URL: https://github.com/freeipa/freeipa/pull/550
Author: HonzaCholasta
 Title: #550: install: fix help
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/550/head:pr550
git checkout pr550
From 349f6e08cd69696a1fb63f2e459e192e65f90478 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 7 Mar 2017 13:19:51 +0000
Subject: [PATCH 1/6] server install: remove duplicate -w option

Remove duplicate -w alias of --admin-password in ipa-server-install and
ipa-replica-install.

https://pagure.io/freeipa/issue/6392
---
 ipaserver/install/server/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index 5a079ee..4a0289b 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -118,6 +118,10 @@ class ServerInstallInterface(client.ClientInstallInterface,
     )
     principal = replica_install_only(principal)
 
+    admin_password = extend_knob(
+        client.ClientInstallInterface.admin_password,
+    )
+
     master_password = knob(
         str, None,
         sensitive=True,

From 51de0df7e992f6cfcede70cd5dc72cfa1fdcb600 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 7 Mar 2017 13:20:38 +0000
Subject: [PATCH 2/6] install: add missing space in realm_name description

https://pagure.io/freeipa/issue/6392
---
 ipalib/install/service.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipalib/install/service.py b/ipalib/install/service.py
index 73b8fd8..84539ad 100644
--- a/ipalib/install/service.py
+++ b/ipalib/install/service.py
@@ -122,7 +122,7 @@ def domain_name(self, value):
 
     realm_name = knob(
         str, None,
-        description="Kerberos realm name of the IPA deployment (typically"
+        description="Kerberos realm name of the IPA deployment (typically "
                     "an upper-cased name of the primary DNS domain)",
         cli_names='--realm',
     )

From 866cef758bbaadc6f7e9cac049d76c5412e2240a Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 7 Mar 2017 14:06:11 +0000
Subject: [PATCH 3/6] server install: remove duplicate knob definitions

Remove duplicate definitions of knobs already defined in client install.

https://pagure.io/freeipa/issue/6392
---
 ipaserver/install/server/__init__.py | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index 4a0289b..edb91f3 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -221,30 +221,6 @@ def idmax(self):
     )
     no_ui_redirect = enroll_only(no_ui_redirect)
 
-    ssh_trust_dns = knob(
-        None,
-        description="configure OpenSSH client to trust DNS SSHFP records",
-    )
-    ssh_trust_dns = enroll_only(ssh_trust_dns)
-
-    no_ssh = knob(
-        None,
-        description="do not configure OpenSSH client",
-    )
-    no_ssh = enroll_only(no_ssh)
-
-    no_sshd = knob(
-        None,
-        description="do not configure OpenSSH server",
-    )
-    no_sshd = enroll_only(no_sshd)
-
-    no_dns_sshfp = knob(
-        None,
-        description="Do not automatically create DNS SSHFP records",
-    )
-    no_dns_sshfp = enroll_only(no_dns_sshfp)
-
     dirsrv_config_file = knob(
         str, None,
         description="The path to LDIF file that will be used to modify "

From f842cc155739fb9a83e551ff08709a2ca111a9cd Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 8 Mar 2017 08:01:41 +0000
Subject: [PATCH 4/6] client install: split off SSSD options into a separate
 class

Split off SSSD knob definitions from the ClientInstallInterface class into
a new SSSDInstallInterface class.

https://pagure.io/freeipa/issue/6392
---
 ipaclient/install/client.py | 44 +++-----------------------------------
 ipaclient/install/sssd.py   | 52 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 41 deletions(-)
 create mode 100644 ipaclient/install/sssd.py

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 774eaaf..b251223 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -63,7 +63,7 @@
 )
 from ipapython.ssh import SSHPublicKey
 
-from . import automount, ipadiscovery, ntpconf
+from . import automount, ipadiscovery, ntpconf, sssd
 from .ipachangeconf import IPAChangeConf
 
 NoneType = type(None)
@@ -3356,7 +3356,8 @@ def init(installer):
 
 
 class ClientInstallInterface(hostname_.HostNameInstallInterface,
-                             service.ServiceAdminInstallInterface):
+                             service.ServiceAdminInstallInterface,
+                             sssd.SSSDInstallInterface):
     """
     Interface of the client installer
 
@@ -3367,12 +3368,6 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
     * ipa-replica-install
     """
 
-    fixed_primary = knob(
-        None,
-        description="Configure sssd to use fixed server as primary IPA server",
-    )
-    fixed_primary = enroll_only(fixed_primary)
-
     principal = knob(
         bases=service.ServiceAdminInstallInterface.principal,
         description="principal to use to join the IPA realm",
@@ -3487,32 +3482,6 @@ def kinit_attempts(self, value):
     )
     request_cert = prepare_only(request_cert)
 
