Get rid of ipapython.config in ipa-replica-prepare

Also get rid of functions get_host_name(), get_realm_name() and
get_domain_name(). They used the old ipapython.config. Instead, use the
variables from api.env. We also change them to bootstrap() and
finalize() correctly.

Additionally, we add the dns_container_exists() function that will be
used in ipa-replica-prepare (next patch).

install/tools/ipa-replica-install

@@ -311,12 +311,21 @@ def main():
     except ldap.INVALID_CREDENTIALS, e :
         sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
 
+    # Create the management framework config file
+    # Note: We must do this before bootstraping and finalizing ipalib.api
+    fd = open("/etc/ipa/default.conf", "w")
+    fd.write("[global]\n")
+    fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
+    fd.write("realm=" + config.realm_name + "\n")
+    fd.write("domain=" + config.domain_name + "\n")
+    fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name)
+    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
     if ipautil.file_exists(config.dir + "/ca.p12"):
-        ca_type = 'dogtag'
-    else:
-        ca_type = 'selfsign'
+        fd.write("enable_ra=True\n")
+        fd.write("ra_plugin=dogtag\n")
+    fd.close()
 
-    api.bootstrap(in_server=True, ra_plugin=ca_type)
+    api.bootstrap(in_server=True)
     api.finalize()
 
     # Install CA cert so that we can do SSL connections with ldap
@@ -355,19 +364,6 @@ def main():
     # generated
     ds.add_cert_to_service()
 
-    # Create the management framework config file
-    fd = open("/etc/ipa/default.conf", "w")
-    fd.write("[global]\n")
-    fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
-    fd.write("realm=" + config.realm_name + "\n")
-    fd.write("domain=" + config.domain_name + "\n")
-    fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name)
-    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
-    if ipautil.file_exists(config.dir + "/ca.p12"):
-        fd.write("enable_ra=True\n")
-        fd.write("ra_plugin=dogtag\n")
-    fd.close()
-
     # Apply any LDAP updates. Needs to be done after the replica is synced-up
     service.print_msg("Applying LDAP updates")
     ds.apply_updates()

install/tools/ipa-replica-prepare

@@ -26,12 +26,10 @@ from ConfigParser import SafeConfigParser
 import krbV
 from optparse import OptionParser
 
-import ipapython.config
 from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, certs, httpinstance
 from ipaserver import ipaldap
 from ipapython import version
-from ipalib.constants import DEFAULT_CONFIG
 from ipalib import api
 from ipalib import util
 import ldap
@@ -51,7 +49,6 @@ def parse_options():
     parser.add_option("-p", "--password", dest="password", 
                       help="Directory Manager (existing master) password")
 
-    ipapython.config.add_standard_options(parser)
     options, args = parser.parse_args()
 
     # If any of the PKCS#12 options are selected, all are required. Create a
@@ -62,39 +59,16 @@ def parse_options():
     if cnt > 0 and cnt < 4:
         parser.error("All PKCS#12 options are required if any are used.")
 
+    if options.ip_address:
+        if not installutils.verify_ip_address(options.ip_address):
+            parser.error("Bad IP address")
+            sys.exit(1)
+
     if len(args) != 1:
         parser.error("must provide the fully-qualified name of the replica")
 
-    ipapython.config.init_config(options)
-
     return options, args
 
-def get_host_name():
-    hostname = installutils.get_fqdn()
-    try:
-        installutils.verify_fqdn(hostname)
-    except RuntimeError, e:
-        logging.error(str(e))
-        sys.exit(1)
-
-    return hostname
-
-def get_realm_name():
-    try:
-        c = krbV.default_context()
-        return c.default_realm
-    except Exception, e:
-        return None
-
-def get_domain_name():
-    try:
-        ipapython.config.init_config()
-        domain_name = ipapython.config.config.get_domain()
-    except Exception, e:
-        return None
-
-    return domain_name
-
 def get_subject_base(host_name, dm_password, suffix):
     try:
         conn = ipaldap.IPAdmin(host_name)
@@ -130,8 +104,8 @@ def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname, subjec
 #            ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)))
 #            db.create_from_cacert(ca_db.cacert_fname)
 #        else:
-#            ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name())
-        ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name(), subject_base=subject_base)
+#            ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host)
+        ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host, subject_base=subject_base)
         db.create_from_cacert(ca_db.cacert_fname)
         db.create_server_cert("Server-Cert", hostname, ca_db)
     except Exception, e:
@@ -169,7 +143,7 @@ def export_ra_pkcs12(dir, dm_password):
 
     try:
         try:
-            db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name())
+            db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host)
 
             if db.has_nickname("ipaCert"):
                 pkcs12_fname = "%s/ra.p12" % dir
@@ -229,31 +203,18 @@ def main():
 
     # Just initialize the environment. This is so the installer can have
     # access to the plugin environment
-    api.env._bootstrap()
-    api.env._finalize_core(**dict(DEFAULT_CONFIG))
+    api.bootstrap(in_server=True)
+    api.finalize()
 
     if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin:
         sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
 
-    print "Determining current realm name"
-    realm_name = get_realm_name()
-    if realm_name is None:
-        print "Unable to determine default realm"
-        sys.exit(1)
+    check_ipa_configuration(api.env.realm)
 
-    check_ipa_configuration(realm_name)
-
-    print "Getting domain name from LDAP"
-    domain_name = get_domain_name()
-    if domain_name is None:
-        print "Unable to determine LDAP default domain"
-        sys.exit(1)
-
-    host_name = get_host_name()
-    if host_name == replica_fqdn:
+    if api.env.host == replica_fqdn:
         print "You can't create a replica on itself"
         sys.exit(1)
-    ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
+    ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm))
     ds_user = get_ds_user(ds_dir)
 
     # get the directory manager password
@@ -266,19 +227,19 @@ def main():
 
     # Try out the password
     try:
-        conn = ipaldap.IPAdmin(host_name)
+        conn = ipaldap.IPAdmin(api.env.host)
         conn.do_simple_bind(bindpw=dirman_password)
         conn.unbind()
     except ldap.CONNECT_ERROR, e:
-        sys.exit("\nUnable to connect to LDAP server %s" % host_name)
+        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
     except ldap.SERVER_DOWN, e:
-        sys.exit("\nUnable to connect to LDAP server %s" % host_name)
+        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
     except ldap.INVALID_CREDENTIALS, e :
-        sys.exit("\nThe password provided is incorrect for LDAP server %s" % host_name)
+        sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
 
-    print "Preparing replica for %s from %s" % (replica_fqdn, host_name)
+    print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host)
 
-    subject_base = get_subject_base(host_name, dirman_password, util.realm_to_suffix(realm_name))
+    subject_base = get_subject_base(api.env.host, dirman_password, util.realm_to_suffix(api.env.realm))
 
     top_dir = tempfile.mkdtemp("ipa")
     dir = top_dir + "/realm_info"
@@ -313,7 +274,7 @@ def main():
             print "Copy failed %s" %  e
             sys.exit(1)
         print "Creating SSL certificate for the Directory Server"
-        export_certdb(realm_name, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base)
+        export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base)
 
     if options.http_pin:
         passwd = options.http_pin
@@ -334,15 +295,14 @@ def main():
             sys.exit(1)
     else:
         print "Creating SSL certificate for the Web Server"
-        export_certdb(realm_name, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn, subject_base)
+        export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn, subject_base)
         print "Exporting RA certificate"
         export_ra_pkcs12(dir, dirman_password)
 
     print "Copying additional files"
-    copy_files(realm_name, dir)
-
+    copy_files(api.env.realm, dir)
     print "Finalizing configuration"
-    save_config(dir, realm_name, host_name, ds_user, domain_name, replica_fqdn, subject_base)
+    save_config(dir, api.env.realm, api.env.host, ds_user, api.env.domain, replica_fqdn, subject_base)
 
     replicafile = "/var/lib/ipa/replica-info-" + replica_fqdn
     encfile = replicafile+".gpg"

ipaserver/install/bindinstance.py

@@ -54,6 +54,31 @@ def check_inst(unattended):
 
     return True
 
+def dns_container_exists(fqdn, realm):
+    """
+    Test whether the dns container exists.
+    """
+
+    def object_exists(dn):
+        """
+        Test whether the given object exists in LDAP.
+        """
+        try:
+            server.search_ext_s(dn, ldap.SCOPE_BASE)
+        except ldap.NO_SUCH_OBJECT:
+            return False
+        else:
+            return True
+
+    server = ldap.initialize("ldap://" + fqdn)
+    server.simple_bind_s()
+
+    suffix = util.realm_to_suffix(realm)
+    ret = object_exists("cn=dns,%s" % suffix)
+    server.unbind_s()
+
+    return ret
+
 def get_reverse_zone(ip_address):
     tmp = ip_address.split(".")
     tmp.reverse()
@@ -155,7 +180,8 @@ class BindInstance(service.Service):
         except:
             pass
 
-        self.__add_zone_steps()
+        if not dns_container_exists(self.fqdn, self.suffix):
+            self.step("adding DNS container", self.__setup_dns_container)
         self.step("setting up our zone", self.__setup_zone)
         self.step("setting up reverse zone", self.__setup_reverse_zone)
 
@@ -168,30 +194,6 @@ class BindInstance(service.Service):
         self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf)
         self.start_creation("Configuring named:")
 
-    def __add_zone_steps(self):
-        """
-        Add a DNS container if it doesn't exist.
-        """
-
-        def object_exists(dn):
-            """
-            Test whether the given object exists in LDAP.
-            """
-            try:
-                server.search_ext_s(dn, ldap.SCOPE_BASE)
-            except ldap.NO_SUCH_OBJECT:
-                return False
-            else:
-                return True
-
-        server = ldap.initialize("ldap://" + self.fqdn)
-        server.simple_bind_s()
-
-        if not object_exists("cn=dns,%s" % self.suffix):
-            self.step("adding DNS container", self.__setup_dns_container)
-
-        server.unbind_s()
-
     def __start(self):
         try:
             self.backup_state("running", self.is_running())