diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-04-23 09:21:33 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-04-24 14:36:28 +0200 |
commit | 63e79a3d86bb302b954571ec881aae06388392cd (patch) | |
tree | a0ff1c0392954232f0b24d105769ede6df54c2cf /ipaserver/install/bindinstance.py | |
parent | 014f2962740c236c0bc4d14ba785d41dbbfdf78e (diff) | |
download | freeipa-63e79a3d86bb302b954571ec881aae06388392cd.tar.gz freeipa-63e79a3d86bb302b954571ec881aae06388392cd.tar.xz freeipa-63e79a3d86bb302b954571ec881aae06388392cd.zip |
Add ipa-ca records for existing CA masters when installing DNS for the first time.
https://fedorahosted.org/freeipa/ticket/3564
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r-- | ipaserver/install/bindinstance.py | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index c80d4580..7a37f7b1 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -704,7 +704,7 @@ class BindInstance(service.Service): root_logger.debug("Adding DNS records for master %s" % fqdn) self.__add_master_records(fqdn, addrs) - def _add_ipa_ca_dns_records(self, domain_name, fqdn, addrs, ca_configured): + def __add_ipa_ca_records(self, fqdn, addrs, ca_configured): if ca_configured is False: root_logger.debug("CA is not configured") return @@ -725,14 +725,35 @@ class BindInstance(service.Service): try: for addr in addrs: - add_fwd_rr(domain_name, IPA_CA_RECORD, addr) + add_fwd_rr(self.domain, IPA_CA_RECORD, addr) except errors.ValidationError: # there is a CNAME record in ipa-ca, we can't add A/AAAA records pass def __add_ipa_ca_record(self): - self._add_ipa_ca_dns_records(self.domain, self.fqdn, [self.ip_address], - self.ca_configured) + self.__add_ipa_ca_records(self.fqdn, [self.ip_address], + self.ca_configured) + + if self.first_instance: + ldap = api.Backend.ldap2 + entries = ldap.get_entries( + DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), + api.env.basedn), + ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))', + ['dn']) + + for entry in entries: + fqdn = entry.dn[1]['cn'] + if fqdn == self.fqdn: + continue + + host, zone = fqdn.split('.', 1) + if dns_zone_exists(zone): + addrs = get_fwd_rr(zone, host) + else: + addrs = installutils.resolve_host(fqdn) + + self.__add_ipa_ca_records(fqdn, addrs, True) def __setup_principal(self): dns_principal = "DNS/" + self.fqdn + "@" + self.realm @@ -812,6 +833,7 @@ class BindInstance(service.Service): self.ntp = ntp self.reverse_zone = reverse_zone self.ca_configured = ca_configured + self.first_instance = False self.__add_self() self.__add_ipa_ca_record() @@ -823,7 +845,9 @@ class BindInstance(service.Service): else: addrs = installutils.resolve_host(fqdn) - self._add_ipa_ca_dns_records(domain_name, fqdn, addrs, ca_configured) + self.domain = domain_name + + self.__add_ipa_ca_records(fqdn, addrs, ca_configured) def convert_ipa_ca_cnames(self, domain_name): # get ipa-ca CNAMEs |