Hi,
these three patches should make sure that we add dns records the right
way. It will also serve for the ipa-dns-install command that's almost
ready, patch will be coming soon.

Thanks
Martin
>From edbd834dab63b86c04d9b1bb736c64cda3e38b2a Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Thu, 3 Dec 2009 16:32:56 +0100
Subject: [PATCH 1/3] Move api finalization in ipa-server-install after writing default.conf

We will need to have ipalib correctly configured before we start
installing DNS entries with api.Command.dns.
---
 install/tools/ipa-server-install |   45 ++++++++++++++++++-------------------
 1 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 0694d6e..21bead1 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -481,18 +481,12 @@ def main():
     fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
 
+    # Configuration for ipalib, we will bootstrap and finalize later, after
+    # we are sure we have the configuration file ready.
     cfg = dict(
         in_server=True,
-        webui_assets_dir=ASSETS_DIR,
         debug=options.debug
     )
-    if not options.uninstall:
-        if options.ca:
-            cfg['ra_plugin'] = 'dogtag'
-        else:
-            cfg['ra_plugin'] = 'selfsign'
-    api.bootstrap(**cfg)
-    api.finalize()
 
     if options.uninstall:
         if not options.unattended:
@@ -502,6 +496,8 @@ def main():
                 print "Aborting uninstall operation."
                 sys.exit(1)
 
+        api.bootstrap(**cfg)
+        api.finalize()
         return uninstall(not certs.ipa_self_signed())
 
     # This will override any settings passed in on the cmdline
@@ -662,6 +658,24 @@ def main():
     else:
         dns_forwarders = ()
 
+    # Create the management framework config file and finalize api
+    fstore.backup_file("/etc/ipa/default.conf")
+    fd = open("/etc/ipa/default.conf", "w")
+    fd.write("[global]\n")
+    fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
+    fd.write("realm=" + realm_name + "\n")
+    fd.write("domain=" + domain_name + "\n")
+    fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % host_name)
+    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
+    fd.write("enable_ra=True\n")
+    if options.ca:
+        fd.write("ra_plugin=dogtag\n")
+    fd.write('webui_assets_dir=' + ASSETS_DIR + '\n')
+    fd.close()
+
+    api.bootstrap(**cfg)
+    api.finalize()
+
     if not options.unattended:
         print ""
         print "The following operations may take some minutes to complete."
@@ -749,21 +763,6 @@ def main():
         http.create_instance(realm_name, host_name, domain_name, autoconfig=True, self_signed_ca=not options.ca)
     ipautil.run(["/sbin/restorecon", "/var/cache/ipa/sessions"])
 
-    # Create the management framework config file
-    fstore.backup_file("/etc/ipa/default.conf")
-    fd = open("/etc/ipa/default.conf", "w")
-    fd.write("[global]\n")
-    fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
-    fd.write("realm=" + realm_name + "\n")
-    fd.write("domain=" + domain_name + "\n")
-    fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % host_name)
-    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
-    fd.write("enable_ra=True\n")
-    if options.ca:
-        fd.write("ra_plugin=dogtag\n")
-    fd.write('webui_assets_dir=' + ASSETS_DIR + '\n')
-    fd.close()
-
     # Apply any LDAP updates. Needs to be done after the configuration file
     # is created
     service.print_msg("Applying LDAP updates")
-- 
1.6.2.5

>From c601970aff98645e5c9d82b490d5b90acb26313f Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Tue, 10 Nov 2009 13:21:09 +0100
Subject: [PATCH 2/3] Use the dns plug-in for addition of records during installation

Fixes #528943
---
 install/share/Makefile.am         |    1 -
 install/share/dns.ldif            |   88 ----------------------------
 install/share/dns_reverse.ldif    |   24 --------
 ipaserver/install/bindinstance.py |  113 ++++++++++++++++++++++++++----------
 4 files changed, 81 insertions(+), 145 deletions(-)
 delete mode 100644 install/share/dns_reverse.ldif

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index b74f990..e3e7cf6 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -16,7 +16,6 @@ app_DATA =				\
 	default-keytypes.ldif		\
 	delegation.ldif			\
 	dns.ldif			\
-	dns_reverse.ldif		\
 	kerberos.ldif			\
 	indices.ldif			\
 	bind.named.conf.template	\
diff --git a/install/share/dns.ldif b/install/share/dns.ldif
index 8ce9d69..cb783b8 100644
--- a/install/share/dns.ldif
+++ b/install/share/dns.ldif
@@ -4,91 +4,3 @@ objectClass: nsContainer
 objectClass: top
 cn: dns
 aci: (targetfilter = "(objectClass=idnsRecord)")(targetattr != "aci")(version 3.0; acl "DNS Servers Updates"; allow (add,write,delete) groupdn = "ldap:///cn=update_dns,cn=taskgroups,cn=accounts,$SUFFIX";;)
-
-dn: idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: top
-objectClass: idnsZone
-objectClass: idnsRecord
-idnsName: $DOMAIN
-idnsZoneActive: TRUE
-idnsAllowDynUpdate: TRUE
-idnsUpdatePolicy: grant $REALM krb5-self * A;
-idnsSOAmName: $FQDN.
-idnsSOArName: root.$FQDN.
-idnsSOAserial: 1
-idnsSOArefresh: 10800
-idnsSOAretry: 900
-idnsSOAexpire: 604800
-idnsSOAminimum: 86400
-NSRecord: $HOST
-
-dn: idnsName=$HOST,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: $HOST
-ARecord: $IP
-
-dn: idnsName=_ldap._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _ldap._tcp
-SRVRecord: 0 100 389 $HOST
-
-dn: idnsName=_kerberos,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kerberos
-TXTRecord: $REALM
-
-dn: idnsName=_kerberos._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kerberos._tcp
-SRVRecord: 0 100 88 $HOST
-
-dn: idnsName=_kerberos._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kerberos._udp
-SRVRecord: 0 100 88 $HOST
-
-dn: idnsName=_kerberos-master._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kerberos-master._tcp
-SRVRecord: 0 100 88 $HOST
-
-dn: idnsName=_kerberos-master._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kerberos-master._udp
-SRVRecord: 0 100 88 $HOST
-
-dn: idnsName=_kpasswd._tcp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kpasswd._tcp
-SRVRecord: 0 100 464 $HOST
-
-dn: idnsName=_kpasswd._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _kpasswd._udp
-SRVRecord: 0 100 464 $HOST
-
-dn: idnsName=_ntp._udp,idnsName=$DOMAIN,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: _ntp._udp
-SRVRecord: 0 100 123 $HOST
diff --git a/install/share/dns_reverse.ldif b/install/share/dns_reverse.ldif
deleted file mode 100644
index 02d45a4..0000000
--- a/install/share/dns_reverse.ldif
+++ /dev/null
@@ -1,24 +0,0 @@
-dn: idnsName=$REVERSE_SUBNET.in-addr.arpa,cn=dns,$SUFFIX
-changetype: add
-objectClass: top
-objectClass: idnsZone
-objectClass: idnsRecord
-idnsName: $REVERSE_SUBNET.in-addr.arpa
-idnsZoneActive: TRUE
-idnsAllowDynUpdate: TRUE
-idnsUpdatePolicy: grant $REALM krb5-subdomain $REVERSE_SUBNET.in-addr.arpa. PTR;
-idnsSOAmName: $FQDN.
-idnsSOArName: root.$FQDN.
-idnsSOAserial: 1
-idnsSOArefresh: 10800
-idnsSOAretry: 900
-idnsSOAexpire: 604800
-idnsSOAminimum: 86400
-NSRecord: $FQDN.
-
-dn: idnsName=$REVERSE_HOST,idnsName=$REVERSE_SUBNET.in-addr.arpa,cn=dns,$SUFFIX
-changetype: add
-objectClass: idnsRecord
-objectClass: top
-idnsName: $REVERSE_HOST
-PTRRecord: $FQDN.
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index e2edcd3..54cddc9 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -28,6 +28,8 @@ import service
 from ipaserver import ipaldap
 from ipapython import sysrestore
 from ipapython import ipautil
+
+import ipalib
 from ipalib import api, util
 
 def check_inst(unattended):
@@ -51,6 +53,57 @@ def check_inst(unattended):
 
     return True
 
+def get_reverse_zone(ip_address):
+    tmp = ip_address.split(".")
+    tmp.reverse()
+    name = tmp.pop(0)
+    zone = ".".join(tmp) + ".in-addr.arpa" 
+
+    return zone, name
+
+def add_zone(name, update_policy=None):
+    if not update_policy:
+        update_policy = "grant %s krb5-self * A;" % api.env.realm
+
+    try:
+        api.Command.dns_add(unicode(name),
+                            idnssoamname=unicode(api.env.host),
+                            idnsallowdynupdate=True,
+                            idnsupdatepolicy=unicode(update_policy))
+    except ipalib.errors.DuplicateEntry:
+        pass
+
+    add_rr(name, "@", "NS", api.env.host+".")
+
+    return name
+
+def add_reverze_zone(ip_address, update_policy=None):
+    zone, name = get_reverse_zone(ip_address)
+    if not update_policy:
+        update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone)
+    try:
+        api.Command.dns_add(unicode(zone),
+                            idnssoamname=unicode(api.env.host),
+                            idnsallowdynupdate=True,
+                            idnsupdatepolicy=unicode(update_policy))
+    except ipalib.errors.DuplicateEntry:
+        pass
+
+    add_rr(zone, "@", "NS", api.env.host)
+
+    return zone
+
+def add_rr(zone, name, type, rdata):
+    try:
+        api.Command.dns_add_rr(unicode(zone), unicode(name),
+                               unicode(type), unicode(rdata))
+    except ipalib.errors.DuplicateEntry:
+        pass
+
+def add_ptr_rr(ip_address, fqdn):
+    zone, name = get_reverse_zone(ip_address)
+    add_rr(zone, name, "PTR", fqdn+".")
+
 class BindInstance(service.Service):
     def __init__(self, fstore=None, dm_password=None):
         service.Service.__init__(self, "named", dm_password=dm_password)
@@ -101,6 +154,8 @@ class BindInstance(service.Service):
             pass
 
         self.__add_zone_steps()
+        self.step("setting up our zone", self.__setup_zone)
+        self.step("setting up reverse zone", self.__setup_reverse_zone)
 
         self.step("setting up kerberos principal", self.__setup_principal)
         self.step("setting up named.conf", self.__setup_named_conf)
@@ -113,8 +168,7 @@ class BindInstance(service.Service):
 
     def __add_zone_steps(self):
         """
-        Add steps necessary to add records and zones, if they don't exist
-        already.
+        Add a DNS container if it doesn't exist.
         """
 
         def object_exists(dn):
@@ -128,23 +182,11 @@ class BindInstance(service.Service):
             else:
                 return True
 
-        zone_dn = "idnsName=%s,cn=dns,%s" % (self.domain, self.suffix)
-        reverse_zone_dn = "idnsName=%s.in-addr.arpa,cn=dns,%s" % (self.reverse_subnet, self.suffix)
-        a_rr_dn = "idnsName=%s,%s" % (self.host, zone_dn)
-        ptr_rr_dn = "idnsName=%s,%s" % (self.reverse_host, reverse_zone_dn)
-
         server = ldap.initialize("ldap://"; + self.fqdn)
         server.simple_bind_s()
-        if object_exists(zone_dn):
-            if not object_exists(a_rr_dn):
-                self.step("adding our A record", self.__setup_a_record)
-        else:
-            self.step("setting up our zone", self.__setup_zone)
-        if object_exists(reverse_zone_dn):
-            if not object_exists(ptr_rr_dn):
-                self.step("adding our PTR record", self.__setup_ptr_record)
-        else:
-            self.step("setting up reverse zone", self.__setup_reverse_zone)
+
+        if not object_exists("cn=dns,%s" % self.suffix):
+            self.step("adding DNS container", self.__setup_dns_container)
 
         server.unbind_s()
 
@@ -174,25 +216,32 @@ class BindInstance(service.Service):
                              HOST=self.host,
                              REALM=self.realm,
                              FORWARDERS=fwds,
-                             SUFFIX=self.suffix,
-                             REVERSE_HOST=self.reverse_host,
-                             REVERSE_SUBNET=self.reverse_subnet)
+                             SUFFIX=self.suffix)
 
-    def __setup_zone(self):
-        self.backup_state("domain", self.domain)
+    def __setup_dns_container(self):
         self._ldap_mod("dns.ldif", self.sub_dict)
 
-    def __setup_reverse_zone(self):
-        self._ldap_mod("dns_reverse.ldif", self.sub_dict)
-
-    def __setup_a_record(self):
-        api.Command.dns_add_rr(unicode(self.domain), unicode(self.host),
-                               u'A', unicode(self.ip_address))
+    def __setup_zone(self):
+        resource_records = (
+            (self.host, "A", self.ip_address),
+            ("_ldap._tcp", "SRV", "0 100 389 %s" % self.host),
+            ("_kerberos", "TXT", self.realm),
+            ("_kerberos._tcp", "SRV", "0 100 88 %s" % self.host),
+            ("_kerberos._udp", "SRV", "0 100 88 %s" % self.host),
+            ("_kerberos-master._tcp", "SRV", "0 100 88 %s" % self.host),
+            ("_kerberos-master._udp", "SRV", "0 100 88 %s" % self.host),
+            ("_kpasswd._tcp", "SRV", "0 100 464 %s" % self.host),
+            ("_kpasswd._udp", "SRV", "0 100 464 %s" % self.host),
+        )
+
+        zone = add_zone(self.domain)
+        for (host, type, rdata) in resource_records:
+            add_rr(zone, host, type, rdata)
+        add_rr(zone, "_ntp._udp", "SRV", "0 100 123 "+self.host)
 
