IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 01:41:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
8a32bb3746
freeipa/install/tools/ipactl

321 lines
9.9 KiB
Plaintext
Raw Normal View History

Execute /usr/bin/python directly instead of /usr/bin/env python ticket 608
2011-01-13 11:26:30 -06:00
#!/usr/bin/python
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
# Authors: Simo Sorce <ssorce@redhat.com>
Add small script to start/stop all of the services that IPA requires in the proper order. 435026
2008-02-28 10:37:06 -06:00
#
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
# Copyright (C) 2008-2010 Red Hat
Add small script to start/stop all of the services that IPA requires in the proper order. 435026
2008-02-28 10:37:06 -06:00
# see file 'COPYING' for use and warranty information
#
Change FreeIPA license to GPLv3+ The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
2010-12-09 06:59:11 -06:00
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
Add small script to start/stop all of the services that IPA requires in the proper order. 435026
2008-02-28 10:37:06 -06:00
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
Change FreeIPA license to GPLv3+ The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
2010-12-09 06:59:11 -06:00
# along with this program. If not, see <http://www.gnu.org/licenses/>.
Add small script to start/stop all of the services that IPA requires in the proper order. 435026
2008-02-28 10:37:06 -06:00
#
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
import sys
try:
Require ipactl be run as root to avoid a lot of misleading error msgs. Trying to run ipactl as non-root results in a slew of bogus error messages, some of which come because dirsrv can't read certain files as the wrong user, some based on our handling of that fact. ticket 936
2011-02-15 13:03:00 -06:00
import os
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
from ipaserver.install import service
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
from ipapython import sysrestore
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
from ipapython import config
from ipalib import api, errors
import logging
import ldap
Allow SASL/EXTERNAL authentication for the root user This gives the root user low privileges so that when anonymous searches are denied the init scripts can still search the directory via ldapi to get the list of serevices to start. Fixes: https://fedorahosted.org/freeipa/ticket/795
2011-01-19 14:17:25 -06:00
import ldap.sasl
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
import socket
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
Allow SASL/EXTERNAL authentication for the root user This gives the root user low privileges so that when anonymous searches are denied the init scripts can still search the directory via ldapi to get the list of serevices to start. Fixes: https://fedorahosted.org/freeipa/ticket/795
2011-01-19 14:17:25 -06:00
SASL_EXTERNAL = ldap.sasl.sasl({}, 'EXTERNAL')
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
class IpactlError(StandardError):
def __init__(self, msg = '', rval = 1):
self.msg = msg
self.rval = rval
def __str__(self):
return self.msg
def check_IPA_configuration():
if not sysrestore.FileStore('/var/lib/ipa/sysrestore').has_files():
# LSB status code 6: program is not configured
raise IpactlError("IPA is not configured " +
"(see man pages of ipa-server-install for help)", 6)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
def parse_options():
usage = "%prog start|stop|restart|status\n"
parser = config.IPAOptionParser(usage=usage,
formatter=config.IPAFormatter())
parser.add_option("-d", "--debug", action="store_true", dest="debug",
help="Display debugging information")
options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options)
return safe_options, options, args
def emit_err(err):
Fix return codes for ipactl This patch fixes ipactl to return non-zero value when something goes wrong. https://fedorahosted.org/freeipa/ticket/894
2011-02-10 08:42:36 -06:00
sys.stderr.write(err + '\n')
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
def get_config():
Let the framework be able to override the hostname. The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052
2011-06-23 01:06:49 -05:00
base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (api.env.host,
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
api.env.basedn)
srcfilter = '(ipaConfigString=enabledService)'
attrs = ['cn', 'ipaConfigString']
try:
con = ldap.initialize(api.env.ldap_uri)
Allow SASL/EXTERNAL authentication for the root user This gives the root user low privileges so that when anonymous searches are denied the init scripts can still search the directory via ldapi to get the list of serevices to start. Fixes: https://fedorahosted.org/freeipa/ticket/795
2011-01-19 14:17:25 -06:00
con.sasl_interactive_bind_s('', SASL_EXTERNAL)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
res = con.search_st(base,
ldap.SCOPE_SUBTREE,
filterstr=srcfilter,
attrlist=attrs,
timeout=10)
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except ldap.SERVER_DOWN, e:
# LSB status code 3: program is not running
raise IpactlError("Failed to get list of services to probe status:\n" +
"Directory Server is stopped", 3)
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
except Exception, e:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
raise IpactlError("Unknown error when retrieving list of services from LDAP: " + str(e))
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
svc_list = []
for entry in res:
name = entry[1]['cn'][0]
for p in entry[1]['ipaConfigString']:
if p.startswith('startOrder '):
order = p.split()[1]
svc_list.append((order, name))
return svc_list
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
def ipa_start():
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
try:
print "Starting Directory Service"
