IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging

Browse Source 
change default_logger_level to debug in configure_standard_logging

add new ipa_log_manager module, move log_mgr there, also export
root_logger from log_mgr.

change all log_manager imports to ipa_log_manager and change
log_manager.root_logger to root_logger.

add missing import for parse_log_level()
This commit is contained in:
John Dennis 2011-11-15 14:39:31 -05:00 committed by Martin Kosek
parent 730f1228a9
commit 56401c1abe
44 changed files with 697 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
contrib/RHEL4/ipa-client-setup
View File

@ -26,7 +26,7 @@ import os
import string
import shutil
import socket
import logging
from ipapython.ipa_log_manager import *
from optparse import OptionParser
import ipachangeconf
import ldap
@ -53,55 +53,55 @@ class ipaserver:
return str(self.basedn)
def check(self):
lret = []
lres = []
lattr = ""
linfo = ""
lrealms = []
i = 0
#now verify the server is really an IPA server
try:
logging.debug("Init ldap with: ldap://"+self.server+":389")
root_logger.debug("Init ldap with: ldap://"+self.server+":389")
lh = ldap.initialize("ldap://"+self.server+":389")
lh.simple_bind_s("","")
logging.debug("Search rootdse")
root_logger.debug("Search rootdse")
lret = lh.search_s("", ldap.SCOPE_BASE, "(objectClass=*)")
for lattr in lret[0][1]:
if lattr.lower() == "namingcontexts":
self.basedn = lret[0][1][lattr][0]
logging.debug("Search for (info=*) in "+self.basedn+"(base)")
root_logger.debug("Search for (info=*) in "+self.basedn+"(base)")
lret = lh.search_s(self.basedn, ldap.SCOPE_BASE, "(info=IPA*)")
if not lret:
return False
logging.debug("Found: "+str(lret))
root_logger.debug("Found: "+str(lret))
for lattr in lret[0][1]:
if lattr.lower() == "info":
linfo = lret[0][1][lattr][0].lower()
break
if not linfo:
return False
#search and return known realms
logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)")
root_logger.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)")
lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)")
if not lret:
#something very wrong
return False
logging.debug("Found: "+str(lret))
root_logger.debug("Found: "+str(lret))
for lres in lret:
for lattr in lres[1]:
if lattr.lower() == "cn":
lrealms.append(lres[1][lattr][0])
if len(lrealms) != 1:
#which one? we can't attach to a multi-realm server without DNS working
return False
@ -109,10 +109,10 @@ class ipaserver:
self.realm = lrealms[0]
self.domain = lrealms[0].lower()
return True
except LDAPError, err:
#no good
logging.error("Ldap Error: "+str(err))
root_logger.error("Ldap Error: "+str(err))
return False
ntp_conf = """# Permit time synchronization with our time source, but do not
@ -123,7 +123,7 @@ restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
@ -141,9 +141,9 @@ server $SERVER
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
@ -152,7 +152,7 @@ server 127.127.1.0 # local clock
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
@ -222,26 +222,11 @@ def ask_for_confirmation(message):
return True
def logging_setup(options):
# Always log everything (i.e., DEBUG) to the log
# file.
logger = logging.getLogger('ipa-client-setup')
fh = logging.FileHandler('ipaclient-install.log')
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
fh.setFormatter(formatter)
logger.addHandler(fh)
# If the debug option is set, also log debug messages to the console
if options.debug:
logger.setLevel(logging.DEBUG)
else:
# Otherwise, log critical and error messages
logger.setLevel(logging.ERROR)
return logger
standard_logging_setup('ipaclient-install.log', debug=options.debug)
def main():
options = parse_options()
logger = logging_setup(options)
logging_setup(options)
dnsok = True
ipasrv = ipaserver(options.server)

10
install/migration/migration.py
View File

@ -25,7 +25,7 @@ import errno
import glob
import ldap
import wsgiref
import logging
from ipapython.ipa_log_manager import *
from ipapython.ipautil import get_ipa_basedn
BASE_DN = ''
@ -68,7 +68,7 @@ def get_base_dn():
conn.simple_bind_s('', '')
BASE_DN = get_ipa_basedn(conn)
except ldap.LDAPError, e:
logging.error('migration context search failed: %s' % e)
root_logger.error('migration context search failed: %s' % e)
return ''
finally:
conn.unbind_s()
@ -78,7 +78,7 @@ def get_base_dn():
def bind(username, password):
base_dn = get_base_dn()
if not base_dn:
logging.error('migration unable to get base dn')
root_logger.error('migration unable to get base dn')
raise IOError(errno.EIO, 'Cannot get Base DN')
bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn)
try:
@ -86,10 +86,10 @@ def bind(username, password):
conn.simple_bind_s(bind_dn, password)
except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM,
ldap.NO_SUCH_OBJECT), e:
logging.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e)))
root_logger.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e)))
raise IOError(errno.EPERM, 'Invalid LDAP credentials for user %s' % username)
except ldap.LDAPError, e:
logging.error('migration bind failed: %s' % convert_exception(e))
root_logger.error('migration bind failed: %s' % convert_exception(e))
raise IOError(errno.EIO, 'Bind error')
finally:
conn.unbind_s()

