rewrite HTTPInstance to be platform agnostic

Moved HTTPInstance class to the base.instances.http module and started
rewriting it to not use hardcoded paths and names, but instead use variables
defined in the implementations provided by the platform modules.

ipapython/platform/base/instances/http.py

@@ -73,7 +73,7 @@ class HTTPInstance(service.Service):
         self.ldap_connect()
 
 
-        self.step("disabling mod_ssl in httpd", self.__disable_mod_ssl)
+        self.step("disabling mod_ssl in httpd", self._disable_mod_ssl)
         self.step("setting mod_nss port to 443", self.__set_mod_nss_port)
         self.step("setting mod_nss password file", self.__set_mod_nss_passwordfile)
         self.step("enabling mod_nss renegotiate", self.enable_mod_nss_renegotiate)
@@ -129,53 +129,52 @@ class HTTPInstance(service.Service):
 
     def __create_http_keytab(self):
         installutils.kadmin_addprinc(self.principal)
-        installutils.create_keytab("/etc/httpd/conf/ipa.keytab", self.principal)
+        installutils.create_keytab(self.keytab_path, self.principal)
         self.move_service(self.principal)
         self.add_cert_to_service()
 
-        pent = pwd.getpwnam("apache")
-        os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
+        pent = pwd.getpwnam(self.httpd_user)
+        os.chown(self.keytab_path, pent.pw_uid, pent.pw_gid)
 
     def __configure_http(self):
-        target_fname = '/etc/httpd/conf.d/ipa.conf'
+        target_fname = os.path.join(self.httpd_conf, 'ipa.conf')
         http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict)
-        self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf")
+        self.fstore.backup_file(os.path.join(target_fname)
         http_fd = open(target_fname, "w")
         http_fd.write(http_txt)
         http_fd.close()
         os.chmod(target_fname, 0644)
 
-        target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf'
+        target_fname = os.path.join(self.httpd_conf, 'ipa-rewrite.conf'
         http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict)
-        self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf")
+        self.fstore.backup_file(target_fname)
         http_fd = open(target_fname, "w")
         http_fd.write(http_txt)
         http_fd.close()
         os.chmod(target_fname, 0644)
 
-    def __disable_mod_ssl(self):
-        if os.path.exists(SSL_CONF):
-            self.fstore.backup_file(SSL_CONF)
-            os.unlink(SSL_CONF)
+    def _disable_mod_ssl(self):
+        # disabling apache2 modules varies from one distribution to another
+        # so this method has to be implemented by platform modules.
+        raise NotImplementedError
 
     def __set_mod_nss_port(self):
-        self.fstore.backup_file(NSS_CONF)
-        if installutils.update_file(NSS_CONF, '8443', '443') != 0:
+        self.fstore.backup_file(self.nss_vhost)
+        if installutils.update_file(self.nss_vhost, '8443', '443') != 0:
             print "Updating port in %s failed." % NSS_CONF
 
     def __set_mod_nss_nickname(self, nickname):
-        installutils.set_directive(NSS_CONF, 'NSSNickname', nickname)
+        installutils.set_directive(self.nss_vhost, 'NSSNickname', nickname)
 
     def enable_mod_nss_renegotiate(self):
-        installutils.set_directive(NSS_CONF, 'NSSRenegotiation', 'on', False)
-        installutils.set_directive(NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
+        installutils.set_directive(self.nss_vhost, 'NSSRenegotiation', 'on', False)
+        installutils.set_directive(self.nss_vhost, 'NSSRequireSafeNegotiation', 'on', False)
 
     def __set_mod_nss_passwordfile(self):
-        installutils.set_directive(NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
+        installutils.set_directive(self.nss_vhost, 'NSSPassPhraseDialog', self.password_conf)
 
     def __add_include(self):
-        """This should run after __set_mod_nss_port so is already backed up"""
-        if installutils.update_file(NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+        if installutils.update_file(self.nss_vhost, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
             print "Adding Include conf.d/ipa-rewrite to %s failed." % NSS_CONF
 
     def __setup_ssl(self):
@@ -214,7 +213,7 @@ class HTTPInstance(service.Service):
         os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
         os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(self.httpd_user)
         os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
         os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
         os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -275,7 +274,10 @@ class HTTPInstance(service.Service):
         if not enabled is None and not enabled:
             self.disable()
 
-        for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]:
+        for f in [os.path.join(self.httpd_conf, "ipa.conf", self.ssl_conf, self.nss_conf, self.nss_vhost]:
+            if not f:
+                continue
+
             try:
                 self.fstore.restore_file(f)
             except ValueError, error:
@@ -283,9 +285,9 @@ class HTTPInstance(service.Service):
                 pass
 
         # Remove the configuration files we create
-        installutils.remove_file("/etc/httpd/conf.d/ipa-rewrite.conf")
-        installutils.remove_file("/etc/httpd/conf.d/ipa.conf")
-        installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf")
+        installutils.remove_file(os.path.join(self.httpd_conf, "ipa-rewrite.conf"))
+        installutils.remove_file(os.path.join(self.httpd_conf, "ipa.conf"))
+        installutils.remove_file(os.path.join(self.httpd_conf, "ipa-pki-proxy.conf"))
 
         sebool_state = self.restore_state("httpd_can_network_connect")
         if not sebool_state is None:

ipapython/platform/debian/instances/http.py

@@ -1,19 +1,39 @@
-import ipautil
-import installutils
+# Authors: Krzysztof Klimonda <kklimonda@ubuntu.com>
+#
+# Copyright (C) 2012 Krzysztof Klimonda
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
 
-NSS_CONF = '/etc/apache2/mods-available/nss.conf'
+import os
 
-class DebianHTTPInstance(object):
+from ipapython import ipautil
+
+from ..base.instances import HTTPInstance
+
+class DebianHTTPInstance(HTTPInstance):
     def __init__(self):
-        pass
+        self.httpd_dir = "/etc/apache2"
+        self.httpd_conf_dir = os.path.join(self.httpd_dir, "conf.d")
+        self.nss_conf = os.path.join(self.httpd_dir, "mods-available/nss.conf")
+        self.nss_vhost = os.path.join(self.httpd_dir, "sites-available/nss")
+        self.ssl_conf = None  # not used by Debian for disabling mod_ssl
+        self.keytab_path = os.path.join(self.http_dir, "ipa.keytab")
+        self.httpd_user = "www-data"
+        self.password_conf = 'file:/etc/apache2/password.conf'
 
-    def __disable_mod_ssl(self):
-    	ipautil.run(['/usr/sbin/a2dismod', 'ssl'])
-
-
-    def __set_mod_nss_port(self):
-    	self.fstore.backup(NSS_CONF)
-    	if installutils.update_file(NSS_CONF, '8443', '443')
-
-    def __set_mod_nss_nickname(self, nickname):
-    	installutils.set_directive(NSS_CONF, 'NSSNickName', nickname)
+    def _disable_mod_ssl(self):
+        ipautil.run(["a2dismod", "ssl"])
+        ipautil.run(["a2dissite", "default-ssl"])