Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote: Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin nack, it shouldn't allow the option if DNS is not configured, or at least it shouldn't blow up: # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com Directory Manager (existing master) password: Preparing replica for replica4.example.com from luna.example.com Creating SSL certificate for the Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-replica4.example.com.gpg Adding DNS records for replica4.example.com preparation of replica failed: no such entry no such entry File "/usr/sbin/ipa-replica-prepare", line 338, in main() File "/usr/sbin/ipa-replica-prepare", line 329, in main zone = add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 73, in add_zone idnsupdatepolicy=unicode(update_policy)) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 203, in execute ldap.add_entry(dn, entry_attrs) File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, in new_f return f(*new_args, **kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 334, in add_entry _handle_errors(e, **{}) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 71, in _handle_errors raise errors.NotFound(reason='no such entry') rob Thanks, new patches attached. Martin ack both, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
On Fri, 2010-01-22 at 10:30 -0500, Rob Crittenden wrote: > Martin Nagy wrote: > > Hi, > > these patches will allow one to specify an ip address of the replica to > > ipa-replica-prepare. The dns records will then be added. This should > > make life better for QA :) > > > > Martin > > nack, it shouldn't allow the option if DNS is not configured, or at > least it shouldn't blow up: > > # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com > Directory Manager (existing master) password: > > Preparing replica for replica4.example.com from luna.example.com > Creating SSL certificate for the Directory Server > Creating SSL certificate for the Web Server > Exporting RA certificate > Copying additional files > Finalizing configuration > Packaging replica information into > /var/lib/ipa/replica-info-replica4.example.com.gpg > Adding DNS records for replica4.example.com > preparation of replica failed: no such entry > no such entry >File "/usr/sbin/ipa-replica-prepare", line 338, in > main() > >File "/usr/sbin/ipa-replica-prepare", line 329, in main > zone = add_zone(domain) > >File > "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", > line 73, in add_zone > idnsupdatepolicy=unicode(update_policy)) > >File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, > in __call__ > ret = self.run(*args, **options) > >File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, > in run > return self.execute(*args, **options) > >File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line > 203, in execute > ldap.add_entry(dn, entry_attrs) > >File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, > in new_f > return f(*new_args, **kwargs) > >File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 334, in add_entry > _handle_errors(e, **{}) > >File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", > line 71, in _handle_errors > raise errors.NotFound(reason='no such entry') > > rob Thanks, new patches attached. Martin >From 738dd1f022a946ff0b574128e9ed358efb5d3451 Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Mon, 8 Feb 2010 14:21:46 +0100 Subject: [PATCH 1/2] Get rid of ipapython.config in ipa-replica-prepare Also get rid of functions get_host_name(), get_realm_name() and get_domain_name(). They used the old ipapython.config. Instead, use the variables from api.env. We also change them to bootstrap() and finalize() correctly. Additionally, we add the dns_container_exists() function that will be used in ipa-replica-prepare (next patch). --- install/tools/ipa-replica-install | 30 ++--- install/tools/ipa-replica-prepare | 86 ++--- ipaserver/install/bindinstance.py | 52 --- 3 files changed, 63 insertions(+), 105 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index af7128c..4b348f6 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -311,12 +311,21 @@ def main(): except ldap.INVALID_CREDENTIALS, e : sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) +# Create the management framework config file +# Note: We must do this before bootstraping and finalizing ipalib.api +fd = open("/etc/ipa/default.conf", "w") +fd.write("[global]\n") +fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") +fd.write("realm=" + config.realm_name + "\n") +fd.write("domain=" + config.domain_name + "\n") +fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name) +fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) if ipautil.file_exists(config.dir + "/ca.p12"): -ca_type = 'dogtag' -else: -ca_type = 'selfsign' +fd.write("enable_ra=True\n") +fd.write("ra_plugin=dogtag\n") +fd.close() -api.bootstrap(in_server=True, ra_plugin=ca_type) +api.bootstrap(in_server=True) api.finalize() # Install CA cert so that we can do SSL connections with ldap @@ -355,19 +364,6 @@ def main(): # generated ds.add_cert_to_service() -# Create the management framework config file -fd = open("/etc/ipa/default.conf", "w") -fd.write("[global]\n") -fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") -fd.write("realm=" + config.realm_name + "\n") -fd.write("domain=" + config.domain_name + "\n") -fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name) -fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) -if ipautil.file_exists(config.dir + "/ca.p12"): -fd.write("enable_ra=True\n") -fd.write("ra_plugin=dogtag\n") -fd.close()
