[Freeipa-devel] [PATCH] Introduce service base class and clean up ipa-server-install
Karl MacMillan
kmacmill at redhat.com
Mon Nov 5 19:43:34 UTC 2007
On Mon, 2007-11-05 at 12:44 -0400, Karl MacMillan wrote:
> # HG changeset patch
> # User "Karl MacMillan <kmacmillan at redhat.com>"
> # Date 1194284670 18000
> # Node ID db76e0233ab55b47ae226b2062a54c5a74441fe6
> # Parent 5a4b477d68ff5f26ea2d445b83e5bf67f329df35
> Introduce service base class and clean up ipa-server-install
>
> 1) Add a base class for all of the instance objects.
> 2) Normalize usage of logging.
> 3) General cleanups of ipa-server-install.
> 4) Make better use of httpinstance.
> 5) Add webguiinstance.
> 6) Improve progress reporting during installation.
>
> Works Here (TM), but it would be nice to get someone else
> to test since this moves code around a bit.
>
After merging and updating for the freeradius patch I actually pushed
the attached patch.
Karl
-------------- next part --------------
Introduce service base class and clean up ipa-server-install
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
diff -r b7816eac8557 ipa-server/ipa-install/ipa-server-install
--- a/ipa-server/ipa-install/ipa-server-install Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipa-install/ipa-server-install Mon Nov 05 14:41:55 2007 -0500
@@ -48,6 +48,9 @@ import ipaserver.httpinstance
import ipaserver.httpinstance
import ipaserver.ntpinstance
import ipaserver.radiusinstance
+import ipaserver.webguiinstance
+
+from ipaserver import service
from ipa.ipautil import run
@@ -525,7 +528,11 @@ def main():
# Create a HTTP instance
http = ipaserver.httpinstance.HTTPInstance()
- http.create_instance()
+ http.create_instance(realm_name, host_name)
+
+ # Create a Web Gui instance
+ webgui = ipaserver.webguiinstance.WebGuiInstance()
+ webgui.create_instance()
# Create a radius instance
radius = ipaserver.radiusinstance.RadiusInstance()
@@ -548,68 +555,15 @@ def main():
bind.create_sample_bind_zone()
# Restart ds and krb after configurations have been changed
+ service.print_msg("restarting the directory server")
ds.restart()
+
+ service.print_msg("restarting the KDC")
krb.restart()
# Configure ntpd
ntp = ipaserver.ntpinstance.NTPInstance()
ntp.create_instance()
-
- try:
- selinux=0
- try:
- if (os.path.exists('/usr/sbin/selinuxenabled')):
- run(["/usr/sbin/selinuxenabled"])
- selinux=1
- except subprocess.CalledProcessError, e:
- # selinuxenabled returns 1 if not enabled
- pass
-
- if selinux:
- # Allow apache to connect to the turbogears web gui
- # This can still fail even if selinux is enabled
- try:
- run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
- except:
- print "WARNING: could not set selinux boolean httpd_can_network_connect to true."
- print "The web interface may not function correctly until this boolean is"
- print "successfully change with the command:"
- print " /usr/sbin/setsebool -P httpd_can_network_connect true"
- print "Try updating the policycoreutils and selinux-policy packages."
