def create_base_accounts(self, env, fi):
"""
fi: a FreeIPA object
"""
import params
rm = freeipa.RobotAdmin()
fi.create_user_principal(
rm.get_login(),
groups=['admins'],
password=freeipa.generate_random_password(),
password_file=rm.get_password_file())
fi.set_user_shell(rm.get_login(), params.admin_user_shell)
# Always create the hadoop group
fi.create_group('hadoop', 'the hadoop user group')
# Create ldap bind user
expiry_date = (datetime.datetime.now() + datetime.timedelta(weeks=52 * 10)).strftime('%Y%m%d%H%M%SZ')
File("/tmp/bind_user.ldif",
content=Template("bind_user.ldif.j2", expiry_date=expiry_date),
mode=0600
)
import kavecommon as kc
_stat, _stdout, _stderr = kc.shell_call_wrapper(
'ldapsearch -x -D "cn=directory manager" -w %s "uid=%s"'
% (params.directory_password, params.ldap_bind_user))
# is this user already added?
if "dn: uid=" + params.ldap_bind_user not in _stdout:
Execute('ldapadd -x -D "cn=directory manager" -w %s -f /tmp/bind_user.ldif'
% params.directory_password)
for group in params.ldap_bind_services:
fi.create_group(group, group + ' user group', ['--nonposix'])
def reset_robot_admin_expire_date(self, env):
import params
env.set_params(params)
rm = freeipa.RobotAdmin()
expiry_date = (datetime.datetime.now() + datetime.timedelta(weeks=52)).strftime('%Y%m%d%H%M%SZ')
File("/tmp/expire_date.ldif",
content=Template("expire_date.ldif.j2",
login=rm.get_login(),
expiry_date=expiry_date),
mode=0600
)
Execute('ldapadd -x -D "cn=directory manager" -w %s -f /tmp/expire_date.ldif' % params.directory_password)
def install(self, env):
import params
env.set_params(params)
self.install_jce()
installed_on_server = (params.ipa_server == params.hostname)
if installed_on_server:
print 'The FreeIPA client installation is modified when installed on the freeipa server:',
print ' %s freeipa_server %s' % (params.ipa_server, params.hostname)
if os.path.exists(self.ipa_client_install_lock_file):
print 'ipa client already installed, nothing to do here.'
return self.write_resolvconf(env)
rm = freeipa.RobotAdmin()
# Native package installation system driven by metainfo.xml intentionally
# avoided. Both client and server components are very different and don't
# intersect on any highlevel component.
if not installed_on_server:
for package in self.packages:
Package(package)
Execute('chkconfig ntpd on')
if ((not os.path.exists(self.ipa_client_install_lock_file)) and
os.path.exists('/etc/ipa/default.conf')):
Execute('ipa-client-install --uninstall')
# installs ipa-client software
rm.client_install(params.ipa_server, params.domain, params.realm, params.client_init_wait,
params.install_with_dns, params.install_distribution_user)
# here we remove the robot-admin-password in case we are not running on the server
# Note the strange construction due to the enter/exit clauses of the get_freeipa method
# Although it may look like these lines do nothing, do not be fooled
with rm.get_freeipa(not installed_on_server) as fi:
pass
# Only write the resolv.conf if the client installation was successful, otherwise I can get into biiig trouble!
self.write_resolvconf(env)
self.edit_dhconfig(env)
if not os.path.exists(self.ipa_client_install_lock_file):
with open(self.ipa_client_install_lock_file, 'w') as f:
f.write('')
def distribute_robot_admin_credentials(self, env):
# If this method is called during status, params will not
# be available, and therefore I will need to read all_hosts
# from the database instead
# trying to import params could result in many possible issues here,
# most commonly ImportError or KeyError
try:
import params
env.set_params(params)
all_hosts = params.all_hosts
print "using params for all_hosts"
except (TypeError, ImportError, ValueError, KeyError):
all_hosts = None
rm = freeipa.RobotAdmin()
print "distribution to all hosts with host being", all_hosts
rm.distribute_password(all_hosts=all_hosts)