diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2017-02-17 13:51:00 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-03-01 15:55:45 +0100 |
commit | eee319dba12a6ab7daa06ca0d7d8ac8fc754f961 (patch) | |
tree | 316fb6e8a83257d9a07bd9749e655e978c8c2f48 | |
parent | aa353c5f21bf040579a4aeda6840b56ae93b4309 (diff) | |
download | freeipa-eee319dba12a6ab7daa06ca0d7d8ac8fc754f961.tar.gz freeipa-eee319dba12a6ab7daa06ca0d7d8ac8fc754f961.tar.xz freeipa-eee319dba12a6ab7daa06ca0d7d8ac8fc754f961.zip |
Merge AD trust configurator into replica installer
`ipa-replica-install` is now able to configure Samba and winbind
services in order to manage Active Directory trusts. `--add-agents`
option is exposed in replica installer, while `--add-sids` now defaults
to `False` since adding a first AD trust controller to an existing
sizeable deployment can result in stuck installation as sidgen tasks can
take a long time to complete. That's why adding SIDs should be a
conscious decision in this case.
https://fedorahosted.org/freeipa/ticket/6630
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index c18125842..3757700e1 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -38,7 +38,7 @@ from ipalib.util import ( ) from ipaclient.install.client import configure_krb5_conf, purge_host_keytab from ipaserver.install import ( - bindinstance, ca, certs, dns, dsinstance, httpinstance, + adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance, installutils, kra, krbinstance, ntpinstance, otpdinstance, custodiainstance, service) from ipaserver.install.installutils import ( @@ -862,6 +862,9 @@ def install_check(installer): network_ip_address_warning(config.ips) broadcast_ip_address_warning(config.ips) + if options.setup_adtrust: + adtrust.install_check(False, options, remote_api) + enroll_dl0_replica(installer, fstore, remote_api) ccache = os.environ['KRB5CCNAME'] kinit_keytab('host/{env.host}@{env.realm}'.format(env=api.env), @@ -1283,6 +1286,9 @@ def promote_check(installer): network_ip_address_warning(config.ips) broadcast_ip_address_warning(config.ips) + if options.setup_adtrust: + adtrust.install_check(False, options, remote_api) + except errors.ACIError: root_logger.debug(traceback.format_exc()) raise ScriptError("\nInsufficient privileges to promote the server." @@ -1473,6 +1479,10 @@ def install(installer): dns.install(False, True, options, api) else: api.Command.dns_update_system_records() + + if options.setup_adtrust: + adtrust.install(False, options, fstore, api) + api.Backend.ldap2.disconnect() if not promote: |