diff options
author | Martin Basti <mbasti@redhat.com> | 2016-06-23 14:50:11 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-28 15:23:51 +0200 |
commit | 104040cf363ec50d8006474422f2c13e44266806 (patch) | |
tree | 3f9f0e163110d246d8c949ec0d731ca502dd38e1 | |
parent | a636842889f832e977df61dbeac4e1055e129c0f (diff) | |
download | freeipa-104040cf363ec50d8006474422f2c13e44266806.tar.gz freeipa-104040cf363ec50d8006474422f2c13e44266806.tar.xz freeipa-104040cf363ec50d8006474422f2c13e44266806.zip |
DNS Locations: cleanup of bininstance
We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided
* NTP related params - DNS records will be updated automatically,
based on LDAP values
* CA related params - DNS records will be updated automatically based
* on LDAP values
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
-rw-r--r-- | install/share/Makefile.am | 1 | ||||
-rw-r--r-- | install/share/bind.zone.db.template | 29 | ||||
-rw-r--r-- | ipaserver/dns_data_management.py | 9 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 58 | ||||
-rw-r--r-- | ipaserver/install/dns.py | 5 | ||||
-rw-r--r-- | ipaserver/install/server/install.py | 8 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 4 |
7 files changed, 30 insertions, 84 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 3a3bd2699..cd1c164e3 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -43,7 +43,6 @@ app_DATA = \ kerberos.ldif \ indices.ldif \ bind.named.conf.template \ - bind.zone.db.template \ certmap.conf.template \ kdc.conf.template \ kdc_extensions.template \ diff --git a/install/share/bind.zone.db.template b/install/share/bind.zone.db.template deleted file mode 100644 index ec175c608..000000000 --- a/install/share/bind.zone.db.template +++ /dev/null @@ -1,29 +0,0 @@ -$$ORIGIN $DOMAIN. -$$TTL 86400 -@ IN SOA $DOMAIN. $ZONEMGR ( - 01 ; serial - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - IN NS $HOST -$HOST IN A $IP -; -; ldap servers -_ldap._tcp IN SRV 0 100 389 $HOST - -;kerberos realm -_kerberos IN TXT $REALM - -; kerberos servers -_kerberos._tcp IN SRV 0 100 88 $HOST -_kerberos._udp IN SRV 0 100 88 $HOST -_kerberos-master._tcp IN SRV 0 100 88 $HOST -_kerberos-master._udp IN SRV 0 100 88 $HOST -_kpasswd._tcp IN SRV 0 100 464 $HOST -_kpasswd._udp IN SRV 0 100 464 $HOST -$OPTIONAL_NTP - -; CNAME for IPA CA replicas (used for CRL, OCSP) -$IPA_CA_RECORD diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py index e7f65958f..48717c7c4 100644 --- a/ipaserver/dns_data_management.py +++ b/ipaserver/dns_data_management.py @@ -477,3 +477,12 @@ class IPASystemRecords(object): ) ) return records + + @classmethod + def records_list_from_zone(cls, zone_obj, sort=True): + records = [] + for name, node in zone_obj.items(): + records.extend(IPASystemRecords.records_list_from_node(name, node)) + if sort: + records.sort() + return records diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 08c32f483..a63b2dfd3 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -623,9 +623,9 @@ class BindInstance(service.Service): suffix = ipautil.dn_attribute_property('_suffix') def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, - forward_policy, ntp, reverse_zones, + forward_policy, reverse_zones, named_user=constants.NAMED_USER, zonemgr=None, - ca_configured=None, no_dnssec_validation=False): + no_dnssec_validation=False): self.named_user = named_user self.fqdn = fqdn self.ip_addresses = ip_addresses @@ -635,9 +635,7 @@ class BindInstance(service.Service): self.forward_policy = forward_policy self.host = fqdn.split(".")