|  |  |  | #! /usr/bin/python -E | 
					
						
							|  |  |  | # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # Copyright (C) 2007  Red Hat | 
					
						
							|  |  |  | # see file 'COPYING' for use and warranty information | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # This program is free software; you can redistribute it and/or | 
					
						
							|  |  |  | # modify it under the terms of the GNU General Public License as | 
					
						
							|  |  |  | # published by the Free Software Foundation; version 2 only | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # This program is distributed in the hope that it will be useful, | 
					
						
							|  |  |  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							|  |  |  | # GNU General Public License for more details. | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # You should have received a copy of the GNU General Public License | 
					
						
							|  |  |  | # along with this program; if not, write to the Free Software | 
					
						
							|  |  |  | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # requires the following packages: | 
					
						
							|  |  |  | # fedora-ds-base | 
					
						
							|  |  |  | # openldap-clients | 
					
						
							|  |  |  | # nss-tools | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import sys | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  | import os | 
					
						
							|  |  |  | import socket | 
					
						
							| 
									
										
										
										
											2007-10-15 13:27:05 -04:00
										 |  |  | import errno | 
					
						
							|  |  |  | import logging | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  | import pwd | 
					
						
							| 
									
										
										
										
											2007-10-03 17:37:13 -04:00
										 |  |  | import subprocess | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  | import signal | 
					
						
							|  |  |  | import shutil | 
					
						
							|  |  |  | import glob | 
					
						
							|  |  |  | import traceback | 
					
						
							|  |  |  | from optparse import OptionParser | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  | from ipaserver.install import dsinstance | 
					
						
							|  |  |  | from ipaserver.install import krbinstance | 
					
						
							|  |  |  | from ipaserver.install import bindinstance | 
					
						
							|  |  |  | from ipaserver.install import httpinstance | 
					
						
							|  |  |  | from ipaserver.install import ntpinstance | 
					
						
							| 
									
										
										
										
											2009-04-13 13:39:15 -04:00
										 |  |  | from ipaserver.install import certs | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  | from ipaserver.install import service | 
					
						
							| 
									
										
										
										
											2009-02-05 15:03:08 -05:00
										 |  |  | from ipapython import version | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  | from ipaserver.install.installutils import * | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-05 15:03:08 -05:00
										 |  |  | from ipapython import sysrestore | 
					
						
							|  |  |  | from ipapython.ipautil import * | 
					
						
							| 
									
										
										
										
											2009-02-04 10:53:34 -05:00
										 |  |  | from ipalib import util | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  | pw_name = None | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def parse_options(): | 
					
						
							| 
									
										
										
										
											2008-05-08 11:45:38 -04:00
										 |  |  |     parser = OptionParser(version=version.VERSION) | 
					
						
							| 
									
										
										
										
											2007-07-02 15:51:04 -04:00
										 |  |  |     parser.add_option("-u", "--user", dest="ds_user", | 
					
						
							|  |  |  |                       help="ds user") | 
					
						
							|  |  |  |     parser.add_option("-r", "--realm", dest="realm_name", | 
					
						
							|  |  |  |                       help="realm name") | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     parser.add_option("-n", "--domain", dest="domain_name", | 
					
						
							|  |  |  |                       help="domain name") | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     parser.add_option("-p", "--ds-password", dest="dm_password", | 
					
						
							|  |  |  |                       help="admin password") | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     parser.add_option("-P", "--master-password", dest="master_password", | 
					
						
							| 
									
										
										
										
											2008-02-25 17:18:18 -05:00
										 |  |  |                       help="kerberos master password (normally autogenerated)") | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     parser.add_option("-a", "--admin-password", dest="admin_password", | 
					
						
							|  |  |  |                       help="admin user kerberos password") | 
					
						
							|  |  |  |     parser.add_option("-d", "--debug", dest="debug", action="store_true", | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |                       default=False, help="print debugging information") | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |     parser.add_option("", "--ca", dest="ca", action="store_true", | 
					
						
							|  |  |  |                       default=False, help="Configure a CA instance") | 
					
						
							|  |  |  |     parser.add_option("--hostname", dest="host_name", help="fully qualified name of server") | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     parser.add_option("--ip-address", dest="ip_address", help="Master Server IP Address") | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     # FIXME: Remove this option | 
					
						
							|  |  |  |     parser.add_option("--setup-bind", dest="setup_dns", action="store_true", | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |                       default=False, help="configure bind with our zone file") | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     parser.add_option("--setup-dns", dest="setup_dns", action="store_true", | 
					
						
							|  |  |  |                       default=False, help="configure bind with our zone") | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     parser.add_option("-U", "--unattended", dest="unattended", action="store_true", | 
					
						
							|  |  |  |                       default=False, help="unattended installation never prompts the user") | 
					
						
							| 
									
										
										
										
											2008-01-11 11:57:36 +00:00
										 |  |  |     parser.add_option("", "--uninstall", dest="uninstall", action="store_true", | 
					
						
							|  |  |  |                       default=False, help="uninstall an existing installation") | 
					
						
							| 
									
										
										
