Hi,
with these patches, the user will be able to install DNS additionally,
after ipa-server-install. No --uninstall yet, however. I do have it in
my tree, but it causes a lot of problems. Hopefully, I'll manage to
solve them later. Thanks.

Martin
>From df4114d4123715e8ed20aa744551d25a98168926 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Mon, 23 Nov 2009 09:18:25 +0100
Subject: [PATCH 1/9] Allow a custom file mode when setting up debugging

This will be handy in the future if we will want to install or uninstall
only single IPA components and want to append to the installation logs.
This will be used by the upcoming ipa-dns-install script.
---
 ipaserver/install/installutils.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index a41176c..501d0e8 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -145,14 +145,14 @@ def port_available(port):
 
     return rv
 
-def standard_logging_setup(log_filename, debug=False):
+def standard_logging_setup(log_filename, debug=False, filemode='w'):
     old_umask = os.umask(077)
     # Always log everything (i.e., DEBUG) to the log
     # file.
     logging.basicConfig(level=logging.DEBUG,
                         format='%(asctime)s %(levelname)s %(message)s',
                         filename=log_filename,
-                        filemode='w')
+                        filemode=filemode)
     os.umask(old_umask)
 
     console = logging.StreamHandler()
-- 
1.6.2.5

>From 61a84e72b3258a6f8c90db5cc087cd72afd55968 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Mon, 23 Nov 2009 09:15:35 +0100
Subject: [PATCH 2/9] Move some functions from ipa-server-install into installutils

We will need these functions in the new upcoming ipa-dns-install
command.
---
 install/tools/ipa-server-install  |   55 +------------------------------------
 ipaserver/install/installutils.py |   53 +++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 27acb8b..f70209b 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -264,59 +264,6 @@ def resolve_host(host_name):
         print "Unable to lookup the IP address of the provided host"
     return ip
 
-def verify_ip_address(ip):
-    is_ok = True
-    try:
-        socket.inet_pton(socket.AF_INET, ip)
-    except:
-        try:
-            socket.inet_pton(socket.AF_INET6, ip)
-        except:
-            print "Unable to verify IP address"
-            is_ok = False
-    return is_ok
-
-def read_ip_address(host_name):
-    while True:
-        ip = user_input("Please provide the IP address to be used for this host name", allow_empty = False)
-
-        if ip == "127.0.0.1" or ip == "::1":
-            print "The IPA Server can't use localhost as a valid IP"
-            continue
-
-        if not verify_ip_address(ip):
-            continue
-
-        print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file"
-        fstore.backup_file("/etc/hosts")
-        hosts_fd = open('/etc/hosts', 'r+')
-        hosts_fd.seek(0, 2)
-        hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
-        hosts_fd.close()
-
-        return ip
-
-def read_dns_forwarders():
-    addrs = []
-    while True:
-        ip = user_input("Enter IP address for a DNS forwarder (empty to stop)", allow_empty=True)
-
-        if not ip:
-            break
-        if ip == "127.0.0.1" or ip == "::1":
-            print "You cannot use localhost as a DNS forwarder"
-            continue
-        if not verify_ip_address(ip):
-            continue
-
-        print "DNS forwarder %s added" % ip
-        addrs.append(ip)
-
-    if not addrs:
-        print "No DNS forwarders configured"
-
-    return addrs
-
 def read_ds_user():
     print "The server must run as a specific user in a specific group."
     print "It is strongly recommended that this user should have no privileges"
@@ -612,7 +559,7 @@ def main():
             return 1
 
     if not ip:
-        ip = read_ip_address(host_name)
+        ip = read_ip_address(host_name, fstore)
     ip_address = ip
 
     print "The IPA Master Server will be configured with"
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 501d0e8..6365fe8 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -117,6 +117,59 @@ def verify_fqdn(host_name,no_host_dns=False):
     if forward != reverse:
         raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (forward, reverse))
 
