URL: https://github.com/freeipa/freeipa/pull/117 Author: stlaz Title: #117: Make ipa-replica-install run in interactive mode Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/117/head:pr117 git checkout pr117
From 30d1e65e23ca099f91f2c43f2d57127cc66c142c Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 26 Sep 2016 12:43:24 +0200 Subject: [PATCH 1/2] replicainstall: don't assume default principal If --admin-password is set during ipa-replica-install but --principal is not, 'admin' is assumed. This is wrong and it's not advertised anywhere so fail instead. https://fedorahosted.org/freeipa/ticket/6068 --- ipaserver/install/server/replicainstall.py | 77 +++++++++++++++--------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index aefe158..65ea6bb 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -918,47 +918,48 @@ def install(installer): def ensure_enrolled(installer): - config = installer._config + # Prepare options for the installer script + args = [paths.IPA_CLIENT_INSTALL, "--no-ntp"] + stdin = None + + if installer.domain_name: + args.extend(["--domain", installer.domain_name]) + if installer.server: + args.extend(["--server", installer.server]) + if installer.realm_name: + args.extend(["--realm", installer.realm_name]) + if installer.host_name: + args.extend(["--hostname", installer.host_name]) + if installer.password: + args.extend(["--password", installer.password]) + else: + if installer.principal: + args.extend(["--principal", installer.principal]) + if installer.admin_password: + if installer.principal is None: + raise ScriptError("The --admin-password option must be used " + "with the --principal option.") + stdin = installer.admin_password + if installer.keytab: + args.extend(["--keytab", installer.keytab]) + + if installer.no_dns_sshfp: + args.append("--no-dns-sshfp") + if installer.ssh_trust_dns: + args.append("--ssh-trust-dns") + if installer.no_ssh: + args.append("--no-ssh") + if installer.no_sshd: + args.append("--no-sshd") + if installer.mkhomedir: + args.append("--mkhomedir") - # Call client install script - service.print_msg("Configuring client side components") try: + service.print_msg("Configuring client side components") + # Set _enrollment_performed to True so that any mess left behind in + # case of an enrollment failure gets cleaned installer._enrollment_performed = True - - args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"] - stdin = None - - if installer.domain_name: - args.extend(["--domain", installer.domain_name]) - if installer.server: - args.extend(["--server", installer.server]) - if installer.realm_name: - args.extend(["--realm", installer.realm_name]) - if installer.host_name: - args.extend(["--hostname", installer.host_name]) - - if installer.password: - args.extend(["--password", installer.password]) - else: - if installer.admin_password: - # Always set principal if password was set explicitly, - # the password itself gets passed directly via stdin - args.extend(["--principal", installer.principal or "admin"]) - stdin = installer.admin_password - if installer.keytab: - args.extend(["--keytab", installer.keytab]) - - if installer.no_dns_sshfp: - args.append("--no-dns-sshfp") - if installer.ssh_trust_dns: - args.append("--ssh-trust-dns") - if installer.no_ssh: - args.append("--no-ssh") - if installer.no_sshd: - args.append("--no-sshd") - if installer.mkhomedir: - args.append("--mkhomedir") - + # Call client install script ipautil.run(args, stdin=stdin, redirect_output=True) print() except Exception: From 13c6d00733be4235b171348e00b06cb3387b025c Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 26 Sep 2016 12:45:49 +0200 Subject: [PATCH 2/2] replicainstall: run client-install in attended mode by default Running ipa-client-install in unattended mode during enrollment process in ipa-replica-install only made everyone confused, run it in attended mode by default instead. https://fedorahosted.org/freeipa/ticket/6068 --- ipaserver/install/server/replicainstall.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 65ea6bb..3d1cb28 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -920,8 +920,10 @@ def install(installer): def ensure_enrolled(installer): # Prepare options for the installer script args = [paths.IPA_CLIENT_INSTALL, "--no-ntp"] - stdin = None + nolog = () + if installer.unattended: + args.append("--unattended") if installer.domain_name: args.extend(["--domain", installer.domain_name]) if installer.server: @@ -939,7 +941,8 @@ def ensure_enrolled(installer): if installer.principal is None: raise ScriptError("The --admin-password option must be used " "with the --principal option.") - stdin = installer.admin_password + nolog = (installer.admin_password, ) + args.extend(["--password", installer.admin_password]) if installer.keytab: args.extend(["--keytab", installer.keytab]) @@ -960,7 +963,7 @@ def ensure_enrolled(installer): # case of an enrollment failure gets cleaned installer._enrollment_performed = True # Call client install script - ipautil.run(args, stdin=stdin, redirect_output=True) + ipautil.run(args, nolog=nolog, redirect_output=True) print() except Exception: raise ScriptError("Configuration of client side components failed!")
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
