install: re-introduce option groups

Re-introduce option groups in ipa-client-install, ipa-server-install and
ipa-replica-install.

https://pagure.io/freeipa/issue/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

1 files changed, 144 insertions, 133 deletions

diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index edb91f3d1..14f1ec48a 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -14,6 +14,7 @@ import random
 
 from ipaclient.install import client
 from ipalib import constants
+from ipalib.install import service
 from ipalib.install.service import (enroll_only,
                                     installs_master,
                                     installs_replica,
@@ -24,7 +25,7 @@ from ipalib.install.service import (enroll_only,
 from ipapython import ipautil
 from ipapython.dnsutil import check_zone_overlap
 from ipapython.install import typing
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob, extend_knob
 from ipapython.install.common import step
 
 from .install import validate_admin_password, validate_dm_password
@@ -41,12 +42,120 @@ from .upgrade import upgrade_check, upgrade
 from .. import adtrust, ca, conncheck, dns, kra
 
 
-class ServerInstallInterface(client.ClientInstallInterface,
+@group
+class ServerUninstallInterface(service.ServiceInstallInterface):
+    description = "Uninstall"
+
+    ignore_topology_disconnect = knob(
+        None,
+        description="do not check whether server uninstall disconnects the "
+                    "topology (domain level 1+)",
+    )
+    ignore_topology_disconnect = master_install_only(ignore_topology_disconnect)
+
+    ignore_last_of_role = knob(
+        None,
+        description="do not check whether server uninstall removes last "
+                    "CA/DNS server or DNSSec master (domain level 1+)",
+    )
+    ignore_last_of_role = master_install_only(ignore_last_of_role)
+
+
+@group
+class ServerCertificateInstallInterface(service.ServiceInstallInterface):
+    description = "SSL certificate"
+
+    dirsrv_cert_files = knob(
+        # pylint: disable=invalid-sequence-index
+        typing.List[str], None,
+        description=("File containing the Directory Server SSL certificate "
+                     "and private key"),
+        cli_names='--dirsrv-cert-file',
+        cli_deprecated_names='--dirsrv_pkcs12',
+        cli_metavar='FILE',
+    )
+    dirsrv_cert_files = prepare_only(dirsrv_cert_files)
+
+    http_cert_files = knob(
+        # pylint: disable=invalid-sequence-index
+        typing.List[str], None,
+        description=("File containing the Apache Server SSL certificate and "
+                     "private key"),
+        cli_names='--http-cert-file',
+        cli_deprecated_names='--http_pkcs12',
+        cli_metavar='FILE',
+    )
+    http_cert_files = prepare_only(http_cert_files)
+
+    pkinit_cert_files = knob(
+        # pylint: disable=invalid-sequence-index
+        typing.List[str], None,
+        description=("File containing the Kerberos KDC SSL certificate and "
+                     "private key"),
+        cli_names='--pkinit-cert-file',
+        cli_deprecated_names='--pkinit_pkcs12',
+        cli_metavar='FILE',
+    )
+    pkinit_cert_files = prepare_only(pkinit_cert_files)
+
+    dirsrv_pin = knob(
+        str, None,
+        sensitive=True,
+        description="The password to unlock the Directory Server private key",
+        cli_deprecated_names='--dirsrv_pin',
+        cli_metavar='PIN',
+    )
+    dirsrv_pin = prepare_only(dirsrv_pin)
+
+    http_pin = knob(
+        str, None,
+        sensitive=True,
+        description="The password to unlock the Apache Server private key",
+        cli_deprecated_names='--http_pin',
+        cli_metavar='PIN',
+    )
+    http_pin = prepare_only(http_pin)
+
+    pkinit_pin = knob(
+        str, None,
+        sensitive=True,
+        description="The password to unlock the Kerberos KDC private key",
+        cli_deprecated_names='--pkinit_pin',
+        cli_metavar='PIN',
+    )
+    pkinit_pin = prepare_only(pkinit_pin)
+
+    dirsrv_cert_name = knob(
+        str, None,
+        description="Name of the Directory Server SSL certificate to install",
+        cli_metavar='NAME',
+    )
+    dirsrv_cert_name = prepare_only(dirsrv_cert_name)
+
+    http_cert_name = knob(
+        str, None,
+        description="Name of the Apache Server SSL certificate to install",
+        cli_metavar='NAME',
+    )
+    http_cert_name = prepare_only(http_cert_name)
+
+    pkinit_cert_name = knob(
+        str, None,
+        description="Name of the Kerberos KDC SSL certificate to install",
+        cli_metavar='NAME',
+    )
+    pkinit_cert_name = prepare_only(pkinit_cert_name)
+
+
+@group
+class ServerInstallInterface(ServerCertificateInstallInterface,
+                             client.ClientInstallInterface,
                              ca.CAInstallInterface,
                              kra.KRAInstallInterface,
                              dns.DNSInstallInterface,
                              adtrust.ADTrustInstallInterface,
-                             conncheck.ConnCheckInterface):
+                             conncheck.ConnCheckInterface,
+                             ServerUninstallInterface):
     """
     Interface of server installers
 
