diff options
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/setup/provision | 273 | ||||
-rw-r--r-- | source4/setup/wscript_build | 6 |
2 files changed, 0 insertions, 279 deletions
diff --git a/source4/setup/provision b/source4/setup/provision deleted file mode 100755 index 6cb4674b21..0000000000 --- a/source4/setup/provision +++ /dev/null @@ -1,273 +0,0 @@ -#!/usr/bin/env python -# -# Unix SMB/CIFS implementation. -# provision a Samba4 server -# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007-2008 -# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008 -# -# Based on the original in EJS: -# Copyright (C) Andrew Tridgell 2005 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -import logging -import optparse -import sys -import tempfile - -# Find right directory when running from source tree -sys.path.insert(0, "bin/python") - -import samba -import samba.ntacls -import os -from samba.credentials import DONT_USE_KERBEROS -from samba.auth import system_session -import samba.getopt as options -from samba.provision import ( - provision, - FILL_FULL, - FILL_NT4SYNC, - FILL_DRS, - ProvisioningError, - ) -from samba.dsdb import ( - DS_DOMAIN_FUNCTION_2000, - DS_DOMAIN_FUNCTION_2003, - DS_DOMAIN_FUNCTION_2008, - DS_DOMAIN_FUNCTION_2008_R2, - ) - -# how do we make this case insensitive?? - -parser = optparse.OptionParser("provision [options]") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("--interactive", help="Ask for names", action="store_true") -parser.add_option("--domain", type="string", metavar="DOMAIN", - help="set domain") -parser.add_option("--domain-guid", type="string", metavar="GUID", - help="set domainguid (otherwise random)") -parser.add_option("--domain-sid", type="string", metavar="SID", - help="set domainsid (otherwise random)") -parser.add_option("--ntds-guid", type="string", metavar="GUID", - help="set NTDS object GUID (otherwise random)") -parser.add_option("--invocationid", type="string", metavar="GUID", - help="set invocationid (otherwise random)") -parser.add_option("--host-name", type="string", metavar="HOSTNAME", - help="set hostname") -parser.add_option("--host-ip", type="string", metavar="IPADDRESS", - help="set IPv4 ipaddress") -parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS", - help="set IPv6 ipaddress") -parser.add_option("--adminpass", type="string", metavar="PASSWORD", - help="choose admin password (otherwise random)") -parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", - help="choose krbtgt password (otherwise random)") -parser.add_option("--machinepass", type="string", metavar="PASSWORD", - help="choose machine password (otherwise random)") -parser.add_option("--dns-backend", type="choice", metavar="NAMESERVER-BACKEND", - choices=["SAMBA_INTERNAL", "BIND9_FLATFILE", "BIND9_DLZ", "NONE"], - help="The DNS server backend. SAMBA_INTERNAL is the builtin name server, " \ - "BIND9_FLATFILE uses bind9 text database to store zone information, " \ - "BIND9_DLZ uses samba4 AD to store zone information (default), " \ - "NONE skips the DNS setup entirely (not recommended)", - default="BIND9_DLZ") -parser.add_option("--dnspass", type="string", metavar="PASSWORD", - help="choose dns password (otherwise random)") -parser.add_option("--ldapadminpass", type="string", metavar="PASSWORD", - help="choose password to set between Samba and it's LDAP backend (otherwise random)") -parser.add_option("--root", type="string", metavar="USERNAME", - help="choose 'root' unix username") -parser.add_option("--nobody", type="string", metavar="USERNAME", - help="choose 'nobody' user") -parser.add_option("--wheel", type="string", metavar="GROUPNAME", - help="choose 'wheel' privileged group") -parser.add_option("--users", type="string", metavar="GROUPNAME", - help="choose 'users' group") -parser.add_option("--quiet", help="Be quiet", action="store_true") -parser.add_option("--blank", action="store_true", - help="do not add users or groups, just the structure") -parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", - help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE", - choices=["fedora-ds", "openldap"]) -parser.add_option("--server-role", type="choice", metavar="ROLE", - choices=["domain controller", "dc", "member server", "member", "standalone"], - help="The server role (domain controller | dc | member server | member | standalone). Default is dc.", - default="domain controller") -parser.add_option("--function-level", type="choice", metavar="FOR-FUN-LEVEL", - choices=["2000", "2003", "2008", "2008_R2"], - help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.", - default="2003") -parser.add_option("--next-rid", type="int", metavar="NEXTRID", default=1000, - help="The initial nextRid value (only needed for upgrades). Default is 1000.") -parser.add_option("--partitions-only", - help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") -parser.add_option("--targetdir", type="string", metavar="DIR", - help="Set target directory") -parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", - help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"") -parser.add_option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto") -parser.add_option("--use-ntvfs", action="store_true", help="Use