The updated patch addresses all the mentioned issues.

Also enables systemd's specific domainname service instead of relying
ypbind being present on the system.

Please note that nisdomainname is not configured on boot time at the
moment. The following bug is the cause:

https://bugzilla.redhat.com/show_bug.cgi?id=1071951

On 11/14/2013 12:54 PM, Ana Krivokapic wrote:
> On 09/26/2013 10:28 AM, Tomas Babej wrote:
>> +    if options.no_nisdomain and not options.nisdomain:
> This should be `if options.no_nisdomain and options.nisdomain:`.
>> +        parser.error("--no-nisdomain cannot be used together with 
>> --nisdomain")
>
> Shouldn't we also revert the nisdomain authconfig setting on client uninstall?
>

-- 
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 

>From 3b66934f1dd3167dc56ffa8b4a750a0912a89642 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 25 Sep 2013 13:45:45 +0200
Subject: [PATCH] ipa-client: Set NIS domain name in the installer

Provides two new options for the ipa-client-install:
    --nisdomain: specifies the NIS domain name
    --no_nisdomain: flag to aviod setting the NIS domain name

In case no --nisdomain is specified and --no_nisdomain flag was
not set, the IPA domain is used.

Manual pages updated.

http://fedorahosted.org/freeipa/ticket/3202
---
 ipa-client/ipa-install/ipa-client-install | 65 +++++++++++++++++++++++++++++++
 ipa-client/man/ipa-client-install.1       |  6 +++
 ipapython/platform/base/__init__.py       |  3 +-
 ipapython/platform/fedora16/service.py    |  2 +
 4 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 7cc0c33973fb9bd2113b33da7cb1d450b66a49dd..03679c10d09c64a284e3950a1808887ec52ae5ea 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -126,6 +126,11 @@ def parse_options():
     basic_group.add_option("", "--force-ntpd", dest="force_ntpd",
                       action="store_true", default=False,
                       help="Stop and disable any time&date synchronization services besides ntpd")
+    basic_group.add_option("--nisdomain", dest="nisdomain",
+                           help="NIS domain name")
+    basic_group.add_option("--no-nisdomain", action="store_true", default=False,
+                      help="do not configure NIS domain name",
+                      dest="no_nisdomain")
     basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true",
                       help="configure OpenSSH client to trust DNS SSHFP records")
     basic_group.add_option("--no-ssh", dest="conf_ssh", default=True, action="store_false",
@@ -195,6 +200,9 @@ def parse_options():
     if options.firefox_dir and not options.configure_firefox:
         parser.error("--firefox-dir cannot be used without --configure-firefox option")
 
+    if options.no_nisdomain and options.nisdomain:
+        parser.error("--no-nisdomain cannot be used together with --nisdomain")
+
     return safe_opts, options
 
 def logging_setup(options):
@@ -595,6 +603,7 @@ def uninstall(options, env):
         fstore.restore_all_files()
 
     ipautil.restore_hostname(statestore)
+    unconfigure_nisdomain()
 
     nscd = ipaservices.knownservices.nscd
     nslcd = ipaservices.knownservices.nslcd
@@ -1351,6 +1360,59 @@ def configure_automount(options):
         root_logger.info(stdout)
 
 
+def configure_nisdomain(options, domain):
+    domain = options.nisdomain or domain
+    root_logger.info('Configuring %s as NIS domain.' % domain)
+
+    nis_domain_name = ''
+
+    # First backup the old NIS domain name
+    if os.path.exists('/usr/bin/nisdomainname'):
+        try:
+            nis_domain_name, _, _ = ipautil.run(['/usr/bin/nisdomainname'])
+        except CalledProcessError, e:
+            pass
+
+    statestore.backup_state('network', 'nisdomain', nis_domain_name)
+
+    # Backup the state of the domainname service
+    statestore.backup_state("domainname", "enabled",
+                            ipaservices.knownservices.domainname.is_enabled())
+
+    # Set the new NIS domain name
+    set_nisdomain(domain)
+
+    # Enable and start the domainname service
+    ipaservices.knownservices.domainname.enable()
+    ipaservices.knownservices.domainname.start()
+
+
+def unconfigure_nisdomain():
+    # Set the nisdomain permanent and current nisdomain configuration as it was
+    if statestore.has_state('network'):
+        old_nisdomain = statestore.restore_state('network','nisdomain') or ''
+
+        if old_nisdomain:
+            root_logger.info('Restoring %s as NIS domain.' % old_nisdomain)
+        else:
+            root_logger.info('Unconfiguring the NIS domain.')
+
+        set_nisdomain(old_nisdomain)
+
+    # Restore the configuration of the domainname service
+    enabled = statestore.restore_state('domainname', 'enabled')
+    if not enabled:
+        ipaservices.knownservices.domainname.disable()
+
+
+def set_nisdomain(nisdomain):
+    # Let authconfig setup the permanent configuration
+    auth_config = ipaservices.authconfig()
+    auth_config.add_parameter("nisdomain", nisdomain)
+    auth_config.add_option("update")
+    auth_config.execute()
+
+
 def resolve_ipaddress(server):
     """ Connect to the server's LDAP port in order to determine what ip
         address this machine uses as "public" ip (relative to the server).
@@ -2693,6 +2755,9 @@ def install(options, env, fstore, statestore):
     if options.configure_firefox:
         configure_firefox(options, statestore, cli_domain)
 
+    if not options.no_nisdomain:
+        configure_nisdomain(options=options, domain=cli_domain)
+
     root_logger.info('Client configuration complete.')
 
     return 0
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 51a276202ac28b630d928e70dd658fad929b8d2b..a7acf58e532d4d39abd6db0bd5c38a74a708ee3e 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -122,6 +122,12 @@ Do not configure or enable NTP.
 \fB\-\-force\-ntpd\fR
 Stop and disable any time&date synchronization services besides ntpd.
 .TP
+\fB\-\-nisdomain\fR=\fINIS_DOMAIN\fR
+Set the NIS domain name as specified. By default, this is set to the IPA domain name.
+.TP
+\fB\-\-no\-nisdomain\fR
+Do not configure NIS domain name.
+.TP
 \fB\-\-ssh\-trust\-dns\fR
 Configure OpenSSH client to trust DNS SSHFP records.
 .TP
diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py
index c1b076b2cb0c4c365447377725e55966650ce116..f988c7127b0395f962faeb3fd16b853c4df62016 100644
--- a/ipapython/platform/base/__init__.py
+++ b/ipapython/platform/base/__init__.py
@@ -27,7 +27,8 @@ import os
 wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc',
                      'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap',
                      'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd',
-                     'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd']
+                     'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd',
+                     'domainname']
 
 # System may support more time&date services. FreeIPA supports ntpd only, other
 # services will be disabled during IPA installation
diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index edf2d7ff824399171f59a72a9b8fb49b1c4b08df..41c241ae5c31df56544b5b2bebd71c5ef109dd6e 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -54,6 +54,8 @@ system_units['pki_cad'] = system_units['pki-cad']
 system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service'
 system_units['pki_tomcatd'] = system_units['pki-tomcatd']
 system_units['ipa-otpd'] = 'ipa-otpd.socket'
+# Service that sets domainname on Fedora is called fedora-domainname.service
+system_units['domainname'] = 'fedora-domainname.service'
 
 class Fedora16Service(systemd.SystemdService):
     def __init__(self, service_name):
-- 
1.8.5.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to