-    permit = knob(
-        None,
-        description="disable access rules by default, permit all access.",
-    )
-    permit = enroll_only(permit)
-
-    enable_dns_updates = knob(
-        None,
-        description="Configures the machine to attempt dns updates when the "
-                    "ip address changes.",
-    )
-    enable_dns_updates = enroll_only(enable_dns_updates)
-
-    no_krb5_offline_passwords = knob(
-        None,
-        description="Configure SSSD not to store user password when the "
-                    "server is offline",
-    )
-    no_krb5_offline_passwords = enroll_only(no_krb5_offline_passwords)
-
-    preserve_sssd = knob(
-        None,
-        description="Preserve old SSSD configuration if possible",
-    )
-    preserve_sssd = enroll_only(preserve_sssd)
-
     def __init__(self, **kwargs):
         super(ClientInstallInterface, self).__init__(**kwargs)
 
@@ -3605,13 +3574,6 @@ def prompt_password(self):
                     "example: '/usr/lib/firefox')",
     )
 
-    no_sssd = knob(
-        None,
-        description="Do not configure the client to use SSSD for "
-                    "authentication",
-        cli_names=[None, '-S'],
-    )
-
     def __init__(self, **kwargs):
         super(ClientInstall, self).__init__(**kwargs)
 
diff --git a/ipaclient/install/sssd.py b/ipaclient/install/sssd.py
new file mode 100644
index 0000000..5e163e3
--- /dev/null
+++ b/ipaclient/install/sssd.py
@@ -0,0 +1,52 @@
+#
+# Copyright (C) 2016  FreeIPA Contributors see COPYING for license
+#
+
+from ipalib.install import service
+from ipalib.install.service import enroll_only
+from ipapython.install.core import group, knob
+
+
+@group
+class SSSDInstallInterface(service.ServiceInstallInterface):
+    description = "SSSD"
+
+    fixed_primary = knob(
+        None,
+        description="Configure sssd to use fixed server as primary IPA server",
+    )
+    fixed_primary = enroll_only(fixed_primary)
+
+    permit = knob(
+        None,
+        description="disable access rules by default, permit all access.",
+    )
+    permit = enroll_only(permit)
+
+    enable_dns_updates = knob(
+        None,
+        description="Configures the machine to attempt dns updates when the "
+                    "ip address changes.",
+    )
+    enable_dns_updates = enroll_only(enable_dns_updates)
+
+    no_krb5_offline_passwords = knob(
+        None,
+        description="Configure SSSD not to store user password when the "
+                    "server is offline",
+    )
+    no_krb5_offline_passwords = enroll_only(no_krb5_offline_passwords)
+
+    preserve_sssd = knob(
+        None,
+        description="Preserve old SSSD configuration if possible",
+    )
+    preserve_sssd = enroll_only(preserve_sssd)
+
+    no_sssd = knob(
+        None,
+        description="Do not configure the client to use SSSD for "
+                    "authentication",
+        cli_names=[None, '-S'],
+    )
+    no_sssd = enroll_only(no_sssd)

From 8d15b709fbba442ec28caef3ae0b2f0faa018503 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 8 Mar 2017 08:01:50 +0000
Subject: [PATCH 5/6] install CLI: remove magic option groups

Do not automatically create the "basic options" and "uninstall options"
option groups in the CLI code.

https://pagure.io/freeipa/issue/6392
---
 ipapython/install/cli.py | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/ipapython/install/cli.py b/ipapython/install/cli.py
index 741bf9d..bcee6d7 100644
--- a/ipapython/install/cli.py
+++ b/ipapython/install/cli.py
@@ -136,22 +136,22 @@ def add_options(cls, parser, positional=False):
                 help="unattended (un)installation never prompts the user",
             )
 
-        basic_group = optparse.OptionGroup(parser, "basic options")
-
         groups = collections.OrderedDict()
-        groups[None] = basic_group
+        # if no group is defined, add the option to the parser top level
+        groups[None] = parser
 
         for owner_cls, name in transformed_cls.knobs():
             knob_cls = getattr(owner_cls, name)
             if knob_cls.is_cli_positional() is not positional:
                 continue
 
-            group_cls = owner_cls.group()
+            group_cls = knob_cls.group()
             try:
                 opt_group = groups[group_cls]
             except KeyError:
                 opt_group = groups[group_cls] = optparse.OptionGroup(
-                    parser, "{0} options".format(group_cls.description))
+                        parser, "{0} options".format(group_cls.description))
+                parser.add_option_group(opt_group)
 
             knob_type = knob_cls.type
             if issubclass(knob_type, list):
@@ -237,9 +237,6 @@ def add_options(cls, parser, positional=False):
                     **kwargs
                 )
 
-        for opt_group in groups.values():
-            parser.add_option_group(opt_group)
-
         super(ConfigureTool, cls).add_options(parser,
                                               debug_option=cls.debug_option)
 
@@ -353,8 +350,7 @@ def add_options(cls, parser, positional=False):
         super(InstallTool, cls).add_options(parser, positional)
 
         if cls.uninstall_kwargs is not None:
-            uninstall_group = optparse.OptionGroup(parser, "uninstall options")
-            uninstall_group.add_option(
+            parser.add_option(
                 '--uninstall',
                 dest='uninstall',
                 default=False,
@@ -362,7 +358,6 @@ def add_options(cls, parser, positional=False):
                 help=("uninstall an existing installation. The uninstall can "
                       "be run with --unattended option"),
             )
-            parser.add_option_group(uninstall_group)
 
