diff options
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-install | 42 | ||||
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 40 |
2 files changed, 60 insertions, 22 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index e9d962915..d1f859179 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -61,10 +61,13 @@ def parse_options(): def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False) -def expand_info(filename): +def expand_info(filename, password): top_dir = tempfile.mkdtemp("ipa") + tarfile = top_dir+"/files.tar" dir = top_dir + "/realm_info" - ipautil.run(["tar", "xfz", filename, "-C", top_dir]) + ipautil.decrypt_file(filename, tarfile, password, top_dir) + ipautil.run(["tar", "xf", tarfile, "-C", top_dir]) + os.remove(tarfile) return top_dir, dir @@ -78,6 +81,7 @@ def read_info(dir, rconfig): rconfig.master_host_name = config.get("realm", "master_host_name") rconfig.ds_user = config.get("realm", "ds_user") rconfig.domain_name = config.get("realm", "domain_name") + rconfig.host_name = config.get("realm", "destination_host") def get_host_name(): hostname = installutils.get_fqdn() @@ -179,33 +183,37 @@ def main(): check_dirsrv() - top_dir, dir = expand_info(filename) + # get the directory manager password + dirman_password = options.password + if not dirman_password: + try: + dirman_password = get_dirman_password() + except KeyboardInterrupt: + sys.exit(0) + + try: + top_dir, dir = expand_info(filename, dirman_password) + except Exception, e: + print "ERROR: Failed to decrypt or open the replica file." + print "Verify you entered the correct Directory Manager password." + sys.exit(1) config = ReplicaConfig() read_info(dir, config) - config.host_name = get_host_name() - p = filename.split('-') - host = '-'.join(p[2:]) - if host != config.host_name: + config.dirman_password = dirman_password + host = get_host_name() + if config.host_name != host: try: - print "This replica was created for '%s' but this machine is named '%s'" % (host, config.host_name) + print "This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host) if not ipautil.user_input("This may cause problems. Continue?", True): sys.exit(0) + config.host_name = host print "" except KeyboardInterrupt: sys.exit(0) config.repl_password = ipautil.ipa_generate_password() config.dir = dir - # get the directory manager password - if not options.password: - try: - config.dirman_password = get_dirman_password() - except KeyboardInterrupt: - sys.exit(0) - else: - config.dirman_password = options.password - # Try out the password try: conn = ipaldap.IPAdmin(config.master_host_name) diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 198145405..ab2e6af8f 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -49,6 +49,8 @@ def parse_options(): help="PIN for the Directory Server PKCS#12 file") parser.add_option("--http_pin", dest="http_pin", help="PIN for the Apache Server PKCS#12 file") + parser.add_option("-p", "--password", dest="password", + help="Directory Manager (existing master) password") options, args = parser.parse_args(args) @@ -138,13 +140,14 @@ def get_ds_user(ds_dir): return user -def save_config(dir, realm_name, host_name, ds_user, domain_name): +def save_config(dir, realm_name, host_name, ds_user, domain_name, dest_host): config = SafeConfigParser() config.add_section("realm") config.set("realm", "realm_name", realm_name) config.set("realm", "master_host_name", host_name) config.set("realm", "ds_user", ds_user) config.set("realm", "domain_name", domain_name) + config.set("realm", "destination_host", dest_host) fd = open(dir + "/realm_info", "w") config.write(fd) @@ -162,6 +165,9 @@ def copy_files(realm_name, dir): print "error copying files: " + str(e) sys.exit(1) +def get_dirman_password(): + return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False) + def main(): options, args = parse_options() @@ -191,6 +197,26 @@ def main(): ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) ds_user = get_ds_user(ds_dir) + # get the directory manager password + dirman_password = options.password + if not options.password: + try: + dirman_password = get_dirman_password() + except KeyboardInterrupt: + sys.exit(0) + + # Try out the password + try: + conn = ipaldap.IPAdmin(host_name) + conn.do_simple_bind(bindpw=dirman_password) + conn.unbind() + except ldap.CONNECT_ERROR, e: + sys.exit("\nUnable to connect to LDAP server %s" % host_name) + except ldap.SERVER_DOWN, e: + sys.exit("\nUnable to connect to LDAP server %s" % host_name) + except ldap.INVALID_CREDENTIALS, e : + sys.exit("\nThe password provided is incorrect for LDAP server %s" % host_name) + print "Preparing replica for %s from %s" % (replica_fqdn, host_name) top_dir = tempfile.mkdtemp("ipa") @@ -241,12 +267,16 @@ def main(): print "Copying additional files" copy_files(realm_name, dir) print "Finalizing configuration" - save_config(dir, realm_name, host_name, ds_user, domain_name) + save_config(dir, realm_name, host_name, ds_user, domain_name, replica_fqdn) + + replicafile = "/var/lib/ipa/replica-info-" + replica_fqdn + encfile = replicafile+".gpg" - print "Packaging the replica into /var/lib/ipa/%s" % "replica-info-" + replica_fqdn - ipautil.run(["/bin/tar", "cfz", "/var/lib/ipa/replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"]) - os.chmod("/var/lib/ipa/replica-info-" + replica_fqdn, 0600) + print "Packaging replica information into %s" % encfile + ipautil.run(["/bin/tar", "cf", replicafile, "-C", top_dir, "realm_info"]) + ipautil.encrypt_file(replicafile, encfile, dirman_password, top_dir); + os.remove(replicafile) shutil.rmtree(dir) try: |