diff -r 7473ee272af0 ipa-server/ipa-install/ipa-server-install --- a/ipa-server/ipa-install/ipa-server-install Fri Jan 25 12:32:14 2008 +0000 +++ b/ipa-server/ipa-install/ipa-server-install Fri Jan 25 12:34:04 2008 +0000 @@ -79,8 +79,10 @@ def parse_options(): options.dm_password or options.admin_password or options.master_password): parser.error("error: In uninstall mode, -u, r, -p and -P options are not allowed") - elif not options.realm_name: - parser.error("error: In install mode you need to provide at least the -r option") + elif not options.realm_name and (options.master_password or + options.admin_password or + options.setup_bind): + parser.error("error: the -P, -a and --setup-bind options are not valide without --realm") return options @@ -106,7 +108,7 @@ def resolve_host(host_name): print "The KDC service does not listen on localhost" print "" print "Please fix your /etc/hosts file and restart the setup program" - return "-Fatal Error-" + return None except: print "Unable to lookup the IP address of the provided host" @@ -124,6 +126,46 @@ def verify_ip_address(ip): is_ok = False return is_ok +def check_host_name(host_name, ip_address = None, ignore_mismatch = False): + # check the hostname is correctly configured, it must be as the kldap + # utilities just use the hostname as returned by gethostbyname to set + # up some of the standard entries + + try: + verify_fqdn(host_name) + except RuntimeError, e: + logging.error(str(e) + "\n") + sys.exit(1) + + # Check we have a public IP that is associated with the hostname + add_host = False + ip = resolve_host(host_name) + if not ip: + if not ip_address: + print "Unable to resolve IP address for host name" + sys.exit(1) + ip = ip_address + add_host = True + + if not verify_ip_address(ip): + sys.exit(1) + + if ip_address and ip_address != ip and not ignore_mismatch: + print "Error: the hostname resolves to an IP address that is different" + print "from the one provided on the command line. Please fix your DNS" + print "or /etc/hosts file and restart the installation." + sys.exit(1) + + if not add_host: + return + + print "Adding [" + ip + " " + host_name + "] to your /etc/hosts file" + sysrestore.backup_file("/etc/hosts") + hosts_fd = open('/etc/hosts', 'r+') + hosts_fd.seek(0, 2) + hosts_fd.write(ip + '\t' + host_name + ' ' + host_name[:host_name.find('.')] + '\n') + hosts_fd.close() + def check_dirsrv(): if ipaserver.dsinstance.check_existing_installation(): print "" @@ -143,6 +185,7 @@ def uninstall(): def uninstall(): ipaserver.ntpinstance.NTPInstance().uninstall() ipaserver.bindinstance.BindInstance().uninstall() + service.SimpleServiceInstance("ipa_configd").uninstall() ipaserver.httpinstance.WebGuiInstance().uninstall() ipaserver.httpinstance.HTTPInstance().uninstall() ipaserver.krbinstance.KrbInstance().uninstall() @@ -194,53 +237,55 @@ def main(): print "Please install bind (you may also need the package 'caching-nameserver') and restart the setup program" return "-Fatal Error-" - # check the hostname is correctly configured, it must be as the kldap - # utilities just use the hostname as returned by gethostbyname to set - # up some of the standard entries + if options.ds_user: + ds_user = options.ds_user + else: + ds_user = "dirsrv" host_name = "" if options.host_name: + check_host_name(options.host_name, options.ip_address, options.setup_bind) host_name = options.host_name else: host_name = get_fqdn() - try: - verify_fqdn(host_name) - except RuntimeError, e: - logging.error(str(e) + "\n") - return "-Fatal Error-" + if not options.dm_password: + dm_password = ipa_generate_password() + print "A randomly generated password for 'cn=Directory Manager' is being used: %s" % dm_password + else: + dm_password = options.dm_password + + ds = ipaserver.dsinstance.DsInstance() + ds.install(ds_user, host_name, dm_password) + + http = ipaserver.httpinstance.HTTPInstance() + http.install(host_name) + + ipaserver.httpinstance.WebGuiInstance().install() + + service.SimpleServiceInstance("ipa_configd").install() + + ipaserver.ntpinstance.NTPInstance().install() + + # Create the config file + sysrestore.backup_file("/etc/ipa/ipa.conf") + fd = open("/etc/ipa/ipa.conf", "w") + fd.write("[defaults]\n") + fd.write("server=" + host_name + "\n") + if realm_name: + fd.write("realm=" + realm_name + "\n") + fd.close() + + if not realm_name: + sys.exit(0) + + if not options.host_name: + check_host_name(host_name) + + if options.ip_address: + ip = options.ip_address domain_name = host_name[host_name.find(".")