websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.0.5

Browse Source
This commit is contained in:
Mario Fetka
2021-07-25 07:50:50 +02:00
parent 8ff3be4216
commit 3bfaa6e020
2049 changed files with 317193 additions and 1632423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
install/tools/ipa-dns-install
View File

@@ -19,106 +19,55 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import print_function
from optparse import OptionGroup, SUPPRESS_HELP
import logging
import os
import sys
import krbV
from optparse import SUPPRESS_HELP # pylint: disable=deprecated-module
from ipaserver.install import bindinstance
from ipaserver.install import service, bindinstance, ntpinstance, httpinstance
from ipaserver.install.installutils import *
from ipaserver.install import installutils
from ipapython import version
from ipalib import api
from ipapython import ipautil, sysrestore
from ipalib import api, errors, util
from ipaplatform.paths import paths
from ipapython import ipautil
from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import standard_logging_setup
from ipaserver.install import dns as dns_installer
logger = logging.getLogger(os.path.basename(__file__))
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
log_file_name = paths.IPASERVER_INSTALL_LOG
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
parser.add_option("-p", "--ds-password", dest="dm_password",
sensitive=True, help=SUPPRESS_HELP)
sensitive=True, help="admin password")
parser.add_option("-d", "--debug", dest="debug", action="store_true",
default=False, help="print debugging information")
parser.add_option("--ip-address", dest="ip_addresses", metavar="IP_ADDRESS",
default=[], action="append",
type="ip",
help="Master Server IP Address. This option can be used "
"multiple times")
parser.add_option("--ip-address", dest="ip_address",
type="ip", ip_local=True, help="Master Server IP Address")
parser.add_option("--forwarder", dest="forwarders", action="append",
type="ip_with_loopback", help="Add a DNS forwarder. This option can be used multiple times")
type="ip", help="Add a DNS forwarder")
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
default=False, help="Do not add any DNS forwarders, use root servers instead")
parser.add_option("--auto-forwarders", dest="auto_forwarders",
action="store_true", default=False,
help="Use DNS forwarders configured in /etc/resolv.conf")
parser.add_option("--forward-policy", dest="forward_policy",
choices=("first", "only"), default=None,
help="DNS forwarding policy for global forwarders")
parser.add_option("--reverse-zone", dest="reverse_zones",
default=[], action="append", metavar="REVERSE_ZONE",
help="The reverse DNS zone to use. This option can be used multiple times")
parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
default=False, help="Do not create new reverse DNS zone")
parser.add_option("--auto-reverse", dest="auto_reverse", action="store_true",
default=False, help="Create necessary DNS zones")
parser.add_option("--allow-zone-overlap", dest="allow_zone_overlap",
action="store_true", default=False, help="Create DNS "
"zone even if it already exists")
parser.add_option("--no-dnssec-validation", dest="no_dnssec_validation", action="store_true",
default=False, help="Disable DNSSEC validation")
parser.add_option("--dnssec-master", dest="dnssec_master", action="store_true",
default=False, help="Setup server to be DNSSEC key master")
parser.add_option("--zonemgr", action="callback", callback=bindinstance.zonemgr_callback,
type="string",
help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN")
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
default=False, help="unattended installation never prompts the user")
parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master",
action="store_true", default=False, help="Disable the "
"DNSSEC master on this server")
parser.add_option("--kasp-db", dest="kasp_db_file", type="string",
metavar="FILE", action="store", help="Copy OpenDNSSEC "
"metadata from the specified file (will not create a new "
"kasp.db file)")
parser.add_option("--force", dest="force", action="store_true",
help="Force install")
options, _args = parser.parse_args()
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
if options.dnssec_master and options.disable_dnssec_master:
parser.error("Invalid combination of parameters: --dnssec-master and "
"--disable-dnssec-master")
if options.forwarders and options.no_forwarders:
parser.error("You cannot specify a --forwarder option together with --no-forwarders")
elif options.reverse_zones and options.no_reverse:
elif options.reverse_zone and options.no_reverse:
parser.error("You cannot specify a --reverse-zone option together with --no-reverse")
elif options.auto_reverse and options.no_reverse:
parser.error("You cannot specify a --auto-reverse option together with --no-reverse")
if options.unattended:
if (not options.forwarders
and not options.no_forwarders
and not options.auto_forwarders):
parser.error("You must specify at least one option: "
"--forwarder or --no-forwarders or --auto-forwarders")
if not options.forwarders and not options.no_forwarders:
parser.error("You must specify at least one --forwarder option or --no-forwarders option")
if options.kasp_db_file and not os.path.isfile(options.kasp_db_file):
parser.error("File %s does not exist" % options.kasp_db_file)
if options.dm_password:
print ("WARNING: Option -p/--ds-password is deprecated "
"and should not be used anymore.")
return safe_options, options
def main():
@@ -128,35 +77,161 @@ def main():
sys.exit("Must be root to setup server")
standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
print("\nThe log file for this installation can be found in %s" % log_file_name)
print "\nThe log file for this installation can be found in %s" % log_file_name
logger.debug('%s was invoked with options: %s', sys.argv[0], safe_options)
logger.debug("missing options might be asked for interactively later\n")
logger.debug('IPA version %s', version.VENDOR_VERSION)
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
installutils.check_server_configuration()
global fstore
fstore = sysrestore.FileStore(paths.SYSRESTORE)
print "=============================================================================="
print "This program will setup DNS for the FreeIPA Server."
print ""
print "This includes:"
print " * Configure DNS (bind)"
print ""
print "To accept the default shown in brackets, press the Enter key."
print ""
# Check bind packages are installed
if not bindinstance.check_inst(options.unattended):
sys.exit("Aborting installation.")
