DNS Locations: dnsserver: put server_id option into named.conf

The option server_id is required for DNS location feature, otherwise it
will not work.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

6 files changed, 78 insertions, 7 deletions

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 5f391f1b9..0d5c745d5 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -251,7 +251,7 @@ Summary: IPA integrated DNS server with support for automatic DNSSEC signing
 Group: System Environment/Base
 BuildArch: noarch
 Requires: %{name}-server = %{version}-%{release}
-Requires: bind-dyndb-ldap >= 6.0-4
+Requires: bind-dyndb-ldap >= 10.0
 %if 0%{?fedora} >= 21
 Requires: bind >= 9.9.6-3
 Requires: bind-utils >= 9.9.6-3
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index eb6d4ae27..571df0270 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -51,6 +51,7 @@ dynamic-db "ipa" {
 	arg "uri ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
 	arg "base cn=dns, $SUFFIX";
 	arg "fake_mname $FQDN.";
+	arg "server_id $FQDN";
 	arg "auth_method sasl";
 	arg "sasl_mech GSSAPI";
 	arg "sasl_user DNS/$FQDN";
diff --git a/install/updates/40-dns.update b/install/updates/40-dns.update
index 50f8b79ec..4c0824b83 100644
--- a/install/updates/40-dns.update
+++ b/install/updates/40-dns.update
@@ -33,9 +33,3 @@ default: nsslapd-plugintype: preoperation
 default: nsslapd-pluginvendor: Red Hat, Inc.
 default: nsslapd-pluginversion: 1.0
 default: nsslapd-plugin-depends-on-type: database
-
-# add dns servers container
-dn: cn=servers,cn=dns,$SUFFIX
-default: objectClass: nsContainer
-default: objectClass: top
-default: cn: servers
diff --git a/install/updates/90-post_upgrade_plugins.update b/install/updates/90-post_upgrade_plugins.update
index ccb72efa4..1208268df 100644
--- a/install/updates/90-post_upgrade_plugins.update
+++ b/install/updates/90-post_upgrade_plugins.update
@@ -26,3 +26,4 @@ plugin: update_managed_permissions
 plugin: update_read_replication_agreements_permission
 plugin: update_idrange_baserid
 plugin: update_passync_privilege_update
+plugin: update_dnsserver_configuration_into_ldap
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index 2399264c2..4fa30661e 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -28,6 +28,7 @@ from ipalib import Updater
 from ipapython.dn import DN
 from ipapython import dnsutil
 from ipapython.ipa_log_manager import root_logger
+from ipaserver.install import sysupgrade
 from ipaserver.plugins.dns import dns_container_exists
 
 register = Registry()
@@ -491,3 +492,54 @@ class update_dnsforward_emptyzones(DNSUpdater):
             self.update_global_ldap_forwarder()
 
         return False, []
+
+
+@register()
+class update_dnsserver_configuration_into_ldap(DNSUpdater):
+    """
+    DNS Locations feature requires to have DNS configuration stored in LDAP DB.
+    Create DNS server configuration in LDAP for each old server
+    """
+    def execute(self, **options):
+        ldap = self.api.Backend.ldap2
+        if sysupgrade.get_upgrade_state('dns', 'server_config_to_ldap'):
+            self.log.debug('upgrade is not needed')
+            return False, []
+
+        dns_container_dn = DN(self.api.env.container_dns, self.api.env.basedn)
+        try:
+            ldap.get_entry(dns_container_dn)
+        except errors.NotFound:
+            self.log.debug('DNS container not found, nothing to upgrade')
+            sysupgrade.set_upgrade_state('dns', 'server_config_to_ldap', True)
+            return False, []
+
+        result = self.api.Command.server_show(self.api.env.host)['result']
+        if not 'DNS server' in result.get('enabled_role_servrole', []):
+            self.log.debug('This server is not DNS server, nothing to upgrade')
+            sysupgrade.set_upgrade_state('dns', 'server_config_to_ldap', True)
+            return False, []
+
+        # create container first, if doesn't exist
+        entry = ldap.make_entry(
+            DN(self.api.env.container_dnsservers, self.api.env.basedn),
+            {
+                u'objectclass': [u'top', u'nsContainer'],
+                u'cn': [u'servers']
+            }
+        )
+        try:
+            ldap.add_entry(entry)
+        except errors.DuplicateEntry:
+            self.log.debug('cn=dnsservers container already exists')
+
+        try:
+            self.api.Command.dnsserver_add(self.api.env.host)
+        except errors.DuplicateEntry:
+            self.log.debug("DNS server configuration already exists "
+                           "in LDAP database")
+        else:
+            self.log.debug("DNS server configuration has been sucessfully "
+                           "created in LDAP database")
+        sysupgrade.set_upgrade_state('dns', 'server_config_to_ldap', True)
+        return False, []
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index eacd43939..b4b6243ac 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -842,6 +842,28 @@ def named_update_global_forwarder_policy():
     return True
 
 
+def named_add_server_id():
+    """
+    DNS Locations feature requires to have configured server_id in IPA section
+    of named.conf
+    :return: if named.conf has been changed
+    """
+    bind = bindinstance.BindInstance()
+    if not bindinstance.named_conf_exists() or not bind.is_configured():
+        # DNS service may not be configured
+        root_logger.info('DNS is not configured')
+        return False
+
+    if sysupgrade.get_upgrade_state('named.conf', 'add_server_id'):
+        # upgrade was done already
+        return False
+
+    root_logger.info('[Adding server_id to named.conf]')
+    bindinstance.named_conf_set_directive('server_id', api.env.host)
+    sysupgrade.set_upgrade_state('named.conf', 'add_server_id', True)
+    return True
+
+
 def certificate_renewal_update(ca, ds, http):
     """
     Update certmonger certificate renewal configuration.
@@ -1680,6 +1702,7 @@ def upgrade_configuration():
                           named_update_global_forwarder_policy(),
                           mask_named_regular(),
                           fix_dyndb_ldap_workdir_permissions(),
+                          named_add_server_id(),
                          )
 
     if any(named_conf_changes):