- pass
-
- # Start the web gui
- run(["/sbin/service", "ipa-webgui", "start"])
-
- # Set the web gui to start on boot
- run(["/sbin/chkconfig", "ipa-webgui", "on"])
-
- # Restart apache
- run(["/sbin/service", "httpd", "restart"])
-
- # Set apache to start on boot
- run(["/sbin/chkconfig", "httpd", "on"])
-
- # Set fedora-ds to start on boot
- run(["/sbin/chkconfig", "dirsrv", "on"])
-
- # Set the KDC to start on boot
- run(["/sbin/chkconfig", "krb5kdc", "on"])
-
- # Set the Kpasswd to start on boot
- run(["/sbin/chkconfig", "ipa-kpasswd", "on"])
-
- # Start Kpasswd
- run(["/sbin/service", "ipa-kpasswd", "start"])
-
- # Set the ntpd to start on boot
- run(["/sbin/chkconfig", "ntpd", "on"])
-
- # Restart ntpd
- run(["/sbin/service", "ntpd", "restart"])
- except subprocess.CalledProcessError, e:
- print "Installation failed:", e
- return 1
# Set the admin user kerberos password
ds.change_admin_password(admin_password)
diff -r b7816eac8557 ipa-server/ipa-install/share/Makefile.am
--- a/ipa-server/ipa-install/share/Makefile.am Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipa-install/share/Makefile.am Mon Nov 05 14:41:55 2007 -0500
@@ -19,6 +19,7 @@ app_DATA = \
krbrealm.con.template \
ntp.conf.server.template \
radius.radiusd.conf.template \
+ referint-conf.ldif \
$(NULL)
EXTRA_DIST = \
diff -r b7816eac8557 ipa-server/ipaserver/Makefile.am
--- a/ipa-server/ipaserver/Makefile.am Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipaserver/Makefile.am Mon Nov 05 14:41:55 2007 -0500
@@ -10,6 +10,8 @@ app_PYTHON = \
httpinstance.py \
ntpinstance.py \
radiusinstance.py \
+ webguiinstance.py \
+ service.py \
$(NULL)
EXTRA_DIST = \
diff -r b7816eac8557 ipa-server/ipaserver/dsinstance.py
--- a/ipa-server/ipaserver/dsinstance.py Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipaserver/dsinstance.py Mon Nov 05 14:41:55 2007 -0500
@@ -24,7 +24,9 @@ import shutil
import shutil
import logging
import pwd
+
from ipa.ipautil import *
+import service
SERVER_ROOT_64 = "/usr/lib64/dirsrv"
SERVER_ROOT_32 = "/usr/lib/dirsrv"
@@ -57,8 +59,9 @@ RootDNPwd= $PASSWORD
RootDNPwd= $PASSWORD
"""
-class DsInstance:
+class DsInstance(service.Service):
def __init__(self):
+ service.Service.__init__(self, "dirsrv")
self.serverid = None
self.realm_name = None
self.suffix = None
@@ -75,6 +78,7 @@ class DsInstance:
self.dm_password = dm_password
self.__setup_sub_dict()
+ self.start_creation(11, "Configuring directory server:")
self.__create_ds_user()
self.__create_instance()
self.__add_default_schemas()
@@ -84,11 +88,17 @@ class DsInstance:
self.__enable_ssl()
self.__certmap_conf()
try:
+ self.step("restarting directory server")
self.restart()
except:
# TODO: roll back here?
- print "Failed to restart the ds instance"
+ logging.critical("Failed to restart the ds instance")
self.__add_default_layout()
+
+ self.step("configuring directoy to start on boot")
+ self.chkconfig_on()
+
+ self.done_creation()
def config_dirname(self):
if not self.serverid:
@@ -97,15 +107,6 @@ class DsInstance:
def schema_dirname(self):
return self.config_dirname() + "/schema/"
-
- def stop(self):
- run(["/sbin/service", "dirsrv", "stop"])
-
- def start(self):
- run(["/sbin/service", "dirsrv", "start"])
-
- def restart(self):
- run(["/sbin/service", "dirsrv", "restart"])
def __setup_sub_dict(self):
server_root = find_server_root()
@@ -115,6 +116,7 @@ class DsInstance:
SERVER_ROOT=server_root)
def __create_ds_user(self):
+ self.step("creating directory server user")
try:
pwd.getpwnam(self.ds_user)
logging.debug("ds user %s exists" % self.ds_user)
@@ -125,11 +127,10 @@ class DsInstance:
run(args)
logging.debug("done adding user")
except subprocess.CalledProcessError, e:
- print "Failed to add user", e
- logging.debug("failed to add user %s" % e)
+ logging.critical("failed to add user %s" % e)
def __create_instance(self):
- logging.debug("creating ds instance . . . ")
+ self.step("creating directory server instance")
inf_txt = template_str(INF_TEMPLATE, self.sub_dict)
logging.debug(inf_txt)
inf_fd = write_tmp_file(inf_txt)
@@ -144,17 +145,17 @@ class DsInstance:
run(args)
logging.debug("completed creating ds instance")
except subprocess.CalledProcessError, e:
+ logging.critical("failed to restart ds instance %s" % e)
+ logging.debug("restarting ds instance")
+ try:
+ self.restart()
+ logging.debug("done restarting ds instance")
+ except subprocess.CalledProcessError, e:
print "failed to restart ds instance", e
logging.debug("failed to restart ds instance %s" % e)
- logging.debug("restarting ds instance")
- try:
- self.restart()
- logging.debug("done restarting ds instance")
- except subprocess.CalledProcessError, e:
- print "failed to restart ds instance", e
- logging.debug("failed to restart ds instance %s" % e)
def __add_default_schemas(self):
+ self.step("adding default schema")
shutil.copyfile(SHARE_DIR + "60kerberos.ldif",
self.schema_dirname() + "60kerberos.ldif")
shutil.copyfile(SHARE_DIR + "60samba.ldif",
@@ -163,15 +164,17 @@ class DsInstance:
self.schema_dirname() + "60radius.ldif")
def __add_memberof_module(self):
+ self.step("enabling memboerof plugin")
memberof_txt = template_file(SHARE_DIR + "memberof-conf.ldif", self.sub_dict)
memberof_fd = write_tmp_file(memberof_txt)
try:
ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
except subprocess.CalledProcessError, e:
- print "Failed to load memberof-conf.ldif", e
+ logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
memberof_fd.close()
def __add_referint_module(self):
+ self.step("enabling referential integrity plugin")
referint_txt = template_file(SHARE_DIR + "referint-conf.ldif", self.sub_dict)
referint_fd = write_tmp_file(referint_txt)
try:
@@ -181,7 +184,7 @@ class DsInstance:
referint_fd.close()
def __enable_ssl(self):
- logging.debug("configuring ssl for ds instance")
+ self.step("configuring ssl for ds instance")
dirname = self.config_dirname()
args = ["/usr/share/ipa/ipa-server-setupssl", self.dm_password,
dirname, self.host_name]
@@ -189,13 +192,13 @@ class DsInstance:
run(args)
logging.debug("done configuring ssl for ds instance")
except subprocess.CalledProcessError, e:
- print "Failed to enable ssl in ds instance", e
- logging.debug("Failed to configure ssl in ds instance %s" % e)
+ logging.critical("Failed to configure ssl in ds instance %s" % e)
def __add_default_layout(self):
+ self.step("adding default layout")
txt = template_file(SHARE_DIR + "bootstrap-template.ldif", self.sub_dict)
inf_fd = write_tmp_file(txt)
- logging.debug("adding default ds layout")
+ logging.debug("adding default dfrom ipa.ipautil import *s layout")
args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager",
"-w", self.dm_password, "-f", inf_fd.name]
try:
@@ -203,9 +206,10 @@ class DsInstance:
logging.debug("done adding default ds layout")
except subprocess.CalledProcessError, e:
print "Failed to add default ds layout", e
- logging.debug("Failed to add default ds layout %s" % e)
+ logging.critical("Failed to add default ds layout %s" % e)
def __create_indeces(self):
+ self.step("creating indeces")
txt = template_file(SHARE_DIR + "indeces.ldif", self.sub_dict)
inf_fd = write_tmp_file(txt)
logging.debug("adding/updating indeces")
@@ -215,17 +219,15 @@ class DsInstance:
run(args)
logging.debug("done adding/updating indeces")
except subprocess.CalledProcessError, e:
- print "Failed to add default ds layout", e
- logging.debug("Failed to add/update indeces %s" % e)
+ logging.critical("Failed to add/update indeces %s" % str(e))
def __certmap_conf(self):
- logging.debug("configuring certmap.conf for ds instance")
+ self.step("configuring certmap.conf")
dirname = self.config_dirname()
certmap_conf = template_file(SHARE_DIR+"certmap.conf.template", self.sub_dict)
certmap_fd = open(dirname+"certmap.conf", "w+")
certmap_fd.write(certmap_conf)
certmap_fd.close()
- logging.debug("done configuring certmap.conf for ds instance")
def change_admin_password(self, password):
logging.debug("Changing admin password")
diff -r b7816eac8557 ipa-server/ipaserver/httpinstance.py
--- a/ipa-server/ipaserver/httpinstance.py Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipaserver/httpinstance.py Mon Nov 05 14:41:55 2007 -0500
@@ -20,16 +20,25 @@ import subprocess
import subprocess
import string
import tempfile
-import shutil
import logging
import pwd
-from ipa.ipautil import *
import fileinput
import sys
+import time
+
+import service
+from ipa.ipautil import *
HTTPD_DIR = "/etc/httpd"
SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf"
+
+selinux_warning = """WARNING: could not set selinux boolean httpd_can_network_connect to true.
