summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-replica-prepare
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2011-07-11 10:14:53 +0200
committerMartin Kosek <mkosek@redhat.com>2011-07-15 16:42:16 +0200
commit881df73568a9638bba6a6d0ae2e715cf249f6fa4 (patch)
tree563a44d98a84066b18172b89b1402953140d8eb8 /install/tools/ipa-replica-prepare
parent1c5028c17df9dc903a6db2712738670c3534246f (diff)
downloadfreeipa-881df73568a9638bba6a6d0ae2e715cf249f6fa4.tar.gz
freeipa-881df73568a9638bba6a6d0ae2e715cf249f6fa4.tar.xz
freeipa-881df73568a9638bba6a6d0ae2e715cf249f6fa4.zip
Fix creation of reverse DNS zones.
Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by default instead of using the netmask from the --ip-address option. Custom reverse DNS zone can be specified using new --reverse-zone option, which replaces the old --ip-address netmask way of creating reverse zones. The reverse DNS zone name is printed to the user during the install. ticket 1398
Diffstat (limited to 'install/tools/ipa-replica-prepare')
-rwxr-xr-xinstall/tools/ipa-replica-prepare53
1 files changed, 28 insertions, 25 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 97dd96a19..cb279481d 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -27,7 +27,7 @@ import krbV
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs
-from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_zone_exists
+from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr
from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking
from ipaserver.install.installutils import resolve_host
from ipaserver.plugins.ldap2 import ldap2
@@ -54,8 +54,11 @@ def parse_options():
parser.add_option("-p", "--password", dest="password",
help="Directory Manager (existing master) password")
parser.add_option("--ip-address", dest="ip_address",
- type="ip", ip_netmask=True,
- help="Add A and PTR records of the future replica")
+ type="ip", help="Add A and PTR records of the future replica")
+ parser.add_option("--reverse-zone", dest="reverse_zone",
+ help="The reverse DNS zone to use")
+ parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
+ default=False, help="Do not create reverse DNS zone")
parser.add_option("--ca", dest="ca_file", default="/root/cacert.p12",
help="Location of CA PKCS#12 file, default /root/cacert.p12")
parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
@@ -63,6 +66,14 @@ def parse_options():
options, args = parser.parse_args()
+ if not options.ip_address:
+ if options.reverse_zone:
+ parser.error("You cannot specify a --reverse-zone option without the --ip-address option")
+ if options.no_reverse:
+ parser.error("You cannot specify a --no-reverse option without the --ip-address option")
+ elif options.reverse_zone and options.no_reverse:
+ parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
+
# If any of the PKCS#12 options are selected, all are required. Create a
# list of the options and count it to enforce that all are required without
# having a huge set of it blocks.
@@ -255,6 +266,8 @@ def main():
if not bindinstance.dns_container_exists(api.env.host, api.env.basedn):
print "You can't add a DNS record because DNS is not set up."
sys.exit(1)
+ if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address):
+ sys.exit(1)
if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin:
sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
@@ -424,31 +437,21 @@ def main():
ip = options.ip_address
ip_address = str(ip)
- ip_prefixlen = ip.prefixlen
-
- if ip.defaultnet:
- revzone = ip.reverse_dns
- if ip.version == 4:
- prefix = 32
- dec = 8
- elif ip.version == 6:
- prefix = 128
- dec = 4
-
- while prefix > 0:
- dummy, dot, revzone = revzone.partition('.')
- prefix = prefix - dec
- if dns_zone_exists(revzone):
- break
-
- if prefix > 0:
- ip_prefixlen = prefix
- else:
- add_reverse_zone(ip_address, ip_prefixlen)
+
+ if options.reverse_zone:
+ reverse_zone = bindinstance.normalize_zone(options.reverse_zone)
+ else:
+ reverse_zone = bindinstance.find_reverse_zone(ip)
+ if reverse_zone is None and not options.no_reverse:
+ reverse_zone = bindinstance.get_reverse_zone_default(ip)
add_zone(domain)
add_fwd_rr(domain, name, ip_address)
- add_ptr_rr(ip_address, ip_prefixlen, replica_fqdn)
+
+ if reverse_zone is not None:
+ print "Using reverse zone %s" % reverse_zone
+ add_reverse_zone(reverse_zone)
+ add_ptr_rr(reverse_zone, ip_address, replica_fqdn)
try:
if not os.geteuid()==0: