summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-server-install
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools/ipa-server-install')
-rwxr-xr-xinstall/tools/ipa-server-install124
1 files changed, 69 insertions, 55 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index e8a48fa..cb51b1d 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -40,6 +40,7 @@ from ConfigParser import RawConfigParser
import random
import tempfile
import nss.error
+from optparse import OptionGroup
from ipaserver.install import dsinstance
from ipaserver.install import krbinstance
@@ -103,88 +104,101 @@ def parse_options():
# Guaranteed to give a random 200k range below the 2G mark (uint32_t limit)
namespace = random.randint(1, 10000) * 200000
parser = IPAOptionParser(version=version.VERSION)
- parser.add_option("-r", "--realm", dest="realm_name",
+
+ basic_group = OptionGroup(parser, "basic options")
+ basic_group.add_option("-r", "--realm", dest="realm_name",
help="realm name")
- parser.add_option("-n", "--domain", dest="domain_name",
+ basic_group.add_option("-n", "--domain", dest="domain_name",
help="domain name")
- parser.add_option("-p", "--ds-password", dest="dm_password",
+ basic_group.add_option("-p", "--ds-password", dest="dm_password",
sensitive=True, help="admin password")
- parser.add_option("-P", "--master-password",
+ basic_group.add_option("-P", "--master-password",
dest="master_password", sensitive=True,
help="kerberos master password (normally autogenerated)")
- parser.add_option("-a", "--admin-password",
+ basic_group.add_option("-a", "--admin-password",
sensitive=True, dest="admin_password",
help="admin user kerberos password")
- parser.add_option("-d", "--debug", dest="debug", action="store_true",
+ basic_group.add_option("--hostname", dest="host_name", help="fully qualified name of server")
+ basic_group.add_option("--ip-address", dest="ip_address",
+ type="ip", ip_local=True,
+ help="Master Server IP Address")
+ basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+ help="do not configure ntp", default=True)
+ basic_group.add_option("--idstart", dest="idstart", default=namespace, type=int,
+ help="The starting value for the IDs range (default random)")
+ basic_group.add_option("--idmax", dest="idmax", default=0, type=int,
+ help="The max value value for the IDs range (default: idstart+199999)")
+ basic_group.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
+ action="store_true",
+ help="Don't install allow_all HBAC rule")
+ basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
+ default=True, help="Do not automatically redirect to the Web UI")
+ basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
default=False, help="print debugging information")
- parser.add_option("", "--selfsign", dest="selfsign", action="store_true",
+ basic_group.add_option("-U", "--unattended", dest="unattended", action="store_true",
+ default=False, help="unattended (un)installation never prompts the user")
+ parser.add_option_group(basic_group)
+
+ cert_group = OptionGroup(parser, "certificate system options")
+ cert_group.add_option("", "--selfsign", dest="selfsign", action="store_true",
default=False, help="Configure a self-signed CA instance rather than a dogtag CA")
- parser.add_option("", "--external-ca", dest="external_ca", action="store_true",
+ cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true",
default=False, help="Generate a CSR to be signed by an external CA")
- parser.add_option("", "--external_cert_file", dest="external_cert_file",
+ cert_group.add_option("", "--external_cert_file", dest="external_cert_file",
help="File containing PKCS#10 certificate")
- parser.add_option("", "--external_ca_file", dest="external_ca_file",
+ cert_group.add_option("", "--external_ca_file", dest="external_ca_file",
help="File containing PKCS#10 of the external CA chain")
- parser.add_option("--hostname", dest="host_name", help="fully qualified name of server")
- parser.add_option("--ip-address", dest="ip_address",
- type="ip", ip_local=True,
- help="Master Server IP Address")
- parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
+ cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
+ default=True, help="disables pkinit setup steps")
+ cert_group.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
+ help="PKCS#12 file containing the Directory Server SSL certificate")
+ cert_group.add_option("--http_pkcs12", dest="http_pkcs12",
+ help="PKCS#12 file containing the Apache Server SSL certificate")
+ cert_group.add_option("--pkinit_pkcs12", dest="pkinit_pkcs12",
