server install: fix external CA install

Replace the dual definitions of domain_name, dm_password and admin_password
knobs in server install with single definitions using the original names
without the 'new_' prefix.

This fixes the options read from the installer option cache in step 2 of
external CA install to use the correct knob names.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

6 files changed, 54 insertions, 67 deletions

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 0954c2bff..0eec5bdba 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -3571,6 +3571,9 @@ class ClientInstall(ClientInstallInterface,
     Client installer
     """
 
+    replica_file = None
+    dm_password = None
+
     ca_cert_files = knob(
         bases=ClientInstallInterface.ca_cert_files,
     )
diff --git a/ipalib/install/service.py b/ipalib/install/service.py
index 2544e5b85..fc430fb18 100644
--- a/ipalib/install/service.py
+++ b/ipalib/install/service.py
@@ -146,7 +146,6 @@ class ServiceInstallInterface(common.Installable,
         str, None,
         description="a file generated by ipa-replica-prepare",
     )
-    replica_file = enroll_only(replica_file)
     replica_file = replica_install_only(replica_file)
 
     dm_password = knob(
@@ -154,8 +153,6 @@ class ServiceInstallInterface(common.Installable,
         sensitive=True,
         description="Directory Manager password (for the existing master)",
     )
-    dm_password = enroll_only(dm_password)
-    dm_password = replica_install_only(dm_password)
 
 
 class ServiceAdminInstallInterface(ServiceInstallInterface):
@@ -175,4 +172,3 @@ class ServiceAdminInstallInterface(ServiceInstallInterface):
         sensitive=True,
     )
     admin_password = enroll_only(admin_password)
-    admin_password = replica_install_only(admin_password)
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index efc8c870e..4f64d99db 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -338,7 +338,6 @@ class CAInstallInterface(dogtag.DogtagInstallInterface,
             ['-w']),
     )
     admin_password = enroll_only(admin_password)
-    admin_password = replica_install_only(admin_password)
 
     external_ca = knob(
         None,
diff --git a/ipaserver/install/ipa_server_install.py b/ipaserver/install/ipa_server_install.py
index 3b6cb81c7..e708040e8 100644
--- a/ipaserver/install/ipa_server_install.py
+++ b/ipaserver/install/ipa_server_install.py
@@ -15,16 +15,16 @@ class CompatServerMasterInstall(ServerMasterInstall):
     no_sudo = False
     request_cert = False
 
-    new_dm_password = knob(
+    dm_password = knob(
         # pylint: disable=no-member
-        bases=ServerMasterInstall.new_dm_password,
+        bases=ServerMasterInstall.dm_password,
         cli_names=['--ds-password', '-p'],
     )
 
-    new_admin_password = knob(
+    admin_password = knob(
         # pylint: disable=no-member
-        bases=ServerMasterInstall.new_admin_password,
-        cli_names=(list(ServerMasterInstall.new_admin_password.cli_names) +
+        bases=ServerMasterInstall.admin_password,
+        cli_names=(list(ServerMasterInstall.admin_password.cli_names) +
                    ['-a']),
     )
 
diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index c518ec946..0237702cc 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -21,7 +21,6 @@ from ipalib.install.service import (enroll_only,
                                     prepares,
                                     prepare_only,
                                     replica_install_only)
-from ipalib.util import validate_domain_name
 from ipapython import ipautil
 from ipapython.dnsutil import check_zone_overlap
 from ipapython.install import typing
@@ -72,22 +71,6 @@ class ServerInstallInterface(client.ClientInstallInterface,
         cli_names=(list(client.ClientInstallInterface.domain_name.cli_names) +
                    ['-n']),
     )
-    domain_name = replica_install_only(domain_name)
-
-    new_domain_name = knob(
-        bases=client.ClientInstallInterface.domain_name,
-        cli_names=['--domain', '-n'],
-        cli_metavar='DOMAIN_NAME',
-    )
-    new_domain_name = master_install_only(new_domain_name)
-
-    @new_domain_name.validator
-    def new_domain_name(self, value):
-        validate_domain_name(value)
-        if (self.setup_dns and
-                not self.allow_zone_overlap):   # pylint: disable=no-member
-            print("Checking DNS domain %s, please wait ..." % value)
-            check_zone_overlap(value, False)
 
     servers = knob(
         bases=client.ClientInstallInterface.servers,
@@ -114,18 +97,10 @@ class ServerInstallInterface(client.ClientInstallInterface,
     )
     ca_cert_files = prepare_only(ca_cert_files)
 
