Add ipaplatform for Fedora and RHEL container

Container platforms for Fedora and RHEL simplify FreeIPA container
effort. Paths are based on patches from
https://github.com/freeipa/freeipa-container

Fixes: https://pagure.io/freeipa/issue/8401
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>

install/share/ipaca_default.ini

@@ -25,7 +25,6 @@ ipa_ca_pem_file=/etc/ipa/ca.crt
 
 # Dogtag defaults
 pki_instance_name=pki-tomcat
-pki_configuration_path=/etc/pki
 pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
 
 pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert

ipaplatform/base/paths.py

@@ -114,6 +114,7 @@ class BasePathNamespace:
     CA_CERTIFICATES_BUNDLE_PEM = None
     CA_CERTIFICATES_DIR = None
     NSS_DB_DIR = "/etc/pki/nssdb"
+    PKI_CONFIGURATION = "/etc/pki"
     PKI_TOMCAT = "/etc/pki/pki-tomcat"
     PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
     PKI_TOMCAT_ALIAS_PWDFILE_TXT = "/etc/pki/pki-tomcat/alias/pwdfile.txt"
@@ -328,7 +329,7 @@ class BasePathNamespace:
         "/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg")
     KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
     KRACERT_P12 = "/root/kracert.p12"
-    SAMBA_DIR = "/var/lib/samba/"
+    SAMBA_DIR = "/var/lib/samba"
     SSSD_DB = "/var/lib/sss/db"
     SSSD_MC_GROUP = "/var/lib/sss/mc/group"
     SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"

ipaplatform/fedora_container/__init__.py

@@ -0,0 +1,7 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""
+This module contains Fedora Container specific platform files.
+"""
+NAME = 'fedora_container'

ipaplatform/fedora_container/constants.py

@@ -0,0 +1,13 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""Fedora container constants
+"""
+from ipaplatform.fedora.constants import FedoraConstantsNamespace
+
+
+class FedoraContainerConstantsNamespace(FedoraConstantsNamespace):
+    pass
+
+
+constants = FedoraContainerConstantsNamespace()

ipaplatform/fedora_container/paths.py

@@ -0,0 +1,29 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""Fedora container paths
+"""
+import os
+
+from ipaplatform.fedora.paths import FedoraPathNamespace
+
+
+def data(path):
+    return os.path.join("/data", path[1:])
+
+
+class FedoraContainerPathNamespace(FedoraPathNamespace):
+    KRB5_CONF = data(FedoraPathNamespace.KRB5_CONF)
+    KRB5_KEYTAB = data(FedoraPathNamespace.KRB5_KEYTAB)
+    NAMED_KEYTAB = data(FedoraPathNamespace.NAMED_KEYTAB)
+    NAMED_CUSTOM_CONF = data(FedoraPathNamespace.NAMED_CUSTOM_CONF)
+    NAMED_CUSTOM_OPTIONS_CONF = data(
+        FedoraPathNamespace.NAMED_CUSTOM_OPTIONS_CONF
+    )
+    NSSWITCH_CONF = data(FedoraPathNamespace.NSSWITCH_CONF)
+    PKI_CONFIGURATION = data(FedoraPathNamespace.PKI_CONFIGURATION)
+    SAMBA_DIR = data(FedoraPathNamespace.SAMBA_DIR)
+    HTTPD_IPA_WSGI_MODULES_CONF = None
+
+
+paths = FedoraContainerPathNamespace()

ipaplatform/fedora_container/services.py

@@ -0,0 +1,27 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""Fedora container services
+"""
+from ipaplatform.fedora import services as fedora_services
+
+
+fedora_container_system_units = fedora_services.fedora_system_units.copy()
+
+
+class FedoraContainerService(fedora_services.FedoraService):
+    system_units = fedora_container_system_units
+
+
+def fedora_container_service_class_factory(name, api=None):
+    return fedora_services.fedora_service_class_factory(name, api)
+
+
+class FedoraContainerServices(fedora_services.FedoraServices):
+    def service_class_factory(self, name, api=None):
+        return fedora_container_service_class_factory(name, api)
+
+
+timedate_services = fedora_services.timedate_services
+service = fedora_container_service_class_factory
+knownservices = FedoraContainerServices()

