43
52
credopts = options.CredentialsOptions(parser)
44
53
parser.add_option_group(credopts)
45
54
parser.add_option("--interactive", help="Ask for names", action="store_true")
46
parser.add_option("--setupdir", type="string", metavar="DIR",
47
help="directory with setup files")
48
parser.add_option("--realm", type="string", metavar="REALM", help="set realm")
49
55
parser.add_option("--domain", type="string", metavar="DOMAIN",
51
57
parser.add_option("--domain-guid", type="string", metavar="GUID",
52
58
help="set domainguid (otherwise random)")
53
59
parser.add_option("--domain-sid", type="string", metavar="SID",
54
60
help="set domainsid (otherwise random)")
55
parser.add_option("--policy-guid", type="string", metavar="GUID",
56
help="set guid for domain policy")
57
parser.add_option("--policy-guid-dc", type="string", metavar="GUID",
58
help="set guid for domain controller policy")
61
parser.add_option("--ntds-guid", type="string", metavar="GUID",
62
help="set NTDS object GUID (otherwise random)")
59
63
parser.add_option("--invocationid", type="string", metavar="GUID",
60
64
help="set invocationid (otherwise random)")
61
65
parser.add_option("--host-name", type="string", metavar="HOSTNAME",
87
91
help="do not add users or groups, just the structure")
88
92
parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
89
93
help="Additional TCP port for LDAP backend server (to use for replication)")
94
parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
95
help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
90
96
parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
91
97
help="LDAP backend type (fedora-ds or openldap)",
92
98
choices=["fedora-ds", "openldap"])
93
99
parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
94
100
parser.add_option("--server-role", type="choice", metavar="ROLE",
95
101
choices=["domain controller", "dc", "member server", "member", "standalone"],
96
help="Set server role to provision for (default standalone)")
102
help="The server role (domain controller | dc | member server | member | standalone). Default is standalone.")
103
parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL",
104
choices=["2000", "2003", "2008", "2008_R2"],
105
help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.")
106
parser.add_option("--next-rid", type="int", metavar="NEXTRID", default=1000,
107
help="The initial nextRid value (only needed for upgrades). Default is 1000.")
97
108
parser.add_option("--partitions-only",
98
109
help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true")
99
110
parser.add_option("--targetdir", type="string", metavar="DIR",
100
111
help="Set target directory")
101
112
parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
102
help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with whitespaces for use with OpenLDAP-MMR (Multi-Master-Replication)")
113
help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"")
103
114
parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH",
104
115
help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.")
105
116
parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH",
106
117
help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.")
107
parser.add_option("--nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
118
parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
108
119
parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true")
110
121
opts = parser.parse_args()[0]
113
"""print a message if quiet is not set."""
123
logger = logging.getLogger("provision")
124
logger.addHandler(logging.StreamHandler(sys.stdout))
126
logger.setLevel(logging.WARNING)
128
logger.setLevel(logging.INFO)
117
130
if len(sys.argv) == 1:
118
131
opts.interactive = True
120
if not opts.interactive and (opts.realm is None or opts.domain is None):
121
if opts.realm is None:
122
print >>sys.stderr, "No realm set"
123
if opts.domain is None:
124
print >>sys.stderr, "No domain set"
128
133
if opts.interactive:
129
134
from getpass import getpass
135
140
print "%s: " % (prompt,),
136
141
return sys.stdin.readline().rstrip("\n") or default
138
opts.realm = ask("Realm", socket.getfqdn().split(".", 1)[1].upper())
143
default = socket.getfqdn().split(".", 1)[1].upper()
139
144
except IndexError:
140
print >>sys.stderr, "Cannot guess realm from %s" % ( socket.getfqdn())
146
opts.realm = ask("Realm", default)
147
if opts.realm in (None, ""):
148
print >>sys.stderr, "No realm set!"
144
opts.domain = ask("Domain", opts.realm.split(".")[0])
152
default = opts.realm.split(".")[0]
145
153
except IndexError:
146
print >>sys.stderr, "Cannot guess domain from %s" % ( opts.realm())
155
opts.domain = ask("Domain", default)
156
if opts.domain is None:
157
print >> sys.stderr, "No domain set!"
149
160
opts.server_role = ask("Server Role (dc, member, standalone)", "dc")
165
189
server_role = opts.server_role
191
if opts.function_level is None:
192
dom_for_fun_level = None
193
elif opts.function_level == "2000":
194
dom_for_fun_level = DS_DOMAIN_FUNCTION_2000
195
elif opts.function_level == "2003":
196
dom_for_fun_level = DS_DOMAIN_FUNCTION_2003
197
elif opts.function_level == "2008":
198
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008
199
elif opts.function_level == "2008_R2":
200
dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2
167
202
creds = credopts.get_credentials(lp)
169
204
creds.set_kerberos_state(DONT_USE_KERBEROS)
171
setup_dir = opts.setupdir
172
if setup_dir is None:
173
setup_dir = find_setup_dir()
175
206
samdb_fill = FILL_FULL
177
208
samdb_fill = FILL_NT4SYNC
178
209
elif opts.partitions_only:
179
210
samdb_fill = FILL_DRS
213
if opts.use_xattrs == "yes":
215
elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"):
216
file = tempfile.NamedTemporaryFile()
218
samba.ntacls.setntacl(lp, file.name,
219
"O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
222
logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. "
223
"If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
227
if opts.ldap_backend_type == "existing":
228
if opts.ldap_backend_forced_uri is not None:
229
logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
231
logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
233
if opts.ldap_backend_forced_uri is not None:
234
logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
181
236
session = system_session()
182
provision(setup_dir, message,
183
session, creds, smbconf=smbconf, targetdir=opts.targetdir,
184
samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
185
domainguid=opts.domain_guid, domainsid=opts.domain_sid,
186
policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc,
187
hostname=opts.host_name,
188
hostip=opts.host_ip, hostip6=opts.host_ip6,
189
invocationid=opts.invocationid, adminpass=opts.adminpass,
190
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
191
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
192
wheel=opts.wheel, users=opts.users,
193
serverrole=server_role,
194
ldap_backend_extra_port=opts.ldap_backend_extra_port,
195
ldap_backend_type=opts.ldap_backend_type,
196
ldapadminpass=opts.ldapadminpass,
197
ol_mmr_urls=opts.ol_mmr_urls,
198
slapd_path=opts.slapd_path,
199
setup_ds_path=opts.setup_ds_path,
201
ldap_dryrun_mode=opts.ldap_dryrun_mode)
239
session, creds, smbconf=smbconf, targetdir=opts.targetdir,
240
samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain,
241
domainguid=opts.domain_guid, domainsid=opts.domain_sid,
242
hostname=opts.host_name,
243
hostip=opts.host_ip, hostip6=opts.host_ip6,
244
ntdsguid=opts.ntds_guid,
245
invocationid=opts.invocationid, adminpass=opts.adminpass,
246
krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass,
247
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
248
wheel=opts.wheel, users=opts.users,
249
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
250
ldap_backend_extra_port=opts.ldap_backend_extra_port,
251
ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
252
backend_type=opts.ldap_backend_type,
253
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
254
slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
255
nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode,
256
useeadb=eadb, next_rid=opts.next_rid, lp=lp)
257
except ProvisioningError, e: