mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipaplatform: Move remaining user/group constants to ipaplatform.constants.
Use ipaplatform.constants in every corner instead of importing other bits or calling some platform specific things, and remove most of the remaining hardcoded uid's. https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
parent
d58cd04e8a
commit
2a2d63669d
@ -8,6 +8,7 @@ from ipapython.dn import DN
|
||||
from ipalib.config import Env
|
||||
from ipalib.constants import DEFAULT_CONFIG
|
||||
from ipapython.ipautil import kinit_keytab
|
||||
from ipaplatform.constants import constants
|
||||
import sys
|
||||
import os
|
||||
import pwd
|
||||
@ -31,7 +32,7 @@ def retrieve_keytab(api, ccache_name, oneway_keytab_name, oneway_principal):
|
||||
raiseonerr=False)
|
||||
# Make sure SSSD is able to read the keytab
|
||||
try:
|
||||
sssd = pwd.getpwnam('sssd')
|
||||
sssd = pwd.getpwnam(constants.SSSD_USER)
|
||||
os.chown(oneway_keytab_name, sssd[2], sssd[3])
|
||||
except KeyError as e:
|
||||
# If user 'sssd' does not exist, we don't need to chown from root to sssd
|
||||
|
@ -12,12 +12,17 @@ class BaseConstantsNamespace(object):
|
||||
DS_GROUP = 'dirsrv'
|
||||
HTTPD_USER = "apache"
|
||||
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
|
||||
KDCPROXY_USER = "kdcproxy"
|
||||
NAMED_USER = "named"
|
||||
NAMED_GROUP = "named"
|
||||
PKI_USER = 'pkiuser'
|
||||
PKI_GROUP = 'pkiuser'
|
||||
# ntpd init variable used for daemon options
|
||||
NTPD_OPTS_VAR = "OPTIONS"
|
||||
# quote used for daemon options
|
||||
NTPD_OPTS_QUOTE = "\""
|
||||
ODS_USER = "ods"
|
||||
ODS_GROUP = "ods"
|
||||
# nfsd init variable used to enable kerberized NFS
|
||||
SECURE_NFS_VAR = "SECURE_NFS"
|
||||
SSSD_USER = "sssd"
|
||||
|
@ -181,18 +181,6 @@ class PlatformService(object):
|
||||
def get_config_dir(self, instance_name=""):
|
||||
return
|
||||
|
||||
def get_user_name(self, instance_name=""):
|
||||
return
|
||||
|
||||
def get_group_name(self, instance_name=""):
|
||||
return
|
||||
|
||||
def get_binary_path(self):
|
||||
return
|
||||
|
||||
def get_package_name(self):
|
||||
return
|
||||
|
||||
|
||||
class SystemdService(PlatformService):
|
||||
SYSTEMD_SRV_TARGET = "%s.target.wants"
|
||||
|
@ -223,28 +223,6 @@ class RedHatCAService(RedHatService):
|
||||
self.wait_until_running()
|
||||
|
||||
|
||||
class RedHatNamedService(RedHatService):
|
||||
def get_user_name(self):
|
||||
return u'named'
|
||||
|
||||
def get_group_name(self):
|
||||
return u'named'
|
||||
|
||||
def get_binary_path(self):
|
||||
return paths.NAMED_PKCS11
|
||||
|
||||
def get_package_name(self):
|
||||
return u"bind-pkcs11"
|
||||
|
||||
|
||||
class RedHatODSEnforcerdService(RedHatService):
|
||||
def get_user_name(self):
|
||||
return u'ods'
|
||||
|
||||
def get_group_name(self):
|
||||
return u'ods'
|
||||
|
||||
|
||||
# Function that constructs proper Red Hat OS family-specific server classes for
|
||||
# services of specified name
|
||||
|
||||
@ -257,10 +235,6 @@ def redhat_service_class_factory(name):
|
||||
return RedHatSSHService(name)
|
||||
if name in ('pki-tomcatd', 'pki_tomcatd'):
|
||||
return RedHatCAService(name)
|
||||
if name == 'named':
|
||||
return RedHatNamedService(name)
|
||||
if name in ('ods-enforcerd', 'ods_enforcerd'):
