diff options
| -rwxr-xr-x | install/tools/ipa-replica-install | 24 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-manage | 23 | ||||
| -rw-r--r-- | ipaserver/install/bindinstance.py | 58 |
3 files changed, 101 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 69c0e7ea..b53ceeea 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -245,6 +245,8 @@ def install_http(config): sys.exit(1) def install_bind(config, options): + api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) if options.forwarders: forwarders = options.forwarders else: @@ -266,6 +268,23 @@ def install_bind(config, options): config.domain_name, forwarders, options.conf_ntp, create_reverse) bind.create_instance() +def install_dns_records(config, options): + + if not bindinstance.dns_container_exists(config.host_name, + util.realm_to_suffix(config.realm_name)): + return + + api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + bind_pw=config.dirman_password) + bind = bindinstance.BindInstance(dm_password=config.dirman_password) + ip_address = resolve_host(config.host_name) + if not ip_address: + sys.exit("Unable to resolve IP address for host name") + + bind.add_master_dns_records(config.host_name, ip_address, + config.realm_name, config.domain_name, + options.conf_ntp) + def check_dirsrv(): serverids = dsinstance.check_existing_installation() if serverids: @@ -432,10 +451,9 @@ def main(): service.restart("httpd") if options.setup_dns: - api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", - bind_pw=config.dirman_password) - install_bind(config, options) + else: + install_dns_records(config, options) # Call client install script try: diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 80974545..8f0b7c59 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -24,9 +24,10 @@ import traceback, logging from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils +from ipaserver.install import bindinstance from ipaserver import ipaldap from ipapython import version -from ipalib import errors, util +from ipalib import api, errors, util CACERT = "/etc/ipa/ca.crt" @@ -274,6 +275,21 @@ def del_master(realm, hostname, options): print "Failed to cleanup %s entries: %s" % (hostname, str(e)) print "You may need to manually remove them from the tree" + # 5. And clean up the removed replica DNS entries if any. + try: + if bindinstance.dns_container_exists(options.host, thisrepl.suffix): + if options.dirman_passwd: + api.Backend.ldap2.connect(bind_dn='cn=Directory Manager', + bind_pw=options.dirman_passwd) + else: + ccache = krbV.default_context().default_ccache().name + api.Backend.ldap2.connect(ccache=ccache) + bind = bindinstance.BindInstance() + bind.remove_master_dns_records(hostname, realm, realm.lower()) + except Exception, e: + print "Failed to cleanup %s DNS entries: %s" % (hostname, str(e)) + print "You may need to manually remove them from the tree" + def add_link(realm, replica1, replica2, dirman_passwd, options): if options.winsync: @@ -355,6 +371,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd): def main(): options, args = parse_options() + # Just initialize the environment. This is so the installer can have + # access to the plugin environment + api.bootstrap(in_server=True) + api.finalize() + dirman_passwd = None realm = krbV.default_context().default_realm diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 4cf9f94c..b84ba76b 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -162,6 +162,23 @@ def add_ptr_rr(ip_address, fqdn, dns_backup=None): zone, name = get_reverse_zone(ip_address) add_rr(zone, name, "PTR", fqdn+".", dns_backup) +def del_rr(zone, name, type, rdata): + delkw = { '%srecord' % unicode(type.lower()) : unicode(rdata) } + try: + api.Command.dnsrecord_del(unicode(zone), unicode(name), **delkw) + except (errors.NotFound, errors.EmptyModlist): + pass + +def get_rr(zone, name, type): + rectype = '%srecord' % unicode(type.lower()) + ret = api.Command.dnsrecord_find(unicode(zone), unicode(name)) + if ret['count'] > 0: + for r in ret['result']: + if rectype in r: + return r[rectype] + + return [] + class DnsBackup(object): def __init__(self, service): @@ -415,6 +432,47 @@ class BindInstance(service.Service): resolv_fd.write(resolv_txt) resolv_fd.close() + def add_master_dns_records(self, fqdn, ip_address, + realm_name, domain_name, ntp=False): + self.fqdn = fqdn + self.ip_address = ip_address + self.realm = realm_name + self.domain = domain_name + self.host = fqdn.split(".")[0] + self.suffix = util.realm_to_suffix(self.realm) + self.ntp = ntp + + self.__add_self() + + def remove_master_dns_records(self, fqdn, realm_name, domain_name): + host = fqdn.split(".")[0] + suffix = util.realm_to_suffix(realm_name) + + zone = domain_name + resource_records = ( + ("_ldap._tcp", "SRV", "0 100 389 %s" % host), + ("_kerberos._tcp", "SRV", "0 100 88 %s" % host), + ("_kerberos._udp", "SRV", "0 100 88 %s" % host), + ("_kerberos-master._tcp", "SRV", "0 100 88 %s" % host), + ("_kerberos-master._udp", "SRV", "0 100 88 %s" % host), + ("_kpasswd._tcp", "SRV", "0 100 464 %s" % host), + ("_kpasswd._udp", "SRV", "0 100 464 %s" % host), + ("_ntp._udp", "SRV", "0 100 123 %s" % host), + ) + + for (record, type, rdata) in resource_records: + del_rr(zone, record, type, rdata) + + areclist = get_rr(zone, host, "A") + if len(areclist) != 0: + for rdata in areclist: + del_rr(zone, host, "A", rdata) + + rzone, record = get_reverse_zone(rdata) + if dns_zone_exists(rzone): + del_rr(rzone, record, "PTR", fqdn+".") + + def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) |