This is basically just the patch originally sent by Stef, applied to pykickstart master. It adds support for parsing the realm command from kickstart; the join, permit and deny sub-commands are supported.
Martin Kolman (1): Add support for the realm command
pykickstart/commands/__init__.py | 2 +- pykickstart/commands/realm.py | 120 +++++++++++++++++++++++++++++++++++++++ pykickstart/handlers/control.py | 1 + tests/commands/realm.py | 54 ++++++++++++++++++ 4 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 pykickstart/commands/realm.py create mode 100644 tests/commands/realm.py
The realm command uses realmd to enable joining a domain during installation.
The join, permit and deny subcommands are supported. Also includes tests for the realm command.
Signed-off-by: Martin Kolman mkolman@gmail.com --- pykickstart/commands/__init__.py | 2 +- pykickstart/commands/realm.py | 120 +++++++++++++++++++++++++++++++++++++++ pykickstart/handlers/control.py | 1 + tests/commands/realm.py | 54 ++++++++++++++++++ 4 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 pykickstart/commands/realm.py create mode 100644 tests/commands/realm.py
diff --git a/pykickstart/commands/__init__.py b/pykickstart/commands/__init__.py index 0e7d0d1..d8c71f3 100644 --- a/pykickstart/commands/__init__.py +++ b/pykickstart/commands/__init__.py @@ -21,6 +21,6 @@ import authconfig, autopart, autostep, bootloader, btrfs, clearpart, device import deviceprobe, displaymode, dmraid, driverdisk, fcoe, firewall, firstboot import group, ignoredisk, interactive, iscsi, iscsiname, key, keyboard, lang import langsupport, lilocheck, logging, logvol, mediacheck, method, monitor -import mouse, multipath, network, partition, raid, reboot, repo, rescue, rootpw +import mouse, multipath, network, partition, raid, realm, reboot, repo, rescue, rootpw import selinux, services, skipx, sshpw, timezone, updates, upgrade, user import unsupported_hardware, vnc, volgroup, xconfig, zerombr, zfcp diff --git a/pykickstart/commands/realm.py b/pykickstart/commands/realm.py new file mode 100644 index 0000000..405b48b --- /dev/null +++ b/pykickstart/commands/realm.py @@ -0,0 +1,120 @@ +# +# Stef Walter stefw@redhat.com +# +# Copyright 2013 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, modify, +# copy, or redistribute it subject to the terms and conditions of the GNU +# General Public License v.2. This program is distributed in the hope that it +# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the +# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 +# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat +# trademarks that are incorporated in the source code or documentation are not +# subject to the GNU General Public License and may only be used or replicated +# with the express permission of Red Hat, Inc. +# + +from pykickstart.base import * + +import getopt +import pipes +import shlex + +_ = lambda x: gettext.ldgettext("pykickstart", x) + + +class F19_Realm(KickstartCommand): + removedKeywords = KickstartCommand.removedKeywords + removedAttrs = KickstartCommand.removedAttrs + + def __init__(self, writePriority=0, *args, **kwargs): + KickstartCommand.__init__(self, *args, **kwargs) + self.join_realm = None + self.join_args = [] + self.discover_options = [] + self.after = [] + + def _parseArguments(self, string): + args = shlex.split(string) + if not args: + raise KickstartValueError, formatErrorMsg(self.lineno, msg=_( + "Missing realm command arguments")) + command = args.pop(0) + if command in ("permit", "deny"): + self._parsePermitOrDeny(command, args) + elif command == "join": + self._parseJoin(args) + else: + raise KickstartValueError, formatErrorMsg(self.lineno, msg=_( + "Unsupported realm '%s' command" % command)) + + def _parsePermitOrDeny(self, command, args): + try: + opts, remaining = getopt.getopt(args, "av", ("all", "verbose")) + self.after.append((command, args)) + except getopt.GetoptError, ex: + raise KickstartValueError, formatErrorMsg(self.lineno, msg=_( + "Invalid realm arguments: %s") % str(ex)) + + def _parseJoin(self, args): + if self.join_realm: + raise KickstartParseError, formatErrorMsg(self.lineno, msg=_( + "The realm command 'join' should only be specified once")) + + try: + # We only support these args + opts, remaining = getopt.getopt(args, "", ("client-software=", + "server-software=", + "membership-software=", + "one-time-password=", + "no-password=", + "computer-ou=")) + except getopt.GetoptError, ex: + raise KickstartValueError, formatErrorMsg(self.lineno, msg=_( + "Invalid realm arguments: %s") % str(ex)) + + if