0000-12-31 18:09:24 -05:50
|
|
|
#! /usr/bin/python -E
|
|
|
|
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2007 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License as
|
|
|
|
# published by the Free Software Foundation; version 2 only
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
# requires the following packages:
|
|
|
|
# fedora-ds-base
|
|
|
|
# openldap-clients
|
|
|
|
# nss-tools
|
|
|
|
|
|
|
|
VERSION = "%prog .1"
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
import sys
|
|
|
|
sys.path.append("/usr/share/ipa")
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
import socket
|
0000-12-31 18:09:24 -05:50
|
|
|
import logging
|
|
|
|
from optparse import OptionParser
|
0000-12-31 18:09:24 -05:50
|
|
|
import ipaserver.dsinstance
|
|
|
|
import ipaserver.krbinstance
|
0000-12-31 18:09:24 -05:50
|
|
|
from ipaserver.util import run
|
0000-12-31 18:09:24 -05:50
|
|
|
|
|
|
|
def parse_options():
|
|
|
|
parser = OptionParser(version=VERSION)
|
2007-07-02 14:51:04 -05:00
|
|
|
parser.add_option("-u", "--user", dest="ds_user",
|
|
|
|
help="ds user")
|
0000-12-31 18:09:24 -05:50
|
|
|
parser.add_option("-r", "--realm", dest="realm_name",
|
|
|
|
help="realm name")
|
|
|
|
parser.add_option("-p", "--password", dest="password",
|
|
|
|
help="admin password")
|
2007-06-28 18:09:54 -05:00
|
|
|
parser.add_option("-m", "--master-password", dest="master_password",
|
|
|
|
help="kerberos master password")
|
0000-12-31 18:09:24 -05:50
|
|
|
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
|
|
|
dest="debug", default=False, help="print debugging information")
|
0000-12-31 18:09:24 -05:50
|
|
|
parser.add_option("--hostname", dest="host_name", help="fully qualified name of server")
|
0000-12-31 18:09:24 -05:50
|
|
|
|
|
|
|
options, args = parser.parse_args()
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
if not options.ds_user or not options.realm_name or not options.password or not options.master_password:
|
|
|
|
parser.error("error: all options are required")
|
0000-12-31 18:09:24 -05:50
|
|
|
|
|
|
|
return options
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
def logging_setup(options):
|
|
|
|
# Always log everything (i.e., DEBUG) to the log
|
|
|
|
# file.
|
0000-12-31 18:09:24 -05:50
|
|
|
logging.basicConfig(level=logging.DEBUG,
|
|
|
|
format='%(asctime)s %(levelname)s %(message)s',
|
0000-12-31 18:09:24 -05:50
|
|
|
filename='ipaserver-install.log',
|
0000-12-31 18:09:24 -05:50
|
|
|
filemode='w')
|
0000-12-31 18:09:24 -05:50
|
|
|
|
|
|
|
console = logging.StreamHandler()
|
|
|
|
# If the debug option is set, also log debug messages to the console
|
|
|
|
if options.debug:
|
|
|
|
console.setLevel(logging.DEBUG)
|
|
|
|
else:
|
|
|
|
# Otherwise, log critical and error messages
|
|
|
|
console.setLevel(logging.ERROR)
|
|
|
|
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
|
|
|
|
console.setFormatter(formatter)
|
|
|
|
logging.getLogger('').addHandler(console)
|
0000-12-31 18:09:24 -05:50
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
def main():
|
0000-12-31 18:09:24 -05:50
|
|
|
options = parse_options()
|
0000-12-31 18:09:24 -05:50
|
|
|
logging_setup(options)
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
# check the hostname is correctly configured, it must be as the kldap
|
|
|
|
# utilities just use the hostname as returned by gethostbyname to set
|
|
|
|
# up some of the standard entries
|
|
|
|
|
|
|
|
if options.host_name:
|
|
|
|
host_name = options.host_name
|
|
|
|
else:
|
|
|
|
host_name = socket.gethostname()
|
|
|
|
if len(host_name.split(".")) < 2:
|
|
|
|
print "Invalid hostname <"+host_name+">"
|
|
|
|
print "Check the /etc/hosts file and make sure to have a valid FQDN"
|
|
|
|
return "-Fatal Error-"
|
|
|
|
|
|
|
|
if socket.gethostbyname(host_name) == "127.0.0.1":
|
|
|
|
print "The hostname resolves to the localhost address (127.0.0.1)"
|
|
|
|
print "Please change your /etc/hosts file or your DNS so that the"
|
|
|
|
print "hostname resolves to the ip address of your network interface."
|
|
|
|
print "The KDC service does not listen on 127.0.0.1"
|
|
|
|
return "-Fatal Error-"
|
|
|
|
|
|
|
|
print "The Final KDC Host Name will be: " + host_name
|
|
|
|
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
# Create a directory server instance
|
0000-12-31 18:09:24 -05:50
|
|
|
ds = ipaserver.dsinstance.DsInstance()
|
0000-12-31 18:09:24 -05:50
|
|
|
ds.create_instance(options.ds_user, options.realm_name, host_name,
|
|
|
|
options.password)
|
0000-12-31 18:09:24 -05:50
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
# Create a kerberos instance
|
0000-12-31 18:09:24 -05:50
|
|
|
krb = ipaserver.krbinstance.KrbInstance()
|
0000-12-31 18:09:24 -05:50
|
|
|
krb.create_instance(options.ds_user, options.realm_name, host_name,
|
|
|
|
options.password, options.master_password)
|
|
|
|
|
2007-08-15 17:30:15 -05:00
|
|
|
# Restart ds after the krb instance has changed ds configurations
|
2007-06-28 18:09:54 -05:00
|
|
|
ds.restart()
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
# Restart apache
|
0000-12-31 18:09:24 -05:50
|
|
|
run(["/sbin/service", "httpd", "restart"])
|
0000-12-31 18:09:24 -05:50
|
|
|
|
2007-08-09 12:44:32 -05:00
|
|
|
# Set apache to start on boot
|
2007-08-06 09:05:53 -05:00
|
|
|
run(["/sbin/chkconfig", "httpd", "on"])
|
|
|
|
|
2007-08-09 12:44:32 -05:00
|
|
|
# Set fedora-ds to start on boot
|
2007-08-15 18:45:18 -05:00
|
|
|
run(["/sbin/chkconfig", "dirsrv", "on"])
|
2007-08-09 12:44:32 -05:00
|
|
|
|
|
|
|
# Set the KDC to start on boot
|
|
|
|
run(["/sbin/chkconfig", "krb5kdc", "on"])
|
|
|
|
|
2007-08-15 17:30:15 -05:00
|
|
|
# Set the Kpasswd to start on boot
|
|
|
|
run(["/sbin/chkconfig", "ipa-kpasswd", "on"])
|
|
|
|
|
|
|
|
# Start Kpasswd
|
2007-08-15 21:17:42 -05:00
|
|
|
run(["/sbin/service", "ipa-kpasswd", "start"])
|
2007-08-15 17:30:15 -05:00
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
# Create the config file
|
|
|
|
fd = open("/etc/ipa/ipa.conf", "w")
|
|
|
|
fd.write("[defaults]\n")
|
|
|
|
fd.write("server=" + host_name + "\n")
|
|
|
|
fd.write("realm=" + options.realm_name + "\n")
|
|
|
|
fd.close()
|
|
|
|
|
0000-12-31 18:09:24 -05:50
|
|
|
return 0
|
|
|
|
|
|
|
|
main()
|