From 8fd313b624e3da699280f81da1f88ef7149e6123 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 12 Aug 2015 07:49:53 +0200
Subject: [PATCH] install: Fix server and replica install options

https://fedorahosted.org/freeipa/ticket/5184

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaserver/install/server/install.py        | 55 ++++++------------------------
 ipaserver/install/server/replicainstall.py | 36 ++++---------------
 2 files changed, 17 insertions(+), 74 deletions(-)

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index b9bf3f34bdb7c32115e5c6a7038f11f901ab06b8..ff517513473a458a84f63c5c1308a8cc0b8699f8 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1137,18 +1137,6 @@ def uninstall(installer):
 class ServerCA(common.Installable, core.Group, core.Composite):
     description = "certificate system"
 
-    setup_ca = Knob(
-        bool, False,
-        initializable=False,
-        description="configure a dogtag CA",
-    )
-
-    setup_kra = Knob(
-        bool, False,
-        initializable=False,
-        description="configure a dogtag KRA",
-    )
-
     external_ca = Knob(
         bool, False,
         description=("Generate a CSR for the IPA CA certificate to be signed "
@@ -1163,7 +1151,7 @@ class ServerCA(common.Installable, core.Group, core.Composite):
     external_cert_files = Knob(
         (list, str), None,
         description=("File containing the IPA CA certificate and the external "
-                     "CA certificate chain (can be specified multiple times)"),
+                     "CA certificate chain"),
         cli_name='external-cert-file',
         cli_aliases=['external_cert_file', 'external_ca_file'],
         cli_metavar='FILE',
@@ -1308,6 +1296,7 @@ class ServerDNS(common.Installable, core.Group, core.Composite):
         description=("The reverse DNS zone to use. This option can be used "
                      "multiple times"),
         cli_name='reverse-zone',
+        cli_metavar='REVERSE_ZONE',
     )
 
     no_reverse = Knob(
@@ -1320,31 +1309,6 @@ class ServerDNS(common.Installable, core.Group, core.Composite):
         description="Disable DNSSEC validation",
     )
 
-    dnssec_master = Knob(
-        bool, False,
-        initializable=False,
-        description="Setup server to be DNSSEC key master",
-    )
-
-    disable_dnssec_master = Knob(
-        bool, False,
-        initializable=False,
-        description="Disable the DNSSEC master on this server",
-    )
-
-    kasp_db_file = Knob(
-        str, None,
-        initializable=False,
-        description="Copy OpenDNSSEC metadata from the specified file (will "
-                    "not create a new kasp.db file)",
-    )
-
-    force = Knob(
-        bool, False,
-        initializable=False,
-        description="Force install",
-    )
-
     zonemgr = Knob(
         str, None,
         description=("DNS zone manager e-mail address. Defaults to "
@@ -1416,7 +1380,6 @@ class Server(common.Installable, common.Interactive, core.Composite):
     master_password = Knob(
         str, None,
         sensitive=True,
-        deprecated=True,
         description="kerberos master password (normally autogenerated)",
         cli_short_name='P',
     )
@@ -1466,11 +1429,13 @@ class Server(common.Installable, common.Interactive, core.Composite):
         description=("Master Server IP Address. This option can be used "
                      "multiple times"),
         cli_name='ip-address',
+        cli_metavar='IP_ADDRESS',
     )
 
     no_ntp = Knob(
         bool, False,
         description="do not configure ntp",
+        cli_short_name='N',
     )
 
     idstart = Knob(
@@ -1615,8 +1580,8 @@ class Server(common.Installable, common.Interactive, core.Composite):
         # Automatically disable pkinit w/ dogtag until that is supported
         self.ca.no_pkinit = True
 
-        self.setup_ca = self.ca.setup_ca
-        self.setup_kra = self.ca.setup_kra
+        self.setup_ca = False
+        self.setup_kra = False
         self.external_ca = self.ca.external_ca
         self.external_ca_type = self.ca.external_ca_type
         self.external_cert_files = self.ca.external_cert_files
@@ -1639,10 +1604,10 @@ class Server(common.Installable, common.Interactive, core.Composite):
         self.reverse_zones = self.dns.reverse_zones
         self.no_reverse = self.dns.no_reverse
         self.no_dnssec_validation = self.dns.no_dnssec_validation
-        self.dnssec_master = self.dns.dnssec_master
-        self.disable_dnssec_master = self.dns.disable_dnssec_master
-        self.kasp_db_file = self.dns.kasp_db_file
-        self.force = self.dns.force
+        self.dnssec_master = False
+        self.disable_dnssec_master = False
+        self.kasp_db_file = None
+        self.force = False
         self.zonemgr = self.dns.zonemgr
         self.no_host_dns = self.dns.no_host_dns
         self.no_dns_sshfp = self.dns.no_dns_sshfp
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 1ad291a1eada080361031a5723a0ea61679fc72e..dd8bc0d4bb7d8d9835a3e3e4dc24d1f67199d28f 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -679,6 +679,7 @@ class ReplicaDNS(common.Installable, core.Group, core.Composite):
         description=("The reverse DNS zone to use. This option can be used "
                      "multiple times"),
         cli_name='reverse-zone',
+        cli_metavar='REVERSE_ZONE',
     )
 
     no_reverse = Knob(
@@ -691,31 +692,6 @@ class ReplicaDNS(common.Installable, core.Group, core.Composite):
         description="Disable DNSSEC validation",
     )
 
-    dnssec_master = Knob(
-        bool, False,
-        initializable=False,
-        description="Setup server to be DNSSEC key master",
-    )
-
-    disable_dnssec_master = Knob(
-        bool, False,
-        initializable=False,
-        description="Disable the DNSSEC master on this server",
-    )
-
-    force = Knob(
-        bool, False,
-        initializable=False,
-        description="Force install",
-    )
-
-    kasp_db_file = Knob(
-        str, None,
-        initializable=False,
-        description="Copy OpenDNSSEC metadata from the specified file (will "
-                    "not create a new kasp.db file)",
-    )
-
     no_host_dns = Knob(
         bool, False,
         description="Do not use DNS for hostname lookup during installation",
@@ -750,6 +726,7 @@ class Replica(common.Installable, common.Interactive, core.Composite):
         description=("Replica server IP Address. This option can be used "
                      "multiple times"),
         cli_name='ip-address',
+        cli_metavar='IP_ADDRESS',
     )
 
     password = Knob(
@@ -774,6 +751,7 @@ class Replica(common.Installable, common.Interactive, core.Composite):
     no_ntp = Knob(
         bool, False,
         description="do not configure ntp",
+        cli_short_name='N',
     )
 
     no_ui_redirect = Knob(
@@ -864,10 +842,10 @@ class Replica(common.Installable, common.Interactive, core.Composite):
         self.reverse_zones = self.dns.reverse_zones
         self.no_reverse = self.dns.no_reverse
         self.no_dnssec_validation = self.dns.no_dnssec_validation
-        self.dnssec_master = self.dns.dnssec_master
-        self.disable_dnssec_master = self.dns.disable_dnssec_master
-        self.kasp_db_file = self.dns.kasp_db_file
-        self.force = self.dns.force
+        self.dnssec_master = False
+        self.disable_dnssec_master = False
+        self.kasp_db_file = None
+        self.force = False
         self.zonemgr = None
         self.no_host_dns = self.dns.no_host_dns
         self.no_dns_sshfp = self.dns.no_dns_sshfp
-- 
2.4.3