From de53d0a26e1ad7ae20368967f81b7e6391b7198d Mon Sep 17 00:00:00 2001
From: Martin Nagy <mnagy@redhat.com>
Date: Fri, 26 Jun 2009 19:37:49 +0200
Subject: Make --setup-dns work on replica installation

The ipa-replica-install script will setup the DNS if user specifies the
--setup-dns option. It will only add the zone into LDAP if the
cn=dns,$SUFFIX container doesn't exist. For now, however, we do not add
the records.
---
 install/share/Makefile.am               |  3 ++-
 install/tools/ipa-replica-install       | 41 ++++++++++++++++++++++++++++++++-
 install/tools/man/ipa-replica-install.1 |  3 +++
 ipaserver/install/bindinstance.py       | 38 ++++++++++++++++++++++++++----
 4 files changed, 79 insertions(+), 6 deletions(-)

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 2a1d90e2d..435acf1af 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -14,8 +14,9 @@ app_DATA =				\
 	caJarSigningCert.cfg.template	\
 	default-aci.ldif		\
 	default-keytypes.ldif		\
-	delegation.ldif		\
+	delegation.ldif			\
 	dns.ldif			\
+	dns_reverse.ldif		\
 	kerberos.ldif			\
 	indices.ldif			\
 	bind.named.conf.template	\
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 1a471b2a0..f56ff7a6b 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -19,6 +19,7 @@
 #
 
 import sys
+import socket
 
 import tempfile, os, pwd, traceback, logging, shutil
 from ConfigParser import SafeConfigParser
@@ -27,13 +28,16 @@ import ldap
 from ipapython import ipautil
 
 from ipaserver.install import dsinstance, replication, installutils, krbinstance, service
-from ipaserver.install import httpinstance, ntpinstance, certs
+from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver import ipaldap
 from ipapython import version
 from ipalib import util
 
 CACERT="/usr/share/ipa/html/ca.crt"
 
+class HostnameLocalhost(Exception):
+    pass
+
 class ReplicaConfig:
     def __init__(self):
         self.realm_name = ""
@@ -54,6 +58,8 @@ def parse_options():
                       default=False, help="gather extra debugging information")
     parser.add_option("-p", "--password", dest="password", 
                       help="Directory Manager (existing master) password")
+    parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
+                      default=False, help="configure bind with our zone")
 
     options, args = parser.parse_args()
 
@@ -97,6 +103,14 @@ def get_host_name():
 
     return hostname
 
+def resolve_host(host_name):
+    ip = socket.gethostbyname(host_name)
+
+    if ip == "127.0.0.1" or ip == "::1":
+        raise HostnameLocalhost
+
+    return ip
+
 def set_owner(config, dir):
     pw = pwd.getpwnam(config.ds_user)
     os.chown(dir, pw.pw_uid, pw.pw_gid)
@@ -175,6 +189,12 @@ def install_http(config):
             print "error copying files: " + str(e)
             sys.exit(1)
 
+def install_bind(config):
+    bind = bindinstance.BindInstance(dm_password=config.dirman_password)
+    ip_address = resolve_host(config.host_name)
+    bind.setup(config.host_name, ip_address, config.realm_name, config.domain_name)
+    bind.create_instance()
+
 def check_dirsrv():
     serverids = dsinstance.check_existing_installation()
     if serverids:
@@ -204,6 +224,13 @@ def check_dirsrv():
             print "\t636"
         sys.exit(1)
 
+def check_bind():
+    if not bindinstance.check_inst():
+        print "--setup-dns was specified but bind or the BIND LDAP plug-in"
+        print "is not installed on the system"
+        print "Please install bind and the LDAP plug-in and restart the setup program"
+        sys.exit(1)
+
 def main():
     options, filename = parse_options()
     installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug)
@@ -211,6 +238,8 @@ def main():
     if not ipautil.file_exists(filename):
         sys.exit("Replica file %s does not exist" % filename)
 
+    if options.setup_dns:
+        check_bind()
     check_dirsrv()
 
     # get the directory manager password
@@ -281,6 +310,8 @@ def main():
 
     install_krb(config)
     install_http(config)
+    if options.setup_dns:
+        install_bind(config)
     if CA:
         CA.import_ra_cert(dir + "/ra.p12")
         CA.fix_ra_perms()
@@ -330,6 +361,14 @@ try:
     sys.exit(0)
 except SystemExit, e:
     sys.exit(e)
+except socket.error, (errno, errstr):
+    print errstr
+except HostnameLocalhost:
+    print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+    print "Please change your /etc/hosts file so that the hostname"
+    print "resolves to the ip address of your network interface."
+    print ""
+    print "Please fix your /etc/hosts file and restart the setup program"
 except Exception, e:
     print "creation of replica failed: %s" % str(e)
     message = str(e)
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
index 674afd12b..168f66582 100644
--- a/install/tools/man/ipa-replica-install.1
+++ b/install/tools/man/ipa-replica-install.1
@@ -35,6 +35,9 @@ Do not configure NTP
 .TP 
 \fB\-p\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR 
 Directory Manager (existing master) password
+.TP
+\fB\-\-setup\-dns\fR
+Generate a DNS zone if it does not exist already and configure the DNS server
 .SH "EXIT STATUS"
 0 if the command was successful
 
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index f8fc2a980..cadab10e3 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -93,10 +93,7 @@ class BindInstance(service.Service):
         except:
             pass
 
-        # FIXME: this need to be split off, as only the first server can do
-        # this operation
-        self.step("Setting up our zone", self.__setup_zone)
-        self.step("setting up reverse zone", self.__setup_reverse_zone)
+        self.__add_zone_steps()
 
         self.step("setting up kerberos principal", self.__setup_principal)
         self.step("setting up named.conf", self.__setup_named_conf)
@@ -107,6 +104,39 @@ class BindInstance(service.Service):
         self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf)
         self.start_creation("Configuring named:")
 
+    def __add_zone_steps(self):
+        """
+        Add steps necessary to add records and zones, if they don't exist
+        already.
+        """
+
+        def object_exists(dn):
+            """
+            Test whether the given object exists in LDAP.
+            """
+            try:
+                server.search_ext_s(dn, ldap.SCOPE_BASE)
+            except ldap.NO_SUCH_OBJECT:
+                return False
+            else:
+                return True
+
+        zone_dn = "idnsName=%s,cn=dns,%s" % (self.domain, self.suffix)
+        reverse_zone_dn = "idnsName=%s.in-addr.arpa,cn=dns,%s" % (self.reverse_subnet, self.suffix)
+
+        server = ldap.initialize("ldap://" + self.fqdn)
+        server.simple_bind_s()
+        if object_exists(zone_dn):
+            pass # TODO: Add dns records to the zone
+        else:
+            self.step("setting up our zone", self.__setup_zone)
+        if object_exists(reverse_zone_dn):
+            pass # TODO: Add dns records to the reverse zone
+        else:
+            self.step("setting up reverse zone", self.__setup_reverse_zone)
+
+        server.unbind_s()
+
     def __start(self):
         try:
             self.backup_state("running", self.is_running())
-- 
cgit