     @classmethod
     def get_command_class(cls, options, args):

From 8d828385db948a431323bb9990bec81f59c0012b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 8 Mar 2017 08:03:13 +0000
Subject: [PATCH 6/6] install: re-introduce option groups

Re-introduce option groups in ipa-client-install, ipa-server-install and
ipa-replica-install.

https://pagure.io/freeipa/issue/6392
---
 ipaclient/install/automount.py           |   6 +-
 ipaclient/install/client.py              |  17 +-
 ipaclient/install/ipa_client_install.py  |   9 +-
 ipalib/install/service.py                |   4 +-
 ipapython/install/core.py                |  58 ++++++-
 ipaserver/install/adtrust.py             |   6 +-
 ipaserver/install/ca.py                  |  21 +--
 ipaserver/install/dns.py                 |   4 +-
 ipaserver/install/ipa_replica_install.py |  22 +--
 ipaserver/install/ipa_server_install.py  |  20 +--
 ipaserver/install/kra.py                 |   3 +
 ipaserver/install/server/__init__.py     | 277 ++++++++++++++++---------------
 12 files changed, 254 insertions(+), 193 deletions(-)

diff --git a/ipaclient/install/automount.py b/ipaclient/install/automount.py
index bb72045..23e9cfe 100644
--- a/ipaclient/install/automount.py
+++ b/ipaclient/install/automount.py
@@ -8,9 +8,10 @@
 
 from ipalib.install import service
 from ipalib.install.service import enroll_only
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob
 
 
+@group
 class AutomountInstallInterface(service.ServiceInstallInterface):
     """
     Interface of the automount installer
@@ -19,9 +20,10 @@ class AutomountInstallInterface(service.ServiceInstallInterface):
     * ipa-client-install
     * ipa-client-automount
     """
+    description = "Automount"
 
     automount_location = knob(
-        str, 'default',
+        str, None,
         description="Automount location",
     )
     automount_location = enroll_only(automount_location)
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index b251223..1f5ba16 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -50,7 +50,7 @@
 from ipapython.admintool import ScriptError
 from ipapython.dn import DN
 from ipapython.install import typing
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob, extend_knob
 from ipapython.install.common import step
 from ipapython.ipa_log_manager import log_mgr, root_logger
 from ipapython.ipautil import (
@@ -3355,6 +3355,7 @@ def init(installer):
     installer.sssd = not installer.no_sssd
 
 
+@group
 class ClientInstallInterface(hostname_.HostNameInstallInterface,
                              service.ServiceAdminInstallInterface,
                              sssd.SSSDInstallInterface):
@@ -3367,9 +3368,10 @@ class ClientInstallInterface(hostname_.HostNameInstallInterface,
     * ipa-replica-prepare
     * ipa-replica-install
     """
+    description = "Client"
 
-    principal = knob(
-        bases=service.ServiceAdminInstallInterface.principal,
+    principal = extend_knob(
+        service.ServiceAdminInstallInterface.principal,
         description="principal to use to join the IPA realm",
     )
     principal = enroll_only(principal)
@@ -3518,8 +3520,8 @@ class ClientInstall(ClientInstallInterface,
     replica_file = None
     dm_password = None
 
-    ca_cert_files = knob(
-        bases=ClientInstallInterface.ca_cert_files,
+    ca_cert_files = extend_knob(
+        ClientInstallInterface.ca_cert_files,
     )
 
     @ca_cert_files.validator
@@ -3544,11 +3546,6 @@ def ca_cert_files(self, value):
     def prompt_password(self):
         return self.interactive
 
-    automount_location = knob(
-        bases=automount.AutomountInstallInterface.automount_location,
-        default=None,
-    )
-
     no_ac = knob(
         None,
         description="do not modify the nsswitch.conf and PAM configuration",
diff --git a/ipaclient/install/ipa_client_install.py b/ipaclient/install/ipa_client_install.py
index 4ac7cf5..da661e6 100644
--- a/ipaclient/install/ipa_client_install.py
+++ b/ipaclient/install/ipa_client_install.py
@@ -5,16 +5,17 @@
 from ipaclient.install import client
 from ipaplatform.paths import paths
 from ipapython.install import cli
-from ipapython.install.core import knob
+from ipapython.install.core import knob, extend_knob
 
 
 class StandaloneClientInstall(client.ClientInstall):
     no_host_dns = False
     no_wait_for_dns = False
 
-    principal = knob(
-        bases=client.ClientInstall.principal,
-        cli_names=list(client.ClientInstall.principal.cli_names) + ['-p'],
+    principal = client.ClientInstall.principal
+    principal = extend_knob(
+        principal,
+        cli_names=list(principal.cli_names) + ['-p'],
     )
 
     password = knob(
diff --git a/ipalib/install/service.py b/ipalib/install/service.py
index 84539ad..7d1045a 100644
--- a/ipalib/install/service.py
+++ b/ipalib/install/service.py
@@ -8,7 +8,7 @@
 
 from ipalib.util import validate_domain_name
 from ipapython.install import common, core, typing
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob
 
 
 def prepare_only(obj):
@@ -94,12 +94,14 @@ def installs_replica(cls):
     return _does(cls, 'replica_install')
 
