diff options
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 224 |
1 files changed, 49 insertions, 175 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index adff9284e..79bbcda59 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -33,6 +33,8 @@ from ipaserver.install.installutils import create_replica_config from ipaserver.install.replication import ( ReplicationManager, replica_conn_check) +from .common import BaseServer + DIRMAN_DN = DN(('cn', 'directory manager')) @@ -653,145 +655,78 @@ def install(installer): remove_replica_info_dir(installer) -class ReplicaCA(common.Installable, core.Group, core.Composite): - description = "certificate system" - - no_pkinit = Knob( - bool, False, - description="disables pkinit setup steps", - ) - - skip_schema_check = Knob( - bool, False, - description="skip check for updated CA DS schema on the remote master", - ) - - -class ReplicaDNS(common.Installable, core.Group, core.Composite): - description = "DNS" - - setup_dns = Knob( - bool, False, - description="configure bind with our zone", - ) - - forwarders = Knob( - (list, 'ip'), None, - description=("Add a DNS forwarder. This option can be used multiple " - "times"), - cli_name='forwarder', - ) - - no_forwarders = Knob( - bool, False, - description="Do not add any DNS forwarders, use root servers instead", - ) - - reverse_zones = Knob( - (list, str), [], - description=("The reverse DNS zone to use. This option can be used " - "multiple times"), - cli_name='reverse-zone', - cli_metavar='REVERSE_ZONE', - ) - - no_reverse = Knob( - bool, False, - description="Do not create new reverse DNS zone", - ) - - no_dnssec_validation = Knob( - bool, False, - description="Disable DNSSEC validation", - ) - - no_host_dns = Knob( - bool, False, - description="Do not use DNS for hostname lookup during installation", - ) - - no_dns_sshfp = Knob( - bool, False, - description="do not automatically create DNS SSHFP records", - ) - - -class Replica(common.Installable, common.Interactive, core.Composite): +class Replica(BaseServer): replica_file = Knob( str, None, description="a file generated by ipa-replica-prepare", ) - setup_ca = Knob( - bool, False, - initializable=False, - description="configure a dogtag CA", - ) + realm_name = None + domain_name = None - setup_kra = Knob( - bool, False, - initializable=False, - description="configure a dogtag KRA", - ) + setup_ca = Knob(BaseServer.setup_ca) + setup_kra = Knob(BaseServer.setup_kra) + setup_dns = Knob(BaseServer.setup_dns) ip_addresses = Knob( - (list, 'ip-local'), None, + BaseServer.ip_addresses, description=("Replica server IP Address. This option can be used " "multiple times"), - cli_name='ip-address', - cli_metavar='IP_ADDRESS', ) - password = Knob( - str, None, - sensitive=True, + dm_password = Knob( + BaseServer.dm_password, description="Directory Manager (existing master) password", - cli_short_name='p', + cli_name='password', + cli_metavar='PASSWORD', ) admin_password = Knob( - str, None, - sensitive=True, + BaseServer.admin_password, description="Admin user Kerberos password used for connection check", cli_short_name='w', ) - mkhomedir = Knob( - bool, False, - description="create home directories for users on their first login", - ) - - no_ntp = Knob( - bool, False, - description="do not configure ntp", - cli_short_name='N', - ) - - no_ui_redirect = Knob( - bool, False, - description="Do not automatically redirect to the Web UI", - ) - - ssh_trust_dns = Knob( - bool, False, - description="configure OpenSSH client to trust DNS SSHFP records", - ) - - no_ssh = Knob( - bool, False, - description="do not configure OpenSSH client", - ) - - no_sshd = Knob( - bool, False, - description="do not configure OpenSSH server", - ) + mkhomedir = Knob(BaseServer.mkhomedir) + host_name = None + no_host_dns = Knob(BaseServer.no_host_dns) + no_ntp = Knob(BaseServer.no_ntp) + no_pkinit = Knob(BaseServer.no_pkinit) + no_ui_redirect = Knob(BaseServer.no_ui_redirect) + ssh_trust_dns = Knob(BaseServer.ssh_trust_dns) + no_ssh = Knob(BaseServer.no_ssh) + no_sshd = Knob(BaseServer.no_sshd) + no_dns_sshfp = Knob(BaseServer.no_dns_sshfp) skip_conncheck = Knob( bool, False, description="skip connection check to remote master", ) + # ca + external_ca = None + external_ca_type = None + external_cert_files = None + dirsrv_cert_files = None + http_cert_files = None + pkinit_cert_files = None + dirsrv_pin = None + http_pin = None + pkinit_pin = None + dirsrv_cert_name = None + http_cert_name = None + pkinit_cert_name = None + ca_cert_files = None + subject = None + ca_signing_algorithm = None + + # dns + dnssec_master = None + disable_dnssec_master = None + kasp_db_file = None + force = None + zonemgr = None + def __init__(self, **kwargs): super(Replica, self).__init__(**kwargs) @@ -799,8 +734,6 @@ class Replica(common.Installable, common.Interactive, core.Composite): self._config = None self._update_hosts_file = False - #pylint: disable=no-member - if self.replica_file is None: raise RuntimeError( "you must provide a file generated by ipa-replica-prepare") @@ -808,69 +741,10 @@ class Replica(common.Installable, common.Interactive, core.Composite): raise RuntimeError( "Replica file %s does not exist" % self.replica_file) - if not self.dns.setup_dns: - if self.dns.forwarders: - raise RuntimeError( - "You cannot specify a --forwarder option without the " - "--setup-dns option") - if self.dns.no_forwarders: - raise RuntimeError( - "You cannot specify a --no-forwarders option without the " - "--setup-dns option") - if self.dns.reverse_zones: - raise RuntimeError( - "You cannot specify a --reverse-zone option without the " - "--setup-dns option") - if self.dns.no_reverse: - raise RuntimeError( - "You cannot specify a --no-reverse option without the " - "--setup-dns option") - if self.dns.no_dnssec_validation: - raise RuntimeError( - "You cannot specify a --no-dnssec-validation option " - "without the --setup-dns option") - elif self.dns.forwarders and self.dns.no_forwarders: - raise RuntimeError( - "You cannot specify a --forwarder option together with " - "--no-forwarders") - elif not self.dns.forwarders and not self.dns.no_forwarders: - raise RuntimeError( - "You must specify at least one --forwarder option or " - "--no-forwarders option") - elif self.dns.reverse_zones and self.dns.no_reverse: - raise RuntimeError( - "You cannot specify a --reverse-zone option together with " - "--no-reverse") - - # Automatically disable pkinit w/ dogtag until that is supported - self.ca.no_pkinit = True - - self.external_ca = False - self.external_cert_files = None - self.no_pkinit = self.ca.no_pkinit - self.skip_schema_check = self.ca.skip_schema_check - - self.setup_dns = self.dns.setup_dns - self.forwarders = self.dns.forwarders - self.no_forwarders = self.dns.no_forwarders - self.reverse_zones = self.dns.reverse_zones - self.no_reverse = self.dns.no_reverse - self.no_dnssec_validation = self.dns.no_dnssec_validation - self.dnssec_master = False - self.disable_dnssec_master = False - self.kasp_db_file = None - self.force = False - self.zonemgr = None - self.no_host_dns = self.dns.no_host_dns - self.no_dns_sshfp = self.dns.no_dns_sshfp - - self.unattended = not self.interactive + self.password = self.dm_password @step() def main(self): install_check(self) yield install(self) - - ca = core.Component(ReplicaCA) - dns = core.Component(ReplicaDNS) |