|
||||
return RedHatODSEnforcerdService(name)
|
||||
return RedHatService(name)
|
||||
|
||||
|
||||
|
@ -1260,4 +1260,4 @@ class BindInstance(service.Service):
|
||||
self.named_regular.start()
|
||||
|
||||
installutils.remove_keytab(paths.NAMED_KEYTAB)
|
||||
installutils.remove_ccache(run_as='named')
|
||||
installutils.remove_ccache(run_as=constants.NAMED_USER)
|
||||
|
@ -231,8 +231,8 @@ def install_check(standalone, api, replica, options, hostname):
|
||||
dnskeysyncd.stop()
|
||||
try:
|
||||
ipautil.run(cmd, env=environment,
|
||||
runas=ods_enforcerd.get_user_name(),
|
||||
suplementary_groups=[named.get_group_name()])
|
||||
runas=constants.ODS_USER,
|
||||
suplementary_groups=[constants.NAMED_GROUP])
|
||||
except CalledProcessError as e:
|
||||
root_logger.debug("%s", e)
|
||||
raise RuntimeError("This IPA server cannot be promoted to "
|
||||
|
@ -22,6 +22,7 @@ from ipapython.dn import DN
|
||||
from ipapython import ipaldap
|
||||
from ipapython import sysrestore, ipautil
|
||||
from ipaplatform import services
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
from ipalib import errors, api
|
||||
from ipalib.constants import CACERT
|
||||
@ -142,14 +143,14 @@ class DNSKeySyncInstance(service.Service):
|
||||
def __get_named_uid(self):
|
||||
named = services.knownservices.named
|
||||
try:
|
||||
return pwd.getpwnam(named.get_user_name()).pw_uid
|
||||
return pwd.getpwnam(constants.NAMED_USER).pw_uid
|
||||
except KeyError:
|
||||
raise RuntimeError("Named UID not found")
|
||||
|
||||
def __get_named_gid(self):
|
||||
named = services.knownservices.named
|
||||
try:
|
||||
return grp.getgrnam(named.get_group_name()).gr_gid
|
||||
return grp.getgrnam(constants.NAMED_GROUP).gr_gid
|
||||
except KeyError:
|
||||
raise RuntimeError("Named GID not found")
|
||||
|
||||
@ -160,12 +161,12 @@ class DNSKeySyncInstance(service.Service):
|
||||
self.named_gid = self.__get_named_gid()
|
||||
|
||||
try:
|
||||
self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
|
||||
self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
|
||||
except KeyError:
|
||||
raise RuntimeError("OpenDNSSEC UID not found")
|
||||
|
||||
try:
|
||||
self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
|
||||
self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
|
||||
except KeyError:
|
||||
raise RuntimeError("OpenDNSSEC GID not found")
|
||||
|
||||
|
@ -45,7 +45,6 @@ from ipaserver.install import replication
|
||||
from ipaserver.install.installutils import stopped_service
|
||||
from ipapython.ipa_log_manager import log_mgr
|
||||
|
||||
PKI_USER = constants.PKI_USER
|
||||
HTTPD_USER = constants.HTTPD_USER
|
||||
|
||||
|
||||
|
@ -54,8 +54,8 @@ SELINUX_BOOLEAN_SETTINGS = dict(
|
||||
httpd_run_ipa='on',
|
||||
)
|
||||
|
||||
KDCPROXY_USER = 'kdcproxy'
|
||||
HTTPD_USER = constants.HTTPD_USER
|
||||
KDCPROXY_USER = constants.KDCPROXY_USER
|
||||
|
||||
# See contrib/nsscipersuite/nssciphersuite.py
|
||||
NSS_CIPHER_SUITE = [
|
||||
|
@ -13,6 +13,7 @@ from ipaserver.install import installutils
|
||||
from ipapython.ipa_log_manager import root_logger
|
||||
from ipapython.dn import DN
|
||||
from ipapython import sysrestore, ipautil, ipaldap
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
from ipaplatform import services
|
||||