-    def __setup_ptr_record(self):
-        api.Command.dns_add_rr(unicode(self.reverse_subnet + ".in-addr.arpa"),
-                               unicode(self.reverse_host), u'PTR',
-                               unicode(self.host))
+    def __setup_reverse_zone(self):
+        add_reverze_zone(self.ip_address)
+        add_ptr_rr(self.ip_address, self.fqdn)
 
     def __setup_principal(self):
         dns_principal = "DNS/" + self.fqdn + "@" + self.realm
-- 
1.6.2.5

>From 03c29a3e6fbc4d60f7fed184bab19b07d433b7d1 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Tue, 10 Nov 2009 15:16:38 +0100
Subject: [PATCH 3/3] Only add an NTP SRV record if we really are setting up NTP

The sample bind zone file that is generated if we don't use --setup-dns
is also changed.

Fixes #500238
---
 install/share/bind.zone.db.template |    4 +---
 install/tools/ipa-replica-install   |    3 ++-
 install/tools/ipa-server-install    |    2 +-
 ipaserver/install/bindinstance.py   |   15 ++++++++++++---
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/install/share/bind.zone.db.template b/install/share/bind.zone.db.template
index b3aa7b9..71fa10b 100644
--- a/install/share/bind.zone.db.template
+++ b/install/share/bind.zone.db.template
@@ -23,6 +23,4 @@ _kerberos-master._tcp	IN SRV 0 100 88		$HOST
 _kerberos-master._udp	IN SRV 0 100 88		$HOST
 _kpasswd._tcp		IN SRV 0 100 464	$HOST
 _kpasswd._udp		IN SRV 0 100 464	$HOST
-
-;ntp server
-_ntp._udp		IN SRV 0 100 123	$HOST
+$OPTIONAL_NTP
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 33d3726..5dfa8c4 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -218,7 +218,8 @@ def install_bind(config, options):
         forwarders = ()
     bind = bindinstance.BindInstance(dm_password=config.dirman_password)
     ip_address = resolve_host(config.host_name)
-    bind.setup(config.host_name, ip_address, config.realm_name, config.domain_name, forwarders)
+    bind.setup(config.host_name, ip_address, config.realm_name,
+               config.domain_name, forwarders, options.conf_ntp)
     bind.create_instance()
 
 def check_dirsrv():
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 21bead1..abc7214 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -781,7 +781,7 @@ def main():
 
     # Create a BIND instance
     bind = bindinstance.BindInstance(fstore, dm_password)
-    bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
+    bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp)
     if options.setup_dns:
         api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
 
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 54cddc9..f96a1c4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -121,7 +121,7 @@ class BindInstance(service.Service):
         else:
             self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
-    def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, named_user="named"):
+    def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, named_user="named"):
         self.named_user = named_user
         self.fqdn = fqdn
         self.ip_address = ip_address
@@ -130,6 +130,7 @@ class BindInstance(service.Service):
         self.forwarders = forwarders
         self.host = fqdn.split(".")[0]
         self.suffix = util.realm_to_suffix(self.realm)
+        self.ntp = ntp
 
         tmp = ip_address.split(".")
         tmp.reverse()
@@ -210,13 +211,20 @@ class BindInstance(service.Service):
         else:
             fwds = " "
 
+        if self.ntp:
+            optional_ntp =  "\n;ntp server\n"
+            optional_ntp += "_ntp._udp\t\tIN SRV 0 100 123\t%s""" % self.host
+        else:
+            optional_ntp = ""
+
         self.sub_dict = dict(FQDN=self.fqdn,
                              IP=self.ip_address,
                              DOMAIN=self.domain,
                              HOST=self.host,
                              REALM=self.realm,
                              FORWARDERS=fwds,
-                             SUFFIX=self.suffix)
+                             SUFFIX=self.suffix,
+                             OPTIONAL_NTP=optional_ntp)
 
     def __setup_dns_container(self):
         self._ldap_mod("dns.ldif", self.sub_dict)
@@ -237,7 +245,8 @@ class BindInstance(service.Service):
         zone = add_zone(self.domain)
         for (host, type, rdata) in resource_records:
             add_rr(zone, host, type, rdata)
-        add_rr(zone, "_ntp._udp", "SRV", "0 100 123 "+self.host)
+        if self.ntp:
+            add_rr(zone, "_ntp._udp", "SRV", "0 100 123 "+self.host)
 
     def __setup_reverse_zone(self):
         add_reverze_zone(self.ip_address)
-- 
1.6.2.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to