The Identity, Policy and Audit system
CentOS Sources
2016-11-03 403b09ab980c02ef36095973349a13e0181c794a
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
From caceb3a08644dae0ecae05a5b1f18b91a522356d Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Thu, 14 Jul 2016 17:14:59 +0200
Subject: [PATCH] DNS install: Ensure that DNS servers container exists
 
during DNS installation it is assumed that the cn=servers,cn=dns container is
always present in LDAP backend when migrating DNS server info to LDAP.
 
This may not always be the case (e.g. when a new replica is set up against
older master) so the code must take additional steps to ensure this container
is present.
 
https://fedorahosted.org/freeipa/ticket/6083
 
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/bindinstance.py | 21 +++++++++++++++++++++
 ipaserver/install/plugins/dns.py  | 13 ++-----------
 2 files changed, 23 insertions(+), 11 deletions(-)
 
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index f4ed63141cf25dfcfdc72d37d6ff4563e4acccf1..844fb04a9d9feca936211964b75a0b3468ba663b 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -546,6 +546,26 @@ def remove_master_dns_records(hostname, realm):
     bind.remove_server_ns_records(hostname)
 
 
+def ensure_dnsserver_container_exists(ldap, api_instance, logger=None):
+    """
+    Create cn=servers,cn=dns,$SUFFIX container. If logger is not None, emit a
+    message that the container already exists when DuplicateEntry is raised
+    """
+
+    entry = ldap.make_entry(
+        DN(api_instance.env.container_dnsservers, api_instance.env.basedn),
+        {
+            u'objectclass': [u'top', u'nsContainer'],
+            u'cn': [u'servers']
+        }
+    )
+    try:
+        ldap.add_entry(entry)
+    except errors.DuplicateEntry:
+        if logger is not None:
+            logger.debug('cn=servers,cn=dns container already exists')
+
+
 class DnsBackup(object):
     def __init__(self, service):
         self.service = service
@@ -942,6 +962,7 @@ class BindInstance(service.Service):
         )
 
     def __setup_server_configuration(self):
+        ensure_dnsserver_container_exists(self.admin_conn, self.api)
         try:
             self.api.Command.dnsserver_add(
                 self.fqdn, idnssoamname=DNSName(self.fqdn).make_absolute(),
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index 4fa30661e40748cd32cb25c232168191db20c461..32247eedbac7fc7e00c7277ef0bc593a74cd22e4 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -29,6 +29,7 @@ from ipapython.dn import DN
 from ipapython import dnsutil
 from ipapython.ipa_log_manager import root_logger
 from ipaserver.install import sysupgrade
+from ipaserver.install.bindinstance import ensure_dnsserver_container_exists
 from ipaserver.plugins.dns import dns_container_exists
 
 register = Registry()
@@ -521,17 +522,7 @@ class update_dnsserver_configuration_into_ldap(DNSUpdater):
             return False, []
 
         # create container first, if doesn't exist
-        entry = ldap.make_entry(
-            DN(self.api.env.container_dnsservers, self.api.env.basedn),
-            {
-                u'objectclass': [u'top', u'nsContainer'],
-                u'cn': [u'servers']
-            }
-        )
-        try:
-            ldap.add_entry(entry)
-        except errors.DuplicateEntry:
-            self.log.debug('cn=dnsservers container already exists')
+        ensure_dnsserver_container_exists(ldap, self.api, logger=self.log)
 
         try:
             self.api.Command.dnsserver_add(self.api.env.host)
-- 
2.7.4