len(remaining) != 1: + raise KickstartValueError, formatErrorMsg(self.lineno, msg=_( + "Specify only one realm to join")) + + # Parse successful, just use this as the join command + self.join_realm = remaining[0] + self.join_args = args + + # Build a discovery command + self.discover_options = [] + supported_discover_options = ("--client-software", + "--server-software", + "--membership-software") + for (o, a) in opts: + if o in supported_discover_options: + self.discover_options.append("%s=%s" % (o, a)) + + def _getCommandsAsStrings(self): + commands = [] + if self.join_args: + args = [pipes.quote(arg) for arg in self.join_args] + commands.append("realm join " + " ".join(self.join_args)) + for (command, args) in self.after: + args = [pipes.quote(arg) for arg in args] + commands.append("realm " + command + " " + " ".join(args)) + return commands + + def __str__(self): + retval = KickstartCommand.__str__(self) + + commands = self._getCommandsAsStrings() + if commands: + retval += "# Realm or domain membership\n" + retval += "\n".join(commands) + retval += "\n" + + return retval + + def parse(self, args): + self._parseArguments(self.currentLine[len(self.currentCmd):].strip()) + return self diff --git a/pykickstart/handlers/control.py b/pykickstart/handlers/control.py index 1993478..813f381 100644 --- a/pykickstart/handlers/control.py +++ b/pykickstart/handlers/control.py @@ -982,6 +982,7 @@ commandMap = { "partition": partition.F18_Partition, "poweroff": reboot.F18_Reboot, "raid": raid.F18_Raid, + "realm": realm.F19_Realm, "reboot": reboot.F18_Reboot, "repo": repo.F15_Repo, "rescue": rescue.F10_Rescue, diff --git a/tests/commands/realm.py b/tests/commands/realm.py new file mode 100644 index 0000000..387dc08 --- /dev/null +++ b/tests/commands/realm.py @@ -0,0 +1,54 @@ +import unittest, shlex +import warnings +from tests.baseclass import * + +from pykickstart.errors import * +from pykickstart.commands.realm import * + +class F19_TestCase(CommandTest): + command = "realm" + + def runTest(self): + + # No realm command arguments + self.assert_parse_error("realm", KickstartValueError) + + # Unsupported realmcommand + self.assert_parse_error("realm unknown --args", KickstartValueError) + + # pass for join + realm = self.assert_parse("realm join blah") + self.assertEquals(realm.join_realm, "blah") + self.assertEquals(realm.join_args, ["blah"]) + self.assertEquals(realm.discover_options, []) + self.assertEquals(realm.after, []) + self.assertEquals(str(realm), "# Realm or domain membership\nrealm join blah\n") + + # pass for join with client-software + realm = self.assert_parse("realm join --client-software=sssd --computer-ou=OU=blah domain.example.com") + self.assertEquals(realm.join_realm, "domain.example.com") + self.assertEquals(realm.join_args, ["--client-software=sssd", "--computer-ou=OU=blah", "domain.example.com"]) + self.assertEquals(realm.discover_options, ["--client-software=sssd"]) + self.assertEquals(realm.after, []) + self.assertEquals(str(realm), "# Realm or domain membership\nrealm join --client-software=sssd --computer-ou=OU=blah domain.example.com\n") + + # Bad arguments, only one domain for join + self.assert_parse_error("realm join one two", KickstartValueError) + + # Bad arguments, unsupported argument + self.assert_parse_error("realm join --user=blah one.example.com", KickstartValueError) + + # Bad arguments, unsupported argument + self.assert_parse_error("realm join --user=blah one.example.com", KickstartValueError) + + # pass + realm = self.assert_parse("realm permit -a") + self.assertEquals(realm.join_realm, None) + self.assertEquals(realm.after, [("permit", ["-a"])]) + self.assertEquals(str(realm), "# Realm or domain membership\nrealm permit -a\n") + + # Bad arguments to permit or deny + self.assert_parse_error("realm permit --bad-argument", KickstartValueError) + +if __name__ == "__main__": + unittest.main()
The realm command uses realmd to enable joining a domain during installation.
The join, permit and deny subcommands are supported. Also includes tests for the realm command.
Signed-off-by: Martin Kolman mkolman@gmail.com
pykickstart/commands/__init__.py | 2 +- pykickstart/commands/realm.py | 120 +++++++++++++++++++++++++++++++++++++++ pykickstart/handlers/control.py | 1 + tests/commands/realm.py | 54 ++++++++++++++++++ 4 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 pykickstart/commands/realm.py create mode 100644 tests/commands/realm.py
Can you give me an example of how this might be given in a kickstart file? Can multiple realm commands be specified in the same file?
