summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/advise/base.py19
-rw-r--r--ipaserver/install/adtrustinstance.py8
-rw-r--r--ipaserver/install/bindinstance.py32
-rw-r--r--ipaserver/install/ca.py18
-rw-r--r--ipaserver/install/cainstance.py10
-rw-r--r--ipaserver/install/dns.py102
-rw-r--r--ipaserver/install/dnskeysyncinstance.py6
-rw-r--r--ipaserver/install/dsinstance.py6
-rw-r--r--ipaserver/install/httpinstance.py6
-rw-r--r--ipaserver/install/installutils.py79
-rw-r--r--ipaserver/install/ipa_cacert_manage.py20
-rw-r--r--ipaserver/install/ipa_kra_install.py4
-rw-r--r--ipaserver/install/ipa_ldap_updater.py4
-rw-r--r--ipaserver/install/ipa_replica_prepare.py3
-rw-r--r--ipaserver/install/krbinstance.py3
-rw-r--r--ipaserver/install/replication.py54
-rw-r--r--ipaserver/install/server/install.py222
-rw-r--r--ipaserver/install/server/replicainstall.py42
-rw-r--r--ipaserver/install/server/upgrade.py6
19 files changed, 340 insertions, 304 deletions
diff --git a/ipaserver/advise/base.py b/ipaserver/advise/base.py
index 467203f54..f7f2ad821 100644
--- a/ipaserver/advise/base.py
+++ b/ipaserver/advise/base.py
@@ -17,12 +17,15 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import os
+from textwrap import wrap
+
from ipalib import api
from ipalib.plugable import Plugin, API
from ipalib.errors import ValidationError
from ipapython import admintool
-from textwrap import wrap
from ipapython.ipa_log_manager import log_mgr
@@ -174,11 +177,11 @@ class IpaAdvise(admintool.AdminTool):
wrapped_description = wrap(description, 80 - len(prefix))
# Print the first line with the prefix (keyword)
- print prefix + wrapped_description[0]
+ print(prefix + wrapped_description[0])
# Print the rest wrapped behind the colon
for line in wrapped_description[1:]:
- print "{off}{line}".format(off=' ' * len(prefix), line=line)
+ print("{off}{line}".format(off=' ' * len(prefix), line=line))
def print_header(self, header, print_shell=False):
header_size = len(header)
@@ -186,14 +189,14 @@ class IpaAdvise(admintool.AdminTool):
prefix = ''
if print_shell:
prefix = '# '
- print '#!/bin/sh'
+ print('#!/bin/sh')
# Do not print out empty header
if header_size > 0:
- print(prefix + '-' * 70)
+ print((prefix + '-' * 70))
for line in wrap(header, 70):
- print(prefix + line)
- print(prefix + '-' * 70)
+ print((prefix + line))
+ print((prefix + '-' * 70))
def print_advice(self, keyword):
advice = getattr(advise_api.Advice, keyword, None)
@@ -224,7 +227,7 @@ class IpaAdvise(admintool.AdminTool):
advice.get_info()
api.Backend.rpcclient.disconnect()
for line in advice.log.content:
- print line
+ print(line)
def run(self):
super(IpaAdvise, self).run()
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 1f39dc732..08b652a10 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -17,6 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import os
import errno
import ldap
@@ -59,9 +61,9 @@ SELINUX_BOOLEAN_SETTINGS = {'samba_portmapper': 'on'}
def check_inst():
for smbfile in [paths.SMBD, paths.NET]:
if not os.path.exists(smbfile):
- print "%s was not found on this system" % smbfile
- print "Please install the 'samba' packages and " \
- "start the installation again"
+ print("%s was not found on this system" % smbfile)
+ print("Please install the 'samba' packages and " \
+ "start the installation again")
return False
#TODO: Add check for needed samba4 libraries
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 0201bbe0c..c52b1c0d6 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -17,6 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import tempfile
import os
import pwd
@@ -289,7 +291,7 @@ def read_reverse_zone(default, ip_address):
if verify_reverse_zone(zone, ip_address):
break
else:
- print "Invalid reverse zone %s for IP address %s" % (zone, ip_address)
+ print("Invalid reverse zone %s for IP address %s" % (zone, ip_address))
return normalize_zone(zone)
@@ -447,7 +449,7 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended, search
return ret_reverse_zones
def check_forwarders(dns_forwarders, logger):
- print "Checking DNS forwarders, please wait ..."
+ print("Checking DNS forwarders, please wait ...")
forwarders_dnssec_valid = True
for forwarder in dns_forwarders:
logger.debug("Checking DNS server: %s", forwarder)
@@ -459,17 +461,17 @@ def check_forwarders(dns_forwarders, logger):
forwarder, e)
logger.warning("Please fix forwarder configuration to enable DNSSEC support.\n"
"(For BIND 9 add directive \"dnssec-enable yes;\" to \"options {}\")")
- print "DNS server %s: %s" % (forwarder, e)
- print "Please fix forwarder configuration to enable DNSSEC support."
- print "(For BIND 9 add directive \"dnssec-enable yes;\" to \"options {}\")"
+ print("DNS server %s: %s" % (forwarder, e))
+ print("Please fix forwarder configuration to enable DNSSEC support.")
+ print("(For BIND 9 add directive \"dnssec-enable yes;\" to \"options {}\")")
except EDNS0UnsupportedError as e:
forwarders_dnssec_valid = False
logger.warning("DNS server %s does not support ENDS0 "
"(RFC 6891): %s", forwarder, e)
logger.warning("Please fix forwarder configuration. "
"DNSSEC support cannot be enabled without EDNS0")
- print ("WARNING: DNS server %s does not support EDNS0 "
- "(RFC 6891): %s" % (forwarder, e))
+ print(("WARNING: DNS server %s does not support EDNS0 "
+ "(RFC 6891): %s" % (forwarder, e)))
except UnresolvableRecordError as e:
logger.error("DNS server %s: %s", forwarder, e)
raise RuntimeError("DNS server %s: %s" % (forwarder, e))
@@ -602,7 +604,7 @@ class BindInstance(service.Service):
[bind_fd, bind_name] = tempfile.mkstemp(".db","sample.zone.")
os.write(bind_fd, bind_txt)
os.close(bind_fd)
- print "Sample zone file for bind has been created in "+bind_name
+ print("Sample zone file for bind has been created in "+bind_name)
def create_instance(self):
@@ -658,7 +660,7 @@ class BindInstance(service.Service):
self.restart()
except Exception as e:
root_logger.error("Named service failed to start (%s)", e)
- print "named service failed to start"
+ print("named service failed to start")
def __enable(self):
if self.get_state("enabled") is None:
@@ -1155,14 +1157,14 @@ class BindInstance(service.Service):
param in api.Object['dnsconfig'].params)
if not global_conf_set:
- print "Global DNS configuration in LDAP server is empty"
- print "You can use 'dnsconfig-mod' command to set global DNS options that"
- print "would override settings in local named.conf files"
+ print("Global DNS configuration in LDAP server is empty")
+ print("You can use 'dnsconfig-mod' command to set global DNS options that")
+ print("would override settings in local named.conf files")
return
- print "Global DNS configuration in LDAP server is not empty"
- print "The following configuration options override local settings in named.conf:"
- print ""
+ print("Global DNS configuration in LDAP server is not empty")
+ print("The following configuration options override local settings in named.conf:")
+ print("")
textui = ipalib.cli.textui(api)
api.Command.dnsconfig_show.output_for_cli(textui, result, None, reverse=False)
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 557efedf7..7e08b5ac0 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -2,6 +2,8 @@
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
+from __future__ import print_function
+
import sys
import os.path
@@ -30,7 +32,7 @@ def install_check(standalone, replica_config, options):
sys.exit('A selfsign CA can not be added')
if not ipautil.file_exists(replica_config.dir + "/cacert.p12"):
- print 'CA cannot be installed in CA-less setup.'
