ipaplatform: Move remaining user/group constants to ipaplatform.constants.

Use ipaplatform.constants in every corner instead of importing other bits or calling
some platform specific things, and remove most of the remaining hardcoded uid's.

https://fedorahosted.org/freeipa/ticket/5343

Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
Timo Aaltonen 2016-03-18 12:22:33 +02:00 committed by Martin Basti
parent d58cd04e8a
commit 2a2d63669d
11 changed files with 27 additions and 57 deletions

View File

@ -8,6 +8,7 @@ from ipapython.dn import DN
from ipalib.config import Env
from ipalib.constants import DEFAULT_CONFIG
from ipapython.ipautil import kinit_keytab
from ipaplatform.constants import constants
import sys
import os
import pwd
@ -31,7 +32,7 @@ def retrieve_keytab(api, ccache_name, oneway_keytab_name, oneway_principal):
raiseonerr=False)
# Make sure SSSD is able to read the keytab
try:
sssd = pwd.getpwnam('sssd')
sssd = pwd.getpwnam(constants.SSSD_USER)
os.chown(oneway_keytab_name, sssd[2], sssd[3])
except KeyError as e:
# If user 'sssd' does not exist, we don't need to chown from root to sssd

View File

@ -12,12 +12,17 @@ class BaseConstantsNamespace(object):
DS_GROUP = 'dirsrv'
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
KDCPROXY_USER = "kdcproxy"
NAMED_USER = "named"
NAMED_GROUP = "named"
PKI_USER = 'pkiuser'
PKI_GROUP = 'pkiuser'
# ntpd init variable used for daemon options
NTPD_OPTS_VAR = "OPTIONS"
# quote used for daemon options
NTPD_OPTS_QUOTE = "\""
ODS_USER = "ods"
ODS_GROUP = "ods"
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
SSSD_USER = "sssd"

View File

@ -181,18 +181,6 @@ class PlatformService(object):
def get_config_dir(self, instance_name=""):
return
def get_user_name(self, instance_name=""):
return
def get_group_name(self, instance_name=""):
return
def get_binary_path(self):
return
def get_package_name(self):
return
class SystemdService(PlatformService):
SYSTEMD_SRV_TARGET = "%s.target.wants"

View File

@ -223,28 +223,6 @@ class RedHatCAService(RedHatService):
self.wait_until_running()
class RedHatNamedService(RedHatService):
def get_user_name(self):
return u'named'
def get_group_name(self):
return u'named'
def get_binary_path(self):
return paths.NAMED_PKCS11
def get_package_name(self):
return u"bind-pkcs11"
class RedHatODSEnforcerdService(RedHatService):
def get_user_name(self):
return u'ods'
def get_group_name(self):
return u'ods'
# Function that constructs proper Red Hat OS family-specific server classes for
# services of specified name
@ -257,10 +235,6 @@ def redhat_service_class_factory(name):
return RedHatSSHService(name)
if name in ('pki-tomcatd', 'pki_tomcatd'):
return RedHatCAService(name)
if name == 'named':
return RedHatNamedService(name)
if name in ('ods-enforcerd', 'ods_enforcerd'):
return RedHatODSEnforcerdService(name)
return RedHatService(name)

View File

@ -1260,4 +1260,4 @@ class BindInstance(service.Service):
self.named_regular.start()
installutils.remove_keytab(paths.NAMED_KEYTAB)
installutils.remove_ccache(run_as='named')
installutils.remove_ccache(run_as=constants.NAMED_USER)

View File

@ -231,8 +231,8 @@ def install_check(standalone, api, replica, options, hostname):
dnskeysyncd.stop()
try:
ipautil.run(cmd, env=environment,
runas=ods_enforcerd.get_user_name(),
suplementary_groups=[named.get_group_name()])
runas=constants.ODS_USER,
suplementary_groups=[constants.NAMED_GROUP])
except CalledProcessError as e:
root_logger.debug("%s", e)
raise RuntimeError("This IPA server cannot be promoted to "

