def main(): import argparse import os from ipapython.ipa_log_manager import standard_logging_setup parser = argparse.ArgumentParser(__name__) if os.path.isfile(paths.IPA_CA_CRT): default_ca = paths.IPA_CA_CRT else: default_ca = None parser.add_argument('--ca-cert', default=default_ca) parser.add_argument('--debug', action='store_true') parser.add_argument('domain') args = parser.parse_args() standard_logging_setup(debug=args.debug) discover = IPADiscovery() result = discover.search(args.domain, ca_cert_path=args.ca_cert) for key in ['realm', 'domain', 'basedn', 'server', 'servers']: value = str(getattr(discover, key)) source_key = "{}_source".format(key) source = getattr(discover, source_key, None) if source is not None: print("{:<8} {:<32}\t({})".format(key, value, source)) else: print("{:<8} {:<32}".format(key, value)) parser.exit( abs(result), "{}\n".format(error_names.get(result, result)) )
def main(): import argparse import os from ipapython.ipa_log_manager import standard_logging_setup parser = argparse.ArgumentParser(__name__) if os.path.isfile(paths.IPA_CA_CRT): default_ca = paths.IPA_CA_CRT else: default_ca = None parser.add_argument('--ca-cert', default=default_ca) parser.add_argument('--debug', action='store_true') parser.add_argument('domain') args = parser.parse_args() standard_logging_setup(debug=args.debug) discover = IPADiscovery() result = discover.search(args.domain, ca_cert_path=args.ca_cert) for key in ['realm', 'domain', 'basedn', 'server', 'servers']: value = str(getattr(discover, key)) source_key = "{}_source".format(key) source = getattr(discover, source_key, None) if source is not None: print("{:<8} {:<32}\t({})".format(key, value, source)) else: print("{:<8} {:<32}".format(key, value)) parser.exit(abs(result), "{}\n".format(error_names.get(result, result)))
def _setup_logging(self, log_file_mode="w", no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name if self.options.verbose: console_format = "%(name)s: %(levelname)s: %(message)s" verbose = True debug = True else: console_format = "%(message)s" debug = False if self.options.quiet: verbose = False else: verbose = True ipa_log_manager.standard_logging_setup( log_file_name, console_format=console_format, filemode=log_file_mode, debug=debug, verbose=verbose ) self.log = ipa_log_manager.log_mgr.get_logger(self) if log_file_name: self.log.debug("Logging to %s" % log_file_name) elif not no_file: self.log.debug("Not logging to a file")
def setup_logging(self): ipa_log_manager.standard_logging_setup( self.log_file_name, console_format='%(levelname)s: %(message)s', debug=self.options.debug, filemode='a') ipa_log_manager.log_mgr.get_logger(self, True)
def _setup_logging(self, log_file_mode='w', no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name if self.options.verbose: console_format = '%(name)s: %(levelname)s: %(message)s' verbose = True debug = True else: console_format = '%(message)s' debug = False if self.options.quiet: verbose = False else: verbose = True standard_logging_setup( log_file_name, console_format=console_format, filemode=log_file_mode, debug=debug, verbose=verbose) if log_file_name: logger.debug('Logging to %s', log_file_name) elif not no_file: logger.debug('Not logging to a file')
def setup_logging(): # logger.setLevel(logging.DEBUG) standard_logging_setup(paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False, filemode='a', console_format='%(message)s')
def _setup_logging(self, log_file_mode='w', no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name if self.options.verbose: console_format = '%(name)s: %(levelname)s: %(message)s' verbose = True debug = True else: console_format = '%(message)s' debug = False if self.options.quiet: verbose = False else: verbose = True standard_logging_setup(log_file_name, console_format=console_format, filemode=log_file_mode, debug=debug, verbose=verbose) if log_file_name: logger.debug('Logging to %s', log_file_name) elif not no_file: logger.debug('Not logging to a file')
def _setup_logging(self, log_file_mode='w', no_file=False): log_file_name = None if no_file else self.log_file_name ipa_log_manager.standard_logging_setup(log_file_name, debug=self.options.verbose) self.log = ipa_log_manager.log_mgr.get_logger(self) if log_file_name: self.log.debug('Logging to %s' % log_file_name) elif not no_file: self.log.debug('Not logging to a file')