										
											2008-02-20 11:03:46 -05:00
										 |  |  |     parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false", | 
					
						
							|  |  |  |                       help="do not configure ntp", default=True) | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12", | 
					
						
							|  |  |  |                       help="PKCS#12 file containing the Directory Server SSL certificate") | 
					
						
							|  |  |  |     parser.add_option("--http_pkcs12", dest="http_pkcs12", | 
					
						
							|  |  |  |                       help="PKCS#12 file containing the Apache Server SSL certificate") | 
					
						
							|  |  |  |     parser.add_option("--dirsrv_pin", dest="dirsrv_pin", | 
					
						
							|  |  |  |                       help="The password of the Directory Server PKCS#12 file") | 
					
						
							|  |  |  |     parser.add_option("--http_pin", dest="http_pin", | 
					
						
							|  |  |  |                       help="The password of the Apache Server PKCS#12 file") | 
					
						
							| 
									
										
										
										
											2008-09-16 20:18:11 -06:00
										 |  |  |     parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true", | 
					
						
							|  |  |  |                       default=False, | 
					
						
							|  |  |  |                       help="Do not use DNS for hostname lookup during installation") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     options, args = parser.parse_args() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-01-11 11:57:36 +00:00
										 |  |  |     if options.uninstall: | 
					
						
							|  |  |  |         if (options.ds_user or options.realm_name or | 
					
						
							|  |  |  |             options.dm_password or options.admin_password or | 
					
						
							|  |  |  |             options.master_password): | 
					
						
							|  |  |  |             parser.error("error: In uninstall mode, -u, r, -p and -P options are not allowed") | 
					
						
							|  |  |  |     elif options.unattended: | 
					
						
							|  |  |  |         if (not options.ds_user or not options.realm_name or | 
					
						
							| 
									
										
										
										
											2008-02-25 17:18:18 -05:00
										 |  |  |             not options.dm_password or not options.admin_password): | 
					
						
							|  |  |  |             parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -a options") | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     # If any of the PKCS#12 options are selected, all are required. Create a | 
					
						
							|  |  |  |     # list of the options and count it to enforce that all are required without | 
					
						
							|  |  |  |     # having a huge set of it blocks. | 
					
						
							|  |  |  |     pkcs12 = [options.dirsrv_pkcs12, options.http_pkcs12, options.dirsrv_pin, options.http_pin] | 
					
						
							|  |  |  |     cnt = pkcs12.count(None) | 
					
						
							|  |  |  |     if cnt > 0 and cnt < 4: | 
					
						
							|  |  |  |         parser.error("error: All PKCS#12 options are required if any are used.") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return options | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  | def signal_handler(signum, frame): | 
					
						
							|  |  |  |     global ds | 
					
						
							|  |  |  |     print "\nCleaning up..." | 
					
						
							|  |  |  |     if ds: | 
					
						
							|  |  |  |         print "Removing configuration for %s instance" % ds.serverid | 
					
						
							|  |  |  |         ds.stop() | 
					
						
							|  |  |  |         if ds.serverid: | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |             dsinstance.erase_ds_instance_data (ds.serverid) | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  |     sys.exit(1) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-09-16 20:18:11 -06:00
										 |  |  | def read_host_name(host_default,no_host_dns=False): | 
					
						
							|  |  |  |     host_name = "" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     print "Enter the fully qualified domain name of the computer" | 
					
						
							|  |  |  |     print "on which you're setting up server software. Using the form" | 
					
						
							|  |  |  |     print "<hostname>.<domainname>" | 
					
						
							|  |  |  |     print "Example: master.example.com." | 
					
						
							|  |  |  |     print "" | 
					
						
							|  |  |  |     print "" | 
					
						
							|  |  |  |     if host_default == "": | 
					
						
							|  |  |  |         host_default = "master.example.com" | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |     while True: | 
					
						
							|  |  |  |         host_name = user_input("Server host name", host_default, allow_empty = False) | 
					
						
							|  |  |  |         print "" | 
					
						
							|  |  |  |         try: | 
					
						
							| 
									
										
										
										
											2008-09-16 20:18:11 -06:00
										 |  |  |             verify_fqdn(host_name,no_host_dns) | 
					
						
							| 
									
										
										
