URL: https://github.com/freeipa/freeipa/pull/318 Author: jcholast Title: #318: server install: fix external CA install Action: opened
PR body: """ Replace the dual definitions of domain_name, dm_password and admin_password knobs in server install with single definitions using the original names without the 'new_' prefix. This fixes the options read from the installer option cache in step 2 of external CA install to use the correct knob names. https://fedorahosted.org/freeipa/ticket/6392 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/318/head:pr318 git checkout pr318
From ae5f464174f3ade82336a58a860b275a464095a6 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 30 Nov 2016 13:55:38 +0100 Subject: [PATCH] server install: fix external CA install Replace the dual definitions of domain_name, dm_password and admin_password knobs in server install with single definitions using the original names without the 'new_' prefix. This fixes the options read from the installer option cache in step 2 of external CA install to use the correct knob names. https://fedorahosted.org/freeipa/ticket/6392 --- ipaclient/install/client.py | 3 + ipalib/install/service.py | 4 -- ipaserver/install/ca.py | 1 - ipaserver/install/ipa_server_install.py | 10 ++-- ipaserver/install/server/__init__.py | 100 +++++++++++++++----------------- ipaserver/install/server/install.py | 3 - 6 files changed, 54 insertions(+), 67 deletions(-) diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 0954c2b..0eec5bd 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -3571,6 +3571,9 @@ class ClientInstall(ClientInstallInterface, Client installer """ + replica_file = None + dm_password = None + ca_cert_files = knob( bases=ClientInstallInterface.ca_cert_files, ) diff --git a/ipalib/install/service.py b/ipalib/install/service.py index 2544e5b..fc430fb 100644 --- a/ipalib/install/service.py +++ b/ipalib/install/service.py @@ -146,7 +146,6 @@ def domain_name(self, value): str, None, description="a file generated by ipa-replica-prepare", ) - replica_file = enroll_only(replica_file) replica_file = replica_install_only(replica_file) dm_password = knob( @@ -154,8 +153,6 @@ def domain_name(self, value): sensitive=True, description="Directory Manager password (for the existing master)", ) - dm_password = enroll_only(dm_password) - dm_password = replica_install_only(dm_password) class ServiceAdminInstallInterface(ServiceInstallInterface): @@ -175,4 +172,3 @@ class ServiceAdminInstallInterface(ServiceInstallInterface): sensitive=True, ) admin_password = enroll_only(admin_password) - admin_password = replica_install_only(admin_password) diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index efc8c87..4f64d99 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -338,7 +338,6 @@ class CAInstallInterface(dogtag.DogtagInstallInterface, ['-w']), ) admin_password = enroll_only(admin_password) - admin_password = replica_install_only(admin_password) external_ca = knob( None, diff --git a/ipaserver/install/ipa_server_install.py b/ipaserver/install/ipa_server_install.py index 3b6cb81..e708040 100644 --- a/ipaserver/install/ipa_server_install.py +++ b/ipaserver/install/ipa_server_install.py @@ -15,16 +15,16 @@ class CompatServerMasterInstall(ServerMasterInstall): no_sudo = False request_cert = False - new_dm_password = knob( + dm_password = knob( # pylint: disable=no-member - bases=ServerMasterInstall.new_dm_password, + bases=ServerMasterInstall.dm_password, cli_names=['--ds-password', '-p'], ) - new_admin_password = knob( + admin_password = knob( # pylint: disable=no-member - bases=ServerMasterInstall.new_admin_password, - cli_names=(list(ServerMasterInstall.new_admin_password.cli_names) + + bases=ServerMasterInstall.admin_password, + cli_names=(list(ServerMasterInstall.admin_password.cli_names) + ['-a']), ) diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py index c518ec9..0237702 100644 --- a/ipaserver/install/server/__init__.py +++ b/ipaserver/install/server/__init__.py @@ -21,7 +21,6 @@ prepares, prepare_only, replica_install_only) -from ipalib.util import validate_domain_name from ipapython import ipautil from ipapython.dnsutil import check_zone_overlap from ipapython.install import typing @@ -72,22 +71,6 @@ class ServerInstallInterface(client.ClientInstallInterface, cli_names=(list(client.ClientInstallInterface.domain_name.cli_names) + ['-n']), ) - domain_name = replica_install_only(domain_name) - - new_domain_name = knob( - bases=client.ClientInstallInterface.domain_name, - cli_names=['--domain', '-n'], - cli_metavar='DOMAIN_NAME', - ) - new_domain_name = master_install_only(new_domain_name) - - @new_domain_name.validator - def new_domain_name(self, value): - validate_domain_name(value) - if (self.setup_dns and - not self.allow_zone_overlap): # pylint: disable=no-member - print("Checking DNS domain %s, please wait ..." % value) - check_zone_overlap(value, False) servers = knob( bases=client.ClientInstallInterface.servers, @@ -114,18 +97,10 @@ def new_domain_name(self, value): ) ca_cert_files = prepare_only(ca_cert_files) - new_dm_password = knob( - str, None, - sensitive=True, + dm_password = knob( + bases=client.ClientInstallInterface.dm_password, description="Directory Manager password", - cli_names='--dm-password', - cli_metavar='DM_PASSWORD', ) - new_dm_password = master_install_only(new_dm_password) - - @new_dm_password.validator - def new_dm_password(self, value): - validate_dm_password(value) ip_addresses = knob( bases=client.ClientInstallInterface.ip_addresses, @@ -142,25 +117,6 @@ def new_dm_password(self, value): ) principal = replica_install_only(principal) - admin_password = knob( - bases=client.ClientInstallInterface.admin_password, - description="Kerberos password for the specified admin principal", - ) - admin_password = replica_install_only(admin_password) - - new_admin_password = knob( - str, None, - sensitive=True, - description="admin user kerberos password", - cli_names='--admin-password', - cli_metavar='ADMIN_PASSWORD', - ) - new_admin_password = master_install_only(new_admin_password) - - @new_admin_password.validator - def new_admin_password(self, value): - validate_admin_password(value) - master_password = knob( str, None, sensitive=True, @@ -459,14 +415,14 @@ def __init__(self, **kwargs): "--external-ca") if self.uninstalling: - if (self.realm_name or self.new_admin_password or + if (self.realm_name or self.admin_password or self.master_password): raise RuntimeError( "In uninstall mode, -a, -r and -P options are not " "allowed") elif not self.interactive: - if (not self.realm_name or not self.new_dm_password or - not self.new_admin_password): + if (not self.realm_name or not self.dm_password or + not self.admin_password): raise RuntimeError( "In unattended mode you need to provide at least -r, " "-p and -a options") @@ -549,21 +505,49 @@ def __init__(self, **kwargs): self.no_pkinit = True -class ServerMasterInstall(installs_master(ServerInstallInterface)): +ServerMasterInstallInterface = installs_master(ServerInstallInterface) + + +class ServerMasterInstall(ServerMasterInstallInterface): """ Server master installer """ - domain_name = None servers = None - dm_password = None no_wait_for_dns = True - admin_password = None host_password = None keytab = None setup_ca = True setup_kra = False + domain_name = knob( + bases=ServerMasterInstallInterface.domain_name, + ) + + @domain_name.validator + def domain_name(self, value): + if (self.setup_dns and + not self.allow_zone_overlap): + print("Checking DNS domain %s, please wait ..." % value) + check_zone_overlap(value, False) + + dm_password = knob( + bases=ServerMasterInstallInterface.dm_password, + ) + + @dm_password.validator + def dm_password(self, value): + validate_dm_password(value) + + admin_password = knob( + bases=ServerMasterInstallInterface.admin_password, + description="admin user kerberos password", + ) + + @admin_password.validator + def admin_password(self, value): + validate_admin_password(value) + def __init__(self, **kwargs): super(ServerMasterInstall, self).__init__(**kwargs) master_init(self) @@ -581,13 +565,21 @@ def main(self): uninstall(self) -class ServerReplicaInstall(installs_replica(ServerInstallInterface)): +ServerReplicaInstallInterface = installs_replica(ServerInstallInterface) + + +class ServerReplicaInstall(ServerReplicaInstallInterface): """ Server replica installer """ subject = None + admin_password = knob( + bases=ServerReplicaInstallInterface.admin_password, + description="Kerberos password for the specified admin principal", + ) + def __init__(self, **kwargs): super(ServerReplicaInstall, self).__init__(**kwargs) replica_init(self) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index b30a934..f81c202 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -1150,9 +1150,6 @@ def uninstall(installer): def init(installer): installer.unattended = not installer.interactive - installer.domain_name = installer.new_domain_name - installer.dm_password = installer.new_dm_password - installer.admin_password = installer.new_admin_password installer.domainlevel = installer.domain_level installer._installation_cleanup = True
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