def main(): if os.getegid() != 0: sys.exit("Must be root to run this script") standard_logging_setup(verbose=True) # In 3.0, restarting needs access to api.env api.bootstrap_with_global_options(context='server', confdir=paths.ETC_IPA) add_ca_schema() restart_pki_ds() root_logger.info('Schema updated successfully')
def main(): if os.getegid() != 0: sys.exit("Must be root to run this script") standard_logging_setup(verbose=True) # In 3.0, restarting needs access to api.env (options, argv) = api.bootstrap_with_global_options(context='server') add_ca_schema() restart_pki_ds() root_logger.info('Schema updated successfully')
def main(): if os.getegid() != 0: sys.exit("Must be root to run this script") standard_logging_setup(verbose=True) # In 3.0, restarting needs access to api.env api.bootstrap_with_global_options(context="server", confdir=paths.ETC_IPA) add_ca_schema() restart_pki_ds() root_logger.info("Schema updated successfully")
def _setup_logging(self, log_file_mode="w", no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name ipa_log_manager.standard_logging_setup(log_file_name, debug=self.options.verbose) self.log = ipa_log_manager.log_mgr.get_logger(self) if log_file_name: self.log.debug("Logging to %s" % log_file_name) elif not no_file: self.log.debug("Not logging to a file")
def _setup_logging(self, log_file_mode='w', no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name ipa_log_manager.standard_logging_setup(log_file_name, debug=self.options.verbose) self.log = ipa_log_manager.log_mgr.get_logger(self) if log_file_name: self.log.debug('Logging to %s' % log_file_name) elif not no_file: self.log.debug('Not logging to a file')
def _setup_logging(self, log_file_mode='w', no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name standard_logging_setup(log_file_name, verbose=self.verbose, debug=self.options.verbose, console_format=self.console_format) if log_file_name: logger.debug('Logging to %s', log_file_name) elif not no_file: logger.debug('Not logging to a file')
def _setup_logging(self, log_file_mode='w', no_file=False): if no_file: log_file_name = None elif self.options.log_file: log_file_name = self.options.log_file else: log_file_name = self.log_file_name standard_logging_setup( log_file_name, verbose=self.verbose, debug=self.options.verbose, console_format=self.console_format) if log_file_name: logger.debug('Logging to %s', log_file_name) elif not no_file: logger.debug('Not logging to a file')
logger.debug("LDAP zones: %s", self.zl_ldap.mapping) def sync(self): """Synchronize list of zones in LDAP with ODS.""" zl_ods = self.get_ods_zonelist() logger.debug("ODS zones: %s", zl_ods.mapping) removed = self.diff_zl(zl_ods, self.zl_ldap) logger.info("Zones removed from LDAP: %s", removed) added = self.diff_zl(self.zl_ldap, zl_ods) logger.info("Zones added to LDAP: %s", added) for (uuid, name) in removed: self.del_ods_zone(name) for (uuid, name) in added: self.add_ods_zone(uuid, name) def diff_zl(self, s1, s2): """Compute zones present in s1 but not present in s2. Returns: List of (uuid, name) tuples with zones present only in s1.""" s1_extra = s1.uuids - s2.uuids removed = [(uuid, name) for (uuid, name) in s1.mapping.items() if uuid in s1_extra] return removed if __name__ == '__main__': ipa_log_manager.standard_logging_setup(debug=True) ods = ODSMgr() reader = ods.get_ods_zonelist() logger.info('ODS zones: %s', reader.mapping)
@property def zone_keypairs(self): if self.cache_zone_keypairs: return self.cache_zone_keypairs self.cache_zone_keypairs = self._filter_zone_keys( self._get_key_dict(Key, '(&(objectClass=ipk11PrivateKey)(objectClass=ipaPrivateKeyObject)(objectClass=ipk11PublicKey)(objectClass=ipaPublicKeyObject))')) return self.cache_zone_keypairs if __name__ == '__main__': # this is debugging mode # print information we think are useful to stdout # other garbage goes via logger to stderr ipa_log_manager.standard_logging_setup(debug=True) # IPA framework initialization # no logging to file ipalib.api.bootstrap(in_server=True, log=None, confdir=paths.ETC_IPA) ipalib.api.finalize() # LDAP initialization dns_dn = DN(ipalib.api.env.container_dns, ipalib.api.env.basedn) ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri) logger.debug('Connecting to LDAP') # GSSAPI will be used, used has to be kinited already ldap.gssapi_bind() logger.debug('Connected') ldapkeydb = LdapKeyDB(ldap, DN(('cn', 'keys'),