										
											2008-03-06 13:17:28 -05:00
										 |  |  |         except Exception, e: | 
					
						
							|  |  |  |             raise e | 
					
						
							|  |  |  |         else: | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |             break | 
					
						
							|  |  |  |     return host_name | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def resolve_host(host_name): | 
					
						
							|  |  |  |     ip = "" | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         ip = socket.gethostbyname(host_name) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ip == "127.0.0.1" or ip == "::1": | 
					
						
							|  |  |  |             print "The hostname resolves to the localhost address (127.0.0.1/::1)" | 
					
						
							|  |  |  |             print "Please change your /etc/hosts file so that the hostname" | 
					
						
							|  |  |  |             print "resolves to the ip address of your network interface." | 
					
						
							|  |  |  |             print "The KDC service does not listen on localhost" | 
					
						
							|  |  |  |             print "" | 
					
						
							|  |  |  |             print "Please fix your /etc/hosts file and restart the setup program" | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return None | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     except: | 
					
						
							|  |  |  |         print "Unable to lookup the IP address of the provided host" | 
					
						
							|  |  |  |     return ip | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def verify_ip_address(ip): | 
					
						
							|  |  |  |     is_ok = True | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         socket.inet_pton(socket.AF_INET, ip) | 
					
						
							|  |  |  |     except: | 
					
						
							|  |  |  |         try: | 
					
						
							|  |  |  |             socket.inet_pton(socket.AF_INET6, ip) | 
					
						
							|  |  |  |         except: | 
					
						
							|  |  |  |             print "Unable to verify IP address" | 
					
						
							|  |  |  |             is_ok = False | 
					
						
							|  |  |  |     return is_ok | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-21 15:23:29 +00:00
										 |  |  | def read_ip_address(host_name): | 
					
						
							|  |  |  |     while True: | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |         ip = user_input("Please provide the IP address to be used for this host name", allow_empty = False) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ip == "127.0.0.1" or ip == "::1": | 
					
						
							|  |  |  |             print "The IPA Server can't use localhost as a valid IP" | 
					
						
							|  |  |  |             continue | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if not verify_ip_address(ip): | 
					
						
							|  |  |  |             continue | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file" | 
					
						
							| 
									
										
										
										
											2008-03-27 19:01:38 -04:00
										 |  |  |         fstore.backup_file("/etc/hosts") | 
					
						
							|  |  |  |         hosts_fd = open('/etc/hosts', 'r+') | 
					
						
							|  |  |  |         hosts_fd.seek(0, 2) | 
					
						
							| 
									
										
										
										
											2008-05-15 11:33:07 -04:00
										 |  |  |         hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n') | 
					
						
							|  |  |  |         hosts_fd.close() | 
					
						
							| 
									
										
										
										
											2008-02-21 15:23:29 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return ip | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def read_ds_user(): | 
					
						
							|  |  |  |     print "The server must run as a specific user in a specific group." | 
					
						
							|  |  |  |     print "It is strongly recommended that this user should have no privileges" | 
					
						
							|  |  |  |     print "on the computer (i.e. a non-root user).  The setup procedure" | 
					
						
							|  |  |  |     print "will give this user/group some permissions in specific paths/files" | 
					
						
							|  |  |  |     print "to perform server-specific operations." | 
					
						
							|  |  |  |     print "" | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |     ds_user = "" | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         pwd.getpwnam('dirsrv') | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |         print "A user account named 'dirsrv' already exists. This is the user id" | 
					
						
							|  |  |  |         print "that the Directory Server will run as." | 
					
						
							|  |  |  |         print "" | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |         if user_input("Do you want to use the existing 'dirsrv' account?", True): | 
					
						
							|  |  |  |             ds_user = "dirsrv" | 
					
						
							|  |  |  |         else: | 
					
						
							|  |  |  |             print "" | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |             ds_user = user_input_plain("Which account name do you want to use for the DS instance?", allow_empty = False, allow_spaces = False) | 
					
						
							|  |  |  |         print "" | 
					
						
							|  |  |  |     except KeyError: | 
					
						
							|  |  |  |         ds_user = "dirsrv" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return ds_user | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  | def read_domain_name(domain_name, unattended): | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     print "The domain name has been calculated based on the host name." | 
					
						
							|  |  |  |     print "" | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |     if not unattended: | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |         domain_name = user_input("Please confirm the domain name", domain_name) | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |         print "" | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     return domain_name | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  | def read_realm_name(domain_name, unattended): | 
					
						
							|  |  |  |     print "The kerberos protocol requires a Realm name to be defined." | 
					
						
							|  |  |  |     print "This is typically the domain name converted to uppercase." | 
					
						
							|  |  |  |     print "" | 
					
						
							| 
									
										
										
										
											2009-05-12 15:20:24 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |     if unattended: | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |         return domain_name.upper() | 
					
						
							|  |  |  |     realm_name = user_input("Please provide a realm name", domain_name.upper()) | 
					
						
							|  |  |  |     upper_dom = realm_name.upper() | 
					
						
							|  |  |  |     if upper_dom != realm_name: | 
					
						
							|  |  |  |         print "An upper-case realm name is required." | 
					
						
							|  |  |  |         if not user_input("Do you want to use " + upper_dom + " as realm name?", True): | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |             print "" | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  |             print "An upper-case realm name is required. Unable to continue." | 
					
						
							|  |  |  |             sys.exit(1) | 
					
						
							|  |  |  |         else: | 
					
						
							|  |  |  |             realm_name = upper_dom | 
					
						
							|  |  |  |         print "" | 
					
						
							|  |  |  |     return realm_name | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-07-21 12:25:37 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | def read_dm_password(): | 
					
						
							|  |  |  |     print "Certain directory server operations require an administrative user." | 
					
						
							|  |  |  |     print "This user is referred to as the Directory Manager and has full access" | 
					
						
							| 
									
										
										
