diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2011-07-11 10:14:53 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-07-15 16:42:16 +0200 |
| commit | 881df73568a9638bba6a6d0ae2e715cf249f6fa4 (patch) | |
| tree | 563a44d98a84066b18172b89b1402953140d8eb8 /install | |
| parent | 1c5028c17df9dc903a6db2712738670c3534246f (diff) | |
| download | freeipa-881df73568a9638bba6a6d0ae2e715cf249f6fa4.tar.gz freeipa-881df73568a9638bba6a6d0ae2e715cf249f6fa4.tar.xz freeipa-881df73568a9638bba6a6d0ae2e715cf249f6fa4.zip | |
Fix creation of reverse DNS zones.
Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by
default instead of using the netmask from the --ip-address option.
Custom reverse DNS zone can be specified using new --reverse-zone
option, which replaces the old --ip-address netmask way of creating
reverse zones.
The reverse DNS zone name is printed to the user during the install.
ticket 1398
Diffstat (limited to 'install')
| -rwxr-xr-x | install/tools/ipa-dns-install | 50 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 40 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 53 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 36 | ||||
| -rw-r--r-- | install/tools/man/ipa-dns-install.1 | 3 | ||||
| -rw-r--r-- | install/tools/man/ipa-replica-install.1 | 3 | ||||
| -rw-r--r-- | install/tools/man/ipa-replica-prepare.1 | 6 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
8 files changed, 117 insertions, 77 deletions
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index b5295b5c7..eb1336e51 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -38,14 +38,14 @@ def parse_options(): parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="print debugging information") parser.add_option("--ip-address", dest="ip_address", - type="ip", ip_netmask=True, ip_local=True, help="Master Server IP Address") + type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--forwarder", dest="forwarders", action="append", type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") - parser.add_option("--no-reverse", dest="no_reverse", - action="store_true", default=False, - help="Do not create reverse DNS zone") + parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") + parser.add_option("--no-reverse", dest="no_reverse", action="store_true", + default=False, help="Do not create reverse DNS zone") parser.add_option("--zonemgr", dest="zonemgr", help="DNS zone manager e-mail address. Defaults to root") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", @@ -56,6 +56,8 @@ def parse_options(): if options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") if options.unattended: if not options.forwarders and not options.no_forwarders: @@ -104,26 +106,28 @@ def main(): # Check we have a public IP that is associated with the hostname if options.ip_address: - ip_address = options.ip_address + ip = options.ip_address else: hostaddr = resolve_host(api.env.host) - ip_address = hostaddr and ipautil.CheckedIPAddress(hostaddr) + ip = hostaddr and ipautil.CheckedIPAddress(hostaddr) try: - verify_ip_address(ip_address) + verify_ip_address(ip) except Exception, e: - print "Error: Invalid IP Address %s: %s" % (ip_address, e) - ip_address = None + print "Error: Invalid IP Address %s: %s" % (ip, e) + ip = None - if not ip_address: + if not ip: if options.unattended: sys.exit("Unable to resolve IP address for host name") else: - ip_address = read_ip_address(api.env.host, fstore) - ip_prefixlen = ip_address.prefixlen - ip_address = str(ip_address) + ip = read_ip_address(api.env.host, fstore) + ip_address = str(ip) logging.debug("will use ip_address: %s\n", ip_address) + if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): + sys.exit(1) + if options.no_forwarders: dns_forwarders = () elif options.forwarders: @@ -161,13 +165,6 @@ def main(): sys.exit("\nPassword is not valid!") bind.dm_password = read_password("Directory Manager", confirm=False, validate=False) - create_reverse = True - if options.unattended: - create_reverse = not options.no_reverse - elif not options.no_reverse: - create_reverse = bindinstance.create_reverse() - bind.setup(api.env.host, ip_address, ip_prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) - if bind.dm_password: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password) else: @@ -175,6 +172,19 @@ def main(): ccache = krbV.default_context().default_ccache().name api.Backend.ldap2.connect(ccache) + if options.reverse_zone: + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) + else: + reverse_zone = bindinstance.find_reverse_zone(ip) + if reverse_zone is None and not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) + if not options.unattended and bindinstance.create_reverse(): + reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) + + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + + bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr) bind.create_instance() diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 7daa0e8e3..d499754a9 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -59,6 +59,7 @@ def parse_options(): type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") + parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") parser.