#! /usr/bin/python2 -E # Authors: Martin Nagy # Based on ipa-server-install by Karl MacMillan # # Copyright (C) 2007 - 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function import logging import os import sys from optparse import SUPPRESS_HELP # pylint: disable=deprecated-module from ipaserver.install import bindinstance from ipaserver.install import installutils from ipapython import version from ipalib import api from ipaplatform.paths import paths from ipapython import ipautil from ipapython.config import IPAOptionParser from ipapython.ipa_log_manager import standard_logging_setup from ipaserver.install import dns as dns_installer logger = logging.getLogger(os.path.basename(__file__)) log_file_name = paths.IPASERVER_INSTALL_LOG def parse_options(): parser = IPAOptionParser(version=version.VERSION) parser.add_option("-p", "--ds-password", dest="dm_password", sensitive=True, help=SUPPRESS_HELP) parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="print debugging information") parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS", default=[], action="append", type="ip", help="Master Server IP Address. This option can be used " "multiple times") parser.add_option("--forwarder", dest="forwarders", action="append", type="ip", help="Add a DNS forwarder. This option can be used multiple times") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") parser.add_option("--auto-forwarders", dest="auto_forwarders", action="store_true", default=False, help="Use DNS forwarders configured in /etc/resolv.conf") parser.add_option("--forward-policy", dest="forward_policy", choices=("first", "only"), default=None, help="DNS forwarding policy for global forwarders") parser.add_option("--reverse-zone", dest="reverse_zones", default=[], action="append", metavar="REVERSE_ZONE", help="The reverse DNS zone to use. This option can be used multiple times") parser.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create new reverse DNS zone") parser.add_option("--auto-reverse", dest="auto_reverse", action="store_true", default=False, help="Create necessary DNS zones") parser.add_option("--allow-zone-overlap", dest="allow_zone_overlap", action="store_true", default=False, help="Create DNS " "zone even if it already exists") parser.add_option("--no-dnssec-validation", dest="no_dnssec_validation", action="store_true", default=False, help="Disable DNSSEC validation") parser.add_option("--dnssec-master", dest="dnssec_master", action="store_true", default=False, help="Setup server to be DNSSEC key master") parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback, type="string", help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master", action="store_true", default=False, help="Disable the " "DNSSEC master on this server") parser.add_option("--kasp-db", dest="kasp_db_file", type="string", metavar="FILE", action="store", help="Copy OpenDNSSEC " "metadata from the specified file (will not create a new " "kasp.db file)") parser.add_option("--force", dest="force", action="store_true", help="Force install") options, _args = parser.parse_args() safe_options = parser.get_safe_opts(options) if options.dnssec_master and options.disable_dnssec_master: parser.error("Invalid combination of parameters: --dnssec-master and " "--disable-dnssec-master") if options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") elif options.reverse_zones and options.no_reverse: parser.error("You cannot specify a --reverse-zone option together with --no-reverse") elif options.auto_reverse and options.no_reverse: parser.error("You cannot specify a --auto-reverse option together with --no-reverse") if options.unattended: if (not options.forwarders and not options.no_forwarders and not options.auto_forwarders): parser.error("You must specify at least one option: " "--forwarder or --no-forwarders or --auto-forwarders") if options.kasp_db_file and not ipautil.file_exists(options.kasp_db_file): parser.error("File %s does not exist" % options.kasp_db_file) if options.dm_password: print ("WARNING: Option -p/--ds-password is deprecated " "and should not be used anymore.") return safe_options, options def main(): safe_options, options = parse_options() if os.getegid() != 0: sys.exit("Must be root to setup server") standard_logging_setup(log_file_name, debug=options.debug, filemode='a') print("\nThe log file for this installation can be found in %s" % log_file_name) logger.debug('%s was invoked with options: %s', sys.argv[0], safe_options) logger.debug("missing options might be asked for interactively later\n") logger.debug('IPA version %s', version.VENDOR_VERSION) installutils.check_server_configuration() # Initialize the ipalib api api.bootstrap( context='install', confdir=paths.ETC_IPA, in_server=True, debug=options.debug, ) api.finalize() api.Backend.ldap2.connect() options.setup_ca = None # must be None to enable autodetection dns_installer.install_check(True, api, False, options, hostname=api.env.host) dns_installer.install(True, False, options) # execute ipactl to refresh services status ipautil.run(['ipactl', 'start', '--ignore-service-failures'], raiseonerr=False) api.Backend.ldap2.disconnect() return 0 if __name__ == '__main__': installutils.run_script(main, log_file_name=log_file_name, operation_name='ipa-dns-install')