def _disable_dnssec():
fstore = sysrestore.FileStore(paths.SYSRESTORE)
ods = opendnssecinstance.OpenDNSSECInstance(fstore)
ods.realm = api.env.realm
ods_exporter = odsexporterinstance.ODSExporterInstance(fstore)
ods_exporter.realm = api.env.realm
# unconfigure services first
ods.uninstall() # needs keytab to flush the latest ods database
ods_exporter.uninstall()
ods.ldap_disable('DNSSEC', api.env.host, api.env.basedn)
ods.ldap_remove_service_container('DNSSEC', api.env.host, api.env.basedn)
ods_exporter.ldap_disable('DNSKeyExporter', api.env.host, api.env.basedn)
ods_exporter.remove_service()
ods_exporter.ldap_remove_service_container('DNSKeyExporter', api.env.host,
api.env.basedn)
conn = api.Backend.ldap2
dn = DN(('cn', 'DNSSEC'), ('cn', api.env.host), ('cn', 'masters'),
('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
try:
entry = conn.get_entry(dn)
except errors.NotFound:
pass
else:
ipa_config = entry.get('ipaConfigString', [])
if opendnssecinstance.KEYMASTER in ipa_config:
ipa_config.remove(opendnssecinstance.KEYMASTER)
conn.update_entry(entry)
def install(standalone, replica, options, api=api):
fstore = sysrestore.FileStore(paths.SYSRESTORE)
if standalone:
# otherwise this is done by server/replica installer
update_hosts_file(ip_addresses, api.env.host, fstore)
bind = bindinstance.BindInstance(fstore, api=api)
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
options.forwarders, options.forward_policy,
reverse_zones, zonemgr=options.zonemgr,
no_dnssec_validation=options.no_dnssec_validation)
if standalone and not options.unattended:
print("")
print("The following operations may take some minutes to complete.")
print("Please wait until the prompt is returned.")
print("")
bind.create_instance()
print("Restarting the web server to pick up resolv.conf changes")
services.knownservices.httpd.restart(capture_output=True)
# on dnssec master this must be installed last
dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore)
dnskeysyncd.create_instance(api.env.host, api.env.realm)
if options.dnssec_master:
ods = opendnssecinstance.OpenDNSSECInstance(fstore)
ods_exporter = odsexporterinstance.ODSExporterInstance(fstore)
ods_exporter.create_instance(api.env.host, api.env.realm)
ods.create_instance(api.env.host, api.env.realm,
kasp_db_file=options.kasp_db_file)
elif options.disable_dnssec_master:
_disable_dnssec()
dnskeysyncd.start_dnskeysyncd()
bind.start_named()
# this must be done when bind is started and operational
bind.update_system_records()
if standalone:
print("==============================================================================")
print("Setup complete")
print("")
bind.check_global_configuration()
print("")
print("")
print("\tYou must make sure these network ports are open:")
print("\t\tTCP Ports:")
print("\t\t * 53: bind")
print("\t\tUDP Ports:")
print("\t\t * 53: bind")
elif not standalone and replica:
print("")
bind.check_global_configuration()
print("")
def uninstall():
fstore = sysrestore.FileStore(paths.SYSRESTORE)
ods = opendnssecinstance.OpenDNSSECInstance(fstore)
if ods.is_configured():
ods.uninstall()
ods_exporter = odsexporterinstance.ODSExporterInstance(fstore)
if ods_exporter.is_configured():
ods_exporter.uninstall()
bind = bindinstance.BindInstance(fstore)
if bind.is_configured():
bind.uninstall()
dnskeysync = dnskeysyncinstance.DNSKeySyncInstance(fstore)
if dnskeysync.is_configured():
dnskeysync.uninstall()