+ print('CA cannot be installed in CA-less setup.')
sys.exit(1)
if standalone and not options.skip_conncheck:
@@ -73,9 +75,9 @@ def install_check(standalone, replica_config, options):
"--external-cert-file.")
sys.exit(1)
if ipautil.file_exists(paths.ROOT_IPA_CSR):
- print("CA CSR file %s already exists.\nIn order to continue "
+ print(("CA CSR file %s already exists.\nIn order to continue "
"remove the file and run the installer again." %
- paths.ROOT_IPA_CSR)
+ paths.ROOT_IPA_CSR))
sys.exit(1)
if not options.external_cert_files:
@@ -94,8 +96,8 @@ def install_check(standalone, replica_config, options):
if nickname in (certdb.get_ca_nickname(realm_name),
'ipaCert',
'Signing-Cert'):
- print ("Certificate with nickname %s is present in %s, "
- "cannot continue." % (nickname, db.secdir))
+ print(("Certificate with nickname %s is present in %s, "
+ "cannot continue." % (nickname, db.secdir)))
sys.exit(1)
cert = db.get_cert_from_db(nickname)
@@ -105,8 +107,8 @@ def install_check(standalone, replica_config, options):
if subject in (DN('CN=Certificate Authority', subject_base),
DN('CN=IPA RA', subject_base),
DN('CN=Object Signing Cert', subject_base)):
- print ("Certificate with subject %s is present in %s, "
- "cannot continue." % (subject, db.secdir))
+ print(("Certificate with subject %s is present in %s, "
+ "cannot continue." % (subject, db.secdir)))
sys.exit(1)
@@ -249,7 +251,7 @@ def install_step_1(standalone, replica_config, options):
with open(paths.IPA_DEFAULT_CONF, 'w') as f:
parser.write(f)
except IOError as e:
- print "Failed to update /etc/ipa/default.conf"
+ print("Failed to update /etc/ipa/default.conf")
root_logger.error(str(e))
sys.exit(1)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index c8b834f78..da1c72acb 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -19,6 +19,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import array
import base64
import binascii
@@ -616,8 +618,8 @@ class CAInstance(DogtagInstance):
os.remove(cfg_file)
if self.external == 1:
- print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0])
- print "%s --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate" % sys.argv[0]
+ print("The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0]))
+ print("%s --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate" % sys.argv[0])
sys.exit(0)
else:
shutil.move(paths.CA_BACKUP_KEYS_P12,
@@ -756,8 +758,8 @@ class CAInstance(DogtagInstance):
self.handle_setup_error(e)
if self.external == 1:
- print "The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0])
- print "%s --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate" % sys.argv[0]
+ print("The next step is to get %s signed by your CA and re-run %s as:" % (self.csr_file, sys.argv[0]))
+ print("%s --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate" % sys.argv[0])
sys.exit(0)
# pkisilent makes a copy of the CA PKCS#12 file for us but gives
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 9430d1899..1c31f0c66 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -2,6 +2,8 @@
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
+from __future__ import print_function
+
import sys
from subprocess import CalledProcessError
@@ -102,37 +104,37 @@ def install_check(standalone, replica, options, hostname):
constants.IPA_DNS_PACKAGE_NAME)
if standalone:
- print "=============================================================================="
- print "This program will setup DNS for the FreeIPA Server."
- print ""
- print "This includes:"
- print " * Configure DNS (bind)"
- print " * Configure SoftHSM (required by DNSSEC)"
- print " * Configure ipa-dnskeysyncd (required by DNSSEC)"
+ print("==============================================================================")
+ print("This program will setup DNS for the FreeIPA Server.")
+ print("")
+ print("This includes:")
+ print(" * Configure DNS (bind)")
+ print(" * Configure SoftHSM (required by DNSSEC)")
+ print(" * Configure ipa-dnskeysyncd (required by DNSSEC)")
if options.dnssec_master:
- print " * Configure ipa-ods-exporter (required by DNSSEC key master)"
- print " * Configure OpenDNSSEC (required by DNSSEC key master)"
- print " * Generate DNSSEC master key (required by DNSSEC key master)"
+ print(" * Configure ipa-ods-exporter (required by DNSSEC key master)")
+ print(" * Configure OpenDNSSEC (required by DNSSEC key master)")
+ print(" * Generate DNSSEC master key (required by DNSSEC key master)")
elif options.disable_dnssec_master:
- print " * Unconfigure ipa-ods-exporter"
- print " * Unconfigure OpenDNSSEC"
- print ""
- print "No new zones will be signed without DNSSEC key master IPA server."
- print ""
- print ("Please copy file from %s after uninstallation. This file is needed "
- "on new DNSSEC key " % paths.IPA_KASP_DB_BACKUP)
- print "master server"
- print ""
- print "NOTE: DNSSEC zone signing is not enabled by default"
- print ""
+ print(" * Unconfigure ipa-ods-exporter")
+ print(" * Unconfigure OpenDNSSEC")
+ print("")
+ print("No new zones will be signed without DNSSEC key master IPA server.")
+ print("")
+ print(("Please copy file from %s after uninstallation. This file is needed "
+ "on new DNSSEC key " % paths.IPA_KASP_DB_BACKUP))
+ print("master server")
+ print("")
+ print("NOTE: DNSSEC zone signing is not enabled by default")
+ print("")
if options.dnssec_master:
- print "DNSSEC support is experimental!"
- print ""
- print "Plan carefully, replacing DNSSEC key master is not recommended"
- print ""
- print ""
- print "To accept the default shown in brackets, press the Enter key."
- print ""
+ print("DNSSEC support is experimental!")
+ print("")
+ print("Plan carefully, replacing DNSSEC key master is not recommended")
+ print("")
+ print("")
+ print("To accept the default shown in brackets, press the Enter key.")
+ print("")
if (options.dnssec_master and not options.unattended and not
ipautil.user_input(
@@ -177,7 +179,7 @@ def install_check(standalone, replica, options, hostname):
dnssec_masters = ods.get_masters()
# we can reinstall current server if it is dnssec master
if dnssec_masters and api.env.host not in dnssec_masters:
- print "DNSSEC key master(s):", u','.join(dnssec_masters)
+ print("DNSSEC key master(s):", u','.join(dnssec_masters))
sys.exit("Only one DNSSEC key master is supported in current "
"version.")
@@ -242,7 +244,7 @@ def install_check(standalone, replica, options, hostname):
if (not bindinstance.check_forwarders(dns_forwarders, root_logger) and
not options.no_dnssec_validation):
options.no_dnssec_validation = True
- print "WARNING: DNSSEC validation will be disabled"
+ print("WARNING: DNSSEC validation will be disabled")
root_logger.debug("will use dns_forwarders: %s\n", dns_forwarders)
@@ -262,7 +264,7 @@ def install_check(standalone, replica, options, hostname):
)
if reverse_zones:
- print "Using reverse zone(s) %s" % ', '.join(reverse_zones)
+ print("Using reverse zone(s) %s" % ', '.join(reverse_zones))
def install(standalone, replica, options):
@@ -287,10 +289,10 @@ def install(standalone, replica, options):
ca_configured=options.setup_ca)
if standalone and not options.unattended:
- print ""
- print "The following operations may take some minutes to complete."