+1:] - - # Check we have a public IP that is associated with the hostname - add_host = False - ip = resolve_host(host_name) - if not ip: - if not options.ip_address: - print "Unable to resolve IP address for host name" - return "-Fatal Error-" - ip = options.ip_address - add_host = True - - if not verify_ip_address(ip): - return "-Fatal Error-" - - if options.ip_address and options.ip_address != ip: - if options.setup_bind: - ip = options.ip_address - else: - print "Error: the hostname resolves to an IP address that is different" - print "from the one provided on the command line. Please fix your DNS" - print "or /etc/hosts file and restart the installation." - return "-Fatal Error-" - - if add_host: - print "Adding [" + ip + " " + host_name + "] to your /etc/hosts file" - sysrestore.backup_file("/etc/hosts") - hosts_fd = open('/etc/hosts', 'r+') - hosts_fd.seek(0, 2) - hosts_fd.write(ip + '\t' + host_name + ' ' + host_name[:host_name.find('.')] + '\n') - hosts_fd.close() print "The IPA Master Server will be configured with" print "Hostname: " + host_name @@ -248,17 +293,6 @@ def main(): print "Domain name: " + domain_name print "" - if options.ds_user: - ds_user = options.ds_user - else: - ds_user = "dirsrv" - - if not options.dm_password: - dm_password = ipa_generate_password() - print "A randomly generated password for 'cn=Directory Manager' is being used: %s" % dm_password - else: - dm_password = options.dm_password - if not options.master_password: master_password = ipa_generate_password() print "A randomly generated kerberos database master password for is being used: %s" % master_password @@ -272,23 +306,18 @@ def main(): admin_password = options.admin_password # Create a directory server instance - ds = ipaserver.dsinstance.DsInstance() - ds.install(ds_user, realm_name, host_name, dm_password) + ds.create_realm(realm_name) # Create a kerberos instance krb = ipaserver.krbinstance.KrbInstance() - krb.install(ds_user, realm_name, host_name, dm_password, master_password) + krb.create_realm(ds_user, realm_name, host_name, dm_password, master_password) # Create a HTTP instance - http = ipaserver.httpinstance.HTTPInstance() - http.install(realm_name, host_name) - - # Create a Web Gui instance - ipaserver.httpinstance.WebGuiInstance().install() + http.create_realm(realm_name, host_name) bind.setup(host_name, ip, realm_name) if options.setup_bind: - bind.install() + bind.create_realm() else: bind.create_sample_bind_zone() @@ -299,20 +328,8 @@ def main(): service.print_msg("restarting the KDC") krb.restart() - # Configure ntpd - ntp = ipaserver.ntpinstance.NTPInstance() - ntp.install() - # Set the admin user kerberos password ds.change_admin_password(admin_password) - - # Create the config file - sysrestore.backup_file("/etc/ipa/ipa.conf") - fd = open("/etc/ipa/ipa.conf", "w") - fd.write("[defaults]\n") - fd.write("server=" + host_name + "\n") - fd.write("realm=" + realm_name + "\n") - fd.close() print "==============================================================================" print "Setup complete" diff -r 7473ee272af0 ipa-server/ipaserver/bindinstance.py --- a/ipa-server/ipaserver/bindinstance.py Fri Jan 25 12:32:14 2008 +0000 +++ b/ipa-server/ipaserver/bindinstance.py Fri Jan 25 12:34:04 2008 +0000 @@ -62,7 +62,7 @@ class BindInstance(service.Service): os.close(bind_fd) print "Sample zone file for bind has been created in "+bind_name - def install(self): + def create_realm(self): try: self.stop() diff -r 7473ee272af0 ipa-server/ipaserver/dsinstance.py --- a/ipa-server/ipaserver/dsinstance.py Fri Jan 25 12:32:14 2008 +0000 +++ b/ipa-server/ipaserver/dsinstance.py Fri Jan 25 12:34:04 2008 +0000 @@ -101,14 +101,13 @@ class DsInstance(service.Service): self.domain = None self.pkcs12_info = None - def install(self, ds_user, realm_name, host_name, dm_password, pkcs12_info=None): + def install(self, ds_user, host_name, dm_password, pkcs12_info=None): self.ds_user = ds_user - self.realm_name = realm_name.upper() - self.suffix = realm_to_suffix(self.realm_name) self.host_name = host_name self.dm_password = dm_password self.domain = host_name[host_name.find(".")+1:] self.pkcs12_info = pkcs12_info + self.suffix = "dc=IPA" self.step("creating directory server user", self.__create_ds_user) self.step("creating directory server instance", self.__create_instance) @@ -120,6 +119,15 @@ class DsInstance(service.Service): self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) self.step("restarting directory server", self.__restart_instance) + self.step("configuring directory to start on boot", self.__enable) + + self.start_creation("Configuring directory server:") + + def create_realm(self, realm_name): + self.realm_name = realm_name.upper() + self.suffix = realm_to_suffix(self.realm_name) + + self.step("creating " + self.realm_name + " suffix", self.