XSI-1918: Host can not join pool after enable external auth

commit 6ac37d7 add localhost name to /etc/hosts
There problem is, instead of appending FQDN to the end of the line,
the entry should in following format:
IP FQDN [alias1] [alias2]

Besides, another non-regression is found.
The host need to change its static IP and DNS to join AD,
However, then the Host record is not send to DNS, cause the pool
member can not resovle each other.

To resovle the issue, a task is scheduled to sync the hostname
to DNS.

Signed-off-by: Lin Liu <[email protected]>

Author: liulinC

ocaml/tests/test_extauth_plugin_ADwinbind.ml

@@ -517,17 +517,17 @@ let test_add_ipv4_localhost_to_hosts =
            localhost4.localdomain4"
         ]
       , [
-          "127.0.0.1   localhost localhost.localdomain localhost4 \
-           localhost4.localdomain4 hostname hostname.domain"
+          "127.0.0.1   hostname.domain hostname localhost \
+           localhost.localdomain localhost4 localhost4.localdomain4"
         ]
       )
     ; ( ["127.0.0.1   localhost hostname hostname.domain localhost.localdomain"]
-      , ["127.0.0.1   localhost localhost.localdomain hostname hostname.domain"]
+      , ["127.0.0.1   hostname.domain hostname localhost localhost.localdomain"]
       )
     ; ( ["192.168.0.1   some_host"]
-      , ["127.0.0.1 hostname hostname.domain"; "192.168.0.1   some_host"]
+      , ["127.0.0.1 hostname.domain hostname"; "192.168.0.1   some_host"]
       )
-    ; ([], ["127.0.0.1 hostname hostname.domain"])
+    ; ([], ["127.0.0.1 hostname.domain hostname"])
     ]
   in
   matrix |> List.map @@ fun (inp, exp) -> ("<omit inp>", `Quick, check inp exp)
@@ -549,18 +549,18 @@ let test_add_ipv4_and_ipv6_localhost_to_hosts =
     [
       ( ["127.0.0.1   localhost"]
       , [
-          "::1 hostname hostname.domain"
-        ; "127.0.0.1   localhost hostname hostname.domain"
+          "::1 hostname.domain hostname"
+        ; "127.0.0.1   hostname.domain hostname localhost"
         ]
       )
     ; ( ["127.0.0.1   localhost"; "::1 localhost"]
       , [
-          "127.0.0.1   localhost hostname hostname.domain"
-        ; "::1 localhost hostname hostname.domain"
+          "127.0.0.1   hostname.domain hostname localhost"
+        ; "::1 hostname.domain hostname localhost"
         ]
       )
     ; ( []
-      , ["127.0.0.1 hostname hostname.domain"; "::1 hostname hostname.domain"]
+      , ["127.0.0.1 hostname.domain hostname"; "::1 hostname.domain hostname"]
       )
     ]
   in

ocaml/xapi/extauth_plugin_ADwinbind.ml

@@ -1347,13 +1347,28 @@ module HostsConfFunc (T : LocalHostTag) : HostsConf = struct
     let name = String.lowercase_ascii name in
     let domain = String.lowercase_ascii domain in
     let fqdn = Printf.sprintf "%s.%s" name domain in
+    let rec add_hostname pre line =
+      match line with
+      | ip :: alias when ip = T.local_ip ->
+          (* Add localhost IP *)
+          add_hostname [ip] alias
+      | sp :: left when sp = "" ->
+          (* Add space to reserve the indent *)
+          add_hostname (pre @ [sp]) left
+      | alias :: left ->
+          (* hosts entry: ip fqdn alias1 alias2 ... *)
+          pre @ [fqdn; name; alias] @ left
+      | _ ->
+          failwith "Can not add local hostname to non local IP"
+    in
+
     match interest line with
     | false ->
         line
     | true ->
         String.split_on_char sep line
         |> List.filter (fun x -> x <> name && x <> fqdn)
-        |> (fun x -> match op with Add -> x @ [name; fqdn] | Remove -> x)
+        |> (fun x -> match op with Add -> add_hostname [] x | Remove -> x)
         |> String.concat sep_str
 