- print "Please wait until the prompt is returned."
- print ""
+ print("")
+ print("The following operations may take some minutes to complete.")
+ print("Please wait until the prompt is returned.")
+ print("")
bind.create_instance()
@@ -312,33 +314,33 @@ def install(standalone, replica, options):
bind.start_named()
if standalone:
- print "=============================================================================="
- print "Setup complete"
- print ""
+ print("==============================================================================")
+ print("Setup complete")
+ print("")
bind.check_global_configuration()
- print ""
- print ""
- print "\tYou must make sure these network ports are open:"
- print "\t\tTCP Ports:"
- print "\t\t * 53: bind"
- print "\t\tUDP Ports:"
- print "\t\t * 53: bind"
+ print("")
+ print("")
+ print("\tYou must make sure these network ports are open:")
+ print("\t\tTCP Ports:")
+ print("\t\t * 53: bind")
+ print("\t\tUDP Ports:")
+ print("\t\t * 53: bind")
elif not standalone and replica:
- print ""
+ print("")
bind.check_global_configuration()
- print ""
+ print("")
def uninstall_check(options):
# test if server is DNSSEC key master
masters = opendnssecinstance.get_dnssec_key_masters(api.Backend.ldap2)
if api.env.host in masters:
- print "This server is active DNSSEC key master. Uninstall could break your DNS system."
+ print("This server is active DNSSEC key master. Uninstall could break your DNS system.")
if not (options.unattended or user_input(
"Are you sure you want to continue with the uninstall "
"procedure?", False)):
- print ""
- print "Aborting uninstall operation."
+ print("")
+ print("Aborting uninstall operation.")
sys.exit(1)
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 4b84eddf6..482250fee 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -2,6 +2,8 @@
# Copyright (C) 2014 FreeIPA Contributors see COPYING for license
#
+from __future__ import print_function
+
import os
import pwd
import grp
@@ -111,7 +113,7 @@ class DNSKeySyncInstance(service.Service):
ldap.delete_entry(entry)
def start_dnskeysyncd(self):
- print "Restarting ipa-dnskeysyncd"
+ print("Restarting ipa-dnskeysyncd")
self.__start()
def create_instance(self, fqdn, realm_name):
@@ -464,7 +466,7 @@ class DNSKeySyncInstance(service.Service):
try:
self.restart()
except Exception as e:
- print "Failed to start ipa-dnskeysyncd"
+ print("Failed to start ipa-dnskeysyncd")
self.logger.debug("Failed to start ipa-dnskeysyncd: %s", e)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 819b6ccd0..312188273 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -18,6 +18,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import shutil
import pwd
import sys
@@ -506,7 +508,7 @@ class DsInstance(service.Service):
self.__restart_instance()
root_logger.debug("done restarting ds instance")
except ipautil.CalledProcessError as e:
- print "failed to restart ds instance", e
+ print("failed to restart ds instance", e)
root_logger.debug("failed to restart ds instance %s" % e)
inf_fd.close()
os.remove(paths.DIRSRV_BOOT_LDIF)
@@ -832,7 +834,7 @@ class DsInstance(service.Service):
ipautil.run(args, env=env)
root_logger.debug("ldappasswd done")
except ipautil.CalledProcessError as e:
- print "Unable to set admin password", e
+ print("Unable to set admin password", e)
root_logger.debug("Unable to set admin password %s" % e)
finally:
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 196efb05e..9354a22f5 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -17,6 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import os
import os.path
import tempfile
@@ -213,7 +215,7 @@ class HTTPInstance(service.Service):
def __set_mod_nss_port(self):
self.fstore.backup_file(paths.HTTPD_NSS_CONF)
if installutils.update_file(paths.HTTPD_NSS_CONF, '8443', '443') != 0:
- print "Updating port in %s failed." % paths.HTTPD_NSS_CONF
+ print("Updating port in %s failed." % paths.HTTPD_NSS_CONF)
def __set_mod_nss_nickname(self, nickname):
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname)
@@ -231,7 +233,7 @@ class HTTPInstance(service.Service):
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
- print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
+ print("Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF)
def configure_certmonger_renewal_guard(self):
certmonger = services.knownservices.certmonger
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 61bb552de..cdb081f6e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -18,6 +18,7 @@
#
from __future__ import absolute_import
+from __future__ import print_function
import socket
import getpass
@@ -161,7 +162,7 @@ def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
root_logger.debug('socket.gethostbyaddr() error: %d: %s' % (e.errno, e.strerror))
if no_host_dns:
- print "Warning: skipping DNS resolution of host", host_name
+ print("Warning: skipping DNS resolution of host", host_name)
return
try:
@@ -239,7 +240,7 @@ def record_in_hosts(ip, host_name=None, conf_file=paths.HOSTS):
return None
return (hosts_ip, names)
except IndexError:
- print "Warning: Erroneous line '%s' in %s" % (line, conf_file)
+ print("Warning: Erroneous line '%s' in %s" % (line, conf_file))
continue
return None
@@ -257,7 +258,7 @@ def read_ip_address(host_name, fstore):
try:
ip_parsed = ipautil.CheckedIPAddress(ip, match_local=True)
except Exception as e:
- print "Error: Invalid IP Address %s: %s" % (ip, e)
+ print("Error: Invalid IP Address %s: %s" % (ip, e))
continue
else:
break
@@ -266,7 +267,7 @@ def read_ip_address(host_name, fstore):
def read_ip_addresses(host_name, fstore):
ips = []
- print "Enter the IP address to use, or press Enter to finish."
+ print("Enter the IP address to use, or press Enter to finish.")
while True:
ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = True)
if not ip:
@@ -274,7 +275,7 @@ def read_ip_addresses(host_name, fstore):
try:
ip_parsed = ipautil.CheckedIPAddress(ip, match_local=True)
except Exception as e:
- print "Error: Invalid IP Address %s: %s" % (ip, e)
+ print("Error: Invalid IP Address %s: %s" % (ip, e))
continue
ips.append(ip_parsed)
@@ -292,15 +293,15 @@ def read_dns_forwarders():
try:
ip_parsed = ipautil.CheckedIPAddress(ip, parse_netmask=False)
except Exception as e:
- print "Error: Invalid IP Address %s: %s" % (ip, e)
- print "DNS forwarder %s not added." % ip
+ print("Error: Invalid IP Address %s: %s" % (ip, e))
+ print("DNS forwarder %s not added." % ip)
continue
- print "DNS forwarder %s added. You may add another." % ip
+ print("DNS forwarder %s added. You may add another." % ip)
addrs.append(str(ip_parsed))
if not addrs:
- print "No DNS forwarders configured"
+ print("No DNS forwarders configured")
return addrs
@@ -334,7 +335,7 @@ def read_password(user, confirm=True, validate=True, retry=True, validator=_read
try:
validator(pwd)
except ValueError as e:
- print str(e)
+ print(str(e))
pwd = None
continue
if not confirm:
@@ -342,15 +343,15 @@ def read_password(user, confirm=True, validate=True, retry=True, validator=_read
continue
pwd_confirm = get_password("Password (confirm): ")
if pwd != pwd_confirm:
- print "Password mismatch!"
