replicainstall: Add possiblity to install client in one command

https://fedorahosted.org/freeipa/ticket/5310

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ipaserver/install/server/common.py

@@ -280,7 +280,7 @@ class BaseServer(common.Installable, common.Interactive, core.Composite):
 
     host_name = Knob(
         str, None,
-        description="fully qualified name of server",
+        description="fully qualified name of this host",
         cli_name='hostname',
     )
 

ipaserver/install/server/replicainstall.py

@@ -4,6 +4,7 @@
 
 from __future__ import print_function
 
+import collections
 import dns.exception as dnsexception
 import dns.name as dnsname
 import dns.resolver as dnsresolver
@@ -751,6 +752,53 @@ def install(installer):
     remove_replica_info_dir(installer)
 
 
+def ensure_enrolled(installer):
+    config = installer._config
+
+    # Perform only if we have the necessary options
+    if not any([installer.admin_password, installer.keytab]):
+        sys.exit("IPA client is not configured on this system.\n"
+                 "You must join the system by running 'ipa-client-install' "
+                 "first. Alternatively, you may specify enrollment related "
+                 "options directly, see man ipa-replica-install.")
+
+    # Call client install script
+    service.print_msg("Configuring client side components")
+    try:
+        args = [paths.IPA_CLIENT_INSTALL, "--unattended"]
+        if installer.domain_name:
+            args.extend(["--domain", installer.domain_name])
+        if installer.server:
+            args.extend(["--server", installer.server])
+        if installer.realm_name:
+            args.extend(["--realm", installer.realm_name])
+        if installer.host_name:
+            args.extend(["--hostname", installer.host_name])
+
+        if installer.admin_password:
+            # Always set principal if password was set explicitly,
+            # the password itself gets passed directly via stdin
+            args.extend(["--principal", installer.principal or "admin"])
+        if installer.keytab:
+            args.extend(["--keytab", installer.keytab])
+
+        if installer.no_dns_sshfp:
+            args.append("--no-dns-sshfp")
+        if installer.ssh_trust_dns:
+            args.append("--ssh-trust-dns")
+        if installer.no_ssh:
+            args.append("--no-ssh")
+        if installer.no_sshd:
+            args.append("--no-sshd")
+        if installer.mkhomedir:
+            args.append("--mkhomedir")
+
+        ipautil.run(args, stdin=installer.admin_password or None)
+
+    except Exception as e:
+        sys.exit("Configuration of client side components failed!\n"
+                 "ipa-client-install returned: " + str(e))
+
 @common_cleanup
 def promote_check(installer):
     options = installer
@@ -761,9 +809,7 @@ def promote_check(installer):
 
     client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
     if not client_fstore.has_files():
-        sys.exit("IPA client is not configured on this system.\n"
-                 "You must use a replica file or join the system "
-                 "using 'ipa-client-install'.")
+        ensure_enrolled(installer)
 
     sstore = sysrestore.StateFile(paths.SYSRESTORE)
 
@@ -1108,9 +1154,6 @@ class Replica(BaseServer):
         description="a file generated by ipa-replica-prepare",
     )
 
-    realm_name = None
-    domain_name = None
-
     setup_ca = Knob(BaseServer.setup_ca)
     setup_kra = Knob(BaseServer.setup_kra)
     setup_dns = Knob(BaseServer.setup_dns)
@@ -1130,12 +1173,16 @@ class Replica(BaseServer):
 
     admin_password = Knob(
         BaseServer.admin_password,
-        description="Admin user Kerberos password used for connection check",
+        description="Kerberos password for the specified admin principal",
         cli_short_name='w',
     )
 
+    server = Knob(
+        str, None,
+        description="fully qualified name of IPA server to enroll to",
+    )
+
     mkhomedir = Knob(BaseServer.mkhomedir)
-    host_name = None
     no_host_dns = Knob(BaseServer.no_host_dns)
     no_ntp = Knob(BaseServer.no_ntp)
     no_pkinit = Knob(BaseServer.no_pkinit)
@@ -1153,10 +1200,17 @@ class Replica(BaseServer):
     principal = Knob(
         str, None,
         sensitive=True,
-        description="User Principal allowed to promote replicas",
+        description="User Principal allowed to promote replicas "
+                    "and join IPA realm",
         cli_short_name='P',
     )
 
+    keytab = Knob(
+        str, None,
+        description="path to backed up keytab from previous enrollment",
+        cli_short_name='k',
+    )
+
     promote = False
 
     # ca
@@ -1197,6 +1251,28 @@ class Replica(BaseServer):
                 raise RuntimeError("Replica file %s does not exist"
                                    % self.replica_file)
 
+            CLIKnob = collections.namedtuple('CLIKnob', ('value', 'name'))
+
+            conflicting_knobs = (
+                CLIKnob(self.realm_name, '--realm'),
+                CLIKnob(self.domain_name, '--domain'),
+                CLIKnob(self.host_name, '--hostname'),
+                CLIKnob(self.server, '--server'),
+                CLIKnob(self.admin_password, '--admin-password'),
+                CLIKnob(self.principal, '--principal'),
+            )
+
+            if any([k.value is not None for k in conflicting_knobs]):
+                conflicting_knob_names = [
+                    knob.name for knob in conflicting_knobs
+                    if knob.value is not None
+                ]
+
+                raise RuntimeError(
+                    "You cannot specify '{0}' option(s) with replica file."
+                    .format(", ".join(conflicting_knob_names))
+                    )
+
         if self.setup_dns:
             #pylint: disable=no-member
             if (not self.dns.forwarders and not self.dns.no_forwarders