diff options
-rwxr-xr-x | install/tools/ipa-dns-install | 56 | ||||
-rw-r--r-- | install/tools/man/ipa-dns-install.1 | 7 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 10 | ||||
-rw-r--r-- | ipaserver/install/odsexporterinstance.py | 7 | ||||
-rw-r--r-- | ipaserver/install/opendnssecinstance.py | 7 |
5 files changed, 37 insertions, 50 deletions
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index b17dafaee..4527447a7 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -21,14 +21,13 @@ from optparse import OptionGroup, SUPPRESS_HELP -import krbV - from ipaserver.install import (service, bindinstance, ntpinstance, httpinstance, dnskeysyncinstance, opendnssecinstance, odsexporterinstance) from ipaserver.install.installutils import * from ipaserver.install import installutils from ipapython import version from ipapython import ipautil, sysrestore +from ipapython.ipaldap import AUTOBIND_ENABLED from ipalib import api, errors, util from ipaplatform.paths import paths from ipapython.config import IPAOptionParser @@ -40,7 +39,7 @@ log_file_name = paths.IPASERVER_INSTALL_LOG def parse_options(): parser = IPAOptionParser(version=version.VERSION) parser.add_option("-p", "--ds-password", dest="dm_password", - sensitive=True, help="admin password") + sensitive=True, help=SUPPRESS_HELP) parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="print debugging information") parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS", @@ -77,6 +76,9 @@ def parse_options(): if not options.forwarders and not options.no_forwarders: parser.error("You must specify at least one --forwarder option or --no-forwarders option") + if options.dm_password: + print ("WARNING: Option -p/--ds-password is deprecated " + "and should not be used anymore.") return safe_options, options def main(): @@ -144,26 +146,16 @@ def main(): api.bootstrap(**cfg) api.finalize() - # Create a BIND instance - if options.unattended and not options.dm_password: - sys.exit("\nIn unattended mode you need to provide at least the -p option") - - dm_password = options.dm_password or read_password("Directory Manager", - confirm=False, validate=False) - if dm_password is None: - sys.exit("Directory Manager password required") - bind = bindinstance.BindInstance(fstore, dm_password, start_tls=True) - - # try the connection - try: - bind.ldap_connect() - bind.ldap_disconnect() - except errors.ACIError: - sys.exit("Password is not valid!") - - ods = opendnssecinstance.OpenDNSSECInstance(fstore, dm_password, - start_tls=True) + + # create BIND and OpenDNSSec instances + + bind = bindinstance.BindInstance(fstore, ldapi=True, + autobind=AUTOBIND_ENABLED) + + ods = opendnssecinstance.OpenDNSSECInstance(fstore, ldapi=True, + autobind=AUTOBIND_ENABLED) if options.dnssec_master: + ods.realm = api.env.realm dnssec_masters = ods.get_masters() # we can reinstall current server if it is dnssec master if not api.env.host in dnssec_masters and dnssec_masters: @@ -189,12 +181,7 @@ def main(): root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders)) - if bind.dm_password: - api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=bind.dm_password) - else: - # See if our LDAP server is up and we can talk to it over GSSAPI - ccache = krbV.default_context().default_ccache() - api.Backend.ldap2.connect(ccache) + api.Backend.ldap2.connect(autobind=True) reverse_zones = bindinstance.check_reverse_zones(ip_addresses, options.reverse_zones, options, options.unattended, True) @@ -216,13 +203,11 @@ def main(): bind.create_instance() # on dnssec master this must be installed last - dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, dm_password, - start_tls=True) + dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, ldapi=True) dnskeysyncd.create_instance(api.env.host, api.env.realm) if options.dnssec_master: - ods_exporter = odsexporterinstance.ODSExporterInstance(fstore, - dm_password, - start_tls=True) + ods_exporter = odsexporterinstance.ODSExporterInstance( + fstore, ldapi=True, autobind=AUTOBIND_ENABLED) ods_exporter.create_instance(api.env.host, api.env.realm) ods.create_instance(api.env.host, api.env.realm) @@ -251,6 +236,5 @@ def main(): return 0 if __name__ == '__main__': - with private_ccache(): - installutils.run_script(main, log_file_name=log_file_name, - operation_name='ipa-dns-install') + installutils.run_script(main, log_file_name=log_file_name, + operation_name='ipa-dns-install') diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1 index 40efe7d2f..23427b1b1 100644 --- a/install/tools/man/ipa-dns-install.1 +++ b/install/tools/man/ipa-dns-install.1 @@ -25,9 +25,6 @@ ipa\-dns\-install [\fIOPTION\fR]... Adds DNS as an IPA\-managed service. This requires that the IPA server is already installed and configured. .SH "OPTIONS" .TP -\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR -The password to be used by the Directory Server for the Directory Manager user -.TP \fB\-d\fR, \fB\-\-debug\fR Enable debug logging when more verbose output is needed .TP @@ -52,6 +49,10 @@ The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN .TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input +.SH "DEPRECATED OPTIONS" +.TP +\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR +The password to be used by the Directory Server for the Directory Manager user .SH "EXIT STATUS" 0 if the installation was successful diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 679dc5b95..97dcb3d95 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -533,14 +533,14 @@ class DnsBackup(object): class BindInstance(service.Service): - def __init__(self, fstore=None, dm_password=None, api=api, - start_tls=False): + def __init__(self, fstore=None, dm_password=None, api=api, ldapi=False, + start_tls=False, autobind=ipaldap.AUTOBIND_DISABLED): service.Service.__init__( self, "named", service_desc="DNS", dm_password=dm_password, - ldapi=False, - autobind=ipaldap.AUTOBIND_DISABLED, + ldapi=ldapi, + autobind=autobind, start_tls=start_tls ) self.dns_backup = DnsBackup(self) @@ -586,7 +586,7 @@ class BindInstance(service.Service): self.first_instance = not dns_container_exists( self.fqdn, self.suffix, realm=self.realm, ldapi=True, - dm_password=self.dm_password) + dm_password=self.dm_password, autobind=self.autobind) self.__setup_sub_dict() diff --git a/ipaserver/install/odsexporterinstance.py b/ipaserver/install/odsexporterinstance.py index 463e9a675..5b6245bc4 100644 --- a/ipaserver/install/odsexporterinstance.py +++ b/ipaserver/install/odsexporterinstance.py @@ -19,13 +19,14 @@ from ipalib import errors class ODSExporterInstance(service.Service): - def __init__(self, fstore=None, dm_password=None, start_tls=False): + def __init__(self, fstore=None, dm_password=None, ldapi=False, + start_tls=False, autobind=ipaldap.AUTOBIND_DISABLED): service.Service.__init__( self, "ipa-ods-exporter", service_desc="IPA OpenDNSSEC exporter daemon", dm_password=dm_password, - ldapi=False, - autobind=ipaldap.AUTOBIND_DISABLED, + ldapi=ldapi, + autobind=autobind, start_tls=start_tls ) self.dm_password = dm_password diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py index 2a2c3126f..c9c7bd1f6 100644 --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py @@ -61,13 +61,14 @@ def check_inst(): class OpenDNSSECInstance(service.Service): - def __init__(self, fstore=None, dm_password=None, start_tls=False): + def __init__(self, fstore=None, dm_password=None, ldapi=False, + start_tls=False, autobind=ipaldap.AUTOBIND_DISABLED): service.Service.__init__( self, "ods-enforcerd", service_desc="OpenDNSSEC enforcer daemon", dm_password=dm_password, - ldapi=False, - autobind=ipaldap.AUTOBIND_DISABLED, + ldapi=ldapi, + autobind=autobind, start_tls=start_tls ) self.dm_password = dm_password |