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin nack, it shouldn't allow the option if DNS is not configured, or at least it shouldn't blow up: # ipa-replica-prepare --ip-address=192.168.166.9 replica4.example.com Directory Manager (existing master) password: Preparing replica for replica4.example.com from luna.example.com Creating SSL certificate for the Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-replica4.example.com.gpg Adding DNS records for replica4.example.com preparation of replica failed: no such entry no such entry File "/usr/sbin/ipa-replica-prepare", line 338, in main() File "/usr/sbin/ipa-replica-prepare", line 329, in main zone = add_zone(domain) File "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py", line 73, in add_zone idnsupdatepolicy=unicode(update_policy)) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 412, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 680, in run return self.execute(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py", line 203, in execute ldap.add_entry(dn, entry_attrs) File "/usr/lib/python2.6/site-packages/ipalib/encoder.py", line 188, in new_f return f(*new_args, **kwargs) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 334, in add_entry _handle_errors(e, **{}) File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 71, in _handle_errors raise errors.NotFound(reason='no such entry') rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Martin Nagy wrote: Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin This looks suspiciously like something to add to the user doc. Can you elaborate a little? I don't have my ipa-server or test machine available atm to check man pages :-\ If necessary pls raise a bugzilla. thanks -- David O'Brien Senior Technical Writer, Engineering Content Services Red Hat Asia Pacific Pty Ltd 193 North Quay, Brisbane +61 7 3514 8189 http://freeipa.org/page/DocumentationPortal http://git.fedorahosted.org/git/ipadocs.git He who asks is a fool for five minutes, but he who does not ask remains a fool forever." ~ Chinese proverb ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCHES] Add A and PTR records during ipa-replica-prepare
Hi, these patches will allow one to specify an ip address of the replica to ipa-replica-prepare. The dns records will then be added. This should make life better for QA :) Martin >From 05c6e118b748839012a7e8bc0613367d8d27d7a8 Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Mon, 23 Nov 2009 11:08:03 +0100 Subject: [PATCH 1/2] Get rid of ipapython.config in ipa-replica-prepare Also get rid of functions get_host_name(), get_realm_name() and get_domain_name(). They used the old ipapython.config. Instead, use the variables from api.env. We also change them to bootstrap() and finalize() correctly. --- install/tools/ipa-replica-install | 30 ++ install/tools/ipa-replica-prepare | 78 - 2 files changed, 30 insertions(+), 78 deletions(-) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 349d518..cbdd08d 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -310,12 +310,21 @@ def main(): except ldap.INVALID_CREDENTIALS, e : sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) +# Create the management framework config file +# Note: We must do this before bootstraping and finalizing ipalib.api +fd = open("/etc/ipa/default.conf", "w") +fd.write("[global]\n") +fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") +fd.write("realm=" + config.realm_name + "\n") +fd.write("domain=" + config.domain_name + "\n") +fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name) +fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) if ipautil.file_exists(config.dir + "/ca.p12"): -ca_type = 'dogtag' -else: -ca_type = 'selfsign' +fd.write("enable_ra=True\n") +fd.write("ra_plugin=dogtag\n") +fd.close() -api.bootstrap(in_server=True, ra_plugin=ca_type) +api.bootstrap(in_server=True) api.finalize() # Install CA cert so that we can do SSL connections with ldap @@ -352,19 +361,6 @@ def main(): # generated ds.add_cert_to_service() -# Create the management framework config file -fd = open("/etc/ipa/default.conf", "w") -fd.write("[global]\n") -fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") -fd.write("realm=" + config.realm_name + "\n") -fd.write("domain=" + config.domain_name + "\n") -fd.write("xmlrpc_uri=https://%s/ipa/xml\n"; % config.host_name) -fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) -if ipautil.file_exists(config.dir + "/ca.p12"): -fd.write("enable_ra=True\n") -fd.write("ra_plugin=dogtag\n") -fd.close() - # Apply any LDAP updates. Needs to be done after the replica is synced-up service.print_msg("Applying LDAP updates") ds.apply_updates() diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index bc86a41..175ac62 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -26,12 +26,10 @@ from ConfigParser import SafeConfigParser import krbV from optparse import OptionParser -import ipapython.config from ipapython import ipautil from ipaserver.install import dsinstance, installutils, certs, httpinstance from ipaserver import ipaldap from ipapython import version -from ipalib.constants import DEFAULT_CONFIG from ipalib import api import ldap @@ -50,7 +48,6 @@ def parse_options(): parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") -ipapython.config.add_standard_options(parser) options, args = parser.parse_args() # If any of the PKCS#12 options are selected, all are required. Create a @@ -64,36 +61,8 @@ def parse_options(): if len(args) != 1: parser.error("must provide the fully-qualified name of the replica") -ipapython.config.init_config(options) - return options, args -def get_host_name(): -hostname = installutils.get_fqdn() -try: -installutils.verify_fqdn(hostname) -except RuntimeError, e: -logging.error(str(e)) -sys.exit(1) - -return hostname - -def get_realm_name(): -try: -c = krbV.default_context() -return c.default_realm -except Exception, e: -return None - -def get_domain_name(): -try: -ipapython.config.init_config() -domain_name = ipapython.config.config.get_domain() -except Exception, e: -return None - -return domain_name - def check_ipa_configuration(realm_name): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) if not ipautil.dir_exists(config_dir): @@ -119,8 +88,8 @@ def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostna