def render(self, session, dns_environment, comments, **arguments): validate_basic("DNS environment", dns_environment) DnsEnvironment.get_unique(session, dns_environment, preclude=True) db_dnsenv = DnsEnvironment(name=dns_environment, comments=comments) session.add(db_dnsenv) session.flush() return
def render(self, session, network_environment, dns_environment, comments, **arguments): validate_basic("network environment", network_environment) NetworkEnvironment.get_unique(session, network_environment, preclude=True) dbdns_env = DnsEnvironment.get_unique(session, dns_environment, compel=True) # Currently input.xml lists --building only, but that may change location = get_location(session, **arguments) dbnet_env = NetworkEnvironment(name=network_environment, dns_environment=dbdns_env, location=location, comments=comments) if dbdns_env.is_default != dbnet_env.is_default: raise ArgumentError("Only the default network environment may be " "associated with the default DNS environment.") session.add(dbnet_env) session.flush() return
def render(self, session, dns_environment, **arguments): db_dnsenv = DnsEnvironment.get_unique(session, dns_environment, compel=True) if db_dnsenv.is_default: raise ArgumentError("{0} is the default DNS environment, " "therefore it cannot be deleted." .format(db_dnsenv)) q = session.query(Fqdn) q = q.filter_by(dns_environment=db_dnsenv) if q.first(): raise ArgumentError("{0} is still in use by DNS records, and " "cannot be deleted.".format(db_dnsenv)) q = session.query(RouterAddress) q = q.filter_by(dns_environment=db_dnsenv) if q.first(): raise ArgumentError("{0} is still in use by routers, and " "cannot be deleted.".format(db_dnsenv)) q = session.query(AddressAssignment) q = q.filter_by(dns_environment=db_dnsenv) if q.first(): raise ArgumentError("{0} is still in use by address assignments, " "and cannot be deleted.".format(db_dnsenv)) session.delete(db_dnsenv) session.flush() return
def get_net_dns_env(session, network_environment=None, dns_environment=None): dbnet_env = NetworkEnvironment.get_unique_or_default( session, network_environment) if dns_environment: dbdns_env = DnsEnvironment.get_unique(session, dns_environment, compel=True) else: dbdns_env = dbnet_env.dns_environment return (dbnet_env, dbdns_env)
def get_net_dns_env(session, network_environment=None, dns_environment=None): dbnet_env = NetworkEnvironment.get_unique_or_default(session, network_environment) if dns_environment: dbdns_env = DnsEnvironment.get_unique(session, dns_environment, compel=True) else: dbdns_env = dbnet_env.dns_environment return (dbnet_env, dbdns_env)
def render(self, session, network_environment, dns_environment, comments, **arguments): validate_nlist_key("network environment", network_environment) NetworkEnvironment.get_unique(session, network_environment, preclude=True) dbdns_env = DnsEnvironment.get_unique(session, dns_environment, compel=True) # Currently input.xml lists --building only, but that may change location = get_location(session, **arguments) dbnet_env = NetworkEnvironment(name=network_environment, dns_environment=dbdns_env, location=location, comments=comments) if dbdns_env.is_default != dbnet_env.is_default: raise ArgumentError("Only the default network environment may be " "associated with the default DNS environment.") session.add(dbnet_env) session.flush() return
def render(self, session, dns_environment, **arguments): return DnsEnvironment.get_unique(session, dns_environment, compel=True, query_options=[undefer("comments")])
def render(self, session, logger, fqdn, ip, dns_environment, network_environment, **arguments): if network_environment: if not isinstance(network_environment, NetworkEnvironment): network_environment = NetworkEnvironment.get_unique_or_default(session, network_environment) if not dns_environment: dns_environment = network_environment.dns_environment dbdns_env = DnsEnvironment.get_unique(session, dns_environment, compel=True) with DeleteKey("system", logger=logger): # We can't use get_unique() here, since we always want to filter by # DNS environment, even if no FQDN was given q = session.query(ARecord) if ip: q = q.filter_by(ip=ip) q = q.join(ARecord.fqdn) q = q.options(contains_eager('fqdn')) q = q.filter_by(dns_environment=dbdns_env) if fqdn: (name, dbdns_domain) = parse_fqdn(session, fqdn) q = q.filter_by(name=name) q = q.filter_by(dns_domain=dbdns_domain) try: dbaddress = q.one() except NoResultFound: parts = [] if fqdn: parts.append(fqdn) if ip: parts.append("ip %s" % ip) raise NotFoundException("DNS Record %s not found." % ", ".join(parts)) except MultipleResultsFound: parts = [] if fqdn: parts.append(fqdn) if ip: parts.append("ip %s" % ip) raise NotFoundException("DNS Record %s is not unique." % ", ".join(parts)) if dbaddress.hardware_entity: raise ArgumentError("DNS Record {0:a} is the primary name of " "{1:l}, therefore it cannot be " "deleted.".format(dbaddress, dbaddress.hardware_entity)) if dbaddress.service_address: # TODO: print the holder object raise ArgumentError("DNS Record {0:a} is used as a service " "address, therefore it cannot be deleted." .format(dbaddress)) # Do not allow deleting the DNS record if the IP address is still in # use - except if there are other DNS records having the same # address if dbaddress.assignments: last_use = [] # FIXME: race condition here, we should use # SELECT ... FOR UPDATE for addr in dbaddress.assignments: if len(addr.dns_records) == 1: last_use.append(addr) if last_use: users = " ,".join([format(addr.interface, "l") for addr in last_use]) raise ArgumentError("IP address %s is still in use by %s." % (ip, users)) ip = dbaddress.ip old_fqdn = str(dbaddress.fqdn) old_comments = dbaddress.comments delete_dns_record(dbaddress) session.flush() if dbdns_env.is_default: dsdb_runner = DSDBRunner(logger=logger) dsdb_runner.delete_host_details(old_fqdn, ip, comments=old_comments) dsdb_runner.commit_or_rollback() return
def grab_address(session, fqdn, ip, network_environment=None, dns_environment=None, comments=None, allow_restricted_domain=False, allow_multi=False, allow_reserved=False, relaxed=False, preclude=False): """ Take ownership of an address. This is a bit complicated because due to DNS propagation delays, we want to allow users to pre-define a DNS address and then assign the address to a host later. Parameters: session: SQLA session handle fqdn: the name to allocate/take over ip: the IP address to allocate/take over network_environment: where the IP address lives dns_enviromnent: where the FQDN lives comments: any comments to attach to the DNS record if it is created as new allow_restricted_domain: if True, adding entries to restricted DNS domains is allowed, otherwise it is denied. Default is False. allow_multi: if True, allow the same FQDN to be added multiple times with different IP addresses. Deault is False. allow_reserved: if True, allow creating a ReservedName instead of an ARecord if no IP address was specified. Default is False. preclude: if True, forbid taking over an existing DNS record, even if it is not referenced by any AddressAssignment records. Default is False. """ if not isinstance(network_environment, NetworkEnvironment): network_environment = NetworkEnvironment.get_unique_or_default( session, network_environment) if not dns_environment: dns_environment = network_environment.dns_environment elif not isinstance(dns_environment, DnsEnvironment): dns_environment = DnsEnvironment.get_unique(session, dns_environment, compel=True) # Non-default DNS environments may contain anything, but we want to keep # the internal environment clean if dns_environment.is_default and not network_environment.is_default: raise ArgumentError("Entering external IP addresses to the " "internal DNS environment is not allowed.") short, dbdns_domain = parse_fqdn(session, fqdn) # Lock the domain to prevent adding/deleting records while we're checking # FQDN etc. availability dbdns_domain.lock_row() if dbdns_domain.restricted and not allow_restricted_domain: raise ArgumentError("{0} is restricted, adding extra addresses " "is not allowed.".format(dbdns_domain)) dbfqdn = Fqdn.get_or_create(session, dns_environment=dns_environment, name=short, dns_domain=dbdns_domain, query_options=[joinedload('dns_records')]) existing_record = None newly_created = False if ip: dbnetwork = get_net_id_from_ip(session, ip, network_environment) check_ip_restrictions(dbnetwork, ip, relaxed=relaxed) dbnetwork.lock_row() # No filtering on DNS environment. If an address is dynamic in one # environment, it should not be considered static in a different # environment. q = session.query(DynamicStub) q = q.filter_by(network=dbnetwork) q = q.filter_by(ip=ip) dbdns_rec = q.first() _forbid_dyndns(dbdns_rec) # Verify that no other record uses the same IP address, this time taking # the DNS environemt into consideration. # While the DNS would allow different A records to point to the same IP # address, the current user expectation is that creating a DNS entry # also counts as a reservation, so we can not allow this use case. If we # want to implement such a feature later, the best way would be to # subclass Alias and let that subclass emit an A record instead of a # CNAME when the dump_dns command is called. q = session.query(ARecord) q = q.filter_by(network=dbnetwork) q = q.filter_by(ip=ip) q = q.join(ARecord.fqdn) q = q.filter_by(dns_environment=dns_environment) dbrecords = q.all() if dbrecords and len(dbrecords) > 1: # pragma: no cover # We're just trying to make sure this never happens raise AquilonError( "IP address %s is referenced by multiple " "DNS records: %s" % (ip, ", ".join([format(rec, "a") for rec in dbrecords]))) if dbrecords and dbrecords[0].fqdn != dbfqdn: raise ArgumentError( "IP address {0} is already in use by {1:l}.".format( ip, dbrecords[0])) # Check if the name is used already for dbdns_rec in dbfqdn.dns_records: if isinstance(dbdns_rec, ARecord): _forbid_dyndns(dbdns_rec) _check_netenv_compat(dbdns_rec, network_environment) if dbdns_rec.ip == ip and dbdns_rec.network == dbnetwork: existing_record = dbdns_rec elif not allow_multi: raise ArgumentError( "{0} points to a different IP address.".format( dbdns_rec)) elif isinstance(dbdns_rec, ReservedName): existing_record = convert_reserved_to_arecord( session, dbdns_rec, dbnetwork, ip) newly_created = True else: # Exclude aliases etc. raise ArgumentError( "{0} cannot be used for address assignment.".format( dbdns_rec)) if not existing_record: existing_record = ARecord(fqdn=dbfqdn, ip=ip, network=dbnetwork, comments=comments) session.add(existing_record) newly_created = True else: if not dbfqdn.dns_records: # There's no IP, and the name did not exist before. Create a # reservation, but only if the caller allowed that use case. if not allow_reserved: raise ArgumentError("DNS Record %s does not exist." % dbfqdn) existing_record = ReservedName(fqdn=dbfqdn, comments=comments) newly_created = True else: # There's no IP, but the name is already in use. We need a single IP # address. if len(dbfqdn.dns_records) > 1: raise ArgumentError( "{0} does not resolve to a single IP address.".format( dbfqdn)) existing_record = dbfqdn.dns_records[0] _forbid_dyndns(existing_record) if not isinstance(existing_record, ARecord): # Exclude aliases etc. raise ArgumentError( "{0} cannot be used for address assignment.".format( existing_record)) # Verify that the existing record is in the network environment the # caller expects _check_netenv_compat(existing_record, network_environment) ip = existing_record.ip dbnetwork = existing_record.network dbnetwork.lock_row() if existing_record.hardware_entity: raise ArgumentError( "{0} is already used as the primary name of {1:cl} " "{1.label}.".format(existing_record, existing_record.hardware_entity)) if preclude and not newly_created: raise ArgumentError("{0} already exists.".format(existing_record)) if ip: q = session.query(AddressAssignment) q = q.filter_by(network=dbnetwork) q = q.filter_by(ip=ip) addr = q.first() if addr: raise ArgumentError("IP address {0} is already in use by " "{1:l}.".format(ip, addr.interface)) return (existing_record, newly_created)
def setup(): dmn = DnsDomain.get_unique(sess, DNS_DOMAIN_NAME, compel=True) assert isinstance(dmn, DnsDomain), 'No ms.com domain in %s' % func_name() intrnl = DnsEnvironment.get_unique(sess, DNS_ENV, compel=True) assert isinstance(dmn, DnsDomain), 'No internal env in %s' % func_name()
def grab_address(session, fqdn, ip, network_environment=None, dns_environment=None, comments=None, allow_restricted_domain=False, allow_multi=False, allow_reserved=False, relaxed=False, preclude=False): """ Take ownership of an address. This is a bit complicated because due to DNS propagation delays, we want to allow users to pre-define a DNS address and then assign the address to a host later. Parameters: session: SQLA session handle fqdn: the name to allocate/take over ip: the IP address to allocate/take over network_environment: where the IP address lives dns_enviromnent: where the FQDN lives comments: any comments to attach to the DNS record if it is created as new allow_restricted_domain: if True, adding entries to restricted DNS domains is allowed, otherwise it is denied. Default is False. allow_multi: if True, allow the same FQDN to be added multiple times with different IP addresses. Deault is False. allow_reserved: if True, allow creating a ReservedName instead of an ARecord if no IP address was specified. Default is False. preclude: if True, forbid taking over an existing DNS record, even if it is not referenced by any AddressAssignment records. Default is False. """ if not isinstance(network_environment, NetworkEnvironment): network_environment = NetworkEnvironment.get_unique_or_default(session, network_environment) if not dns_environment: dns_environment = network_environment.dns_environment elif not isinstance(dns_environment, DnsEnvironment): dns_environment = DnsEnvironment.get_unique(session, dns_environment, compel=True) # Non-default DNS environments may contain anything, but we want to keep # the internal environment clean if dns_environment.is_default and not network_environment.is_default: raise ArgumentError("Entering external IP addresses to the " "internal DNS environment is not allowed.") short, dbdns_domain = parse_fqdn(session, fqdn) # Lock the domain to prevent adding/deleting records while we're checking # FQDN etc. availability dbdns_domain.lock_row() if dbdns_domain.restricted and not allow_restricted_domain: raise ArgumentError("{0} is restricted, adding extra addresses " "is not allowed.".format(dbdns_domain)) dbfqdn = Fqdn.get_or_create(session, dns_environment=dns_environment, name=short, dns_domain=dbdns_domain, query_options=[joinedload('dns_records')]) existing_record = None newly_created = False if ip: dbnetwork = get_net_id_from_ip(session, ip, network_environment) check_ip_restrictions(dbnetwork, ip, relaxed=relaxed) dbnetwork.lock_row() # No filtering on DNS environment. If an address is dynamic in one # environment, it should not be considered static in a different # environment. q = session.query(DynamicStub) q = q.filter_by(network=dbnetwork) q = q.filter_by(ip=ip) dbdns_rec = q.first() _forbid_dyndns(dbdns_rec) # Verify that no other record uses the same IP address, this time taking # the DNS environemt into consideration. # While the DNS would allow different A records to point to the same IP # address, the current user expectation is that creating a DNS entry # also counts as a reservation, so we can not allow this use case. If we # want to implement such a feature later, the best way would be to # subclass Alias and let that subclass emit an A record instead of a # CNAME when the dump_dns command is called. q = session.query(ARecord) q = q.filter_by(network=dbnetwork) q = q.filter_by(ip=ip) q = q.join(ARecord.fqdn) q = q.filter_by(dns_environment=dns_environment) dbrecords = q.all() if dbrecords and len(dbrecords) > 1: # pragma: no cover # We're just trying to make sure this never happens raise AquilonError("IP address %s is referenced by multiple " "DNS records: %s" % (ip, ", ".join([format(rec, "a") for rec in dbrecords]))) if dbrecords and dbrecords[0].fqdn != dbfqdn: raise ArgumentError("IP address {0} is already in use by {1:l}." .format(ip, dbrecords[0])) # Check if the name is used already for dbdns_rec in dbfqdn.dns_records: if isinstance(dbdns_rec, ARecord): _forbid_dyndns(dbdns_rec) _check_netenv_compat(dbdns_rec, network_environment) if dbdns_rec.ip == ip and dbdns_rec.network == dbnetwork: existing_record = dbdns_rec elif not allow_multi: raise ArgumentError("{0} points to a different IP address." .format(dbdns_rec)) elif isinstance(dbdns_rec, ReservedName): existing_record = convert_reserved_to_arecord(session, dbdns_rec, dbnetwork, ip) newly_created = True else: # Exclude aliases etc. raise ArgumentError("{0} cannot be used for address assignment." .format(dbdns_rec)) if not existing_record: existing_record = ARecord(fqdn=dbfqdn, ip=ip, network=dbnetwork, comments=comments) session.add(existing_record) newly_created = True else: if not dbfqdn.dns_records: # There's no IP, and the name did not exist before. Create a # reservation, but only if the caller allowed that use case. if not allow_reserved: raise ArgumentError("DNS Record %s does not exist." % dbfqdn) existing_record = ReservedName(fqdn=dbfqdn, comments=comments) newly_created = True else: # There's no IP, but the name is already in use. We need a single IP # address. if len(dbfqdn.dns_records) > 1: raise ArgumentError("{0} does not resolve to a single IP address." .format(dbfqdn)) existing_record = dbfqdn.dns_records[0] _forbid_dyndns(existing_record) if not isinstance(existing_record, ARecord): # Exclude aliases etc. raise ArgumentError("{0} cannot be used for address assignment." .format(existing_record)) # Verify that the existing record is in the network environment the # caller expects _check_netenv_compat(existing_record, network_environment) ip = existing_record.ip dbnetwork = existing_record.network dbnetwork.lock_row() if existing_record.hardware_entity: raise ArgumentError("{0} is already used as the primary name of {1:cl} " "{1.label}.".format(existing_record, existing_record.hardware_entity)) if preclude and not newly_created: raise ArgumentError("{0} already exists.".format(existing_record)) if ip: q = session.query(AddressAssignment) q = q.filter_by(network=dbnetwork) q = q.filter_by(ip=ip) addr = q.first() if addr: raise ArgumentError("IP address {0} is already in use by " "{1:l}.".format(ip, addr.interface)) return (existing_record, newly_created)