mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 16:31:08 -06:00
e151492560
This commit allows to replace or disable DNSSEC key master Replacing DNSSEC master requires to copy kasp.db file manually by user ipa-dns-install: --disable-dnssec-master DNSSEC master will be disabled --dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement --force Skip checks https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
136 lines
6.2 KiB
Python
Executable File
136 lines
6.2 KiB
Python
Executable File
#! /usr/bin/python2 -E
|
|
# Authors: Martin Nagy <mnagy@redhat.com>
|
|
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
#
|
|
# Copyright (C) 2007 - 2009 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
from optparse import OptionGroup, SUPPRESS_HELP
|
|
|
|
from ipaserver.install import bindinstance, httpinstance
|
|
from ipaserver.install.installutils import *
|
|
from ipaserver.install import installutils
|
|
from ipapython import version
|
|
from ipalib import api
|
|
from ipaplatform.paths import paths
|
|
from ipapython.config import IPAOptionParser
|
|
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
|
|
|
|
from ipaserver.install import dns as dns_installer
|
|
|
|
log_file_name = paths.IPASERVER_INSTALL_LOG
|
|
|
|
def parse_options():
|
|
parser = IPAOptionParser(version=version.VERSION)
|
|
parser.add_option("-p", "--ds-password", dest="dm_password",
|
|
sensitive=True, help=SUPPRESS_HELP)
|
|
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
|
default=False, help="print debugging information")
|
|
parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
|
|
default=[], action="append",
|
|
type="ip", ip_local=True, help="Master Server IP Address. This option can be used multiple times")
|
|
parser.add_option("--forwarder", dest="forwarders", action="append",
|
|
type="ip", help="Add a DNS forwarder. This option can be used multiple times")
|
|
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
|
default=False, help="Do not add any DNS forwarders, use root servers instead")
|
|
parser.add_option("--reverse-zone", dest="reverse_zones",
|
|
default=[], action="append", metavar="REVERSE_ZONE",
|
|
help="The reverse DNS zone to use. This option can be used multiple times")
|
|
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
|
default=False, help="Do not create new reverse DNS zone")
|
|
parser.add_option("--no-dnssec-validation", dest="no_dnssec_validation", action="store_true",
|
|
default=False, help="Disable DNSSEC validation")
|
|
parser.add_option("--dnssec-master", dest="dnssec_master", action="store_true",
|
|
default=False, help="Setup server to be DNSSEC key master")
|
|
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
|
|
type="string",
|
|
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
|
|
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
|
default=False, help="unattended installation never prompts the user")
|
|
parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master",
|
|
action="store_true", default=False, help="Disable the "
|
|
"DNSSEC master on this server")
|
|
parser.add_option("--kasp-db", dest="kasp_db_file", type="string",
|
|
metavar="FILE", action="store", help="Copy OpenDNSSEC "
|
|
"metadata from the specified file (will not create a new "
|
|
"kasp.db file)")
|
|
parser.add_option("--force", dest="force", action="store_true",
|
|
help="Force install")
|
|
|
|
options, args = parser.parse_args()
|
|
safe_options = parser.get_safe_opts(options)
|
|
|
|
if options.forwarders and options.no_forwarders:
|
|
parser.error("You cannot specify a --forwarder option together with --no-forwarders")
|
|
elif options.reverse_zones and options.no_reverse:
|
|
parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
|
|
|
|
if options.unattended:
|
|
if not options.forwarders and not options.no_forwarders:
|
|
parser.error("You must specify at least one --forwarder option or --no-forwarders option")
|
|
|
|
if options.kasp_db_file and not ipautil.file_exists(options.kasp_db_file):
|
|
parser.error("File %s does not exist" % options.kasp_db_file)
|
|
|
|
if options.dm_password:
|
|
print ("WARNING: Option -p/--ds-password is deprecated "
|
|
"and should not be used anymore.")
|
|
return safe_options, options
|
|
|
|
def main():
|
|
safe_options, options = parse_options()
|
|
|
|
if os.getegid() != 0:
|
|
sys.exit("Must be root to setup server")
|
|
|
|
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
|
|
print "\nThe log file for this installation can be found in %s" % log_file_name
|
|
|
|
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
|
|
root_logger.debug("missing options might be asked for interactively later\n")
|
|
root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
|
|
|
|
installutils.check_server_configuration()
|
|
|
|
# Initialize the ipalib api
|
|
cfg = dict(
|
|
in_server=True,
|
|
debug=options.debug,
|
|
)
|
|
api.bootstrap(**cfg)
|
|
api.finalize()
|
|
|
|
api.Backend.ldap2.connect(autobind=True)
|
|
|
|
options.setup_ca = False
|
|
|
|
dns_installer.install_check(True, False, options, hostname=api.env.host)
|
|
dns_installer.install(True, False, options)
|
|
|
|
# Restart http instance to make sure that python-dns has the right resolver
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=800368
|
|
fstore = sysrestore.FileStore(paths.SYSRESTORE)
|
|
http = httpinstance.HTTPInstance(fstore)
|
|
service.print_msg("Restarting the web server")
|
|
http.restart()
|
|
|
|
return 0
|
|
|
|
if __name__ == '__main__':
|
|
installutils.run_script(main, log_file_name=log_file_name,
|
|
operation_name='ipa-dns-install')
|