diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 4527447a7..fd9311657 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -21,18 +21,16 @@
from optparse import OptionGroup, SUPPRESS_HELP
-from ipaserver.install import (service, bindinstance, ntpinstance,
- httpinstance, dnskeysyncinstance, opendnssecinstance, odsexporterinstance)
+from ipaserver.install import bindinstance, httpinstance
from ipaserver.install.installutils import *
from ipaserver.install import installutils
from ipapython import version
-from ipapython import ipautil, sysrestore
-from ipapython.ipaldap import AUTOBIND_ENABLED
-from ipalib import api, errors, util
+from ipalib import api
from ipaplatform.paths import paths
from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
-from ipapython.ipautil import DN
+
+from ipaserver.install import dns as dns_installer
log_file_name = paths.IPASERVER_INSTALL_LOG
@@ -96,48 +94,6 @@ def main():
installutils.check_server_configuration()
- global fstore
- fstore = sysrestore.FileStore(paths.SYSRESTORE)
-
- print "=============================================================================="
- print "This program will setup DNS for the FreeIPA Server."
- print ""
- print "This includes:"
- print " * Configure DNS (bind)"
- print " * Configure SoftHSM (required by DNSSEC)"
- print " * Configure ipa-dnskeysyncd (required by DNSSEC)"
- if options.dnssec_master:
- print " * Configure ipa-ods-exporter (required by DNSSEC key master)"
- print " * Configure OpenDNSSEC (required by DNSSEC key master)"
- print " * Generate DNSSEC master key (required by DNSSEC key master)"
- print ""
- print "NOTE: DNSSEC zone signing is not enabled by default"
- print ""
- if options.dnssec_master:
- print "DNSSEC support is experimental!"
- print ""
- print "Plan carefully, current version doesn't allow you to move DNSSEC"
- print "key master to different server and master cannot be uninstalled"
- print ""
- print ""
- print "To accept the default shown in brackets, press the Enter key."
- print ""
-
- if options.dnssec_master and not options.unattended and not ipautil.user_input(
- "Do you want to setup this IPA server as DNSSEC key master?",
- False):
- sys.exit("Aborted")
-
- # Check bind packages are installed
- if not (bindinstance.check_inst(options.unattended) and
- dnskeysyncinstance.check_inst()):
- sys.exit("Aborting installation.")
-
- if options.dnssec_master:
- # check opendnssec packages are installed
- if not opendnssecinstance.check_inst():
- sys.exit("Aborting installation")
-
# Initialize the ipalib api
cfg = dict(
in_server=True,
@@ -146,93 +102,20 @@ def main():
api.bootstrap(**cfg)
api.finalize()
-
- # create BIND and OpenDNSSec instances
-
- bind = bindinstance.BindInstance(fstore, ldapi=True,
- autobind=AUTOBIND_ENABLED)
-
- ods = opendnssecinstance.OpenDNSSECInstance(fstore, ldapi=True,
- autobind=AUTOBIND_ENABLED)
- if options.dnssec_master:
- ods.realm = api.env.realm
- dnssec_masters = ods.get_masters()
- # we can reinstall current server if it is dnssec master
- if not api.env.host in dnssec_masters and dnssec_masters:
- print "DNSSEC key master(s):", u','.join(dnssec_masters)
- sys.exit("Only one DNSSEC key master is supported in current version.")
-
- ip_addresses = get_server_ip_address(api.env.host, fstore,
- options.unattended, True, options.ip_addresses)
-
- if options.no_forwarders:
- dns_forwarders = ()
- elif options.forwarders:
- dns_forwarders = options.forwarders
- else:
- dns_forwarders = read_dns_forwarders()
-
- # test DNSSEC forwarders
- if dns_forwarders:
- if (not bindinstance.check_forwarders(dns_forwarders, root_logger)
- and not options.no_dnssec_validation):
- options.no_dnssec_validation = True
- print "WARNING: DNSSEC validation will be disabled"
-
- root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders))
-
api.Backend.ldap2.connect(autobind=True)
- reverse_zones = bindinstance.check_reverse_zones(ip_addresses,
- options.reverse_zones, options, options.unattended, True)
+ options.setup_ca = False
- if reverse_zones:
- print "Using reverse zone(s) %s" % ', '.join(reverse_zones)
-
- conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
-
- if not options.unattended:
- print ""
- print "The following operations may take some minutes to complete."
- print "Please wait until the prompt is returned."
- print ""
-
- bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
- dns_forwarders, conf_ntp, reverse_zones, zonemgr=options.zonemgr,
- no_dnssec_validation=options.no_dnssec_validation)
- bind.create_instance()
-
- # on dnssec master this must be installed last
- dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, ldapi=True)
- dnskeysyncd.create_instance(api.env.host, api.env.realm)
- if options.dnssec_master:
- ods_exporter = odsexporterinstance.ODSExporterInstance(
- fstore, ldapi=True, autobind=AUTOBIND_ENABLED)
-
- ods_exporter.create_instance(api.env.host, api.env.realm)
- ods.create_instance(api.env.host, api.env.realm)
-
- dnskeysyncd.start_dnskeysyncd()
- bind.start_named()
+ dns_installer.install_check(True, False, options, hostname=api.env.host)
+ dns_installer.install(True, False, options)
# Restart http instance to make sure that python-dns has the right resolver
# https://bugzilla.redhat.com/show_bug.cgi?id=800368
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
http = httpinstance.HTTPInstance(fstore)
service.print_msg("Restarting the web server")
http.restart()
- print "=============================================================================="
- print "Setup complete"
- print ""
- bind.check_global_configuration()
- print ""
- print ""
- print "\tYou must make sure these network ports are open:"
- print "\t\tTCP Ports:"
- print "\t\t * 53: bind"
- print "\t\tUDP Ports:"
- print "\t\t * 53: bind"
-
return 0
if __name__ == '__main__':
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index b09a5f16e..f68cc8cf4 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -41,6 +41,7 @@ from ipaserver.install.installutils import (
from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import cainstance
from ipaserver.install import krainstance
+from ipaserver.install import dns as dns_installer
from ipalib import api, create_api, errors, util, certstore, x509
from ipalib.constants import CACERT
from ipapython import version
@@ -150,6 +151,9 @@ def parse_options():
elif options.reverse_zones and options.no_reverse:
parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
+ options.zonemgr = None
+ options.dnssec_master = False
+
return safe_options, options, args[0]
def get_dirman_password():
@@ -262,31 +266,6 @@ def install_http(config, auto_redirect):
return http
-def install_bind(config, options):
- api.Backend.ldap2.connect(bind_dn=DIRMAN_DN,
- bind_pw=config.dirman_password)
- if options.forwarders:
- forwarders = options.forwarders
- else:
- forwarders = ()
- bind = bindinstance.BindInstance(dm_password=config.dirman_password)
-
- bind.setup(config.host_name, config.ips, config.realm_name,
- config.domain_name, forwarders, options.conf_ntp,
- config.reverse_zones, ca_configured=options.setup_ca,
- no_dnssec_validation=options.no_dnssec_validation)
- bind.create_instance()
- print ""
- dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(
- dm_password=config.dirman_password)
- dnskeysyncd.create_instance(api.env.host, api.env.realm)
- dnskeysyncd.start_dnskeysyncd()
- bind.start_named()
- print ""
- bind.check_global_configuration()
- print ""
-
-
def install_dns_records(config, options, remote_api):
if not bindinstance.dns_container_exists(config.master_host_name,
@@ -451,17 +430,6 @@ def main():
global fstore
fstore = sysrestore.FileStore(paths.SYSRESTORE)
- # check the bind is installed
- if options.setup_dns:
- check_bind()
-
- # test DNSSEC forwarders
- if options.forwarders:
- if (not bindinstance.check_forwarders(options.forwarders, root_logger)
- and not options.no_dnssec_validation):
- options.no_dnssec_validation = True
- print "WARNING: DNSSEC validation will be disabled"
-
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
sys.exit("Aborting installation")