+The web interface may not function correctly until this boolean is
+successfully change with the command:
+ /usr/sbin/setsebool -P httpd_can_network_connect true
+Try updating the policycoreutils and selinux-policy packages.
+"""
def update_file(filename, orig, subst):
if os.path.exists(filename):
@@ -42,35 +51,90 @@ def update_file(filename, orig, subst):
sys.stdout.write(p.sub(subst, line))
fileinput.close()
-class HTTPInstance:
+class HTTPInstance(service.Service):
def __init__(self):
- pass
+ service.Service.__init__(self, "httpd")
- def create_instance(self):
+ def create_instance(self, realm, fqdn):
+ self.sub_dict = { "REALM" : realm }
+ self.fqdn = fqdn
+ self.realm = realm
+
+ self.start_creation(6, "Configuring the web interface")
+
self.__disable_mod_ssl()
self.__set_mod_nss_port()
+ self.__configure_http()
+ self.__create_http_keytab()
+
+ self.step("restarting httpd")
+ self.restart()
+
+ self.step("configuring httpd to start on boot")
+ self.chkconfig_on()
+
+ self.done_creation()
+
+ def __selinux_config(self):
+ self.step("configuring SELinux for httpd")
+ selinux=0
try:
- self.restart()
- except:
- # TODO: roll back here?
- print "Failed to restart httpd"
+ if (os.path.exists('/usr/sbin/selinuxenabled')):
+ run(["/usr/sbin/selinuxenabled"])
+ selinux=1
+ except subprocess.CalledProcessError:
+ # selinuxenabled returns 1 if not enabled
+ pass
- def stop(self):
- run(["/sbin/service", "httpd", "stop"])
+ if selinux:
+ # Allow apache to connect to the turbogears web gui
+ # This can still fail even if selinux is enabled
+ try:
+ run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
+ except:
+ self.print_msg(selinux_warning)
+
+ def __create_http_keytab(self):
+ self.step("creating a keytab for httpd")
+ try:
+ if file_exists("/etc/httpd/conf/ipa.keytab"):
+ os.remove("/etc/httpd/conf/ipa.keytab")
+ except os.error:
+ print "Failed to remove /etc/httpd/conf/ipa.keytab."
+ (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
+ kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n")
+ kwrite.flush()
+ kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n")
+ kwrite.flush()
+ kwrite.close()
+ kread.close()
+ kerr.close()
- def start(self):
- run(["/sbin/service", "httpd", "start"])
+ # give kadmin time to actually write the file before we go on
+ retry = 0
+ while not file_exists("/etc/httpd/conf/ipa.keytab"):
+ time.sleep(1)
+ retry += 1
+ if retry > 15:
+ print "Error timed out waiting for kadmin to finish operations\n"
+ sys.exit(1)
- def restart(self):
- run(["/sbin/service", "httpd", "restart"])
+ pent = pwd.getpwnam("apache")
+ os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
+
+ def __configure_http(self):
+ self.step("configuring httpd")
+ http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict)
+ http_fd = open("/etc/httpd/conf.d/ipa.conf", "w")
+ http_fd.write(http_txt)
+ http_fd.close()
+
def __disable_mod_ssl(self):
- logging.debug("disabling mod_ssl in httpd")
+ self.step("disabling mod_ssl in httpd")
if os.path.exists(SSL_CONF):
os.rename(SSL_CONF, "%s.moved_by_ipa" % SSL_CONF)
- logging.debug("done disabling mod_ssl")
def __set_mod_nss_port(self):
- logging.debug("Setting mod_nss port to 443")
+ self.step("Setting mod_nss port to 443")
update_file(NSS_CONF, '8443', '443')
- logging.debug("done setting mod_nss port")
diff -r b7816eac8557 ipa-server/ipaserver/krbinstance.py
--- a/ipa-server/ipaserver/krbinstance.py Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipaserver/krbinstance.py Mon Nov 05 14:41:55 2007 -0500
@@ -32,6 +32,8 @@ import pwd
import pwd
import socket
import time
+
+import service
from ipa.ipautil import *