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
service.start('dirsrv', capture_output=False)
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except Exception, e:
raise IpactlError("Failed to start Directory Service: " + str(e))
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
svc_list = []
try:
svc_list = get_config()
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except Exception, e:
emit_err("Failed to read data from Directory Service: " + str(e))
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
emit_err("Shutting down")
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
try:
service.stop('dirsrv', capture_output=False)
except:
pass
if isinstance(e, IpactlError):
# do not display any other error message
raise IpactlError(None, e.rval)
else:
raise IpactlError(None)
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
if len(svc_list) == 0:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
# no service to stop
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
return
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
for (order, svc) in sorted(svc_list):
svc_name = service.SERVICE_LIST[svc][0]
try:
print "Starting %s Service" % svc
Add a way to print output from commands Instead pof always capturing the output, make it possible to let it go to the standard output pipes. Use this in ipactl to let init scripts show their output. Fixes: https://fedorahosted.org/freeipa/ticket/765
2011-01-17 08:17:08 -06:00
service.start(svc_name, capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
emit_err("Failed to start %s Service" % svc)
emit_err("Shutting down")
for (order, svc) in sorted(svc_list):
svc_name = service.SERVICE_LIST[svc][0]
try:
Add a way to print output from commands Instead pof always capturing the output, make it possible to let it go to the standard output pipes. Use this in ipactl to let init scripts show their output. Fixes: https://fedorahosted.org/freeipa/ticket/765
2011-01-17 08:17:08 -06:00
service.stop(svc_name, capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
pass
try:
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
service.stop('dirsrv', capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
pass
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
raise IpactlError("Aborting ipactl")
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
def ipa_stop():
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
svc_list = []
try:
svc_list = get_config()
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except Exception, e:
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
# ok if dirsrv died this may fail, so let's try to quickly restart it
# and see if we can get anything. If not throw our hands up and just
# exit
try:
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
service.start('dirsrv', capture_output=False)
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
svc_list = get_config()
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except Exception, e:
emit_err("Failed to read data from Directory Service: " + str(e))
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
emit_err("Shutting down")
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
try:
# just try to stop it, do not read a result
service.stop('dirsrv')
finally:
raise IpactlError(None)
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
if len(svc_list) == 0:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
# no service to stop
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
return
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
for (order, svc) in sorted(svc_list, reverse=True):
svc_name = service.SERVICE_LIST[svc][0]
try:
print "Stopping %s Service" % svc
Add a way to print output from commands Instead pof always capturing the output, make it possible to let it go to the standard output pipes. Use this in ipactl to let init scripts show their output. Fixes: https://fedorahosted.org/freeipa/ticket/765
2011-01-17 08:17:08 -06:00
service.stop(svc_name, capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
emit_err("Failed to stop %s Service" % svc)
try:
print "Stopping Directory Service"
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
service.stop('dirsrv', capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
raise IpactlError("Failed to stop Directory Service")
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
def ipa_restart():
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
try:
print "Restarting Directory Service"
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
service.restart('dirsrv', capture_output=False)
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except Exception, e:
raise IpactlError("Failed to restart Directory Service: " + str(e))
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
svc_list = []
try:
svc_list = get_config()
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except Exception, e:
emit_err("Failed to read data from Directory Service: " + str(e))
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
emit_err("Shutting down")
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
try:
service.stop('dirsrv', capture_output=False)
except:
pass
if isinstance(e, IpactlError):
# do not display any other error message
raise IpactlError(None, e.rval)
else:
raise IpactlError(None)
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
if len(svc_list) == 0:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
# no service to stop
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
return
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
for (order, svc) in sorted(svc_list):
svc_name = service.SERVICE_LIST[svc][0]
try:
print "Restarting %s Service" % svc
Add a way to print output from commands Instead pof always capturing the output, make it possible to let it go to the standard output pipes. Use this in ipactl to let init scripts show their output. Fixes: https://fedorahosted.org/freeipa/ticket/765
