Hi,
these patches will allow one to specify an ip address of the replica to
ipa-replica-prepare. The dns records will then be added. This should
make life better for QA :)

Martin
>From 05c6e118b748839012a7e8bc0613367d8d27d7a8 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Mon, 23 Nov 2009 11:08:03 +0100
Subject: [PATCH 1/2] Get rid of ipapython.config in ipa-replica-prepare

Also get rid of functions get_host_name(), get_realm_name() and
get_domain_name(). They used the old ipapython.config. Instead, use the
variables from api.env. We also change them to bootstrap() and
finalize() correctly.
---
 install/tools/ipa-replica-install |   30 ++++++--------
 install/tools/ipa-replica-prepare |   78 ++++++++-----------------------------
 2 files changed, 30 insertions(+), 78 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 349d518..cbdd08d 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -310,12 +310,21 @@ def main():
     except ldap.INVALID_CREDENTIALS, e :
         sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
 
+    # Create the management framework config file
+    # Note: We must do this before bootstraping and finalizing ipalib.api
+    fd = open("/etc/ipa/default.conf", "w")
+    fd.write("[global]\n")
+    fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
+    fd.write("realm=" + config.realm_name + "\n")
+    fd.write("domain=" + config.domain_name + "\n")
+    fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name)
+    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
     if ipautil.file_exists(config.dir + "/ca.p12"):
-        ca_type = 'dogtag'
-    else:
-        ca_type = 'selfsign'
+        fd.write("enable_ra=True\n")
+        fd.write("ra_plugin=dogtag\n")
+    fd.close()
 
-    api.bootstrap(in_server=True, ra_plugin=ca_type)
+    api.bootstrap(in_server=True)
     api.finalize()
 
     # Install CA cert so that we can do SSL connections with ldap
@@ -352,19 +361,6 @@ def main():
     # generated
     ds.add_cert_to_service()
 
-    # Create the management framework config file
-    fd = open("/etc/ipa/default.conf", "w")
-    fd.write("[global]\n")
-    fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
-    fd.write("realm=" + config.realm_name + "\n")
-    fd.write("domain=" + config.domain_name + "\n")
-    fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name)
-    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
-    if ipautil.file_exists(config.dir + "/ca.p12"):
-        fd.write("enable_ra=True\n")
-        fd.write("ra_plugin=dogtag\n")
-    fd.close()
-
     # Apply any LDAP updates. Needs to be done after the replica is synced-up
     service.print_msg("Applying LDAP updates")
     ds.apply_updates()
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index bc86a41..175ac62 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -26,12 +26,10 @@ from ConfigParser import SafeConfigParser
 import krbV
 from optparse import OptionParser
 
-import ipapython.config
 from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, certs, httpinstance
 from ipaserver import ipaldap
 from ipapython import version
-from ipalib.constants import DEFAULT_CONFIG
 from ipalib import api
 import ldap
 
@@ -50,7 +48,6 @@ def parse_options():
     parser.add_option("-p", "--password", dest="password", 
                       help="Directory Manager (existing master) password")
 
-    ipapython.config.add_standard_options(parser)
     options, args = parser.parse_args()
 
     # If any of the PKCS#12 options are selected, all are required. Create a
@@ -64,36 +61,8 @@ def parse_options():
     if len(args) != 1:
         parser.error("must provide the fully-qualified name of the replica")
 
-    ipapython.config.init_config(options)
-
     return options, args
 
-def get_host_name():
-    hostname = installutils.get_fqdn()
-    try:
-        installutils.verify_fqdn(hostname)
-    except RuntimeError, e:
-        logging.error(str(e))
-        sys.exit(1)
-
-    return hostname
-
-def get_realm_name():
-    try:
-        c = krbV.default_context()
-        return c.default_realm
-    except Exception, e:
-        return None
-
-def get_domain_name():
-    try:
-        ipapython.config.init_config()
-        domain_name = ipapython.config.config.get_domain()
-    except Exception, e:
-        return None
-
-    return domain_name
-
 def check_ipa_configuration(realm_name):
     config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
     if not ipautil.dir_exists(config_dir):
@@ -119,8 +88,8 @@ def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname):
 #            ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)))
 #            db.create_from_cacert(ca_db.cacert_fname)
 #        else:
-#            ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name())
-        ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name())
+#            ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host)
+        ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host)
         db.create_from_cacert(ca_db.cacert_fname)
         db.create_server_cert("Server-Cert", hostname, ca_db)
     except Exception, e:
@@ -158,7 +127,7 @@ def export_ra_pkcs12(dir, dm_password):
 
     try:
         try:
-            db = certs.CertDB(httpinstance.NSS_DIR, host_name=get_host_name())
+            db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host)
 
             if db.has_nickname("ipaCert"):
                 pkcs12_fname = "%s/ra.p12" % dir
@@ -216,31 +185,18 @@ def main():
 
     # Just initialize the environment. This is so the installer can have
     # access to the plugin environment
-    api.env._bootstrap()
-    api.env._finalize_core(**dict(DEFAULT_CONFIG))
+    api.bootstrap(in_server=True)
+    api.finalize()
 
     if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin:
         sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
 
