Exemple #1
0
def enroll_dl0_replica(installer, fstore, remote_api, debug=False):
    """
    Do partial host enrollment in DL0:
        * add host entry to remote master
        * request host keytab from remote master
        * configure client-like /etc/krb5.conf to enable GSSAPI auth further
          down the replica installation
    """
    logger.info("Enrolling host to IPA domain")
    config = installer._config
    hostname = config.host_name

    try:
        installer._enrollment_performed = True
        host_result = remote_api.Command.host_add(
            unicode(config.host_name), force=installer.no_host_dns
        )['result']

        host_princ = unicode(host_result['krbcanonicalname'][0])
        purge_host_keytab(config.realm_name)

        getkeytab_args = [
            paths.IPA_GETKEYTAB,
            '-s', config.master_host_name,
            '-p', host_princ,
            '-D', unicode(ipaldap.DIRMAN_DN),
            '-w', config.dirman_password,
            '-k', paths.KRB5_KEYTAB,
            '--cacert', os.path.join(config.dir, 'ca.crt')
        ]
        ipautil.run(getkeytab_args, nolog=(config.dirman_password,))

        _hostname, _sep, host_domain = hostname.partition('.')

        fstore.backup_file(paths.KRB5_CONF)
        configure_krb5_conf(
            config.realm_name,
            config.domain_name,
            [config.master_host_name],
            [config.master_host_name],
            False,
            paths.KRB5_CONF,
            host_domain,
            hostname,
            configure_sssd=False
        )

    except CalledProcessError as e:
        raise RuntimeError("Failed to fetch host keytab: {}".format(e))
Exemple #2
0
def enroll_dl0_replica(installer, fstore, remote_api, debug=False):
    """
    Do partial host enrollment in DL0:
        * add host entry to remote master
        * request host keytab from remote master
        * configure client-like /etc/krb5.conf to enable GSSAPI auth further
          down the replica installation
    """
    logger.info("Enrolling host to IPA domain")
    config = installer._config
    hostname = config.host_name

    try:
        installer._enrollment_performed = True
        host_result = remote_api.Command.host_add(
            unicode(config.host_name), force=installer.no_host_dns
        )['result']

        host_princ = unicode(host_result['krbcanonicalname'][0])
        purge_host_keytab(config.realm_name)

        getkeytab_args = [
            paths.IPA_GETKEYTAB,
            '-s', config.master_host_name,
            '-p', host_princ,
            '-D', unicode(ipaldap.DIRMAN_DN),
            '-w', config.dirman_password,
            '-k', paths.KRB5_KEYTAB,
            '--cacert', os.path.join(config.dir, 'ca.crt')
        ]
        ipautil.run(getkeytab_args, nolog=(config.dirman_password,))

        _hostname, _sep, host_domain = hostname.partition('.')

        fstore.backup_file(paths.KRB5_CONF)
        configure_krb5_conf(
            config.realm_name,
            config.domain_name,
            [config.master_host_name],
            [config.master_host_name],
            False,
            paths.KRB5_CONF,
            host_domain,
            hostname,
            configure_sssd=False
        )

    except CalledProcessError as e:
        raise RuntimeError("Failed to fetch host keytab: {}".format(e))