|
 |
760a2f |
From 0ed1632ac9f659734f9397c21d0b2de3c2c2d895 Mon Sep 17 00:00:00 2001
|
|
|
760a2f |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
760a2f |
Date: Tue, 15 Jan 2019 17:53:55 +0100
|
|
|
760a2f |
Subject: [PATCH] replica installation: add master record only if in managed
|
|
|
760a2f |
zone
|
|
|
760a2f |
|
|
|
760a2f |
Scenario: install a replica with DNS, whose IP address is part of a
|
|
|
760a2f |
forward zone.
|
|
|
760a2f |
Currently, the replica installation fails because the installer is
|
|
|
760a2f |
trying to add a A/AAAA record for the replica in the zone
|
|
|
760a2f |
when setting up the bind instance, and addition of records in a
|
|
|
760a2f |
forward zone is forbidden.
|
|
|
760a2f |
|
|
|
760a2f |
The bind installer should check if the IP address is in a master zone
|
|
|
760a2f |
(i.e. a DNS zone managed by IdM, not a forward zone), and avoid
|
|
|
760a2f |
creating the record if it's not the case.
|
|
|
760a2f |
|
|
|
760a2f |
During uninstallation, perform the same check before removing the
|
|
|
760a2f |
DNS record (if in a forward zone, no need to call dnsrecord-del).
|
|
|
760a2f |
Fixes: https://pagure.io/freeipa/issue/7369
|
|
|
760a2f |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
760a2f |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
760a2f |
---
|
|
|
760a2f |
ipaserver/install/bindinstance.py | 13 ++++++++++---
|
|
|
760a2f |
1 file changed, 10 insertions(+), 3 deletions(-)
|
|
|
760a2f |
|
|
|
760a2f |
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
|
|
|
760a2f |
index 7c858aab4417ccf3a4999fcaaa1c7e0f93464e4d..3b03e536117677f0f073fc1f06a28ebab0cfe006 100644
|
|
|
760a2f |
--- a/ipaserver/install/bindinstance.py
|
|
|
760a2f |
+++ b/ipaserver/install/bindinstance.py
|
|
|
760a2f |
@@ -844,10 +844,13 @@ class BindInstance(service.Service):
|
|
|
760a2f |
|
|
|
760a2f |
# Add forward and reverse records to self
|
|
|
760a2f |
for addr in addrs:
|
|
|
760a2f |
- try:
|
|
|
760a2f |
+ # Check first if the zone is a master zone
|
|
|
760a2f |
+ # (if it is a forward zone, dns_zone_exists will return False)
|
|
|
760a2f |
+ if dns_zone_exists(zone, api=self.api):
|
|
|
760a2f |
add_fwd_rr(zone, host, addr, self.api)
|
|
|
760a2f |
- except errors.NotFound:
|
|
|
760a2f |
- pass
|
|
|
760a2f |
+ else:
|
|
|
760a2f |
+ logger.debug("Skip adding record %s to a zone %s "
|
|
|
760a2f |
+ "not managed by IPA", addr, zone)
|
|
|
760a2f |
|
|
|
760a2f |
reverse_zone = find_reverse_zone(addr, self.api)
|
|
|
760a2f |
if reverse_zone:
|
|
|
760a2f |
@@ -1063,6 +1066,10 @@ class BindInstance(service.Service):
|
|
|
760a2f |
self.fqdn = fqdn
|
|
|
760a2f |
self.domain = domain_name
|
|
|
760a2f |
|
|
|
760a2f |
+ if not dns_zone_exists(zone, api=self.api):
|
|
|
760a2f |
+ # Zone may be a forward zone, skip update
|
|
|
760a2f |
+ return
|
|
|
760a2f |
+
|
|
|
760a2f |
areclist = get_fwd_rr(zone, host, api=self.api)
|
|
|
760a2f |
for rdata in areclist:
|
|
|
760a2f |
del_fwd_rr(zone, host, rdata, api=self.api)
|
|
|
760a2f |
--
|
|
|
760a2f |
2.20.1
|
|
|
760a2f |
|