def get_server_school_roles(hostname, address, username, password):
MODULE.process('univention-join:school: get_server_school_roles(%r, %r, %r, %r)' % (hostname, address, username, '$PASSWORD', ))
school_roles = []
with _temporary_password_file(password) as password_file:
try:
ldap_base = subprocess.check_output([
'univention-ssh',
password_file,
'%s@%s' % (username, address),
'/usr/sbin/univention-config-registry',
'get',
'ldap/base'
]).strip()
remote_cmd = ' '.join(pipes.quote(x) for x in [
'univention-ldapsearch',
'-D',
'cn=admin,{}'.format(ldap_base),
'-y',
'/etc/ldap.secret',
'-LLL',
'(uid={}$)'.format(hostname),
'ucsschoolRole',
])
school_roles = subprocess.check_output([
'univention-ssh',
'--no-split',
password_file,
'%s@%s' % (username, address),
remote_cmd,
]).strip().splitlines()[1:]
school_roles = [role.split()[-1] for role in school_roles]
except (subprocess.CalledProcessError, IndexError) as exc:
MODULE.error('univention-join:school: Could not query Primary Directory Node for ucsschoolRole: %s' % (exc,))
MODULE.process('univention-join:school: get_server_school_roles = %r' % (school_roles, ))
return school_roles
def check_domain_has_activated_license(address, username, password):
appliance_name = UCR.get("umc/web/appliance/name")
if not appliance_name:
return # the license must only be checked in an appliance scenario
valid_license = True
error = None
with _temporary_password_file(password) as password_file:
try:
license_uuid = subprocess.check_output([
'univention-ssh',
password_file,
'%s@%s' % (username, address),
'/usr/sbin/ucr',
'get',
'uuid/license'
], stderr=subprocess.STDOUT).rstrip()
except subprocess.CalledProcessError as exc:
valid_license = False
error = exc.output
else:
valid_license = len(license_uuid) == 36
error = _('The license %s is not valid.') % (license_uuid,)
if not valid_license:
raise UMC_Error(
_('To install the {appliance_name} appliance it is necessary to have an activated UCS license on the Primary Directory Node.').format(appliance_name=appliance_name) + ' ' +
_('During the check of the license status the following error occurred:\n{error}''').format(error=error)
)
def set_role_and_check_if_join_will_work(role, master_fqdn, admin_username, admin_password):
orig_role = UCR.get('server/role')
try:
univention.config_registry.handler_set(['server/role=%s' % (role,)])
with _temporary_password_file(admin_password) as password_file:
p1 = subprocess.Popen([
'univention-join',
'-dcname', master_fqdn,
'-dcaccount', admin_username,
'-dcpwd', password_file,
'-checkPrerequisites'
], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True)
stdout, stderr = p1.communicate()
if p1.returncode != 0:
messages = [line[11:] for line in stdout.split('\n') if line.startswith("* Message: ")]
raise UMC_Error(_(
"univention-join -checkPrerequisites reported a problem. "
"Output of check:\n\n"
) + "\n".join(messages))
finally:
if orig_role:
univention.config_registry.handler_set(['server/role=%s' % (orig_role,)])
else:
univention.config_registry.handler_unset(['server/role'])
def check_domain_is_higher_or_equal_version(address, username, password):
with _temporary_password_file(password) as password_file:
try:
master_ucs_version = subprocess.check_output(['univention-ssh', password_file, '%s@%s' % (username, address), 'echo $(/usr/sbin/ucr get version/version)-$(/usr/sbin/ucr get version/patchlevel)'], stderr=subprocess.STDOUT).rstrip()
except subprocess.CalledProcessError:
MODULE.error('Failed to retrieve UCS version: %s' % (traceback.format_exc()))
return
nonmaster_ucs_version = '{}-{}'.format(UCR.get('version/version'), UCR.get('version/patchlevel'))
if LooseVersion(nonmaster_ucs_version) > LooseVersion(master_ucs_version):
raise UMC_Error(_('The UCS version of the domain you are trying to join ({}) is lower than the local one ({}). This constellation is not supported.').format(master_ucs_version, nonmaster_ucs_version))
def check_credentials_nonmaster(dns, nameserver, address, username, password):
if dns:
domain = get_ucs_domain(nameserver)
else:
domain = '.'.join(address.split('.')[1:])
if not domain:
# Not checked... no UCS domain!
raise UMC_Error(_('No UCS Primary Directory Node could be found at the address.'))
with _temporary_password_file(password) as password_file:
if subprocess.call(['univention-ssh', password_file, '%s@%s' % (username, address), '/bin/true']):
raise UMC_Error(_('The connection to the UCS Primary Directory Node was refused. Please recheck the password.'))
return domain
def check_memberof_overlay_is_installed(address, username, password):
with _temporary_password_file(password) as password_file:
try:
return UCR.is_true(value=subprocess.check_output([
'univention-ssh', password_file,
'%s@%s' %
(username, address), '/usr/sbin/univention-config-registry',
'get', 'ldap/overlay/memberof'
]).strip())
except subprocess.CalledProcessError as exc:
MODULE.error('Could not query DC Master for memberof overlay: %s' %
(exc, ))
return False
def check_is_school_multiserver_domain(address, username, password):
MODULE.process(
'univention-join:school: check_is_school_multiserver_domain(%r, %r, %r)'
% (
address,
username,
'$PASSWORD',
))
is_school_multiserver_domain = False
with _temporary_password_file(password) as password_file:
try:
master_hostdn = subprocess.check_output([
'univention-ssh', password_file,
'%s@%s' % (username, address),
'/usr/sbin/univention-config-registry', 'get', 'ldap/hostdn'
]).strip()
ldap_base = subprocess.check_output([
'univention-ssh', password_file,
'%s@%s' % (username, address),
'/usr/sbin/univention-config-registry', 'get', 'ldap/base'
]).strip()
remote_cmd = ' '.join(
pipes.quote(x) for x in [
'univention-ldapsearch',
'-D',
'cn=admin,{}'.format(ldap_base),
'-y',
'/etc/ldap.secret',
'-b',
'{}'.format(master_hostdn),
'(&(ucsschoolRole=dc_master:school:-)(!(ucsschoolRole=single_master:school:-))(univentionService=UCS@school))',
'dn',
])
is_school_multiserver_domain = 'dn: {}'.format(
master_hostdn) in subprocess.check_output([
'univention-ssh',
'--no-split',
password_file,
'%s@%s' % (username, address),
remote_cmd,
]).strip().splitlines()
except subprocess.CalledProcessError as exc:
MODULE.error(
'univention-join:school: Could not query DC Master if the domain is a multiserver school domain: %s'
% (exc, ))
MODULE.process(
'univention-join:school: check_is_school_multiserver_domain = %r' %
(is_school_multiserver_domain, ))
return is_school_multiserver_domain
def check_if_uid_is_available(uid, role, address, username, password):
with _temporary_password_file(password) as password_file:
process = subprocess.Popen([
'univention-ssh', password_file,
'%s@%s' % (username, address), 'python', '-'
],
stdin=subprocess.PIPE)
process.communicate(
'from univention.uldap import getAdminConnection\n' +
'connection = getAdminConnection()\n' +
'results = connection.search(filter="uid=%s")\n' % (uid, ) +
'if len(results) == 0:\n' + ' exit(0)\n' +
'elif len(results) == 1:\n' +
' role = results[0][1]["univentionServerRole"][0]\n' +
' if role in "%s":\n' % (role, ) + ' exit(0)\n' +
'exit(1)\n')
if process.wait() != 0:
return False
return True
