mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-16 03:11:57 -06:00
6d02eddd3e
Replace the @PYTHONSHEBANG@ substitution with a valid #!/usr/bin/python3 shebang. This turns Python .in files into valid Python files. The files can now be checked with pylint and IDEs recognize the files as Python files. The shebang is still replaced with "#!$(PYTHON) -E" to support platform-python. Related: https://pagure.io/freeipa/issue/7984 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com>
157 lines
7.2 KiB
Python
157 lines
7.2 KiB
Python
#!/usr/bin/python3
|
|
# Authors: Martin Nagy <mnagy@redhat.com>
|
|
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
#
|
|
# Copyright (C) 2007 - 2009 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
from __future__ import print_function
|
|
|
|
import logging
|
|
import os
|
|
import sys
|
|
|
|
from ipaserver.install import bindinstance
|
|
from ipaserver.install import installutils
|
|
from ipapython import version
|
|
from ipalib import api
|
|
from ipaplatform.paths import paths
|
|
from ipapython import ipautil
|
|
from ipapython.config import IPAOptionParser
|
|
from ipapython.ipa_log_manager import standard_logging_setup
|
|
|
|
from ipaserver.install import dns as dns_installer
|
|
|
|
logger = logging.getLogger(os.path.basename(__file__))
|
|
|
|
log_file_name = paths.IPASERVER_INSTALL_LOG
|
|
|
|
def parse_options():
|
|
parser = IPAOptionParser(version=version.VERSION)
|
|
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
|
default=False, help="print debugging information")
|
|
parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
|
|
default=[], action="append",
|
|
type="ip",
|
|
help="Master Server IP Address. This option can be used "
|
|
"multiple times")
|
|
parser.add_option("--forwarder", dest="forwarders", action="append",
|
|
type="ip_with_loopback", help="Add a DNS forwarder. This option can be used multiple times")
|
|
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
|
default=False, help="Do not add any DNS forwarders, use root servers instead")
|
|
parser.add_option("--auto-forwarders", dest="auto_forwarders",
|
|
action="store_true", default=False,
|
|
help="Use DNS forwarders configured in /etc/resolv.conf")
|
|
parser.add_option("--forward-policy", dest="forward_policy",
|
|
choices=("first", "only"), default=None,
|
|
help="DNS forwarding policy for global forwarders")
|
|
parser.add_option("--reverse-zone", dest="reverse_zones",
|
|
default=[], action="append", metavar="REVERSE_ZONE",
|
|
help="The reverse DNS zone to use. This option can be used multiple times")
|
|
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
|
default=False, help="Do not create new reverse DNS zone")
|
|
parser.add_option("--auto-reverse", dest="auto_reverse", action="store_true",
|
|
default=False, help="Create necessary DNS zones")
|
|
parser.add_option("--allow-zone-overlap", dest="allow_zone_overlap",
|
|
action="store_true", default=False, help="Create DNS "
|
|
"zone even if it already exists")
|
|
parser.add_option("--no-dnssec-validation", dest="no_dnssec_validation", action="store_true",
|
|
default=False, help="Disable DNSSEC validation")
|
|
parser.add_option("--dnssec-master", dest="dnssec_master", action="store_true",
|
|
default=False, help="Setup server to be DNSSEC key master")
|
|
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
|
|
type="string",
|
|
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
|
|
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
|
default=False, help="unattended installation never prompts the user")
|
|
parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master",
|
|
action="store_true", default=False, help="Disable the "
|
|
"DNSSEC master on this server")
|
|
parser.add_option("--kasp-db", dest="kasp_db_file", type="string",
|
|
metavar="FILE", action="store", help="Copy OpenDNSSEC "
|
|
"metadata from the specified file (will not create a new "
|
|
"kasp.db file)")
|
|
parser.add_option("--force", dest="force", action="store_true",
|
|
help="Force install")
|
|
|
|
options, _args = parser.parse_args()
|
|
safe_options = parser.get_safe_opts(options)
|
|
|
|
if options.dnssec_master and options.disable_dnssec_master:
|
|
parser.error("Invalid combination of parameters: --dnssec-master and "
|
|
"--disable-dnssec-master")
|
|
|
|
if options.forwarders and options.no_forwarders:
|
|
parser.error("You cannot specify a --forwarder option together with --no-forwarders")
|
|
elif options.reverse_zones and options.no_reverse:
|
|
parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
|
|
elif options.auto_reverse and options.no_reverse:
|
|
parser.error("You cannot specify a --auto-reverse option together with --no-reverse")
|
|
|
|
if options.unattended:
|
|
if (not options.forwarders
|
|
and not options.no_forwarders
|
|
and not options.auto_forwarders):
|
|
parser.error("You must specify at least one option: "
|
|
"--forwarder or --no-forwarders or --auto-forwarders")
|
|
|
|
if options.kasp_db_file and not os.path.isfile(options.kasp_db_file):
|
|
parser.error("File %s does not exist" % options.kasp_db_file)
|
|
|
|
return safe_options, options
|
|
|
|
def main():
|
|
safe_options, options = parse_options()
|
|
|
|
if os.getegid() != 0:
|
|
sys.exit("Must be root to setup server")
|
|
|
|
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
|
|
print("\nThe log file for this installation can be found in %s" % log_file_name)
|
|
|
|
logger.debug('%s was invoked with options: %s', sys.argv[0], safe_options)
|
|
logger.debug("missing options might be asked for interactively later\n")
|
|
logger.debug('IPA version %s', version.VENDOR_VERSION)
|
|
|
|
installutils.check_server_configuration()
|
|
|
|
# Initialize the ipalib api
|
|
api.bootstrap(
|
|
context='install', confdir=paths.ETC_IPA,
|
|
in_server=True, debug=options.debug,
|
|
)
|
|
api.finalize()
|
|
api.Backend.ldap2.connect()
|
|
|
|
options.setup_ca = None # must be None to enable autodetection
|
|
|
|
dns_installer.install_check(True, api, False, options, hostname=api.env.host)
|
|
dns_installer.install(True, False, options)
|
|
# Services are enabled in dns_installer.install()
|
|
|
|
# execute ipactl to refresh services status
|
|
ipautil.run([paths.IPACTL, 'start', '--ignore-service-failures'],
|
|
raiseonerr=False)
|
|
|
|
api.Backend.ldap2.disconnect()
|
|
|
|
return 0
|
|
|
|
if __name__ == '__main__':
|
|
installutils.run_script(main, log_file_name=log_file_name,
|
|
operation_name='ipa-dns-install')
|