1 files changed, 29 insertions, 25 deletions

diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index c690544fa..dbbffe321 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -727,31 +727,35 @@ def migrate_crl_publish_dir(ca):
                      'request pki-ca restart')
     return True
 
-def add_server_cname_records():
-    root_logger.info('[Add missing server CNAME records]')
+def add_ca_dns_records():
+    root_logger.info('[Add missing CA DNS records]')
 
-    if not sysupgrade.get_upgrade_state('dns', 'ipa_ca_cname'):
-        try:
-            api.Backend.ldap2.connect(autobind=True)
-        except ipalib.errors.PublicError, e:
-            root_logger.error("Cannot connect to LDAP to add DNS records: %s", e)
-        else:
-            ret = api.Command['dns_is_enabled']()
-            if not ret['result']:
-                root_logger.info('DNS is not configured')
-                sysupgrade.set_upgrade_state('dns', 'ipa_ca_cname', True)
-                return
-
-            bind = bindinstance.BindInstance()
-            # DNS is enabled, so let bindinstance find out if CA is enabled
-            # and let it add the CNAME in that case
-            bind.add_ipa_ca_cname(api.env.host, api.env.domain, ca_configured=None)
-            sysupgrade.set_upgrade_state('dns', 'ipa_ca_cname', True)
-        finally:
-            if api.Backend.ldap2.isconnected():
-                 api.Backend.ldap2.disconnect()
-    else:
-        root_logger.info('IPA CA CNAME already processed')
+    if sysupgrade.get_upgrade_state('dns', 'ipa_ca_records'):
+        root_logger.info('IPA CA DNS records already processed')
+        return
+
+    try:
+        api.Backend.ldap2.connect(autobind=True)
+    except ipalib.errors.PublicError, e:
+        root_logger.error("Cannot connect to LDAP to add DNS records: %s", e)
+        return
+
+    ret = api.Command['dns_is_enabled']()
+    if not ret['result']:
+        root_logger.info('DNS is not configured')
+        sysupgrade.set_upgrade_state('dns', 'ipa_ca_records', True)
+        return
+
+    bind = bindinstance.BindInstance()
+
+    bind.convert_ipa_ca_cnames(api.env.domain)
+
+    # DNS is enabled, so let bindinstance find out if CA is enabled
+    # and let it add the record in that case
+    bind.add_ipa_ca_dns_records(api.env.host, api.env.domain,
+                                ca_configured=None)
+
+    sysupgrade.set_upgrade_state('dns', 'ipa_ca_records', True)
 
 def main():
     """
@@ -845,7 +849,7 @@ def main():
 
     cleanup_kdc(fstore)
     setup_firefox_extension(fstore)
-    add_server_cname_records()
+    add_ca_dns_records()
     changed_psearch = named_enable_psearch()
     changed_autoincrement = named_enable_serial_autoincrement()
     changed_gssapi_conf = named_update_gssapi_configuration()