def run(): try: check_client_configuration() except ScriptError as e: print(e.msg) return e.rval fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) options, _args = parse_options() logfile = paths.IPACLIENTSAMBA_INSTALL_LOG if options.uninstall: logfile = paths.IPACLIENTSAMBA_UNINSTALL_LOG standard_logging_setup( logfile, verbose=False, debug=options.debug, filemode="a", console_format="%(message)s", ) cfg = dict( context="cli_installer", confdir=paths.ETC_IPA, in_server=False, debug=options.debug, verbose=0, ) # Bootstrap API early so that env object is available api.bootstrap(**cfg) local_config = dict( host_princ=str("host/%s@%s" % (api.env.host, api.env.realm)), smb_princ=str("cifs/%s@%s" % (api.env.host, api.env.realm)), ) # Until api.finalize() is called, we can add our own configuration api.env._merge(**local_config) if options.uninstall: if statestore.has_state("domain_member"): uninstall(fstore, statestore, options) try: keys = ("configured", "hardening", "groupmap", "tdb", "service.principal", "smb.conf") for key in keys: statestore.delete_state("domain_member", key) except Exception as e: print("Error: Failed to remove the domain_member statestores: " "%s" % e) return 1 else: print("Samba configuration is reverted. " "However, Samba databases were fully cleaned and " "old configuration file will not be usable anymore.") else: print("Samba domain member is not configured yet") return 0 ca_cert_path = None if os.path.exists(paths.IPA_CA_CRT): ca_cert_path = paths.IPA_CA_CRT if statestore.has_state("domain_member") and not options.force: print("Samba domain member is already configured") return CLIENT_ALREADY_CONFIGURED if not os.path.exists(paths.SMBD): print("Samba suite is not installed") return CLIENT_NOT_CONFIGURED autodiscover = False ds = discovery.IPADiscovery() if not options.server: print("Searching for IPA server...") ret = ds.search(ca_cert_path=ca_cert_path) logger.debug("Executing DNS discovery") if ret == discovery.NO_LDAP_SERVER: logger.debug("Autodiscovery did not find LDAP server") s = urlsplit(api.env.xmlrpc_uri) server = [s.netloc] logger.debug("Setting server to %s", s.netloc) else: autodiscover = True if not ds.servers: print( "Autodiscovery was successful but didn't return a server") return 1 logger.debug( "Autodiscovery success, possible servers %s", ",".join(ds.servers), ) server = ds.servers[0] else: server = options.server logger.debug("Verifying that %s is an IPA server", server) ldapret = ds.ipacheckldap(server, api.env.realm, ca_cert_path) if ldapret[0] == discovery.NO_ACCESS_TO_LDAP: print("Anonymous access to the LDAP server is disabled.") print("Proceeding without strict verification.") print("Note: This is not an error if anonymous access has been " "explicitly restricted.") elif ldapret[0] == discovery.NO_TLS_LDAP: logger.warning("Unencrypted access to LDAP is not supported.") elif ldapret[0] != 0: print("Unable to confirm that %s is an IPA server" % server) return 1 if not autodiscover: print("IPA server: %s" % server) logger.debug("Using fixed server %s", server) else: print("IPA server: DNS discovery") logger.info("Configured to use DNS discovery") if api.env.host == server: logger.error("Cannot run on IPA master. " "Cannot configure Samba as a domain member on a domain " "controller. Please use ipa-adtrust-install for that!") return 1 if not options.netbiosname: options.netbiosname = DNSName.from_text(api.env.host)[0].decode() options.netbiosname = options.netbiosname.upper() with use_api_as_principal(api.env.host_princ, paths.KRB5_KEYTAB): try: # Try to access 'service_add_smb' command, if it throws # AttributeError exception, the IPA server doesn't support # setting up Samba as a domain member. service_add_smb = api.Command.service_add_smb # Now try to see if SMB principal already exists api.Command.service_show(api.env.smb_princ) # If no exception was raised, the object exists. # We cannot continue because we would break existing configuration print("WARNING: SMB service principal %s already exists. " "Please remove it before proceeding." % (api.env.smb_princ)) if not options.force: return 1 # For --force, we should then delete cifs/.. service object api.Command.service_del(api.env.smb_princ) except AttributeError: logger.error( "Chosen IPA master %s does not have support to " "set up Samba domain members", server, ) return 1 except errors.VersionError as e: print("This client is incompatible: " + str(e)) return 1 except errors.NotFound: logger.debug("No SMB service principal exists, OK to proceed") except errors.PublicError as e: logger.error( "Cannot connect to the server due to " "a generic error: %s", e, ) return 1 # At this point we have proper