|
||||
# otherwise this is done by server/replica installer
|
||||
update_hosts_file(ip_addresses, api.env.host, fstore)
|
||||
|
||||
bind = bindinstance.BindInstance(fstore, ldapi=True,
|
||||
bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
|
||||
autobind=AUTOBIND_ENABLED)
|
||||
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
|
||||
dns_forwarders, conf_ntp, reverse_zones, zonemgr=options.zonemgr,
|
||||
|
||||
@@ -776,8 +776,6 @@ def promote_check(installer):
|
||||
raise NotImplementedError
|
||||
if options.setup_kra:
|
||||
raise NotImplementedError
|
||||
if options.setup_dns:
|
||||
raise NotImplementedError
|
||||
|
||||
tasks.check_selinux_status()
|
||||
|
||||
@@ -1040,7 +1038,6 @@ def promote_check(installer):
|
||||
raise RuntimeError("CA cert file is not available.")
|
||||
|
||||
installer._ca_enabled = ca_enabled
|
||||
installer._remote_api = remote_api
|
||||
installer._fstore = fstore
|
||||
installer._sstore = sstore
|
||||
installer._config = config
|
||||
@@ -1088,6 +1085,8 @@ def promote(installer):
|
||||
# or certmonger will fail to contact the peer master
|
||||
install_http_certs(config, fstore)
|
||||
|
||||
ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name)
|
||||
|
||||
# Create the management framework config file
|
||||
gopts = [
|
||||
ipaconf.setOption('host', config.host_name),
|
||||
@@ -1095,8 +1094,7 @@ def promote(installer):
|
||||
ipaconf.setOption('xmlrpc_uri',
|
||||
'https://%s/ipa/xml' %
|
||||
ipautil.format_netloc(config.host_name)),
|
||||
ipaconf.setOption('ldap_uri',
|
||||
installutils.realm_to_ldapi_uri(config.realm_name)),
|
||||
ipaconf.setOption('ldap_uri', ldapi_uri),
|
||||
ipaconf.setOption('mode', 'production'),
|
||||
ipaconf.setOption('enable_ra', 'True'),
|
||||
ipaconf.setOption('ra_plugin', 'dogtag'),
|
||||
@@ -1155,10 +1153,6 @@ def promote(installer):
|
||||
dogtag_service = services.knownservices[dogtag_constants.SERVICE_NAME]
|
||||
dogtag_service.restart(dogtag_constants.PKI_INSTANCE_NAME)
|
||||
|
||||
if options.setup_dns:
|
||||
api.Backend.ldap2.connect(autobind=True)
|
||||
dns.install(False, True, options)
|
||||
|
||||
# Restart httpd to pick up the new IPA configuration
|
||||
service.print_msg("Restarting the web server")
|
||||
http.restart()
|
||||
@@ -1169,6 +1163,16 @@ def promote(installer):
|
||||
|
||||
promote_sssd(config.host_name)
|
||||
|
||||
# Switch API so that it uses the new servr configuration
|
||||
server_api = create_api(mode=None)
|
||||
server_api.bootstrap(in_server=True, context='installer')
|
||||
server_api.finalize()
|
||||
|
||||
if options.setup_dns:
|
||||
server_api.Backend.rpcclient.connect()
|
||||
server_api.Backend.ldap2.connect(autobind=True)
|
||||
dns.install(False, True, options, server_api)
|
||||
|
||||
# Everything installed properly, activate ipa service.
|
||||
services.knownservices.ipa.enable()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user