# Initialize the ipalib api
api.bootstrap(
context='install', confdir=paths.ETC_IPA,
in_server=True, debug=options.debug,
cfg = dict(
in_server=True,
debug=options.debug,
)
api.bootstrap(**cfg)
api.finalize()
api.Backend.ldap2.connect()
options.setup_ca = None # must be None to enable autodetection
if bindinstance.named_conf_exists():
sys.exit("\nDNS is already configured in this IPA server.")
dns_installer.install_check(True, api, False, options, hostname=api.env.host)
dns_installer.install(True, False, options)
# Create a BIND instance
if options.unattended and not options.dm_password:
sys.exit("\nIn unattended mode you need to provide at least the -p option")
# execute ipactl to refresh services status
ipautil.run(['ipactl', 'start', '--ignore-service-failures'],
raiseonerr=False)
dm_password = options.dm_password or read_password("Directory Manager",
confirm=False, validate=False)
if dm_password is None:
sys.exit("Directory Manager password required")
bind = bindinstance.BindInstance(fstore, dm_password)
api.Backend.ldap2.disconnect()
# try the connection
try:
bind.ldap_connect()
bind.ldap_disconnect()
except errors.ACIError:
sys.exit("Password is not valid!")
# Check we have a public IP that is associated with the hostname
if options.ip_address:
ip = options.ip_address
else:
hostaddr = resolve_host(api.env.host)
try:
if len(hostaddr) > 1:
print >> sys.stderr, "The server hostname resolves to more than one address:"
for addr in hostaddr:
print >> sys.stderr, " %s" % addr
if options.ip_address:
if str(options.ip_address) not in hostaddr:
print >> sys.stderr, "Address passed in --ip-address did not match any resolved"
print >> sys.stderr, "address!"
sys.exit(1)
print "Selected IP address:", str(options.ip_address)
ip = options.ip_address
else:
if options.unattended:
print >> sys.stderr, "Please use --ip-address option to specify the address"
sys.exit(1)
else:
ip = read_ip_address(api.env.host, fstore)
else:
ip = hostaddr and ipautil.CheckedIPAddress(hostaddr[0], match_local=True)
except Exception, e:
print "Error: Invalid IP Address %s: %s" % (ip, e)
ip = None
if not ip:
if options.unattended:
sys.exit("Unable to resolve IP address for host name")
else:
ip = read_ip_address(api.env.host, fstore)
ip_address = str(ip)
root_logger.debug("will use ip_address: %s\n", ip_address)
if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip):
sys.exit(1)
if options.no_forwarders:
dns_forwarders = ()
elif options.forwarders:
dns_forwarders = options.forwarders
else:
dns_forwarders = read_dns_forwarders()
root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders))
if bind.dm_password:
api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=bind.dm_password)
else:
# See if our LDAP server is up and we can talk to it over GSSAPI
ccache = krbV.default_context().default_ccache()
api.Backend.ldap2.connect(ccache)
if options.reverse_zone:
reverse_zone = bindinstance.normalize_zone(options.reverse_zone)
else:
reverse_zone = bindinstance.find_reverse_zone(ip)
if reverse_zone is None and not options.no_reverse:
if options.unattended:
reverse_zone = util.get_reverse_zone_default(ip)
elif bindinstance.create_reverse():
reverse_zone = util.get_reverse_zone_default(ip)
reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip)
if reverse_zone is not None:
print "Using reverse zone %s" % reverse_zone
conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
if not options.unattended:
print ""
print "The following operations may take some minutes to complete."
print "Please wait until the prompt is returned."
print ""
bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr)
bind.create_instance()
# Restart http instance to make sure that python-dns has the right resolver
# https://bugzilla.redhat.com/show_bug.cgi?id=800368
http = httpinstance.HTTPInstance(fstore)
service.print_msg("Restarting the web server")
http.restart()
print "=============================================================================="
print "Setup complete"
print ""
bind.check_global_configuration()
print ""
print ""
print "\tYou must make sure these network ports are open:"
print "\t\tTCP Ports:"
print "\t\t * 53: bind"
print "\t\tUDP Ports:"
print "\t\t * 53: bind"
return 0
if __name__ == '__main__':
installutils.run_script(main, log_file_name=log_file_name,
operation_name='ipa-dns-install')
with private_ccache():
installutils.run_script(main, log_file_name=log_file_name,
operation_name='ipa-dns-install')