NTVFS for the fileserver (default = no)") -parser.add_option("--use-rfc2307", action="store_true", help="Use AD to store posix attributes (default = no)") - -opts = parser.parse_args()[0] - -logger = logging.getLogger("provision") -logger.addHandler(logging.StreamHandler(sys.stdout)) -if opts.quiet: - logger.setLevel(logging.WARNING) -else: - logger.setLevel(logging.INFO) - -if len(sys.argv) == 1: - opts.interactive = True - -if opts.interactive: - from getpass import getpass - import socket - - def ask(prompt, default=None): - if default is not None: - print "%s [%s]: " % (prompt, default), - else: - print "%s: " % (prompt,), - return sys.stdin.readline().rstrip("\n") or default - try: - default = socket.getfqdn().split(".", 1)[1].upper() - except IndexError: - default = None - opts.realm = ask("Realm", default) - if opts.realm in (None, ""): - print >>sys.stderr, "No realm set!" - sys.exit(1) - - try: - default = opts.realm.split(".")[0] - except IndexError: - default = None - opts.domain = ask("Domain", default) - if opts.domain is None: - print >> sys.stderr, "No domain set!" - sys.exit(1) - - opts.server_role = ask("Server Role (dc, member, standalone)", "dc") - - opts.dns_backend = ask("DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)", "BIND9_DLZ") - if opts.dns_backend in (None, ''): - print >> sys.stderr, "No DNS backend set!" - sys.exit(1) - - while True: - adminpass = getpass("Administrator password: ") - if not adminpass: - print >>sys.stderr, "Invalid administrator password." - else: - adminpassverify = getpass("Retype password: ") - if not adminpass == adminpassverify: - print >>sys.stderr, "Sorry, passwords do not match." - else: - opts.adminpass = adminpass - break - -else: - if opts.realm in (None, ""): - opts.realm = sambaopts._lp.get('realm') - if opts.realm is None or opts.domain is None: - if opts.realm is None: - print >>sys.stderr, "No realm set!" - if opts.domain is None: - print >> sys.stderr, "No domain set!" - parser.print_usage() - sys.exit(1) - -if not opts.adminpass: - logger.info("Administrator password will be set randomly!") - -lp = sambaopts.get_loadparm() -smbconf = lp.configfile - -if opts.function_level == "2000": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2000 -elif opts.function_level == "2003": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2003 -elif opts.function_level == "2008": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2008 -elif opts.function_level == "2008_R2": - dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2 - -creds = credopts.get_credentials(lp) - -creds.set_kerberos_state(DONT_USE_KERBEROS) - -samdb_fill = FILL_FULL -if opts.blank: - samdb_fill = FILL_NT4SYNC -elif opts.partitions_only: - samdb_fill = FILL_DRS - -if opts.targetdir is not None: - if not os.path.isdir(opts.targetdir): - os.mkdir(opts.targetdir) - -eadb = True - -if opts.use_xattrs == "yes": - eadb = False -elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"): - if opts.targetdir: - file = tempfile.NamedTemporaryFile(dir=os.path.abspath(opts.targetdir)) - else: - file = tempfile.NamedTemporaryFile(dir=os.path.abspath(os.path.dirname(lp.get("private dir")))) - try: - try: - samba.ntacls.setntacl(lp, file.name, - "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native") - eadb = False - except Exception: - logger.info("You are not root or your system do not support xattr, using tdb backend for attributes. ") - finally: - file.close() - -if eadb: - logger.info("not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.") - -session = system_session() -try: - result = provision(logger, - session, creds, smbconf=smbconf, targetdir=opts.targetdir, - samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, - domainguid=opts.domain_guid, domainsid=opts.domain_sid, - hostname=opts.host_name, - hostip=opts.host_ip, hostip6=opts.host_ip6, - ntdsguid=opts.ntds_guid, - invocationid=opts.invocationid, adminpass=opts.adminpass, - krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, - dns_backend=opts.dns_backend, - dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, - wheel=opts.wheel, users=opts.users, - serverrole=opts.server_role, dom_for_fun_level=dom_for_fun_level, - backend_type=opts.ldap_backend_type, - ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, - useeadb=eadb, next_rid=opts.next_rid, lp=lp, use_ntvfs=(opts.use_ntvfs), - use_rfc2307=(opts.use_rfc2307)) -except ProvisioningError, e: - print str(e) - sys.exit(1) - -result.report_logger(logger) diff --git a/source4/setup/wscript_build b/source4/setup/wscript_build index 2513f28af7..cb83e3e246 100644 --- a/source4/setup/wscript_build +++ b/source4/setup/wscript_build @@ -1,14 +1,8 @@ #!/usr/bin/env python -from samba_utils import MODE_755 - bld.INSTALL_WILDCARD('${SETUPDIR}', 'ad-schema/*.txt') bld.INSTALL_WILDCARD('${SETUPDIR}', 'display-specifiers/*.txt') -bld.INSTALL_FILES('${SBINDIR}', 'provision', chmod=MODE_755, python_fixup=True) - -bld.SAMBA_SCRIPT('provision', pattern='provision', installdir='.') - bld.INSTALL_FILES('${SETUPDIR}', 'dns_update_list') bld.INSTALL_FILES('${SETUPDIR}', 'spn_update_list') |