@@ -514,6 +482,13 @@ def main():
installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
+ if options.setup_dns:
+ dns_installer.install_check(False, True, options, config.host_name)
+ else:
+ installutils.get_server_ip_address(config.host_name, fstore,
+ options.unattended, False,
+ options.ip_addresses)
+
# check connection
if not options.skip_conncheck:
replica_conn_check(
@@ -521,18 +496,6 @@ def main():
options.setup_ca, config.ca_ds_port, options.admin_password)
- # check replica host IP resolution
- config.ips = installutils.get_server_ip_address(config.host_name, fstore,
- options.unattended, options.setup_dns, options.ip_addresses)
-
- ip_addresses = [str(ip) for ip in config.ips]
- config.reverse_zones = bindinstance.check_reverse_zones(ip_addresses,
- options.reverse_zones, options, True)
-
- if config.reverse_zones is not None:
- print "Using reverse zone(s) %s" % ', '.join(config.reverse_zones)
-
-
# Create the management framework config file
# Note: We must do this before bootstraping and finalizing ipalib.api
old_umask = os.umask(022) # must be readable for httpd
@@ -713,7 +676,8 @@ def main():
CA.restart(dogtag.configured_constants().PKI_INSTANCE_NAME)
if options.setup_dns:
- install_bind(config, options)
+ api.Backend.ldap2.connect(autobind=True)
+ dns_installer.install(False, True, options)
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 5c0431582..7926a52a0 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -49,9 +49,6 @@ except ImportError:
from ipaserver.install import dsinstance
from ipaserver.install import krbinstance
from ipaserver.install import bindinstance
-from ipaserver.install import dnskeysyncinstance
-from ipaserver.install import opendnssecinstance
-from ipaserver.install import odsexporterinstance
from ipaserver.install import httpinstance
from ipaserver.install import ntpinstance
from ipaserver.install import certs
@@ -61,6 +58,7 @@ from ipaserver.install import memcacheinstance
from ipaserver.install import otpdinstance
from ipaserver.install import sysupgrade
from ipaserver.install import replication
+from ipaserver.install import dns as dns_installer
from ipaserver.install import service, installutils
from ipapython import version
from ipapython import certmonger
@@ -405,6 +403,8 @@ def parse_options():
#Automatically disable pkinit w/ dogtag until that is supported
options.setup_pkinit = False
+ options.dnssec_master = False
+
return safe_options, options
def signal_handler(signum, frame):
@@ -589,21 +589,7 @@ def uninstall():
if ca_instance.is_configured():
ca_instance.uninstall()
- ods = opendnssecinstance.OpenDNSSECInstance(fstore)
- if ods.is_configured():
- ods.uninstall()
-
- ods_exporter = odsexporterinstance.ODSExporterInstance(fstore)
- if ods_exporter.is_configured():
- ods_exporter.uninstall()
-
- bind = bindinstance.BindInstance(fstore)
- if bind.is_configured():
- bind.uninstall()
-
- dnskeysync = dnskeysyncinstance.DNSKeySyncInstance(fstore)
- if dnskeysync.is_configured():
- dnskeysync.uninstall()
+ dns_installer.uninstall()
httpinstance.HTTPInstance(fstore).uninstall()
krbinstance.KrbInstance(fstore).uninstall()
@@ -769,19 +755,8 @@ def main():
"agreements.\n\n")
print textwrap.fill(msg, width=80, replace_whitespace=False)
else:
-
- # test if server is DNSSEC key master
- masters = opendnssecinstance.get_dnssec_key_masters(conn)
- if api.env.host in masters:
- print "This server is active DNSSEC key master. Uninstall could break your DNS system."
- if not (options.unattended or user_input("Are you sure you "
- "want to continue "
- "with the uninstall "
- "procedure?",
- False)):
- print ""
- print "Aborting uninstall operation."
- sys.exit(1)
+ api.Backend.ldap2.connect(autobind=True)
+ dns_installer.uninstall_check(options)
rm = replication.ReplicationManager(
realm=api.env.realm,
@@ -861,6 +836,7 @@ def main():
