On Tue, 25 Jan 2011 15:40:26 +0100
Jakub Hrozek <jhro...@redhat.com> wrote:

> On Tue, Jan 25, 2011 at 08:57:57AM -0500, Simo Sorce wrote:
> > On Mon, 24 Jan 2011 23:06:17 +0100
> > Jakub Hrozek <jhro...@redhat.com> wrote:
> > 
> > > On 01/23/2011 02:09 AM, Simo Sorce wrote:
> > > >
> > > > Do it always when the dns tree is available, even if the replica
> > > > being installed doesn't provide dns service itself.
> > > >
> > > > Ticket #824
> > > >
> > > > Simo.
> > > >
> > > 
> > > I tried applying this on top of both origin/master and 068 but did
> > > not succeed. Can you rebase, please?
> > 
> > Rebased on top of the new 0068
> > 
> > Simo.
> > 
> 
> I think you attached the wrong patch - the attachment is 68-02, not
> 69.

Sigh.
Right one attached now.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 616991da58f9bd64e0fe90dcd197bfd2b5725a02 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Fri, 21 Jan 2011 14:46:58 -0500
Subject: [PATCH 2/3] Always add DNS records when installing a replica

Even if the replica is not running a DNS server other replicas might.
So if the DNS container is present, then try to add DNS records.

Fixes: https://fedorahosted.org/freeipa/ticket/824
---
 install/tools/ipa-replica-install |   24 +++++++++++++--
 install/tools/ipa-replica-manage  |   16 ++++++++++
 ipaserver/install/bindinstance.py |   58 +++++++++++++++++++++++++++++++++++++
 3 files changed, 95 insertions(+), 3 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 69c0e7eac73d1f80bb900d13370e7d5e3325e1ed..b53ceeea4f7849a67facd46e7fbf3c2203ad7af5 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -245,6 +245,8 @@ def install_http(config):
             sys.exit(1)
 
 def install_bind(config, options):
+    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
+                              bind_pw=config.dirman_password)
     if options.forwarders:
         forwarders = options.forwarders
     else:
@@ -266,6 +268,23 @@ def install_bind(config, options):
                config.domain_name, forwarders, options.conf_ntp, create_reverse)
     bind.create_instance()
 
+def install_dns_records(config, options):
+
+    if not bindinstance.dns_container_exists(config.host_name,
+                                             util.realm_to_suffix(config.realm_name)):
+        return
+
+    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
+                              bind_pw=config.dirman_password)
+    bind = bindinstance.BindInstance(dm_password=config.dirman_password)
+    ip_address = resolve_host(config.host_name)
+    if not ip_address:
+        sys.exit("Unable to resolve IP address for host name")
+
+    bind.add_master_dns_records(config.host_name, ip_address,
+                                config.realm_name, config.domain_name,
+                                options.conf_ntp)
+
 def check_dirsrv():
     serverids = dsinstance.check_existing_installation()
     if serverids:
@@ -432,10 +451,9 @@ def main():
     service.restart("httpd")
 
     if options.setup_dns:
-        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
-                                  bind_pw=config.dirman_password)
-
         install_bind(config, options)
+    else:
+        install_dns_records(config, options)
 
     # Call client install script
     try:
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 20eb93c26748c71e097a38f40cb58c0215a643e1..8f0b7c59c75042d1b3b4dadbc9e53cd311434a5c 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -24,6 +24,7 @@ import traceback, logging
 
 from ipapython import ipautil
 from ipaserver.install import replication, dsinstance, installutils
+from ipaserver.install import bindinstance
 from ipaserver import ipaldap
 from ipapython import version
 from ipalib import api, errors, util
@@ -274,6 +275,21 @@ def del_master(realm, hostname, options):
         print "Failed to cleanup %s entries: %s" % (hostname, str(e))
         print "You may need to manually remove them from the tree"
 
