From 228cffe6dae3632a2a44feb6ad9bf93dd64a6b81 Mon Sep 17 00:00:00 2001
From: James Hogarth <james.hogarth@gmail.com>
Date: Tue, 14 Aug 2012 13:53:05 +0100
Subject: [PATCH] Allow TTL to be configured during ipa-client-install

---
 ipa-client/ipa-install/ipa-client-install |   25 +++++++++++++++++--------
 ipa-client/man/ipa-client-install.1       |    3 +++
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 190efb183d8c96e2c9665cf51d5346dc1111ae24..81162a895d443403326f6facf38501891509a011 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -119,6 +119,8 @@ def parse_options():
     sssd_group.add_option("", "--enable-dns-updates", dest="dns_updates",
                       action="store_true", default=False,
                       help="Configures the machine to attempt dns updates when the ip address changes.")
+    sssd_group.add_option("--dns-updates-ttl", dest="dns_updates_ttl",
+                      help="Sets the TTL for the DNS updates. Has no effect without --enable-dns-updates.")
     sssd_group.add_option("--no-krb5-offline-passwords", dest="krb5_offline_passwords",
                       action="store_false", default=True,
                       help="Configure SSSD not to store user password when the server is offline")
@@ -944,6 +946,14 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
     # unconditionally.
     domain.set_option('ldap_tls_cacert', '/etc/ipa/ca.crt')
 
+    # TTL will be used if there is no host record in DNS so check if it is an integer.
+    # Can write it to sssd.conf  in case dynamic dns updates enabled in future.
+    if options.dns_updates_ttl:
+            try:
+                ttl = int(options.dns_updates_ttl)
+            except ValueError:
+                root_logger.error("--dns-updates-ttl must be an integer")
+            domain.set_option('ipa_dyndns_ttl', options.dns_updates_ttl)
     if options.dns_updates:
         domain.set_option('ipa_dyndns_update', True)
     if options.krb5_offline_passwords:
@@ -1156,7 +1166,7 @@ send
 UPDATE_FILE = "/etc/ipa/.dns_update.txt"
 CCACHE_FILE = "/etc/ipa/.dns_ccache"
 
-def update_dns(server, hostname):
+def update_dns(server, hostname, ttl):
 
     try:
         (ip, af) = resolve_ipaddress(server)
@@ -1168,7 +1178,7 @@ def update_dns(server, hostname):
 
     sub_dict = dict(HOSTNAME=hostname,
                     IPADDRESS=ip,
-                    TTL=1200,
+                    TTL=ttl,
                     ZONE='.'.join(hostname.split('.')[1:])
                 )
 
@@ -1188,7 +1198,7 @@ def update_dns(server, hostname):
     else:
         root_logger.error("Failed to update DNS records.")
 
-def client_dns(server, hostname, dns_updates=False):
+def client_dns(server, hostname, ttl, options.dns_updates=False):
 
     dns_ok = ipautil.is_host_resolvable(hostname)
 
@@ -1196,9 +1206,9 @@ def client_dns(server, hostname, dns_updates=False):
         root_logger.warning("Hostname (%s) not found in DNS", hostname)
 
     if dns_updates or not dns_ok:
-        update_dns(server, hostname)
+        update_dns(server, hostname, ttl)
 
-def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
+def update_ssh_keys(server, hostname, ssh_dir, create_sshfp, ttl):
     pubkeys = []
     for basename in os.listdir(ssh_dir):
         if not basename.endswith('.pub'):
@@ -1238,7 +1248,6 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
 
     if create_sshfp:
         zone = '.'.join(hostname.split('.')[1:])
-        ttl = 1200
 
         update_txt = 'zone %s.\nupdate delete %s. IN SSHFP\nsend\n' % (zone, hostname)
         for pubkey in pubkeys:
@@ -1747,10 +1756,10 @@ def install(options, env, fstore, statestore):
         return CLIENT_INSTALL_ERROR
 
     if not options.on_master:
-        client_dns(cli_server[0], hostname, options.dns_updates)
+        client_dns(cli_server[0], hostname, options.dns_updates_ttl, options.dns_updates)
         configure_certmonger(fstore, subject_base, cli_realm, hostname, options)
 
-    update_ssh_keys(cli_server[0], hostname, ipaservices.knownservices.sshd.get_config_dir(), options.create_sshfp)
+    update_ssh_keys(cli_server[0], hostname, ipaservices.knownservices.sshd.get_config_dir(), options.create_sshfp, options.dns_updates_ttl)
 
     try:
         os.remove(CCACHE_FILE)
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 382d4872fa97220cdb2f382d1b05d149ca44c79f..d1c80d1557e7791febf7a1e4fd6a9c430c811b09 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -103,6 +103,9 @@ Configure SSSD to permit all access. Otherwise the machine will be controlled by
 \fB\-\-enable\-dns\-updates\fR
 This option tells SSSD to automatically update DNS with the IP address of this client.
 .TP
+\fB\-\-dns\-updates\-ttl\fR
+This option sets the TTL for the records updated or created by ipa-client-install and SSSD. The TTL defaults to 1200.
+.TP
 \fB\-\-no\-krb5\-offline\-passwords\fR
 Configure SSSD not to store user password when the server is offline.
 .TP
-- 
1.7.5.4