ipa-server/ipa-install/ipa-server-install


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

#! /usr/bin/python -E
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#


# requires the following packages:
# fedora-ds-base
# openldap-clients
# nss-tools

VERSION = "%prog .1"

import sys
sys.path.append("/usr/share/ipa")

import socket
import logging
from optparse import OptionParser
import ipaserver.dsinstance
import ipaserver.krbinstance
from ipaserver.util import run

def parse_options():
    parser = OptionParser(version=VERSION)
    parser.add_option("-u", "--user", dest="ds_user",
                      help="ds user")
    parser.add_option("-r", "--realm", dest="realm_name",
                      help="realm name")
    parser.add_option("-p", "--password", dest="password",
                      help="admin password")
    parser.add_option("-m", "--master-password", dest="master_password",
                      help="kerberos master password")
    parser.add_option("-d", "--debug", dest="debug", action="store_true",
                     dest="debug", default=False, help="print debugging information")
    parser.add_option("--hostname", dest="host_name", help="fully qualified name of server")

    options, args = parser.parse_args()

    if not options.ds_user or not options.realm_name or not options.password or not options.master_password:
        parser.error("error: all options are required")

    return options

def logging_setup(options):
    # Always log everything (i.e., DEBUG) to the log
    # file.
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s %(levelname)s %(message)s',
                        filename='ipaserver-install.log',
                        filemode='w')

    console = logging.StreamHandler()
    # If the debug option is set, also log debug messages to the console
    if options.debug:
        console.setLevel(logging.DEBUG)
    else:
        # Otherwise, log critical and error messages
        console.setLevel(logging.ERROR)
    formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
    console.setFormatter(formatter)
    logging.getLogger('').addHandler(console)

def main():
    options = parse_options()
    logging_setup(options)

    # check the hostname is correctly configured, it must be as the kldap
    # utilities just use the hostname as returned by gethostbyname to set
    # up some of the standard entries

    if options.host_name:
        host_name = options.host_name
    else:
        host_name = socket.gethostname()
    if len(host_name.split(".")) < 2:
        print "Invalid hostname <"+host_name+">"
        print "Check the /etc/hosts file and make sure to have a valid FQDN"
        return "-Fatal Error-"

    if socket.gethostbyname(host_name) == "127.0.0.1":
        print "The hostname resolves to the localhost address (127.0.0.1)"
        print "Please change your /etc/hosts file or your DNS so that the"
        print "hostname resolves to the ip address of your network interface."
        print "The KDC service does not listen on 127.0.0.1"
        return "-Fatal Error-"

    print "The Final KDC Host Name will be: " + host_name


    # Create a directory server instance
    ds = ipaserver.dsinstance.DsInstance()
    ds.create_instance(options.ds_user, options.realm_name, host_name,
                       options.password)

    # Create a kerberos instance
    krb = ipaserver.krbinstance.KrbInstance()
    krb.create_instance(options.ds_user, options.realm_name, host_name,
                        options.password, options.master_password)

    # Restart ds after the krb instance have add the sasl map
    ds.restart()

    # Restart apache
    run(["/sbin/service", "httpd", "restart"])

    # Create the config file
    fd = open("/etc/ipa/ipa.conf", "w")
    fd.write("[defaults]\n")
    fd.write("server=" + host_name + "\n")
    fd.write("realm=" + options.realm_name + "\n")
    fd.close()

    return 0

main()