def host_to_domain(fqdn):
@@ -63,8 +65,9 @@ def update_key_val_in_file(filename, key
f.write("%s=%s\n" % (key, val))
f.close()
-class KrbInstance:
+class KrbInstance(service.Service):
def __init__(self):
+ service.Service.__init__(self, "krb5kdc")
self.ds_user = None
self.fqdn = None
self.realm = None
@@ -95,39 +98,41 @@ class KrbInstance:
# It could have been not running
pass
+ self.start_creation(10, "Configuring Kerberos KDC")
+
self.__configure_kdc_account_password()
self.__setup_sub_dict()
self.__configure_ldap()
- self.__configure_http()
-
self.__create_instance()
self.__create_ds_keytab()
- self.__create_http_keytab()
-
self.__export_kadmin_changepw_keytab()
self.__add_pwd_extop_module()
try:
+ self.step("starting the KDC")
self.start()
except:
- print "krb5kdc service failed to start"
-
- def stop(self):
- run(["/sbin/service", "krb5kdc", "stop"])
-
- def start(self):
- run(["/sbin/service", "krb5kdc", "start"])
-
- def restart(self):
- run(["/sbin/service", "krb5kdc", "restart"])
+ logging.critical("krb5kdc service failed to start")
+
+ self.step("configuring KDC to start on boot")
+ self.chkconfig_on()
+
+ self.step("configuring ipa-kpasswd to start on boot")
+ service.chkconfig_on("ipa-kpasswd")
+
+ self.step("starting ipa-kpasswd")
+ service.start("ipa-kpasswd")
+
+ self.done_creation()
def __configure_kdc_account_password(self):
+ self.step("setting KDC account password")
hexpwd = ''
for x in self.kdc_password:
hexpwd += (hex(ord(x))[2:])
@@ -145,14 +150,14 @@ class KrbInstance:
REALM=self.realm)
def __configure_ldap(self):
-
+ self.step("adding kerberos configuration to the directory")
#TODO: test that the ldif is ok with any random charcter we may use in the password
kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict)
kerberos_fd = write_tmp_file(kerberos_txt)
try:
ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password)
except subprocess.CalledProcessError, e:
- print "Failed to load kerberos.ldif", e
+ logging.critical("Failed to load kerberos.ldif: %s" % str(e))
kerberos_fd.close()
#Change the default ACL to avoid anonimous access to kerberos keys and othe hashes
@@ -161,10 +166,11 @@ class KrbInstance:
try:
ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password)
except subprocess.CalledProcessError, e:
- print "Failed to load default-aci.ldif", e
+ logging.critical("Failed to load default-aci.ldif: %s" % str(e))
aci_fd.close()
def __create_instance(self):
+ self.step("configuring KDC")
kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict)
kdc_fd = open("/var/kerberos/krb5kdc/kdc.conf", "w+")
kdc_fd.write(kdc_conf)
@@ -200,12 +206,13 @@ class KrbInstance:
#add the password extop module
def __add_pwd_extop_module(self):
+ self.step("adding the password extenstion to the directory")
extop_txt = template_file(SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict)
extop_fd = write_tmp_file(extop_txt)
try:
ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password)
except subprocess.CalledProcessError, e:
- print "Failed to load pwd-extop-conf.ldif", e
+ logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e))
extop_fd.close()
#add an ACL to let the DS user read the master key
@@ -213,14 +220,15 @@ class KrbInstance:
try:
run(args)
except subprocess.CalledProcessError, e:
- print "Failed to set the ACL on the master key", e
+ logging.critical("Failed to set the ACL on the master key: %s" % str(e))
def __create_ds_keytab(self):
+ self.step("creating a keytab for the directory")
try:
if file_exists("/etc/dirsrv/ds.keytab"):
os.remove("/etc/dirsrv/ds.keytab")
except os.error:
- print "Failed to remove /etc/dirsrv/ds.keytab."
+ logging.critical("Failed to remove /etc/dirsrv/ds.keytab.")
(kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n")
kwrite.flush()
@@ -236,7 +244,7 @@ class KrbInstance:
time.sleep(1)
retry += 1
if retry > 15:
- print "Error timed out waiting for kadmin to finish operations\n"
+ logging.critical("Error timed out waiting for kadmin to finish operations")
sys.exit(1)
update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
@@ -244,6 +252,7 @@ class KrbInstance:
os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid)
def __export_kadmin_changepw_keytab(self):
+ self.step("exporting the kadmin keytab")
(kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
kwrite.flush()
@@ -264,42 +273,11 @@ class KrbInstance:
time.sleep(1)
retry += 1
if retry > 15:
- print "Error timed out waiting for kadmin to finish operations\n"
+ logging.critical("Error timed out waiting for kadmin to finish operations")
sys.exit(1)
update_key_val_in_file("/etc/sysconfig/ipa-kpasswd", "export KRB5_KTNAME", "/var/kerberos/krb5kdc/kpasswd.keytab")
pent = pwd.getpwnam(self.ds_user)
os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid)
- def __create_http_keytab(self):
- try:
- if file_exists("/etc/httpd/conf/ipa.keytab"):
- os.remove("/etc/httpd/conf/ipa.keytab")
- except os.error:
- print "Failed to remove /etc/httpd/conf/ipa.keytab."
- (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
- kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n")
- kwrite.flush()
- kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n")
- kwrite.flush()
- kwrite.close()
- kread.close()
- kerr.close()
-
- # give kadmin time to actually write the file before we go on
- retry = 0
- while not file_exists("/etc/httpd/conf/ipa.keytab"):
- time.sleep(1)
- retry += 1
- if retry > 15:
- print "Error timed out waiting for kadmin to finish operations\n"
- sys.exit(1)
-
- pent = pwd.getpwnam("apache")
- os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
-
- def __configure_http(self):
- http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict)
- http_fd = open("/etc/httpd/conf.d/ipa.conf", "w")
- http_fd.write(http_txt)
- http_fd.close()
+
diff -r b7816eac8557 ipa-server/ipaserver/ntpinstance.py
--- a/ipa-server/ipaserver/ntpinstance.py Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipaserver/ntpinstance.py Mon Nov 05 14:41:55 2007 -0500
@@ -20,8 +20,16 @@ from ipa.ipautil import *
from ipa.ipautil import *
import shutil
-class NTPInstance:
+import service
+
+class NTPInstance(service.Service):
+ def __init__(self):
+ service.Service.__init__(self, "ntpd")
+
def create_instance(self):
+ self.start_creation(3, "Configuring ntpd")
+
+ self.step("writing configuration")
# The template sets the config to point towards ntp.pool.org, but
# they request that software not point towards the default pool.
# We use the OS variable to point it towards either the rhel
@@ -48,3 +56,9 @@ class NTPInstance:
# we might consider setting the date manually using ntpd -qg in case
# the current time is very far off.
+
+ self.step("starting ntpd")
+ self.start()
+
+ self.step("configuring ntpd to start on boot")
+ self.chkconfig_on()
diff -r b7816eac8557 ipa-server/ipaserver/radiusinstance.py
--- a/ipa-server/ipaserver/radiusinstance.py Mon Nov 05 11:39:59 2007 -0500
+++ b/ipa-server/ipaserver/radiusinstance.py Mon Nov 05 14:41:55 2007 -0500
@@ -27,6 +27,8 @@ import time
import time
from ipa.ipautil import *
+import service
+
import os
import re
@@ -47,8 +49,9 @@ from ipaserver.funcs import DefaultUserC
#-------------------------------------------------------------------------------
-class RadiusInstance:
+class RadiusInstance(service.Service):
def __init__(self):
+ service.Service.__init__(self, "radiusd")
self.fqdn = None
self.realm = None
self.principal = None
@@ -66,6 +69,8 @@ class RadiusInstance:
else:
self.rpm_name = self.rpm_version = self.rpm_release = None
+ self.start_creation(4, "Configuring radiusd")
+
try:
self.stop()
except:
@@ -76,22 +81,17 @@ class RadiusInstance:
self.__radiusd_conf()
try:
+ self.step("starting radiusd")
self.start()
except:
logging.error("radiusd service failed to start")
+ self.step("configuring radiusd to start on boot")
+ self.chkconfig_on()
- def stop(self):
- run(['/sbin/service', 'radiusd', 'stop'])
-
- def start(self):
- run(['/sbin/service', 'radiusd', 'start'])
-
- def restart(self):
- run(['/sbin/service', 'radiusd', 'restart'])
def __radiusd_conf(self):
- logging.debug('configuring radiusd.conf for radius instance')
+ self.step('configuring radiusd.conf for radius instance')
version = 'IPA_RADIUS_VERSION=%s RADIUS_PACKAGE_VERSION=%s' % (IPA_RADIUS_VERSION, self.rpm_nvr)
sub_dict = {'CONFIG_FILE_VERSION_INFO' : version,
@@ -110,6 +110,7 @@ class RadiusInstance:
logging.error("could not create %s: %s", RADIUSD_CONF_FILEPATH, e)
def __create_radius_keytab(self):
+ self.step("create radiusd keytab")
try:
if file_exists(IPA_KEYTAB_FILEPATH):
os.remove(IPA_KEYTAB_FILEPATH)
diff -r b7816eac8557 ipa-server/ipaserver/service.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ipa-server/ipaserver/service.py Mon Nov 05 14:41:55 2007 -0500
@@ -0,0 +1,86 @@
+# Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 or later
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from ipa.ipautil import *
+import logging, sys
+
+
+def stop(service_name):
+ run(["/sbin/service", service_name, "stop"])
+
+def start(service_name):
+ run(["/sbin/service", service_name, "start"])
+
+def restart(service_name):
+ run(["/sbin/service", service_name, "restart"])
+
+def chkconfig_on(service_name):
+ run(["/sbin/chkconfig", service_name, "on"])
+
+def chkconfig_off(service_name):
+ run(["/sbin/chkconfig", service_name, "off"])
+
+def print_msg(message, output_fd=sys.stdout):
+ logging.debug(message)
+ output_fd.write(message)
+ output_fd.write("\n")
+
+
+class Service:
+ def __init__(self, service_name):
+ self.service_name = service_name
+ self.num_steps = -1
+ self.current_step = -1
+ self.output_fd = sys.stdout
+
+ def set_output(self, fd):
+ self.output_fd = fd
+
+ def stop(self):
+ stop(self.service_name)
+
+ def start(self):
+ start(self.service_name)
+
+ def restart(self):
+ restart(self.service_name)
+
+ def chkconfig_on(self):
+ chkconfig_on(self.service_name)
+
+ def chkconfig_off(self):
+ chkconfig_off(self.service_name)
+
+ def print_msg(self, message):
+ print_msg(message, self.output_fd)
+
+ def start_creation(self, num_steps, message):
+ self.num_steps = num_steps
+ self.cur_step = 0
+ self.print_msg(message)
+
+ def step(self, message):
+ self.cur_step += 1
+ self.print_msg(" [%d/%d]: %s" % (self.cur_step, self.num_steps, message))
+
+ def done_creation(self):
+ self.cur_step = -1
+ self.num_steps = -1
+ self.print_msg("done configuring %s." % self.service_name)
+
diff -r b7816eac8557 ipa-server/ipaserver/webguiinstance.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ipa-server/ipaserver/webguiinstance.py Mon Nov 05 14:41:55 2007 -0500
@@ -0,0 +1,40 @@
+# Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
+#
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 or later
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import logging
+
+from ipa.ipautil import *
+import service
+
+class WebGuiInstance(service.Service):
+ def __init__(self):
+ service.Service.__init__(self, "ipa-webgui")
+
+ def create_instance(self):
+ self.start_creation(2, "Configuring ipa-webgui")
+
+ self.step("starting ipa-webgui")
+ service.start("ipa-webgui")
+
+ self.step("configuring ipa-webgui to start on boot")
+ service.chkconfig_on("ipa-webgui")
+
+ self.done_creation()
+
+
More information about the Freeipa-devel
mailing list