-    new_dm_password = knob(
-        str, None,
-        sensitive=True,
+    dm_password = knob(
+        bases=client.ClientInstallInterface.dm_password,
         description="Directory Manager password",
-        cli_names='--dm-password',
-        cli_metavar='DM_PASSWORD',
     )
-    new_dm_password = master_install_only(new_dm_password)
-
-    @new_dm_password.validator
-    def new_dm_password(self, value):
-        validate_dm_password(value)
 
     ip_addresses = knob(
         bases=client.ClientInstallInterface.ip_addresses,
@@ -142,25 +117,6 @@ class ServerInstallInterface(client.ClientInstallInterface,
     )
     principal = replica_install_only(principal)
 
-    admin_password = knob(
-        bases=client.ClientInstallInterface.admin_password,
-        description="Kerberos password for the specified admin principal",
-    )
-    admin_password = replica_install_only(admin_password)
-
-    new_admin_password = knob(
-        str, None,
-        sensitive=True,
-        description="admin user kerberos password",
-        cli_names='--admin-password',
-        cli_metavar='ADMIN_PASSWORD',
-    )
-    new_admin_password = master_install_only(new_admin_password)
-
-    @new_admin_password.validator
-    def new_admin_password(self, value):
-        validate_admin_password(value)
-
     master_password = knob(
         str, None,
         sensitive=True,
@@ -459,14 +415,14 @@ class ServerInstallInterface(client.ClientInstallInterface,
                     "--external-ca")
 
             if self.uninstalling:
-                if (self.realm_name or self.new_admin_password or
+                if (self.realm_name or self.admin_password or
                         self.master_password):
                     raise RuntimeError(
                         "In uninstall mode, -a, -r and -P options are not "
                         "allowed")
             elif not self.interactive:
-                if (not self.realm_name or not self.new_dm_password or
-                        not self.new_admin_password):
+                if (not self.realm_name or not self.dm_password or
+                        not self.admin_password):
                     raise RuntimeError(
                         "In unattended mode you need to provide at least -r, "
                         "-p and -a options")
@@ -549,21 +505,49 @@ class ServerInstallInterface(client.ClientInstallInterface,
         self.no_pkinit = True
 
 
-class ServerMasterInstall(installs_master(ServerInstallInterface)):
+ServerMasterInstallInterface = installs_master(ServerInstallInterface)
+
+
+class ServerMasterInstall(ServerMasterInstallInterface):
     """
     Server master installer
     """
 
-    domain_name = None
     servers = None
-    dm_password = None
     no_wait_for_dns = True
-    admin_password = None
     host_password = None
     keytab = None
     setup_ca = True
     setup_kra = False
 
+    domain_name = knob(
+        bases=ServerMasterInstallInterface.domain_name,
+    )
+
+    @domain_name.validator
+    def domain_name(self, value):
+        if (self.setup_dns and
+                not self.allow_zone_overlap):
+            print("Checking DNS domain %s, please wait ..." % value)
+            check_zone_overlap(value, False)
+
+    dm_password = knob(
+        bases=ServerMasterInstallInterface.dm_password,
+    )
+
+    @dm_password.validator
+    def dm_password(self, value):
+        validate_dm_password(value)
+
+    admin_password = knob(
+        bases=ServerMasterInstallInterface.admin_password,
+        description="admin user kerberos password",
+    )
+
+    @admin_password.validator
+    def admin_password(self, value):
+        validate_admin_password(value)
+
     def __init__(self, **kwargs):
         super(ServerMasterInstall, self).__init__(**kwargs)
         master_init(self)
@@ -581,13 +565,21 @@ class ServerMasterInstall(installs_master(ServerInstallInterface)):
         uninstall(self)
 
 
-class ServerReplicaInstall(installs_replica(ServerInstallInterface)):
+ServerReplicaInstallInterface = installs_replica(ServerInstallInterface)
+
+
+class ServerReplicaInstall(ServerReplicaInstallInterface):
     """
     Server replica installer
     """
 
     subject = None
 
+    admin_password = knob(
+        bases=ServerReplicaInstallInterface.admin_password,
+        description="Kerberos password for the specified admin principal",
+    )
+
     def __init__(self, **kwargs):
         super(ServerReplicaInstall, self).__init__(**kwargs)
         replica_init(self)
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index b30a9349f..f81c202cc 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1150,9 +1150,6 @@ def uninstall(installer):
 def init(installer):
     installer.unattended = not installer.interactive
 
-    installer.domain_name = installer.new_domain_name
-    installer.dm_password = installer.new_dm_password
-    installer.admin_password = installer.new_admin_password
     installer.domainlevel = installer.domain_level
 
     installer._installation_cleanup = True