subject:"\[Freeipa\-devel\] \[freeipa PR#691\]\[synchronized\] Add force\-join option to replica install"

[Freeipa-devel] [freeipa PR#691][synchronized] Add force-join option to replica install

2017-04-05 Thread stlaz

   URL: https://github.com/freeipa/freeipa/pull/691
Author: stlaz
 Title: #691: Add force-join option to replica install
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/691/head:pr691
git checkout pr691
From 90e8c0e7a20d3be6aee18928721de540f6c34bbc Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Wed, 5 Apr 2017 09:49:57 +0200
Subject: [PATCH 1/2] Add the force-join option to replica install

When installing client from inside replica installation on DL1,
it's possible that the client installation would fail and recommend
using --force-join option which is not available in replica installer.
Add the option there.

https://pagure.io/freeipa/issue/6183
---
 ipaserver/install/server/__init__.py   | 2 +-
 ipaserver/install/server/replicainstall.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index 89444f2..028a4aa 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -166,7 +166,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
 """
 description = "Server"
 
-force_join = False
 kinit_attempts = 1
 fixed_primary = True
 ntp_servers = None
@@ -526,6 +525,7 @@ class ServerMasterInstall(ServerMasterInstallInterface):
 Server master installer
 """
 
+force_join = False
 servers = None
 no_wait_for_dns = True
 host_password = None
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index f489e69..9fa6960 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -948,6 +948,8 @@ def ensure_enrolled(installer):
 args.append("--no-sshd")
 if installer.mkhomedir:
 args.append("--mkhomedir")
+if installer.force_join:
+args.append("--force-join")
 
 ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True)
 print()

From 630815740efb8d83de5f9141f111cbbf34e465cd Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Wed, 5 Apr 2017 09:57:44 +0200
Subject: [PATCH 2/2] replicainstall: better client install exception handling

The exception handling of client install inside replica installation
was rather promiscuous, hungrily eating any possible exception thrown
at it. Scoped down the try-except block and reduced its promiscuity.
This change should improve the future development experience debugging
this part of the code.

https://pagure.io/freeipa/issue/6183
---
 ipaserver/install/server/replicainstall.py | 83 +++---
 1 file changed, 41 insertions(+), 42 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 9fa6960..88a01be 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -908,52 +908,51 @@ def install_check(installer):
 
 
 def ensure_enrolled(installer):
-# Call client install script
-service.print_msg("Configuring client side components")
+args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"]
+stdin = None
+nolog = []
+
+if installer.domain_name:
+args.extend(["--domain", installer.domain_name])
+if installer.server:
+args.extend(["--server", installer.server])
+if installer.realm_name:
+args.extend(["--realm", installer.realm_name])
+if installer.host_name:
+args.extend(["--hostname", installer.host_name])
+
+if installer.password:
+args.extend(["--password", installer.password])
+nolog.append(installer.password)
+else:
+if installer.admin_password:
+# Always set principal if password was set explicitly,
+# the password itself gets passed directly via stdin
+args.extend(["--principal", installer.principal or "admin"])
+stdin = installer.admin_password
+if installer.keytab:
+args.extend(["--keytab", installer.keytab])
+
+if installer.no_dns_sshfp:
+args.append("--no-dns-sshfp")
+if installer.ssh_trust_dns:
+args.append("--ssh-trust-dns")
+if installer.no_ssh:
+args.append("--no-ssh")
+if installer.no_sshd:
+args.append("--no-sshd")
+if installer.mkhomedir:
+args.append("--mkhomedir")
+if installer.force_join:
+args.append("--force-join")
+
 try:
+# Call client install script
+service.print_msg("Configuring client side components")
 installer._enrollment_performed = True
-
-args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"]
-stdin = None
-nolog = []
-
-if installer.domain_name:
-args.extend(["--domain", installer.domain_name])
-if installer.server:
-a

[Freeipa-devel] [freeipa PR#691][synchronized] Add force-join option to replica install