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create reverse DNS zone") parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true", @@ -84,12 +85,16 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") + if options.reverse_zone: + parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") if options.no_reverse: parser.error("You cannot specify a --no-reverse option without the --setup-dns option") elif options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") elif not options.forwarders and not options.no_forwarders: parser.error("You must specify at least one --forwarder option or --no-forwarders option") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") return safe_options, options, args[0] @@ -183,22 +188,23 @@ def install_bind(config, options): sys.exit("Unable to resolve IP address for host name") ip = installutils.parse_ip_address(ip_address) ip_address = str(ip) - ip_prefixlen = ip.prefixlen - create_reverse = True - if options.unattended: - # In unattended mode just use the cmdline flag - create_reverse = not options.no_reverse + if options.reverse_zone: + if not bindinstance.verify_reverse_zone(options.reverse_zone, ip): + sys.exit(1) + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) else: - if options.no_reverse: - create_reverse = False - else: - # In interactive mode, if the flag was not explicitly - # specified, ask the user - create_reverse = bindinstance.create_reverse() - - bind.setup(config.host_name, ip_address, ip_prefixlen, config.realm_name, - config.domain_name, forwarders, options.conf_ntp, create_reverse) + reverse_zone = bindinstance.find_reverse_zone(ip) + if reverse_zone is None and not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) + if not options.unattended and bindinstance.create_reverse(): + reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) + + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + + bind.setup(config.host_name, ip_address, config.realm_name, + config.domain_name, forwarders, options.conf_ntp, reverse_zone) bind.create_instance() def install_dns_records(config, options): @@ -221,11 +227,11 @@ def install_dns_records(config, options): sys.exit("Unable to resolve IP address for host name") ip = installutils.parse_ip_address(ip_address) ip_address = str(ip) - ip_prefixlen = ip.prefixlen + reverse_zone = bindinstance.find_reverse_zone(ip) - bind.add_master_dns_records(config.host_name, ip_address, ip_prefixlen, + bind.add_master_dns_records(config.host_name, ip_address, config.realm_name, config.domain_name, - options.conf_ntp) + reverse_zone, options.conf_ntp) #set it back to the default api.Backend.ldap2.disconnect() diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 97dd96a19..cb279481d 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -27,7 +27,7 @@ import krbV from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_zone_exists +from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking from ipaserver.install.installutils import resolve_host from ipaserver.plugins.ldap2 import ldap2 @@ -54,8 +54,11 @@ def parse_options(): parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") parser.add_option("--ip-address", dest="ip_address", - type="ip", ip_netmask=True, - help="Add A and PTR records of the future replica") + type="ip", help="Add A and PTR records of the future replica") + parser.add_option("--reverse-zone", dest="reverse_zone", + help="The reverse DNS zone to use") + parser.add_option("--no-reverse", dest="no_reverse", action="store_true", + default=False, help="Do not create reverse DNS zone") parser.add_option("--ca", dest="ca_file", default="/root/cacert.p12", help="Location of CA PKCS#12 file, default /root/cacert.p12") parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", @@ -63,6 +66,14 @@ def parse_options(): options, args = parser.parse_args() + if not options.ip_address: + if options.reverse_zone: + parser.error("You cannot specify a --reverse-zone option without the --ip-address option") + if options.no_reverse: + parser.error("You cannot specify a --no-reverse option without the --ip-address option") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") + # If any of the PKCS#12 options are selected, all are required. Create a # list of the options and count it to enforce that all are required without # having a huge set of it blocks. @@ -255,6 +266,8 @@ def main(): if not bindinstance.dns_container_exists(api.env.host, api.env.basedn): print "You can't add a DNS record because DNS is not set up." sys.exit(1) + if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address): + sys.exit(1) if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin: sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") @@ -424,31 +437,21 @@ def main(): ip = options.ip_address ip_address = str(ip) - ip_prefixlen = ip.prefixlen - - if ip.defaultnet: - revzone = ip.reverse_dns - if ip.version == 4: - prefix = 32 - dec = 8 - elif ip.version == 6: - prefix = 128 - dec = 4 - - while prefix > 0: - dummy, dot, revzone = revzone.partition('.') - prefix = prefix - dec - if dns_zone_exists(revzone): - break - - if prefix > 0: - ip_prefixlen = prefix - else: - add_reverse_zone(ip_address, ip_prefixlen) + + if options.reverse_zone: + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) + else: + reverse_zone = bindinstance.find_reverse_zone(ip) + if reverse_zone is None and not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) add_zone(domain) add_fwd_rr(domain, name, ip_address) - add_ptr_rr(ip_address, ip_prefixlen, replica_fqdn) + + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + add_reverse_zone(reverse_zone) + add_ptr_rr(reverse_zone, ip_address, replica_fqdn) try: if not os.geteuid()==0: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 504da2c61..35b16dae8 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -100,7 +100,7 @@ def parse_options(): help="File containing PKCS#10 of the external CA chain") parser.add_option("--hostname", dest="host_name", help="fully qualified name of server") parser.add_option("--ip-address", dest="ip_address", - type="ip", ip_netmask=True, ip_local=True, + type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--setup-dns", dest="setup_dns", action="store_true", default=False, help="configure bind with our zone") @@ -108,6 +108,7 @@ def parse_options(): type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") + parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") parser.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create reverse DNS zone") parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback, @@ -154,10 +155,14 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") + if options.reverse_zone: + parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") if options.no_reverse: parser.error("You cannot specify a --no-reverse option without the --setup-dns option") elif options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") if options.uninstall: if (options.realm_name or @@ -552,7 +557,7 @@ def main(): master_password = "" dm_password = "" admin_password = "" - create_reverse = True + reverse_zone = None # check bind packages are installed if options.setup_dns: @@ -631,7 +636,9 @@ def main(): ip = read_ip_address(host_name, fstore) logging.debug("read ip_address: %s\n" % str(ip)) ip_address = str(ip) - ip_prefixlen = ip.prefixlen + + if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): + sys.exit(1) print "The IPA Master Server will be configured with" print "Hostname: " + host_name @@ -896,18 +903,17 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) if options.setup_dns: - if options.unattended: - # In unattended mode just use the cmdline flag - create_reverse = not options.no_reverse - else: - if options.no_reverse: - create_reverse = False - else: - # In interactive mode, if the flag was not explicitly - # specified, ask the user - create_reverse = bindinstance.create_reverse() - - bind.setup(host_name, ip_address, ip_prefixlen, realm_name, domain_name, dns_forwarders, options.conf_ntp, create_reverse, zonemgr=options.zonemgr) + if options.reverse_zone: + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) + elif not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) + if not options.unattended and bindinstance.create_reverse(): + reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) + + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + + bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp, reverse_zone, zonemgr=options.zonemgr) if options.setup_dns: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1 index f6f99c125..e8c53bf72 100644 --- a/install/tools/man/ipa-dns-install.1 +++ b/install/tools/man/ipa-dns-install.1 @@ -40,6 +40,9 @@ A forwarder is a DNS server where queries for a specific non\-resolvable address \fB\-\-no\-forwarders\fR Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root servers. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP \fB\-\-no\-reverse\fR Do not create reverse DNS zone .TP diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index 1dac5faa1..1426d61bb 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -56,6 +56,9 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP \fB\-\-no\-reverse\fR Do not create reverse DNS zone .TP diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1 index 88da6f4fe..a8ebcc9cf 100644 --- a/install/tools/man/ipa-replica-prepare.1 +++ b/install/tools/man/ipa-replica-prepare.1 @@ -54,6 +54,12 @@ Directory Manager (existing master) password \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP +\fB\-\-no\-reverse\fR +Do not create reverse DNS zone +.TP \fB\-\-ca\fR=\fICA_FILE\fR Location of CA PKCS#12 file, default /root/cacert.p12 .TP diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 40d86e70e..7450ab980 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -79,6 +79,9 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP \fB\-\-no\-reverse\fR Do not create reverse DNS zone .TP |