diff options
| author | Martin Basti <mbasti@redhat.com> | 2016-06-22 12:20:09 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-28 16:56:35 +0200 |
| commit | 5693d195501611c6abe9dbdf1370b898ffa6b3c7 (patch) | |
| tree | 7ed8a313e216a853241fe8ec3b075670d0cac737 /ipaserver | |
| parent | 104040cf363ec50d8006474422f2c13e44266806 (diff) | |
| download | freeipa-5693d195501611c6abe9dbdf1370b898ffa6b3c7.tar.gz freeipa-5693d195501611c6abe9dbdf1370b898ffa6b3c7.tar.xz freeipa-5693d195501611c6abe9dbdf1370b898ffa6b3c7.zip | |
CA replica promotion: add proper CA DNS records
Update 'ipa-ca' records with A/AAAA records of the newly added replica
https://fedorahosted.org/freeipa/ticket/5966
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/bindinstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 16 |
2 files changed, 12 insertions, 6 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index a63b2dfd3..2bc753883 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -37,7 +37,6 @@ from ipaserver.dns_data_management import ( from ipaserver.install import installutils from ipaserver.install import service from ipaserver.install import sysupgrade -from ipaserver.install.cainstance import IPA_CA_RECORD from ipapython import sysrestore, ipautil, ipaldap from ipapython import dnsutil from ipapython.dnsutil import DNSName @@ -45,6 +44,7 @@ from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN import ipalib from ipalib import api, errors +from ipalib.constants import IPA_CA_RECORD from ipaplatform import services from ipaplatform.constants import constants from ipaplatform.paths import paths diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 8dfb71528..c741a7ef6 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -63,6 +63,7 @@ from ipapython.ipa_log_manager import log_mgr,\ from ipapython.secrets.kem import IPAKEMKeys from ipaserver.install import certs +from ipaserver.install import bindinstance from ipaserver.install import dsinstance from ipaserver.install import installutils from ipaserver.install import ldapupdate @@ -81,10 +82,6 @@ except ImportError: import http.client as httplib -# When IPA is installed with DNS support, this CNAME should hold all IPA -# replicas with CA configured -IPA_CA_RECORD = "ipa-ca" - # We need to reset the template because the CA uses the regular boot # information INF_TEMPLATE = """ @@ -1296,6 +1293,14 @@ class CAInstance(DogtagInstance): basedn = ipautil.realm_to_suffix(self.realm) self.ldap_enable('CA', self.fqdn, None, basedn) + def __update_ca_records(self): + # Install CA DNS records + if bindinstance.dns_container_exists( + api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm + ): + bind = bindinstance.BindInstance(ldapi=True) + bind.update_system_records() + def configure_replica(self, master_host, subject_base=None, ca_cert_bundle=None, ca_signing_algorithm=None, ca_type=None): @@ -1366,6 +1371,7 @@ class CAInstance(DogtagInstance): self.__restart_http_instance) self.step("enabling CA instance", self.__enable_instance) + self.step("Updating DNS CA records", self.__update_ca_records) self.start_creation(runtime=210) @@ -1722,7 +1728,7 @@ def __add_acls(new_rules): def __get_profile_config(profile_id): sub_dict = dict( DOMAIN=ipautil.format_netloc(api.env.domain), - IPA_CA_RECORD=IPA_CA_RECORD, + IPA_CA_RECORD=ipalib.constants.IPA_CA_RECORD, CRL_ISSUER='CN=Certificate Authority,o=ipaca', SUBJECT_DN_O=dsinstance.DsInstance().find_subject_base(), ) |