setup: # - we connected to IPA API end-point as a host principal # - no cifs/... principal exists so we can create it print("Chosen IPA master: %s" % server) print("SMB principal to be created: %s" % api.env.smb_princ) print("NetBIOS name to be used: %s" % options.netbiosname) logger.info("Chosen IPA master: %s", server) logger.info("SMB principal to be created: %s", api.env.smb_princ) logger.info("NetBIOS name to be used: %s", options.netbiosname) # 1. Pull down ID range and other details of known domains domains = retrieve_domain_information(api) if len(domains) == 0: # logger.error() produces both log file and stderr output logger.error("No configured trust controller detected " "on IPA masters. Use ipa-adtrust-install on an IPA " "master to configure trust controller role.") return 1 str_info = pretty_print_domain_information(domains) logger.info("Discovered domains to use:\n%s", str_info) print("Discovered domains to use:\n%s" % str_info) if not options.unattended and not ipautil.user_input( "Continue to configure the system with these values?", False): print("Installation aborted") return 1 # 2. Create SMB service principal, if we are here, the command exists if (not statestore.get_state("domain_member", "service.principal") or options.force): service_add_smb(api.env.host, options.netbiosname) statestore.backup_state("domain_member", "service.principal", "configured") # 3. Generate machine account password for reuse password = generate_smb_machine_account(fstore, statestore, options, domains[0]) # 4. Now that we have all domains retrieved, we can generate smb.conf if (not statestore.get_state("domain_member", "smb.conf") or options.force): configure_smb_conf(fstore, statestore, options, domains) statestore.backup_state("domain_member", "smb.conf", "configured") # 5. Create SMB service if statestore.get_state("domain_member", "service.principal") == "configured": retrieve_service_principal(fstore, statestore, options, domains[0], api.env.smb_princ, password) statestore.backup_state("domain_member", "service.principal", "configured") # 6. Configure databases to contain proper details if not statestore.get_state("domain_member", "tdb") or options.force: populate_samba_databases(fstore, statestore, options, domains[0], password) statestore.backup_state("domain_member", "tdb", "configured") # 7. Configure default group mapping if (not statestore.get_state("domain_member", "groupmap") or options.force): configure_default_groupmap(fstore, statestore, options, domains[0]) statestore.backup_state("domain_member", "groupmap", "configured") # 8. Enable SELinux policies if (not statestore.get_state("domain_member", "hardening") or options.force): harden_configuration(fstore, statestore, options, domains[0]) statestore.backup_state("domain_member", "hardening", "configured") # 9. Finally, store the state of upgrade statestore.backup_state("domain_member", "configured", True) # Suggest service start only after validating smb.conf print("Samba domain member is configured. " "Please check configuration at %s and " "start smb and winbind services" % paths.SMB_CONF) logger.info( "Samba domain member is configured. " "Please check configuration at %s and " "start smb and winbind services", paths.SMB_CONF, ) return 0
def setup_logging(self): ipa_log_manager.standard_logging_setup(self.log_file_name, console_format='%(levelname)s: %(message)s', debug=self.options.debug, filemode='a') ipa_log_manager.log_mgr.get_logger(self, True)
if __name__ == '__main__': args = parser.parse_args() api.bootstrap(in_server=True, debug=args.debug, context='cert_check', confdir=paths.ETC_IPA) try: api.finalize() except errors.CCacheError: logger.error("admin level Kerberos credentials are required") sys.exit(1) if args.verbose: format = '%(levelname)s: %(message)s' else: format = '%(message)s' ipa_log_manager.standard_logging_setup(None, verbose=True, debug=args.verbose, console_format=format) logger.info('IPA version %s' % version.VENDOR_VERSION) if not installutils.is_ipa_configured(): logger.info("IPA is not configured") sys.exit(1) c = certcheck() sys.exit(c.run())
except ImportError: from ipaclient import ntpconf as timeconf time_service = "ntpd" try: from ipaclient.install.client import sync_time except ImportError: sync_time = None try: from ipaclient.install.client import check_ldap_conf except ImportError: check_ldap_conf = None try: from ipaclient.install.client import sssd_enable_ifp except ImportError: sssd_enable_ifp = None logger = logging.getLogger("ipa-client-install") standard_logging_setup( paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=False, filemode='a', console_format='%(message)s') root_logger = logger else: # IPA version < 4.4 raise Exception("freeipa version '%s' is too old" % VERSION)