- Chris
On 30.04.2013 17:05, Chris Lumens wrote:
The realm command uses realmd to enable joining a domain during installation.
The join, permit and deny subcommands are supported. Also includes tests for the realm command.
Signed-off-by: Martin Kolman mkolman@gmail.com
pykickstart/commands/__init__.py | 2 +- pykickstart/commands/realm.py | 120 +++++++++++++++++++++++++++++++++++++++ pykickstart/handlers/control.py | 1 + tests/commands/realm.py | 54 ++++++++++++++++++ 4 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 pykickstart/commands/realm.py create mode 100644 tests/commands/realm.py
Can you give me an example of how this might be given in a kickstart file? Can multiple realm commands be specified in the same file?
Sure, and yes, the multiple lines would look like:
realm join --one-time-password=ThePassword domain.example.com realm permit --all
Cheers,
Stef
Can you give me an example of how this might be given in a kickstart file? Can multiple realm commands be specified in the same file?
Sure, and yes, the multiple lines would look like:
realm join --one-time-password=ThePassword domain.example.com realm permit --all
Okay, I thought this might be the case. Does each line then correspond to a specific command line? Basically, I am trying to understand two things here:
(1) Why does pykickstart/anaconda need to know the details of argument processing? For the authconfig command, for instance, we act just as a pass through and don't need to worry with what changes.
(2) For other commands that can be specified multiple times (the partitioning ones are the biggest example), there's not just a Command object but a Data object as well. You build up a list of the data objects and then execute each one in order. Why is this command done differently?
- Chris
On 02.05.2013 17:54, Chris Lumens wrote:
Can you give me an example of how this might be given in a kickstart file? Can multiple realm commands be specified in the same file?
Sure, and yes, the multiple lines would look like:
realm join --one-time-password=ThePassword domain.example.com realm permit --all
Okay, I thought this might be the case. Does each line then correspond to a specific command line? Basically, I am trying to understand two things here:
(1) Why does pykickstart/anaconda need to know the details of argument processing? For the authconfig command, for instance, we act just as a pass through and don't need to worry with what changes.
Because for 'realm join' we need to do part of the work before actually doing the join post-install. In particular, before the install starts we need discover what kind of domain we're dealing with so that realmd can tell us which packages need to be added to the install set.
This is important because we cannot rely on PackageKit or even the package install sources during post-install.
Secondly, realmd is run in a special mode so that it operates on the installed mounted image, rather than on / itself. This means additional arguments are spliced in.
Lastly and least importantly, not all arguments make sense when run in a batch environment.
Cheers,
Stef
Because for 'realm join' we need to do part of the work before actually doing the join post-install. In particular, before the install starts we need discover what kind of domain we're dealing with so that realmd can tell us which packages need to be added to the install set.
This is important because we cannot rely on PackageKit or even the package install sources during post-install.
Are there so many realmd-related packages that this is a real concern?
- Chris
On 08.05.2013 21:18, Chris Lumens wrote:
Because for 'realm join' we need to do part of the work before actually doing the join post-install. In particular, before the install starts we need discover what kind of domain we're dealing with so that realmd can tell us which packages need to be added to the install set.
This is important because we cannot rely on PackageKit or even the package install sources during post-install.
Are there so many realmd-related packages that this is a real concern?
Yes ... if you mean "Why can't all related packages be installed by default?"
To join a FreeIPA domain between 15-20 dependencies including (freeipa-client, sssd, and all dependencies) are pulled in. To join active directory, around 10-12 or so (samba-common, adcli, sssd and all dependencies).
Cheers,
Stef
Yes ... if you mean "Why can't all related packages be installed by default?"
To join a FreeIPA domain between 15-20 dependencies including (freeipa-client, sssd, and all dependencies) are pulled in. To join active directory, around 10-12 or so (samba-common, adcli, sssd and all dependencies).
Wow, okay, thanks for explaining it. That's a pretty complex situation.
- Chris
On Thu, 2013-05-02 at 11:54 -0400, Chris Lumens wrote:
Can you give me an example of how this might be given in a kickstart file? Can multiple realm commands be specified in the same file?
