Merge AD trust configurator into replica installer

`ipa-replica-install` is now able to configure Samba and winbind services in order to manage Active Directory trusts. `--add-agents` option is exposed in replica installer, while `--add-sids` now defaults to `False` since adding a first AD trust controller to an existing sizeable deployment can result in stuck installation as sidgen tasks can take a long time to complete. That's why adding SIDs should be a conscious decision in this case. https://fedorahosted.org/freeipa/ticket/6630 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-02-17 13:51:00 +01:00 · 2017-02-17 13:51:00 +01:00 · eee319dba1
commit eee319dba1
parent aa353c5f21
1 changed files with 11 additions and 1 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -38,7 +38,7 @@ from ipalib.util import (
 )
 from ipaclient.install.client import configure_krb5_conf, purge_host_keytab
 from ipaserver.install import (
-    bindinstance, ca, certs, dns, dsinstance, httpinstance,
+    adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance,
    installutils, kra, krbinstance,
    ntpinstance, otpdinstance, custodiainstance, service)
 from ipaserver.install.installutils import (
@ -862,6 +862,9 @@ def install_check(installer):
            network_ip_address_warning(config.ips)
            broadcast_ip_address_warning(config.ips)

+        if options.setup_adtrust:
+            adtrust.install_check(False, options, remote_api)
+
        enroll_dl0_replica(installer, fstore, remote_api)
        ccache = os.environ['KRB5CCNAME']
        kinit_keytab('host/{env.host}@{env.realm}'.format(env=api.env),
@ -1283,6 +1286,9 @@ def promote_check(installer):
            network_ip_address_warning(config.ips)
            broadcast_ip_address_warning(config.ips)

+        if options.setup_adtrust:
+            adtrust.install_check(False, options, remote_api)
+
    except errors.ACIError:
        root_logger.debug(traceback.format_exc())
        raise ScriptError("\nInsufficient privileges to promote the server."
@ -1473,6 +1479,10 @@ def install(installer):
        dns.install(False, True, options, api)
    else:
        api.Command.dns_update_system_records()
+
+    if options.setup_adtrust:
+        adtrust.install(False, options, fstore, api)
+
    api.Backend.ldap2.disconnect()

    if not promote: