diff options
| author | David Kupka <dkupka@redhat.com> | 2015-12-02 14:20:50 +0000 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-12-14 18:53:53 +0100 |
| commit | 8d19da49c4259411ff333946019f4b981fab2bcf (patch) | |
| tree | b96bc8257c55ecdaa3d5621dd41dbb067fcf2f1d /ipaserver/install/dns.py | |
| parent | 6c107d819c557d32e90bbbd1ab4d60d8b59006db (diff) | |
| download | freeipa-8d19da49c4259411ff333946019f4b981fab2bcf.tar.gz freeipa-8d19da49c4259411ff333946019f4b981fab2bcf.tar.xz freeipa-8d19da49c4259411ff333946019f4b981fab2bcf.zip | |
dns: Check if domain already exists.
Raise an error when the domain already exists. This can be overriden using
--force or --allow-zone-overlap options.
https://fedorahosted.org/freeipa/ticket/3681
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipaserver/install/dns.py')
| -rw-r--r-- | ipaserver/install/dns.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index 258bf5dbe..94e9017b6 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -13,11 +13,13 @@ from subprocess import CalledProcessError from ipalib import api from ipalib import errors +from ipalib import util from ipaplatform.paths import paths from ipaplatform.constants import constants from ipaplatform import services from ipapython import ipautil from ipapython import sysrestore +from ipapython import dnsutil from ipapython.dn import DN from ipapython.ipa_log_manager import root_logger from ipapython.ipaldap import AUTOBIND_ENABLED @@ -97,6 +99,19 @@ def _disable_dnssec(): conn.update_entry(entry) +def check_dns_enabled(api): + try: + api.Backend.rpcclient.connect() + result = api.Backend.rpcclient.forward( + 'dns_is_enabled', + version=u'2.112', # All the way back to 3.0 servers + ) + return result['result'] + finally: + if api.Backend.rpcclient.isconnected(): + api.Backend.rpcclient.disconnect() + + def install_check(standalone, replica, options, hostname): global ip_addresses global reverse_zones @@ -106,6 +121,27 @@ def install_check(standalone, replica, options, hostname): raise RuntimeError("Integrated DNS requires '%s' package" % constants.IPA_DNS_PACKAGE_NAME) + # when installing first replica with DNS we need to check zone overlap + if not replica or not check_dns_enabled(api): + domain = dnsutil.DNSName(util.normalize_zone(api.env.domain)) + print("Checking DNS domain %s, please wait ..." % domain) + try: + ipautil.check_zone_overlap(domain, raise_on_timeout=False) + except ValueError as e: + if options.force or options.allow_zone_overlap: + root_logger.warning(e.message) + else: + raise e + + for reverse_zone in options.reverse_zones: + try: + ipautil.check_zone_overlap(reverse_zone) + except ValueError as e: + if options.force or options.allow_zone_overlap: + root_logger.warning(e.message) + else: + raise e + if standalone: print("==============================================================================") print("This program will setup DNS for the FreeIPA Server.") |