2013-11-27 07:53:57 -06:00
|
|
|
#! /usr/bin/python2 -E
|
2009-11-23 02:26:50 -06:00
|
|
|
# Authors: Martin Nagy <mnagy@redhat.com>
|
|
|
|
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2007 - 2009 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
2010-12-09 06:59:11 -06:00
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
2009-11-23 02:26:50 -06:00
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
2010-12-09 06:59:11 -06:00
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2009-11-23 02:26:50 -06:00
|
|
|
#
|
|
|
|
|
2015-08-12 06:44:11 -05:00
|
|
|
from __future__ import print_function
|
|
|
|
|
2017-05-24 09:35:07 -05:00
|
|
|
import logging
|
2015-12-16 12:04:20 -06:00
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
|
2016-11-23 03:04:43 -06:00
|
|
|
from optparse import SUPPRESS_HELP # pylint: disable=deprecated-module
|
2013-01-30 08:51:08 -06:00
|
|
|
|
2016-11-08 06:05:51 -06:00
|
|
|
from ipaserver.install import bindinstance
|
2011-07-18 02:33:57 -05:00
|
|
|
from ipaserver.install import installutils
|
2009-11-23 02:26:50 -06:00
|
|
|
from ipapython import version
|
2015-05-13 11:49:25 -05:00
|
|
|
from ipalib import api
|
2014-06-17 04:45:43 -05:00
|
|
|
from ipaplatform.paths import paths
|
2015-12-16 12:04:20 -06:00
|
|
|
from ipapython import ipautil
|
2010-10-29 13:24:31 -05:00
|
|
|
from ipapython.config import IPAOptionParser
|
2017-05-24 09:35:07 -05:00
|
|
|
from ipapython.ipa_log_manager import standard_logging_setup
|
2015-05-13 11:49:25 -05:00
|
|
|
|
|
|
|
from ipaserver.install import dns as dns_installer
|
2009-11-23 02:26:50 -06:00
|
|
|
|
2017-05-24 09:35:07 -05:00
|
|
|
logger = logging.getLogger(os.path.basename(__file__))
|
|
|
|
|
2014-06-17 04:45:43 -05:00
|
|
|
log_file_name = paths.IPASERVER_INSTALL_LOG
|
2012-05-31 07:34:09 -05:00
|
|
|
|
2009-11-23 02:26:50 -06:00
|
|
|
def parse_options():
|
2010-10-29 13:24:31 -05:00
|
|
|
parser = IPAOptionParser(version=version.VERSION)
|
2009-11-23 02:26:50 -06:00
|
|
|
parser.add_option("-p", "--ds-password", dest="dm_password",
|
2015-03-12 11:05:39 -05:00
|
|
|
sensitive=True, help=SUPPRESS_HELP)
|
2009-11-23 02:26:50 -06:00
|
|
|
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
|
|
|
default=False, help="print debugging information")
|
2014-11-24 07:49:05 -06:00
|
|
|
parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
|
2014-08-27 06:50:21 -05:00
|
|
|
default=[], action="append",
|
2017-06-14 07:45:03 -05:00
|
|
|
type="ip",
|
|
|
|
help="Master Server IP Address. This option can be used "
|
|
|
|
"multiple times")
|
2009-11-23 02:26:50 -06:00
|
|
|
parser.add_option("--forwarder", dest="forwarders", action="append",
|
2017-10-23 06:45:56 -05:00
|
|
|
type="ip_with_loopback", help="Add a DNS forwarder. This option can be used multiple times")
|
2009-11-23 02:26:50 -06:00
|
|
|
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
|
|
|
default=False, help="Do not add any DNS forwarders, use root servers instead")
|
2015-12-04 13:07:29 -06:00
|
|
|
parser.add_option("--auto-forwarders", dest="auto_forwarders",
|
|
|
|
action="store_true", default=False,
|
|
|
|
help="Use DNS forwarders configured in /etc/resolv.conf")
|
2016-03-01 04:13:18 -06:00
|
|
|
parser.add_option("--forward-policy", dest="forward_policy",
|
2016-03-07 07:37:31 -06:00
|
|
|
choices=("first", "only"), default=None,
|
2016-03-01 04:13:18 -06:00
|
|
|
help="DNS forwarding policy for global forwarders")
|
2014-08-27 06:50:21 -05:00
|
|
|
parser.add_option("--reverse-zone", dest="reverse_zones",
|
2014-11-24 07:49:05 -06:00
|
|
|
default=[], action="append", metavar="REVERSE_ZONE",
|
|
|
|
help="The reverse DNS zone to use. This option can be used multiple times")
|
2011-07-11 03:14:53 -05:00
|
|
|
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
2012-01-31 08:16:56 -06:00
|
|
|
default=False, help="Do not create new reverse DNS zone")
|
2015-12-10 05:54:08 -06:00
|
|
|
parser.add_option("--auto-reverse", dest="auto_reverse", action="store_true",
|
|
|
|
default=False, help="Create necessary DNS zones")
|
2015-12-02 08:20:50 -06:00
|
|
|
parser.add_option("--allow-zone-overlap", dest="allow_zone_overlap",
|
|
|
|
action="store_true", default=False, help="Create DNS "
|
|
|
|
"zone even if it already exists")
|
2014-10-16 09:27:00 -05:00
|
|
|
parser.add_option("--no-dnssec-validation", dest="no_dnssec_validation", action="store_true",
|
|
|
|
default=False, help="Disable DNSSEC validation")
|
2014-10-16 09:34:00 -05:00
|
|
|
parser.add_option("--dnssec-master", dest="dnssec_master", action="store_true",
|
|
|
|
default=False, help="Setup server to be DNSSEC key master")
|
2011-10-24 11:35:48 -05:00
|
|
|
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
|
|
|
|
type="string",
|
2012-02-20 06:40:13 -06:00
|
|
|
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
|
2009-11-23 02:26:50 -06:00
|
|
|
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
|
|
|
default=False, help="unattended installation never prompts the user")
|
2015-05-13 07:45:32 -05:00
|
|
|
parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master",
|
|
|
|
action="store_true", default=False, help="Disable the "
|
|
|
|
"DNSSEC master on this server")
|
|
|
|
parser.add_option("--kasp-db", dest="kasp_db_file", type="string",
|
|
|
|
metavar="FILE", action="store", help="Copy OpenDNSSEC "
|
|
|
|
"metadata from the specified file (will not create a new "
|
|
|
|
"kasp.db file)")
|
|
|
|
parser.add_option("--force", dest="force", action="store_true",
|
|
|
|
help="Force install")
|
2009-11-23 02:26:50 -06:00
|
|
|
|
2016-09-26 07:08:17 -05:00
|
|
|
options, _args = parser.parse_args()
|
2010-10-29 13:24:31 -05:00
|
|
|
safe_options = parser.get_safe_opts(options)
|
2009-11-23 02:26:50 -06:00
|
|
|
|
2015-06-30 15:05:44 -05:00
|
|
|
if options.dnssec_master and options.disable_dnssec_master:
|
|
|
|
parser.error("Invalid combination of parameters: --dnssec-master and "
|
|
|
|
"--disable-dnssec-master")
|
|
|
|
|
2009-11-23 02:26:50 -06:00
|
|
|
if options.forwarders and options.no_forwarders:
|
|
|
|
parser.error("You cannot specify a --forwarder option together with --no-forwarders")
|
2014-08-27 06:50:21 -05:00
|
|
|
elif options.reverse_zones and options.no_reverse:
|
2011-07-11 03:14:53 -05:00
|
|
|
parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
|
2015-12-10 05:54:08 -06:00
|
|
|
elif options.auto_reverse and options.no_reverse:
|
|
|
|
parser.error("You cannot specify a --auto-reverse option together with --no-reverse")
|
2009-11-23 02:26:50 -06:00
|
|
|
|
|
|
|
if options.unattended:
|
2016-05-03 07:12:44 -05:00
|
|
|
if (not options.forwarders
|
|
|
|
and not options.no_forwarders
|
|
|
|
and not options.auto_forwarders):
|
|
|
|
parser.error("You must specify at least one option: "
|
|
|
|
"--forwarder or --no-forwarders or --auto-forwarders")
|
2009-11-23 02:26:50 -06:00
|
|
|
|
2017-10-20 04:10:20 -05:00
|
|
|
if options.kasp_db_file and not os.path.isfile(options.kasp_db_file):
|
2015-05-13 07:45:32 -05:00
|
|
|
parser.error("File %s does not exist" % options.kasp_db_file)
|
|
|
|
|
2015-03-12 11:05:39 -05:00
|
|
|
if options.dm_password:
|
|
|
|
print ("WARNING: Option -p/--ds-password is deprecated "
|
|
|
|
"and should not be used anymore.")
|
2010-10-29 13:24:31 -05:00
|
|
|
return safe_options, options
|
2009-11-23 02:26:50 -06:00
|
|
|
|
|
|
|
def main():
|
2010-10-29 13:24:31 -05:00
|
|
|
safe_options, options = parse_options()
|
2009-11-23 02:26:50 -06:00
|
|
|
|
|
|
|
if os.getegid() != 0:
|
2010-11-08 16:13:48 -06:00
|
|
|
sys.exit("Must be root to setup server")
|
2009-11-23 02:26:50 -06:00
|
|
|
|
2012-05-31 07:34:09 -05:00
|
|
|
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
|
2015-08-12 06:44:11 -05:00
|
|
|
print("\nThe log file for this installation can be found in %s" % log_file_name)
|
2009-11-23 02:26:50 -06:00
|
|
|
|
2017-05-24 09:35:07 -05:00
|
|
|
logger.debug('%s was invoked with options: %s', sys.argv[0], safe_options)
|
|
|
|
logger.debug("missing options might be asked for interactively later\n")
|
|
|
|
logger.debug('IPA version %s', version.VENDOR_VERSION)
|
2010-10-29 13:24:31 -05:00
|
|
|
|
2011-09-13 05:37:47 -05:00
|
|
|
installutils.check_server_configuration()
|
|
|
|
|
2009-11-23 02:26:50 -06:00
|
|
|
# Initialize the ipalib api
|
2016-11-28 09:24:33 -06:00
|
|
|
api.bootstrap(
|
|
|
|
context='install', confdir=paths.ETC_IPA,
|
|
|
|
in_server=True, debug=options.debug,
|
2009-11-23 02:26:50 -06:00
|
|
|
)
|
|
|
|
api.finalize()
|
2016-10-27 03:31:45 -05:00
|
|
|
api.Backend.ldap2.connect()
|
2011-01-05 06:46:30 -06:00
|
|
|
|
2015-07-07 09:28:48 -05:00
|
|
|
options.setup_ca = None # must be None to enable autodetection
|
2011-07-26 07:53:19 -05:00
|
|
|
|
2015-12-17 09:16:09 -06:00
|
|
|
dns_installer.install_check(True, api, False, options, hostname=api.env.host)
|
2015-05-13 11:49:25 -05:00
|
|
|
dns_installer.install(True, False, options)
|
2014-10-16 09:34:00 -05:00
|
|
|
|
2016-01-14 07:52:15 -06:00
|
|
|
# execute ipactl to refresh services status
|
|
|
|
ipautil.run(['ipactl', 'start', '--ignore-service-failures'],
|
|
|
|
raiseonerr=False)
|
|
|
|
|
2016-10-27 03:31:45 -05:00
|
|
|
api.Backend.ldap2.disconnect()
|
|
|
|
|
2009-11-23 02:26:50 -06:00
|
|
|
return 0
|
|
|
|
|
2012-05-31 07:34:09 -05:00
|
|
|
if __name__ == '__main__':
|
2015-03-12 11:05:39 -05:00
|
|
|
installutils.run_script(main, log_file_name=log_file_name,
|
|
|
|
operation_name='ipa-dns-install')
|