										
											2008-01-29 11:33:44 -05:00
										 |  |  |     print "to the Directory for system management tasks and will be added to the" | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |     print "instance of directory server created for IPA." | 
					
						
							|  |  |  |     print "The password must be at least 8 characters long." | 
					
						
							|  |  |  |     print "" | 
					
						
							|  |  |  |     #TODO: provide the option of generating a random password | 
					
						
							|  |  |  |     dm_password = read_password("Directory Manager") | 
					
						
							|  |  |  |     return dm_password | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def read_admin_password(): | 
					
						
							|  |  |  |     print "The IPA server requires an administrative user, named 'admin'." | 
					
						
							|  |  |  |     print "This user is a regular system account used for IPA server administration." | 
					
						
							|  |  |  |     print "" | 
					
						
							|  |  |  |     #TODO: provide the option of generating a random password | 
					
						
							|  |  |  |     admin_password = read_password("IPA admin") | 
					
						
							|  |  |  |     return admin_password | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-05-30 15:31:13 -04:00
										 |  |  | def check_dirsrv(unattended): | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     serverids = dsinstance.check_existing_installation() | 
					
						
							| 
									
										
										
										
											2008-01-22 08:03:06 +00:00
										 |  |  |     if serverids: | 
					
						
							|  |  |  |         print "" | 
					
						
							|  |  |  |         print "An existing Directory Server has been detected." | 
					
						
							| 
									
										
										
										
											2008-09-12 18:37:11 -04:00
										 |  |  |         if unattended or not user_input("Do you wish to remove it and create a new one?", False): | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |             print "" | 
					
						
							|  |  |  |             print "Only a single Directory Server instance is allowed on an IPA" | 
					
						
							|  |  |  |             print "server, the one used by IPA itself." | 
					
						
							| 
									
										
										
										
											2008-01-22 08:03:06 +00:00
										 |  |  |             sys.exit(1) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         try: | 
					
						
							|  |  |  |             service.stop("dirsrv") | 
					
						
							|  |  |  |         except: | 
					
						
							|  |  |  |             pass | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         for serverid in serverids: | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |             dsinstance.erase_ds_instance_data(serverid) | 
					
						
							| 
									
										
										
										
											2008-01-22 08:03:06 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     (ds_unsecure, ds_secure) = dsinstance.check_ports() | 
					
						
							| 
									
										
										
										
											2008-01-22 08:03:06 +00:00
										 |  |  |     if not ds_unsecure or not ds_secure: | 
					
						
							|  |  |  |         print "IPA requires ports 389 and 636 for the Directory Server." | 
					
						
							|  |  |  |         print "These are currently in use:" | 
					
						
							|  |  |  |         if not ds_unsecure: | 
					
						
							|  |  |  |             print "\t389" | 
					
						
							|  |  |  |         if not ds_secure: | 
					
						
							|  |  |  |             print "\t636" | 
					
						
							|  |  |  |         sys.exit(1) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  | def uninstall(ca = False): | 
					
						
							| 
									
										
										
										
											2008-03-31 17:35:45 -04:00
										 |  |  |     try: | 
					
						
							|  |  |  |         run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"]) | 
					
						
							|  |  |  |     except Exception, e: | 
					
						
							|  |  |  |         print "Uninstall of client side components failed!" | 
					
						
							|  |  |  |         print "ipa-client-install returned: " + str(e) | 
					
						
							|  |  |  |         pass | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     ntpinstance.NTPInstance(fstore).uninstall() | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |     if ca: | 
					
						
							|  |  |  |         try: | 
					
						
							|  |  |  |             from ipaserver.install import cainstance | 
					
						
							|  |  |  |         except ImportError: | 
					
						
							|  |  |  |             print >> sys.stderr, "Import failed: %s" % sys.exc_value | 
					
						
							|  |  |  |             sys.exit(1) | 
					
						
							|  |  |  |         cainstance.CADSInstance().uninstall() | 
					
						
							|  |  |  |         cainstance.CAInstance().uninstall() | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     bindinstance.BindInstance(fstore).uninstall() | 
					
						
							|  |  |  |     httpinstance.HTTPInstance(fstore).uninstall() | 
					
						
							|  |  |  |     krbinstance.KrbInstance(fstore).uninstall() | 
					
						
							|  |  |  |     dsinstance.DsInstance().uninstall() | 
					
						
							| 
									
										
										
										
											2008-03-27 19:01:38 -04:00
										 |  |  |     fstore.restore_all_files() | 
					
						
							| 
									
										
										
										
											2008-01-11 11:57:36 +00:00
										 |  |  |     return 0 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def main(): | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  |     global ds | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     global pw_name | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  |     ds = None | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     options = parse_options() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  |     if os.getegid() != 0: | 
					
						
							|  |  |  |         print "Must be root to setup server" | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |         return 1 | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-10-02 16:56:51 -04:00
										 |  |  |     signal.signal(signal.SIGTERM, signal_handler) | 
					
						
							|  |  |  |     signal.signal(signal.SIGINT, signal_handler) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-03-24 12:22:34 -04:00
										 |  |  |     if options.uninstall: | 
					
						
							|  |  |  |         standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug) | 
					
						
							|  |  |  |     else: | 
					
						
							|  |  |  |         standard_logging_setup("/var/log/ipaserver-install.log", options.debug) | 
					
						
							|  |  |  |         print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-03-27 19:01:38 -04:00
										 |  |  |     global fstore | 
					
						
							|  |  |  |     fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-01-11 11:57:36 +00:00
										 |  |  |     if options.uninstall: | 
					
						
							| 
									
										
										
										
											2008-03-31 17:35:45 -04:00
										 |  |  |         if not options.unattended: | 
					
						
							|  |  |  |             print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n" | 
					
						
							| 
									
										
										
										
											2008-08-06 11:27:04 -04:00
										 |  |  |             if not user_input("Are you sure you want to continue with the uninstall procedure?", False): | 
					
						
							| 
									
										
										
										
											2008-03-31 17:35:45 -04:00
										 |  |  |                 print "" | 
					
						
							|  |  |  |                 print "Aborting uninstall operation." | 
					
						
							|  |  |  |                 sys.exit(1) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |         return uninstall(options.ca) | 
					
						
							| 
									
										
										
										
											2008-01-11 11:57:36 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     print "==============================================================================" | 
					
						
							|  |  |  |     print "This program will setup the FreeIPA Server." | 
					
						
							|  |  |  |     print "" | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |     print "This includes:" | 
					
						
							| 
									
										
										
										
											2008-06-06 15:25:36 -04:00
										 |  |  |     if options.conf_ntp: | 
					
						
							|  |  |  |         print "  * Configure the Network Time Daemon (ntpd)" | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |     print "  * Create and configure an instance of Directory Server" | 
					
						
							| 
									
										
										
										
											2008-03-04 14:47:47 -05:00
										 |  |  |     print "  * Create and configure a Kerberos Key Distribution Center (KDC)" | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |     print "  * Configure Apache (httpd)" | 
					
						
							|  |  |  |     print "  * Configure TurboGears" | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     if options.setup_dns: | 
					
						
							| 
									
										
										
										
											2008-06-06 15:25:36 -04:00
										 |  |  |         print "  * Configure DNS (bind)" | 
					
						
							|  |  |  |     if not options.conf_ntp: | 
					
						
							|  |  |  |         print "" | 
					
						
							|  |  |  |         print "Excluded by options:" | 
					
						
							|  |  |  |         print "  * Configure the Network Time Daemon (ntpd)" | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |     print "" | 
					
						
							|  |  |  |     print "To accept the default shown in brackets, press the Enter key." | 
					
						
							|  |  |  |     print "" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-05-30 15:31:13 -04:00
										 |  |  |     check_dirsrv(options.unattended) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     ds_user = "" | 
					
						
							|  |  |  |     realm_name = "" | 
					
						
							|  |  |  |     host_name = "" | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     domain_name = "" | 
					
						
							|  |  |  |     ip_address = "" | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     master_password = "" | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     dm_password = "" | 
					
						
							|  |  |  |     admin_password = "" | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     # check bind packages are installed | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     if options.setup_dns: | 
					
						
							| 
									
										
										
										
											2009-04-27 15:42:50 -04:00
										 |  |  |         if not bindinstance.check_inst(): | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |             print "--setup-dns was specified but bind or the BIND LDAP plug-in" | 
					
						
							| 
									
										
										
										
											2009-05-12 15:20:24 +02:00
										 |  |  |             print "is not installed on the system" | 
					
						
							|  |  |  |             print "Please install bind and the LDAP plug-in and restart the setup program" | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return 1 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     # check the hostname is correctly configured, it must be as the kldap | 
					
						
							|  |  |  |     # utilities just use the hostname as returned by gethostbyname to set | 
					
						
							|  |  |  |     # up some of the standard entries | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     host_default = "" | 
					
						
							|  |  |  |     if options.host_name: | 
					
						
							|  |  |  |         host_default = options.host_name | 
					
						
							|  |  |  |     else: | 
					
						
							|  |  |  |         host_default = get_fqdn() | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if options.unattended: | 
					
						
							|  |  |  |         try: | 
					
						
							| 
									
										
										
										
											2008-09-16 20:18:11 -06:00
										 |  |  |             verify_fqdn(host_default,options.no_host_dns) | 
					
						
							|  |  |  |         except RuntimeError, e: | 
					
						
							|  |  |  |             logging.error(str(e) + "\n") | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return 1 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         host_name = host_default | 
					
						
							|  |  |  |     else: | 
					
						
							| 
									
										
										