 
+@group
 class ServiceInstallInterface(common.Installable,
                               common.Interactive,
                               core.Composite):
     """
     Interface common to all service installers
     """
+    description = "Basic"
 
     domain_name = knob(
         str, None,
diff --git a/ipapython/install/core.py b/ipapython/install/core.py
index 8289b16..1e4c36d 100644
--- a/ipapython/install/core.py
+++ b/ipapython/install/core.py
@@ -11,6 +11,7 @@
 import functools
 import itertools
 import sys
+import types
 
 import six
 
@@ -123,6 +124,10 @@ def validate(self, value):
         pass
 
     @classmethod
+    def group(cls):
+        return cls.__outer_class__.group()
+
+    @classmethod
     def is_cli_positional(cls):
         return all(n is not None and not n.startswith('-')
                    for n in cls.cli_names)
@@ -146,15 +151,16 @@ def validate(self, value):
         return cls
 
 
-def knob(type_=_missing, default=_missing, bases=_missing, sensitive=_missing,
-         deprecated=_missing, description=_missing, cli_names=_missing,
-         cli_deprecated_names=_missing, cli_metavar=_missing):
-    if type_ is None:
-        type_ = NoneType
+def _knob(type=_missing, default=_missing, bases=_missing, _order=_missing,
+          sensitive=_missing, deprecated=_missing, description=_missing,
+          group=_missing, cli_names=_missing, cli_deprecated_names=_missing,
+          cli_metavar=_missing):
+    if type is None:
+        type = NoneType
 
     if bases is _missing:
         bases = (KnobBase,)
-    elif isinstance(bases, type):
+    elif isinstance(bases, types.TypeType):
         bases = (bases,)
 
     if cli_names is None or isinstance(cli_names, str):
@@ -168,17 +174,20 @@ def knob(type_=_missing, default=_missing, bases=_missing, sensitive=_missing,
         cli_deprecated_names = tuple(cli_deprecated_names)
 
     class_dict = {}
-    class_dict['_order'] = next(_counter)
-    if type_ is not _missing:
-        class_dict['type'] = type_
+    if type is not _missing:
+        class_dict['type'] = type
     if default is not _missing:
         class_dict['default'] = default
+    if _order is not _missing:
+        class_dict['_order'] = _order
     if sensitive is not _missing:
         class_dict['sensitive'] = sensitive
     if deprecated is not _missing:
         class_dict['deprecated'] = deprecated
     if description is not _missing:
         class_dict['description'] = description
+    if group is not _missing:
+        class_dict['group'] = group
     if cli_names is not _missing:
         class_dict['cli_names'] = cli_names
     if cli_deprecated_names is not _missing:
@@ -189,6 +198,37 @@ def knob(type_=_missing, default=_missing, bases=_missing, sensitive=_missing,
     return util.InnerClassMeta('Knob', bases, class_dict)
 
 
+def knob(type, default=_missing, **kwargs):
+    """
+    Define a new knob.
+    """
+    return _knob(
+        type, default,
+        _order=next(_counter),
+        **kwargs
+    )
+
+
+def extend_knob(base, default=_missing, bases=_missing, group=_missing,
+                **kwargs):
+    """
+    Extend an existing knob.
+    """
+    if bases is _missing:
+        bases = (base,)
+
+    if group is _missing:
+        group = staticmethod(base.group)
+
+    return _knob(
+        _missing, default,
+        bases=bases,
+        _order=_missing,
+        group=group,
+        **kwargs
+    )
+
+
 class Configurable(six.with_metaclass(abc.ABCMeta, object)):
     """
     Base class of all configurables.
diff --git a/ipaserver/install/adtrust.py b/ipaserver/install/adtrust.py
index b81c27c..b0037e0 100644
--- a/ipaserver/install/adtrust.py
+++ b/ipaserver/install/adtrust.py
@@ -15,11 +15,12 @@
 from ipalib.constants import DOMAIN_LEVEL_0
 from ipalib import errors
 from ipalib.install.service import ServiceAdminInstallInterface
+from ipalib.install.service import replica_install_only
 from ipaplatform.paths import paths
 from ipapython.admintool import ScriptError
 from ipapython import ipaldap, ipautil
 from ipapython.dn import DN
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob
 from ipapython.ipa_log_manager import root_logger
 from ipaserver.install import adtrustinstance
 from ipaserver.install import service
@@ -430,6 +431,7 @@ def install(standalone, options, fstore, api):
         add_new_adtrust_agents(api, options)
 
 
+@group
 class ADTrustInstallInterface(ServiceAdminInstallInterface):
     """
     Interface for the AD trust installer
@@ -439,6 +441,7 @@ class ADTrustInstallInterface(ServiceAdminInstallInterface):
     * ipa-replica-install
     * ipa-adtrust-install
     """
+    description = "AD trust"
 
