server install: fix external CA install

Replace the dual definitions of domain_name, dm_password and admin_password knobs in server install with single definitions using the original names without the 'new_' prefix. This fixes the options read from the installer option cache in step 2 of external CA install to use the correct knob names. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-01-26 16:16:31 -06:00 · 2016-11-30 13:55:38 +01:00 · 2016-11-30 13:55:38 +01:00 · 4fff09978e
commit 4fff09978e
parent f167869371
6 changed files with 54 additions and 67 deletions
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@ -3571,6 +3571,9 @@ class ClientInstall(ClientInstallInterface,
    Client installer
    """

+    replica_file = None
+    dm_password = None
+
    ca_cert_files = knob(
        bases=ClientInstallInterface.ca_cert_files,
    )
--- a/ipalib/install/service.py
+++ b/ipalib/install/service.py
@ -146,7 +146,6 @@ class ServiceInstallInterface(common.Installable,
        str, None,
        description="a file generated by ipa-replica-prepare",
    )
-    replica_file = enroll_only(replica_file)
    replica_file = replica_install_only(replica_file)

    dm_password = knob(
@ -154,8 +153,6 @@ class ServiceInstallInterface(common.Installable,
        sensitive=True,
        description="Directory Manager password (for the existing master)",
    )
-    dm_password = enroll_only(dm_password)
-    dm_password = replica_install_only(dm_password)


 class ServiceAdminInstallInterface(ServiceInstallInterface):
@ -175,4 +172,3 @@ class ServiceAdminInstallInterface(ServiceInstallInterface):
        sensitive=True,
    )
    admin_password = enroll_only(admin_password)
-    admin_password = replica_install_only(admin_password)
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@ -338,7 +338,6 @@ class CAInstallInterface(dogtag.DogtagInstallInterface,
            ['-w']),
    )
    admin_password = enroll_only(admin_password)
-    admin_password = replica_install_only(admin_password)

    external_ca = knob(
        None,
--- a/ipaserver/install/ipa_server_install.py
+++ b/ipaserver/install/ipa_server_install.py
@ -15,16 +15,16 @@ class CompatServerMasterInstall(ServerMasterInstall):
    no_sudo = False
    request_cert = False

-    new_dm_password = knob(
+    dm_password = knob(
        # pylint: disable=no-member
-        bases=ServerMasterInstall.new_dm_password,
+        bases=ServerMasterInstall.dm_password,
        cli_names=['--ds-password', '-p'],
    )

-    new_admin_password = knob(
+    admin_password = knob(
        # pylint: disable=no-member
-        bases=ServerMasterInstall.new_admin_password,
-        cli_names=(list(ServerMasterInstall.new_admin_password.cli_names) +
+        bases=ServerMasterInstall.admin_password,
+        cli_names=(list(ServerMasterInstall.admin_password.cli_names) +
                   ['-a']),
    )

--- a/ipaserver/install/server/init.py
+++ b/ipaserver/install/server/init.py
@ -21,7 +21,6 @@ from ipalib.install.service import (enroll_only,
                                    prepares,
                                    prepare_only,
                                    replica_install_only)
-from ipalib.util import validate_domain_name
 from ipapython import ipautil
 from ipapython.dnsutil import check_zone_overlap
 from ipapython.install import typing
@ -72,22 +71,6 @@ class ServerInstallInterface(client.ClientInstallInterface,
        cli_names=(list(client.ClientInstallInterface.domain_name.cli_names) +
                   ['-n']),
    )
-    domain_name = replica_install_only(domain_name)
-
-    new_domain_name = knob(
-        bases=client.ClientInstallInterface.domain_name,
-        cli_names=['--domain', '-n'],
-        cli_metavar='DOMAIN_NAME',
-    )
-    new_domain_name = master_install_only(new_domain_name)
-
-    @new_domain_name.validator
-    def new_domain_name(self, value):
-        validate_domain_name(value)
-        if (self.setup_dns and
-                not self.allow_zone_overlap):   # pylint: disable=no-member
-            print("Checking DNS domain %s, please wait ..." % value)
-            check_zone_overlap(value, False)

    servers = knob(
        bases=client.ClientInstallInterface.servers,
@ -114,18 +97,10 @@ class ServerInstallInterface(client.ClientInstallInterface,
    )
    ca_cert_files = prepare_only(ca_cert_files)