										
											2008-09-16 20:18:11 -06:00
										 |  |  |         host_name = read_host_name(host_default,options.no_host_dns) | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-05-20 10:17:20 -04:00
										 |  |  |     host_name = host_name.lower() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     if not options.domain_name: | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |         domain_name = read_domain_name(host_name[host_name.find(".")+1:], options.unattended) | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |         domain_name = options.domain_name | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-05-20 10:17:20 -04:00
										 |  |  |     domain_name = domain_name.lower() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     # Check we have a public IP that is associated with the hostname | 
					
						
							|  |  |  |     ip = resolve_host(host_name) | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |     if ip is None: | 
					
						
							|  |  |  |         if options.ip_address: | 
					
						
							|  |  |  |             ip = options.ip_address | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |     if ip is None and options.unattended: | 
					
						
							|  |  |  |         print "Unable to resolve IP address for host name" | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |         return 1 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if not verify_ip_address(ip): | 
					
						
							|  |  |  |         ip = "" | 
					
						
							|  |  |  |         if options.unattended: | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return 1 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if options.ip_address and options.ip_address != ip: | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |         if options.setup_dns: | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |             ip = options.ip_address | 
					
						
							|  |  |  |         else: | 
					
						
							|  |  |  |             print "Error: the hostname resolves to an IP address that is different" | 
					
						
							|  |  |  |             print "from the one provided on the command line.  Please fix your DNS" | 
					
						
							|  |  |  |             print "or /etc/hosts file and restart the installation." | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return 1 | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     if options.unattended: | 
					
						
							|  |  |  |         if not ip: | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |             print "Unable to resolve IP address" | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return 1 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if not ip: | 
					
						
							| 
									
										
										
										
											2008-02-21 15:23:29 +00:00
										 |  |  |         ip = read_ip_address(host_name) | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     ip_address = ip | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     print "The IPA Master Server will be configured with" | 
					
						
							|  |  |  |     print "Hostname:    " + host_name | 
					
						
							|  |  |  |     print "IP address:  " + ip_address | 
					
						
							|  |  |  |     print "Domain name: " + domain_name | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     print "" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if not options.ds_user: | 
					
						
							|  |  |  |         ds_user = read_ds_user() | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |         if ds_user == "": | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |             return 1 | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     else: | 
					
						
							|  |  |  |         ds_user = options.ds_user | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if not options.realm_name: | 
					
						
							| 
									
										
										
										
											2008-02-25 17:16:18 -05:00
										 |  |  |         realm_name = read_realm_name(domain_name, options.unattended) | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2008-06-03 11:28:27 -04:00
										 |  |  |         realm_name = options.realm_name.upper() | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     if not options.dm_password: | 
					
						
							|  |  |  |         dm_password = read_dm_password() | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |         dm_password = options.dm_password | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if not options.master_password: | 
					
						
							|  |  |  |         master_password = ipa_generate_password() | 
					
						
							| 
									
										
										
										
											2007-08-20 18:40:32 -04:00
										 |  |  |     else: | 
					
						
							|  |  |  |         master_password = options.master_password | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     if not options.admin_password: | 
					
						
							|  |  |  |         admin_password = read_admin_password() | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     else: | 
					
						
							|  |  |  |         admin_password = options.admin_password | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     if not options.unattended: | 
					
						
							|  |  |  |         print "" | 
					
						
							|  |  |  |         print "The following operations may take some minutes to complete." | 
					
						
							|  |  |  |         print "Please wait until the prompt is returned." | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-20 11:03:46 -05:00
										 |  |  |     # Configure ntpd | 
					
						
							|  |  |  |     if options.conf_ntp: | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |         ntp = ntpinstance.NTPInstance(fstore) | 
					
						
							| 
									
										
										
										
											2008-02-20 11:03:46 -05:00
										 |  |  |         ntp.create_instance() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     if options.dirsrv_pin: | 
					
						
							|  |  |  |         [pw_fd, pw_name] = tempfile.mkstemp() | 
					
						
							|  |  |  |         os.write(pw_fd, options.dirsrv_pin) | 
					
						
							|  |  |  |         os.close(pw_fd) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |     if options.ca: | 
					
						
							|  |  |  |         try: | 
					
						
							|  |  |  |             from ipaserver.install import cainstance | 
					
						
							|  |  |  |         except ImportError: | 
					
						
							|  |  |  |             print >> sys.stderr, "Import failed: %s" % sys.exc_value | 
					
						
							|  |  |  |             sys.exit(1) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-04-13 13:39:15 -04:00
										 |  |  |         # Clean up any previous self-signed CA that may exist | 
					
						
							|  |  |  |         try: | 
					
						
							|  |  |  |             os.remove(certs.CA_SERIALNO) | 
					
						
							|  |  |  |         except: | 
					
						
							|  |  |  |             pass | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |         cs = cainstance.CADSInstance() | 
					
						
							| 
									
										
										