     # the following knobs are provided on top of those specified for
     # admin credentials
@@ -451,6 +454,7 @@ class ADTrustInstallInterface(ServiceAdminInstallInterface):
         description="Add IPA masters to a list of hosts allowed to "
                     "serve information about users from trusted forests"
     )
+    add_agents = replica_install_only(add_agents)
     enable_compat = knob(
         None,
         description="Enable support for trusted domains for old clients"
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 649c152..db3b744 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -18,7 +18,7 @@
 from ipalib.install.service import enroll_only, master_install_only, replica_install_only
 from ipaserver.install import sysupgrade
 from ipapython.install import typing
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob, extend_knob
 from ipaserver.install import (cainstance,
                                custodiainstance,
                                dsinstance,
@@ -367,6 +367,7 @@ class CASigningAlgorithm(enum.Enum):
     SHA_512_WITH_RSA = 'SHA512withRSA'
 
 
+@group
 class CAInstallInterface(dogtag.DogtagInstallInterface,
                          conncheck.ConnCheckInterface):
     """
@@ -378,22 +379,22 @@ class CAInstallInterface(dogtag.DogtagInstallInterface,
     * ipa-replica-install
     * ipa-ca-install
     """
+    description = "Certificate system"
 
-    principal = knob(
-        bases=conncheck.ConnCheckInterface.principal,
+    principal = conncheck.ConnCheckInterface.principal
+    principal = extend_knob(
+        principal,
         description="User allowed to manage replicas",
-        cli_names=(
-            list(conncheck.ConnCheckInterface.principal.cli_names) + ['-P']),
+        cli_names=list(principal.cli_names) + ['-P'],
     )
     principal = enroll_only(principal)
     principal = replica_install_only(principal)
 
-    admin_password = knob(
-        bases=conncheck.ConnCheckInterface.admin_password,
+    admin_password = conncheck.ConnCheckInterface.admin_password
+    admin_password = extend_knob(
+        admin_password,
         description="Admin user Kerberos password used for connection check",
-        cli_names=(
-            list(conncheck.ConnCheckInterface.admin_password.cli_names) +
-            ['-w']),
+        cli_names=list(admin_password.cli_names) + ['-w'],
     )
     admin_password = enroll_only(admin_password)
 
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index f718309..0dddf2a 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -32,7 +32,7 @@
 from ipapython.dn import DN
 from ipapython.dnsutil import check_zone_overlap
 from ipapython.install import typing
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob
 from ipapython.ipa_log_manager import root_logger
 from ipapython.admintool import ScriptError
 from ipapython.ipautil import user_input
@@ -414,6 +414,7 @@ class DNSForwardPolicy(enum.Enum):
     FIRST = 'first'
 
 
+@group
 class DNSInstallInterface(hostname.HostNameInstallInterface):
     """
     Interface of the DNS installer
@@ -424,6 +425,7 @@ class DNSInstallInterface(hostname.HostNameInstallInterface):
     * ipa-replica-install
     * ipa-dns-install
     """
+    description = "DNS"
 
     allow_zone_overlap = knob(
         None,
diff --git a/ipaserver/install/ipa_replica_install.py b/ipaserver/install/ipa_replica_install.py
index 39c7456..9d38bec 100644
--- a/ipaserver/install/ipa_replica_install.py
+++ b/ipaserver/install/ipa_replica_install.py
@@ -3,7 +3,7 @@
 #
 
 from ipapython.install import cli
-from ipapython.install.core import knob
+from ipapython.install.core import knob, extend_knob
 from ipaplatform.paths import paths
 from ipaserver.install.server import ServerReplicaInstall
 
@@ -19,9 +19,8 @@ class CompatServerReplicaInstall(ServerReplicaInstall):
     ca_file = None
     zonemgr = None
 
-    replica_file = knob(
-        # pylint: disable=no-member
-        bases=ServerReplicaInstall.replica_file,
+    replica_file = extend_knob(
+        ServerReplicaInstall.replica_file,  # pylint: disable=no-member
         cli_names='replica_file',
     )
 
@@ -52,17 +51,18 @@ def dm_password(self):
     def dm_password(self, value):
         self.__dm_password = value
 
-    ip_addresses = knob(
-        # pylint: disable=no-member
-        bases=ServerReplicaInstall.ip_addresses,
+    ip_addresses = extend_knob(
+        ServerReplicaInstall.ip_addresses,  # pylint: disable=no-member
         description="Replica server IP Address. This option can be used "
                     "multiple times",
     )
 
-    admin_password = knob(
-        # pylint: disable=no-member
-        bases=ServerReplicaInstall.admin_password,
-        cli_names=list(ServerReplicaInstall.admin_password.cli_names) + ['-w'],
+    admin_password = (
+        ServerReplicaInstall.admin_password     # pylint: disable=no-member
+    )
+    admin_password = extend_knob(
+        admin_password,
+        cli_names=list(admin_password.cli_names) + ['-w'],
     )
 
     @admin_password.default_getter
diff --git a/ipaserver/install/ipa_server_install.py b/ipaserver/install/ipa_server_install.py
index e708040..428e184 100644
--- a/ipaserver/install/ipa_server_install.py
+++ b/ipaserver/install/ipa_server_install.py
@@ -3,7 +3,7 @@
 #
 
 from ipapython.install import cli
-from ipapython.install.core import knob
+from ipapython.install.core import extend_knob
 from ipaplatform.paths import paths
 from ipaserver.install.server import ServerMasterInstall
 
@@ -15,22 +15,20 @@ class CompatServerMasterInstall(ServerMasterInstall):
     no_sudo = False
     request_cert = False
 
-    dm_password = knob(
-        # pylint: disable=no-member
-        bases=ServerMasterInstall.dm_password,
+    dm_password = extend_knob(
+        ServerMasterInstall.dm_password,    # pylint: disable=no-member
         cli_names=['--ds-password', '-p'],
     )
 
-    admin_password = knob(
+    admin_password = ServerMasterInstall.admin_password
+    admin_password = extend_knob(
+        admin_password,
         # pylint: disable=no-member
-        bases=ServerMasterInstall.admin_password,
-        cli_names=(list(ServerMasterInstall.admin_password.cli_names) +
-                   ['-a']),
+        cli_names=list(admin_password.cli_names) + ['-a'],
     )
 
-    ip_addresses = knob(
-        # pylint: disable=no-member
-        bases=ServerMasterInstall.ip_addresses,
+    ip_addresses = extend_knob(
+        ServerMasterInstall.ip_addresses,   # pylint: disable=no-member
         description="Master Server IP Address. This option can be used "
                     "multiple times",
     )
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py
index 5a7a6ef..17617ed 100644
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -15,6 +15,7 @@
 from ipapython import certdb
 from ipapython import ipautil
 from ipapython.dn import DN
+from ipapython.install.core import group
 from ipaserver.install import custodiainstance
 from ipaserver.install import cainstance
 from ipaserver.install import krainstance
@@ -141,6 +142,7 @@ def uninstall(standalone):
         kra.uninstall()
 
 
+@group
 class KRAInstallInterface(dogtag.DogtagInstallInterface):
     """
     Interface of the KRA installer
@@ -151,3 +153,4 @@ class KRAInstallInterface(dogtag.DogtagInstallInterface):
     * ipa-replica-install
     * ipa-kra-install
     """
+    description = "KRA"
diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index edb91f3..14f1ec4 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -14,6 +14,7 @@
 
 from ipaclient.install import client
 from ipalib import constants
+from ipalib.install import service
 from ipalib.install.service import (enroll_only,
                                     installs_master,
                                     installs_replica,
@@ -24,7 +25,7 @@
 from ipapython import ipautil
 from ipapython.dnsutil import check_zone_overlap
 from ipapython.install import typing
-from ipapython.install.core import knob
+from ipapython.install.core import group, knob, extend_knob
 from ipapython.install.common import step
 
 from .install import validate_admin_password, validate_dm_password
@@ -41,12 +42,120 @@
 from .. import adtrust, ca, conncheck, dns, kra
 
 
-class ServerInstallInterface(client.ClientInstallInterface,
+@group
+class ServerUninstallInterface(service.ServiceInstallInterface):
+    description = "Uninstall"
+
+    ignore_topology_disconnect = knob(
+        None,
+        description="do not check whether server uninstall disconnects the "
+                    "topology (domain level 1+)",
+    )
+    ignore_topology_disconnect = master_install_only(ignore_topology_disconnect)
+
+    ignore_last_of_role = knob(
+        None,
+        description="do not check whether server uninstall removes last "
+                    "CA/DNS server or DNSSec master (domain level 1+)",
+    )
+    ignore_last_of_role = master_install_only(ignore_last_of_role)
+
+
+@group
+class ServerCertificateInstallInterface(service.ServiceInstallInterface):
+    description = "SSL certificate"
+
+    dirsrv_cert_files = knob(
+        # pylint: disable=invalid-sequence-index
+        typing.List[str], None,
+        description=("File containing the Directory Server SSL certificate "
+                     "and private key"),
+        cli_names='--dirsrv-cert-file',
+        cli_deprecated_names='--dirsrv_pkcs12',
+        cli_metavar='FILE',
+    )
+    dirsrv_cert_files = prepare_only(dirsrv_cert_files)
+
+    http_cert_files = knob(
+        # pylint: disable=invalid-sequence-index
+        typing.List[str], None,
+        description=("File containing the Apache Server SSL certificate and "
+                     "private key"),
+        cli_names='--http-cert-file',
+        cli_deprecated_names='--http_pkcs12',
+        cli_metavar='FILE',
+    )
+    http_cert_files = prepare_only(http_cert_files)
+
+    pkinit_cert_files = knob(
+        # pylint: disable=invalid-sequence-index
+        typing.List[str], None,
+        description=("File containing the Kerberos KDC SSL certificate and "
+                     "private key"),
+        cli_names='--pkinit-cert-file',
+        cli_deprecated_names='--pkinit_pkcs12',
+        cli_metavar='FILE',
+    )
+    pkinit_cert_files = prepare_only(pkinit_cert_files)
+
+    dirsrv_pin = knob(
+        str, None,
+        sensitive=True,
+        description="The password to unlock the Directory Server private key",
+        cli_deprecated_names='--dirsrv_pin',
+        cli_metavar='PIN',
+    )
+    dirsrv_pin = prepare_only(dirsrv_pin)
+
+    http_pin = knob(
+        str, None,
+        sensitive=True,
+        description="The password to unlock the Apache Server private key",
+        cli_deprecated_names='--http_pin',
+        cli_metavar='PIN',
+    )
+    http_pin = prepare_only(http_pin)
+
+    pkinit_pin = knob(
+        str, None,
+        sensitive=True,
+        description="The password to unlock the Kerberos KDC private key",
+        cli_deprecated_names='--pkinit_pin',
+        cli_metavar='PIN',
+    )
+    pkinit_pin = prepare_only(pkinit_pin)
+
+    dirsrv_cert_name = knob(
+        str, None,
+        description="Name of the Directory Server SSL certificate to install",
+        cli_metavar='NAME',
+    )
+    dirsrv_cert_name = prepare_only(dirsrv_cert_name)
+
+    http_cert_name = knob(
+        str, None,
+        description="Name of the Apache Server SSL certificate to install",
+        cli_metavar='NAME',
+    )
+    http_cert_name = prepare_only(http_cert_name)
+
+    pkinit_cert_name = knob(
+        str, None,
+        description="Name of the Kerberos KDC SSL certificate to install",
+        cli_metavar='NAME',
+    )
+    pkinit_cert_name = prepare_only(pkinit_cert_name)
+
+
+@group
+class ServerInstallInterface(ServerCertificateInstallInterface,
+                             client.ClientInstallInterface,
                              ca.CAInstallInterface,
                              kra.KRAInstallInterface,
                              dns.DNSInstallInterface,
                              adtrust.ADTrustInstallInterface,
-                             conncheck.ConnCheckInterface):
+                             conncheck.ConnCheckInterface,
+                             ServerUninstallInterface):
     """
     Interface of server installers
 
