diff options
| author | Tomas Babej <tbabej@redhat.com> | 2015-11-23 12:46:15 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-12-01 16:33:13 +0100 |
| commit | 034e76062fd897dc67b5a395735a5471257bfc8b (patch) | |
| tree | ee20f972f845e48c4a80aa42640baf6f101f320b /ipaserver | |
| parent | 525f6281d820ba7d3be780127d79a62221c5f1ad (diff) | |
| download | freeipa-034e76062fd897dc67b5a395735a5471257bfc8b.tar.gz freeipa-034e76062fd897dc67b5a395735a5471257bfc8b.tar.xz freeipa-034e76062fd897dc67b5a395735a5471257bfc8b.zip | |
replicainstall: Add possiblity to install client in one command
https://fedorahosted.org/freeipa/ticket/5310
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/server/common.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 94 |
2 files changed, 86 insertions, 10 deletions
diff --git a/ipaserver/install/server/common.py b/ipaserver/install/server/common.py index 82c2c9eac..376c39dfa 100644 --- a/ipaserver/install/server/common.py +++ b/ipaserver/install/server/common.py @@ -280,7 +280,7 @@ class BaseServer(common.Installable, common.Interactive, core.Composite): host_name = Knob( str, None, - description="fully qualified name of server", + description="fully qualified name of this host", cli_name='hostname', ) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index eac42dab2..74069f0fb 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -4,6 +4,7 @@ from __future__ import print_function +import collections import dns.exception as dnsexception import dns.name as dnsname import dns.resolver as dnsresolver @@ -751,6 +752,53 @@ def install(installer): remove_replica_info_dir(installer) +def ensure_enrolled(installer): + config = installer._config + + # Perform only if we have the necessary options + if not any([installer.admin_password, installer.keytab]): + sys.exit("IPA client is not configured on this system.\n" + "You must join the system by running 'ipa-client-install' " + "first. Alternatively, you may specify enrollment related " + "options directly, see man ipa-replica-install.") + + # Call client install script + service.print_msg("Configuring client side components") + try: + args = [paths.IPA_CLIENT_INSTALL, "--unattended"] + if installer.domain_name: + args.extend(["--domain", installer.domain_name]) + if installer.server: + args.extend(["--server", installer.server]) + if installer.realm_name: + args.extend(["--realm", installer.realm_name]) + if installer.host_name: + args.extend(["--hostname", installer.host_name]) + + if installer.admin_password: + # Always set principal if password was set explicitly, + # the password itself gets passed directly via stdin + args.extend(["--principal", installer.principal or "admin"]) + if installer.keytab: + args.extend(["--keytab", installer.keytab]) + + if installer.no_dns_sshfp: + args.append("--no-dns-sshfp") + if installer.ssh_trust_dns: + args.append("--ssh-trust-dns") + if installer.no_ssh: + args.append("--no-ssh") + if installer.no_sshd: + args.append("--no-sshd") + if installer.mkhomedir: + args.append("--mkhomedir") + + ipautil.run(args, stdin=installer.admin_password or None) + + except Exception as e: + sys.exit("Configuration of client side components failed!\n" + "ipa-client-install returned: " + str(e)) + @common_cleanup def promote_check(installer): options = installer @@ -761,9 +809,7 @@ def promote_check(installer): client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) if not client_fstore.has_files(): - sys.exit("IPA client is not configured on this system.\n" - "You must use a replica file or join the system " - "using 'ipa-client-install'.") + ensure_enrolled(installer) sstore = sysrestore.StateFile(paths.SYSRESTORE) @@ -1108,9 +1154,6 @@ class Replica(BaseServer): description="a file generated by ipa-replica-prepare", ) - realm_name = None - domain_name = None - setup_ca = Knob(BaseServer.setup_ca) setup_kra = Knob(BaseServer.setup_kra) setup_dns = Knob(BaseServer.setup_dns) @@ -1130,12 +1173,16 @@ class Replica(BaseServer): admin_password = Knob( BaseServer.admin_password, - description="Admin user Kerberos password used for connection check", + description="Kerberos password for the specified admin principal", cli_short_name='w', ) + server = Knob( + str, None, + description="fully qualified name of IPA server to enroll to", + ) + mkhomedir = Knob(BaseServer.mkhomedir) - host_name = None no_host_dns = Knob(BaseServer.no_host_dns) no_ntp = Knob(BaseServer.no_ntp) no_pkinit = Knob(BaseServer.no_pkinit) @@ -1153,10 +1200,17 @@ class Replica(BaseServer): principal = Knob( str, None, sensitive=True, - description="User Principal allowed to promote replicas", + description="User Principal allowed to promote replicas " + "and join IPA realm", cli_short_name='P', ) + keytab = Knob( + str, None, + description="path to backed up keytab from previous enrollment", + cli_short_name='k', + ) + promote = False # ca @@ -1197,6 +1251,28 @@ class Replica(BaseServer): raise RuntimeError("Replica file %s does not exist" % self.replica_file) + CLIKnob = collections.namedtuple('CLIKnob', ('value', 'name')) + + conflicting_knobs = ( + CLIKnob(self.realm_name, '--realm'), + CLIKnob(self.domain_name, '--domain'), + CLIKnob(self.host_name, '--hostname'), + CLIKnob(self.server, '--server'), + CLIKnob(self.admin_password, '--admin-password'), + CLIKnob(self.principal, '--principal'), + ) + + if any([k.value is not None for k in conflicting_knobs]): + conflicting_knob_names = [ + knob.name for knob in conflicting_knobs + if knob.value is not None + ] + + raise RuntimeError( + "You cannot specify '{0}' option(s) with replica file." + .format(", ".join(conflicting_knob_names)) + ) + if self.setup_dns: #pylint: disable=no-member if (not self.dns.forwarders and not self.dns.no_forwarders |