From decdf5954d5e1ae84318d6767317965f544a897f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 23 Jan 2008 23:33:36 +0100 Subject: python: Add convenience function for getting command line loadparm context and default to using system smb.conf. (This used to be commit b3afde0f00ab5093b577b139a062c233d4db2524) --- source4/setup/provision.py | 9 ++++----- source4/setup/upgrade.py | 9 ++++----- source4/setup/vampire.py | 7 +++---- 3 files changed, 11 insertions(+), 14 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 88015ce0a3..b9a11bdd78 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -37,7 +37,8 @@ from samba.provision import (provision, provision_paths_from_lp) parser = optparse.OptionParser("provision [options]") -parser.add_option_group(options.SambaOptions(parser)) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) @@ -111,9 +112,7 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf -lp = param.LoadParm() -if opts.configfile: - lp.load(opts.configfile) +lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) @@ -127,7 +126,7 @@ if opts.aci is not None: print "set ACI: %s" % opts.aci paths = provision_paths_from_lp(lp, opts.realm.lower()) -paths.smbconf = opts.configfile +paths.smbconf = sambaopts.get_loadparm_path() if opts.ldap_backend: if opts.ldap_backend == "ldapi": diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index ea6f83d7de..4cf9641ef2 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -14,7 +14,8 @@ import samba.getopt as options from auth import system_session parser = optparse.OptionParser("upgrade [options] ") -parser.add_option_group(options.SambaOptions(parser)) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) @@ -59,15 +60,13 @@ if setup_dir is None: setup_dir = "setup" creds = credopts.get_credentials() -lp = param.LoadParm() -if opts.configfile: - lp.load(opts.configfile) +lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) lp.set("private dir", os.path.abspath(opts.targetdir)) lp.set("lock dir", os.path.abspath(opts.targetdir)) paths = provision_paths_from_lp(lp, "") -paths.smbconf = opts.configfile +paths.smbconf = sambaopts.get_loadparm_path() upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), lp=lp, paths=paths) diff --git a/source4/setup/vampire.py b/source4/setup/vampire.py index 392cd2d4fb..728c53146a 100755 --- a/source4/setup/vampire.py +++ b/source4/setup/vampire.py @@ -26,7 +26,8 @@ from auth import system_session import sys parser = optparse.OptionParser("vampire [options] ") -parser.add_option_group(options.SambaOptions(parser)) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) @@ -47,8 +48,6 @@ def vampire(domain, session_info, credentials, lp): ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds, session_info=session_info) -lp = param.LoadParm() -if opts.configfile: - lp.load(opts.configfile) +lp = sambaopts.get_loadparm() vampire(args[0], session_info=system_session(), credentials=credopts.get_credentials(), lp=lp) -- cgit From 08f94e2754a95b50fc421c18a07401d4fd141941 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 11:26:21 +1100 Subject: Remove useless subs from the ejs provision The less things we manually place into the templates, the easier the conversion to python will be. Andrew Bartlett (This used to be commit f65e5c164476b80468aa19452b108db17c642f8b) --- source4/setup/secrets_dc.ldif | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index 64469352bb..71c7fc2f5b 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -7,8 +7,6 @@ realm: ${REALM} secret:: ${MACHINEPASS_B64} secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: ${SECRETS_KEYTAB} @@ -22,8 +20,6 @@ objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} sAMAccountName: krbtgt -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw krb5Keytab: HDB:ldb:${SAM_LDB}: @@ -36,8 +32,6 @@ objectClass: top objectClass: secret objectClass: kerberosSecret realm: ${REALM} -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} servicePrincipalName: DNS/${DNSDOMAIN} privateKeytab: ${DNS_KEYTAB} secret:: ${DNSPASS_B64} -- cgit From 1557e7b930b95fa5309390c46f72e14628447703 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 11:33:37 +1100 Subject: Kill another sub that the modules will handle for us. (This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8) --- source4/setup/provision_basedn.ldif | 1 - source4/setup/provision_basedn_modify.ldif | 3 --- 2 files changed, 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 3c7537f013..11eb0593e8 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,4 @@ objectClass: top objectClass: domain objectClass: domainDNS ${ACI} -dc: ${RDN_DC} diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index fa990599d9..dadfda720e 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -4,9 +4,6 @@ dn: ${DOMAINDN} changetype: modify - -replace: dc -dc: ${RDN_DC} -- replace: forceLogoff forceLogoff: 9223372036854775808 - -- cgit From 48e79659d1a81bb5a5dd3932f9e8f7c0b1a99947 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 16:17:45 +1100 Subject: Make the repl_meta_data module the default for domain controllers. Andrew Bartlett (This used to be commit ae2ea1bd0cd2b326b09b372428969f2cf52ce519) --- source4/setup/provision | 8 ++++---- source4/setup/provision_partitions.ldif | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 8b24c51040..9e135cddbb 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -143,12 +143,10 @@ if (ldapbackend) { subobj.LDAPMODULE = "normalise,entryuuid"; subobj.TDB_MODULES_LIST = ""; } + subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; - subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; - subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; - subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); } @@ -175,7 +173,9 @@ if (partitions_only) { message("--host-guid='%s' \\\n", subobj.HOSTGUID); } message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); - message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + if (subobj.INVOCATIONID != undefined) { + message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + } message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index fb8bc7f595..93fea6bc2d 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST replicateEntries: @OPTIONS -modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} -modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} -modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} +modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD} +modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD} +modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD} dn: @MODULES @LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2} -- cgit From 37f35d2a03409e0d52232d4c4f956ec8637d4884 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 25 Jan 2008 01:02:13 +0100 Subject: python/provision: Reconcile code partitions-only provisioning and generic provisioning, some other minor refactoring of the provisioning. Pair-programmed by Andrew and me using obby :-) (This used to be commit 688adcbb635af87fcfedb869b7f1857a947fd2f9) --- source4/setup/provision.py | 83 +++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 42 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index b9a11bdd78..743a94700d 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -33,8 +33,10 @@ import samba from auth import system_session import samba.getopt as options import param -from samba.provision import (provision, - provision_paths_from_lp) +from samba.provision import (provision, + provision_paths_from_lp, + FILL_FULL, FILL_NT4SYNC, + FILL_DRS) parser = optparse.OptionParser("provision [options]") sambaopts = options.SambaOptions(parser) @@ -84,8 +86,9 @@ parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", help="LDAP server to use for this provision") -parser.add_option("--ldap-module=", type="string", metavar="MODULE", - help="LDB mapping module to use for the LDAP backend") +parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", + help="LDB mapping module to use for the LDAP backend", + choices=["fedora-ds", "openldap"]) parser.add_option("--aci", type="string", metavar="ACI", help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") parser.add_option("--server-role", type="choice", metavar="ROLE", @@ -122,51 +125,47 @@ lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) lp.set("server role", opts.server_role or "domain controller") + if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_paths_from_lp(lp, opts.realm.lower()) +private_dir = None +if opts.targetdir is not None: + private_dir = os.path.join(opts.targetdir, "private") +paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) paths.smbconf = sambaopts.get_loadparm_path() -if opts.ldap_backend: - if opts.ldap_backend == "ldapi": - subobj.ldap_backend = subobj.ldapi_uri - - if not opts.ldap_module: - subobj.ldapmodule = "entryuuid" - - subobj.domaindn_ldb = subobj.ldap_backend - subobj.domaindn_mod2 = ",%s,paged_searches" % subobj.ldapmodule - subobj.configdn_ldb = subobj.ldap_backend - subobj.configdn_mod2 = ",%s,paged_searches" % subobj.ldapmodule - subobj.schemadn_ldb = subobj.ldap_backend - subobj.schemadn_mod2 = ",%s,paged_searches" % subobj.ldapmodule - message("LDAP module: %s on backend: %s" % (subobj.ldapmodule, subobj.ldap_backend)) - creds = credopts.get_credentials() setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -if opts.partitions_only: - provision_become_dc(setup_dir, message, False, - paths, lp, system_session(), creds) -else: - provision(lp, setup_dir, message, opts.blank, paths, - system_session(), creds, opts.ldap_backend, realm=opts.realm, - domainguid=opts.domain_guid, domainsid=opts.domain_sid, - policyguid=opts.policy_guid, hostname=opts.host_name, - hostip=opts.host_ip, hostguid=opts.host_guid, - invocationid=opts.invocationid, adminpass=opts.adminpass, - krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, - dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, - nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, - aci=opts.aci, serverrole=opts.server_role) - message("To reproduce this provision, run with:") - def shell_escape(arg): - if " " in arg: - return '"%s"' % arg - return arg - message(" ".join([shell_escape(arg) for arg in sys.argv])) - -message("All OK") + +samdb_fill = FILL_FULL +if opts.blank: + samdb_fill = FILL_NT4SYNC +elif opts.partitions_only: + samdb_fill = FILL_DRS + +provision(lp, setup_dir, message, paths, + system_session(), creds, opts.ldap_backend, + samdb_fill=samdb_fill, realm=opts.realm, + domainguid=opts.domain_guid, domainsid=opts.domain_sid, + policyguid=opts.policy_guid, hostname=opts.host_name, + hostip=opts.host_ip, hostguid=opts.host_guid, + invocationid=opts.invocationid, adminpass=opts.adminpass, + krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, + dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, + nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, + aci=opts.aci, serverrole=opts.server_role, + ldap_backend=opts.ldap_backend, + ldap_backend_type=opts.ldap_backend_type) + +message("To reproduce this provision, run with:") +def shell_escape(arg): + if " " in arg: + return '"%s"' % arg + return arg +message(" ".join([shell_escape(arg) for arg in sys.argv])) + +message("All OK") \ No newline at end of file -- cgit From dbf400c3da853e6845f0d0b667f713639b29582e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 25 Jan 2008 01:41:06 +0100 Subject: python/provision: Create private dir if it didn't exist yet. (This used to be commit 66df250ff355d3c1b7f0252fc1f95a8c79a28c6d) --- source4/setup/provision.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 743a94700d..c8087f7bd7 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -2,7 +2,8 @@ # # Unix SMB/CIFS implementation. # provision a Samba4 server -# Copyright (C) Jelmer Vernooij 2007 +# Copyright (C) Jelmer Vernooij 2007-2008 +# Copyright (C) Andrew Bartlett 2008 # # Based on the original in EJS: # Copyright (C) Andrew Tridgell 2005 @@ -115,11 +116,15 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf +private_dir = None lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) - lp.set("private dir", os.path.abspath(opts.targetdir)) + private_dir = os.path.join(opts.targetdir, "private") + if not os.path.exists(private_dir): + os.mkdir(private_dir) + lp.set("private dir", os.path.abspath(private_dir)) lp.set("lock dir", os.path.abspath(opts.targetdir)) lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) @@ -129,9 +134,6 @@ lp.set("server role", opts.server_role or "domain controller") if opts.aci is not None: print "set ACI: %s" % opts.aci -private_dir = None -if opts.targetdir is not None: - private_dir = os.path.join(opts.targetdir, "private") paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) paths.smbconf = sambaopts.get_loadparm_path() @@ -168,4 +170,4 @@ def shell_escape(arg): return arg message(" ".join([shell_escape(arg) for arg in sys.argv])) -message("All OK") \ No newline at end of file +message("All OK") -- cgit