diff options
| -rw-r--r-- | ipa-client/ipa-install/ipa-client-install | 35 | ||||
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-install | 29 | ||||
| -rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 31 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/ntpd.sysconfig.template | 8 | ||||
| -rw-r--r-- | ipa-server/ipaserver/ntpinstance.py | 26 |
6 files changed, 97 insertions, 33 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5bfa7337..177a727e 100644 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -46,6 +46,8 @@ def parse_options(): help="unattended installation never prompts the user") parser.add_option("-N", "--no-ntp", action="store_false", help="do not configure ntp", default=True, dest="conf_ntp") + parser.add_option("--on-master", dest="on_master", action="store_true", + help="use this option when run on a master", default=False) options, args = parser.parse_args() @@ -85,7 +87,7 @@ def main(): # Create the discovery instance ds = ipaclient.ipadiscovery.IPADiscovery() - ret = ds.search() + ret = ds.search(domain=options.domain, server=options.server) srv = "" if ret == -10: print "Can't get the fully qualified name of this host" @@ -119,12 +121,17 @@ def main(): if dnsok: print "Discovery was successful!" elif not options.unattended: - print "\nThe failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured\n." + print "\nThe failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured.\n" print "Autodiscovery of servers for failover cannot work with this configuration.\n" - print "If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure\n" + print "If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure.\n" if not ask_for_confirmation("Do you want to proceed and configure the system with fixed values with no DNS discovery?"): return ret + if options.realm_name != ds.getRealmName(): + if not options.unattended: + print "ERROR: The provided realm name: ["+options.realm_name+"] does not match with the discovered one: ["+ds.getRealmName()+"]\n" + return -3 + print "Realm: "+ds.getRealmName() print "DNS Domain: "+ds.getDomainName() print "IPA Server: "+ds.getServerName() @@ -162,7 +169,7 @@ def main(): {'name':'nss_map_attribute', 'type':'option', 'value':'uniqueMember member'}, {'name':'base', 'type':'option', 'value':ds.getBaseDN()}, {'name':'ldap_version', 'type':'option', 'value':'3'}] - if not dnsok or options.force: + if not dnsok or options.force or options.on_master: opts.append({'name':'uri', 'type':'option', 'value':'ldap://'+ds.getServerName()}) opts.append({'name':'empty', 'type':'empty'}) @@ -176,7 +183,7 @@ def main(): krbctx = krbV.default_context() # If we find our domain assume we are properly configured #(ex. we are configuring the client side of a Master) - if not krbctx.default_realm == ds.getRealmName() or options.force: + if not options.on_master and (not krbctx.default_realm == ds.getRealmName() or options.force): #Configure krb5.conf krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") @@ -232,10 +239,26 @@ def main(): #Modify nsswitch to add nss_ldap run(["/usr/sbin/authconfig", "--enableldap", "--update"]) + #Check nss_ldap is working properly + if not options.on_master: + try: + run(["getent", "passwd", "admin"]) + except Exception, e: + print "nss_ldap is not able to use DNS disccovery!" + print "Changing configuration to use hardcoded server name: " + ds.getServerName() + + opts = [{'name':'uri', 'type':'option', 'value':'ldap://'+ds.getServerName()}, + {'name':'empty', 'type':'empty'}] + try: + ldapconf.changeConf("/etc/ldap.conf", opts) + except Exception, e: + print "Configuration failed: " + str(e) + return 1 + #Modify pam to add pam_krb5 run(["/usr/sbin/authconfig", "--enablekrb5", "--update"]) - if options.conf_ntp: + if options.conf_ntp and not options.on_master: ipaclient.ntpconf.config_ntp(ds.getServerName()) print "Client configuration complete." diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index 93cfc864..234a624b 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -42,6 +42,8 @@ class ReplicaConfig: def parse_options(): from optparse import OptionParser parser = OptionParser() + parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false", + help="do not configure ntp", default=True) parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="gather extra debugging information") @@ -134,7 +136,7 @@ def main(): installutils.standard_logging_setup("ipareplica-install.log", options.debug) top_dir, dir = expand_info(filename) - + config = ReplicaConfig() read_info(dir, config) config.host_name = get_host_name() @@ -171,8 +173,14 @@ def main(): except ldap.INVALID_CREDENTIALS, e : sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) + # Configure ntpd + if options.conf_ntp: + ntp = ntpinstance.NTPInstance() + ntp.create_instance() + + # Configure dirsrv install_ds(config) - + repl = replication.ReplicationManager(config.host_name, config.dirman_password) if repl is None: raise RuntimeError("Unable to connect to LDAP server %s." % config.host_name) @@ -184,18 +192,21 @@ def main(): install_krb(config) install_http(config) - + # Create a Web Gui instance webgui = httpinstance.WebGuiInstance() webgui.create_instance() - # Configure ntpd - ntp = ntpinstance.NTPInstance() - ntp.create_instance() - service.restart("dirsrv") service.restart("krb5kdc") - + + # Call client install script + try: + run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]) + except Exception, e: + print "Configuration of client side components failed!" + print "ipa-client-install returned: " + str(e) + raise RuntimeError("Failed to configure the client") try: if not os.geteuid()==0: sys.exit("\nYou must be root to run this script.