@@ -55,6 +164,7 @@ class ServerInstallInterface(client.ClientInstallInterface,
     * ipa-replica-prepare
     * ipa-replica-install
     """
+    description = "Server"
 
     force_join = False
     kinit_attempts = 1
@@ -65,56 +175,57 @@ class ServerInstallInterface(client.ClientInstallInterface,
     enable_dns_updates = False
     no_krb5_offline_passwords = False
     preserve_sssd = False
+    no_sssd = False
 
-    domain_name = knob(
-        bases=client.ClientInstallInterface.domain_name,
+    domain_name = client.ClientInstallInterface.domain_name
+    domain_name = extend_knob(
+        domain_name,
         # pylint: disable=no-member
-        cli_names=(list(client.ClientInstallInterface.domain_name.cli_names) +
-                   ['-n']),
+        cli_names=list(domain_name.cli_names) + ['-n'],
     )
 
-    servers = knob(
-        bases=client.ClientInstallInterface.servers,
+    servers = extend_knob(
+        client.ClientInstallInterface.servers,
         description="fully qualified name of IPA server to enroll to",
     )
     servers = enroll_only(servers)
 
-    realm_name = knob(
-        bases=client.ClientInstallInterface.realm_name,
-        cli_names=(list(client.ClientInstallInterface.realm_name.cli_names) +
-                   ['-r']),
+    realm_name = client.ClientInstallInterface.realm_name
+    realm_name = extend_knob(
+        realm_name,
+        cli_names=list(realm_name.cli_names) + ['-r'],
     )
 
-    host_name = knob(
-        bases=client.ClientInstallInterface.host_name,
+    host_name = extend_knob(
+        client.ClientInstallInterface.host_name,
         description="fully qualified name of this host",
     )
 
-    ca_cert_files = knob(
-        bases=client.ClientInstallInterface.ca_cert_files,
+    ca_cert_files = extend_knob(
+        client.ClientInstallInterface.ca_cert_files,
         description="File containing CA certificates for the service "
                     "certificate files",
         cli_deprecated_names='--root-ca-file',
     )
     ca_cert_files = prepare_only(ca_cert_files)
 
-    dm_password = knob(
-        bases=client.ClientInstallInterface.dm_password,
+    dm_password = extend_knob(
+        client.ClientInstallInterface.dm_password,
         description="Directory Manager password",
     )
 
-    ip_addresses = knob(
-        bases=client.ClientInstallInterface.ip_addresses,
+    ip_addresses = extend_knob(
+        client.ClientInstallInterface.ip_addresses,
         description="Server IP Address. This option can be used multiple "
                     "times",
     )
 
-    principal = knob(
-        bases=client.ClientInstallInterface.principal,
+    principal = client.ClientInstallInterface.principal
+    principal = extend_knob(
+        principal,
         description="User Principal allowed to promote replicas and join IPA "
                     "realm",
-        cli_names=(list(client.ClientInstallInterface.principal.cli_names) +
-                   ['-P']),
+        cli_names=list(principal.cli_names) + ['-P'],
     )
     principal = replica_install_only(principal)
 
@@ -195,20 +306,6 @@ def idmax(self):
     )
     no_hbac_allow = master_install_only(no_hbac_allow)
 
