diff options
author | Jan Cholasta <jcholast@redhat.com> | 2017-03-08 08:03:13 +0000 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-03-13 10:12:40 +0100 |
commit | 2fc9feddd02bb17c3a9eb7efde83277fcf93252c (patch) | |
tree | 337c32f07dfbfdf89b35ff61e9a5cbfcd6141a82 /ipaserver | |
parent | 774d8d0a5dc0ac175ab0cecc76001632c2a79744 (diff) | |
download | freeipa-2fc9feddd02bb17c3a9eb7efde83277fcf93252c.tar.gz freeipa-2fc9feddd02bb17c3a9eb7efde83277fcf93252c.tar.xz freeipa-2fc9feddd02bb17c3a9eb7efde83277fcf93252c.zip |
install: re-introduce option groups
Re-introduce option groups in ipa-client-install, ipa-server-install and
ipa-replica-install.
https://pagure.io/freeipa/issue/6392
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/adtrust.py | 6 | ||||
-rw-r--r-- | ipaserver/install/ca.py | 21 | ||||
-rw-r--r-- | ipaserver/install/dns.py | 4 | ||||
-rw-r--r-- | ipaserver/install/ipa_replica_install.py | 22 | ||||
-rw-r--r-- | ipaserver/install/ipa_server_install.py | 20 | ||||
-rw-r--r-- | ipaserver/install/kra.py | 3 | ||||
-rw-r--r-- | ipaserver/install/server/__init__.py | 277 |
7 files changed, 186 insertions, 167 deletions
diff --git a/ipaserver/install/adtrust.py b/ipaserver/install/adtrust.py index b81c27c77..b0037e01d 100644 --- a/ipaserver/install/adtrust.py +++ b/ipaserver/install/adtrust.py @@ -15,11 +15,12 @@ import six from ipalib.constants import DOMAIN_LEVEL_0 from ipalib import errors from ipalib.install.service import ServiceAdminInstallInterface +from ipalib.install.service import replica_install_only from ipaplatform.paths import paths from ipapython.admintool import ScriptError from ipapython import ipaldap, ipautil from ipapython.dn import DN -from ipapython.install.core import knob +from ipapython.install.core import group, knob from ipapython.ipa_log_manager import root_logger from ipaserver.install import adtrustinstance from ipaserver.install import service @@ -430,6 +431,7 @@ def install(standalone, options, fstore, api): add_new_adtrust_agents(api, options) +@group class ADTrustInstallInterface(ServiceAdminInstallInterface): """ Interface for the AD trust installer @@ -439,6 +441,7 @@ class ADTrustInstallInterface(ServiceAdminInstallInterface): * ipa-replica-install * ipa-adtrust-install """ + description = "AD trust" # the following knobs are provided on top of those specified for # admin credentials @@ -451,6 +454,7 @@ class ADTrustInstallInterface(ServiceAdminInstallInterface): description="Add IPA masters to a list of hosts allowed to " "serve information about users from trusted forests" ) + add_agents = replica_install_only(add_agents) enable_compat = knob( None, description="Enable support for trusted domains for old clients" diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 649c15293..db3b744a5 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -18,7 +18,7 @@ from ipalib.install import certstore from ipalib.install.service import enroll_only, master_install_only, replica_install_only from ipaserver.install import sysupgrade from ipapython.install import typing -from ipapython.install.core import knob +from ipapython.install.core import group, knob, extend_knob from ipaserver.install import (cainstance, custodiainstance, dsinstance, @@ -367,6 +367,7 @@ class CASigningAlgorithm(enum.Enum): SHA_512_WITH_RSA = 'SHA512withRSA' +@group class CAInstallInterface(dogtag.DogtagInstallInterface, conncheck.ConnCheckInterface): """ @@ -378,22 +379,22 @@ class CAInstallInterface(dogtag.DogtagInstallInterface, * ipa-replica-install * ipa-ca-install """ + description = "Certificate system" - principal = knob( - bases=conncheck.ConnCheckInterface.principal, + principal = conncheck.ConnCheckInterface.principal + principal = extend_knob( + principal, description="User allowed to manage replicas", - cli_names=( - list(conncheck.ConnCheckInterface.principal.cli_names) + ['-P']), + cli_names=list(principal.cli_names) + ['-P'], ) principal = enroll_only(principal) principal = replica_install_only(principal) - admin_password = knob( - bases=conncheck.ConnCheckInterface.admin_password, + admin_password = conncheck.ConnCheckInterface.admin_password + admin_password = extend_knob( + admin_password, description="Admin user Kerberos password used for connection check", - cli_names=( - list(conncheck.ConnCheckInterface.admin_password.cli_names) + - ['-w']), + cli_names=list(admin_password.cli_names) + ['-w'], ) admin_password = enroll_only(admin_password) diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index f71830975..0dddf2a64 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -32,7 +32,7 @@ from ipapython import dnsutil from ipapython.dn import DN from ipapython.dnsutil import check_zone_overlap from ipapython.install import typing -from ipapython.install.core import knob +from ipapython.install.core import group, knob from ipapython.ipa_log_manager import root_logger from ipapython.admintool import ScriptError from ipapython.ipautil import user_input @@ -414,6 +414,7 @@ class DNSForwardPolicy(enum.Enum): FIRST = 'first' +@group class DNSInstallInterface(hostname.HostNameInstallInterface): """ Interface of the DNS installer @@ -424,6 +425,7 @@ class DNSInstallInterface(hostname.HostNameInstallInterface): * ipa-replica-install * ipa-dns-install """ + description = "DNS" allow_zone_overlap = knob( None, diff --git a/ipaserver/install/ipa_replica_install.py b/ipaserver/install/ipa_replica_install.py index 39c745643..9d38bec61 100644 --- a/ipaserver/install/ipa_replica_install.py +++ b/ipaserver/install/ipa_replica_install.py @@ -3,7 +3,7 @@ # from ipapython.install import cli -from ipapython.install.core import knob +from ipapython.install.core import knob, extend_knob from ipaplatform.paths import paths from ipaserver.install.server import ServerReplicaInstall @@ -19,9 +19,8 @@ class CompatServerReplicaInstall(ServerReplicaInstall): ca_file = None zonemgr = None - replica_file = knob( - # pylint: disable=no-member - bases=ServerReplicaInstall.replica_file, + replica_file = extend_knob( + ServerReplicaInstall.replica_file, # pylint: disable=no-member cli_names='replica_file', ) @@ -52,17 +51,18 @@ class CompatServerReplicaInstall(ServerReplicaInstall): def dm_password(self, value): self.__dm_password = value - ip_addresses = knob( - # pylint: disable=no-member - bases=ServerReplicaInstall.ip_addresses, + ip_addresses = extend_knob( + ServerReplicaInstall.ip_addresses, # pylint: disable=no-member description="Replica server IP Address. This option can be used " "multiple times", ) - admin_password = knob( - # pylint: disable=no-member - bases=ServerReplicaInstall.admin_password, - cli_names=list(ServerReplicaInstall.admin_password.cli_names) + ['-w'], + admin_password = ( + ServerReplicaInstall.admin_password # pylint: disable=no-member + ) + admin_password = extend_knob( + admin_password, + cli_names=list(admin_password.cli_names) + ['-w'], ) @admin_password.default_getter diff --git a/ipaserver/install/ipa_server_install.py b/ipaserver/install/ipa_server_install.py index e708040e8..428e18434 100644 --- a/ipaserver/install/ipa_server_install.py +++ b/ipaserver/install/ipa_server_install.py @@ -3,7 +3,7 @@ # from ipapython.install import cli -from ipapython.install.core import knob +from ipapython.install.core import extend_knob from ipaplatform.paths import paths from ipaserver.install.server import ServerMasterInstall @@ -15,22 +15,20 @@ class CompatServerMasterInstall(ServerMasterInstall): no_sudo = False request_cert = False - dm_password = knob( - # pylint: disable=no-member - bases=ServerMasterInstall.dm_password, + dm_password = extend_knob( + ServerMasterInstall.dm_password, # pylint: disable=no-member cli_names=['--ds-password', '-p'], ) - admin_password = knob( + admin_password = ServerMasterInstall.admin_password + admin_password = extend_knob( + admin_password, # pylint: disable=no-member - bases=ServerMasterInstall.admin_password, - cli_names=(list(ServerMasterInstall.admin_password.cli_names) + - ['-a']), + cli_names=list(admin_password.cli_names) + ['-a'], ) - ip_addresses = knob( - # pylint: disable=no-member - bases=ServerMasterInstall.ip_addresses, + ip_addresses = extend_knob( + ServerMasterInstall.ip_addresses, # pylint: disable=no-member description="Master Server IP Address. This option can be used " "multiple times", ) diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py index 5a7a6ef2d..17617ed3b 100644 --- a/ipaserver/install/kra.py +++ b/ipaserver/install/kra.py @@ -15,6 +15,7 @@ from ipaplatform.paths import paths from ipapython import certdb from ipapython import ipautil from ipapython.dn import DN +from ipapython.install.core import group from ipaserver.install import custodiainstance from ipaserver.install import cainstance from ipaserver.install import krainstance @@ -141,6 +142,7 @@ def uninstall(standalone): kra.uninstall() +@group class KRAInstallInterface(dogtag.DogtagInstallInterface): """ Interface of the KRA installer @@ -151,3 +153,4 @@ class KRAInstallInterface(dogtag.DogtagInstallInterface): * ipa-replica-install * ipa-kra-install """ + description = "KRA" diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py index edb91f3d1..14f1ec48a 100644 --- a/ipaserver/install/server/__init__.py +++ b/ipaserver/install/server/__init__.py @@ -14,6 +14,7 @@ import random from ipaclient.install import client from ipalib import constants +from ipalib.install import service from ipalib.install.service import (enroll_only, installs_master, installs_replica, @@ -24,7 +25,7 @@ from ipalib.install.service import (enroll_only, from ipapython import ipautil from ipapython.dnsutil import check_zone_overlap from ipapython.install import typing -from ipapython.install.core import knob +from ipapython.install.core import group, knob, extend_knob from ipapython.install.common import step from .install import validate_admin_password, validate_dm_password @@ -41,12 +42,120 @@ from .upgrade import upgrade_check, upgrade from .. import adtrust, ca, conncheck, dns, kra -class ServerInstallInterface(client.ClientInstallInterface, +@group +class ServerUninstallInterface(service.ServiceInstallInterface): + description = "Uninstall" + + ignore_topology_disconnect = knob( + None, + description="do not check whether server uninstall disconnects the " + "topology (domain level 1+)", + ) + ignore_topology_disconnect = master_install_only(ignore_topology_disconnect) + + ignore_last_of_role = knob( + None, + description="do not check whether server uninstall removes last " + "CA/DNS server or DNSSec master (domain level 1+)", + ) + ignore_last_of_role = master_install_only(ignore_last_of_role) + + +@group +class ServerCertificateInstallInterface(service.ServiceInstallInterface): + description = "SSL certificate" + + dirsrv_cert_files = knob( + # pylint: disable=invalid-sequence-index + typing.List[str], None, + description=("File containing the Directory Server SSL certificate " + "and private key"), + cli_names='--dirsrv-cert-file', + cli_deprecated_names='--dirsrv_pkcs12', + cli_metavar='FILE', + ) + dirsrv_cert_files = prepare_only(dirsrv_cert_files) + + http_cert_files = knob( + # pylint: disable=invalid-sequence-index + typing.List[str], None, + description=("File containing the Apache Server SSL certificate and " + "private key"), + cli_names='--http-cert-file', + cli_deprecated_names='--http_pkcs12', + cli_metavar='FILE', + ) + http_cert_files = prepare_only(http_cert_files) + + pkinit_cert_files = knob( + # pylint: disable=invalid-sequence-index + typing.List[str], None, + description=("File containing the Kerberos KDC SSL certificate and " + "private key"), + cli_names='--pkinit-cert-file', + cli_deprecated_names='--pkinit_pkcs12', + cli_metavar='FILE', + ) + pkinit_cert_files = prepare_only(pkinit_cert_files) + + dirsrv_pin = knob( + str, None, + sensitive=True, + description="The password to unlock the Directory Server private key", + cli_deprecated_names='--dirsrv_pin', + cli_metavar='PIN', + ) + dirsrv_pin = prepare_only(dirsrv_pin) + + http_pin = knob( + str, None, + sensitive=True, + description="The password to unlock the Apache Server private key", + cli_deprecated_names='--http_pin', + cli_metavar='PIN', + ) + http_pin = prepare_only(http_pin) + + pkinit_pin = knob( + str, None, + sensitive=True, + description="The password to unlock the Kerberos KDC private key", + cli_deprecated_names='--pkinit_pin', + cli_metavar='PIN', + ) + pkinit_pin = prepare_only(pkinit_pin) + + dirsrv_cert_name = knob( + str, None, + description="Name of the Directory Server SSL certificate to install", + cli_metavar='NAME', + ) + dirsrv_cert_name = prepare_only(dirsrv_cert_name) + + http_cert_name = knob( + str, None, + description="Name of the Apache Server SSL certificate to install", + cli_metavar='NAME', + ) + http_cert_name = prepare_only(http_cert_name) + + pkinit_cert_name = knob( + str, None, + description="Name of the Kerberos KDC SSL certificate to install", + cli_metavar='NAME', + ) + pkinit_cert_name = prepare_only(pkinit_cert_name) + + +@group +class ServerInstallInterface(ServerCertificateInstallInterface, + client.ClientInstallInterface, ca.CAInstallInterface, kra.KRAInstallInterface, dns.DNSInstallInterface, adtrust.ADTrustInstallInterface, - conncheck.ConnCheckInterface): + conncheck.ConnCheckInterface, + ServerUninstallInterface): """ Interface of server installers @@ -55,6 +164,7 @@ class ServerInstallInterface(client.ClientInstallInterface, * ipa-replica-prepare * ipa-replica-install """ + description = "Server" force_join = False kinit_attempts = 1 @@ -65,56 +175,57 @@ class ServerInstallInterface(client.ClientInstallInterface, enable_dns_updates = False no_krb5_offline_passwords = False preserve_sssd = False + no_sssd = False - domain_name = knob( - bases=client.ClientInstallInterface.domain_name, + domain_name = client.ClientInstallInterface.domain_name + domain_name = extend_knob( + domain_name, # pylint: disable=no-member - cli_names=(list(client.ClientInstallInterface.domain_name.cli_names) + - ['-n']), + cli_names=list(domain_name.cli_names) + ['-n'], ) - servers = knob( - bases=client.ClientInstallInterface.servers, + servers = extend_knob( + client.ClientInstallInterface.servers, description="fully qualified name of IPA server to enroll to", ) servers = enroll_only(servers) - realm_name = knob( - bases=client.ClientInstallInterface.realm_name, - cli_names=(list(client.ClientInstallInterface.realm_name.cli_names) + - ['-r']), + realm_name = client.ClientInstallInterface.realm_name + realm_name = extend_knob( + realm_name, + cli_names=list(realm_name.cli_names) + ['-r'], ) - host_name = knob( - bases=client.ClientInstallInterface.host_name, + host_name = extend_knob( + client.ClientInstallInterface.host_name, description="fully qualified name of this host", ) - ca_cert_files = knob( - bases=client.ClientInstallInterface.ca_cert_files, + ca_cert_files = extend_knob( + client.ClientInstallInterface.ca_cert_files, description="File containing CA certificates for the service " "certificate files", cli_deprecated_names='--root-ca-file', ) ca_cert_files = prepare_only(ca_cert_files) - dm_password = knob( - bases=client.ClientInstallInterface.dm_password, + dm_password = extend_knob( + client.ClientInstallInterface.dm_password, description="Directory Manager password", ) - ip_addresses = knob( - bases=client.ClientInstallInterface.ip_addresses, + ip_addresses = extend_knob( + client.ClientInstallInterface.ip_addresses, description="Server IP Address. This option can be used multiple " "times", ) - principal = knob( - bases=client.ClientInstallInterface.principal, + principal = client.ClientInstallInterface.principal + principal = extend_knob( + principal, description="User Principal allowed to promote replicas and join IPA " "realm", - cli_names=(list(client.ClientInstallInterface.principal.cli_names) + - ['-P']), + cli_names=list(principal.cli_names) + ['-P'], ) principal = replica_install_only(principal) @@ -195,20 +306,6 @@ class ServerInstallInterface(client.ClientInstallInterface, ) no_hbac_allow = master_install_only(no_hbac_allow) - ignore_topology_disconnect = knob( - None, - description="do not check whether server uninstall disconnects the " - "topology (domain level 1+)", - ) - ignore_topology_disconnect = master_install_only(ignore_topology_disconnect) - - ignore_last_of_role = knob( - None, - description="do not check whether server uninstall removes last " - "CA/DNS server or DNSSec master (domain level 1+)", - ) - ignore_last_of_role = master_install_only(ignore_last_of_role) - no_pkinit = knob( None, description="disables pkinit setup steps", @@ -235,92 +332,6 @@ class ServerInstallInterface(client.ClientInstallInterface, if not os.path.exists(value): raise ValueError("File %s does not exist." % value) - dirsrv_cert_files = knob( - # pylint: disable=invalid-sequence-index - typing.List[str], None, - description=("File containing the Directory Server SSL certificate " - "and private key"), - cli_names='--dirsrv-cert-file', - cli_deprecated_names='--dirsrv_pkcs12', - cli_metavar='FILE', - ) - dirsrv_cert_files = prepare_only(dirsrv_cert_files) - - http_cert_files = knob( - # pylint: disable=invalid-sequence-index - typing.List[str], None, - description=("File containing the Apache Server SSL certificate and " - "private key"), - cli_names='--http-cert-file', - cli_deprecated_names='--http_pkcs12', - cli_metavar='FILE', - ) - http_cert_files = prepare_only(http_cert_files) - - pkinit_cert_files = knob( - # pylint: disable=invalid-sequence-index - typing.List[str], None, - description=("File containing the Kerberos KDC SSL certificate and " - "private key"), - cli_names='--pkinit-cert-file', - cli_deprecated_names='--pkinit_pkcs12', - cli_metavar='FILE', - ) - pkinit_cert_files = prepare_only(pkinit_cert_files) - - dirsrv_pin = knob( - str, None, - sensitive=True, - description="The password to unlock the Directory Server private key", - cli_deprecated_names='--dirsrv_pin', - cli_metavar='PIN', - ) - dirsrv_pin = prepare_only(dirsrv_pin) - - http_pin = knob( - str, None, - sensitive=True, - description="The password to unlock the Apache Server private key", - cli_deprecated_names='--http_pin', - cli_metavar='PIN', - ) - http_pin = prepare_only(http_pin) - - pkinit_pin = knob( - str, None, - sensitive=True, - description="The password to unlock the Kerberos KDC private key", - cli_deprecated_names='--pkinit_pin', - cli_metavar='PIN', - ) - pkinit_pin = prepare_only(pkinit_pin) - - dirsrv_cert_name = knob( - str, None, - description="Name of the Directory Server SSL certificate to install", - cli_metavar='NAME', - ) - dirsrv_cert_name = prepare_only(dirsrv_cert_name) - - http_cert_name = knob( - str, None, - description="Name of the Apache Server SSL certificate to install", - cli_metavar='NAME', - ) - http_cert_name = prepare_only(http_cert_name) - - pkinit_cert_name = knob( - str, None, - description="Name of the Kerberos KDC SSL certificate to install", - cli_metavar='NAME', - ) - pkinit_cert_name = prepare_only(pkinit_cert_name) - - add_agents = knob( - bases=adtrust.ADTrustInstallInterface.add_agents - ) - add_agents = replica_install_only(add_agents) - def __init__(self, **kwargs): super(ServerInstallInterface, self).__init__(**kwargs) @@ -514,8 +525,8 @@ class ServerMasterInstall(ServerMasterInstallInterface): keytab = None setup_ca = True - domain_name = knob( - bases=ServerMasterInstallInterface.domain_name, + domain_name = extend_knob( + ServerMasterInstallInterface.domain_name, ) @domain_name.validator @@ -525,16 +536,16 @@ class ServerMasterInstall(ServerMasterInstallInterface): print("Checking DNS domain %s, please wait ..." % value) check_zone_overlap(value, False) - dm_password = knob( - bases=ServerMasterInstallInterface.dm_password, + dm_password = extend_knob( + ServerMasterInstallInterface.dm_password, ) @dm_password.validator def dm_password(self, value): validate_dm_password(value) - admin_password = knob( - bases=ServerMasterInstallInterface.admin_password, + admin_password = extend_knob( + ServerMasterInstallInterface.admin_password, description="admin user kerberos password", ) @@ -574,8 +585,8 @@ class ServerReplicaInstall(ServerReplicaInstallInterface): subject_base = None ca_subject = None - admin_password = knob( - bases=ServerReplicaInstallInterface.admin_password, + admin_password = extend_knob( + ServerReplicaInstallInterface.admin_password, description="Kerberos password for the specified admin principal", ) |