initial import of debian platform modules

ipapython/platform/debian/__init__.py

@@ -0,0 +1,51 @@
+import os
+
+from .auth import DebianAuthConfig
+from .service import DebianService
+from .service import DebianServices
+
+auth = ["authconfig"]
+services = ["service", "knownservices"]
+utils = ["restore_context", "backup_and_replace_hostname"]
+
+__all__ = auth + services + utils
+
+authconfig = DebianAuthConfig
+service = DebianService
+knownservices = DebianServices()
+
+def restore_context(filepath):
+    """
+    restore security context on the file path
+    SELinux equivalent is /sbin/restorecon <filepath>
+
+    restorecon's return values are not reliable so we have to
+    ignore them (BZ #739604). SELinux is optional on Debian systems
+    so we have to check if /sbin/restorecon exists before calling it.
+
+    ipautil.run() will do the logging.
+    """
+    if os.path.exists("/sbin/restorecon"):
+        ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
+
+
+def backup_and_replace_hostname(fstore, statestore, hostname):
+    network_filename = "/etc/hostname"
+    # Backup original /etc/hostname
+    fstore.backup_file(network_filename)
+
+    # Write new configuration
+    f = open(network_filename, 'w')
+    f.write(hostname + "\n")
+    f.close()
+
+    try:
+        ipautil.run(['/bin/hostname', hostname])
+    except ipautil.CalledProcessError, e:
+        print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e))
+
+    # For SE Linux environments it is important to reset SE labels to the expected ones
+    try:
+        restore_context(network_filename)
+    except ipautil.CalledProcessError, e:
+        print >>sys.stderr, "Failed to set permissions for %s (%s)." % (network_filename, str(e))

ipapython/platform/debian/auth.py

@@ -0,0 +1,21 @@
+from ..base import AuthConfig
+
+class DebianAuthConfig(AuthConfig):
+    """
+    Debian implementation of the AuthConfig class.
+
+    Debian doesn't provide a single application for changing both
+    nss and pam configuration. PAM can be configured using debconf but there
+    is currently no such solution for updating NSS database and every package
+    does it by itself.
+
+    We'll have to play a catch-up game with the rest of the FreeIPA project
+    filtering out .enable() and .disable() calls that are useless for us,
+    and making the best out of the rest of them.
+    """
+
+    # a list of pam config items we can use with pam-auth-update
+    _pam_configs = ["ldap", "krb5", "mkhomedir"]
+
+    def execute(self):
+        raise NotImplementedError

ipapython/platform/debian/instances/__init__.py

@@ -0,0 +1 @@
+from .ntp import DebianNTPInstance

ipapython/platform/debian/instances/http.py

@@ -0,0 +1,19 @@
+import ipautil
+import installutils
+
+NSS_CONF = '/etc/apache2/mods-available/nss.conf'
+
+class DebianHTTPInstance(object):
+    def __init__(self):
+        pass
+
+    def __disable_mod_ssl(self):
+    	ipautil.run(['/usr/sbin/a2dismod', 'ssl'])
+
+
+    def __set_mod_nss_port(self):
+    	self.fstore.backup(NSS_CONF)
+    	if installutils.update_file(NSS_CONF, '8443', '443')
+
+    def __set_mod_nss_nickname(self, nickname):
+    	installutils.set_directive(NSS_CONF, 'NSSNickName', nickname)

ipapython/platform/debian/instances/ntp.py

@@ -0,0 +1,36 @@
+# Authors: Krzysztof Klimonda <kklimonda@ubuntu.com>
+#
+# Copyright (C) 2012  Krzysztof Klimonda
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from ...base.instances import NTPInstance
+
+class DebianNTPInstance(NTPInstance):
+    _config_files = ["/etc/ntp.conf", "/etc/default/ntp"]
+
+    def __init__(self, fsstore=None):
+        super(NTPInstance, self).__init__(fsstore)
+
+    def __get_distrib_pools(self):
+    	pools = []
+    	for num in xrange(1, 2):
+    		pools.append('{0}.{1}.pool.ntp.org'.format(num, 'debian'))
+    	return pools
+
+    def __write_ntp_opts(self):
+    	"""Debian specific method override."""
+    	self.__write_ntp_opts_generic('/etc/default/ntp', 'NTPD_OPTS', '\'')

ipapython/platform/debian/service.py

@@ -0,0 +1,88 @@
+from ..base import KnownServices
+from ..base import PlatformService
+from ..base import wellknownservices
+
+# mappings between rhel-style and debian-style service names
+_service_mappings = {
+        'messagebus': 'dbus',
+        'ntpd': 'ntp'
+}
+
+class DebianService(PlatformService):
+    def __init__(self, service_name):
+        try:
+            service_name = _service_mappings[service_name]
+        except KeyError:
+            pass
+        super(PlatformService, self).__init__()
+
+    def _call_service(self, action, instance_name, capture_output):
+        cmdline = ['/usr/sbin/service', self.service_name, action, instance_name]
+        return ipautil.run(cmdline, capture_output=capture_output)
+        
+    def stop(self, instance_name='', capture_output=True):
+        self._call_service('stop', instance_name, capture_output)
+
+    def start(self, instance_name='', capture_output=True):
+        self._call_service('start', instance_name, capture_output)
+
+    def restart(self, instance_name='', capture_output=True):
+        self._call_service('restart', instance_name, capture_output)
+
+    def is_running(self, instance_name=""):
+        ret = True
+        try:
+            (sout, serr, rcode) = self._call_service("status", instance_name)
+            if sout.find("NOT running") >= 0:
+                ret = False
+            if sout.find("stop") >= 0:
+                ret = False
+        except ipautil.CalledProcessError:
+                ret = False
+        return ret
+
+    def is_installed(self):
+        installed = True
+        try:
+            ipautil.run(["/usr/sbin/service", self.service_name, "status"])
+        except ipautil.CalledProcessError, e:
+            if e.returncode == 1:
+                # service is not installed or there is other serious issue
+                installed = False
+        return installed
+
+    def is_enabled(self):
+        ret = True
+        try:
+            (sout,serr,rcode) = ipautil.run(["/sbin/chkconfig", self.service_name])
+            if sout.find("off") >= 0:
+                ret = False
+            if sout.find("unknown service") >= 0:
+                ret = False
+        except ipautil.CalledProcessError:
+                ret = False
+        return ret
+
+    def enable(self):
+        ipautil.run(["/sbin/chkconfig", self.service_name, "on"])
+
+    def disable(self):
+        ipautil.run(["/sbin/chkconfig", self.service_name, "off"])
+
+    def install(self):
+        ipautil.run(["/sbin/chkconfig", "--add", self.service_name])
+
+    def remove(self):
+        ipautil.run(["/sbin/chkconfig", "--del", self.service_name])
+
+
+class DebianServices(KnownServices):
+    def __init__(self):
+        services = dict()
+        for service in wellknownservices:
+            try:
+                debian_service = DebianService(_service_mappings[service])
+            except KeyError:
+                debian_service = DebianService(service)
+            services[service] = debian_service
+        super(DebianServices, self).__init__(services)