   let leave ~name ~domain ~lines =
@@ -1369,8 +1384,8 @@ module HostsConfFunc (T : LocalHostTag) : HostsConf = struct
     | false ->
         (* Does not found and updated the conf, then add one *)
         [
-          Printf.sprintf "%s%s%s%s%s.%s" T.local_ip sep_str name sep_str name
-            domain
+          Printf.sprintf "%s%s%s.%s%s%s" T.local_ip sep_str name domain sep_str
+            name
         ]
         @ x
 end
@@ -1386,18 +1401,91 @@ module ConfigHosts = struct
   let join ~name ~domain =
     read_lines ~path |> fun lines ->
     HostsConfIPv4.join ~name ~domain ~lines |> fun lines ->
-    HostsConfIPv6.join ~name ~domain ~lines
+    HostsConfIPv6.join ~name ~domain ~lines |> fun x ->
+    x @ [""] (* Add final line break *)
     |> String.concat "\n"
     |> write_string_to_file path
 
   let leave ~name ~domain =
     read_lines ~path |> fun lines ->
     HostsConfIPv4.leave ~name ~domain ~lines |> fun lines ->
-    HostsConfIPv6.leave ~name ~domain ~lines
+    HostsConfIPv6.leave ~name ~domain ~lines |> fun x ->
+    x @ [""] (* Add final line break *)
     |> String.concat "\n"
     |> write_string_to_file path
 end
 
+module ResolveConfig = struct
+  open Xapi_stdext_unix.Unixext
+
+  let path = "/etc/resolv.conf"
+
+  type t = Add | Remove
+
+  let handle op domain =
+    let config = Printf.sprintf "search %s" domain in
+    read_lines ~path |> List.filter (fun x -> x <> config) |> fun x ->
+    (match op with Add -> config :: x | Remove -> x) |> fun x ->
+    x @ [""] |> String.concat "\n" |> write_string_to_file path
+
+  let join ~domain = handle Add domain
+
+  let leave ~domain = handle Remove domain
+end
+
+module DNSSync = struct
+  let task_name = "Sync hostname with DNS"
+
+  type t = Register | Unregister
+
+  let handle op hostname netbios_name domain =
+    (* By default, hostname should equal to netbios_name, just register it to DNS server*)
+    try
+      let ops =
+        match op with Register -> "register" | Unregister -> "unregister"
+      in
+      let netbios_fqdn = Printf.sprintf "%s.%s" netbios_name domain in
+      let args = ["ads"; "dns"] @ [ops] @ ["--machine-pass"] in
+      Helpers.call_script net_cmd (args @ [netbios_fqdn]) |> ignore ;
+      if hostname <> netbios_name then
+        let hostname_fqdn = Printf.sprintf "%s.%s" hostname domain in
+        (* netbios_name is compressed, op on extra hostname *)
+        Helpers.call_script net_cmd (args @ [hostname_fqdn]) |> ignore
+    with e ->
+      debug "Register/unregister with DNS failed %s" (ExnHelper.string_of_exn e)
+
+  let register hostname netbios_name domain =
+    handle Register hostname netbios_name domain
+
+  let unregister hostname netbios_name domain =
+    handle Unregister hostname netbios_name domain
+
+  let sync () =
+    Server_helpers.exec_with_new_task "sync hostname with DNS"
+    @@ fun __context ->
+    let host = Helpers.get_localhost ~__context in
+    let service_name =
+      Db.Host.get_external_auth_service_name ~__context ~self:host
+    in
+    let netbios_name =
+      Db.Host.get_external_auth_configuration ~__context ~self:host
+      |> fun config -> List.assoc_opt "netbios_name" config
+    in
+    let hostname = Db.Host.get_hostname ~__context ~self:host in
+    match netbios_name with
+    | Some netbios ->
+        register hostname netbios service_name
+    | None ->
+        debug "Netbios name is none, skip sync hostname to DNS"
+
+  let trigger_sync ~start =
+    debug "Trigger task: %s" task_name ;
+    Scheduler.add_to_queue task_name
+      (Scheduler.Periodic !Xapi_globs.winbind_dns_sync_interval) start sync
+
+  let stop_sync () = Scheduler.remove_from_queue task_name
+end
+
 let build_netbios_name ~config_params =
   let key = "netbios-name" in
   match List.assoc_opt key config_params with
@@ -1721,20 +1809,24 @@ module AuthADWinbind : Auth_signature.AUTH_MODULE = struct
       ClosestKdc.trigger_update ~start:0. ;
       RotateMachinePassword.trigger_rotate ~start:0. ;
       ConfigHosts.join ~domain:service_name ~name:netbios_name ;
+      ResolveConfig.join ~domain:service_name ;
+      DNSSync.trigger_sync ~start:0. ;
       Winbind.set_machine_account_encryption_type netbios_name ;
       debug "Succeed to join domain %s" service_name
     with
     | Forkhelpers.Spawn_internal_error (_, stdout, _) ->
         error "Join domain: %s error: %s" service_name stdout ;
         clear_winbind_config () ;
         ConfigHosts.leave ~domain:service_name ~name:netbios_name ;
+        ResolveConfig.leave ~domain:service_name ;
         (* The configure is kept for debug purpose with max level *)
         raise (Auth_service_error (stdout |> tag_from_err_msg, stdout))
     | Xapi_systemctl.Systemctl_fail _ ->
         let msg = Printf.sprintf "Failed to start %s" Winbind.name in
         error "Start daemon error: %s" msg ;
         config_winbind_daemon ~domain:None ~workgroup:None ~netbios_name:None ;
         ConfigHosts.leave ~domain:service_name ~name:netbios_name ;
+        ResolveConfig.leave ~domain:service_name ;
         raise (Auth_service_error (E_GENERIC, msg))
     | e ->
         let msg =
@@ -1746,6 +1838,7 @@ module AuthADWinbind : Auth_signature.AUTH_MODULE = struct
         error "Enable extauth error: %s" msg ;
         clear_winbind_config () ;
         ConfigHosts.leave ~domain:service_name ~name:netbios_name ;
+        ResolveConfig.leave ~domain:service_name ;
         raise (Auth_service_error (E_GENERIC, msg))
 
   (* unit on_disable()
@@ -1760,9 +1853,13 @@ module AuthADWinbind : Auth_signature.AUTH_MODULE = struct
     let user = List.assoc_opt "user" config_params in
     let pass = List.assoc_opt "pass" config_params in
     let {service_name; netbios_name; _} = get_domain_info_from_db () in
+    ResolveConfig.leave ~domain:service_name ;
+    DNSSync.stop_sync () ;
     ( match netbios_name with
-    | Some name ->
-        ConfigHosts.leave ~domain:service_name ~name
+    | Some netbios ->
+        ConfigHosts.leave ~domain:service_name ~name:netbios ;
+        let hostname = get_localhost_name () in
+        DNSSync.unregister hostname netbios service_name
     | _ ->
         ()
     ) ;
@@ -1792,6 +1889,7 @@ module AuthADWinbind : Auth_signature.AUTH_MODULE = struct
     ClosestKdc.trigger_update ~start:ClosestKdc.startup_delay ;
     RotateMachinePassword.trigger_rotate ~start:5. ;
     Winbind.check_ready_to_serve ~timeout:300. ;
+    DNSSync.trigger_sync ~start:5. ;
 
     let {service_name; netbios_name; _} = get_domain_info_from_db () in
     match netbios_name with

ocaml/xapi/xapi_globs.ml

@@ -1017,6 +1017,8 @@ let winbind_cache_time = ref 60
 
 let winbind_machine_pwd_timeout = ref (2. *. 7. *. 24. *. 3600.)
 
+let winbind_dns_sync_interval = ref 3600.
+
 let winbind_update_closest_kdc_interval = ref (3600. *. 22.)
 (* every 22 hours *)
 
@@ -1219,6 +1221,7 @@ let xapi_globs_spec =
   ; ("winbind_debug_level", Int winbind_debug_level)
   ; ("winbind_cache_time", Int winbind_cache_time)
   ; ("winbind_machine_pwd_timeout", Float winbind_machine_pwd_timeout)
+  ; ("winbind_dns_sync_interval", Float winbind_dns_sync_interval)
   ; ( "winbind_update_closest_kdc_interval"
     , Float winbind_update_closest_kdc_interval
     )