diff options
author | David Kupka <dkupka@redhat.com> | 2014-08-27 13:50:21 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-26 17:54:18 +0200 |
commit | 947c7398edbcae29d74acea3b00968871bd4ce98 (patch) | |
tree | 0019656721da51ea39d2d63e0654c9b25d0ddd15 /install/tools | |
parent | f86618623964f9a97244ce08117c575b200a34af (diff) | |
download | freeipa-947c7398edbcae29d74acea3b00968871bd4ce98.tar.gz freeipa-947c7398edbcae29d74acea3b00968871bd4ce98.tar.xz freeipa-947c7398edbcae29d74acea3b00968871bd4ce98.zip |
Detect and configure all usable IP addresses.
Find, verify and configure all IP addresses that can be used to reach the server
FreeIPA is being installed on. Ignore some IP address only if user specifies
subset of detected addresses using --ip-address option.
This change simplyfies FreeIPA installation on multihomed and dual-stacked servers.
https://fedorahosted.org/freeipa/ticket/3575
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'install/tools')
-rwxr-xr-x | install/tools/ipa-dns-install | 71 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 59 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 56 |
3 files changed, 67 insertions, 119 deletions
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index c9ea63ce3..ae60f211a 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -42,13 +42,16 @@ def parse_options(): sensitive=True, help="admin password") parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="print debugging information") - parser.add_option("--ip-address", dest="ip_address", + parser.add_option("--ip-address", dest="ip_addresses", + default=[], action="append", type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--forwarder", dest="forwarders", action="append", type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") - parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") + parser.add_option("--reverse-zone", dest="reverse_zones", + default=[], action="append", + help="The reverse DNS zone to use") parser.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create new reverse DNS zone") parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, @@ -62,7 +65,7 @@ def parse_options(): if options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") - elif options.reverse_zone and options.no_reverse: + elif options.reverse_zones and options.no_reverse: parser.error("You cannot specify a --reverse-zone option together with --no-reverse") if options.unattended: @@ -130,46 +133,8 @@ def main(): except errors.ACIError: sys.exit("Password is not valid!") - # Check we have a public IP that is associated with the hostname - if options.ip_address: - ip = options.ip_address - else: - hostaddr = resolve_host(api.env.host) - try: - if len(hostaddr) > 1: - print >> sys.stderr, "The server hostname resolves to more than one address:" - for addr in hostaddr: - print >> sys.stderr, " %s" % addr - - if options.ip_address: - if str(options.ip_address) not in hostaddr: - print >> sys.stderr, "Address passed in --ip-address did not match any resolved" - print >> sys.stderr, "address!" - sys.exit(1) - print "Selected IP address:", str(options.ip_address) - ip = options.ip_address - else: - if options.unattended: - print >> sys.stderr, "Please use --ip-address option to specify the address" - sys.exit(1) - else: - ip = read_ip_address(api.env.host, fstore) - else: - ip = hostaddr and ipautil.CheckedIPAddress(hostaddr[0], match_local=True) - except Exception, e: - print "Error: Invalid IP Address %s: %s" % (ip, e) - ip = None - - if not ip: - if options.unattended: - sys.exit("Unable to resolve IP address for host name") - else: - ip = read_ip_address(api.env.host, fstore) - ip_address = str(ip) - root_logger.debug("will use ip_address: %s\n", ip_address) - - if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): - sys.exit(1) + ip_addresses = get_server_ip_address(api.env.host, fstore, + options.unattended, True, options.ip_addresses) if options.no_forwarders: dns_forwarders = () @@ -186,19 +151,11 @@ def main(): ccache = krbV.default_context().default_ccache() api.Backend.ldap2.connect(ccache) - if options.reverse_zone: - reverse_zone = bindinstance.normalize_zone(options.reverse_zone) - else: - reverse_zone = bindinstance.find_reverse_zone(ip) - if reverse_zone is None and not options.no_reverse: - if options.unattended: - reverse_zone = util.get_reverse_zone_default(ip) - elif bindinstance.create_reverse(): - reverse_zone = util.get_reverse_zone_default(ip) - reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) + reverse_zones = bindinstance.check_reverse_zones(ip_addresses, + options.reverse_zones, options, options.unattended, True) - if reverse_zone is not None: - print "Using reverse zone %s" % reverse_zone + if reverse_zones is not None: + print "Using reverse zone %s" % ', '.join(reverse_zones) conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled() @@ -208,8 +165,8 @@ def main(): print "Please wait until the prompt is returned." print "" - bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, - dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr) + bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain, + dns_forwarders, conf_ntp, reverse_zones, zonemgr=options.zonemgr) bind.create_instance() # Restart http instance to make sure that python-dns has the right resolver diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2986685d0..74781d00d 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -67,8 +67,8 @@ def parse_options(): default=False, help="configure a dogtag CA") basic_group.add_option("--setup-kra", dest="setup_kra", action="store_true", default=False, help="configure a dogtag KRA") - basic_group.add_option("--ip-address", dest="ip_address", - type="ip", ip_local=True, + basic_group.add_option("--ip-address", dest="ip_addresses", + type="ip", ip_local=True, action="append", default=[], help="Replica server IP Address") basic_group.add_option("-p", "--password", dest="password", sensitive=True, help="Directory Manager (existing master) password") @@ -112,7 +112,8 @@ def parse_options(): type="ip", help="Add a DNS forwarder") dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") - dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") + dns_group.add_option("--reverse-zone", dest="reverse_zones", default=[], + action="append", help="The reverse DNS zone to use") dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create new reverse DNS zone") dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true", @@ -133,7 +134,7 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") - if options.reverse_zone: + if options.reverse_zones: parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") if options.no_reverse: parser.error("You cannot specify a --no-reverse option without the --setup-dns option") @@ -141,7 +142,7 @@ def parse_options(): parser.error("You cannot specify a --forwarder option together with --no-forwarders") elif not options.forwarders and not options.no_forwarders: parser.error("You must specify at least one --forwarder option or --no-forwarders option") - elif options.reverse_zone and options.no_reverse: + elif options.reverse_zones and options.no_reverse: parser.error("You cannot specify a --reverse-zone option together with --no-reverse") return safe_options, options, args[0] @@ -264,23 +265,9 @@ def install_bind(config, options): forwarders = () bind = bindinstance.BindInstance(dm_password=config.dirman_password) - if options.reverse_zone: - if not bindinstance.verify_reverse_zone(options.reverse_zone, config.ip): - sys.exit(1) - reverse_zone = bindinstance.normalize_zone(options.reverse_zone) - else: - reverse_zone = bindinstance.find_reverse_zone(config.ip) - if reverse_zone is None and not options.no_reverse: - reverse_zone = util.get_reverse_zone_default(config.ip) - if not options.unattended and bindinstance.create_reverse(): - reverse_zone = bindinstance.read_reverse_zone(reverse_zone, config.ip) - - if reverse_zone is not None: - print "Using reverse zone %s" % reverse_zone - - bind.setup(config.host_name, config.ip_address, config.realm_name, - config.domain_name, forwarders, options.conf_ntp, reverse_zone, - ca_configured=options.setup_ca) + bind.setup(config.host_name, config.ips, config.realm_name, + config.domain_name, forwarders, options.conf_ntp, + config.reverse_zones, ca_configured=options.setup_ca) bind.create_instance() print "" @@ -326,12 +313,16 @@ def install_dns_records(config, options): config.master_host_name, config.dirman_password): try: bind = bindinstance.BindInstance(dm_password=config.dirman_password) - reverse_zone = bindinstance.find_reverse_zone(config.ip) - - bind.add_master_dns_records(config.host_name, config.ip_address, - config.realm_name, config.domain_name, - reverse_zone, options.conf_ntp, - options.setup_ca) + for ip in config.ips: + reverse_zone = bindinstance.find_reverse_zone(ip) + + bind.add_master_dns_records(config.host_name, + str(ip), + config.realm_name, + config.domain_name, + reverse_zone, + options.conf_ntp, + options.setup_ca) except errors.NotFound, e: root_logger.debug('Replica DNS records could not be added ' 'on master: %s', str(e)) @@ -534,8 +525,16 @@ def main(): # check replica host IP resolution - config.ip = installutils.get_server_ip_address(config.host_name, fstore, True, options) - config.ip_address = str(config.ip) + config.ips = installutils.get_server_ip_address(config.host_name, fstore, + options.unattended, options.setup_dns, options.ip_addresses) + + ip_addresses = [str(ip) for ip in config.ips] + config.reverse_zones = bindinstance.check_reverse_zones(ip_addresses, + options.reverse_zones, options, True) + + if config.reverse_zones is not None: + print "Using reverse zone(s) %s" % ', '.join(config.reverse_zones) + # Create the management framework config file # Note: We must do this before bootstraping and finalizing ipalib.api diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 86422e332..533023f2e 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -175,8 +175,8 @@ def parse_options(): help="create home directories for users " "on their first login") basic_group.add_option("--hostname", dest="host_name", help="fully qualified name of server") - basic_group.add_option("--ip-address", dest="ip_address", - type="ip", ip_local=True, + basic_group.add_option("--ip-address", dest="ip_addresses", + type="ip", ip_local=True, action="append", default=[], help="Master Server IP Address") basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false", help="do not configure ntp", default=True) @@ -236,7 +236,8 @@ def parse_options(): type="ip", help="Add a DNS forwarder") dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") - dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") + dns_group.add_option("--reverse-zone", dest="reverse_zones", help="The reverse DNS zone to use", + action="append", default=[]) dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create reverse DNS zone") dns_group.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, @@ -280,13 +281,13 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") - if options.reverse_zone: + if options.reverse_zones: parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") if options.no_reverse: parser.error("You cannot specify a --no-reverse option without the --setup-dns option") elif options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") - elif options.reverse_zone and options.no_reverse: + elif options.reverse_zones and options.no_reverse: parser.error("You cannot specify a --reverse-zone option together with --no-reverse") if options.uninstall: @@ -829,11 +830,11 @@ def main(): realm_name = "" host_name = "" domain_name = "" - ip_address = "" + ip_addresses = [] master_password = "" dm_password = "" admin_password = "" - reverse_zone = None + reverse_zones = [] if not options.setup_dns and not options.unattended: if ipautil.user_input("Do you want to configure integrated DNS (BIND)?", False): @@ -892,11 +893,8 @@ def main(): domain_name = domain_name.lower() - ip = get_server_ip_address(host_name, fstore, options.unattended, options) - ip_address = str(ip) - - if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): - sys.exit(1) + ip_addresses = get_server_ip_address(host_name, fstore, + options.unattended, options.setup_dns, options.ip_addresses) if not options.realm_name: realm_name = read_realm_name(domain_name, options.unattended) @@ -973,35 +971,29 @@ def main(): else: dns_forwarders = read_dns_forwarders() - if options.reverse_zone: - reverse_zone = bindinstance.normalize_zone(options.reverse_zone) - elif not options.no_reverse: - if options.unattended: - reverse_zone = util.get_reverse_zone_default(ip) - elif bindinstance.create_reverse(): - reverse_zone = util.get_reverse_zone_default(ip) - reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) - - if reverse_zone is not None: - print "Using reverse zone %s" % reverse_zone + reverse_zones = bindinstance.check_reverse_zones(ip_addresses, + options.reverse_zones, options, options.unattended) + + if reverse_zones: + print "Using reverse zone(s) %s" % ", ".join(str(rz) for rz in reverse_zones) else: dns_forwarders = () root_logger.debug("will use dns_forwarders: %s\n" % str(dns_forwarders)) print print "The IPA Master Server will be configured with:" - print "Hostname: %s" % host_name - print "IP address: %s" % ip_address - print "Domain name: %s" % domain_name - print "Realm name: %s" % realm_name + print "Hostname: %s" % host_name + print "IP address(es): %s" % ", ".join(str(ip) for ip in ip_addresses) + print "Domain name: %s" % domain_name + print "Realm name: %s" % realm_name print if options.setup_dns: print "BIND DNS server will be configured to serve IPA domain with:" print "Forwarders: %s" % ("No forwarders" if not dns_forwarders \ else ", ".join([str(ip) for ip in dns_forwarders])) - print "Reverse zone: %s" % ("No reverse zone" if options.no_reverse \ - or reverse_zone is None else reverse_zone) + print "Reverse zone(s): %s" % ("No reverse zone" if options.no_reverse \ + or reverse_zones is None else ", ".join(str(rz) for rz in reverse_zones)) print # If domain name and realm does not match, IPA server will not be able @@ -1112,7 +1104,7 @@ def main(): options.host_name = host_name options.unattended = True options.forwarders = dns_forwarders - options.reverse_zone = reverse_zone + options.reverse_zones = reverse_zones write_cache(vars(options)) ca.configure_instance(host_name, domain_name, dm_password, dm_password, csr_file=paths.ROOT_IPA_CSR, @@ -1206,8 +1198,8 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) - bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, - options.conf_ntp, reverse_zone, zonemgr=options.zonemgr, + bind.setup(host_name, ip_addresses, realm_name, domain_name, dns_forwarders, + options.conf_ntp, reverse_zones, zonemgr=options.zonemgr, ca_configured=setup_ca) if options.setup_dns: api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password) |