diff options
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-install | 7 | ||||
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 47 | ||||
-rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 27 | ||||
-rw-r--r-- | ipa-server/ipaserver/bindinstance.py | 6 | ||||
-rw-r--r-- | ipa-server/ipaserver/dsinstance.py | 4 | ||||
-rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 4 | ||||
-rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 16 |
7 files changed, 79 insertions, 32 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index a723f4d84..1b88f4c53 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -70,6 +70,7 @@ def read_info(dir, rconfig): rconfig.realm_name = config.get("realm", "realm_name") rconfig.master_host_name = config.get("realm", "master_host_name") rconfig.ds_user = config.get("realm", "ds_user") + rconfig.domain_name = config.get("realm", "domain_name") def get_host_name(): hostname = installutils.get_fqdn() @@ -98,13 +99,13 @@ def install_ds(config): config.dir + "/pwdfile.txt") ds = dsinstance.DsInstance() - ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.dirman_password, pkcs12_info) + ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info) def install_krb(config): krb = krbinstance.KrbInstance() ldappwd_filename = config.dir + "/ldappwd" krb.create_replica(config.ds_user, config.realm_name, config.host_name, - config.dirman_password, ldappwd_filename) + config.domain_name, config.dirman_password, ldappwd_filename) def install_http(config): # if we have a pkcs12 file, create the cert db from @@ -116,7 +117,7 @@ def install_http(config): config.dir + "/pwdfile.txt") http = httpinstance.HTTPInstance() - http.create_instance(config.realm_name, config.host_name, False, pkcs12_info) + http.create_instance(config.realm_name, config.host_name, config.domain_name, False, pkcs12_info) # Now copy the autoconfiguration files try: diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 14e57dde3..8761f6535 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -28,7 +28,8 @@ from optparse import OptionParser import ipa.config from ipa import ipautil -from ipaserver import dsinstance, installutils, certs +from ipaserver import dsinstance, installutils, certs, ipaldap +import ldap def usage(): print "ipa-replica-prepate FQDN (e.g. replica.example.com)" @@ -56,8 +57,27 @@ def get_host_name(): return hostname def get_realm_name(): - c = krbV.default_context() - return c.default_realm + try: + c = krbV.default_context() + return c.default_realm + except Exception, e: + return None + +def get_domain_name(): + try: + conn = ipaldap.IPAdmin("127.0.0.1") + conn.simple_bind_s("", "") + + context = conn.getEntry("", ldap.SCOPE_BASE, '(objectclass=*)', [ 'namingContexts' ]) + conn.unbind() + except Exception, e: + return None + + domain_name = context.getValue('namingContexts') + domain_name = domain_name.replace('dc=','') + domain_name = domain_name.replace(',','.') + + return domain_name def check_ipa_configuration(realm_name): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) @@ -96,6 +116,9 @@ def export_certdb(realm_name, ds_dir, dir, fname, subject): os.unlink(dir + "/cert8.db") os.unlink(dir + "/key3.db") os.unlink(dir + "/secmod.db") + os.unlink(dir + "/noise.txt") + if ipautil.file_exists(passwd_fname + ".orig"): + os.unlink(passwd_fname + ".orig") def get_ds_user(ds_dir): uid = os.stat(ds_dir).st_uid @@ -103,12 +126,13 @@ def get_ds_user(ds_dir): return user -def save_config(dir, realm_name, host_name, ds_user): +def save_config(dir, realm_name, host_name, ds_user, domain_name): config = SafeConfigParser() config.add_section("realm") config.set("realm", "realm_name", realm_name) config.set("realm", "master_host_name", host_name) config.set("realm", "ds_user", ds_user) + config.set("realm", "domain_name", domain_name) fd = open(dir + "/realm_info", "w") config.write(fd) @@ -128,9 +152,20 @@ def main(): replica_fqdn = args[1] + print "Determining current realm name" realm_name = get_realm_name() + if realm_name is None: + print "Unable to determine default realm" + sys.exit(1) + check_ipa_configuration(realm_name) + print "Getting domain name from LDAP" + domain_name = get_domain_name() + if domain_name is None: + print "Unable to determine LDAP default domain" + sys.exit(1) + host_name = get_host_name() ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) ds_user = get_ds_user(ds_dir) @@ -148,7 +183,7 @@ def main(): print "Copying additional files" copy_files(realm_name, dir) print "Finalizing configuration" - save_config(dir, realm_name, host_name, ds_user) + save_config(dir, realm_name, host_name, ds_user, domain_name) print "Packaging the replica into %s" % "replica-info-" + replica_fqdn ipautil.run(["/bin/tar", "cfz", "replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"]) @@ -159,7 +194,7 @@ try: if not os.geteuid()==0: sys.exit("\nYou must be root to run this script.\n") if not ipautil.file_exists("/usr/share/ipa/serial"): - sys.exist("The replica must be created on the primary IPA server.") + sys.exit("The replica must be created on the primary IPA server.") main() except SystemExit, e: diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 3bc4b176b..aac4123c6 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -57,6 +57,8 @@ def parse_options(): help="ds user") parser.add_option("-r", "--realm", dest="realm_name", help="realm name") + parser.add_option("-n", "--domain", dest="domain_name", + help="domain name") parser.add_option("-p", "--ds-password", dest="dm_password", help="admin password") parser.add_option("-P", "--master-password", dest="master_password", @@ -206,6 +208,15 @@ def read_ds_user(): return ds_user +def read_domain_name(domain_name): + print "The domain name has been calculated based on the host name." + print "" + dn = raw_input("Please confirm the domain name ["+domain_name+"]: ") + print "" + if dn != "": + domain_name = dn + return domain_name + def read_realm_name(domain_name): print "The kerberos protocol requires a Realm name to be defined." print "This is typically the domain name converted to uppercase." @@ -357,8 +368,12 @@ def main(): host_name = host_default else: host_name = read_host_name(host_default) - - domain_name = host_name[host_name.find(".")+1:] + + if not options.domain_name: + domain_name = host_name[host_name.find(".")+1:] + domain_name = read_domain_name(domain_name) + else: + realm_name = options.realm_name # Check we have a public IP that is associated with the hostname ip = resolve_host(host_name) @@ -432,21 +447,21 @@ def main(): # Create a directory server instance ds = ipaserver.dsinstance.DsInstance() - ds.create_instance(ds_user, realm_name, host_name, dm_password) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password) # Create a kerberos instance krb = ipaserver.krbinstance.KrbInstance() - krb.create_instance(ds_user, realm_name, host_name, dm_password, master_password) + krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password) # Create a HTTP instance http = ipaserver.httpinstance.HTTPInstance() - http.create_instance(realm_name, host_name) + http.create_instance(realm_name, host_name, domain_name) # Create a Web Gui instance webgui = ipaserver.httpinstance.WebGuiInstance() webgui.create_instance() - bind.setup(host_name, ip_address, realm_name) + bind.setup(host_name, ip_address, realm_name, domain_name) if options.setup_bind: skipbind = False if not options.unattended: diff --git a/ipa-server/ipaserver/bindinstance.py b/ipa-server/ipaserver/bindinstance.py index 1970c1efd..c52703c07 100644 --- a/ipa-server/ipaserver/bindinstance.py +++ b/ipa-server/ipaserver/bindinstance.py @@ -37,12 +37,12 @@ class BindInstance(service.Service): self.realm = None self.sub_dict = None - def setup(self, fqdn, ip_address, realm_name): + def setup(self, fqdn, ip_address, realm_name, domain_name): self.fqdn = fqdn self.ip_address = ip_address self.realm = realm_name - self.domain = fqdn[fqdn.find(".")+1:] - self.host = fqdn[:fqdn.find(".")] + self.domain = domain_name + self.host = domain_name[:domain_name.find(".")] self.__setup_sub_dict() diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 573c633d7..b9d6daf94 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -109,14 +109,14 @@ class DsInstance(service.Service): self.domain = None self.pkcs12_info = None - def create_instance(self, ds_user, realm_name, host_name, dm_password, pkcs12_info=None): + def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None): self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) self.suffix = realm_to_suffix(self.realm_name) self.host_name = host_name self.dm_password = dm_password - self.domain = host_name[host_name.find(".")+1:] + self.domain = domain_name self.pkcs12_info = pkcs12_info self.__setup_sub_dict() diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index 1991da311..17532ddb0 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -55,10 +55,10 @@ class HTTPInstance(service.Service): def __init__(self): service.Service.__init__(self, "httpd") - def create_instance(self, realm, fqdn, autoconfig=True, pkcs12_info=None): + def create_instance(self, realm, fqdn, domain_name, autoconfig=True, pkcs12_info=None): self.fqdn = fqdn self.realm = realm - self.domain = fqdn[fqdn.find(".")+1:] + self.domain = domain_name self.pkcs12_info = pkcs12_info self.sub_dict = { "REALM" : realm, "FQDN": fqdn, "DOMAIN" : self.domain } diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index 638294dcf..9d0a25799 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -48,10 +48,6 @@ import pyasn1.codec.ber.decoder import struct import base64 -def host_to_domain(fqdn): - s = fqdn.split(".") - return ".".join(s[1:]) - def update_key_val_in_file(filename, key, val): if os.path.exists(filename): pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val)) @@ -92,13 +88,13 @@ class KrbInstance(service.Service): self.kpasswd = KpasswdInstance() - def __common_setup(self, ds_user, realm_name, host_name, admin_password): + def __common_setup(self, ds_user, realm_name, host_name, domain_name, admin_password): self.ds_user = ds_user self.fqdn = host_name self.realm = realm_name.upper() self.host = host_name.split(".")[0] self.ip = socket.gethostbyname(host_name) - self.domain = host_to_domain(host_name) + self.domain = domain_name self.suffix = ipautil.realm_to_suffix(self.realm) self.kdc_password = ipautil.ipa_generate_password() self.admin_password = admin_password @@ -124,10 +120,10 @@ class KrbInstance(service.Service): self.step("starting the KDC", self.__start_instance) self.step("configuring KDC to start on boot", self.__enable) - def create_instance(self, ds_user, realm_name, host_name, admin_password, master_password): + def create_instance(self, ds_user, realm_name, host_name, domain_name, admin_password, master_password): self.master_password = master_password - self.__common_setup(ds_user, realm_name, host_name, admin_password) + self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password) self.step("setting KDC account password", self.__configure_kdc_account_password) self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) @@ -146,10 +142,10 @@ class KrbInstance(service.Service): self.kpasswd.create_instance() - def create_replica(self, ds_user, realm_name, host_name, admin_password, ldap_passwd_filename): + def create_replica(self, ds_user, realm_name, host_name, domain_name, admin_password, ldap_passwd_filename): self.__copy_ldap_passwd(ldap_passwd_filename) - self.__common_setup(ds_user, realm_name, host_name, admin_password) + self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password) self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) self.step("writing stash file from DS", self.__write_stash_from_ds) |