[Freeipa-devel] [freeipa PR#691][synchronized] Add force-join option to replica install
URL: https://github.com/freeipa/freeipa/pull/691 Author: stlaz Title: #691: Add force-join option to replica install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/691/head:pr691 git checkout pr691 From 90e8c0e7a20d3be6aee18928721de540f6c34bbc Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 5 Apr 2017 09:49:57 +0200 Subject: [PATCH 1/2] Add the force-join option to replica install When installing client from inside replica installation on DL1, it's possible that the client installation would fail and recommend using --force-join option which is not available in replica installer. Add the option there. https://pagure.io/freeipa/issue/6183 --- ipaserver/install/server/__init__.py | 2 +- ipaserver/install/server/replicainstall.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py index 89444f2..028a4aa 100644 --- a/ipaserver/install/server/__init__.py +++ b/ipaserver/install/server/__init__.py @@ -166,7 +166,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface, """ description = "Server" -force_join = False kinit_attempts = 1 fixed_primary = True ntp_servers = None @@ -526,6 +525,7 @@ class ServerMasterInstall(ServerMasterInstallInterface): Server master installer """ +force_join = False servers = None no_wait_for_dns = True host_password = None diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index f489e69..9fa6960 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -948,6 +948,8 @@ def ensure_enrolled(installer): args.append("--no-sshd") if installer.mkhomedir: args.append("--mkhomedir") +if installer.force_join: +args.append("--force-join") ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True) print() From 630815740efb8d83de5f9141f111cbbf34e465cd Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 5 Apr 2017 09:57:44 +0200 Subject: [PATCH 2/2] replicainstall: better client install exception handling The exception handling of client install inside replica installation was rather promiscuous, hungrily eating any possible exception thrown at it. Scoped down the try-except block and reduced its promiscuity. This change should improve the future development experience debugging this part of the code. https://pagure.io/freeipa/issue/6183 --- ipaserver/install/server/replicainstall.py | 83 +++--- 1 file changed, 41 insertions(+), 42 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 9fa6960..88a01be 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -908,52 +908,51 @@ def install_check(installer): def ensure_enrolled(installer): -# Call client install script -service.print_msg("Configuring client side components") +args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"] +stdin = None +nolog = [] + +if installer.domain_name: +args.extend(["--domain", installer.domain_name]) +if installer.server: +args.extend(["--server", installer.server]) +if installer.realm_name: +args.extend(["--realm", installer.realm_name]) +if installer.host_name: +args.extend(["--hostname", installer.host_name]) + +if installer.password: +args.extend(["--password", installer.password]) +nolog.append(installer.password) +else: +if installer.admin_password: +# Always set principal if password was set explicitly, +# the password itself gets passed directly via stdin +args.extend(["--principal", installer.principal or "admin"]) +stdin = installer.admin_password +if installer.keytab: +args.extend(["--keytab", installer.keytab]) + +if installer.no_dns_sshfp: +args.append("--no-dns-sshfp") +if installer.ssh_trust_dns: +args.append("--ssh-trust-dns") +if installer.no_ssh: +args.append("--no-ssh") +if installer.no_sshd: +args.append("--no-sshd") +if installer.mkhomedir: +args.append("--mkhomedir") +if installer.force_join: +args.append("--force-join") + try: +# Call client install script +service.print_msg("Configuring client side components") installer._enrollment_performed = True - -args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"] -stdin = None -nolog = [] - -if installer.domain_name: -args.extend(["--domain", installer.domain_name]) -if installer.server: -a
[Freeipa-devel] [freeipa PR#691][synchronized] Add force-join option to replica install
URL: https://github.com/freeipa/freeipa/pull/691 Author: stlaz Title: #691: Add force-join option to replica install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/691/head:pr691 git checkout pr691 From 6c160dd41b73287fee07345d673adf6e354c6378 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 5 Apr 2017 09:49:57 +0200 Subject: [PATCH 1/2] Add the force-join option to replica install When installing client from inside replica installation on DL1, it's possible that the client installation would fail and recommend using --force-join option which is not available in replica installer. Add the option there. https://pagure.io/freeipa/issue/6183 --- ipaserver/install/server/__init__.py | 4 +++- ipaserver/install/server/replicainstall.py | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py index 89444f2..98073f8 100644 --- a/ipaserver/install/server/__init__.py +++ b/ipaserver/install/server/__init__.py @@ -166,7 +166,6 @@ class ServerInstallInterface(ServerCertificateInstallInterface, """ description = "Server" -force_join = False kinit_attempts = 1 fixed_primary = True ntp_servers = None @@ -526,6 +525,7 @@ class ServerMasterInstall(ServerMasterInstallInterface): Server master installer """ +force_join = False servers = None no_wait_for_dns = True host_password = None @@ -595,6 +595,8 @@ class ServerReplicaInstall(ServerReplicaInstallInterface): subject_base = None ca_subject = None +force_join = client.ClientInstallInterface.force_join + admin_password = extend_knob( ServerReplicaInstallInterface.admin_password, description="Kerberos password for the specified admin principal", diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index f489e69..9fa6960 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -948,6 +948,8 @@ def ensure_enrolled(installer): args.append("--no-sshd") if installer.mkhomedir: args.append("--mkhomedir") +if installer.force_join: +args.append("--force-join") ipautil.run(args, stdin=stdin, nolog=nolog, redirect_output=True) print() From b1ebac074d4a8a6207d98cef7ab9162c01458b8b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 5 Apr 2017 09:57:44 +0200 Subject: [PATCH 2/2] replicainstall: better client install exception handling The exception handling of client install inside replica installation was rather promiscuous, hungrily eating any possible exception thrown at it. Scoped down the try-except block and reduced its promiscuity. This change should improve the future development experience debugging this part of the code. https://pagure.io/freeipa/issue/6183 --- ipaserver/install/server/replicainstall.py | 83 +++--- 1 file changed, 41 insertions(+), 42 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 9fa6960..88a01be 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -908,52 +908,51 @@ def install_check(installer): def ensure_enrolled(installer): -# Call client install script -service.print_msg("Configuring client side components") +args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"] +stdin = None +nolog = [] + +if installer.domain_name: +args.extend(["--domain", installer.domain_name]) +if installer.server: +args.extend(["--server", installer.server]) +if installer.realm_name: +args.extend(["--realm", installer.realm_name]) +if installer.host_name: +args.extend(["--hostname", installer.host_name]) + +if installer.password: +args.extend(["--password", installer.password]) +nolog.append(installer.password) +else: +if installer.admin_password: +# Always set principal if password was set explicitly, +# the password itself gets passed directly via stdin +args.extend(["--principal", installer.principal or "admin"]) +stdin = installer.admin_password +if installer.keytab: +args.extend(["--keytab", installer.keytab]) + +if installer.no_dns_sshfp: +args.append("--no-dns-sshfp") +if installer.ssh_trust_dns: +args.append("--ssh-trust-dns") +if installer.no_ssh: +args.append("--no-ssh") +if installer.no_sshd: +args.append("--no-sshd") +if installer.mkhomedir: +args.append("--mkhomedir") +if installer.force_join: +args.append("--force-join") + try: +# Call client install script +serv