# Until then users that want to install the KRA need to use ipa-install-kra
# TODO set setup_kra = True when Dogtag 10.2 is available
setup_kra = False
+ options.setup_ca = setup_ca
# Figure out what external CA step we're in. See cainstance.py for more
# info on the 3 states.
@@ -922,13 +898,6 @@ def main():
if httpinstance.httpd_443_configured():
sys.exit("Aborting installation")
- realm_name = ""
- host_name = ""
- domain_name = ""
- ip_addresses = []
- master_password = ""
- dm_password = ""
- admin_password = ""
reverse_zones = []
if not options.setup_dns and not options.unattended:
@@ -938,10 +907,6 @@ def main():
# check bind packages are installed
if options.setup_dns:
- if not (bindinstance.check_inst(options.unattended) and
- dnskeysyncinstance.check_inst()):
- sys.exit("Aborting installation")
-
# Don't require an external DNS to say who we are if we are
# setting up a local DNS server.
options.no_host_dns = True
@@ -989,9 +954,6 @@ def main():
domain_name = domain_name.lower()
- ip_addresses = get_server_ip_address(host_name, fstore,
- options.unattended, options.setup_dns, options.ip_addresses)
-
if not options.realm_name:
realm_name = read_realm_name(domain_name, options.unattended)
root_logger.debug("read realm_name: %s\n" % realm_name)
@@ -1075,28 +1037,11 @@ def main():
admin_password = options.admin_password
if options.setup_dns:
- if options.no_forwarders:
- dns_forwarders = ()
- elif options.forwarders:
- dns_forwarders = options.forwarders
- else:
- dns_forwarders = read_dns_forwarders()
-
- #test DNSSEC forwarders
- if dns_forwarders:
- if (not bindinstance.check_forwarders(dns_forwarders, root_logger)
- and not options.no_dnssec_validation):
- options.no_dnssec_validation = True
- print "WARNING: DNSSEC validation will be disabled"
-
- reverse_zones = bindinstance.check_reverse_zones(ip_addresses,
- options.reverse_zones, options, options.unattended)
-
- if reverse_zones:
- print "Using reverse zone(s) %s" % ", ".join(str(rz) for rz in reverse_zones)
+ dns_installer.install_check(False, False, options, host_name)
+ ip_addresses = dns_installer.ip_addresses
else:
- dns_forwarders = ()
- root_logger.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
+ ip_addresses = get_server_ip_address(host_name, fstore,
+ options.unattended, False, options.ip_addresses)
print
print "The IPA Master Server will be configured with:"
@@ -1108,10 +1053,15 @@ def main():
if options.setup_dns:
print "BIND DNS server will be configured to serve IPA domain with:"
- print "Forwarders: %s" % ("No forwarders" if not dns_forwarders \
- else ", ".join([str(ip) for ip in dns_forwarders]))
- print "Reverse zone(s): %s" % ("No reverse zone" if options.no_reverse \
- or reverse_zones is None else ", ".join(str(rz) for rz in reverse_zones))
+ print "Forwarders: %s" % (
+ "No forwarders" if not dns_installer.dns_forwarders
+ else ", ".join([str(ip) for ip in dns_installer.dns_forwarders])
+ )
+ print "Reverse zone(s): %s" % (
+ "No reverse zone" if options.no_reverse
+ or not dns_installer.reverse_zones
+ else ", ".join(str(rz) for rz in dns_installer.reverse_zones)
+ )
print
# If domain name and realm does not match, IPA server will not be able
@@ -1225,7 +1175,7 @@ def main():
options.admin_password = admin_password
options.host_name = host_name
options.unattended = True
- options.forwarders = dns_forwarders
+ options.forwarders = dns_installer.dns_forwarders
options.reverse_zones = reverse_zones
write_cache(vars(options))
ca.configure_instance(host_name, domain_name, dm_password,
@@ -1323,24 +1273,16 @@ def main():
service.print_msg("Restarting the certificate server")
ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME)
- # Create a BIND instance
- bind = bindinstance.BindInstance(fstore, dm_password)
- bind.setup(host_name, ip_addresses, realm_name, domain_name, dns_forwarders,
- options.conf_ntp, reverse_zones, zonemgr=options.zonemgr,
- ca_configured=setup_ca,
- no_dnssec_validation=options.no_dnssec_validation)
if options.setup_dns:
- api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
-
- bind.create_instance()
- dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, dm_password)
- dnskeysyncd.create_instance(api.env.host, api.env.realm)
- dnskeysyncd.start_dnskeysyncd()
- bind.start_named()
- print ""
- bind.check_global_configuration()
- print ""
+ api.Backend.ldap2.connect(autobind=True)
+ dns_installer.install(False, False, options)
else:
+ # Create a BIND instance
+ bind = bindinstance.BindInstance(fstore, dm_password)
+ bind.setup(host_name, ip_addresses, realm_name,
+ domain_name, (), options.conf_ntp, (),
+ zonemgr=options.zonemgr, ca_configured=setup_ca,
+ no_dnssec_validation=options.no_dnssec_validation)
bind.create_sample_bind_zone()
# Restart httpd to pick up the new IPA configuration
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
new file mode 100644
index 000000000..8d9570d68
--- /dev/null
+++ b/ipaserver/install/dns.py
@@ -0,0 +1,210 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+import sys
+
+from ipalib import api
+from ipaplatform.paths import paths
+from ipapython import ipautil
+from ipapython import sysrestore
+from ipapython.ipa_log_manager import root_logger
+from ipapython.ipaldap import AUTOBIND_ENABLED
+from ipapython.ipautil import user_input
+from ipaserver.install.installutils import get_server_ip_address
+from ipaserver.install.installutils import read_dns_forwarders
+from ipaserver.install import bindinstance
+from ipaserver.install import dnskeysyncinstance
+from ipaserver.install import ntpinstance
+from ipaserver.install import odsexporterinstance
+from ipaserver.install import opendnssecinstance
+
+ip_addresses = []
+dns_forwarders = []
+reverse_zones = []
+
+
+def install_check(standalone, replica, options, hostname):
+ global ip_addresses
+ global dns_forwarders
+ global reverse_zones
+
+ if standalone:
+ print "=============================================================================="
+ print "This program will setup DNS for the FreeIPA Server."
