diff options
| author | Simo Sorce <simo@redhat.com> | 2015-07-15 13:14:35 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-10-01 16:20:48 -0400 |
| commit | a1badbb907fe01a75e7af309c0953b686d2c4587 (patch) | |
| tree | 51a6c0f787006a1b213a294c8d24a2485ed6a6b2 | |
| parent | 70bd0ec94c87069b0f4d8777332ac62bbd541ab6 (diff) | |
| download | freeipa-a1badbb907fe01a75e7af309c0953b686d2c4587.tar.gz freeipa-a1badbb907fe01a75e7af309c0953b686d2c4587.tar.xz freeipa-a1badbb907fe01a75e7af309c0953b686d2c4587.zip | |
Change DNS installer code to use passed in api
Fixes a number of places where api was not passed around internally.
Also allows to install dns in replica promotion which requires an
alternative api to be created with the right configuration.
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | ipaserver/install/bindinstance.py | 100 | ||||
| -rw-r--r-- | ipaserver/install/dns.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 22 |
3 files changed, 69 insertions, 57 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 771f13b00..0a7d75032 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -350,27 +350,31 @@ def add_ptr_rr(zone, ip_address, fqdn, dns_backup=None, api=api): name = get_reverse_record_name(zone, ip_address) add_rr(zone, name, "PTR", normalize_zone(fqdn), dns_backup, api) -def add_ns_rr(zone, hostname, dns_backup=None, force=True): + +def add_ns_rr(zone, hostname, dns_backup=None, force=True, api=api): hostname = normalize_zone(hostname) add_rr(zone, "@", "NS", hostname, dns_backup=dns_backup, - force=force) + force=force, api=api) + -def del_rr(zone, name, type, rdata): +def del_rr(zone, name, type, rdata, api=api): delkw = { '%srecord' % str(type.lower()) : unicode(rdata) } try: api.Command.dnsrecord_del(unicode(zone), unicode(name), **delkw) except (errors.NotFound, errors.AttrValueNotFound, errors.EmptyModlist): pass -def del_fwd_rr(zone, host, ip_address): + +def del_fwd_rr(zone, host, ip_address, api=api): addr = netaddr.IPAddress(ip_address) if addr.version == 4: - del_rr(zone, host, "A", ip_address) + del_rr(zone, host, "A", ip_address, api=api) elif addr.version == 6: - del_rr(zone, host, "AAAA", ip_address) + del_rr(zone, host, "AAAA", ip_address, api=api) + -def del_ns_rr(zone, name, rdata): - del_rr(zone, name, 'NS', rdata) +def del_ns_rr(zone, name, rdata, api=api): + del_rr(zone, name, 'NS', rdata, api=api) def get_rr(zone, name, type, api=api): rectype = '%srecord' % unicode(type.lower()) @@ -629,7 +633,7 @@ class BindInstance(service.Service): if self.first_instance: self.step("adding DNS container", self.__setup_dns_container) - if not dns_zone_exists(self.domain): + if not dns_zone_exists(self.domain, self.api): self.step("setting up our zone", self.__setup_zone) if self.reverse_zones: self.step("setting up reverse zone", self.__setup_reverse_zone) @@ -744,12 +748,12 @@ class BindInstance(service.Service): self.__fix_dns_privilege_members() def __fix_dns_privilege_members(self): - ldap = api.Backend.ldap2 + ldap = self.api.Backend.ldap2 cn = 'Update PBAC memberOf %s' % time.time() task_dn = DN(('cn', cn), ('cn', 'memberof task'), ('cn', 'tasks'), ('cn', 'config')) - basedn = DN(api.env.container_privilege, api.env.basedn) + basedn = DN(self.api.env.container_privilege, self.api.env.basedn) entry = ldap.make_entry( task_dn, objectclass=['top', 'extensibleObject'], @@ -774,24 +778,25 @@ class BindInstance(service.Service): def __setup_zone(self): # Always use force=True as named is not set up yet add_zone(self.domain, self.zonemgr, dns_backup=self.dns_backup, - ns_hostname=api.env.host, force=True) + ns_hostname=self.api.env.host, force=True, api=self.api) - add_rr(self.domain, "_kerberos", "TXT", self.realm) + add_rr(self.domain, "_kerberos", "TXT", self.realm, api=self.api) def __add_self_ns(self): # add NS record to all zones - ns_hostname = normalize_zone(api.env.host) - result = api.Command.dnszone_find() + ns_hostname = normalize_zone(self.api.env.host) + result = self.api.Command.dnszone_find() for zone in result['result']: zone = unicode(zone['idnsname'][0]) # we need unicode due to backup root_logger.debug("adding self NS to zone %s apex", zone) - add_ns_rr(zone, ns_hostname, self.dns_backup, force=True) + add_ns_rr(zone, ns_hostname, self.dns_backup, force=True, + api=self.api) def __setup_reverse_zone(self): # Always use force=True as named is not set up yet for reverse_zone in self.reverse_zones: - add_zone(reverse_zone, self.zonemgr, ns_hostname=api.env.host, - dns_backup=self.dns_backup, force=True) + add_zone(reverse_zone, self.zonemgr, ns_hostname=self.api.env.host, + dns_backup=self.dns_backup, force=True, api=self.api) def __add_master_records(self, fqdn, addrs): host, zone = fqdn.split(".", 1) @@ -816,7 +821,8 @@ class BindInstance(service.Service): ) for (rname, rdata) in srv_records: - add_rr(self.domain, rname, "SRV", rdata, self.dns_backup, self.api) + add_rr(self.domain, rname, "SRV", rdata, self.dns_backup, + api=self.api) if not dns_zone_exists(zone, self.api): # add DNS domain for host first @@ -830,11 +836,11 @@ class BindInstance(service.Service): # Add forward and reverse records to self for addr in addrs: - add_fwd_rr(zone, host, addr, self.api) + add_fwd_rr(zone, host, addr, api=self.api) reverse_zone = find_reverse_zone(addr, self.api) if reverse_zone: - add_ptr_rr(reverse_zone, addr, fqdn, None, self.api) + add_ptr_rr(reverse_zone, addr, fqdn, None, api=self.api) def __add_self(self): self.__add_master_records(self.fqdn, self.ip_addresses) @@ -876,7 +882,7 @@ class BindInstance(service.Service): try: for addr in addrs: - add_fwd_rr(self.domain, IPA_CA_RECORD, addr, self.api) + add_fwd_rr(self.domain, IPA_CA_RECORD, addr, api=self.api) except errors.ValidationError: # there is a CNAME record in ipa-ca, we can't add A/AAAA records pass @@ -890,7 +896,7 @@ class BindInstance(service.Service): try: entries = ldap.get_entries( DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - api.env.basedn), + self.api.env.basedn), ldap.SCOPE_SUBTREE, '(&(objectClass=ipaConfigObject)(cn=CA))', ['dn']) except errors.NotFound: @@ -904,7 +910,7 @@ class BindInstance(service.Service): host, zone = fqdn.split('.', 1) if dns_zone_exists(zone, self.api): - addrs = get_fwd_rr(zone, host, self.api) + addrs = get_fwd_rr(zone, host, api=self.api) else: addrs = installutils.resolve_host(fqdn) @@ -1023,8 +1029,8 @@ class BindInstance(service.Service): def add_ipa_ca_dns_records(self, fqdn, domain_name, ca_configured=True): host, zone = fqdn.split(".", 1) - if dns_zone_exists(zone): - addrs = get_fwd_rr(zone, host) + if dns_zone_exists(zone, self.api): + addrs = get_fwd_rr(zone, host, api=self.api) else: addrs = installutils.resolve_host(fqdn) @@ -1034,7 +1040,7 @@ class BindInstance(service.Service): def convert_ipa_ca_cnames(self, domain_name): # get ipa-ca CNAMEs - cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME") + cnames = get_rr(domain_name, IPA_CA_RECORD, "CNAME", api=self.api) if not cnames: return @@ -1050,11 +1056,11 @@ class BindInstance(service.Service): cname_fqdn[cname] = fqdn # get FQDNs of all IPA masters - ldap = api.Backend.ldap2 + ldap = self.api.Backend.ldap2 try: entries = ldap.get_entries( DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), - api.env.basedn), + self.api.env.basedn), ldap.SCOPE_ONELEVEL, None, ['cn']) masters = set(e['cn'][0] for e in entries) except errors.NotFound: @@ -1071,7 +1077,7 @@ class BindInstance(service.Service): # delete all CNAMEs for cname in cnames: - del_rr(domain_name, IPA_CA_RECORD, "CNAME", cname) + del_rr(domain_name, IPA_CA_RECORD, "CNAME", cname, api=self.api) # add A/AAAA records for cname in cnames: @@ -1097,32 +1103,33 @@ class BindInstance(service.Service): ) for (record, type, rdata) in resource_records: - del_rr(self.domain, record, type, rdata) + del_rr(self.domain, record, type, rdata, api=self.api) - areclist = get_fwd_rr(zone, host) + areclist = get_fwd_rr(zone, host, api=self.api) for rdata in areclist: - del_fwd_rr(zone, host, rdata) + del_fwd_rr(zone, host, rdata, api=self.api) rzone = find_reverse_zone(rdata) if rzone is not None: record = get_reverse_record_name(rzone, rdata) - del_rr(rzone, record, "PTR", normalize_zone(fqdn)) + del_rr(rzone, record, "PTR", normalize_zone(fqdn), + api=self.api) def remove_ipa_ca_dns_records(self, fqdn, domain_name): host, zone = fqdn.split(".", 1) - if dns_zone_exists(zone): - addrs = get_fwd_rr(zone, host) + if dns_zone_exists(zone, self.api): + addrs = get_fwd_rr(zone, host, api=self.api) else: addrs = installutils.resolve_host(fqdn) for addr in addrs: - del_fwd_rr(domain_name, IPA_CA_RECORD, addr) + del_fwd_rr(domain_name, IPA_CA_RECORD, addr, api=self.api) def remove_server_ns_records(self, fqdn): """ Remove all NS records pointing to this server """ - ldap = api.Backend.ldap2 + ldap = self.api.Backend.ldap2 ns_rdata = normalize_zone(fqdn) # find all NS records pointing to this server @@ -1130,7 +1137,7 @@ class BindInstance(service.Service): search_kw['nsrecord'] = ns_rdata attr_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL) attributes = ['idnsname', 'objectclass'] - dn = DN(api.env.container_dns, api.env.basedn) + dn = DN(self.api.env.container_dns, self.api.env.basedn) entries, truncated = ldap.find_entries(attr_filter, attributes, base_dn=dn) @@ -1143,21 +1150,21 @@ class BindInstance(service.Service): # zone record zone = entry.single_value['idnsname'] root_logger.debug("zone record %s", zone) - del_ns_rr(zone, u'@', ns_rdata) + del_ns_rr(zone, u'@', ns_rdata, api=self.api) else: zone = entry.dn[1].value # get zone from DN record = entry.single_value['idnsname'] root_logger.debug("record %s in zone %s", record, zone) - del_ns_rr(zone, record, ns_rdata) + del_ns_rr(zone, record, ns_rdata, api=self.api) def check_global_configuration(self): """ Check global DNS configuration in LDAP server and inform user when it set and thus overrides his configured options in named.conf. """ - result = api.Command.dnsconfig_show() + result = self.api.Command.dnsconfig_show() global_conf_set = any(param in result['result'] for \ - param in api.Object['dnsconfig'].params) + param in self.api.Object['dnsconfig'].params) if not global_conf_set: print("Global DNS configuration in LDAP server is empty") @@ -1168,8 +1175,9 @@ class BindInstance(service.Service): print("Global DNS configuration in LDAP server is not empty") print("The following configuration options override local settings in named.conf:") print("") - textui = ipalib.cli.textui(api) - api.Command.dnsconfig_show.output_for_cli(textui, result, None, reverse=False) + textui = ipalib.cli.textui(self.api) + self.api.Command.dnsconfig_show.output_for_cli(textui, result, None, + reverse=False) def uninstall(self): if self.is_configured(): @@ -1180,7 +1188,7 @@ class BindInstance(service.Service): named_regular_running = self.restore_state("named-regular-running") named_regular_enabled = self.restore_state("named-regular-enabled") - self.dns_backup.clear_records(api.Backend.ldap2.isconnected()) + self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected()) for f in [NAMED_CONF, RESOLV_CONF]: diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index 486472094..6d546655b 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -266,7 +266,7 @@ def install_check(standalone, replica, options, hostname): print("Using reverse zone(s) %s" % ', '.join(reverse_zones)) -def install(standalone, replica, options): +def install(standalone, replica, options, api=api): global ip_addresses global dns_forwarders global reverse_zones @@ -284,7 +284,7 @@ def install(standalone, replica, options): # otherwise this is done by server/replica installer update_hosts_file(ip_addresses, api.env.host, fstore) - bind = bindinstance.BindInstance(fstore, ldapi=True, + bind = bindinstance.BindInstance(fstore, ldapi=True, api=api, autobind=AUTOBIND_ENABLED) bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, reverse_zones, zonemgr=options.zonemgr, diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 109874877..90def1324 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -776,8 +776,6 @@ def promote_check(installer): raise NotImplementedError if options.setup_kra: raise NotImplementedError - if options.setup_dns: - raise NotImplementedError tasks.check_selinux_status() @@ -1040,7 +1038,6 @@ def promote_check(installer): raise RuntimeError("CA cert file is not available.") installer._ca_enabled = ca_enabled - installer._remote_api = remote_api installer._fstore = fstore installer._sstore = sstore installer._config = config @@ -1088,6 +1085,8 @@ def promote(installer): # or certmonger will fail to contact the peer master install_http_certs(config, fstore) + ldapi_uri = installutils.realm_to_ldapi_uri(config.realm_name) + # Create the management framework config file gopts = [ ipaconf.setOption('host', config.host_name), @@ -1095,8 +1094,7 @@ def promote(installer): ipaconf.setOption('xmlrpc_uri', 'https://%s/ipa/xml' % ipautil.format_netloc(config.host_name)), - ipaconf.setOption('ldap_uri', - installutils.realm_to_ldapi_uri(config.realm_name)), + ipaconf.setOption('ldap_uri', ldapi_uri), ipaconf.setOption('mode', 'production'), ipaconf.setOption('enable_ra', 'True'), ipaconf.setOption('ra_plugin', 'dogtag'), @@ -1155,10 +1153,6 @@ def promote(installer): dogtag_service = services.knownservices[dogtag_constants.SERVICE_NAME] dogtag_service.restart(dogtag_constants.PKI_INSTANCE_NAME) - if options.setup_dns: - api.Backend.ldap2.connect(autobind=True) - dns.install(False, True, options) - # Restart httpd to pick up the new IPA configuration service.print_msg("Restarting the web server") http.restart() @@ -1169,6 +1163,16 @@ def promote(installer): promote_sssd(config.host_name) + # Switch API so that it uses the new servr configuration + server_api = create_api(mode=None) + server_api.bootstrap(in_server=True, context='installer') + server_api.finalize() + + if options.setup_dns: + server_api.Backend.rpcclient.connect() + server_api.Backend.ldap2.connect(autobind=True) + dns.install(False, True, options, server_api) + # Everything installed properly, activate ipa service. services.knownservices.ipa.enable() |