+    # 5. And clean up the removed replica DNS entries if any.
+    try:
+        if bindinstance.dns_container_exists(options.host, thisrepl.suffix):
+            if options.dirman_passwd:
+                api.Backend.ldap2.connect(bind_dn='cn=Directory Manager',
+                                          bind_pw=options.dirman_passwd)
+            else:
+                ccache = krbV.default_context().default_ccache().name
+                api.Backend.ldap2.connect(ccache=ccache)
+            bind = bindinstance.BindInstance()
+            bind.remove_master_dns_records(hostname, realm, realm.lower())
+    except Exception, e:
+        print "Failed to cleanup %s DNS entries: %s" % (hostname, str(e))
+        print "You may need to manually remove them from the tree"
+
 def add_link(realm, replica1, replica2, dirman_passwd, options):
 
     if options.winsync:
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 4cf9f94c30858d404622f9bd7466ea42778d76cc..b84ba76b4c949401343ad2920617f8fffa933219 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -162,6 +162,23 @@ def add_ptr_rr(ip_address, fqdn, dns_backup=None):
     zone, name = get_reverse_zone(ip_address)
     add_rr(zone, name, "PTR", fqdn+".", dns_backup)
 
+def del_rr(zone, name, type, rdata):
+    delkw = { '%srecord' % unicode(type.lower()) : unicode(rdata) }
+    try:
+        api.Command.dnsrecord_del(unicode(zone), unicode(name), **delkw)
+    except (errors.NotFound, errors.EmptyModlist):
+        pass
+
+def get_rr(zone, name, type):
+    rectype = '%srecord' % unicode(type.lower())
+    ret = api.Command.dnsrecord_find(unicode(zone), unicode(name))
+    if ret['count'] > 0:
+        for r in ret['result']:
+            if rectype in r:
+                return r[rectype]
+
+    return []
+
 
 class DnsBackup(object):
     def __init__(self, service):
@@ -415,6 +432,47 @@ class BindInstance(service.Service):
         resolv_fd.write(resolv_txt)
         resolv_fd.close()
 
+    def add_master_dns_records(self, fqdn, ip_address,
+                               realm_name, domain_name, ntp=False):
+        self.fqdn = fqdn
+        self.ip_address = ip_address
+        self.realm = realm_name
+        self.domain = domain_name
+        self.host = fqdn.split(".")[0]
+        self.suffix = util.realm_to_suffix(self.realm)
+        self.ntp = ntp
+
+        self.__add_self()
+
+    def remove_master_dns_records(self, fqdn, realm_name, domain_name):
+        host = fqdn.split(".")[0]
+        suffix = util.realm_to_suffix(realm_name)
+
+        zone = domain_name
+        resource_records = (
+            ("_ldap._tcp", "SRV", "0 100 389 %s" % host),
+            ("_kerberos._tcp", "SRV", "0 100 88 %s" % host),
+            ("_kerberos._udp", "SRV", "0 100 88 %s" % host),
+            ("_kerberos-master._tcp", "SRV", "0 100 88 %s" % host),
+            ("_kerberos-master._udp", "SRV", "0 100 88 %s" % host),
+            ("_kpasswd._tcp", "SRV", "0 100 464 %s" % host),
+            ("_kpasswd._udp", "SRV", "0 100 464 %s" % host),
+            ("_ntp._udp", "SRV", "0 100 123 %s" % host),
+        )
+
+        for (record, type, rdata) in resource_records:
+            del_rr(zone, record, type, rdata)
+
+        areclist = get_rr(zone, host, "A")
+        if len(areclist) != 0:
+            for rdata in areclist:
+                del_rr(zone, host, "A", rdata)
+
+                rzone, record = get_reverse_zone(rdata)
+                if dns_zone_exists(rzone):
+                    del_rr(rzone, record, "PTR", fqdn+".")
+
+
     def uninstall(self):
         if self.is_configured():
             self.print_msg("Unconfiguring %s" % self.service_name)
-- 
1.7.3.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to