DNS Locations: cleanup of bininstance

We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided

* NTP related params - DNS records will be updated automatically,
based on LDAP values

* CA related params - DNS records will be updated automatically based
* on LDAP values

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>

7 files changed, 30 insertions, 84 deletions

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 3a3bd2699..cd1c164e3 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -43,7 +43,6 @@ app_DATA =				\
 	kerberos.ldif			\
 	indices.ldif			\
 	bind.named.conf.template	\
-	bind.zone.db.template		\
 	certmap.conf.template		\
 	kdc.conf.template		\
 	kdc_extensions.template		\
diff --git a/install/share/bind.zone.db.template b/install/share/bind.zone.db.template
deleted file mode 100644
index ec175c608..000000000
--- a/install/share/bind.zone.db.template
+++ /dev/null
@@ -1,29 +0,0 @@
-$$ORIGIN $DOMAIN.
-$$TTL	86400
-@			IN SOA	$DOMAIN. $ZONEMGR (
-				01		; serial 
-				3H		; refresh
-				15M		; retry
-				1W		; expiry
-				1D )		; minimum
-
-        		IN NS			$HOST
-$HOST			IN A			$IP
-;
-; ldap servers
-_ldap._tcp		IN SRV 0 100 389	$HOST
-
-;kerberos realm
-_kerberos		IN TXT $REALM
-
-; kerberos servers
-_kerberos._tcp		IN SRV 0 100 88		$HOST
-_kerberos._udp		IN SRV 0 100 88		$HOST
-_kerberos-master._tcp	IN SRV 0 100 88		$HOST
-_kerberos-master._udp	IN SRV 0 100 88		$HOST
-_kpasswd._tcp		IN SRV 0 100 464	$HOST
-_kpasswd._udp		IN SRV 0 100 464	$HOST
-$OPTIONAL_NTP
-
-; CNAME for IPA CA replicas (used for CRL, OCSP)
-$IPA_CA_RECORD
diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py
index e7f65958f..48717c7c4 100644
--- a/ipaserver/dns_data_management.py
+++ b/ipaserver/dns_data_management.py
@@ -477,3 +477,12 @@ class IPASystemRecords(object):
                     )
                 )
         return records
+
+    @classmethod
+    def records_list_from_zone(cls, zone_obj, sort=True):
+        records = []
+        for name, node in zone_obj.items():
+            records.extend(IPASystemRecords.records_list_from_node(name, node))
+        if sort:
+            records.sort()
+        return records
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 08c32f483..a63b2dfd3 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -623,9 +623,9 @@ class BindInstance(service.Service):
     suffix = ipautil.dn_attribute_property('_suffix')
 
     def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders,
-              forward_policy, ntp, reverse_zones,
+              forward_policy, reverse_zones,
               named_user=constants.NAMED_USER, zonemgr=None,
-              ca_configured=None, no_dnssec_validation=False):
+              no_dnssec_validation=False):
         self.named_user = named_user
         self.fqdn = fqdn
         self.ip_addresses = ip_addresses
@@ -635,9 +635,7 @@ class BindInstance(service.Service):
         self.forward_policy = forward_policy
         self.host = fqdn.split(".")[0]
         self.suffix = ipautil.realm_to_suffix(self.realm)
-        self.ntp = ntp
         self.reverse_zones = reverse_zones
-        self.ca_configured = ca_configured
         self.no_dnssec_validation=no_dnssec_validation
 
         if not zonemgr:
@@ -666,12 +664,17 @@ class BindInstance(service.Service):
     def host_in_default_domain(self):
         return normalize_zone(self.host_domain) == normalize_zone(self.domain)
 
-    def create_sample_bind_zone(self):
-        bind_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.zone.db.template", self.sub_dict)
-        [bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.")
-        os.write(bind_fd, bind_txt)
-        os.close(bind_fd)
-        print("Sample zone file for bind has been created in "+bind_name)
+    def create_file_with_system_records(self):
+        system_records = IPASystemRecords(self.api)
+        text = u'\n'.join(
+            IPASystemRecords.records_list_from_zone(
+                system_records.get_base_records()
+            )
+        )
+        [fd, name] = tempfile.mkstemp(".db","ipa.system.records.")
+        os.write(fd, text)
+        os.close(fd)
+        print("Please add records in this file to your DNS system:", name)
 
     def create_instance(self):
 
