def __mod_krb5_conf(self):
"""
Set dns_lookup_kdc to true and master_kdc in /etc/krb5.conf
"""
if not self.fqdn or not self.realm:
self.print_msg("Cannot modify /etc/krb5.conf")
krbconf = (
ipachangeconf.IPAChangeConf("IPA Installer"))
krbconf.setOptionAssignment((" = ", " "))
krbconf.setSectionNameDelimiters(("[", "]"))
krbconf.setSubSectionDelimiters(("{", "}"))
krbconf.setIndent(("", " ", " "))
libopts = [{'name':'dns_lookup_kdc', 'type':'option', 'action':'set',
'value':'true'}]
master_kdc = self.fqdn + ":88"
kropts = [{'name':'master_kdc', 'type':'option', 'action':'set',
'value':master_kdc}]
ropts = [{'name':self.realm, 'type':'subsection', 'action':'set',
'value':kropts}]
opts = [{'name':'libdefaults', 'type':'section', 'action':'set',
'value':libopts},
{'name':'realms', 'type':'section', 'action':'set',
'value':ropts}]
krbconf.changeConf(paths.KRB5_CONF, opts)
def configure_nfs(fstore, statestore, options):
"""
Configure secure NFS
"""
# Newer Fedora releases ship /etc/nfs.conf instead of /etc/sysconfig/nfs
# and do not require changes there. On these, SECURE_NFS_VAR == None
if constants.SECURE_NFS_VAR:
replacevars = {constants.SECURE_NFS_VAR: 'yes'}
ipautil.backup_config_and_replace_variables(
fstore, paths.SYSCONFIG_NFS, replacevars=replacevars
)
tasks.restore_context(paths.SYSCONFIG_NFS)
print("Configured %s" % paths.SYSCONFIG_NFS)
# Prepare the changes
# We need to use IPAChangeConf as simple regexp substitution
# does not cut it here
conf = ipachangeconf.IPAChangeConf("IPA automount installer")
conf.case_insensitive_sections = False
conf.setOptionAssignment(" = ")
conf.setSectionNameDelimiters(("[", "]"))
if options.idmapdomain is None:
# Set NFSv4 domain to the IPA domain
changes = [conf.setOption('Domain', api.env.domain)]
elif options.idmapdomain == 'DNS':
# Rely on idmapd auto-detection (DNS)
changes = [conf.rmOption('Domain')]
else:
# Set NFSv4 domain to what was provided
changes = [conf.setOption('Domain', options.idmapdomain)]
if changes is not None:
section_with_changes = [conf.setSection('General', changes)]
# Backup the file and apply the changes
fstore.backup_file(paths.IDMAPD_CONF)
conf.changeConf(paths.IDMAPD_CONF, section_with_changes)
tasks.restore_context(paths.IDMAPD_CONF)
print("Configured %s" % paths.IDMAPD_CONF)
rpcgssd = services.knownservices.rpcgssd
try:
rpcgssd.restart()
except Exception as e:
logger.error("Failed to restart rpc-gssd (%s)", str(e))
nfsutils = services.knownservices['nfs-utils']
try:
nfsutils.restart()
except Exception as e:
logger.error("Failed to restart nfs client services (%s)", str(e))