Add verbiage on what accounts and what passwords we are asking for (#738)

Ask for confirmation of passwords (#748)

6 files changed, 120 insertions, 14 deletions

diff --git a/pykolab/setup/setup_freebusy.py b/pykolab/setup/setup_freebusy.py
index 5c4b2e7..3b522f1 100644
--- a/pykolab/setup/setup_freebusy.py
+++ b/pykolab/setup/setup_freebusy.py
@@ -34,7 +34,12 @@ log = pykolab.getLogger('pykolab.setup')
 conf = pykolab.getConf()
 
 def __init__():
-    components.register('freebusy', execute, description=description(), after=['mysql','ldap', 'roundcube'])
+    components.register(
+            'freebusy',
+            execute,
+            description=description(),
+            after=['mysql','ldap', 'roundcube']
+        )
 
 def description():
     return _("Setup Free/Busy.")
@@ -45,9 +50,19 @@ def execute(*args, **kw):
         return
 
     if not hasattr(conf, 'mysql_roundcube_password'):
+        print >> sys.sdterr, utils.multiline_message(
+                _("""
+                        Please supply the MySQL password for the 'roundcube'
+                        user. You have supplied this password earlier, and it is
+                        available from the database URI setting in
+                        /etc/roundcubemail/db.inc.php.
+                    """)
+            )
+
         conf.mysql_roundcube_password = utils.ask_question(
                 _("MySQL roundcube password"),
-                password=True
+                password=True,
+                confirm=True
             )
 
     freebusy_settings = {
diff --git a/pykolab/setup/setup_imap.py b/pykolab/setup/setup_imap.py
index df676e7..de927f3 100644
--- a/pykolab/setup/setup_imap.py
+++ b/pykolab/setup/setup_imap.py
@@ -33,7 +33,12 @@ log = pykolab.getLogger('pykolab.setup')
 conf = pykolab.getConf()
 
 def __init__():
-    components.register('imap', execute, description=description(), after=['ldap'])
+    components.register(
+            'imap',
+            execute,
+            description=description(),
+            after=['ldap']
+        )
 
 def description():
     return _("Setup IMAP.")
diff --git a/pykolab/setup/setup_kolabd.py b/pykolab/setup/setup_kolabd.py
index 03c2cae..13e1fd7 100644
--- a/pykolab/setup/setup_kolabd.py
+++ b/pykolab/setup/setup_kolabd.py
@@ -32,7 +32,12 @@ log = pykolab.getLogger('pykolab.setup')
 conf = pykolab.getConf()
 
 def __init__():
-    components.register('kolabd', execute, description=description(), after=['ldap','imap'])
+    components.register(
+            'kolabd',
+            execute,
+            description=description(),
+            after=['ldap','imap']
+        )
 
 def description():
     return _("Setup the Kolab daemon.")
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 71c1e5d..9a9db2b 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -62,16 +62,35 @@ def execute(*args, **kw):
     _input = {}
 
     if ask_questions:
+        print >> sys.stderr, utils.multiline_message(
+                _("""
+                        Please supply a password for the LDAP administrator user
+                        'admin', used to login to the graphical console of 389
+                        Directory server.
+                    """)
+            )
+
         _input['admin_pass'] = utils.ask_question(
                 _("Administrator password"),
                 default=utils.generate_password(),
-                password=True
+                password=True,
+                confirm=True
+            )
+
+        print >> sys.stderr, utils.multiline_message(
+                _("""
+                        Please supply a password for the LDAP Directory Manager
+                        user, which is the administrator user you will be using
+                        to at least initially log in to the Web Admin, and that
+                        Kolab uses to perform administrative tasks.
+                    """)
             )
 
         _input['dirmgr_pass'] = utils.ask_question(
                 _("Directory Manager password"),
                 default=utils.generate_password(),
-                password=True
+                password=True,
+                confirm=True
             )
 
         _input['userid'] = utils.ask_question(_("User"), default="nobody")
@@ -185,16 +204,37 @@ ServerAdminPwd = %(admin_pass)s
                 "directory server service."))
 
     if ask_questions:
+        print >> sys.stderr, utils.multiline_message(
+                _("""
+                        Please supply a Cyrus Administrator password. This
+                        password is used by Kolab to execute administrative
+                        tasks in Cyrus IMAP. You may also need the password
+                        yourself to troubleshoot Cyrus IMAP and/or perform
+                        other administrative tasks against Cyrus IMAP directly.
+                    """)
+            )
+
         _input['cyrus_admin_pass'] = utils.ask_question(
                 _("Cyrus Administrator password"),
                 default=utils.generate_password(),
-                password=True
+                password=True,
+                confirm=True
+            )
+
+        print >> sys.stderr, utils.multiline_message(
+                _("""
+                        Please supply a Kolab Service account password. This
+                        account is used by various services such as Postfix,
+                        and Roundcube, as anonymous binds to the LDAP server
+                        will not be allowed.
+                    """)
             )
 
         _input['kolab_service_pass'] = utils.ask_question(
                 _("Kolab Service password"),
                 default=utils.generate_password(),
-                password=True
+                password=True,
+                confirm=True
             )
 
     else:
diff --git a/pykolab/setup/setup_mysql.py b/pykolab/setup/setup_mysql.py
index 36bfe14..ac63add 100644
--- a/pykolab/setup/setup_mysql.py
+++ b/pykolab/setup/setup_mysql.py
@@ -49,13 +49,25 @@ def execute(*args, **kw):
         log.error(_("Could not start and configure to start on boot, the " + \
                 "MySQL database service."))
 
-    mysql_root_pw = utils.ask_question(
+    print >> sys.stderr, utils.multiline_message(
+            _("""
+                    Please supply a root password for MySQL. This password will
+                    be the administrative user for this MySQL server, and it
+                    should be kept a secret. After this setup process has
+                    completed, Kolab is going to discard and forget about this
+                    password, but you will need it for administrative tasks in
+                    MySQL.
+                """)
+        )
+
+    mysql_root_password = utils.ask_question(
             _("MySQL root password"),
             default=utils.generate_password(),
-            password=True
+            password=True,
+            confirm=True
         )
 
-    p1 = subprocess.Popen(['echo', 'UPDATE mysql.user SET Password=PASSWORD(\'%s\') WHERE User=\'root\';' % (mysql_root_pw)], stdout=subprocess.PIPE)
+    p1 = subprocess.Popen(['echo', 'UPDATE mysql.user SET Password=PASSWORD(\'%s\') WHERE User=\'root\';' % (mysql_root_password)], stdout=subprocess.PIPE)
     p2 = subprocess.Popen(['mysql'], stdin=p1.stdout)
     p1.stdout.close()
     p2.communicate()
@@ -69,7 +81,7 @@ def execute(*args, **kw):
 [mysql]
 user=root
 password=%s
-""" % (mysql_root_pw)
+""" % (mysql_root_password)
 
     fp = open('/tmp/kolab-setup-my.cnf', 'w')
     fp.write(data)
@@ -87,12 +99,32 @@ password=%s
         p1.stdout.close()
         p2.communicate()
 
+        print >> sys.stderr, utils.multiline_message(
+                _("""
+                        Please supply a password for the MySQL user 'kolab'.
+                        This password will be used by Kolab services, such as
+                        the Web Administration Panel.
+                    """)
+            )
+
+        mysql_kolab_password = utils.ask_question(
+                _("MySQL kolab password"),
+                default=utils.generate_password(),
+                password=True,
+                confirm=True
+            )
+
+        p1 = subprocess.Popen(['echo', 'GRANT ALL PRIVILEGES ON kolab.* TO \'kolab\'@\'localhost\' IDENTIFIED BY \'%s\';' % (mysql_kolab_password)], stdout=subprocess.PIPE)
+        p2 = subprocess.Popen(['mysql', '--defaults-file=/tmp/kolab-setup-my.cnf'], stdin=p1.stdout)
+        p1.stdout.close()
+        p2.communicate()
+
         p1 = subprocess.Popen(['cat', schema_file], stdout=subprocess.PIPE)
         p2 = subprocess.Popen(['mysql', '--defaults-file=/tmp/kolab-setup-my.cnf', 'kolab'], stdin=p1.stdout)
         p1.stdout.close()
         p2.communicate()
 
-        conf.command_set('kolab_wap', 'sql_uri', 'mysql://root:%s@localhost/kolab' % (mysql_root_pw))
+        conf.command_set('kolab_wap', 'sql_uri', 'mysql://kolab:%s@localhost/kolab' % (mysql_kolab_password))
     else:
         log.warning(_("Could not find the Kolab schema file"))
 
diff --git a/pykolab/setup/setup_roundcube.py b/pykolab/setup/setup_roundcube.py
index cd6e5d2..0077a3d 100644
--- a/pykolab/setup/setup_roundcube.py
+++ b/pykolab/setup/setup_roundcube.py
@@ -40,10 +40,19 @@ def description():
     return _("Setup Roundcube.")
 
 def execute(*args, **kw):
+    print >> sys.stderr, utils.multiline_message(
+            _("""
+                    Please supply a password for the MySQL user 'roundcube'.
+                    This password will be used by the Roundcube webmail
+                    interface.
+                """)
+        )
+
     mysql_roundcube_password = utils.ask_question(
             _("MySQL roundcube password"),
             default=utils.generate_password(),
-            password=True
+            password=True,
+            confirm=True
         )
 
     conf.mysql_roundcube_password = mysql_roundcube_password