- print ""
+ print("Password mismatch!")
+ print("")
pwd = None
else:
correct = True
except EOFError:
return None
finally:
- print ""
+ print("")
return pwd
def update_file(filename, orig, subst):
@@ -367,7 +368,7 @@ def update_file(filename, orig, subst):
os.chown(filename, st.st_uid, st.st_gid) # reset perms
return 0
else:
- print "File %s doesn't exist." % filename
+ print("File %s doesn't exist." % filename)
return 1
def set_directive(filename, directive, value, quotes=True, separator=' '):
@@ -475,12 +476,12 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
try:
hostaddr = resolve_host(host_name)
except HostnameLocalhost:
- print >> sys.stderr, "The hostname resolves to the localhost address (127.0.0.1/::1)"
- print >> sys.stderr, "Please change your /etc/hosts file so that the hostname"
- print >> sys.stderr, "resolves to the ip address of your network interface."
- print >> sys.stderr, "The KDC service does not listen on localhost"
- print >> sys.stderr, ""
- print >> sys.stderr, "Please fix your /etc/hosts file and restart the setup program"
+ print("The hostname resolves to the localhost address (127.0.0.1/::1)", file=sys.stderr)
+ print("Please change your /etc/hosts file so that the hostname", file=sys.stderr)
+ print("resolves to the ip address of your network interface.", file=sys.stderr)
+ print("The KDC service does not listen on localhost", file=sys.stderr)
+ print("", file=sys.stderr)
+ print("Please fix your /etc/hosts file and restart the setup program", file=sys.stderr)
sys.exit(1)
ip_add_to_hosts = False
@@ -505,16 +506,16 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
if set(ip_addresses) <= set(ips):
ips = ip_addresses
else:
- print >>sys.stderr, "Error: the hostname resolves to IP address(es) that are different"
- print >>sys.stderr, "from those provided on the command line. Please fix your DNS"
- print >>sys.stderr, "or /etc/hosts file and restart the installation."
- print >>sys.stderr, "Provided but not resolved address(es): %s" % \
- ", ".join(str(ip) for ip in (set(ip_addresses) - set(ips)))
+ print("Error: the hostname resolves to IP address(es) that are different", file=sys.stderr)
+ print("from those provided on the command line. Please fix your DNS", file=sys.stderr)
+ print("or /etc/hosts file and restart the installation.", file=sys.stderr)
+ print("Provided but not resolved address(es): %s" % \
+ ", ".join(str(ip) for ip in (set(ip_addresses) - set(ips))), file=sys.stderr)
sys.exit(1)
ip_add_to_hosts = True
if not ips:
- print >> sys.stderr, "No usable IP address provided nor resolved."
+ print("No usable IP address provided nor resolved.", file=sys.stderr)
sys.exit(1)
for ip_address in ips:
@@ -523,18 +524,18 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
if hosts_record is None:
if ip_add_to_hosts or setup_dns:
- print "Adding ["+str(ip_address)+" "+host_name+"] to your /etc/hosts file"
+ print("Adding ["+str(ip_address)+" "+host_name+"] to your /etc/hosts file")
fstore.backup_file(paths.HOSTS)
add_record_to_hosts(str(ip_address), host_name)
else:
primary_host = hosts_record[1][0]
if primary_host != host_name:
- print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \
- % ip_address
- print >>sys.stderr, hosts_record[0], " ".join(hosts_record[1])
- print >>sys.stderr, "Chosen hostname %s does not match configured canonical hostname %s" \
- % (host_name, primary_host)
- print >>sys.stderr, "Please fix your /etc/hosts file and restart the installation."
+ print("Error: there is already a record in /etc/hosts for IP address %s:" \
+ % ip_address, file=sys.stderr)
+ print(hosts_record[0], " ".join(hosts_record[1]), file=sys.stderr)
+ print("Chosen hostname %s does not match configured canonical hostname %s" \
+ % (host_name, primary_host), file=sys.stderr)
+ print("Please fix your /etc/hosts file and restart the installation.", file=sys.stderr)
sys.exit(1)
return ips
@@ -597,8 +598,8 @@ def create_replica_config(dirman_password, filename, options):
top_dir, dir = expand_replica_info(filename, dirman_password)
except Exception as e:
root_logger.error("Failed to decrypt or open the replica file.")
- print "ERROR: Failed to decrypt or open the replica file."
- print "Verify you entered the correct Directory Manager password."
+ print("ERROR: Failed to decrypt or open the replica file.")
+ print("Verify you entered the correct Directory Manager password.")
sys.exit(1)
config = ReplicaConfig(top_dir)
read_replica_info(dir, config)
@@ -618,7 +619,7 @@ def create_replica_config(dirman_password, filename, options):
sys.exit(1)
if config.host_name != host:
try:
- print "This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host)
+ print("This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host))
if not ipautil.user_input("This may cause problems. Continue?", False):
root_logger.debug(
"Replica was created for %s but machine is named %s "
@@ -626,7 +627,7 @@ def create_replica_config(dirman_password, filename, options):
config.host_name, host)
sys.exit(0)
config.host_name = host
- print ""
+ print("")
except KeyboardInterrupt:
root_logger.debug("Keyboard Interrupt")
sys.exit(0)
@@ -734,7 +735,7 @@ def run_script(main_function, operation_name, log_file_name=None,
root_logger.debug('The %s command failed, exception: %s: %s',
operation_name, type(e).__name__, e)
if fail_message and not isinstance(e, SystemExit):
- print fail_message
+ print(fail_message)
raise
else:
if return_value:
@@ -748,7 +749,7 @@ def run_script(main_function, operation_name, log_file_name=None,
except BaseException as error:
message, exitcode = handle_error(error, log_file_name)
if message:
- print >> sys.stderr, message
+ print(message, file=sys.stderr)
sys.exit(exitcode)
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index c991cafa1..a2242fd3d 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -17,6 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import os
import time
from optparse import OptionGroup
@@ -178,7 +180,7 @@ class CACertManage(admintool.AdminTool):
return self.renew_external_step_1(ca)
def renew_self_signed(self, ca):
- print "Renewing CA certificate, please wait"
+ print("Renewing CA certificate, please wait")
try:
ca.set_renewal_master()
@@ -187,21 +189,21 @@ class CACertManage(admintool.AdminTool):
self.resubmit_request(ca, 'caCACert')
- print "CA certificate successfully renewed"
+ print("CA certificate successfully renewed")
def renew_external_step_1(self, ca):
- print "Exporting CA certificate signing request, please wait"
+ print("Exporting CA certificate signing request, please wait")
self.resubmit_request(ca, 'ipaCSRExport')
- print("The next step is to get %s signed by your CA and re-run "
- "ipa-cacert-manage as:" % paths.IPA_CA_CSR)
+ print(("The next step is to get %s signed by your CA and re-run "
+ "ipa-cacert-manage as:" % paths.IPA_CA_CSR))
print("ipa-cacert-manage renew "
"--external-cert-file=/path/to/signed_certificate "
"--external-cert-file=/path/to/external_ca_certificate")
def renew_external_step_2(self, ca, old_cert):
- print "Importing the renewed CA certificate, please wait"
+ print("Importing the renewed CA certificate, please wait")
options = self.options
cert_file, ca_file = installutils.load_external_cert(
@@ -297,7 +299,7 @@ class CACertManage(admintool.AdminTool):
self.resubmit_request(ca, 'ipaRetrieval')
- print "CA certificate successfully renewed"
+ print("CA certificate successfully renewed")
def resubmit_request(self, ca, profile):
timeout = api.env.startup_timeout + 60
@@ -320,7 +322,7 @@ class CACertManage(admintool.AdminTool):
certmonger.modify(self.request_id, profile='ipaCACertRenewal')
def install(self):
- print "Installing CA certificate, please wait"
+ print("Installing CA certificate, please wait")
options = self.options
cert_filename = self.args[1]
@@ -366,4 +368,4 @@ class CACertManage(admintool.AdminTool):
raise admintool.ScriptError(
"Failed to install the certificate: %s" % e)
- print "CA certificate successfully installed"
+ print("CA certificate successfully installed")
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index d75a24273..ef2b2f985 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -18,6 +18,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
from textwrap import dedent
from ipalib import api
from ipaplatform import services
@@ -156,7 +158,7 @@ class KRAInstaller(KRAInstall):
def _run(self):
super(KRAInstaller, self).run()
- print dedent(self.INSTALLER_START_MESSAGE)
+ print(dedent(self.INSTALLER_START_MESSAGE))
if not self.installing_replica:
replica_config = None
diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py
index 8321c20a3..062bd5a43 100644
--- a/ipaserver/install/ipa_ldap_updater.py
+++ b/ipaserver/install/ipa_ldap_updater.py
@@ -23,6 +23,8 @@
# TODO
# save undo files?
+from __future__ import print_function
+
import os
import sys
@@ -75,7 +77,7 @@ class LDAPUpdater(admintool.AdminTool):
try:
installutils.check_server_configuration()
except RuntimeError as e:
- print unicode(e)
+ print(unicode(e))
sys.exit(1)
def setup_logging(self):
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index b33bff631..cd780d74c 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -19,6 +19,7 @@
#
from __future__ import absolute_import
+from __future__ import print_function
import os
import shutil
@@ -545,7 +546,7 @@ class ReplicaPrepare(admintool.AdminTool):
self.log.info('Waiting for %s A or AAAA record to be resolvable',
replica_fqdn)
- print 'This can be safely interrupted (Ctrl+C)'
+ print('This can be safely interrupted (Ctrl+C)')
try:
while not self.check_dns(replica_fqdn):
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 5670cc264..864615d96 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -18,6 +18,7 @@
#
from __future__ import absolute_import
+from __future__ import print_function
import shutil
import fileinput
@@ -276,7 +277,7 @@ class KrbInstance(service.Service):
try:
ipautil.run(args, nolog=(self.master_password,), stdin=''.join(dialogue))
except ipautil.CalledProcessError as e:
- print "Failed to initialize the realm container"
+ print("Failed to initialize the realm container")
def __configure_instance(self):
self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None)
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 78b75503d..aa2edd172 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -17,6 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+from __future__ import print_function
+
import time
import datetime
import sys
@@ -69,7 +71,7 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
Does not return a value, will sys.exit() on failure.
"""
- print "Run connection check to master"
+ print("Run connection check to master")
args = [paths.IPA_REPLICA_CONNCHECK, "--master", master_host,
"--auto-master-check", "--realm", realm,
"--principal", "admin",
@@ -90,7 +92,7 @@ def replica_conn_check(master_host, host_name, realm, check_ca,
"\nPlease fix your network settings according to error messages above." +
"\nIf the check results are not valid it can be skipped with --skip-conncheck parameter.")
else:
- print "Connection check OK"
+ print("Connection check OK")
def enable_replication_version_checking(hostname, realm, dirman_passwd):
"""
@@ -158,7 +160,7 @@ def wait_for_entry(connection, entry, timeout=7200, attr='', quiet=True):
except errors.NotFound:
pass # no entry yet
except Exception as e: # badness
- print "\nError reading entry", dn, e
+ print("\nError reading entry", dn, e)
break
if not entry:
if not quiet:
@@ -167,11 +169,11 @@ def wait_for_entry(connection, entry, timeout=7200, attr='', quiet=True):
time.sleep(1)
if not entry and int(time.time()) > timeout:
- print "\nwait_for_entry timeout for %s for %s" % (connection, dn)
+ print("\nwait_for_entry timeout for %s for %s" % (connection, dn))
elif entry and not quiet:
- print "\nThe waited for entry is:", entry
+ print("\nThe waited for entry is:", entry)
elif not entry:
- print "\nError: could not read entry %s from %s" % (dn, connection)
+ print("\nError: could not read entry %s from %s" % (dn, connection))
class ReplicationManager(object):
@@ -501,7 +503,7 @@ class ReplicationManager(object):
except errors.DuplicateEntry:
benum += 1
except errors.ExecutionError as e:
- print "Could not add backend entry " + dn, e
+ print("Could not add backend entry " + dn, e)
raise
return cn
@@ -556,13 +558,13 @@ class ReplicationManager(object):
def add_passsync_user(self, conn, password):
pass_dn = DN(('uid', 'passsync'), ('cn', 'sysaccounts'), ('cn', 'etc'), self.suffix)
- print "The user for the Windows PassSync service is %s" % pass_dn
+ print("The user for the Windows PassSync service is %s" % pass_dn)
try:
conn.get_entry(pass_dn)
- print "Windows PassSync system account exists, not resetting password"
+ print("Windows PassSync system account exists, not resetting password")
except errors.NotFound:
# The user doesn't exist, add it
- print "Adding Windows PassSync system account"
+ print("Adding Windows PassSync system account")
entry = conn.make_entry(
pass_dn,
objectclass=["account", "simplesecurityobject"],
@@ -855,7 +857,7 @@ class ReplicationManager(object):
'nsds5ReplicaLastInitEnd']
entry = conn.get_entry(agmtdn, attrlist)
if not entry:
- print "Error reading status from agreement", agmtdn
+ print("Error reading status from agreement", agmtdn)
hasError = 1
else:
refresh = entry.single_value.get('nsds5BeginReplicaRefresh')
@@ -863,18 +865,18 @@ class ReplicationManager(object):
status = entry.single_value.get('nsds5ReplicaLastInitStatus')
if not refresh: # done - check status
if not status:
- print "No status yet"
+ print("No status yet")
elif status.find("replica busy") > -1:
- print "[%s] reports: Replica Busy! Status: [%s]" % (conn.host, status)
+ print("[%s] reports: Replica Busy! Status: [%s]" % (conn.host, status))
done = True
hasError = 2
elif status.find("Total update succeeded") > -1:
- print "\nUpdate succeeded"
+ print("\nUpdate succeeded")
done = True
elif inprogress.lower() == 'true':
- print "\nUpdate in progress yet not in progress"
+ print("\nUpdate in progress yet not in progress")
else:
- print "\n[%s] reports: Update failed! Status: [%s]" % (conn.host, status)
+ print("\n[%s] reports: Update failed! Status: [%s]" % (conn.host, status))
hasError = 1
done = True
else:
@@ -895,7 +897,7 @@ class ReplicationManager(object):
'nsds5ReplicaLastUpdateEnd']
entry = conn.get_entry(agmtdn, attrlist)
if not entry:
- print "Error reading status from agreement", agmtdn
+ print("Error reading status from agreement", agmtdn)
hasError = 1
else:
inprogress = entry.single_value.get('nsds5replicaUpdateInProgress')
@@ -930,7 +932,7 @@ class ReplicationManager(object):
while not done and not haserror:
time.sleep(1) # give it a few seconds to get going
done, haserror = self.check_repl_init(conn, agmtdn, start)
- print ""
+ print("")
return haserror
def wait_for_repl_update(self, conn, agmtdn, maxtries=600):
@@ -942,12 +944,12 @@ class ReplicationManager(object):
done, haserror, error_message = self.check_repl_update(conn, agmtdn)
maxtries -= 1
if maxtries == 0: # too many tries
- print "Error: timeout: could not determine agreement status: please check your directory server logs for possible errors"
+ print("Error: timeout: could not determine agreement status: please check your directory server logs for possible errors")
haserror = 1
return haserror, error_message
def start_replication(self, conn, hostname=None, master=None):
- print "Starting replication, please wait until this has completed."