-    print "Determining current realm name"
-    realm_name = get_realm_name()
-    if realm_name is None:
-        print "Unable to determine default realm"
-        sys.exit(1)
-
-    check_ipa_configuration(realm_name)
-
-    print "Getting domain name from LDAP"
-    domain_name = get_domain_name()
-    if domain_name is None:
-        print "Unable to determine LDAP default domain"
-        sys.exit(1)
+    check_ipa_configuration(api.env.realm)
 
-    host_name = get_host_name()
-    if host_name == replica_fqdn:
+    if api.env.host == replica_fqdn:
         print "You can't create a replica on itself"
         sys.exit(1)
-    ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
+    ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm))
     ds_user = get_ds_user(ds_dir)
 
     # get the directory manager password
@@ -253,17 +209,17 @@ def main():
 
     # Try out the password
     try:
-        conn = ipaldap.IPAdmin(host_name)
+        conn = ipaldap.IPAdmin(api.env.host)
         conn.do_simple_bind(bindpw=dirman_password)
         conn.unbind()
     except ldap.CONNECT_ERROR, e:
-        sys.exit("\nUnable to connect to LDAP server %s" % host_name)
+        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
     except ldap.SERVER_DOWN, e:
-        sys.exit("\nUnable to connect to LDAP server %s" % host_name)
+        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
     except ldap.INVALID_CREDENTIALS, e :
-        sys.exit("\nThe password provided is incorrect for LDAP server %s" % host_name)
+        sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
 
-    print "Preparing replica for %s from %s" % (replica_fqdn, host_name)
+    print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host)
 
     top_dir = tempfile.mkdtemp("ipa")
     dir = top_dir + "/realm_info"
@@ -298,7 +254,7 @@ def main():
             print "Copy failed %s" %  e
             sys.exit(1)
         print "Creating SSL certificate for the Directory Server"
-        export_certdb(realm_name, ds_dir, dir, passwd_fname, "dscert", replica_fqdn)
+        export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn)
 
     if options.http_pin:
         passwd = options.http_pin
@@ -319,13 +275,13 @@ def main():
             sys.exit(1)
     else:
         print "Creating SSL certificate for the Web Server"
-        export_certdb(realm_name, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn)
+        export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn)
         print "Exporting RA certificate"
         export_ra_pkcs12(dir, dirman_password)
     print "Copying additional files"
-    copy_files(realm_name, dir)
+    copy_files(api.env.realm, dir)
     print "Finalizing configuration"
-    save_config(dir, realm_name, host_name, ds_user, domain_name, replica_fqdn)
+    save_config(dir, api.env.realm, api.env.host, ds_user, api.env.domain, replica_fqdn)
 
     replicafile = "/var/lib/ipa/replica-info-" + replica_fqdn
     encfile = replicafile+".gpg"
-- 
1.6.2.5

>From d97bafd1cd09e4aab569e11b4fcef7258aa0585d Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Mon, 23 Nov 2009 16:16:58 +0100
Subject: [PATCH 2/2] Add A and PTR records during ipa-replica-prepare

Fixes #528996
---
 install/tools/ipa-replica-prepare       |   21 +++++++++++++++++++++
 install/tools/man/ipa-replica-prepare.1 |    3 +++
 2 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 175ac62..32882f1 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -28,6 +28,7 @@ from optparse import OptionParser
 
 from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, certs, httpinstance
+from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr
 from ipaserver import ipaldap
 from ipapython import version
 from ipalib import api
@@ -47,6 +48,8 @@ def parse_options():
                       help="PIN for the Apache Server PKCS#12 file")
     parser.add_option("-p", "--password", dest="password", 
                       help="Directory Manager (existing master) password")
+    parser.add_option("--ip-address", dest="ip_address",
+                      help="Add A and PTR records of the future replica")
 
     options, args = parser.parse_args()
 
@@ -58,6 +61,11 @@ def parse_options():
     if cnt > 0 and cnt < 4:
         parser.error("All PKCS#12 options are required if any are used.")
 
+    if options.ip_address:
+        if not installutils.verify_ip_address(options.ip_address):
+            parser.error("Bad IP address")
+            sys.exit(1)
+
     if len(args) != 1:
         parser.error("must provide the fully-qualified name of the replica")
 
@@ -293,6 +301,19 @@ def main():
     remove_file(replicafile)
     shutil.rmtree(dir)
 
+    if options.ip_address:
+        print "Adding DNS records for %s" % replica_fqdn
+        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dirman_password)
+
+        domain = replica_fqdn.split(".")
+        name = domain.pop(0)
+        domain = ".".join(domain)
+
+        zone = add_zone(domain)
+        add_rr(zone, name, "A", options.ip_address)
+        add_reverze_zone(options.ip_address)
+        add_ptr_rr(options.ip_address, replica_fqdn)
+
 try:
     if not os.geteuid()==0:
         sys.exit("\nYou must be root to run this script.\n")
diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1
index 8eb4944..5c0e0d1 100644
--- a/install/tools/man/ipa-replica-prepare.1
+++ b/install/tools/man/ipa-replica-prepare.1
@@ -42,6 +42,9 @@ The password of the Directory Server PKCS#12 file
 .TP
 \fB\-\-http_pin\fR=\fIHTTP_PIN\fR
 The password of the Apache Server PKCS#12 file
+.TP
+\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
+IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS.
 .SH "EXIT STATUS"
 0 if the command was successful
 
-- 
1.6.2.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to