										
											2009-07-10 16:18:16 -04:00
										 |  |  |         cs.create_instance(ds_user, realm_name, host_name, domain_name, dm_password) | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |         ca = cainstance.CAInstance() | 
					
						
							|  |  |  |         ca.configure_instance("pkiuser", host_name, dm_password, dm_password) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Create a directory server instance | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     ds = dsinstance.DsInstance() | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     if options.dirsrv_pkcs12: | 
					
						
							|  |  |  |         pkcs12_info = (options.dirsrv_pkcs12, pw_name) | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |         try: | 
					
						
							|  |  |  |             ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info) | 
					
						
							|  |  |  |         finally: | 
					
						
							|  |  |  |             os.remove(pw_name) | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     else: | 
					
						
							| 
									
										
										
										
											2009-04-13 13:39:15 -04:00
										 |  |  |         ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Create a kerberos instance | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     krb = krbinstance.KrbInstance(fstore) | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-10-15 15:42:12 -04:00
										 |  |  |     # Create a HTTP instance | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if options.http_pin: | 
					
						
							|  |  |  |         [pw_fd, pw_name] = tempfile.mkstemp() | 
					
						
							|  |  |  |         os.write(pw_fd, options.http_pin) | 
					
						
							|  |  |  |         os.close(pw_fd) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |     http = httpinstance.HTTPInstance(fstore) | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     if options.http_pkcs12: | 
					
						
							|  |  |  |         pkcs12_info = (options.http_pkcs12, pw_name) | 
					
						
							| 
									
										
										
										
											2008-08-14 16:58:00 -04:00
										 |  |  |         http.create_instance(realm_name, host_name, domain_name, autoconfig=False, pkcs12_info=pkcs12_info) | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |         os.remove(pw_name) | 
					
						
							|  |  |  |     else: | 
					
						
							| 
									
										
										
										
											2009-04-13 13:39:15 -04:00
										 |  |  |         http.create_instance(realm_name, host_name, domain_name, autoconfig=True, self_signed_ca=not options.ca) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-04-03 15:49:07 -04:00
										 |  |  |     # Create the config file | 
					
						
							|  |  |  |     fstore.backup_file("/etc/ipa/ipa.conf") | 
					
						
							|  |  |  |     fd = open("/etc/ipa/ipa.conf", "w") | 
					
						
							|  |  |  |     fd.write("[defaults]\n") | 
					
						
							|  |  |  |     fd.write("server=" + host_name + "\n") | 
					
						
							|  |  |  |     fd.write("realm=" + realm_name + "\n") | 
					
						
							| 
									
										
										
										
											2008-05-23 14:51:50 -04:00
										 |  |  |     fd.write("domain=" + domain_name + "\n") | 
					
						
							| 
									
										
										
										
											2008-04-03 15:49:07 -04:00
										 |  |  |     fd.close() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-02-04 10:53:34 -05:00
										 |  |  |     # Create the management framework config file | 
					
						
							|  |  |  |     fstore.backup_file("/etc/ipa/default.conf") | 
					
						
							|  |  |  |     fd = open("/etc/ipa/default.conf", "w") | 
					
						
							|  |  |  |     fd.write("[global]\n") | 
					
						
							|  |  |  |     fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n") | 
					
						
							|  |  |  |     fd.write("realm=" + realm_name + "\n") | 
					
						
							|  |  |  |     fd.write("domain=" + domain_name + "\n") | 
					
						
							|  |  |  |     fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name) | 
					
						
							| 
									
										
										
										
											2009-08-26 14:09:36 -04:00
										 |  |  |     fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name)) | 
					
						
							| 
									
										
										
										
											2009-04-01 22:39:44 -04:00
										 |  |  |     if options.ca: | 
					
						
							|  |  |  |         fd.write("enable_ra=True\n") | 
					
						
							| 
									
										
										
										
											2009-02-04 10:53:34 -05:00
										 |  |  |     fd.close() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-05-12 15:20:24 +02:00
										 |  |  |     # Create a BIND instance | 
					
						
							|  |  |  |     bind = bindinstance.BindInstance(fstore, dm_password) | 
					
						
							| 
									
										
										
										
											2008-02-15 20:47:29 -05:00
										 |  |  |     bind.setup(host_name, ip_address, realm_name, domain_name) | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     if options.setup_dns: | 
					
						
							| 
									
										
										
										
											2008-05-13 19:03:04 +02:00
										 |  |  |         bind.create_instance() | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     else: | 
					
						
							|  |  |  |         bind.create_sample_bind_zone() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-09-15 18:15:12 -04:00
										 |  |  |     # Apply any LDAP updates. Needs to be done after the configuration file | 
					
						
							|  |  |  |     # is created | 
					
						
							|  |  |  |     service.print_msg("Applying LDAP updates") | 
					
						
							|  |  |  |     ds.apply_updates() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     # Restart ds and krb after configurations have been changed | 
					
						
							|  |  |  |     service.print_msg("restarting the directory server") | 
					
						
							| 
									
										
										
										
											2007-06-28 19:09:54 -04:00
										 |  |  |     ds.restart() | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |     service.print_msg("restarting the KDC") | 
					
						
							| 
									
										
										
										
											2007-09-20 15:10:21 -04:00
										 |  |  |     krb.restart() | 
					
						
							| 
									
										
										