@@ -761,41 +764,10 @@ class BindInstance(service.Service):
             root_logger.debug("Unable to mask named (%s)", e)
 
     def __setup_sub_dict(self):
-        if self.forwarders:
-            fwds = "\n"
-            for forwarder in self.forwarders:
-                fwds += "\t\t%s;\n" % forwarder
-            fwds += "\t"
-        else:
-            fwds = " "
-
-        if self.ntp:
-            optional_ntp =  "\n;ntp server\n"
-            optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" % self.host_in_rr
-        else:
-            optional_ntp = ""
-
-        ipa_ca = ""
-        for addr in self.ip_addresses:
-            if addr.version in (4, 6):
-                ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % (
-                    IPA_CA_RECORD,
-                    "A" if addr.version == 4 else "AAAA",
-                    str(addr))
-
         self.sub_dict = dict(
             FQDN=self.fqdn,
-            IP=[str(ip) for ip in self.ip_addresses],
-            DOMAIN=self.domain,
-            HOST=self.host,
-            REALM=self.realm,
             SERVER_ID=installutils.realm_to_serverid(self.realm),
-            FORWARDERS=fwds,
-            FORWARD_POLICY=self.forward_policy,
             SUFFIX=self.suffix,
-            OPTIONAL_NTP=optional_ntp,
-            ZONEMGR=self.zonemgr,
-            IPA_CA_RECORD=ipa_ca,
             BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
             MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
             ROOT_KEY=paths.NAMED_ROOT_KEY,
@@ -1026,16 +998,14 @@ class BindInstance(service.Service):
         ipautil.run([paths.GENERATE_RNDC_KEY])
 
     def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
-                               reverse_zones, ntp=False, ca_configured=None):
+                               reverse_zones):
         self.fqdn = fqdn
         self.ip_addresses = ip_addresses
         self.realm = realm_name
         self.domain = domain_name
         self.host = fqdn.split(".")[0]
         self.suffix = ipautil.realm_to_suffix(self.realm)
-        self.ntp = ntp
         self.reverse_zones = reverse_zones
-        self.ca_configured = ca_configured
         self.first_instance = False
         self.zonemgr = 'hostmaster.%s' % self.domain
 
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 2ea11739e..44ebd39df 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api):
     bind = bindinstance.BindInstance(fstore, ldapi=True, api=api,
                                      autobind=AUTOBIND_ENABLED)
     bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
-               options.forwarders, options.forward_policy, conf_ntp,
+               options.forwarders, options.forward_policy,
                reverse_zones, zonemgr=options.zonemgr,
-               no_dnssec_validation=options.no_dnssec_validation,
-               ca_configured=options.setup_ca)
+               no_dnssec_validation=options.no_dnssec_validation)
 
     if standalone and not options.unattended:
         print("")
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 930cca7b3..c28c095fb 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -848,17 +848,17 @@ def install(installer):
     if setup_ca:
         services.knownservices['pki_tomcatd'].restart('pki-tomcat')
 
+    api.Backend.ldap2.connect(autobind=True)
     if options.setup_dns:
-        api.Backend.ldap2.connect(autobind=True)
         dns.install(False, False, options)
     else:
         # Create a BIND instance
         bind = bindinstance.BindInstance(fstore, dm_password)
         bind.setup(host_name, ip_addresses, realm_name,
-                   domain_name, (), 'first', not options.no_ntp, (),
-                   zonemgr=options.zonemgr, ca_configured=setup_ca,
+                   domain_name, (), 'first', (),
+                   zonemgr=options.zonemgr,
                    no_dnssec_validation=options.no_dnssec_validation)
-        bind.create_sample_bind_zone()
+        bind.create_file_with_system_records()
 
     # Restart httpd to pick up the new IPA configuration
     service.print_msg("Restarting the web server")
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 52b2ea5b0..0277d324a 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api):
                                         str(ip),
                                         config.realm_name,
                                         config.domain_name,
-                                        reverse_zone,
-                                        not options.no_ntp,
-                                        options.setup_ca)
+                                        reverse_zone)
     except errors.NotFound as e:
         root_logger.debug('Replica DNS records could not be added '
                           'on master: %s', str(e))