+ print ""
+ print "This includes:"
+ print " * Configure DNS (bind)"
+ print " * Configure SoftHSM (required by DNSSEC)"
+ print " * Configure ipa-dnskeysyncd (required by DNSSEC)"
+ if options.dnssec_master:
+ print " * Configure ipa-ods-exporter (required by DNSSEC key master)"
+ print " * Configure OpenDNSSEC (required by DNSSEC key master)"
+ print " * Generate DNSSEC master key (required by DNSSEC key master)"
+ print ""
+ print "NOTE: DNSSEC zone signing is not enabled by default"
+ print ""
+ if options.dnssec_master:
+ print "DNSSEC support is experimental!"
+ print ""
+ print "Plan carefully, current version doesn't allow you to move DNSSEC"
+ print "key master to different server and master cannot be uninstalled"
+ print ""
+ print ""
+ print "To accept the default shown in brackets, press the Enter key."
+ print ""
+
+ if (options.dnssec_master and not options.unattended and not
+ ipautil.user_input(
+ "Do you want to setup this IPA server as DNSSEC key master?",
+ False)):
+ sys.exit("Aborted")
+
+ # Check bind packages are installed
+ if not (bindinstance.check_inst(options.unattended) and
+ dnskeysyncinstance.check_inst()):
+ sys.exit("Aborting installation.")
+
+ if options.dnssec_master:
+ # check opendnssec packages are installed
+ if not opendnssecinstance.check_inst():
+ sys.exit("Aborting installation")
+
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
+
+ if options.dnssec_master:
+ ods = opendnssecinstance.OpenDNSSECInstance(
+ fstore, ldapi=True, autobind=AUTOBIND_ENABLED)
+ ods.realm = api.env.realm
+ dnssec_masters = ods.get_masters()
+ # we can reinstall current server if it is dnssec master
+ if api.env.host not in dnssec_masters and dnssec_masters:
+ print "DNSSEC key master(s):", u','.join(dnssec_masters)
+ sys.exit("Only one DNSSEC key master is supported in current "
+ "version.")
+
+ ip_addresses = get_server_ip_address(
+ hostname, fstore, options.unattended, True, options.ip_addresses)
+
+ if options.no_forwarders:
+ dns_forwarders = ()
+ elif options.forwarders:
+ dns_forwarders = options.forwarders
+ elif standalone or not replica:
+ dns_forwarders = read_dns_forwarders()
+
+ # test DNSSEC forwarders
+ if dns_forwarders:
+ if (not bindinstance.check_forwarders(dns_forwarders, root_logger) and
+ not options.no_dnssec_validation):
+ options.no_dnssec_validation = True
+ print "WARNING: DNSSEC validation will be disabled"
+
+ root_logger.debug("will use dns_forwarders: %s\n", dns_forwarders)
+
+ if not standalone:
+ search_reverse_zones = False
+ else:
+ search_reverse_zones = True
+
+ if not standalone and replica:
+ reverse_zones_unattended_check = True
+ else:
+ reverse_zones_unattended_check = options.unattended
+
+ reverse_zones = bindinstance.check_reverse_zones(
+ ip_addresses, options.reverse_zones, options,
+ reverse_zones_unattended_check, search_reverse_zones
+ )
+
+ if reverse_zones:
+ print "Using reverse zone(s) %s" % ', '.join(reverse_zones)
+
+
+def install(standalone, replica, options):
+ global ip_addresses
+ global dns_forwarders
+ global reverse_zones
+
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
+
+ conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
+
+ bind = bindinstance.BindInstance(fstore, ldapi=True,
+ autobind=AUTOBIND_ENABLED)
+ bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
+ dns_forwarders, conf_ntp, reverse_zones, zonemgr=options.zonemgr,
+ no_dnssec_validation=options.no_dnssec_validation,
+ ca_configured=options.setup_ca)
+
+ if standalone and not options.unattended:
+ print ""
+ print "The following operations may take some minutes to complete."
+ print "Please wait until the prompt is returned."
+ print ""
+
+ bind.create_instance()
+
+ # on dnssec master this must be installed last
+ dnskeysyncd = dnskeysyncinstance.DNSKeySyncInstance(fstore, ldapi=True)
+ dnskeysyncd.create_instance(api.env.host, api.env.realm)
+ if options.dnssec_master:
+ ods = opendnssecinstance.OpenDNSSECInstance(fstore, ldapi=True,
+ autobind=AUTOBIND_ENABLED)
+ ods_exporter = odsexporterinstance.ODSExporterInstance(
+ fstore, ldapi=True, autobind=AUTOBIND_ENABLED)
+
+ ods_exporter.create_instance(api.env.host, api.env.realm)
+ ods.create_instance(api.env.host, api.env.realm)
+
+ dnskeysyncd.start_dnskeysyncd()
+ bind.start_named()
+
+ if standalone:
+ print "=============================================================================="
+ print "Setup complete"
+ print ""
+ bind.check_global_configuration()
+ print ""
+ print ""
+ print "\tYou must make sure these network ports are open:"
+ print "\t\tTCP Ports:"
+ print "\t\t * 53: bind"
+ print "\t\tUDP Ports:"
+ print "\t\t * 53: bind"
+ elif not standalone and replica:
+ print ""
+ bind.check_global_configuration()
+ print ""
+
+
+def uninstall_check(options):
+ # test if server is DNSSEC key master
+ masters = opendnssecinstance.get_dnssec_key_masters(api.Backend.ldap2)
+ if api.env.host in masters:
+ print "This server is active DNSSEC key master. Uninstall could break your DNS system."
+ if not (options.unattended or user_input(
+ "Are you sure you want to continue with the uninstall "
+ "procedure?", False)):
+ print ""
+ print "Aborting uninstall operation."
+ sys.exit(1)
+
+
+def uninstall():
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
+ ods = opendnssecinstance.OpenDNSSECInstance(fstore)
+ if ods.is_configured():
+ ods.uninstall()
+
+ ods_exporter = odsexporterinstance.ODSExporterInstance(fstore)
+ if ods_exporter.is_configured():
+ ods_exporter.uninstall()
+
+ bind = bindinstance.BindInstance(fstore)
+ if bind.is_configured():
+ bind.uninstall()
+
+ dnskeysync = dnskeysyncinstance.DNSKeySyncInstance(fstore)
+ if dnskeysync.is_configured():
+ dnskeysync.uninstall()
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index dc41c0f87..817c27e69 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -17,6 +17,8 @@
# along with this program. If not, see .
#
+from __future__ import absolute_import
+
import socket
import getpass
import os
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index a66b39d6f..da492a96b 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -18,6 +18,8 @@
# along with this program. If not, see .
#
+from __future__ import absolute_import
+
import os
import shutil
import tempfile
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 154dbea72..648fc7601 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -17,6 +17,8 @@
# along with this program. If not, see .
#
+from __future__ import absolute_import
+
import shutil
import fileinput
import re
@@ -26,8 +28,8 @@ import pwd
import socket
import dns.name
-import service
-import installutils
+from ipaserver.install import service
+from ipaserver.install import installutils
from ipapython import sysrestore
from ipapython import ipautil
from ipapython import kernel_keyring
@@ -42,7 +44,7 @@ from ipaserver.install import dsinstance
import pyasn1.codec.ber.decoder
import struct
-import certs
+from ipaserver.install import certs
from distutils import version
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths