From d90eb46cce788595edf50f4658e97a7dd8c3e9b8 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Wed, 25 Sep 2013 13:45:45 +0200
Subject: ipa-client: Set NIS domain name in the installer

Provides two new options for the ipa-client-install:
    --nisdomain: specifies the NIS domain name
    --no_nisdomain: flag to aviod setting the NIS domain name

In case no --nisdomain is specified and --no_nisdomain flag was
not set, the IPA domain is used.

Manual pages updated.

http://fedorahosted.org/freeipa/ticket/3202

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipa-client/ipa-install/ipa-client-install | 65 +++++++++++++++++++++++++++++++
 ipa-client/man/ipa-client-install.1       |  6 +++
 ipapython/platform/base/__init__.py       |  3 +-
 ipapython/platform/fedora16/service.py    |  2 +
 4 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index c376ff27a..5fdd51520 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -126,6 +126,11 @@ def parse_options():
     basic_group.add_option("", "--force-ntpd", dest="force_ntpd",
                       action="store_true", default=False,
                       help="Stop and disable any time&date synchronization services besides ntpd")
+    basic_group.add_option("--nisdomain", dest="nisdomain",
+                           help="NIS domain name")
+    basic_group.add_option("--no-nisdomain", action="store_true", default=False,
+                      help="do not configure NIS domain name",
+                      dest="no_nisdomain")
     basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true",
                       help="configure OpenSSH client to trust DNS SSHFP records")
     basic_group.add_option("--no-ssh", dest="conf_ssh", default=True, action="store_false",
@@ -195,6 +200,9 @@ def parse_options():
     if options.firefox_dir and not options.configure_firefox:
         parser.error("--firefox-dir cannot be used without --configure-firefox option")
 
+    if options.no_nisdomain and options.nisdomain:
+        parser.error("--no-nisdomain cannot be used together with --nisdomain")
+
     return safe_opts, options
 
 def logging_setup(options):
@@ -595,6 +603,7 @@ def uninstall(options, env):
         fstore.restore_all_files()
 
     ipautil.restore_hostname(statestore)
+    unconfigure_nisdomain()
 
     nscd = ipaservices.knownservices.nscd
     nslcd = ipaservices.knownservices.nslcd
@@ -1351,6 +1360,59 @@ def configure_automount(options):
         root_logger.info(stdout)
 
 
+def configure_nisdomain(options, domain):
+    domain = options.nisdomain or domain
+    root_logger.info('Configuring %s as NIS domain.' % domain)
+
+    nis_domain_name = ''
+
+    # First backup the old NIS domain name
+    if os.path.exists('/usr/bin/nisdomainname'):
+        try:
+            nis_domain_name, _, _ = ipautil.run(['/usr/bin/nisdomainname'])
+        except CalledProcessError, e:
+            pass
+
+    statestore.backup_state('network', 'nisdomain', nis_domain_name)
+
+    # Backup the state of the domainname service
+    statestore.backup_state("domainname", "enabled",
+                            ipaservices.knownservices.domainname.is_enabled())
+
+    # Set the new NIS domain name
+    set_nisdomain(domain)
+
+    # Enable and start the domainname service
+    ipaservices.knownservices.domainname.enable()
+    ipaservices.knownservices.domainname.start()
+
+
+def unconfigure_nisdomain():
+    # Set the nisdomain permanent and current nisdomain configuration as it was
+    if statestore.has_state('network'):
+        old_nisdomain = statestore.restore_state('network','nisdomain') or ''
+
+        if old_nisdomain:
+            root_logger.info('Restoring %s as NIS domain.' % old_nisdomain)
+        else:
+            root_logger.info('Unconfiguring the NIS domain.')
+
+        set_nisdomain(old_nisdomain)
+
+    # Restore the configuration of the domainname service
+    enabled = statestore.restore_state('domainname', 'enabled')
+    if not enabled:
+        ipaservices.knownservices.domainname.disable()
+
+
+def set_nisdomain(nisdomain):
+    # Let authconfig setup the permanent configuration
+    auth_config = ipaservices.authconfig()
+    auth_config.add_parameter("nisdomain", nisdomain)
+    auth_config.add_option("update")
+    auth_config.execute()
+
+
 def resolve_ipaddress(server):
     """ Connect to the server's LDAP port in order to determine what ip
         address this machine uses as "public" ip (relative to the server).
@@ -2695,6 +2757,9 @@ def install(options, env, fstore, statestore):
     if options.configure_firefox:
         configure_firefox(options, statestore, cli_domain)
 
+    if not options.no_nisdomain:
+        configure_nisdomain(options=options, domain=cli_domain)
+
     root_logger.info('Client configuration complete.')
 
     return 0
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 95d13fac9..3694fca4a 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -125,6 +125,12 @@ Do not configure or enable NTP.
 \fB\-\-force\-ntpd\fR
 Stop and disable any time&date synchronization services besides ntpd.
 .TP
+\fB\-\-nisdomain\fR=\fINIS_DOMAIN\fR
+Set the NIS domain name as specified. By default, this is set to the IPA domain name.
+.TP
+\fB\-\-no\-nisdomain\fR
+Do not configure NIS domain name.
+.TP
 \fB\-\-ssh\-trust\-dns\fR
 Configure OpenSSH client to trust DNS SSHFP records.
 .TP
diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py
index c1b076b2c..f988c7127 100644
--- a/ipapython/platform/base/__init__.py
+++ b/ipapython/platform/base/__init__.py
@@ -27,7 +27,8 @@ import os
 wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc',
                      'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap',
                      'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd',
-                     'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd']
+                     'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd',
+                     'domainname']
 
 # System may support more time&date services. FreeIPA supports ntpd only, other
 # services will be disabled during IPA installation
diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index edf2d7ff8..41c241ae5 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -54,6 +54,8 @@ system_units['pki_cad'] = system_units['pki-cad']
 system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service'
 system_units['pki_tomcatd'] = system_units['pki-tomcatd']
 system_units['ipa-otpd'] = 'ipa-otpd.socket'
+# Service that sets domainname on Fedora is called fedora-domainname.service
+system_units['domainname'] = 'fedora-domainname.service'
 
 class Fedora16Service(systemd.SystemdService):
     def __init__(self, service_name):
-- 
cgit