Sure, and yes, the multiple lines would look like:
realm join --one-time-password=ThePassword domain.example.com realm permit --all
Okay, I thought this might be the case. Does each line then correspond to a specific command line? Basically, I am trying to understand two things here:
(1) Why does pykickstart/anaconda need to know the details of argument processing? For the authconfig command, for instance, we act just as a pass through and don't need to worry with what changes.
(2) For other commands that can be specified multiple times (the partitioning ones are the biggest example), there's not just a Command object but a Data object as well. You build up a list of the data objects and then execute each one in order. Why is this command done differently?
I think it is not necessary to have a Data object for the realm command. It doesn't care about the order of the commands and runs everything in the right order. It could even be:
realm join --one-time-password=ThePassword --permit=all domain.example.com
But the multiple-line syntax matches the manual realmd utility invocation in a better way.
I think it is not necessary to have a Data object for the realm command. It doesn't care about the order of the commands and runs everything in the right order. It could even be:
realm join --one-time-password=ThePassword --permit=all domain.example.com
But the multiple-line syntax matches the manual realmd utility invocation in a better way.
It's just completely different from how all other kickstart commands are processed, and if there's not a really good reason why it needs to be that way, it shouldn't. I don't want to have a third style of things to have to remember and debug.
It also breaks the current assumption that each line maps to one piece of kickstart data, like all other commands do. I don't know that I am relying on that anywhere, but it seems like a pretty handy assumption to have in the future.
- Chris
On 08.05.2013 21:22, Chris Lumens wrote:
I think it is not necessary to have a Data object for the realm command. It doesn't care about the order of the commands and runs everything in the right order. It could even be:
realm join --one-time-password=ThePassword --permit=all domain.example.com
But the multiple-line syntax matches the manual realmd utility invocation in a better way.
It's just completely different from how all other kickstart commands are processed, and if there's not a really good reason why it needs to be that way, it shouldn't. I don't want to have a third style of things to have to remember and debug.
It also breaks the current assumption that each line maps to one piece of kickstart data, like all other commands do. I don't know that I am relying on that anywhere, but it seems like a pretty handy assumption to have in the future.
If I recall correctly, the initial advice you had given was to make the kickstart commands closely mirror the 'realm' command line command if possible. Which is the case here. So this would have been an interesting observation to have last year when these patches were posted.
Secondly the multiple lines can be independent of one another, and could easily be implemented that way. In the same way that multiple repo, user, or many other commands make sense when specified multiple times.
But it any case, if this at all increases the hope of getting this finally merged, we can just drop the permit/deny stuff from kickstart in this initial Fedora 19 version.
The default behavior of realmd is to respect domain login policy, and the 'realm permit' stuff is just a handy tool on top of that. So let's just drop it this point, since we barely have any time remaining to get this in and tested.
Vratislav are you okay with dropping those commands, and only having 'join' for now?
Chris, with that change are you okay to have this merged?
Cheers,
Stef
On Wed, 2013-05-08 at 21:54 +0200, Stef Walter wrote:
On 08.05.2013 21:22, Chris Lumens wrote:
I think it is not necessary to have a Data object for the realm command. It doesn't care about the order of the commands and runs everything in the right order. It could even be:
realm join --one-time-password=ThePassword --permit=all domain.example.com
But the multiple-line syntax matches the manual realmd utility invocation in a better way.
It's just completely different from how all other kickstart commands are processed, and if there's not a really good reason why it needs to be that way, it shouldn't. I don't want to have a third style of things to have to remember and debug.
It also breaks the current assumption that each line maps to one piece of kickstart data, like all other commands do. I don't know that I am relying on that anywhere, but it seems like a pretty handy assumption to have in the future.
If I recall correctly, the initial advice you had given was to make the kickstart commands closely mirror the 'realm' command line command if possible. Which is the case here. So this would have been an interesting observation to have last year when these patches were posted.
Secondly the multiple lines can be independent of one another, and could easily be implemented that way. In the same way that multiple repo, user, or many other commands make sense when specified multiple times.
But it any case, if this at all increases the hope of getting this finally merged, we can just drop the permit/deny stuff from kickstart in this initial Fedora 19 version.
The default behavior of realmd is to respect domain login policy, and the 'realm permit' stuff is just a handy tool on top of that. So let's just drop it this point, since we barely have any time remaining to get this in and tested.
Vratislav are you okay with dropping those commands, and only having 'join' for now?
I have no problem with it. We can work on the "options-based" or "RealmData" approaches later when we have a bit more time for it. Me or Martin will send those modified patches today.
anaconda-patches@lists.fedorahosted.org