@@ -55,6 +164,7 @@ class ServerInstallInterface(client.ClientInstallInterface,
     * ipa-replica-prepare
     * ipa-replica-install
     """
+    description = "Server"
 
     force_join = False
     kinit_attempts = 1
@@ -65,56 +175,57 @@ class ServerInstallInterface(client.ClientInstallInterface,
     enable_dns_updates = False
     no_krb5_offline_passwords = False
     preserve_sssd = False
+    no_sssd = False
 
-    domain_name = knob(
-        bases=client.ClientInstallInterface.domain_name,
+    domain_name = client.ClientInstallInterface.domain_name
+    domain_name = extend_knob(
+        domain_name,
         # pylint: disable=no-member
-        cli_names=(list(client.ClientInstallInterface.domain_name.cli_names) +
-                   ['-n']),
+        cli_names=list(domain_name.cli_names) + ['-n'],
     )
 
-    servers = knob(
-        bases=client.ClientInstallInterface.servers,
+    servers = extend_knob(
+        client.ClientInstallInterface.servers,
         description="fully qualified name of IPA server to enroll to",
     )
     servers = enroll_only(servers)
 
-    realm_name = knob(
-        bases=client.ClientInstallInterface.realm_name,
-        cli_names=(list(client.ClientInstallInterface.realm_name.cli_names) +
-                   ['-r']),
+    realm_name = client.ClientInstallInterface.realm_name
+    realm_name = extend_knob(
+        realm_name,
+        cli_names=list(realm_name.cli_names) + ['-r'],
     )
 
-    host_name = knob(
-        bases=client.ClientInstallInterface.host_name,
+    host_name = extend_knob(
+        client.ClientInstallInterface.host_name,
         description="fully qualified name of this host",
     )
 
-    ca_cert_files = knob(
-        bases=client.ClientInstallInterface.ca_cert_files,
+    ca_cert_files = extend_knob(
+        client.ClientInstallInterface.ca_cert_files,
         description="File containing CA certificates for the service "
                     "certificate files",
         cli_deprecated_names='--root-ca-file',
     )
     ca_cert_files = prepare_only(ca_cert_files)
 
-    dm_password = knob(
-        bases=client.ClientInstallInterface.dm_password,
+    dm_password = extend_knob(
+        client.ClientInstallInterface.dm_password,
         description="Directory Manager password",
     )
 
-    ip_addresses = knob(
-        bases=client.ClientInstallInterface.ip_addresses,
+    ip_addresses = extend_knob(
+        client.ClientInstallInterface.ip_addresses,
         description="Server IP Address. This option can be used multiple "
                     "times",
     )
 
-    principal = knob(
-        bases=client.ClientInstallInterface.principal,
+    principal = client.ClientInstallInterface.principal
+    principal = extend_knob(
+        principal,
         description="User Principal allowed to promote replicas and join IPA "
                     "realm",
-        cli_names=(list(client.ClientInstallInterface.principal.cli_names) +
-                   ['-P']),
+        cli_names=list(principal.cli_names) + ['-P'],
     )
     principal = replica_install_only(principal)
 
@@ -195,20 +306,6 @@ class ServerInstallInterface(client.ClientInstallInterface,
     )
     no_hbac_allow = master_install_only(no_hbac_allow)
 
-    ignore_topology_disconnect = knob(
-        None,
-        description="do not check whether server uninstall disconnects the "
-                    "topology (domain level 1+)",
-    )
-    ignore_topology_disconnect = master_install_only(ignore_topology_disconnect)
-
-    ignore_last_of_role = knob(
-        None,
-        description="do not check whether server uninstall removes last "
-                    "CA/DNS server or DNSSec master (domain level 1+)",
-    )
-    ignore_last_of_role = master_install_only(ignore_last_of_role)
-
     no_pkinit = knob(
         None,
         description="disables pkinit setup steps",
@@ -235,92 +332,6 @@ class ServerInstallInterface(client.ClientInstallInterface,
         if not os.path.exists(value):
             raise ValueError("File %s does not exist." % value)
 
-    dirsrv_cert_files = knob(
-        # pylint: disable=invalid-sequence-index
-        typing.List[str], None,
-        description=("File containing the Directory Server SSL certificate "
-                     "and private key"),
-        cli_names='--dirsrv-cert-file',
-        cli_deprecated_names='--dirsrv_pkcs12',
-        cli_metavar='FILE',
-    )
-    dirsrv_cert_files = prepare_only(dirsrv_cert_files)
-
-    http_cert_files = knob(
-        # pylint: disable=invalid-sequence-index
-        typing.List[str], None,
-        description=("File containing the Apache Server SSL certificate and "
-                     "private key"),
-        cli_names='--http-cert-file',
-        cli_deprecated_names='--http_pkcs12',
-        cli_metavar='FILE',
-    )
-    http_cert_files = prepare_only(http_cert_files)
-
-    pkinit_cert_files = knob(
-        # pylint: disable=invalid-sequence-index
-        typing.List[str], None,
-        description=("File containing the Kerberos KDC SSL certificate and "
-                     "private key"),
-        cli_names='--pkinit-cert-file',
-        cli_deprecated_names='--pkinit_pkcs12',
-        cli_metavar='FILE',
-    )
-    pkinit_cert_files = prepare_only(pkinit_cert_files)
-
-    dirsrv_pin = knob(
-        str, None,
-        sensitive=True,
-        description="The password to unlock the Directory Server private key",
-        cli_deprecated_names='--dirsrv_pin',
-        cli_metavar='PIN',
-    )
-    dirsrv_pin = prepare_only(dirsrv_pin)
-
-    http_pin = knob(
-        str, None,
-        sensitive=True,
-        description="The password to unlock the Apache Server private key",
-        cli_deprecated_names='--http_pin',
-        cli_metavar='PIN',
-    )
-    http_pin = prepare_only(http_pin)
-
-    pkinit_pin = knob(
-        str, None,
-        sensitive=True,
-        description="The password to unlock the Kerberos KDC private key",
-        cli_deprecated_names='--pkinit_pin',
-        cli_metavar='PIN',
-    )
-    pkinit_pin = prepare_only(pkinit_pin)
-
-    dirsrv_cert_name = knob(
-        str, None,
-        description="Name of the Directory Server SSL certificate to install",
-        cli_metavar='NAME',
-    )
-    dirsrv_cert_name = prepare_only(dirsrv_cert_name)
-
-    http_cert_name = knob(
-        str, None,
-        description="Name of the Apache Server SSL certificate to install",
-        cli_metavar='NAME',
-    )
-    http_cert_name = prepare_only(http_cert_name)
-
-    pkinit_cert_name = knob(
-        str, None,
-        description="Name of the Kerberos KDC SSL certificate to install",
-        cli_metavar='NAME',
-    )
-    pkinit_cert_name = prepare_only(pkinit_cert_name)
-
-    add_agents = knob(
-        bases=adtrust.ADTrustInstallInterface.add_agents
-    )
-    add_agents = replica_install_only(add_agents)
-
     def __init__(self, **kwargs):
         super(ServerInstallInterface, self).__init__(**kwargs)
 
@@ -514,8 +525,8 @@ class ServerMasterInstall(ServerMasterInstallInterface):
     keytab = None
     setup_ca = True
 
-    domain_name = knob(
-        bases=ServerMasterInstallInterface.domain_name,
+    domain_name = extend_knob(
+        ServerMasterInstallInterface.domain_name,
     )
 
     @domain_name.validator
@@ -525,16 +536,16 @@ class ServerMasterInstall(ServerMasterInstallInterface):
             print("Checking DNS domain %s, please wait ..." % value)
             check_zone_overlap(value, False)
 
-    dm_password = knob(
-        bases=ServerMasterInstallInterface.dm_password,
+    dm_password = extend_knob(
+        ServerMasterInstallInterface.dm_password,
     )
 
     @dm_password.validator
     def dm_password(self, value):
         validate_dm_password(value)
 
-    admin_password = knob(
-        bases=ServerMasterInstallInterface.admin_password,
+    admin_password = extend_knob(
+        ServerMasterInstallInterface.admin_password,
         description="admin user kerberos password",
     )
 
@@ -574,8 +585,8 @@ class ServerReplicaInstall(ServerReplicaInstallInterface):
     subject_base = None
     ca_subject = None
 
-    admin_password = knob(
-        bases=ServerReplicaInstallInterface.admin_password,
+    admin_password = extend_knob(
+        ServerReplicaInstallInterface.admin_password,
         description="Kerberos password for the specified admin principal",
     )