2017-04-05 Thread stlaz

   URL: https://github.com/freeipa/freeipa/pull/691
Author: stlaz
 Title: #691: Add force-join option to replica install
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/691/head:pr691
git checkout pr691
From 6c160dd41b73287fee07345d673adf6e354c6378 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Wed, 5 Apr 2017 09:49:57 +0200
Subject: [PATCH 1/2] Add the force-join option to replica install

When installing client from inside replica installation on DL1,
it's possible that the client installation would fail and recommend
using --force-join option which is not available in replica installer.
Add the option there.

https://pagure.io/freeipa/issue/6183
---
 ipaserver/install/server/__init__.py   | 4 +++-
 ipaserver/install/server/replicainstall.py | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py
index 89444f2..98073f8 100644
--- a/ipaserver/install/server/__init__.py
+++ b/ipaserver/install/server/__init__.py
@@ -166,7 +166,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
 """
 description = "Server"
 
-force_join = False
 kinit_attempts = 1
 fixed_primary = True
 ntp_servers = None
@@ -526,6 +525,7 @@ class ServerMasterInstall(ServerMasterInstallInterface):
 Server master installer
 """
 
+force_join = False
 servers = None
 no_wait_for_dns = True
 host_password = None
@@ -595,6 +595,8 @@ class ServerReplicaInstall(ServerReplicaInstallInterface):
 subject_base = None
 ca_subject = None
 
+force_join = client.ClientInstallInterface.force_join
+
 admin_password = extend_knob(
 ServerReplicaInstallInterface.admin_password,
 description="Kerberos password for the specified admin principal",
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index f489e69..9fa6960 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -948,6 +948,8 @@ def ensure_enrolled(installer):
 args.append("--no-sshd")
 if installer.mkhomedir:
 args.append("--mkhomedir")
+if installer.force_join:
+args.append("--force-join")
 
 ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True)
 print()

From b1ebac074d4a8a6207d98cef7ab9162c01458b8b Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka 
Date: Wed, 5 Apr 2017 09:57:44 +0200
Subject: [PATCH 2/2] replicainstall: better client install exception handling

The exception handling of client install inside replica installation
was rather promiscuous, hungrily eating any possible exception thrown
at it. Scoped down the try-except block and reduced its promiscuity.
This change should improve the future development experience debugging
this part of the code.

https://pagure.io/freeipa/issue/6183
---
 ipaserver/install/server/replicainstall.py | 83 +++---
 1 file changed, 41 insertions(+), 42 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 9fa6960..88a01be 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -908,52 +908,51 @@ def install_check(installer):
 
 
 def ensure_enrolled(installer):
-# Call client install script
-service.print_msg("Configuring client side components")
+args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"]
+stdin = None
+nolog = []
+
+if installer.domain_name:
+args.extend(["--domain", installer.domain_name])
+if installer.server:
+args.extend(["--server", installer.server])
+if installer.realm_name:
+args.extend(["--realm", installer.realm_name])
+if installer.host_name:
+args.extend(["--hostname", installer.host_name])
+
+if installer.password:
+args.extend(["--password", installer.password])
+nolog.append(installer.password)
+else:
+if installer.admin_password:
+# Always set principal if password was set explicitly,
+# the password itself gets passed directly via stdin
+args.extend(["--principal", installer.principal or "admin"])
+stdin = installer.admin_password
+if installer.keytab:
+args.extend(["--keytab", installer.keytab])
+
+if installer.no_dns_sshfp:
+args.append("--no-dns-sshfp")
+if installer.ssh_trust_dns:
+args.append("--ssh-trust-dns")
+if installer.no_ssh:
+args.append("--no-ssh")
+if installer.no_sshd:
+args.append("--no-sshd")
+if installer.mkhomedir:
+args.append("--mkhomedir")
+if installer.force_join:
+args.append("--force-join")
+
 try:
+# Call client install script
+serv

[Freeipa-devel] [freeipa PR#691][synchronized] Add force-join option to replica install

[Freeipa-devel] [freeipa PR#691][synchronized] Add force-join option to replica install

2 matches

Site Navigation

Mail list logo

Footer information