[Freeipa-devel] [freeipa PR#117][opened] Make ipa-replica-install run in interactive mode

stlaz Mon, 26 Sep 2016 04:24:07 -0700

   URL: https://github.com/freeipa/freeipa/pull/117
Author: stlaz
 Title: #117: Make ipa-replica-install run in interactive mode
Action: opened


PR body:
"""
ipa-replica-install would not run in interactive mode which confused some 
users. Make it run ipa-client-install in attended mode so that the required 
arguments are asked for instead of the installation just failing.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/117/head:pr117
git checkout pr117

From 675583898e37c24201b52e4a44ebcc5129c56f09 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 26 Sep 2016 12:43:24 +0200
Subject: [PATCH 1/2] replicainstall: don't assume default principal

If --admin-password is set during ipa-replica-install but
--principal is not, 'admin' is assumed. This is wrong and
it's not advertised anywhere so fail instead.

https://fedorahosted.org/freeipa/ticket/6068
---
 ipaserver/install/server/replicainstall.py | 77 +++++++++++++++---------------
 1 file changed, 39 insertions(+), 38 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index aefe158..92c2c64 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -918,47 +918,48 @@ def install(installer):
 
 
 def ensure_enrolled(installer):
-    config = installer._config
+    # Prepare options for the installer script
+    args = [paths.IPA_CLIENT_INSTALL, "--no-ntp"]
+    stdin = None
+
+    if installer.domain_name:
+        args.extend(["--domain", installer.domain_name])
+    if installer.server:
+        args.extend(["--server", installer.server])
+    if installer.realm_name:
+        args.extend(["--realm", installer.realm_name])
+    if installer.host_name:
+        args.extend(["--hostname", installer.host_name])
+    if installer.password:
+        args.extend(["--password", installer.password])
+    else:
+        if installer.principal:
+            args.extend(["--principal", installer.principal])
+        if installer.admin_password:
+            if installer.principal is None:
+                raise ScriptError("The --admin-password option must be used "
+                                  "with the --principal option.")
+            stdin = installer.admin_password
+        if installer.keytab:
+            args.extend(["--keytab", installer.keytab])
+
+    if installer.no_dns_sshfp:
+        args.append("--no-dns-sshfp")
+    if installer.ssh_trust_dns:
+        args.append("--ssh-trust-dns")
+    if installer.no_ssh:
+        args.append("--no-ssh")
+    if installer.no_sshd:
+        args.append("--no-sshd")
+    if installer.mkhomedir:
+        args.append("--mkhomedir")
 
-    # Call client install script
-    service.print_msg("Configuring client side components")
     try:
+        # Call client install script
+        service.print_msg("Configuring client side components")
+        # Set _enrollment_performed to True so that any mess left behind in
+        # case of an enrollment failure gets cleaned
         installer._enrollment_performed = True
-
-        args = [paths.IPA_CLIENT_INSTALL, "--unattended", "--no-ntp"]
-        stdin = None
-
-        if installer.domain_name:
-            args.extend(["--domain", installer.domain_name])
-        if installer.server:
-            args.extend(["--server", installer.server])
-        if installer.realm_name:
-            args.extend(["--realm", installer.realm_name])
-        if installer.host_name:
-            args.extend(["--hostname", installer.host_name])
-
-        if installer.password:
-            args.extend(["--password", installer.password])
-        else:
-            if installer.admin_password:
-                # Always set principal if password was set explicitly,
-                # the password itself gets passed directly via stdin
-                args.extend(["--principal", installer.principal or "admin"])
-                stdin = installer.admin_password
-            if installer.keytab:
-                args.extend(["--keytab", installer.keytab])
-
-        if installer.no_dns_sshfp:
-            args.append("--no-dns-sshfp")
-        if installer.ssh_trust_dns:
-            args.append("--ssh-trust-dns")
-        if installer.no_ssh:
-            args.append("--no-ssh")
-        if installer.no_sshd:
-            args.append("--no-sshd")
-        if installer.mkhomedir:
-            args.append("--mkhomedir")
-
         ipautil.run(args, stdin=stdin, redirect_output=True)
         print()
     except Exception:

From e3c8e772a3a3cfb348e72ebf913503643cd8ce91 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 26 Sep 2016 12:45:49 +0200
Subject: [PATCH 2/2] replicainstall: run client-install in attended mode by
 default

Running ipa-client-install in unattended mode during enrollment
process in ipa-replica-install only made everyone confused,
run it in attended mode by default instead.

https://fedorahosted.org/freeipa/ticket/6068
---
 ipaserver/install/server/replicainstall.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 92c2c64..0316259 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -922,6 +922,8 @@ def ensure_enrolled(installer):
     args = [paths.IPA_CLIENT_INSTALL, "--no-ntp"]
     stdin = None
 
+    if installer.unattended:
+        args.append("--unattended")
     if installer.domain_name:
         args.extend(["--domain", installer.domain_name])
     if installer.server:
@@ -939,7 +941,12 @@ def ensure_enrolled(installer):
             if installer.principal is None:
                 raise ScriptError("The --admin-password option must be used "
                                   "with the --principal option.")
-            stdin = installer.admin_password
+            if installer.unattended:
+                # Don't add the password to the options in unattended mode
+                # ==> it would also appear in the client install logs
+                stdin = installer.admin_password
+            else:
+                args.extend(["--password", installer.admin_password])
         if installer.keytab:
             args.extend(["--keytab", installer.keytab])
 
@@ -955,11 +962,11 @@ def ensure_enrolled(installer):
         args.append("--mkhomedir")
 
     try:
-        # Call client install script
         service.print_msg("Configuring client side components")
         # Set _enrollment_performed to True so that any mess left behind in
         # case of an enrollment failure gets cleaned
         installer._enrollment_performed = True
+        # Call client install script
         ipautil.run(args, stdin=stdin, redirect_output=True)
         print()
     except Exception:

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#117][opened] Make ipa-replica-install run in interactive mode

Reply via email to