View File

@ -22,6 +22,7 @@ from ipapython.dn import DN
from ipapython import ipaldap
from ipapython import sysrestore, ipautil
from ipaplatform import services
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipalib import errors, api
from ipalib.constants import CACERT
@ -142,14 +143,14 @@ class DNSKeySyncInstance(service.Service):
def __get_named_uid(self):
named = services.knownservices.named
try:
return pwd.getpwnam(named.get_user_name()).pw_uid
return pwd.getpwnam(constants.NAMED_USER).pw_uid
except KeyError:
raise RuntimeError("Named UID not found")
def __get_named_gid(self):
named = services.knownservices.named
try:
return grp.getgrnam(named.get_group_name()).gr_gid
return grp.getgrnam(constants.NAMED_GROUP).gr_gid
except KeyError:
raise RuntimeError("Named GID not found")
@ -160,12 +161,12 @@ class DNSKeySyncInstance(service.Service):
self.named_gid = self.__get_named_gid()
try:
self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
except KeyError:
raise RuntimeError("OpenDNSSEC UID not found")
try:
self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
except KeyError:
raise RuntimeError("OpenDNSSEC GID not found")

View File

@ -45,7 +45,6 @@ from ipaserver.install import replication
from ipaserver.install.installutils import stopped_service
from ipapython.ipa_log_manager import log_mgr
PKI_USER = constants.PKI_USER
HTTPD_USER = constants.HTTPD_USER

View File

@ -54,8 +54,8 @@ SELINUX_BOOLEAN_SETTINGS = dict(
httpd_run_ipa='on',
)
KDCPROXY_USER = 'kdcproxy'
HTTPD_USER = constants.HTTPD_USER
KDCPROXY_USER = constants.KDCPROXY_USER
# See contrib/nsscipersuite/nssciphersuite.py
NSS_CIPHER_SUITE = [

View File

@ -13,6 +13,7 @@ from ipaserver.install import installutils
from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
from ipapython import sysrestore, ipautil, ipaldap
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform import services
from ipalib import errors, api
@ -68,12 +69,12 @@ class ODSExporterInstance(service.Service):
ods_enforcerd = services.knownservices.ods_enforcerd
try:
self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
except KeyError:
raise RuntimeError("OpenDNSSEC UID not found")
try:
self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
except KeyError:
raise RuntimeError("OpenDNSSEC GID not found")

View File

@ -15,6 +15,7 @@ from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
from ipapython import sysrestore, ipautil, ipaldap, p11helper
from ipaplatform import services
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipalib import errors, api
from ipaserver.install import dnskeysyncinstance
@ -125,22 +126,22 @@ class OpenDNSSECInstance(service.Service):
ods_enforcerd = services.knownservices.ods_enforcerd
try:
self.named_uid = pwd.getpwnam(named.get_user_name()).pw_uid
self.named_uid = pwd.getpwnam(constants.NAMED_USER).pw_uid
except KeyError:
raise RuntimeError("Named UID not found")
try:
self.named_gid = grp.getgrnam(named.get_group_name()).gr_gid
self.named_gid = grp.getgrnam(constants.NAMED_GROUP).gr_gid
except KeyError:
raise RuntimeError("Named GID not found")
try:
self.ods_uid = pwd.getpwnam(ods_enforcerd.get_user_name()).pw_uid
self.ods_uid = pwd.getpwnam(constants.ODS_USER).pw_uid
except KeyError:
raise RuntimeError("OpenDNSSEC UID not found")
try:
self.ods_gid = grp.getgrnam(ods_enforcerd.get_group_name()).gr_gid
self.ods_gid = grp.getgrnam(constants.ODS_GROUP).gr_gid
except KeyError:
raise RuntimeError("OpenDNSSEC GID not found")
@ -287,7 +288,7 @@ class OpenDNSSECInstance(service.Service):
ods_enforcerd = services.knownservices.ods_enforcerd
cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
result = ipautil.run(cmd,
runas=ods_enforcerd.get_user_name(),
runas=constants.ODS_USER,
capture_output=True)
with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf:
zonelistf.write(result.output)
@ -303,7 +304,7 @@ class OpenDNSSECInstance(service.Service):
]
ods_enforcerd = services.knownservices.ods_enforcerd
ipautil.run(command, stdin="y", runas=ods_enforcerd.get_user_name())
ipautil.run(command, stdin="y", runas=constants.ODS_USER)
def __setup_dnskeysyncd(self):
# set up dnskeysyncd this is DNSSEC master
@ -352,7 +353,7 @@ class OpenDNSSECInstance(service.Service):
cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
try:
self.print_msg("Exporting DNSSEC data before uninstallation")
ipautil.run(cmd, runas=ods_enforcerd.get_user_name())
ipautil.run(cmd, runas=constants.ODS_USER)
except CalledProcessError:
root_logger.error("DNSSEC data export failed")