diff options
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
| -rw-r--r-- | ipa-client/ipa-install/ipa-client-install | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5bfa7337..177a727e 100644 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -46,6 +46,8 @@ def parse_options(): help="unattended installation never prompts the user") parser.add_option("-N", "--no-ntp", action="store_false", help="do not configure ntp", default=True, dest="conf_ntp") + parser.add_option("--on-master", dest="on_master", action="store_true", + help="use this option when run on a master", default=False) options, args = parser.parse_args() @@ -85,7 +87,7 @@ def main(): # Create the discovery instance ds = ipaclient.ipadiscovery.IPADiscovery() - ret = ds.search() + ret = ds.search(domain=options.domain, server=options.server) srv = "" if ret == -10: print "Can't get the fully qualified name of this host" @@ -119,12 +121,17 @@ def main(): if dnsok: print "Discovery was successful!" elif not options.unattended: - print "\nThe failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured\n." + print "\nThe failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured.\n" print "Autodiscovery of servers for failover cannot work with this configuration.\n" - print "If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure\n" + print "If you proceed with the installation, services will be configured to always access the discovered server for all operation and will not fail over to other servers in case of failure.\n" if not ask_for_confirmation("Do you want to proceed and configure the system with fixed values with no DNS discovery?"): return ret + if options.realm_name != ds.getRealmName(): + if not options.unattended: + print "ERROR: The provided realm name: ["+options.realm_name+"] does not match with the discovered one: ["+ds.getRealmName()+"]\n" + return -3 + print "Realm: "+ds.getRealmName() print "DNS Domain: "+ds.getDomainName() print "IPA Server: "+ds.getServerName() @@ -162,7 +169,7 @@ def main(): {'name':'nss_map_attribute', 'type':'option', 'value':'uniqueMember member'}, {'name':'base', 'type':'option', 'value':ds.getBaseDN()}, {'name':'ldap_version', 'type':'option', 'value':'3'}] - if not dnsok or options.force: + if not dnsok or options.force or options.on_master: opts.append({'name':'uri', 'type':'option', 'value':'ldap://'+ds.getServerName()}) opts.append({'name':'empty', 'type':'empty'}) @@ -176,7 +183,7 @@ def main(): krbctx = krbV.default_context() # If we find our domain assume we are properly configured #(ex. we are configuring the client side of a Master) - if not krbctx.default_realm == ds.getRealmName() or options.force: + if not options.on_master and (not krbctx.default_realm == ds.getRealmName() or options.force): #Configure krb5.conf krbconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") @@ -232,10 +239,26 @@ def main(): #Modify nsswitch to add nss_ldap run(["/usr/sbin/authconfig", "--enableldap", "--update"]) + #Check nss_ldap is working properly + if not options.on_master: + try: + run(["getent", "passwd", "admin"]) + except Exception, e: + print "nss_ldap is not able to use DNS disccovery!" + print "Changing configuration to use hardcoded server name: " + ds.getServerName() + + opts = [{'name':'uri', 'type':'option', 'value':'ldap://'+ds.getServerName()}, + {'name':'empty', 'type':'empty'}] + try: + ldapconf.changeConf("/etc/ldap.conf", opts) + except Exception, e: + print "Configuration failed: " + str(e) + return 1 + #Modify pam to add pam_krb5 run(["/usr/sbin/authconfig", "--enablekrb5", "--update"]) - if options.conf_ntp: + if options.conf_ntp and not options.on_master: ipaclient.ntpconf.config_ntp(ds.getServerName()) print "Client configuration complete." |