+def verify_ip_address(ip):
+    is_ok = True
+    try:
+        socket.inet_pton(socket.AF_INET, ip)
+    except:
+        try:
+            socket.inet_pton(socket.AF_INET6, ip)
+        except:
+            print "Unable to verify IP address"
+            is_ok = False
+    return is_ok
+
+def read_ip_address(host_name, fstore):
+    while True:
+        ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = False)
+
+        if ip == "127.0.0.1" or ip == "::1":
+            print "The IPA Server can't use localhost as a valid IP"
+            continue
+
+        if verify_ip_address(ip):
+            break
+
+    print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file"
+    fstore.backup_file("/etc/hosts")
+    hosts_fd = open('/etc/hosts', 'r+')
+    hosts_fd.seek(0, 2)
+    hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
+    hosts_fd.close()
+
+    return ip
+
+def read_dns_forwarders():
+    addrs = []
+    while True:
+        ip = ipautil.user_input("Enter IP address for a DNS forwarder (empty to stop)", allow_empty=True)
+
+        if not ip:
+            break
+        if ip == "127.0.0.1" or ip == "::1":
+            print "You cannot use localhost as a DNS forwarder"
+            continue
+        if not verify_ip_address(ip):
+            continue
+
+        print "DNS forwarder %s added" % ip
+        addrs.append(ip)
+
+    if not addrs:
+        print "No DNS forwarders configured"
+
+    return addrs
+
 def port_available(port):
     """Try to bind to a port on the wildcard host
        Return 1 if the port is available
-- 
1.6.2.5

>From 8cd2f2d6a65019c35ae50777f206387ee039b196 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Mon, 23 Nov 2009 09:26:50 +0100
Subject: [PATCH 3/9] Add ipa-dns-install script

Unfortunately, for now there is no --uninstall option.
---
 install/tools/Makefile.am     |    1 +
 install/tools/ipa-dns-install |  171 +++++++++++++++++++++++++++++++++++++++++
 ipa.spec.in                   |    1 +
 3 files changed, 173 insertions(+), 0 deletions(-)
 create mode 100755 install/tools/ipa-dns-install

diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am
index 3af13dc..6c83868 100644
--- a/install/tools/Makefile.am
+++ b/install/tools/Makefile.am
@@ -5,6 +5,7 @@ SUBDIRS = 			\
         $(NULL)
 