-    ignore_topology_disconnect = knob(
-        None,
-        description="do not check whether server uninstall disconnects the "
-                    "topology (domain level 1+)",
-    )
-    ignore_topology_disconnect = master_install_only(ignore_topology_disconnect)
-
-    ignore_last_of_role = knob(
-        None,
-        description="do not check whether server uninstall removes last "
-                    "CA/DNS server or DNSSec master (domain level 1+)",
-    )
-    ignore_last_of_role = master_install_only(ignore_last_of_role)
-
     no_pkinit = knob(
         None,
         description="disables pkinit setup steps",
@@ -235,92 +332,6 @@ def dirsrv_config_file(self, value):
         if not os.path.exists(value):
             raise ValueError("File %s does not exist." % value)
 
-    dirsrv_cert_files = knob(
-        # pylint: disable=invalid-sequence-index
-        typing.List[str], None,
-        description=("File containing the Directory Server SSL certificate "
-                     "and private key"),
-        cli_names='--dirsrv-cert-file',
-        cli_deprecated_names='--dirsrv_pkcs12',
-        cli_metavar='FILE',
-    )
-    dirsrv_cert_files = prepare_only(dirsrv_cert_files)
-
-    http_cert_files = knob(
-        # pylint: disable=invalid-sequence-index
-        typing.List[str], None,
-        description=("File containing the Apache Server SSL certificate and "
-                     "private key"),
-        cli_names='--http-cert-file',
-        cli_deprecated_names='--http_pkcs12',
-        cli_metavar='FILE',
-    )
-    http_cert_files = prepare_only(http_cert_files)
-
-    pkinit_cert_files = knob(
-        # pylint: disable=invalid-sequence-index
-        typing.List[str], None,
-        description=("File containing the Kerberos KDC SSL certificate and "
-                     "private key"),
-        cli_names='--pkinit-cert-file',
-        cli_deprecated_names='--pkinit_pkcs12',
-        cli_metavar='FILE',
-    )
-    pkinit_cert_files = prepare_only(pkinit_cert_files)
-
-    dirsrv_pin = knob(
-        str, None,
-        sensitive=True,
-        description="The password to unlock the Directory Server private key",
-        cli_deprecated_names='--dirsrv_pin',
-        cli_metavar='PIN',
-    )
-    dirsrv_pin = prepare_only(dirsrv_pin)
-
-    http_pin = knob(
-        str, None,
-        sensitive=True,
-        description="The password to unlock the Apache Server private key",
-        cli_deprecated_names='--http_pin',
-        cli_metavar='PIN',
-    )
-    http_pin = prepare_only(http_pin)
-
-    pkinit_pin = knob(
-        str, None,
-        sensitive=True,
-        description="The password to unlock the Kerberos KDC private key",
-        cli_deprecated_names='--pkinit_pin',
-        cli_metavar='PIN',
-    )
-    pkinit_pin = prepare_only(pkinit_pin)
-
-    dirsrv_cert_name = knob(
-        str, None,
-        description="Name of the Directory Server SSL certificate to install",
-        cli_metavar='NAME',
-    )
-    dirsrv_cert_name = prepare_only(dirsrv_cert_name)
-
-    http_cert_name = knob(
-        str, None,
-        description="Name of the Apache Server SSL certificate to install",
-        cli_metavar='NAME',
-    )
-    http_cert_name = prepare_only(http_cert_name)
-
-    pkinit_cert_name = knob(
-        str, None,
-        description="Name of the Kerberos KDC SSL certificate to install",
-        cli_metavar='NAME',
-    )
-    pkinit_cert_name = prepare_only(pkinit_cert_name)
-
-    add_agents = knob(
-        bases=adtrust.ADTrustInstallInterface.add_agents
-    )
-    add_agents = replica_install_only(add_agents)
-
     def __init__(self, **kwargs):
         super(ServerInstallInterface, self).__init__(**kwargs)
 
@@ -514,8 +525,8 @@ class ServerMasterInstall(ServerMasterInstallInterface):
     keytab = None
     setup_ca = True
 
-    domain_name = knob(
-        bases=ServerMasterInstallInterface.domain_name,
+    domain_name = extend_knob(
+        ServerMasterInstallInterface.domain_name,
     )
 
     @domain_name.validator
@@ -525,16 +536,16 @@ def domain_name(self, value):
             print("Checking DNS domain %s, please wait ..." % value)
             check_zone_overlap(value, False)
 
-    dm_password = knob(
-        bases=ServerMasterInstallInterface.dm_password,
+    dm_password = extend_knob(
+        ServerMasterInstallInterface.dm_password,
     )
 
     @dm_password.validator
     def dm_password(self, value):
         validate_dm_password(value)
 
-    admin_password = knob(
-        bases=ServerMasterInstallInterface.admin_password,
+    admin_password = extend_knob(
+        ServerMasterInstallInterface.admin_password,
         description="admin user kerberos password",
     )
 
@@ -574,8 +585,8 @@ class ServerReplicaInstall(ServerReplicaInstallInterface):
     subject_base = None
     ca_subject = None
 
-    admin_password = knob(
-        bases=ServerReplicaInstallInterface.admin_password,
+    admin_password = extend_knob(
+        ServerReplicaInstallInterface.admin_password,
         description="Kerberos password for the specified admin principal",
     )
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to