__create_suffix) self.step("adding default layout", self.__add_default_layout) self.step("configuring Posix uid/gid generation as first master", self.__config_uidgid_gen_first_master) @@ -127,8 +135,6 @@ class DsInstance(service.Service): self.__add_master_entry_first_master) self.step("initializing group membership", self.__init_memberof) - - self.step("configuring directory to start on boot", self.__enable) self.start_creation("Configuring directory server:") @@ -185,6 +191,34 @@ class DsInstance(service.Service): print "failed to restart ds instance", e logging.debug("failed to restart ds instance %s" % e) + def __create_suffix(self): + conn = ipaldap.IPAdmin("127.0.0.1") + conn.simple_bind_s("cn=directory manager", self.dm_password) + + try: + # Add the database backend for the suffix + entry = ipaldap.Entry("cn=%s,cn=ldbm database,cn=plugins,cn=config" % self.realm_name) + entry.setValues("objectClass", "top", "extensibleObject", "nsBackendInstance") + entry.setValues("nsslapd-suffix", self.suffix) + entry.setValues("cn", self.realm_name) + conn.addEntry(entry) + + # Add the naming context for the suffix + entry = ipaldap.Entry("cn=\"%s\",cn=mapping tree,cn=config" % self.suffix) + entry.setValues("objectClass", "top", "extensibleObject", "nsMappingTree") + entry.setValues("nsslapd-state", "backend") + entry.setValues("nsslapd-backend", self.realm_name) + entry.setValues("cn", "\"%s\"" % self.suffix) + conn.addEntry(entry) + + # Add the suffix itself + entry = ipaldap.Entry(self.suffix) + entry.setValues("objectClass", "top", "domain") + entry.setValues("dc", self.suffix.split(",")[0].split("=")[1]) + conn.addEntry(entry) + finally: + conn.unbind() + def __add_default_schemas(self): shutil.copyfile(ipautil.SHARE_DIR + "60kerberos.ldif", os.path.join(SCHEMA_DIRNAME, "60kerberos.ldif")) diff -r 7473ee272af0 ipa-server/ipaserver/httpinstance.py --- a/ipa-server/ipaserver/httpinstance.py Fri Jan 25 12:32:14 2008 +0000 +++ b/ipa-server/ipaserver/httpinstance.py Fri Jan 25 12:34:04 2008 +0000 @@ -55,20 +55,30 @@ class HTTPInstance(service.Service): def __init__(self): service.Service.__init__(self, "httpd") - def install(self, realm, fqdn): + def install(self, fqdn): + self.fqdn = fqdn + self.domain = fqdn[fqdn.find(".")+1:] + self.sub_dict = { "FQDN": fqdn, "DOMAIN" : self.domain } + + self.step("disabling mod_ssl in httpd", self.__disable_mod_ssl) + self.step("Setting mod_nss port to 443", self.__set_mod_nss_port) + self.step("configuring httpd", self.__configure_http) + self.step("Setting up ssl", self.__setup_ssl) + self.step("configuring SELinux for httpd", self.__selinux_config) + self.step("restarting httpd", self.__start) + self.step("configuring httpd to start on boot", self.__enable) + + self.start_creation("Configuring the web interface") + + def create_realm(self, realm, fqdn): self.fqdn = fqdn self.realm = realm self.domain = fqdn[fqdn.find(".")+1:] - self.step("disabling mod_ssl in httpd", self.__disable_mod_ssl) - self.step("Setting mod_nss port to 443", self.__set_mod_nss_port) - self.step("configuring httpd", self.__configure_http) self.step("creating a keytab for httpd", self.__create_http_keytab) - self.step("Setting up ssl", self.__setup_ssl) + self.step("configuring kerberos authentication", self.__configure_krb_auth) self.step("Setting up browser autoconfig", self.__setup_autoconfig) - self.step("configuring SELinux for httpd", self.__selinux_config) self.step("restarting httpd", self.__start) - self.step("configuring httpd to start on boot", self.__enable) self.start_creation("Configuring the web interface") @@ -128,6 +138,9 @@ class HTTPInstance(service.Service): http_fd.write(http_txt) http_fd.close() + self.__configure_http_auth("\n") + + def __configure_krb_auth(self): auth_txt = ipautil.template_file(ipautil.SHARE_DIR + "httpd-auth-krb.conf", REALM = self.realm) self.__configure_http_auth(auth_txt) diff -r 7473ee272af0 ipa-server/ipaserver/krbinstance.py --- a/ipa-server/ipaserver/krbinstance.py Fri Jan 25 12:32:14 2008 +0000 +++ b/ipa-server/ipaserver/krbinstance.py Fri Jan 25 12:34:04 2008 +0000 @@ -121,7 +121,7 @@ class KrbInstance(service.Service): self.step("starting the KDC", self.__start_instance) self.step("configuring KDC to start on boot", self.__enable) - def install(self, ds_user, realm_name, host_name, admin_password, master_password): + def create_realm(self, ds_user, realm_name, host_name, admin_password, master_password): self.master_password = master_password self.__common_setup(ds_user, realm_name, host_name, admin_password)