 sbin_SCRIPTS =			\
+	ipa-dns-install		\
 	ipa-server-install	\
 	ipa-replica-install	\
 	ipa-replica-prepare	\
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
new file mode 100755
index 0000000..a8f2ab6
--- /dev/null
+++ b/install/tools/ipa-dns-install
@@ -0,0 +1,171 @@
+#! /usr/bin/python -E
+# Authors: Martin Nagy <mn...@redhat.com>
+# Based on ipa-server-install by Karl MacMillan <kmacmil...@mentalrootkit.com>
+#
+# Copyright (C) 2007 - 2009  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from optparse import OptionParser
+import traceback
+
+from ipaserver.install import bindinstance, ntpinstance
+from ipaserver.install.installutils import *
+from ipapython import version
+from ipapython import ipautil, sysrestore
+from ipalib import api, util
+
+def parse_options():
+    parser = OptionParser(version=version.VERSION)
+    parser.add_option("-p", "--ds-password", dest="dm_password",
+                      help="admin password")
+    parser.add_option("-d", "--debug", dest="debug", action="store_true",
+                      default=False, help="print debugging information")
+    parser.add_option("--ip-address", dest="ip_address", help="Master Server IP Address")
+    parser.add_option("--forwarder", dest="forwarders", action="append",
+                      help="Add a DNS forwarder")
+    parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+                      default=False, help="Do not add any DNS forwarders, use root servers instead")
+    parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
+                      default=False, help="unattended installation never prompts the user")
+
+    options, args = parser.parse_args()
+
+    if options.forwarders and options.no_forwarders:
+        parser.error("You cannot specify a --forwarder option together with --no-forwarders")
+
+    if options.unattended:
+        if not options.dm_password:
+            parser.error("In unattended mode you need to provide at least the -p option")
+        if not options.forwarders and not options.no_forwarders:
+            parser.error("You must specify at least one --forwarder option or --no-forwarders option")
+
+    return options
+
+def resolve_host(host_name):
+    ip = None
+    try:
+        ip = socket.gethostbyname(host_name)
+
+        if ip == "127.0.0.1" or ip == "::1":
+            print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+            print "Please change your /etc/hosts file so that the hostname"
+            print "resolves to the ip address of your network interface."
+            print ""
+            print "Please fix your /etc/hosts file and restart the setup program"
+            return None
+
+    except:
+        print "Unable to lookup the IP address of the provided host"
+    return ip
+
+def main():
+    options = parse_options()
+
+    if os.getegid() != 0:
+        print "Must be root to setup server"
+        return 1
+
+    standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
+    print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
+
+    global fstore
+    fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+
+    print "=============================================================================="
+    print "This program will setup DNS for the FreeIPA Server."
+    print ""
+    print "This includes:"
+    print "  * Configure DNS (bind)"
+    print ""
+    print "To accept the default shown in brackets, press the Enter key."
+    print ""
+
+    # Check bind packages are installed
+    if not bindinstance.check_inst(options.unattended):
+        print "Aborting installation"
+        return 1
+
+    # Initialize the ipalib api
+    cfg = dict(
+        in_server=True,
+        debug=options.debug,
+    )
+    api.bootstrap(**cfg)
+    api.finalize()
+
+    # Check we have a public IP that is associated with the hostname
+    if options.ip_address:
+        ip_address = options.ip_address
+    else:
+        ip_address = resolve_host(api.env.host)
+    if not ip_address or not verify_ip_address(ip_address):
+        if options.unattended:
+            print "Unable to resolve IP address for host name"
+            return 1
+        else:
+            ip_address = read_ip_address(api.env.host, fstore)
+
+    if options.no_forwarders:
+        dns_forwarders = ()
+    elif options.forwarders:
+        dns_forwarders = options.forwarders
+    else:
+        dns_forwarders = read_dns_forwarders()
+
+    if not options.dm_password:
+        dm_password = get_password("Directory Manager password: ")
+    else:
+        dm_password = options.dm_password
+
+    conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
+
+    if not options.unattended:
+        print ""
+        print "The following operations may take some minutes to complete."
+        print "Please wait until the prompt is returned."
+        print ""
+
+    # Create a BIND instance
+    bind = bindinstance.BindInstance(fstore, dm_password)
+    bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp)
+    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
+    bind.create_instance()
+
+    print "=============================================================================="
+    print "Setup complete"
+    print ""
+    print "\tYou must make sure these network ports are open:"
+    print "\t\tTCP Ports:"
+    print "\t\t  * 53: bind"
+    print "\t\tUDP Ports:"
+    print "\t\t  * 53: bind"
+
+    return 0
+
+try:
+    try:
+        sys.exit(main())
+    except SystemExit, e:
+        sys.exit(e)
+except Exception, e:
+    message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
+    print message
+    message = str(e)
+    for str in traceback.format_tb(sys.exc_info()[2]):
+        message = message + "\n" + str
+    logging.debug(message)
+    sys.exit(1)
diff --git a/ipa.spec.in b/ipa.spec.in
index 6b5e655..412d235 100644
--- a/ipa.spec.in
+++ b/ipa.spec.in
@@ -364,6 +364,7 @@ fi
 %files server
 %doc LICENSE README
 %defattr(-,root,root,-)
+%{_sbindir}/ipa-dns-install
 %{_sbindir}/ipa-server-install
 %{_sbindir}/ipa-replica-install
 %{_sbindir}/ipa-replica-prepare
-- 
1.6.2.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to