On Thu, 2010-01-21 at 17:37 -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Martin Nagy wrote:
> >> Hi,
> >> with these patches, the user will be able to install DNS additionally,
> >> after ipa-server-install. No --uninstall yet, however. I do have it in
> >> my tree, but it causes a lot of problems. Hopefully, I'll manage to
> >> solve them later. Thanks.
> >>
> >> Martin
> >>
> > 
> > Nack, it isn't working for me:
> > 
> > # ipa-dns-install
> > 
> > The log file for this installation can be found in 
> > /var/log/ipaserver-install.log
> > ==============================================================================
> >  
> > 
> > This program will setup DNS for the FreeIPA Server.
> > 
> > This includes:
> >   * Configure DNS (bind)
> > 
> > To accept the default shown in brackets, press the Enter key.
> > 
> > Existing BIND configuration detected, overwrite? [no]: y
> > Enter IP address for a DNS forwarder (empty to stop):
> > No DNS forwarders configured
> > Directory Manager password:
> > 
> > The following operations may take some minutes to complete.
> > Please wait until the prompt is returned.
> > 
> > Unexpected error - see ipaserver-install.log for details:
> >  {'info': 'Unauthenticated binds are not allowed', 'desc': 'Server is 
> > unwilling to perform'}
> > 
> > There is nothing in the install log, 389 access log had:
> > 
> > [21/Jan/2010:16:50:37 -0500] conn=22 fd=70 slot=70 connection from 
> > localhost to localhost
> > [21/Jan/2010:16:50:37 -0500] conn=22 op=0 BIND dn="cn=Directory Manager" 
> > method=128 version=3
> > [21/Jan/2010:16:50:37 -0500] conn=22 op=0 RESULT err=53 tag=97 
> > nentries=0 etime=0
> > [21/Jan/2010:16:50:37 -0500] conn=22 op=1 UNBIND
> > [21/Jan/2010:16:50:37 -0500] conn=22 op=1 fd=70 closed - U1
> > 
> > It also throws an exception if you press ^C at the prompts.
> > 
> > rob
> 
> I had a discussion with Martin in irc about this. The patch actually 
> does work it just doesn't handle the case where you don't get a DM 
> password. I'm still nacking this particular patch due to this but the 
> first two patches are fine, so ack for those and I'm pushing them to master.
> 
> rob

New patch with fixed script.

Martin
>From 349ed77f172f006c363e01f21bd5af7834f595c1 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Mon, 23 Nov 2009 09:26:50 +0100
Subject: [PATCH] Add ipa-dns-install script

Unfortunately, for now there is no --uninstall option.
---
 install/tools/Makefile.am     |    1 +
 install/tools/ipa-dns-install |  184 +++++++++++++++++++++++++++++++++++++++++
 ipa.spec.in                   |    1 +
 3 files changed, 186 insertions(+), 0 deletions(-)
 create mode 100755 install/tools/ipa-dns-install

diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am
index 3af13dc..6c83868 100644
--- a/install/tools/Makefile.am
+++ b/install/tools/Makefile.am
@@ -5,6 +5,7 @@ SUBDIRS = 			\
         $(NULL)
 
 sbin_SCRIPTS =			\
+	ipa-dns-install		\
 	ipa-server-install	\
 	ipa-replica-install	\
 	ipa-replica-prepare	\
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
new file mode 100755
index 0000000..0656794
--- /dev/null
+++ b/install/tools/ipa-dns-install
@@ -0,0 +1,184 @@
+#! /usr/bin/python -E
+# Authors: Martin Nagy <mn...@redhat.com>
+# Based on ipa-server-install by Karl MacMillan <kmacmil...@mentalrootkit.com>
+#
+# Copyright (C) 2007 - 2009  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from optparse import OptionParser
+import traceback
+
+from ipaserver import ipaldap
+from ipaserver.install import bindinstance, ntpinstance
+from ipaserver.install.installutils import *
+from ipapython import version
+from ipapython import ipautil, sysrestore
+from ipalib import api, util
+import ldap
+
+def parse_options():
+    parser = OptionParser(version=version.VERSION)
+    parser.add_option("-p", "--ds-password", dest="dm_password",
+                      help="admin password")
+    parser.add_option("-d", "--debug", dest="debug", action="store_true",
+                      default=False, help="print debugging information")
+    parser.add_option("--ip-address", dest="ip_address", help="Master Server IP Address")
+    parser.add_option("--forwarder", dest="forwarders", action="append",
+                      help="Add a DNS forwarder")
+    parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+                      default=False, help="Do not add any DNS forwarders, use root servers instead")
+    parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
+                      default=False, help="unattended installation never prompts the user")
+
+    options, args = parser.parse_args()
+
+    if options.forwarders and options.no_forwarders:
+        parser.error("You cannot specify a --forwarder option together with --no-forwarders")
+
+    if options.unattended:
+        if not options.dm_password:
+            parser.error("In unattended mode you need to provide at least the -p option")
+        if not options.forwarders and not options.no_forwarders:
+            parser.error("You must specify at least one --forwarder option or --no-forwarders option")
+
+    return options
+
+def resolve_host(host_name):
+    ip = None
+    try:
+        ip = socket.gethostbyname(host_name)
+
+        if ip == "127.0.0.1" or ip == "::1":
+            print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+            print "Please change your /etc/hosts file so that the hostname"
+            print "resolves to the ip address of your network interface."
+            print ""
+            print "Please fix your /etc/hosts file and restart the setup program"
+            return None
+
+    except:
+        print "Unable to lookup the IP address of the provided host"
+    return ip
+
+def main():
+    options = parse_options()
+
+    if os.getegid() != 0:
+        print "Must be root to setup server"
+        return 1
+
+    standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
+    print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
+
+    global fstore
+    fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+
+    print "=============================================================================="
+    print "This program will setup DNS for the FreeIPA Server."
+    print ""
+    print "This includes:"
+    print "  * Configure DNS (bind)"
+    print ""
+    print "To accept the default shown in brackets, press the Enter key."
+    print ""
+
+    # Check bind packages are installed
+    if not bindinstance.check_inst(options.unattended):
+        print "Aborting installation"
+        return 1
+
+    # Initialize the ipalib api
+    cfg = dict(
+        in_server=True,
+        debug=options.debug,
+    )
+    api.bootstrap(**cfg)
+    api.finalize()
+
+    # Check we have a public IP that is associated with the hostname
+    if options.ip_address:
+        ip_address = options.ip_address
+    else:
+        ip_address = resolve_host(api.env.host)
+    if not ip_address or not verify_ip_address(ip_address):
+        if options.unattended:
+            print "Unable to resolve IP address for host name"
+            return 1
+        else:
+            ip_address = read_ip_address(api.env.host, fstore)
+
+    if options.no_forwarders:
+        dns_forwarders = ()
+    elif options.forwarders:
+        dns_forwarders = options.forwarders
+    else:
+        dns_forwarders = read_dns_forwarders()
+
+    if not options.dm_password:
+        dm_password = read_password("Directory Manager", confirm=False, validate=False)
+    else:
+        dm_password = options.dm_password
+
+    # Try out the password
+    try:
+        conn = ipaldap.IPAdmin(api.env.host)
+        conn.do_simple_bind(bindpw=dm_password)
+        conn.unbind()
+    except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e:
+        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
+    except ldap.INVALID_CREDENTIALS, e :
+        sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
+
+    conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
+
+    if not options.unattended:
+        print ""
+        print "The following operations may take some minutes to complete."
+        print "Please wait until the prompt is returned."
+        print ""
+
+    # Create a BIND instance
+    bind = bindinstance.BindInstance(fstore, dm_password)
+    bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp)
+    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
+    bind.create_instance()
+
+    print "=============================================================================="
+    print "Setup complete"
+    print ""
+    print "\tYou must make sure these network ports are open:"
+    print "\t\tTCP Ports:"
+    print "\t\t  * 53: bind"
+    print "\t\tUDP Ports:"
+    print "\t\t  * 53: bind"
+
+    return 0
+
+try:
+    sys.exit(main())
+except SystemExit, e:
+    sys.exit(e)
+except KeyboardInterrupt:
+    print "Installation cancelled."
+except Exception, e:
+    message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
+    print message
+    message = str(e)
+    for str in traceback.format_tb(sys.exc_info()[2]):
+        message = message + "\n" + str
+    logging.debug(message)
+    sys.exit(1)
diff --git a/ipa.spec.in b/ipa.spec.in
index 5071e5a..c264de1 100644
--- a/ipa.spec.in
+++ b/ipa.spec.in
@@ -366,6 +366,7 @@ fi
 %files server
 %doc LICENSE README
 %defattr(-,root,root,-)
+%{_sbindir}/ipa-dns-install
 %{_sbindir}/ipa-server-install
 %{_sbindir}/ipa-replica-install
 %{_sbindir}/ipa-replica-prepare
-- 
1.6.2.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to