+ print("Starting replication, please wait until this has completed.")
if hostname == None:
hostname = self.conn.host
cn, dn = self.agreement_dn(hostname, master)
@@ -1443,11 +1445,11 @@ class ReplicationManager(object):
try:
self.conn.add_entry(e)
except errors.DuplicateEntry:
- print "CLEANALLRUV task for replica id %d already exists." % replicaId
+ print("CLEANALLRUV task for replica id %d already exists." % replicaId)
else:
- print "Background task created to clean replication data. This may take a while."
+ print("Background task created to clean replication data. This may take a while.")
- print "This may be safely interrupted with Ctrl+C"
+ print("This may be safely interrupted with Ctrl+C")
wait_for_task(self.conn, dn)
@@ -1471,11 +1473,11 @@ class ReplicationManager(object):
try:
self.conn.add_entry(e)
except errors.DuplicateEntry:
- print "An abort CLEANALLRUV task for replica id %d already exists." % replicaId
+ print("An abort CLEANALLRUV task for replica id %d already exists." % replicaId)
else:
- print "Background task created. This may take a while."
+ print("Background task created. This may take a while.")
- print "This may be safely interrupted with Ctrl+C"
+ print("This may be safely interrupted with Ctrl+C")
wait_for_task(self.conn, dn)
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 3feaf8fce..dfaf67d0d 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -2,6 +2,8 @@
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
+from __future__ import print_function
+
import os
import pickle
import pwd
@@ -150,35 +152,35 @@ def write_cache(options):
def read_host_name(host_default, no_host_dns=False):
host_name = ""
- print "Enter the fully qualified domain name of the computer"
- print "on which you're setting up server software. Using the form"
- print "<hostname>.<domainname>"
- print "Example: master.example.com."
- print ""
- print ""
+ print("Enter the fully qualified domain name of the computer")
+ print("on which you're setting up server software. Using the form")
+ print("<hostname>.<domainname>")
+ print("Example: master.example.com.")
+ print("")
+ print("")
if host_default == "":
host_default = "master.example.com"
host_name = user_input("Server host name", host_default, allow_empty=False)
- print ""
+ print("")
verify_fqdn(host_name, no_host_dns)
return host_name
def read_domain_name(domain_name, unattended):
- print "The domain name has been determined based on the host name."
- print ""
+ print("The domain name has been determined based on the host name.")
+ print("")
if not unattended:
domain_name = str(user_input("Please confirm the domain name",
domain_name))
- print ""
+ print("")
return domain_name
def read_realm_name(domain_name, unattended):
- print "The kerberos protocol requires a Realm name to be defined."
- print "This is typically the domain name converted to uppercase."
- print ""
+ print("The kerberos protocol requires a Realm name to be defined.")
+ print("This is typically the domain name converted to uppercase.")
+ print("")
if unattended:
return domain_name.upper()
@@ -186,27 +188,27 @@ def read_realm_name(domain_name, unattended):
domain_name.upper()))
upper_dom = realm_name.upper()
if upper_dom != realm_name:
- print "An upper-case realm name is required."
+ print("An upper-case realm name is required.")
if not user_input("Do you want to use " + upper_dom +
" as realm name?", True):
- print ""
- print "An upper-case realm name is required. Unable to continue."
+ print("")
+ print("An upper-case realm name is required. Unable to continue.")
sys.exit(1)
else:
realm_name = upper_dom
- print ""
+ print("")
return realm_name
def read_dm_password():
- print "Certain directory server operations require an administrative user."
+ print("Certain directory server operations require an administrative user.")
print("This user is referred to as the Directory Manager and has full "
"access")
print("to the Directory for system management tasks and will be added to "
"the")
- print "instance of directory server created for IPA."
- print "The password must be at least 8 characters long."
- print ""
+ print("instance of directory server created for IPA.")
+ print("The password must be at least 8 characters long.")
+ print("")
# TODO: provide the option of generating a random password
dm_password = read_password("Directory Manager",
validator=validate_dm_password)
@@ -214,10 +216,10 @@ def read_dm_password():
def read_admin_password():
- print "The IPA server requires an administrative user, named 'admin'."
+ print("The IPA server requires an administrative user, named 'admin'.")
print("This user is a regular system account used for IPA server "
"administration.")
- print ""
+ print("")
# TODO: provide the option of generating a random password
admin_password = read_password("IPA admin",
validator=validate_admin_password)
@@ -227,12 +229,12 @@ def read_admin_password():
def check_dirsrv(unattended):
(ds_unsecure, ds_secure) = dsinstance.check_ports()
if not ds_unsecure or not ds_secure:
- print "IPA requires ports 389 and 636 for the Directory Server."
- print "These are currently in use:"
+ print("IPA requires ports 389 and 636 for the Directory Server.")
+ print("These are currently in use:")
if not ds_unsecure:
- print "\t389"
+ print("\t389")
if not ds_secure:
- print "\t636"
+ print("\t636")
sys.exit(1)
@@ -264,9 +266,9 @@ def common_cleanup(func):
success = True
except KeyboardInterrupt:
ds = installer._ds
- print "\nCleaning up..."
+ print("\nCleaning up...")
if ds:
- print "Removing configuration for %s instance" % ds.serverid
+ print("Removing configuration for %s instance" % ds.serverid)
ds.stop()
if ds.serverid:
try:
@@ -310,7 +312,7 @@ def install_check(installer):
"KDC master password of sufficient strength is autogenerated "
"during IPA server installation and should not be set "
"manually.")
- print textwrap.fill(msg, width=79, replace_whitespace=False)
+ print(textwrap.fill(msg, width=79, replace_whitespace=False))
installer._installation_cleanup = True
@@ -368,31 +370,31 @@ def install_check(installer):
print("======================================="
"=======================================")
- print "This program will set up the FreeIPA Server."
- print ""
- print "This includes:"
+ print("This program will set up the FreeIPA Server.")
+ print("")
+ print("This includes:")
if setup_ca:
print(" * Configure a stand-alone CA (dogtag) for certificate "
"management")
if setup_kra:
- print " * Configure a stand-alone KRA (dogtag) for key storage"
+ print(" * Configure a stand-alone KRA (dogtag) for key storage")
if not options.no_ntp:
- print " * Configure the Network Time Daemon (ntpd)"
- print " * Create and configure an instance of Directory Server"
- print " * Create and configure a Kerberos Key Distribution Center (KDC)"
- print " * Configure Apache (httpd)"
+ print(" * Configure the Network Time Daemon (ntpd)")
+ print(" * Create and configure an instance of Directory Server")
+ print(" * Create and configure a Kerberos Key Distribution Center (KDC)")
+ print(" * Configure Apache (httpd)")
if options.setup_dns:
- print " * Configure DNS (bind)"
+ print(" * Configure DNS (bind)")
if not options.no_pkinit:
- print " * Configure the KDC to enable PKINIT"
+ print(" * Configure the KDC to enable PKINIT")
if options.no_ntp:
- print ""
- print "Excluded by options:"
- print " * Configure the Network Time Daemon (ntpd)"
+ print("")
+ print("Excluded by options:")
+ print(" * Configure the Network Time Daemon (ntpd)")
if installer.interactive:
- print ""
- print "To accept the default shown in brackets, press the Enter key."
- print ""
+ print("")
+ print("To accept the default shown in brackets, press the Enter key.")
+ print("")
if not options.external_cert_files:
# Make sure the 389-ds ports are available
@@ -402,10 +404,10 @@ def install_check(installer):
try:
ipaclient.ntpconf.check_timedate_services()
except ipaclient.ntpconf.NTPConflictingService as e:
- print("WARNING: conflicting time&date synchronization service '%s'"
- " will be disabled" % e.conflicting_service)
- print "in favor of ntpd"
- print ""
+ print(("WARNING: conflicting time&date synchronization service '%s'"
+ " will be disabled" % e.conflicting_service))
+ print("in favor of ntpd")
+ print("")
except ipaclient.ntpconf.NTPConfigurationError:
pass
@@ -417,7 +419,7 @@ def install_check(installer):
if ipautil.user_input("Do you want to configure integrated DNS "
"(BIND)?", False):
options.setup_dns = True
- print ""
+ print("")
# check bind packages are installed
if options.setup_dns:
@@ -449,13 +451,13 @@ def install_check(installer):
system_hostname = get_fqdn()
if host_name != system_hostname:
- print >>sys.stderr
- print >>sys.stderr, ("Warning: hostname %s does not match system "
- "hostname %s." % (host_name, system_hostname))
- print >>sys.stderr, ("System hostname will be updated during the "
- "installation process")
- print >>sys.stderr, "to prevent service failures."
- print >>sys.stderr
+ print(file=sys.stderr)
+ print(("Warning: hostname %s does not match system "
+ "hostname %s." % (host_name, system_hostname)), file=sys.stderr)
+ print(("System hostname will be updated during the "
+ "installation process"), file=sys.stderr)
+ print("to prevent service failures.", file=sys.stderr)
+ print(file=sys.stderr)
if not options.domain_name:
domain_name = read_domain_name(host_name[host_name.find(".")+1:],
@@ -601,7 +603,7 @@ def install_check(installer):
try:
kra.install_check(api, None, options)
except RuntimeError as e:
- print str(e)
+ print(str(e))
sys.exit(1)
if options.setup_dns:
@@ -612,25 +614,25 @@ def install_check(installer):
not installer.interactive, False,
options.ip_addresses)
- print
- print "The IPA Master Server will be configured with:"
- print "Hostname: %s" % host_name
- print "IP address(es): %s" % ", ".join(str(ip) for ip in ip_addresses)
- print "Domain name: %s" % domain_name
- print "Realm name: %s" % realm_name
- print
+ print()
+ print("The IPA Master Server will be configured with:")
+ print("Hostname: %s" % host_name)
+ print("IP address(es): %s" % ", ".join(str(ip) for ip in ip_addresses))
+ print("Domain name: %s" % domain_name)
+ print("Realm name: %s" % realm_name)
+ print()
if options.setup_dns:
- print "BIND DNS server will be configured to serve IPA domain with:"
- print "Forwarders: %s" % (
+ print("BIND DNS server will be configured to serve IPA domain with:")
+ print("Forwarders: %s" % (
"No forwarders" if not dns.dns_forwarders
else ", ".join([str(ip) for ip in dns.dns_forwarders])
- )
- print "Reverse zone(s): %s" % (
+ ))
+ print("Reverse zone(s): %s" % (
"No reverse zone" if options.no_reverse or not dns.reverse_zones
else ", ".join(str(rz) for rz in dns.reverse_zones)
- )
- print
+ ))
+ print()
# If domain name and realm does not match, IPA server will not be able
# to estabilish trust with Active Directory. Print big fat warning.
@@ -700,10 +702,10 @@ def install(installer):
installer._installation_cleanup = False
if installer.interactive:
- print ""
- print "The following operations may take some minutes to complete."
- print "Please wait until the prompt is returned."
- print ""
+ print("")
+ print("The following operations may take some minutes to complete.")
+ print("Please wait until the prompt is returned.")
+ print("")
system_hostname = get_fqdn()
if host_name != system_hostname:
@@ -891,45 +893,45 @@ def install(installer):
print("======================================="
"=======================================")
- print "Setup complete"
- print ""
- print "Next steps:"
- print "\t1. You must make sure these network ports are open:"
- print "\t\tTCP Ports:"
- print "\t\t * 80, 443: HTTP/HTTPS"
- print "\t\t * 389, 636: LDAP/LDAPS"
- print "\t\t * 88, 464: kerberos"
+ print("Setup complete")
+ print("")
+ print("Next steps:")
+ print("\t1. You must make sure these network ports are open:")
+ print("\t\tTCP Ports:")
+ print("\t\t * 80, 443: HTTP/HTTPS")
+ print("\t\t * 389, 636: LDAP/LDAPS")
+ print("\t\t * 88, 464: kerberos")
if options.setup_dns:
- print "\t\t * 53: bind"
- print "\t\tUDP Ports:"
- print "\t\t * 88, 464: kerberos"
+ print("\t\t * 53: bind")
+ print("\t\tUDP Ports:")
+ print("\t\t * 88, 464: kerberos")
if options.setup_dns:
- print "\t\t * 53: bind"
+ print("\t\t * 53: bind")
if not options.no_ntp:
- print "\t\t * 123: ntp"
- print ""
+ print("\t\t * 123: ntp")
+ print("")
print("\t2. You can now obtain a kerberos ticket using the command: "
"'kinit admin'")
print("\t This ticket will allow you to use the IPA tools (e.g., ipa "
"user-add)")
- print "\t and the web user interface."
+ print("\t and the web user interface.")
if not services.knownservices.ntpd.is_running():
- print "\t3. Kerberos requires time synchronization between clients"
+ print("\t3. Kerberos requires time synchronization between clients")
print("\t and servers for correct operation. You should consider "
"enabling ntpd.")
- print ""
+ print("")
if setup_ca:
- print("Be sure to back up the CA certificates stored in " +
- paths.CACERT_P12)
+ print(("Be sure to back up the CA certificates stored in " +
+ paths.CACERT_P12))
if setup_kra:
- print "and the KRA certificates stored in " + paths.KRACERT_P12
+ print("and the KRA certificates stored in " + paths.KRACERT_P12)
print("These files are required to create replicas. The password for "
"these")
- print "files is the Directory Manager password"
+ print("files is the Directory Manager password")
else:
- print "In order for Firefox autoconfiguration to work you will need to"
+ print("In order for Firefox autoconfiguration to work you will need to")
print("use a SSL signing certificate. See the IPA documentation for "
"more details.")