2011-01-17 08:17:08 -06:00
service.restart(svc_name, capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
emit_err("Failed to restart %s Service" % svc)
emit_err("Shutting down")
for (order, svc) in sorted(svc_list):
svc_name = service.SERVICE_LIST[svc][0]
try:
Add a way to print output from commands Instead pof always capturing the output, make it possible to let it go to the standard output pipes. Use this in ipactl to let init scripts show their output. Fixes: https://fedorahosted.org/freeipa/ticket/765
2011-01-17 08:17:08 -06:00
service.stop(svc_name, capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
pass
try:
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
service.stop('dirsrv', capture_output=False)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except:
pass
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
raise IpactlError("Aborting ipactl")
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
def ipa_status():
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
try:
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
if service.is_running('dirsrv'):
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
print "Directory Service: RUNNING"
else:
print "Directory Service: STOPPED"
except:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
raise IpactlError("Failed to get Directory Service status")
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
svc_list = []
try:
svc_list = get_config()
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except IpactlError, e:
raise e
except Exception, e:
raise IpactlError("Failed to get list of services to probe status: " + str(e))
Fixes for ipactl script Fixes: https://fedorahosted.org/freeipa/ticket/613
2010-12-10 16:40:37 -06:00
if len(svc_list) == 0:
return
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
for (order, svc) in sorted(svc_list):
svc_name = service.SERVICE_LIST[svc][0]
try:
if service.is_running(svc_name):
print "%s Service: RUNNING" % svc
else:
print "%s Service: STOPPED" % svc
except:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
emit_err("Failed to get %s Service status" % svc)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
def main():
Require ipactl be run as root to avoid a lot of misleading error msgs. Trying to run ipactl as non-root results in a slew of bogus error messages, some of which come because dirsrv can't read certain files as the wrong user, some based on our handling of that fact. ticket 936
2011-02-15 13:03:00 -06:00
if not os.getegid() == 0:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
# LSB status code 4: user had insufficient privilege
raise IpactlError("You must be root to run ipactl.", 4)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
safe_options, options, args = parse_options()
if len(args) != 1:
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
# LSB status code 2: invalid or excess argument(s)
raise IpactlError("You must specify one action", 2)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
elif args[0] != "start" and args[0] != "stop" and args[0] != "restart" and args[0] != "status":
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
raise IpactlError("Unrecognized action [" + args[0] + "]", 2)
# check if IPA is configured at all
try:
check_IPA_configuration()
except IpactlError, e:
if args[0].lower() == "status":
# Different LSB return code for status command:
# 4 - program or service status is unknown
# This should differentiate uninstalled IPA from status
# code 3 - program is not running
e.rval = 4
raise e
else:
raise e
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
api.bootstrap(context='cli', debug=options.debug)
api.finalize()
if args[0].lower() == "start":
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
ipa_start()
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
elif args[0].lower() == "stop":
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
ipa_stop()
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
elif args[0].lower() == "restart":
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
ipa_restart()
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
elif args[0].lower() == "status":
Make sure all DS instances are managed by ipactl Fixes: https://fedorahosted.org/freeipa/ticket/860
2011-01-27 16:10:34 -06:00
ipa_status()
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
try:
if __name__ == "__main__":
sys.exit(main())
Improve error handling and return status codes in ipactl There are cases when ipactl returns success even when it fails. Plus, when the error really is detected the status codes are not LSB compliant. This may result in consequent issues. This patch improves error handling in ipactl and adds LSB compliant status codes. Namely: 0 program is running or service is OK 3 program is not running 4 program or service status is unknown for "status" action. Status code 4 is issued when IPA is not configured to distinguish this state from not running IPA. For other actions, the following non-zero status codes are implemented: 1 generic or unspecified error 2 invalid or excess argument(s) 4 user had insufficient privilege 6 program is not configured https://fedorahosted.org/freeipa/ticket/1055
2011-03-07 10:35:17 -06:00
except IpactlError, e:
if e.msg:
emit_err(e.msg)
sys.exit(e.rval)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
except RuntimeError, e:
Fix return codes for ipactl This patch fixes ipactl to return non-zero value when something goes wrong. https://fedorahosted.org/freeipa/ticket/894
2011-02-10 08:42:36 -06:00
emit_err("%s" % e)
Introduce ipa control script that reads configuration off ldap This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
2010-12-04 14:42:14 -06:00
sys.exit(1)
except SystemExit, e:
sys.exit(e)
except KeyboardInterrupt, e:
sys.exit(1)
Reference in New Issue Copy Permalink