\n") @@ -207,4 +218,4 @@ except Exception, e: for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str logging.debug(message) - sys.exit(1) + sys.exit(1) diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index aac4123c..b698d682 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -75,6 +75,8 @@ def parse_options(): default=False, help="unattended installation never prompts the user") parser.add_option("", "--uninstall", dest="uninstall", action="store_true", default=False, help="uninstall an existing installation") + parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false", + help="do not configure ntp", default=True) options, args = parser.parse_args() @@ -188,7 +190,7 @@ def read_ds_user(): print "will give this user/group some permissions in specific paths/files" print "to perform server-specific operations." print "" - + ds_user = "" try: pwd.getpwnam('dirsrv') @@ -307,7 +309,7 @@ def main(): if os.getegid() != 0: print "Must be root to setup server" return - + signal.signal(signal.SIGTERM, signal_handler) signal.signal(signal.SIGINT, signal_handler) @@ -320,11 +322,11 @@ def main(): print "This program will setup the FreeIPA Server." print "" print "This includes:" + print " * Configure the Network Time Daemon (ntpd)" print " * Create and configure an instance of Directory Server" print " * Create and configure a Kerberos Domain Controller (KDC)" print " * Configure Apache (httpd)" print " * Configure TurboGears" - print " * Configure the Network Time Daemon (ntpd)" print "" print "To accept the default shown in brackets, press the Enter key." print "" @@ -357,7 +359,7 @@ def main(): host_default = options.host_name else: host_default = get_fqdn() - + if options.unattended: try: verify_fqdn(host_default) @@ -397,7 +399,7 @@ def main(): print "from the one provided on the command line. Please fix your DNS" print "or /etc/hosts file and restart the installation." return "-Fatal Error-" - + if options.unattended: if not ip: print "Unable to resolve IP address" @@ -445,6 +447,11 @@ def main(): print "The following operations may take some minutes to complete." print "Please wait until the prompt is returned." + # Configure ntpd + if options.conf_ntp: + ntp = ipaserver.ntpinstance.NTPInstance() + ntp.create_instance() + # Create a directory server instance ds = ipaserver.dsinstance.DsInstance() ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password) @@ -479,14 +486,10 @@ def main(): # Restart ds and krb after configurations have been changed service.print_msg("restarting the directory server") ds.restart() - + service.print_msg("restarting the KDC") krb.restart() - # Configure ntpd - ntp = ipaserver.ntpinstance.NTPInstance() - ntp.create_instance() - # Set the admin user kerberos password ds.change_admin_password(admin_password) @@ -498,6 +501,14 @@ def main(): fd.write("realm=" + realm_name + "\n") fd.close() + # Call client install script + try: + run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name]) + except Exception, e: + print "Configuration of client side components failed!" + print "ipa-client-install returned: " + str(e) + return "-Fatal Error-" + print "==============================================================================" print "Setup complete" print "" diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index 28ad51b9..44afd06a 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -20,6 +20,7 @@ app_DATA = \ krb.con.template \ krbrealm.con.template \ ntp.conf.server.template \ + ntpd.sysconfig.template \ preferences.html.template \ referint-conf.ldif \ dna-posix.ldif \ diff --git a/ipa-server/ipa-install/share/ntpd.sysconfig.template b/ipa-server/ipa-install/share/ntpd.sysconfig.template new file mode 100644 index 00000000..3412a0e8 --- /dev/null +++ b/ipa-server/ipa-install/share/ntpd.sysconfig.template @@ -0,0 +1,8 @@ +# Drop root to id 'ntp:ntp' by default. +OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid" + +# Set to 'yes' to sync hw clock after successful ntpdate +SYNC_HWCLOCK=yes + +# Additional options for ntpdate +NTPDATE_OPTIONS="" diff --git a/ipa-server/ipaserver/ntpinstance.py b/ipa-server/ipaserver/ntpinstance.py index e2765171..53858810 100644 --- a/ipa-server/ipaserver/ntpinstance.py +++ b/ipa-server/ipaserver/ntpinstance.py @@ -35,25 +35,34 @@ class NTPInstance(service.Service): # or we can get our own pool. os = "" if ipautil.file_exists("/etc/fedora-release"): - os = "fedora." + os = "fedora" elif ipautil.file_exists("/etc/redhat-release"): - os = "rhel." + os = "rhel" sub_dict = { } - sub_dict["SERVERA"] = "0.%spool.ntp.org" % os - sub_dict["SERVERB"] = "1.%spool.ntp.org" % os - sub_dict["SERVERC"] = "2.%spool.ntp.org" % os + sub_dict["SERVERA"] = "0.%s.pool.ntp.org" % os + sub_dict["SERVERB"] = "1.%s.pool.ntp.org" % os + sub_dict["SERVERC"] = "2.%s.pool.ntp.org" % os ntp_conf = ipautil.template_file(ipautil.SHARE_DIR + "ntp.conf.server.template", sub_dict) + ntp_sysconf = ipautil.template_file(ipautil.SHARE_DIR + "ntpd.sysconfig.template", {}) sysrestore.backup_file("/etc/ntp.conf") + sysrestore.backup_file("/etc/sysconfig/ntpd") fd = open("/etc/ntp.conf", "w") fd.write(ntp_conf) fd.close() - def __start(self): + fd = open("/etc/sysconfig/ntpd", "w") + fd.write(ntp_sysconf) + fd.close() + + def __stop(self): self.backup_state("running", self.is_running()) + self.stop() + + def __start(self): self.start() def __enable(self): @@ -61,13 +70,14 @@ class NTPInstance(service.Service): self.chkconfig_on() def create_instance(self): - self.step("writing configuration", self.__write_config) # we might consider setting the date manually using ntpd -qg in case # the current time is very far off. - self.step("starting ntpd", self.__start) + self.step("stopping ntpd", self.__stop) + self.step("writing configuration", self.__write_config) self.step("configuring ntpd to start on boot", self.__enable) + self.step("starting ntpd", self.__start) self.start_creation("Configuring ntpd") |