@@ -948,7 +950,7 @@ def uninstall_check(installer):
"KDC master password of sufficient strength is autogenerated "
"during IPA server installation and should not be set "
"manually.")
- print textwrap.fill(msg, width=79, replace_whitespace=False)
+ print(textwrap.fill(msg, width=79, replace_whitespace=False))
installer._installation_cleanup = False
@@ -972,8 +974,8 @@ def uninstall_check(installer):
"and configuration!\n")
if not user_input("Are you sure you want to continue with the "
"uninstall procedure?", False):
- print ""
- print "Aborting uninstall operation."
+ print("")
+ print("Aborting uninstall operation.")
sys.exit(1)
try:
@@ -988,7 +990,7 @@ def uninstall_check(installer):
"information about replication agreements. Uninstallation "
"will continue despite the possible existing replication "
"agreements.\n\n")
- print textwrap.fill(msg, width=80, replace_whitespace=False)
+ print(textwrap.fill(msg, width=80, replace_whitespace=False))
else:
api.Backend.ldap2.connect(autobind=True)
dns.uninstall_check(options)
@@ -1012,13 +1014,13 @@ def uninstall_check(installer):
other_masters)
)
cmd = "$ ipa-replica-manage del %s\n" % api.env.host
- print textwrap.fill(msg, width=80, replace_whitespace=False)
- print cmd
+ print(textwrap.fill(msg, width=80, replace_whitespace=False))
+ print(cmd)
if (installer.interactive and
not user_input("Are you sure you want to continue with the "
"uninstall procedure?", False)):
- print ""
- print "Aborting uninstall operation."
+ print("")
+ print("Aborting uninstall operation.")
sys.exit(1)
installer._fstore = fstore
@@ -1032,7 +1034,7 @@ def uninstall(installer):
rv = 0
- print "Shutting down all IPA services"
+ print("Shutting down all IPA services")
try:
(stdout, stderr, rc) = run([paths.IPACTL, "stop"], raiseonerr=False)
except Exception as e:
@@ -1041,7 +1043,7 @@ def uninstall(installer):
# Need to get dogtag info before /etc/ipa/default.conf is removed
dogtag_constants = dogtag.configured_constants()
- print "Removing IPA client configuration"
+ print("Removing IPA client configuration")
try:
(stdout, stderr, rc) = run([paths.IPA_CLIENT_INSTALL, "--on-master",
"--unattended", "--uninstall"],
@@ -1051,8 +1053,8 @@ def uninstall(installer):
raise RuntimeError(stdout)
except Exception as e:
rv = 1
- print "Uninstall of client side components failed!"
- print "ipa-client-install returned: " + str(e)
+ print("Uninstall of client side components failed!")
+ print("ipa-client-install returned: " + str(e))
ntpinstance.NTPInstance(fstore).uninstall()
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 664a0baa0..bd78c75d0 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -2,6 +2,8 @@
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
+from __future__ import print_function
+
import dns.exception as dnsexception
import dns.name as dnsname
import dns.resolver as dnsresolver
@@ -107,7 +109,7 @@ def install_ca_cert(ldap, base_dn, realm, cafile):
os.chmod(constants.CACERT, 0o444)
except Exception as e:
- print "error copying files: " + str(e)
+ print("error copying files: " + str(e))
sys.exit(1)
@@ -138,7 +140,7 @@ def install_http(config, auto_redirect):
shutil.copy(config.dir + "/configure.jar",
paths.CONFIGURE_JAR)
except Exception as e:
- print "error copying files: " + str(e)
+ print("error copying files: " + str(e))
sys.exit(1)
http.setup_firefox_extension(config.realm_name, config.domain_name)
@@ -180,12 +182,12 @@ def install_dns_records(config, options, remote_api):
def check_dirsrv():
(ds_unsecure, ds_secure) = dsinstance.check_ports()
if not ds_unsecure or not ds_secure:
- print "IPA requires ports 389 and 636 for the Directory Server."
- print "These are currently in use:"
+ print("IPA requires ports 389 and 636 for the Directory Server.")
+ print("These are currently in use:")
if not ds_unsecure:
- print "\t389"
+ print("\t389")
if not ds_secure:
- print "\t636"
+ print("\t636")
sys.exit(1)
@@ -334,10 +336,10 @@ def install_check(installer):
try:
ipaclient.ntpconf.check_timedate_services()
except ipaclient.ntpconf.NTPConflictingService as e:
- print("WARNING: conflicting time&date synchronization service '%s'"
- " will" % e.conflicting_service)
- print "be disabled in favor of ntpd"
- print ""
+ print(("WARNING: conflicting time&date synchronization service '%s'"
+ " will" % e.conflicting_service))
+ print("be disabled in favor of ntpd")
+ print("")
except ipaclient.ntpconf.NTPConfigurationError:
pass
@@ -416,9 +418,9 @@ def install_check(installer):
'host already exists.')
print('A replication agreement for this host already exists. '
'It needs to be removed.')
- print "Run this on the master that generated the info file:"
- print(" %% ipa-replica-manage del %s --force" %
- config.host_name)
+ print("Run this on the master that generated the info file:")
+ print((" %% ipa-replica-manage del %s --force" %
+ config.host_name))
sys.exit(3)
# Detect the current domain level
@@ -455,10 +457,10 @@ def install_check(installer):
else:
root_logger.info('Error: Host %s already exists on the master '
'server.' % config.host_name)
- print('The host %s already exists on the master server.' %
- config.host_name)
- print "You should remove it before proceeding:"
- print " %% ipa host-del %s" % config.host_name
+ print(('The host %s already exists on the master server.' %
+ config.host_name))
+ print("You should remove it before proceeding:")
+ print(" %% ipa host-del %s" % config.host_name)
sys.exit(3)
dns_masters = remote_api.Object['dnsrecord'].get_dns_masters()
@@ -486,7 +488,7 @@ def install_check(installer):
try:
kra.install_check(remote_api, config, options)
except RuntimeError as e:
- print str(e)
+ print(str(e))
sys.exit(1)
except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server "
@@ -629,8 +631,8 @@ def install(installer):
args.append("--mkhomedir")
ipautil.run(args)
except Exception as e:
- print "Configuration of client side components failed!"
- print "ipa-client-install returned: " + str(e)
+ print("Configuration of client side components failed!")
+ print("ipa-client-install returned: " + str(e))
raise RuntimeError("Failed to configure the client")
ds.replica_populate()
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index cb92250e4..093aee878 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -2,6 +2,8 @@
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
+from __future__ import print_function
+
import re
import os
import shutil
@@ -1540,7 +1542,7 @@ def upgrade_check(options):
try:
installutils.check_server_configuration()
except RuntimeError as e:
- print unicode(e)
+ print(unicode(e))
sys.exit(1)
if not services.knownservices.certmonger.is_running():
@@ -1587,7 +1589,7 @@ def upgrade():
# store new data version after upgrade
installutils.store_version()
- print 'Upgrading IPA services'
+ print('Upgrading IPA services')
root_logger.info('Upgrading the configuration of the IPA services')
upgrade_configuration()
root_logger.info('The IPA services were upgraded')
generated by cgit (git 2.34.1) at 2024-06-20 22:14:30 +0000