summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/bindinstance.py
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-04-23 09:21:33 +0200
committerMartin Kosek <mkosek@redhat.com>2013-04-24 14:36:28 +0200
commit63e79a3d86bb302b954571ec881aae06388392cd (patch)
treea0ff1c0392954232f0b24d105769ede6df54c2cf /ipaserver/install/bindinstance.py
parent014f2962740c236c0bc4d14ba785d41dbbfdf78e (diff)
downloadfreeipa-63e79a3d86bb302b954571ec881aae06388392cd.tar.gz
freeipa-63e79a3d86bb302b954571ec881aae06388392cd.tar.xz
freeipa-63e79a3d86bb302b954571ec881aae06388392cd.zip
Add ipa-ca records for existing CA masters when installing DNS for the first time.
https://fedorahosted.org/freeipa/ticket/3564
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r--ipaserver/install/bindinstance.py34
1 files changed, 29 insertions, 5 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index c80d4580..7a37f7b1 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -704,7 +704,7 @@ class BindInstance(service.Service):
root_logger.debug("Adding DNS records for master %s" % fqdn)
self.__add_master_records(fqdn, addrs)
- def _add_ipa_ca_dns_records(self, domain_name, fqdn, addrs, ca_configured):
+ def __add_ipa_ca_records(self, fqdn, addrs, ca_configured):
if ca_configured is False:
root_logger.debug("CA is not configured")
return
@@ -725,14 +725,35 @@ class BindInstance(service.Service):
try:
for addr in addrs:
- add_fwd_rr(domain_name, IPA_CA_RECORD, addr)
+ add_fwd_rr(self.domain, IPA_CA_RECORD, addr)
except errors.ValidationError:
# there is a CNAME record in ipa-ca, we can't add A/AAAA records
pass
def __add_ipa_ca_record(self):
- self._add_ipa_ca_dns_records(self.domain, self.fqdn, [self.ip_address],
- self.ca_configured)
+ self.__add_ipa_ca_records(self.fqdn, [self.ip_address],
+ self.ca_configured)
+
+ if self.first_instance:
+ ldap = api.Backend.ldap2
+ entries = ldap.get_entries(
+ DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+ api.env.basedn),
+ ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))',
+ ['dn'])
+
+ for entry in entries:
+ fqdn = entry.dn[1]['cn']
+ if fqdn == self.fqdn:
+ continue
+
+ host, zone = fqdn.split('.', 1)
+ if dns_zone_exists(zone):
+ addrs = get_fwd_rr(zone, host)
+ else:
+ addrs = installutils.resolve_host(fqdn)
+
+ self.__add_ipa_ca_records(fqdn, addrs, True)
def __setup_principal(self):
dns_principal = "DNS/" + self.fqdn + "@" + self.realm
@@ -812,6 +833,7 @@ class BindInstance(service.Service):
self.ntp = ntp
self.reverse_zone = reverse_zone
self.ca_configured = ca_configured
+ self.first_instance = False
self.__add_self()
self.__add_ipa_ca_record()
@@ -823,7 +845,9 @@ class BindInstance(service.Service):
else:
addrs = installutils.resolve_host(fqdn)
- self._add_ipa_ca_dns_records(domain_name, fqdn, addrs, ca_configured)
+ self.domain = domain_name
+
+ self.__add_ipa_ca_records(fqdn, addrs, ca_configured)
def convert_ipa_ca_cnames(self, domain_name):
# get ipa-ca CNAMEs