ipaplatform/fedora_container/tasks.py

@@ -0,0 +1,13 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""Fedora container tasks
+"""
+from ipaplatform.fedora.tasks import FedoraTaskNamespace
+
+
+class FedoraContainerTaskNamespace(FedoraTaskNamespace):
+    pass
+
+
+tasks = FedoraContainerTaskNamespace()

ipaplatform/rhel_container/__init__.py

@@ -0,0 +1,7 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""
+This module contains RHEL Container specific platform files.
+"""
+NAME = 'rhel_container'

ipaplatform/rhel_container/constants.py

@@ -0,0 +1,13 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""RHEL container constants
+"""
+from ipaplatform.rhel.constants import RHELConstantsNamespace
+
+
+class RHELContainerConstantsNamespace(RHELConstantsNamespace):
+    pass
+
+
+constants = RHELContainerConstantsNamespace()

ipaplatform/rhel_container/paths.py

@@ -0,0 +1,29 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""RHEL container paths
+"""
+import os
+
+from ipaplatform.rhel.paths import RHELPathNamespace
+
+
+def data(path):
+    return os.path.join("/data", path[1:])
+
+
+class RHELContainerPathNamespace(RHELPathNamespace):
+    KRB5_CONF = data(RHELPathNamespace.KRB5_CONF)
+    KRB5_KEYTAB = data(RHELPathNamespace.KRB5_KEYTAB)
+    NAMED_KEYTAB = data(RHELPathNamespace.NAMED_KEYTAB)
+    NAMED_CUSTOM_CONF = data(RHELPathNamespace.NAMED_CUSTOM_CONF)
+    NAMED_CUSTOM_OPTIONS_CONF = data(
+        RHELPathNamespace.NAMED_CUSTOM_OPTIONS_CONF
+    )
+    NSSWITCH_CONF = data(RHELPathNamespace.NSSWITCH_CONF)
+    PKI_CONFIGURATION = data(RHELPathNamespace.PKI_CONFIGURATION)
+    SAMBA_DIR = data(RHELPathNamespace.SAMBA_DIR)
+    HTTPD_IPA_WSGI_MODULES_CONF = None
+
+
+paths = RHELContainerPathNamespace()

ipaplatform/rhel_container/services.py

@@ -0,0 +1,27 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""RHEL container services
+"""
+from ipaplatform.rhel import services as rhel_services
+
+
+rhel_container_system_units = rhel_services.rhel_system_units.copy()
+
+
+class RHELContainerService(rhel_services.RHELService):
+    system_units = rhel_container_system_units
+
+
+def rhel_container_service_class_factory(name, api=None):
+    return rhel_services.rhel_service_class_factory(name, api)
+
+
+class RHELContainerServices(rhel_services.RHELServices):
+    def service_class_factory(self, name, api=None):
+        return rhel_container_service_class_factory(name, api)
+
+
+timedate_services = rhel_services.timedate_services
+service = rhel_container_service_class_factory
+knownservices = RHELContainerServices()

ipaplatform/rhel_container/tasks.py

@@ -0,0 +1,13 @@
+#
+# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
+#
+"""RHEL container tasks
+"""
+from ipaplatform.rhel.tasks import RHELTaskNamespace
+
+
+class RHELContainerTaskNamespace(RHELTaskNamespace):
+    pass
+
+
+tasks = RHELContainerTaskNamespace()

ipaplatform/setup.py

@@ -36,8 +36,10 @@ if __name__ == '__main__':
             "ipaplatform.base",
             "ipaplatform.debian",
             "ipaplatform.fedora",
+            "ipaplatform.fedora_container",
             "ipaplatform.redhat",
             "ipaplatform.rhel",
+            "ipaplatform.rhel_container",
             "ipaplatform.suse"
         ],
         install_requires=[

ipaserver/install/dogtaginstance.py

@@ -921,6 +921,7 @@ class PKIIniLoader:
         self.defaults = dict(
             # pretty much static
             ipa_ca_pem_file=paths.IPA_CA_CRT,
+            pki_configuration_path=paths.PKI_CONFIGURATION,
             # variable
             ipa_ca_subject=ca_subject,
             ipa_subject_base=subject_base,