11
install/tools/ipa-adtrust-install
View File

@ -33,6 +33,7 @@ from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
import krbV
import ldap
from ipapython.ipa_log_manager import *
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
@ -82,11 +83,11 @@ def main():
if os.getegid() != 0:
sys.exit("Must be root to setup AD trusts on server")
standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug, filemode='a')
print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
logging.debug("missing options might be asked for interactively later\n")
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
installutils.check_server_configuration()
@ -149,7 +150,7 @@ def main():
sys.exit("Aborting installation.")
ip_address = str(ip)
logging.debug("will use ip_address: %s\n", ip_address)
root_logger.debug("will use ip_address: %s\n", ip_address)
if not options.unattended:
print ""
@ -245,5 +246,5 @@ except Exception, e:
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.debug(message)
root_logger.debug(message)
sys.exit(1)

11
install/tools/ipa-ca-install
View File

@ -21,7 +21,7 @@
import sys
import socket
import os, traceback, logging, shutil
import os, traceback, shutil
from ipapython import ipautil
from ipapython import services as ipaservices
@ -37,6 +37,7 @@ from ipapython import version
from ipalib import api, util
from ipapython.config import IPAOptionParser
from ipapython import sysrestore
from ipapython.ipa_log_manager import *
CACERT="/etc/ipa/ca.crt"
REPLICA_INFO_TOP_DIR=None
@ -71,8 +72,8 @@ def get_dirman_password():
def main():
safe_options, options, filename = parse_options()
installutils.standard_logging_setup("/var/log/ipareplica-ca-install.log", options.debug)
logging.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
standard_logging_setup("/var/log/ipareplica-ca-install.log", debug=options.debug)
root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
if not ipautil.file_exists(filename):
sys.exit("Replica file %s does not exist" % filename)
@ -120,7 +121,7 @@ def main():
try:
host = get_host_name(options.no_host_dns)
except BadHostError, e:
logging.error(str(e))
root_logger.error(str(e))
sys.exit(1)
if config.host_name != host:
try:
@ -170,7 +171,7 @@ except Exception, e:
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.debug(message)
root_logger.debug(message)
except KeyboardInterrupt:
print "Installation cancelled."
finally:

8
install/tools/ipa-compat-manage
View File

@ -27,7 +27,7 @@ try:
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
import logging
from ipapython.ipa_log_manager import *
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@ -79,20 +79,16 @@ def get_entry(dn, conn):
def main():
retval = 0
loglevel = logging.ERROR
files = ['/usr/share/ipa/schema_compat.uldif']
options, args = parse_options()
if options.debug:
loglevel = logging.DEBUG
if len(args) != 1:
sys.exit("You must specify one action, either enable or disable")
elif args[0] != "enable" and args[0] != "disable" and args[0] != "status":
sys.exit("Unrecognized action [" + args[0] + "]")
logging.basicConfig(level=loglevel,
format='%(levelname)s %(message)s')
standard_logging_setup(None, debug=options.debug)
dirman_password = ""
if options.password:

20
install/tools/ipa-csreplica-manage
View File

@ -23,7 +23,7 @@ import sys
import os
import ldap, krbV
import logging
from ipapython.ipa_log_manager import *
from ipapython import ipautil
from ipaserver.install import replication, installutils
@ -116,7 +116,7 @@ class CSReplicationManager(replication.ReplicationManager):
try:
self.conn.modify_s(dn, mod)
except Exception, e:
logging.debug("Failed to remove referral value: %s" % convert_error(e))
root_logger.debug("Failed to remove referral value: %s" % convert_error(e))
def parse_options():
from optparse import OptionParser
@ -154,13 +154,6 @@ def parse_options():
cmdstr = " | ".join(commands.keys())
parser.error("must provide a command [%s]" % cmdstr)
# set log level
if options.verbose:
# if verbose, output events at INFO level if not already
mylogger = logging.getLogger()
if mylogger.getEffectiveLevel() > logging.INFO:
mylogger.setLevel(logging.INFO)
# else user has already configured logging externally lower
return options, args
def list_replicas(realm, host, replica, dirman_passwd, verbose):
@ -357,10 +350,10 @@ def re_initialize(realm, options):
filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost
entry = repl.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter)
if len(entry) == 0:
logging.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost))
root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost))
sys.exit(1)
if len(entry) > 1:
logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn))
root_logger.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn))
repl.initialize_replication(entry[0].dn, repl.conn)
repl.wait_for_repl_init(repl.conn, entry[0].dn)
@ -378,8 +371,9 @@ def main():
# Just initialize the environment. This is so the installer can have
# access to the plugin environment
api_env = {}
api_env['in_server'] = True
api_env = {'in_server' : True,
'verbose' : options.verbose,
}
if os.getegid() != 0:
api_env['log'] = None # turn off logging for non-root