from ipalib import errors, api
|
||||
@ -68,12 +69,12 @@ class ODSExporterInstance(service.Service):
|
||||
ods_enforcerd = services.knownservices.ods_enforcerd
|
||||
|
||||
try:
|
||||
self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
|
||||
self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
|
||||
except KeyError:
|
||||
raise RuntimeError("OpenDNSSEC UID not found")
|
||||
|
||||
try:
|
||||
self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
|
||||
self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
|
||||
except KeyError:
|
||||
raise RuntimeError("OpenDNSSEC GID not found")
|
||||
|
||||
|
@ -15,6 +15,7 @@ from ipapython.ipa_log_manager import root_logger
|
||||
from ipapython.dn import DN
|
||||
from ipapython import sysrestore, ipautil, ipaldap, p11helper
|
||||
from ipaplatform import services
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
from ipalib import errors, api
|
||||
from ipaserver.install import dnskeysyncinstance
|
||||
@ -125,22 +126,22 @@ class OpenDNSSECInstance(service.Service):
|
||||
ods_enforcerd = services.knownservices.ods_enforcerd
|
||||
|
||||
try:
|
||||
self.named_uid = pwd.getpwnam(named.get_user_name()).pw_uid
|
||||
self.named_uid = pwd.getpwnam(constants.NAMED_USER).pw_uid
|
||||
except KeyError:
|
||||
raise RuntimeError("Named UID not found")
|
||||
|
||||
try:
|
||||
self.named_gid = grp.getgrnam(named.get_group_name()).gr_gid
|
||||
self.named_gid = grp.getgrnam(constants.NAMED_GROUP).gr_gid
|
||||
except KeyError:
|
||||
raise RuntimeError("Named GID not found")
|
||||
|
||||
try:
|
||||
self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
|
||||
self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
|
||||
except KeyError:
|
||||
raise RuntimeError("OpenDNSSEC UID not found")
|
||||
|
||||
try:
|
||||
self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
|
||||
self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
|
||||
except KeyError:
|
||||
raise RuntimeError("OpenDNSSEC GID not found")
|
||||
|
||||
@ -287,7 +288,7 @@ class OpenDNSSECInstance(service.Service):
|
||||
ods_enforcerd = services.knownservices.ods_enforcerd
|
||||
cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
|
||||
result = ipautil.run(cmd,
|
||||
runas=ods_enforcerd.get_user_name(),
|
||||
runas=constants.ODS_USER,
|
||||
capture_output=True)
|
||||
with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf:
|
||||
zonelistf.write(result.output)
|
||||
@ -303,7 +304,7 @@ class OpenDNSSECInstance(service.Service):
|
||||
]
|
||||
|
||||
ods_enforcerd = services.knownservices.ods_enforcerd
|
||||
ipautil.run(command, stdin="y", runas=ods_enforcerd.get_user_name())
|
||||
ipautil.run(command, stdin="y", runas=constants.ODS_USER)
|
||||
|
||||
def __setup_dnskeysyncd(self):
|
||||
# set up dnskeysyncd this is DNSSEC master
|
||||
@ -352,7 +353,7 @@ class OpenDNSSECInstance(service.Service):
|
||||
cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
|
||||
try:
|
||||
self.print_msg("Exporting DNSSEC data before uninstallation")
|
||||
ipautil.run(cmd, runas=ods_enforcerd.get_user_name())
|
||||
ipautil.run(cmd, runas=constants.ODS_USER)
|
||||
except CalledProcessError:
|
||||
root_logger.error("DNSSEC data export failed")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user