-    new_dm_password = knob(
-        str, None,
-        sensitive=True,
+    dm_password = knob(
+        bases=client.ClientInstallInterface.dm_password,
        description="Directory Manager password",
-        cli_names='--dm-password',
-        cli_metavar='DM_PASSWORD',
    )
-    new_dm_password = master_install_only(new_dm_password)
-
-    @new_dm_password.validator
-    def new_dm_password(self, value):
-        validate_dm_password(value)

    ip_addresses = knob(
        bases=client.ClientInstallInterface.ip_addresses,
@ -142,25 +117,6 @@ class ServerInstallInterface(client.ClientInstallInterface,
    )
    principal = replica_install_only(principal)

-    admin_password = knob(
-        bases=client.ClientInstallInterface.admin_password,
-        description="Kerberos password for the specified admin principal",
-    )
-    admin_password = replica_install_only(admin_password)
-
-    new_admin_password = knob(
-        str, None,
-        sensitive=True,
-        description="admin user kerberos password",
-        cli_names='--admin-password',
-        cli_metavar='ADMIN_PASSWORD',
-    )
-    new_admin_password = master_install_only(new_admin_password)
-
-    @new_admin_password.validator
-    def new_admin_password(self, value):
-        validate_admin_password(value)
-
    master_password = knob(
        str, None,
        sensitive=True,
@ -459,14 +415,14 @@ class ServerInstallInterface(client.ClientInstallInterface,
                    "--external-ca")

            if self.uninstalling:
-                if (self.realm_name or self.new_admin_password or
+                if (self.realm_name or self.admin_password or
                        self.master_password):
                    raise RuntimeError(
                        "In uninstall mode, -a, -r and -P options are not "
                        "allowed")
            elif not self.interactive:
-                if (not self.realm_name or not self.new_dm_password or
-                        not self.new_admin_password):
+                if (not self.realm_name or not self.dm_password or
+                        not self.admin_password):
                    raise RuntimeError(
                        "In unattended mode you need to provide at least -r, "
                        "-p and -a options")
@ -549,21 +505,49 @@ class ServerInstallInterface(client.ClientInstallInterface,
        self.no_pkinit = True


-class ServerMasterInstall(installs_master(ServerInstallInterface)):
+ServerMasterInstallInterface = installs_master(ServerInstallInterface)
+
+
+class ServerMasterInstall(ServerMasterInstallInterface):
    """
    Server master installer
    """

-    domain_name = None
    servers = None
-    dm_password = None
    no_wait_for_dns = True
-    admin_password = None
    host_password = None
    keytab = None
    setup_ca = True
    setup_kra = False

+    domain_name = knob(
+        bases=ServerMasterInstallInterface.domain_name,
+    )
+
+    @domain_name.validator
+    def domain_name(self, value):
+        if (self.setup_dns and
+                not self.allow_zone_overlap):
+            print("Checking DNS domain %s, please wait ..." % value)
+            check_zone_overlap(value, False)
+
+    dm_password = knob(
+        bases=ServerMasterInstallInterface.dm_password,
+    )
+
+    @dm_password.validator
+    def dm_password(self, value):
+        validate_dm_password(value)
+
+    admin_password = knob(
+        bases=ServerMasterInstallInterface.admin_password,
+        description="admin user kerberos password",
+    )
+
+    @admin_password.validator
+    def admin_password(self, value):
+        validate_admin_password(value)
+
    def __init__(self, **kwargs):
        super(ServerMasterInstall, self).__init__(**kwargs)
        master_init(self)
@ -581,13 +565,21 @@ class ServerMasterInstall(installs_master(ServerInstallInterface)):
        uninstall(self)


-class ServerReplicaInstall(installs_replica(ServerInstallInterface)):
+ServerReplicaInstallInterface = installs_replica(ServerInstallInterface)
+
+
+class ServerReplicaInstall(ServerReplicaInstallInterface):
    """
    Server replica installer
    """

    subject = None

+    admin_password = knob(
+        bases=ServerReplicaInstallInterface.admin_password,
+        description="Kerberos password for the specified admin principal",
+    )
+
    def __init__(self, **kwargs):
        super(ServerReplicaInstall, self).__init__(**kwargs)
        replica_init(self)
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@ -1150,9 +1150,6 @@ def uninstall(installer):
 def init(installer):
    installer.unattended = not installer.interactive

-    installer.domain_name = installer.new_domain_name
-    installer.dm_password = installer.new_dm_password
-    installer.admin_password = installer.new_admin_password
    installer.domainlevel = installer.domain_level

    installer._installation_cleanup = True