										
											2007-06-28 19:09:54 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2007-08-31 18:40:01 -04:00
										 |  |  |     # Set the admin user kerberos password | 
					
						
							|  |  |  |     ds.change_admin_password(admin_password) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  |     # Call client install script | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name]) | 
					
						
							|  |  |  |     except Exception, e: | 
					
						
							|  |  |  |         print "Configuration of client side components failed!" | 
					
						
							|  |  |  |         print "ipa-client-install returned: " + str(e) | 
					
						
							| 
									
										
										
										
											2008-05-22 16:36:11 -04:00
										 |  |  |         return 1 | 
					
						
							| 
									
										
										
										
											2008-02-20 10:16:19 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |     print "==============================================================================" | 
					
						
							|  |  |  |     print "Setup complete" | 
					
						
							|  |  |  |     print "" | 
					
						
							|  |  |  |     print "Next steps:" | 
					
						
							| 
									
										
										
										
											2008-06-06 15:25:36 -04:00
										 |  |  |     print "\t1. You must make sure these network ports are open:" | 
					
						
							|  |  |  |     print "\t\tTCP Ports:" | 
					
						
							| 
									
										
										
										
											2008-01-25 17:08:36 -05:00
										 |  |  |     print "\t\t  * 80, 443: HTTP/HTTPS" | 
					
						
							|  |  |  |     print "\t\t  * 389, 636: LDAP/LDAPS" | 
					
						
							|  |  |  |     print "\t\t  * 88, 464: kerberos" | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     if options.setup_dns: | 
					
						
							| 
									
										
										
										
											2008-06-06 15:25:36 -04:00
										 |  |  |         print "\t\t  * 53: bind" | 
					
						
							|  |  |  |     print "\t\tUDP Ports:" | 
					
						
							|  |  |  |     print "\t\t  * 88, 464: kerberos" | 
					
						
							| 
									
										
										
										
											2009-06-25 14:42:08 +02:00
										 |  |  |     if options.setup_dns: | 
					
						
							| 
									
										
										
										
											2008-06-06 15:25:36 -04:00
										 |  |  |         print "\t\t  * 53: bind" | 
					
						
							|  |  |  |     if options.conf_ntp: | 
					
						
							|  |  |  |         print "\t\t  * 123: ntp" | 
					
						
							|  |  |  |     print "" | 
					
						
							| 
									
										
										
										
											2008-02-05 12:23:53 -05:00
										 |  |  |     print "\t2. You can now obtain a kerberos ticket using the command: 'kinit admin'" | 
					
						
							|  |  |  |     print "\t   This ticket will allow you to use the IPA tools (e.g., ipa-adduser)" | 
					
						
							|  |  |  |     print "\t   and the web user interface." | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-01-11 10:36:25 +00:00
										 |  |  |     if not service.is_running("ntpd"): | 
					
						
							|  |  |  |         print "\t3. Kerberos requires time synchronization between clients" | 
					
						
							|  |  |  |         print "\t   and servers for correct operation. You should consider enabling ntpd." | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2008-02-05 12:23:53 -05:00
										 |  |  |     print "" | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     if not options.dirsrv_pkcs12: | 
					
						
							| 
									
										
										
										
											2009-02-02 13:50:53 -05:00
										 |  |  |         print "Be sure to back up the CA certificate stored in " + dsinstance.config_dirname(ds.serverid) + "cacert.p12" | 
					
						
							|  |  |  |         print "The password for this file is in " + dsinstance.config_dirname(ds.serverid) + "pwdfile.txt" | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     else: | 
					
						
							|  |  |  |         print "In order for Firefox autoconfiguration to work you will need to" | 
					
						
							|  |  |  |         print "use a SSL signing certificate. See the IPA documentation for more details." | 
					
						
							|  |  |  |         print "You also need to install a PEM copy of the HTTP issuing CA into" | 
					
						
							|  |  |  |         print "/usr/share/ipa/html/ca.crt" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return 0 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | try: | 
					
						
							| 
									
										
										
										
											2008-07-11 11:34:29 -04:00
										 |  |  |     try: | 
					
						
							|  |  |  |         sys.exit(main()) | 
					
						
							|  |  |  |     except SystemExit, e: | 
					
						
							|  |  |  |         sys.exit(e) | 
					
						
							|  |  |  |     except Exception, e: | 
					
						
							|  |  |  |         message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e) | 
					
						
							|  |  |  |         print message | 
					
						
							|  |  |  |         message = str(e) | 
					
						
							|  |  |  |         for str in traceback.format_tb(sys.exc_info()[2]): | 
					
						
							|  |  |  |             message = message + "\n" + str | 
					
						
							|  |  |  |         logging.debug(message) | 
					
						
							|  |  |  |         sys.exit(1) | 
					
						
							|  |  |  | finally: | 
					
						
							|  |  |  |     if pw_name and ipautil.file_exists(pw_name): | 
					
						
							|  |  |  |         os.remove(pw_name) |