freeipa/install/tools/ipa-dns-install
Martin Basti e151492560 DNSSEC: allow to disable/replace DNSSEC key master
This commit allows to replace or disable DNSSEC key master

Replacing DNSSEC master requires to copy kasp.db file manually by user

ipa-dns-install:
--disable-dnssec-master  DNSSEC master will be disabled
--dnssec-master --kasp-db=FILE  This configure new DNSSEC master server,  kasp.db from old server is required for sucessful replacement
--force Skip checks

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-07-07 08:37:15 +02:00

136 lines
6.2 KiB
Python
Executable File

#! /usr/bin/python2 -E
# Authors: Martin Nagy <mnagy@redhat.com>
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007 - 2009 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from optparse import OptionGroup, SUPPRESS_HELP
from ipaserver.install import bindinstance, httpinstance
from ipaserver.install.installutils import *
from ipaserver.install import installutils
from ipapython import version
from ipalib import api
from ipaplatform.paths import paths
from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
from ipaserver.install import dns as dns_installer
log_file_name = paths.IPASERVER_INSTALL_LOG
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
parser.add_option("-p", "--ds-password", dest="dm_password",
sensitive=True, help=SUPPRESS_HELP)
parser.add_option("-d", "--debug", dest="debug", action="store_true",
default=False, help="print debugging information")
parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
default=[], action="append",
type="ip", ip_local=True, help="Master Server IP Address. This option can be used multiple times")
parser.add_option("--forwarder", dest="forwarders", action="append",
type="ip", help="Add a DNS forwarder. This option can be used multiple times")
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead")
parser.add_option("--reverse-zone", dest="reverse_zones",
default=[], action="append", metavar="REVERSE_ZONE",
help="The reverse DNS zone to use. This option can be used multiple times")
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create new reverse DNS zone")
parser.add_option("--no-dnssec-validation", dest="no_dnssec_validation", action="store_true",
default=False, help="Disable DNSSEC validation")
parser.add_option("--dnssec-master", dest="dnssec_master", action="store_true",
default=False, help="Setup server to be DNSSEC key master")
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
default=False, help="unattended installation never prompts the user")
parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master",
action="store_true", default=False, help="Disable the "
"DNSSEC master on this server")
parser.add_option("--kasp-db", dest="kasp_db_file", type="string",
metavar="FILE", action="store", help="Copy OpenDNSSEC "
"metadata from the specified file (will not create a new "
"kasp.db file)")
parser.add_option("--force", dest="force", action="store_true",
help="Force install")
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
if options.forwarders and options.no_forwarders:
parser.error("You cannot specify a --forwarder option together with --no-forwarders")
elif options.reverse_zones and options.no_reverse:
parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
if options.unattended:
if not options.forwarders and not options.no_forwarders:
parser.error("You must specify at least one --forwarder option or --no-forwarders option")
if options.kasp_db_file and not ipautil.file_exists(options.kasp_db_file):
parser.error("File %s does not exist" % options.kasp_db_file)
if options.dm_password:
print ("WARNING: Option -p/--ds-password is deprecated "
"and should not be used anymore.")
return safe_options, options
def main():
safe_options, options = parse_options()
if os.getegid() != 0:
sys.exit("Must be root to setup server")
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
print "\nThe log file for this installation can be found in %s" % log_file_name
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
installutils.check_server_configuration()
# Initialize the ipalib api
cfg = dict(
in_server=True,
debug=options.debug,
)
api.bootstrap(**cfg)
api.finalize()
api.Backend.ldap2.connect(autobind=True)
options.setup_ca = False
dns_installer.install_check(True, False, options, hostname=api.env.host)
dns_installer.install(True, False, options)
# Restart http instance to make sure that python-dns has the right resolver
# https://bugzilla.redhat.com/show_bug.cgi?id=800368
fstore = sysrestore.FileStore(paths.SYSRESTORE)
http = httpinstance.HTTPInstance(fstore)
service.print_msg("Restarting the web server")
http.restart()
return 0
if __name__ == '__main__':
installutils.run_script(main, log_file_name=log_file_name,
operation_name='ipa-dns-install')