With BIND_KRB_*, nsupdate -g needs to be used.

Addressing ##### could not create key from txt: bad base64 encoding syntax error FAIL: error testrecord.10.16.120.18ing this_is_a_test record name to server 53: -- is the nameserver running, reachable, and key auth working? FAIL: txt record testrecord.10.16.120.18 does not resolve on server could not create key from txt: bad base64 encoding syntax error FAIL: error testrecord.10.16.120.18ing record name to server 53: -- is the nameserver running, reachable, and key auth working?
openshift · Jun 3, 2013 · 3956a05 · 3956a05
1 parent ec21097
commit 3956a05
Showing 1 changed file with 36 additions and 23 deletions.
diff --git a/broker-util/oo-accept-broker b/broker-util/oo-accept-broker
@@ -748,32 +748,45 @@ function check_authentication() {
 # ============================================================================
 
 function dns_bind_update_record() {
-    # $1 = server
-    # $2 = key name
-    # $3 = key value
-    # $4 = function (add|delete)
-    # $5 = type (A, TXT, CNAME)
-    # $6 = name 
-    # $7 = value
-
-    # check $1: should be an IP address
-    # check $3: should be a key string
-    # check $4: should be add|delete
-    # check $5 should be A, TXT, CNAME
-
-    verbose "${4}ing $5 record named $6 to server $1: $7"
-
-    nsupdate <<EOF
-server $1
-key $2 $3
-update $4 $6 1 $5 $7
+    # $1 = key or Kerberos
+    # $2 = server
+    # $3 = key name
+    # $4 = key value
+    # $5 = Kerberos keytab
+    # $6 = Kerberos principal
+    # $7 = function (add|delete)
+    # $8 = type (A, TXT, CNAME)
+    # $9 = name
+    # $10 = value
+
+    # check $2: should be an IP address
+    # check $4: should be a key string
+    # check $7: should be add|delete
+    # check $8 should be A, TXT, CNAME
+
+    verbose "${7}ing $8 record named $9 to server $2: $10"
+
+    if [ "$1" = "key" ]
+    then
+        nsupdate <<EOF
+server $2
+key $3 $4
+update $7 $9 1 $8 $10
 send
 EOF
+    else
+        kinit -kt "$5" -p "$6"
+        nsupdate -g <<EOF
+server $2
+update $7 $9 1 $8 $10
+send
+EOF
+    fi
 
     if [ $? != 0 ]
     then
-	fail "error ${4}ing $5 record name $6 to server $1: $7
-	-- is the nameserver running, reachable, and key auth working?"
+	fail "error ${7}ing $8 record name $9 to server $2: $10
+	-- is the nameserver running, reachable, and $1 auth working?"
     fi
 
 }
@@ -818,7 +831,7 @@ function check_dns_bind() {
     # check that zone suffix ends exactly with dns_zone (zone contains suffix)
 
     # try to add a dummy TXT record to the zone
-    dns_bind_update_record ${APP_VALUES[DNS_SERVER]} ${APP_VALUES[DNS_KEYNAME]} ${APP_VALUES[DNS_KEYVAL]} add txt testrecord.${APP_VALUES[DNS_SUFFIX]} this_is_a_test
+    dns_bind_update_record ${APP_VALUES[DNS_KEY_OR_KRB]} ${APP_VALUES[DNS_SERVER]} "${APP_VALUES[DNS_KEYNAME]}" "${APP_VALUES[DNS_KEYVAL]}" "${APP_VALUES[DNS_KRB_KEYTAB]}" "${APP_VALUES[DNS_KRB_PRINCIPAL]}" add txt testrecord.${APP_VALUES[DNS_SUFFIX]} this_is_a_test
 
     # verify that the record is there
     if host -t txt testrecord.${APP_VALUES[DNS_SUFFIX]} ${APP_VALUES[DNS_SERVER]} >/dev/null
@@ -829,7 +842,7 @@ function check_dns_bind() {
     fi
 
     # remove it.
-    dns_bind_update_record ${APP_VALUES[DNS_SERVER]} ${APP_VALUES[DNS_KEYNAME]} ${APP_VALUES[DNS_KEYVAL]} delete txt testrecord.${APP_VALUES[DNS_SUFFIX]}
+    dns_bind_update_record ${APP_VALUES[DNS_KEY_OR_KRB]} ${APP_VALUES[DNS_SERVER]} "${APP_VALUES[DNS_KEYNAME]}" "${APP_VALUES[DNS_KEYVAL]}" "${APP_VALUES[DNS_KRB_KEYTAB]}" "${APP_VALUES[DNS_KRB_PRINCIPAL]}" delete txt testrecord.${APP_VALUES[DNS_SUFFIX]}
 
     # verify that the record is removed
     if host -t txt testrecord.${APP_VALUES[DNS_SUFFIX]} ${APP_VALUES[DNS_SERVER]} >/dev/null