[0] self.suffix = ipautil.realm_to_suffix(self.realm) - self.ntp = ntp self.reverse_zones = reverse_zones - self.ca_configured = ca_configured self.no_dnssec_validation=no_dnssec_validation if not zonemgr: @@ -666,12 +664,17 @@ class BindInstance(service.Service): def host_in_default_domain(self): return normalize_zone(self.host_domain) == normalize_zone(self.domain) - def create_sample_bind_zone(self): - bind_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.zone.db.template", self.sub_dict) - [bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.") - os.write(bind_fd, bind_txt) - os.close(bind_fd) - print("Sample zone file for bind has been created in "+bind_name) + def create_file_with_system_records(self): + system_records = IPASystemRecords(self.api) + text = u'\n'.join( + IPASystemRecords.records_list_from_zone( + system_records.get_base_records() + ) + ) + [fd, name] = tempfile.mkstemp(".db","ipa.system.records.") + os.write(fd, text) + os.close(fd) + print("Please add records in this file to your DNS system:", name) def create_instance(self): @@ -761,41 +764,10 @@ class BindInstance(service.Service): root_logger.debug("Unable to mask named (%s)", e) def __setup_sub_dict(self): - if self.forwarders: - fwds = "\n" - for forwarder in self.forwarders: - fwds += "\t\t%s;\n" % forwarder - fwds += "\t" - else: - fwds = " " - - if self.ntp: - optional_ntp = "\n;ntp server\n" - optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s" % self.host_in_rr - else: - optional_ntp = "" - - ipa_ca = "" - for addr in self.ip_addresses: - if addr.version in (4, 6): - ipa_ca += "%s\t\t\tIN %s\t\t\t%s\n" % ( - IPA_CA_RECORD, - "A" if addr.version == 4 else "AAAA", - str(addr)) - self.sub_dict = dict( FQDN=self.fqdn, - IP=[str(ip) for ip in self.ip_addresses], - DOMAIN=self.domain, - HOST=self.host, - REALM=self.realm, SERVER_ID=installutils.realm_to_serverid(self.realm), - FORWARDERS=fwds, - FORWARD_POLICY=self.forward_policy, SUFFIX=self.suffix, - OPTIONAL_NTP=optional_ntp, - ZONEMGR=self.zonemgr, - IPA_CA_RECORD=ipa_ca, BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE, MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR, ROOT_KEY=paths.NAMED_ROOT_KEY, @@ -1026,16 +998,14 @@ class BindInstance(service.Service): ipautil.run([paths.GENERATE_RNDC_KEY]) def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name, - reverse_zones, ntp=False, ca_configured=None): + reverse_zones): self.fqdn = fqdn self.ip_addresses = ip_addresses self.realm = realm_name self.domain = domain_name self.host = fqdn.split(".")[0] self.suffix = ipautil.realm_to_suffix(self.realm) - self.ntp = ntp self.reverse_zones = reverse_zones - self.ca_configured = ca_configured self.first_instance = False self.zonemgr = 'hostmaster.%s' % self.domain diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index 2ea11739e..44ebd39df 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -329,10 +329,9 @@ def install(standalone, replica, options, api=api): bind = bindinstance.BindInstance(fstore, ldapi=True, api=api, autobind=AUTOBIND_ENABLED) bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain, - options.forwarders, options.forward_policy, conf_ntp, + options.forwarders, options.forward_policy, reverse_zones, zonemgr=options.zonemgr, - no_dnssec_validation=options.no_dnssec_validation, - ca_configured=options.setup_ca) + no_dnssec_validation=options.no_dnssec_validation) if standalone and not options.unattended: print("") diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 930cca7b3..c28c095fb 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -848,17 +848,17 @@ def install(installer): if setup_ca: services.knownservices['pki_tomcatd'].restart('pki-tomcat') + api.Backend.ldap2.connect(autobind=True) if options.setup_dns: - api.Backend.ldap2.connect(autobind=True) dns.install(False, False, options) else: # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) bind.setup(host_name, ip_addresses, realm_name, - domain_name, (), 'first', not options.no_ntp, (), - zonemgr=options.zonemgr, ca_configured=setup_ca, + domain_name, (), 'first', (), + zonemgr=options.zonemgr, no_dnssec_validation=options.no_dnssec_validation) - bind.create_sample_bind_zone() + bind.create_file_with_system_records() # Restart httpd to pick up the new IPA configuration service.print_msg("Restarting the web server") diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 52b2ea5b0..0277d324a 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -210,9 +210,7 @@ def install_dns_records(config, options, remote_api): str(ip), config.realm_name, config.domain_name, - reverse_zone, - not options.no_ntp, - options.setup_ca) + reverse_zone) except errors.NotFound as e: root_logger.debug('Replica DNS records could not be added ' 'on master: %s', str(e)) |