From 50a2c45760d51e7a13888702e1a047a113bc1f5e Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Mon, 18 Jul 2011 09:33:57 +0200 Subject: Check IPA configuration in install tools Install tools may fail with unexpected error when IPA server is not installed on a system. Improve user experience by implementing a check to affected tools. https://fedorahosted.org/freeipa/ticket/1327 https://fedorahosted.org/freeipa/ticket/1347 --- install/tools/ipa-compliance | 14 +++++++++++--- install/tools/ipa-dns-install | 3 +++ install/tools/ipa-ldap-updater | 7 ++----- install/tools/ipa-nis-manage | 2 ++ install/tools/ipa-replica-manage | 7 +++++++ install/tools/ipa-replica-prepare | 4 ++++ install/tools/ipa-server-certinstall | 13 ++++++++++++- ipaserver/install/installutils.py | 19 +++++++++++++++++-- 8 files changed, 58 insertions(+), 11 deletions(-) diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance index 81cd8c370..8ae91b777 100644 --- a/install/tools/ipa-compliance +++ b/install/tools/ipa-compliance @@ -35,6 +35,7 @@ try: from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors, backend + from ipaserver.install import installutils except ImportError, e: # If python-rhsm isn't installed exit gracefully and quietly. if e.args[0] == 'No module named rhsm.certificate': @@ -165,8 +166,7 @@ def check_compliance(tmpdir, debug=False): print 'IPA is in compliance: %d of %d entitlements used.' % (hostcount, available) def main(): - if os.getegid() != 0: - sys.exit("Must be root to check compliance") + installutils.check_server_configuration() if not os.path.exists('/etc/ipa/default.conf'): return 0 @@ -189,4 +189,12 @@ def main(): return 0 -sys.exit(main()) +try: + if not os.geteuid()==0: + sys.exit("\nMust be root to check compliance\n") + + main() +except SystemExit, e: + sys.exit(e) +except RuntimeError, e: + sys.exit(e) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index cc091dd08..7c83dc869 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -24,6 +24,7 @@ import traceback from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import bindinstance, ntpinstance from ipaserver.install.installutils import * +from ipaserver.install import installutils from ipapython import version from ipapython import ipautil, sysrestore from ipalib import api, errors, util @@ -71,6 +72,8 @@ def main(): if os.getegid() != 0: sys.exit("Must be root to setup server") + installutils.check_server_configuration() + standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a') print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log" diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater index ec57109d3..5b63c120e 100755 --- a/install/tools/ipa-ldap-updater +++ b/install/tools/ipa-ldap-updater @@ -85,9 +85,7 @@ def main(): loglevel = logging.DEBUG if os.getegid() == 0: - fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') - if not fstore.has_files(): - sys.exit("IPA is not configured on this system.") + installutils.check_server_configuration() elif not os.path.exists('/etc/ipa/default.conf'): sys.exit("IPA is not configured on this system.") @@ -149,8 +147,7 @@ except BadSyntax, e: print " %s" % e sys.exit(1) except RuntimeError, e: - print "%s" % e - sys.exit(1) + sys.exit(e) except SystemExit, e: sys.exit(e) except KeyboardInterrupt, e: diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index f61610af8..6eb619c3c 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -87,6 +87,8 @@ def main(): if os.getegid() != 0: sys.exit('Must be root to use this tool.') + installutils.check_server_configuration() + options, args = parse_options() if options.debug: loglevel = logging.DEBUG diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 1adf0cebb..c3dd0b3fe 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -412,6 +412,11 @@ def force_sync(realm, thishost, fromhost, dirman_passwd): repl.force_sync(repl.conn, thishost) def main(): + if os.getegid() == 0: + installutils.check_server_configuration() + elif not os.path.exists('/etc/ipa/default.conf'): + sys.exit("IPA is not configured on this system.") + options, args = parse_options() # Just initialize the environment. This is so the installer can have @@ -480,6 +485,8 @@ except KeyboardInterrupt: sys.exit(1) except SystemExit, e: sys.exit(e) +except RuntimeError, e: + sys.exit(e) except ldap.INVALID_CREDENTIALS: print "Invalid password" sys.exit(1) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index cb279481d..14ee53913 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -65,6 +65,7 @@ def parse_options(): default=True, help="disables pkinit setup steps") options, args = parser.parse_args() + config.init_config() if not options.ip_address: if options.reverse_zone: @@ -230,6 +231,7 @@ def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False) def main(): + installutils.check_server_configuration() if not check_replication_plugin(): sys.exit(1) options, args = parse_options() @@ -460,6 +462,8 @@ try: main() except SystemExit, e: sys.exit(e) +except RuntimeError, e: + sys.exit(e) except Exception, e: print "preparation of replica failed: %s" % str(e) message = str(e) diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 74ded157c..312d41202 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -32,6 +32,7 @@ from ipapython.ipautil import user_input from ipaserver.install import certs, dsinstance, httpinstance, installutils from ipalib import api from ipaserver.plugins.ldap2 import ldap2 +from ipaserver.install import installutils def get_realm_name(): c = krbV.default_context() @@ -120,6 +121,8 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password): return server_cert def main(): + installutils.check_server_configuration() + options, pkcs12_fname = parse_options() cfg = dict(in_server=True,) @@ -160,4 +163,12 @@ def main(): return 0 -sys.exit(main()) +try: + if not os.geteuid()==0: + sys.exit("\nYou must be root to run this script.\n") + + main() +except SystemExit, e: + sys.exit(e) +except RuntimeError, e: + sys.exit(e) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 68fce7e69..ba49eb8b7 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -32,8 +32,7 @@ import time import tempfile from ConfigParser import SafeConfigParser -from ipapython import ipautil -from ipapython import dnsclient +from ipapython import ipautil, dnsclient, sysrestore class HostnameLocalhost(Exception): pass @@ -499,3 +498,19 @@ def read_replica_info(dir, rconfig): rconfig.domain_name = config.get("realm", "domain_name") rconfig.host_name = config.get("realm", "destination_host") rconfig.subject_base = config.get("realm", "subject_base") + +def check_server_configuration(): + """ + Check if IPA server is configured on the system. + + This is done by checking if there are system restore (uninstall) files + present on the system. Note that this check can only be run with root + privileges. + + When IPA is not configured, this function raises a RuntimeError exception. + Most convenient use case for the function is in install tools that require + configured IPA for its function. + """ + server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + if not server_fstore.has_files(): + raise RuntimeError("IPA is not configured on this system.") -- cgit