def configure_automount(): try: check_client_configuration() except ScriptError as e: print(e.msg) sys.exit(e.rval) fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) options, _args = parse_options() standard_logging_setup( paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug, filemode='a', console_format='%(message)s', ) cfg = dict( context='cli_installer', confdir=paths.ETC_IPA, in_server=False, debug=options.debug, verbose=0, ) # Bootstrap API early so that env object is available api.bootstrap(**cfg) if options.uninstall: return uninstall(fstore, statestore) ca_cert_path = None if os.path.exists(paths.IPA_CA_CRT): ca_cert_path = paths.IPA_CA_CRT if statestore.has_state('autofs'): print('An automount location is already configured') sys.exit(CLIENT_ALREADY_CONFIGURED) autodiscover = False ds = ipadiscovery.IPADiscovery() if not options.server: print("Searching for IPA server...") ret = ds.search(ca_cert_path=ca_cert_path) logger.debug('Executing DNS discovery') if ret == ipadiscovery.NO_LDAP_SERVER: logger.debug('Autodiscovery did not find LDAP server') s = urlsplit(api.env.xmlrpc_uri) server = [s.netloc] logger.debug('Setting server to %s', s.netloc) else: autodiscover = True if not ds.servers: sys.exit( 'Autodiscovery was successful but didn\'t return a server' ) logger.debug( 'Autodiscovery success, possible servers %s', ','.join(ds.servers), ) server = ds.servers[0] else: server = options.server logger.debug("Verifying that %s is an IPA server", server) ldapret = ds.ipacheckldap(server, api.env.realm, ca_cert_path) if ldapret[0] == ipadiscovery.NO_ACCESS_TO_LDAP: print("Anonymous access to the LDAP server is disabled.") print("Proceeding without strict verification.") print( "Note: This is not an error if anonymous access has been " "explicitly restricted." ) elif ldapret[0] == ipadiscovery.NO_TLS_LDAP: logger.warning("Unencrypted access to LDAP is not supported.") elif ldapret[0] != 0: sys.exit('Unable to confirm that %s is an IPA server' % server) if not autodiscover: print("IPA server: %s" % server) logger.debug('Using fixed server %s', server) else: print("IPA server: DNS discovery") logger.debug('Configuring to use DNS discovery') print("Location: %s" % options.location) logger.debug('Using automount location %s', options.location) ccache_dir = tempfile.mkdtemp() ccache_name = os.path.join(ccache_dir, 'ccache') try: try: host_princ = str('host/%s@%s' % (api.env.host, api.env.realm)) kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name) os.environ['KRB5CCNAME'] = ccache_name except gssapi.exceptions.GSSError as e: sys.exit("Failed to obtain host TGT: %s" % e) # Finalize API when TGT obtained using host keytab exists api.finalize() # Now we have a TGT, connect to IPA try: api.Backend.rpcclient.connect() except errors.KerberosError as e: sys.exit('Cannot connect to the server due to ' + str(e)) try: # Use the RPC directly so older servers are supported api.Backend.rpcclient.forward( 'automountlocation_show', ipautil.fsdecode(options.location), version=u'2.0', ) except errors.VersionError as e: sys.exit('This client is incompatible: ' + str(e)) except errors.NotFound: sys.exit( "Automount location '%s' does not exist" % options.location ) except errors.PublicError as e: sys.exit( "Cannot connect to the server due to generic error: %s" % str(e) ) finally: shutil.rmtree(ccache_dir) if not options.unattended and not ipautil.user_input( "Continue to configure the system with these values?", False ): sys.exit("Installation aborted") try: if not options.sssd: tasks.enable_ldap_automount(statestore) configure_nfs(fstore, statestore, options) if options.sssd: configure_autofs_sssd(fstore, statestore, autodiscover, options) else: configure_xml(fstore) configure_autofs( fstore, statestore, autodiscover, server, options ) configure_autofs_common(fstore, statestore, options) except Exception as e: logger.debug('Raised exception %s', e) print("Installation failed. Rolling back changes.") uninstall(fstore, statestore) return 1 return 0
def setup_logging(self): """Set up logging""" ipa_log_manager.standard_logging_setup(self.log_file_name, debug=self.options.debug) ipa_log_manager.log_mgr.get_logger(self, True)