[Freeipa-devel] [freeipa PR#215][synchronized] Add script to setup krb5 NFS exports

2016-11-14 Thread jumitche 
   URL: https://github.com/freeipa/freeipa/pull/215
Author: jumitche
 Title: #215: Add script to setup krb5 NFS exports
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/215/head:pr215
git checkout pr215
From 99c8c50dd7f1cf106b9480c1805339eb2382f18c Mon Sep 17 00:00:00 2001
From: Justin Mitchell 
Date: Tue, 8 Nov 2016 11:15:57 +
Subject: [PATCH 1/3] Add script to setup krb5 NFS exports

---
 client/Makefile.am  |   1 +
 client/ipa-client-nfsexport | 814 
 freeipa.spec.in |   1 +
 3 files changed, 816 insertions(+)
 create mode 100755 client/ipa-client-nfsexport

diff --git a/client/Makefile.am b/client/Makefile.am
index 30adafd..8996fd5 100644
--- a/client/Makefile.am
+++ b/client/Makefile.am
@@ -45,6 +45,7 @@ sbin_PROGRAMS =			\
 sbin_SCRIPTS =			\
 	ipa-client-install	\
 	ipa-client-automount	\
+	ipa-client-nfsexport	\
 	ipa-certupdate		\
 	$(NULL)
 
diff --git a/client/ipa-client-nfsexport b/client/ipa-client-nfsexport
new file mode 100755
index 000..ef47942
--- /dev/null
+++ b/client/ipa-client-nfsexport
@@ -0,0 +1,814 @@
+#!/usr/bin/python -E
+#
+# Configure an IPA/AD client system to serve Kerberos NFS4
+#
+# Author: Justin Mitchell 
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+#
+## Clients must also do:
+# ipa service-add nfs/client.mydomain
+# ipa-getkeytab -s ipa.mydomain -p nfs/client.mydomain -k /etc/krb5.keytab
+# systemctl start nfs-client.target
+# optionally: ipa-client-automount
+
+from __future__ import print_function
+
+try:
+import sys
+import os
+import time
+import tempfile
+import dns
+import socket
+import netaddr
+import logging
+import subprocess
+import tempfile
+import ConfigParser
+import re
+
+from dns import resolver, rdatatype
+from dns.exception import DNSException
+from argparse import ArgumentParser
+from subprocess import CalledProcessError, check_output, check_call
+
+except ImportError as e:
+print("""\
+There was a problem importing one of the required Python modules. The
+error was:
+
+%s
+""" % e, file=sys.stderr)
+sys.exit(1)
+
+
+class Paths:
+"""Collection of pathnames and executables to use"""
+IPA_CLI = "/usr/bin/ipa"
+IPA_GETKEYTAB = "/usr/sbin/ipa-getkeytab"
+KLIST = "/usr/bin/klist"
+KINIT = "/usr/bin/kinit"
+IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
+RESOLV_CONF = "/etc/resolv.conf"
+EXPORTS = "/var/lib/nfs/etab"
+KEYTAB = "/etc/krb5.keytab"
+EXPORTSFILE = "/etc/exports.d/krb5.exports"
+EXPORTFS = "/usr/sbin/exportfs"
+SYSTEMCTL = "/usr/bin/systemctl"
+IPACONFIG = "/etc/ipa/default.conf"
+KRB5CONFIG = "/etc/krb5.conf"
+DNF = "/usr/bin/dnf"
+
+
+def parse_options():
+parser = ArgumentParser()
+
+parser.add_argument("--domain", dest="domain", help="domain name")
+parser.add_argument("--server", dest="server", help="IPA server", action="append")
+parser.add_argument("--export", dest="exports", help="NFS mount exports", action="append")
+parser.add_argument("--realm", dest="realm", help="realm name")
+parser.add_argument("--hostname", dest="hostname", help="The hostname of this machine (FQDN)")
+parser.add_argument("--username", dest="username", help="Kerberos Username")
+parser.add_argument("--force", action="store_true", 
+help="Perform actions even if unneccessary")
+parser.add_argument("-v", "--verbose", help="Increase Verbosity", action="count")
+parser.add_argument("--automount", dest="automount", default=None, action="store_true", 
+help="Configure mounts for automount use")
+parser.add_argument("--noautomount", dest="automount", default=None, action="store_false", 
+help="Do not configure mounts for automount use")
+
+options = parser.parse_args()
+
+if options.verbose > 0:
+logging.getLogger().setLevel(logging.DEBUG)
+
+return options
+
+
+def have_keytab( hostname, service='host', realm=None ):
+"""Test if we have been configured for any realm by the existance
+of a host key in the default keytab"""
+
+principal = '%s/%s' % (service, hostname)
+if realm:
+

[Freeipa-devel] [freeipa PR#215][synchronized] Add script to setup krb5 NFS exports

2016-11-10 Thread jumitche 
   URL: https://github.com/freeipa/freeipa/pull/215
Author: jumitche
 Title: #215: Add script to setup krb5 NFS exports
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/215/head:pr215
git checkout pr215
From 99c8c50dd7f1cf106b9480c1805339eb2382f18c Mon Sep 17 00:00:00 2001
From: Justin Mitchell 
Date: Tue, 8 Nov 2016 11:15:57 +
Subject: [PATCH 1/2] Add script to setup krb5 NFS exports

---
 client/Makefile.am  |   1 +
 client/ipa-client-nfsexport | 814 
 freeipa.spec.in |   1 +
 3 files changed, 816 insertions(+)
 create mode 100755 client/ipa-client-nfsexport

diff --git a/client/Makefile.am b/client/Makefile.am
index 30adafd..8996fd5 100644
--- a/client/Makefile.am
+++ b/client/Makefile.am
@@ -45,6 +45,7 @@ sbin_PROGRAMS =			\
 sbin_SCRIPTS =			\
 	ipa-client-install	\
 	ipa-client-automount	\
+	ipa-client-nfsexport	\
 	ipa-certupdate		\
 	$(NULL)
 
diff --git a/client/ipa-client-nfsexport b/client/ipa-client-nfsexport
new file mode 100755
index 000..ef47942
--- /dev/null
+++ b/client/ipa-client-nfsexport
@@ -0,0 +1,814 @@
+#!/usr/bin/python -E
+#
+# Configure an IPA/AD client system to serve Kerberos NFS4
+#
+# Author: Justin Mitchell 
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+#
+## Clients must also do:
+# ipa service-add nfs/client.mydomain
+# ipa-getkeytab -s ipa.mydomain -p nfs/client.mydomain -k /etc/krb5.keytab
+# systemctl start nfs-client.target
+# optionally: ipa-client-automount
+
+from __future__ import print_function
+
+try:
+import sys
+import os
+import time
+import tempfile
+import dns
+import socket
+import netaddr
+import logging
+import subprocess
+import tempfile
+import ConfigParser
+import re
+
+from dns import resolver, rdatatype
+from dns.exception import DNSException
+from argparse import ArgumentParser
+from subprocess import CalledProcessError, check_output, check_call
+
+except ImportError as e:
+print("""\
+There was a problem importing one of the required Python modules. The
+error was:
+
+%s
+""" % e, file=sys.stderr)
+sys.exit(1)
+
+
+class Paths:
+"""Collection of pathnames and executables to use"""
+IPA_CLI = "/usr/bin/ipa"
+IPA_GETKEYTAB = "/usr/sbin/ipa-getkeytab"
+KLIST = "/usr/bin/klist"
+KINIT = "/usr/bin/kinit"
+IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
+RESOLV_CONF = "/etc/resolv.conf"
+EXPORTS = "/var/lib/nfs/etab"
+KEYTAB = "/etc/krb5.keytab"
+EXPORTSFILE = "/etc/exports.d/krb5.exports"
+EXPORTFS = "/usr/sbin/exportfs"
+SYSTEMCTL = "/usr/bin/systemctl"
+IPACONFIG = "/etc/ipa/default.conf"
+KRB5CONFIG = "/etc/krb5.conf"
+DNF = "/usr/bin/dnf"
+
+
+def parse_options():
+parser = ArgumentParser()
+
+parser.add_argument("--domain", dest="domain", help="domain name")
+parser.add_argument("--server", dest="server", help="IPA server", action="append")
+parser.add_argument("--export", dest="exports", help="NFS mount exports", action="append")
+parser.add_argument("--realm", dest="realm", help="realm name")
+parser.add_argument("--hostname", dest="hostname", help="The hostname of this machine (FQDN)")
+parser.add_argument("--username", dest="username", help="Kerberos Username")
+parser.add_argument("--force", action="store_true", 
+help="Perform actions even if unneccessary")
+parser.add_argument("-v", "--verbose", help="Increase Verbosity", action="count")
+parser.add_argument("--automount", dest="automount", default=None, action="store_true", 
+help="Configure mounts for automount use")
+parser.add_argument("--noautomount", dest="automount", default=None, action="store_false", 
+help="Do not configure mounts for automount use")
+
+options = parser.parse_args()
+
+if options.verbose > 0:
+logging.getLogger().setLevel(logging.DEBUG)
+
+return options
+
+
+def have_keytab( hostname, service='host', realm=None ):
+"""Test if we have been configured for any realm by the existance
+of a host key in the default keytab"""
+
+principal = '%s/%s' % (service, hostname)
+if realm:
+