websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 4.8.10-2

Browse Source
This commit is contained in:
Timo Aaltonen
2020-11-23 20:48:56 +02:00
committed by Mario Fetka
parent 8bc559c5a1
commit 358acdd85f
917 changed files with 1185414 additions and 1069733 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
ipaserver/install/server/__init__.py
View File

@@ -5,30 +5,25 @@
"""
Server installer module
"""
from __future__ import print_function
import collections
import os.path
import random
from ipaclient.install import client
from ipalib import constants
from ipalib.util import validate_domain_name
from ipalib.install import service
from ipalib.install.service import (enroll_only,
installs_master,
installs_replica,
master_install_only,
prepares,
prepare_only,
replica_install_only)
from ipapython import ipautil
from ipapython.dnsutil import check_zone_overlap
from ipapython.install import typing
from ipapython.install.core import group, knob, extend_knob
from ipapython.install.common import step
from .install import validate_admin_password, validate_dm_password
from .install import get_min_idstart
from .install import init as master_init
from .install import install as master_install
from .install import install_check as master_install_check
@@ -237,6 +232,13 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
)
master_password = master_install_only(master_password)
hidden_replica = knob(
None,
cli_names='--hidden-replica',
description="Install a hidden replica",
)
hidden_replica = replica_install_only(hidden_replica)
domain_level = knob(
int, constants.MAX_DOMAIN_LEVEL,
description="IPA domain level",
@@ -278,6 +280,11 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
)
setup_dns = enroll_only(setup_dns)
@setup_dns.validator
def setup_dns(self, value):
if value:
dns.package_check(ValueError)
idstart = knob(
int, random.randint(1, 10000) * 200000,
description="The starting value for the IDs range (default random)",
@@ -323,6 +330,12 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
)
dirsrv_config_file = enroll_only(dirsrv_config_file)
skip_mem_check = knob(
None,
description="Skip checking for minimum required memory",
)
skip_mem_check = enroll_only(skip_mem_check)
@dirsrv_config_file.validator
def dirsrv_config_file(self, value):
if not os.path.exists(value):
@@ -445,7 +458,7 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
"You cannot specify --external-ca-profile without "
"--external-ca")
if self.uninstalling:
if self.uninstalling: # pylint: disable=using-constant-test
if (self.realm_name or self.admin_password or
self.master_password):
raise RuntimeError(
@@ -472,6 +485,15 @@ class ServerInstallInterface(ServerCertificateInstallInterface,
"'--ignore-topology-disconnect/--ignore-last-of-role' "
"options can be used only during uninstallation")
min_idstart = get_min_idstart()
if self.idstart < min_idstart:
raise RuntimeError(
"idstart (%i) must be larger than UID_MAX/GID_MAX (%i) "
"setting in /etc/login.defs." % (
self.idstart, min_idstart
)
)
if self.idmax < self.idstart:
raise RuntimeError(
"idmax (%s) cannot be smaller than idstart (%s)" %
@@ -513,10 +535,13 @@ class ServerMasterInstall(ServerMasterInstallInterface):
@domain_name.validator
def domain_name(self, value):
if (self.setup_dns and
not self.allow_zone_overlap):
print("Checking DNS domain %s, please wait ..." % value)
check_zone_overlap(value, False)
# There might be an overlap but at this point we don't have
# complete installer object to verify that DNS is hosted
# by the same machine (i.e. we are already installed).
# Later, DNS.install_check will do its zone overlap check
# and will make sure to fail if overlap does really exist.
# At this point we only verify that value is a valid DNS syntax.
validate_domain_name(value)
dm_password = extend_knob(
ServerMasterInstallInterface.dm_password,