+ help="PKCS#12 file containing the Kerberos KDC SSL certificate")
+ cert_group.add_option("--dirsrv_pin", dest="dirsrv_pin", sensitive=True,
+ help="The password of the Directory Server PKCS#12 file")
+ cert_group.add_option("--http_pin", dest="http_pin", sensitive=True,
+ help="The password of the Apache Server PKCS#12 file")
+ cert_group.add_option("--pkinit_pin", dest="pkinit_pin",
+ help="The password of the Kerberos KDC PKCS#12 file")
+ cert_group.add_option("--subject", action="callback", callback=subject_callback,
+ type="string",
+ help="The certificate subject base (default O=<realm-name>)")
+ parser.add_option_group(cert_group)
+
+ dns_group = OptionGroup(parser, "DNS options")
+ dns_group.add_option("--setup-dns", dest="setup_dns", action="store_true",
default=False, help="configure bind with our zone")
- parser.add_option("--forwarder", dest="forwarders", action="append",
+ dns_group.add_option("--forwarder", dest="forwarders", action="append",
type="ip", help="Add a DNS forwarder")
- parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+ dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead")
- parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
- parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
+ dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
+ dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create reverse DNS zone")
- parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback,
+ dns_group.add_option("--zonemgr", action="callback", callback=zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to root")
- parser.add_option("--zone-notif", dest="zone_notif",
+ dns_group.add_option("--zone-notif", dest="zone_notif",
action="store_true", default=False,
help="Let name server receive notification when a new zone is added." \
"Zone refresh is turned off when zone notification is enabled")
- parser.add_option("--zone-refresh", dest="zone_refresh",
+ dns_group.add_option("--zone-refresh", dest="zone_refresh",
default=DNS_ZONE_REFRESH, type="int",
help="A delay between checks for new DNS zones. Defaults to %d" \
% DNS_ZONE_REFRESH)
- parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
- default=False, help="unattended installation never prompts the user")
- parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
- default=False, help="uninstall an existing installation")
- parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
- help="do not configure ntp", default=True)
- parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
- default=True, help="disables pkinit setup steps")
- parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
- help="PKCS#12 file containing the Directory Server SSL certificate")
- parser.add_option("--http_pkcs12", dest="http_pkcs12",
- help="PKCS#12 file containing the Apache Server SSL certificate")
- parser.add_option("--pkinit_pkcs12", dest="pkinit_pkcs12",
- help="PKCS#12 file containing the Kerberos KDC SSL certificate")
- parser.add_option("--dirsrv_pin", dest="dirsrv_pin", sensitive=True,
- help="The password of the Directory Server PKCS#12 file")
- parser.add_option("--http_pin", dest="http_pin", sensitive=True,
- help="The password of the Apache Server PKCS#12 file")
- parser.add_option("--pkinit_pin", dest="pkinit_pin",
- help="The password of the Kerberos KDC PKCS#12 file")
- parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
+ dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
default=False,
help="Do not use DNS for hostname lookup during installation")
+ parser.add_option_group(dns_group)
+
+ uninstall_group = OptionGroup(parser, "uninstall options")
+ uninstall_group.add_option("", "--uninstall", dest="uninstall", action="store_true",
+ default=False, help="uninstall an existing installation. The uninstall can " \
+ "be run with --unattended option")
+ parser.add_option_group(uninstall_group)
- parser.add_option("--idstart", dest="idstart", default=namespace, type=int,
- help="The starting value for the IDs range (default random)")
- parser.add_option("--idmax", dest="idmax", default=0, type=int,
- help="The max value value for the IDs range (default: idstart+199999)")
- parser.add_option("--subject", action="callback", callback=subject_callback,
- type="string",
- help="The certificate subject base (default O=<realm-name>)")
- parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
- action="store_true",
- help="Don't install allow_all HBAC rule")
- parser.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
- default=True, help="Do not automatically redirect to the Web UI")
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)