diff options
author | Martin Nagy <mnagy@redhat.com> | 2010-02-08 14:21:46 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-02-09 16:30:06 -0500 |
commit | 206d2d48fab45072af4660f9692dd5b8643b4c4d (patch) | |
tree | 118cd597bc3cf67f947a910c7e610840d7359630 | |
parent | b05f94fb4c747d924fe5c89472663ba9226d2db1 (diff) | |
download | freeipa-206d2d48fab45072af4660f9692dd5b8643b4c4d.tar.gz freeipa-206d2d48fab45072af4660f9692dd5b8643b4c4d.tar.xz freeipa-206d2d48fab45072af4660f9692dd5b8643b4c4d.zip |
Get rid of ipapython.config in ipa-replica-prepare
Also get rid of functions get_host_name(), get_realm_name() and
get_domain_name(). They used the old ipapython.config. Instead, use the
variables from api.env. We also change them to bootstrap() and
finalize() correctly.
Additionally, we add the dns_container_exists() function that will be
used in ipa-replica-prepare (next patch).
-rwxr-xr-x | install/tools/ipa-replica-install | 30 | ||||
-rwxr-xr-x | install/tools/ipa-replica-prepare | 86 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 52 |
3 files changed, 63 insertions, 105 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index af7128cf4..4b348f641 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -311,12 +311,21 @@ def main(): except ldap.INVALID_CREDENTIALS, e : sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) + # Create the management framework config file + # Note: We must do this before bootstraping and finalizing ipalib.api + fd = open("/etc/ipa/default.conf", "w") + fd.write("[global]\n") + fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") + fd.write("realm=" + config.realm_name + "\n") + fd.write("domain=" + config.domain_name + "\n") + fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name) + fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) if ipautil.file_exists(config.dir + "/ca.p12"): - ca_type = 'dogtag' - else: - ca_type = 'selfsign' + fd.write("enable_ra=True\n") + fd.write("ra_plugin=dogtag\n") + fd.close() - api.bootstrap(in_server=True, ra_plugin=ca_type) + api.bootstrap(in_server=True) api.finalize() # Install CA cert so that we can do SSL connections with ldap @@ -355,19 +364,6 @@ def main(): # generated ds.add_cert_to_service() - # Create the management framework config file - fd = open("/etc/ipa/default.conf", "w") - fd.write("[global]\n") - fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") - fd.write("realm=" + config.realm_name + "\n") - fd.write("domain=" + config.domain_name + "\n") - fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name) - fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) - if ipautil.file_exists(config.dir + "/ca.p12"): - fd.write("enable_ra=True\n") - fd.write("ra_plugin=dogtag\n") - fd.close() - # Apply any LDAP updates. Needs to be done after the replica is synced-up service.print_msg("Applying LDAP updates") ds.apply_updates() diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index f9977ecbb..d89d1a6ed 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -26,12 +26,10 @@ from ConfigParser import SafeConfigParser import krbV from optparse import OptionParser -import ipapython.config from ipapython import ipautil from ipaserver.install import dsinstance, installutils, certs, httpinstance from ipaserver import ipaldap from ipapython import version -from ipalib.constants import DEFAULT_CONFIG from ipalib import api from ipalib import util import ldap @@ -51,7 +49,6 @@ def parse_options(): parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") - ipapython.config.add_standard_options(parser) options, args = parser.parse_args() # If any of the PKCS#12 options are selected, all are required. Create a @@ -62,39 +59,16 @@ def parse_options(): if cnt > 0 and cnt < 4: parser.error("All PKCS#12 options are required if any are used.") + if options.ip_address: + if not installutils.verify_ip_address(options.ip_address): + parser.error("Bad IP address") + sys.exit(1) + if len(args) != 1: parser.error("must provide the fully-qualified name of the replica") - ipapython.config.init_config(options) - return options, args -def get_host_name(): - hostname = installutils.get_fqdn() - try: - installutils.verify_fqdn(hostname) - except RuntimeError, e: - logging.error(str(e)) - sys.exit(1) - - return hostname - -def get_realm_name(): - try: - c = krbV.default_context() - return c.default_realm - except Exception, e: - return None - -def get_domain_name(): - try: - ipapython.config.init_config() - domain_name = ipapython.config.config.get_domain() - except Exception, e: - return None - - return domain_name - def get_subject_base(host_name, dm_password, suffix): try: conn = ipaldap.IPAdmin(host_name) @@ -130,8 +104,8 @@ def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname, subjec # ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))) # db.create_from_cacert(ca_db.cacert_fname) # else: -# ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name()) - ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name(), subject_base=subject_base) +# ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host) + ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host, subject_base=subject_base) db.create_from_cacert(ca_db.cacert_fname) db.create_server_cert("Server-Cert", hostname, ca_db) except Exception, e: @@ -169,7 +143,7 @@ def