URL: https://github.com/freeipa/freeipa/pull/691 Author: stlaz Title: #691: Add force-join option to replica install Action: opened
PR body: """ This patchset adds the force-join option to the replica installer. It also tries to improve the developer's experience by narrowing down the scope of originally an all-eating try-except block. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/691/head:pr691 git checkout pr691
From 19a17dfad96f23c5245b82b1fb555b7508e631dd Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Wed, 5 Apr 2017 09:49:57 +0200 Subject: [PATCH 1/2] Add the force-join option to replica install When installing client from inside replica installation on DL1, it's possible that the client installation would fail and recommend using --force-join option which is not available in replica installer. Add the option there. https://pagure.io/freeipa/issue/6183 --- ipaserver/install/server/__init__.py | 5 ++++- ipaserver/install/server/replicainstall.py | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py index 89444f2..0a1b553 100644 --- a/ipaserver/install/server/__init__.py +++ b/ipaserver/install/server/__init__.py @@ -166,7 +166,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface, """ description = "Server" - force_join = False kinit_attempts = 1 fixed_primary = True ntp_servers = None @@ -177,6 +176,9 @@ class ServerInstallInterface(ServerCertificateInstallInterface, preserve_sssd = False no_sssd = False + force_join = client.ClientInstallInterface.force_join + force_join = replica_install_only(force_join) + domain_name = client.ClientInstallInterface.domain_name domain_name = extend_knob( domain_name, @@ -526,6 +528,7 @@ class ServerMasterInstall(ServerMasterInstallInterface): Server master installer """ + force_join = False servers = None no_wait_for_dns = True host_password = None diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index f489e69..9fa6960 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -948,6 +948,8 @@ def ensure_enrolled(installer): args.append("--no-sshd") if installer.mkhomedir: args.append("--mkhomedir") + if installer.force_join: + args.append("--force-join") ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True) print() From f90f7f131f364f85e087764e9b8dae9dba2a4e0d Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Wed, 5 Apr 2017 09:57:44 +0200 Subject: [PATCH 2/2] replicainstall: better client install exception handling The exception handling of client install inside replica installation was rather promiscuous, hungrily eating any possible exception thrown at it. Scoped down the try-except block and reduced its promiscuity. This change should improve the future development experience debugging this part of the code. https://pagure.io/freeipa/issue/6183 --- ipaserver/install/server/replicainstall.py | 83 +++++++++++++++--------------- 1 file changed, 41 insertions(+), 42 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 9fa6960..88a01be 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -908,52 +908,51 @@ def install_check(installer): def ensure_enrolled(installer): - # Call client install script - service.print_msg("Configuring client side components") + args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"] + stdin = None + nolog = [] + + if installer.domain_name: + args.extend(["--domain", installer.domain_name]) + if installer.server: + args.extend(["--server", installer.server]) + if installer.realm_name: + args.extend(["--realm", installer.realm_name]) + if installer.host_name: + args.extend(["--hostname", installer.host_name]) + + if installer.password: + args.extend(["--password", installer.password]) + nolog.append(installer.password) + else: + if installer.admin_password: + # Always set principal if password was set explicitly, + # the password itself gets passed directly via stdin + args.extend(["--principal", installer.principal or "admin"]) + stdin = installer.admin_password + if installer.keytab: + args.extend(["--keytab", installer.keytab]) + + if installer.no_dns_sshfp: + args.append("--no-dns-sshfp") + if installer.ssh_trust_dns: + args.append("--ssh-trust-dns") + if installer.no_ssh: + args.append("--no-ssh") + if installer.no_sshd: + args.append("--no-sshd") + if installer.mkhomedir: + args.append("--mkhomedir") + if installer.force_join: + args.append("--force-join") + try: + # Call client install script + service.print_msg("Configuring client side components") installer._enrollment_performed = True - - args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"] - stdin = None - nolog = [] - - if installer.domain_name: - args.extend(["--domain", installer.domain_name]) - if installer.server: - args.extend(["--server", installer.server]) - if installer.realm_name: - args.extend(["--realm", installer.realm_name]) - if installer.host_name: - args.extend(["--hostname", installer.host_name]) - - if installer.password: - args.extend(["--password", installer.password]) - nolog.append(installer.password) - else: - if installer.admin_password: - # Always set principal if password was set explicitly, - # the password itself gets passed directly via stdin - args.extend(["--principal", installer.principal or "admin"]) - stdin = installer.admin_password - if installer.keytab: - args.extend(["--keytab", installer.keytab]) - - if installer.no_dns_sshfp: - args.append("--no-dns-sshfp") - if installer.ssh_trust_dns: - args.append("--ssh-trust-dns") - if installer.no_ssh: - args.append("--no-ssh") - if installer.no_sshd: - args.append("--no-sshd") - if installer.mkhomedir: - args.append("--mkhomedir") - if installer.force_join: - args.append("--force-join") - ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True) print() - except Exception: + except ipautil.CalledProcessError: raise ScriptError("Configuration of client side components failed!")
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code