export_ra_pkcs12(dir, dm_password): try: try: - db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name()) + db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host) if db.has_nickname("ipaCert"): pkcs12_fname = "%s/ra.p12" % dir @@ -229,31 +203,18 @@ def main(): # Just initialize the environment. This is so the installer can have # access to the plugin environment - api.env._bootstrap() - api.env._finalize_core(**dict(DEFAULT_CONFIG)) + api.bootstrap(in_server=True) + api.finalize() if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin: sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") - print "Determining current realm name" - realm_name = get_realm_name() - if realm_name is None: - print "Unable to determine default realm" - sys.exit(1) - - check_ipa_configuration(realm_name) - - print "Getting domain name from LDAP" - domain_name = get_domain_name() - if domain_name is None: - print "Unable to determine LDAP default domain" - sys.exit(1) + check_ipa_configuration(api.env.realm) - host_name = get_host_name() - if host_name == replica_fqdn: + if api.env.host == replica_fqdn: print "You can't create a replica on itself" sys.exit(1) - ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) + ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm)) ds_user = get_ds_user(ds_dir) # get the directory manager password @@ -266,19 +227,19 @@ def main(): # Try out the password try: - conn = ipaldap.IPAdmin(host_name) + conn = ipaldap.IPAdmin(api.env.host) conn.do_simple_bind(bindpw=dirman_password) conn.unbind() except ldap.CONNECT_ERROR, e: - sys.exit("\nUnable to connect to LDAP server %s" % host_name) + sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) except ldap.SERVER_DOWN, e: - sys.exit("\nUnable to connect to LDAP server %s" % host_name) + sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) except ldap.INVALID_CREDENTIALS, e : - sys.exit("\nThe password provided is incorrect for LDAP server %s" % host_name) + sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host) - print "Preparing replica for %s from %s" % (replica_fqdn, host_name) + print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host) - subject_base = get_subject_base(host_name, dirman_password, util.realm_to_suffix(realm_name)) + subject_base = get_subject_base(api.env.host, dirman_password, util.realm_to_suffix(api.env.realm)) top_dir = tempfile.mkdtemp("ipa") dir = top_dir + "/realm_info" @@ -313,7 +274,7 @@ def main(): print "Copy failed %s" % e sys.exit(1) print "Creating SSL certificate for the Directory Server" - export_certdb(realm_name, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base) + export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base) if options.http_pin: passwd = options.http_pin @@ -334,15 +295,14 @@ def main(): sys.exit(1) else: print "Creating SSL certificate for the Web Server" - export_certdb(realm_name, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn, subject_base) + export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn, subject_base) print "Exporting RA certificate" export_ra_pkcs12(dir, dirman_password) print "Copying additional files" - copy_files(realm_name, dir) - + copy_files(api.env.realm, dir) print "Finalizing configuration" - save_config(dir, realm_name, host_name, ds_user, domain_name, replica_fqdn, subject_base) + save_config(dir, api.env.realm, api.env.host, ds_user, api.env.domain, replica_fqdn, subject_base) replicafile = "/var/lib/ipa/replica-info-" + replica_fqdn encfile = replicafile+".gpg" diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 13e9e16c7..105cf4e21 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -54,6 +54,31 @@ def check_inst(unattended): return True +def dns_container_exists(fqdn, realm): + """ + Test whether the dns container exists. + """ + + def object_exists(dn): + """ + Test whether the given object exists in LDAP. + """ + try: + server.search_ext_s(dn, ldap.SCOPE_BASE) + except ldap.NO_SUCH_OBJECT: + return False + else: + return True + + server = ldap.initialize("ldap://" + fqdn) + server.simple_bind_s() + + suffix = util.realm_to_suffix(realm) + ret = object_exists("cn=dns,%s" % suffix) + server.unbind_s() + + return ret + def get_reverse_zone(ip_address): tmp = ip_address.split(".") tmp.reverse() @@ -155,7 +180,8 @@ class BindInstance(service.Service): except: pass - self.__add_zone_steps() + if not dns_container_exists(self.fqdn, self.suffix): + self.step("adding DNS container", self.__setup_dns_container) self.step("setting up our zone", self.__setup_zone) self.step("setting up reverse zone", self.__setup_reverse_zone) @@ -168,30 +194,6 @@ class BindInstance(service.Service): self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf) self.start_creation("Configuring named:") - def __add_zone_steps(self): - """ - Add a DNS container if it doesn't exist. - """ - - def object_exists(dn): - """ - Test whether the given object exists in LDAP. - """ - try: - server.search_ext_s(dn, ldap.SCOPE_BASE) - except ldap.NO_SUCH_OBJECT: - return False - else: - return True - - server = ldap.initialize("ldap://" + self.fqdn) - server.simple_bind_s() - - if not object_exists("cn=dns,%s" % self.suffix): - self.step("adding DNS container", self.__setup_dns_container) - - server.unbind_s() - def __start(self): try: self.backup_state("running", self.is_running()) |