13
install/tools/ipa-dns-install
View File

@ -32,6 +32,7 @@ from ipapython.config import IPAOptionParser
from ipalib.constants import DNS_ZONE_REFRESH
import krbV
import ldap
from ipapython.ipa_log_manager import *
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
@ -88,11 +89,11 @@ def main():
if os.getegid() != 0:
sys.exit("Must be root to setup server")
standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a')
standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug, filemode='a')
print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
logging.debug("missing options might be asked for interactively later\n")
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
installutils.check_server_configuration()
@ -157,7 +158,7 @@ def main():
else:
ip = read_ip_address(api.env.host, fstore)
ip_address = str(ip)
logging.debug("will use ip_address: %s\n", ip_address)
root_logger.debug("will use ip_address: %s\n", ip_address)
if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip):
sys.exit(1)
@ -168,7 +169,7 @@ def main():
dns_forwarders = options.forwarders
else:
dns_forwarders = read_dns_forwarders()
logging.debug("will use dns_forwarders: %s\n", str(dns_forwarders))
root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders))
if bind.dm_password:
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password)
@ -236,5 +237,5 @@ except Exception, e:
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.debug(message)
root_logger.debug(message)
sys.exit(1)

20
install/tools/ipa-ldap-updater
View File

@ -32,8 +32,8 @@ try:
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
from ipaserver.install.upgradeinstance import IPAUpgrade
from ipapython import sysrestore
import logging
import krbV
from ipapython.ipa_log_manager import *
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@ -76,13 +76,10 @@ def get_dirman_password():
return password
def main():
loglevel = logging.INFO
badsyntax = False
upgradefailed = False
safe_options, options, args = parse_options()
if options.debug:
loglevel = logging.DEBUG
if os.getegid() == 0:
installutils.check_server_configuration()
@ -103,19 +100,11 @@ def main():
if len(args) > 0:
files = args
# Clear all existing log handler
loggers = logging.getLogger()
if loggers.handlers:
for handler in loggers.handlers:
loggers.removeHandler(handler)
if options.upgrade:
if os.getegid() != 0:
sys.exit('Upgrade can only be done as root')
logging.basicConfig(level=loglevel,
format='%(asctime)s %(levelname)s %(message)s',
filename='/var/log/ipaupgrade.log',
filemode='a')
logging.debug('%s was invoked with arguments %s and options: %s' % (sys.argv[0], args, safe_options))
standard_logging_setup('/var/log/ipaupgrade.log', verbose=True, debug=options.debug, filemode='a')
root_logger.debug('%s was invoked with arguments %s and options: %s' % (sys.argv[0], args, safe_options))
realm = krbV.default_context().default_realm
upgrade = IPAUpgrade(realm, files, live_run=not options.test)
upgrade.create_instance()
@ -123,8 +112,7 @@ def main():
badsyntax = upgrade.badsyntax
upgradefailed = upgrade.upgradefailed
else:
logging.basicConfig(level=loglevel,
format='%(levelname)s %(message)s')
standard_logging_setup(None, verbose=True, debug=options.debug)
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, live_run=not options.test, ldapi=options.ldapi)
if len(files) < 1:
files = ld.get_all_files(UPDATES_DIR)

9
install/tools/ipa-managed-entries
View File

@ -29,7 +29,8 @@ try:
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
from ipalib.dn import *
import logging
from ipapython.ipa_log_manager import *
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@ -75,11 +76,8 @@ def get_dirman_password():
def main():
retval = 0
loglevel = logging.ERROR
def_dn = None
options, args = parse_options()
if options.debug:
loglevel = logging.DEBUG
if options.list_managed_entries:
pass
@ -87,8 +85,7 @@ def main():
sys.exit("You must specify an action, either status, enable or disable")
elif args[0] != "enable" and args[0] != "disable" and args[0] != "status":
sys.exit("Unrecognized action [" + args[0] + "]")
logging.basicConfig(level=loglevel,
format='%(levelname)s %(message)s')
standard_logging_setup(None, debug=options.debug)
host = installutils.get_fqdn()
api.bootstrap(context='cli', debug=options.debug)

9
install/tools/ipa-nis-manage
View File

@ -29,7 +29,7 @@ try:
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
import logging
from ipapython.ipa_log_manager import *
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@ -81,7 +81,6 @@ def get_entry(dn, conn):
def main():
retval = 0
loglevel = logging.ERROR
files = ['/usr/share/ipa/nis.uldif']
servicemsg = ""
@ -91,17 +90,13 @@ def main():
installutils.check_server_configuration()
options, args = parse_options()
if options.debug:
loglevel = logging.DEBUG
if len(args) != 1:
sys.exit("You must specify one action, either enable or disable")
elif args[0] != "enable" and args[0] != "disable":
sys.exit("Unrecognized action [" + args[0] + "]")
logging.basicConfig(level=loglevel,
format='%(levelname)s %(message)s')
standard_logging_setup(None, debug=options.debug)
dirman_password = ""
if options.password:
try:

31
install/tools/ipa-replica-conncheck
View File

@ -25,7 +25,7 @@ from ipapython.ipautil import CalledProcessError
from ipaserver.install import installutils
import ipaclient.ipachangeconf
from optparse import OptionGroup
import logging
from ipapython.ipa_log_manager import *
import sys
import os
import signal
@ -138,25 +138,12 @@ def parse_options():
return safe_options, options
def logging_setup(options):
log_file = None
if os.getegid() == 0:
log_file = "/var/log/ipareplica-conncheck.log"
old_umask = os.umask(077)
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s',
filename=log_file,
filemode='w')
os.umask(old_umask)
console = logging.StreamHandler()
# If the debug option is set, also log debug messages to the console
if options.debug:
console.setLevel(logging.DEBUG)
else:
# Otherwise, log critical and error messages
console.setLevel(logging.ERROR)
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
console.setFormatter(formatter)
logging.getLogger('').addHandler(console)
standard_logging_setup(log_file, debug=options.debug)
def clean_responders(responders):
if not responders:
@ -217,8 +204,8 @@ def configure_krb5_conf(realm, kdc, filename):
appopts = [{'name':'pam', 'type':'subsection', 'value':pamopts}]
opts.append({'name':'appdefaults', 'type':'section', 'value':appopts})
logging.debug("Writing temporary Kerberos configuration to %s:\n%s"
% (filename, krbconf.dump(opts)))
root_logger.debug("Writing temporary Kerberos configuration to %s:\n%s"
% (filename, krbconf.dump(opts)))
krbconf.newConf(filename, opts)
@ -265,8 +252,8 @@ def main():
safe_options, options = parse_options()
logging_setup(options)
logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
logging.debug("missing options might be asked for interactively later\n")
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
signal.signal(signal.SIGTERM, sigterm_handler)
signal.signal(signal.SIGINT, sigterm_handler)
@ -291,7 +278,7 @@ def main():
global RESPONDERS
print_info("Start listening on required ports for remote master check")
for port in required_ports:
logging.debug("Start listening on port %d (%s)" % (port.port, port.description))
root_logger.debug("Start listening on port %d (%s)" % (port.port, port.description))
responder = PortResponder(port.port, port.stream)
responder.start()
RESPONDERS.append(responder)

21
install/tools/ipa-replica-install
View File

@ -21,7 +21,7 @@
import sys
import socket
import os, pwd, traceback, logging, shutil
import os, pwd, traceback, shutil
import grp
from optparse import OptionGroup
@ -40,6 +40,7 @@ from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
from ipapython import sysrestore
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
CACERT="/etc/ipa/ca.crt"
REPLICA_INFO_TOP_DIR=None
@ -265,8 +266,8 @@ def check_bind():
def main():
safe_options, options, filename = parse_options()
installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug)
logging.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
standard_logging_setup("/var/log/ipareplica-install.log", debug=options.debug)
root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
if not ipautil.file_exists(filename):
sys.exit("Replica file %s does not exist" % filename)
@ -310,7 +311,7 @@ def main():
try:
host = get_host_name(options.no_host_dns)
except BadHostError, e:
logging.error(str(e))
root_logger.error(str(e))
sys.exit(1)
if config.host_name != host:
try:
@ -355,16 +356,16 @@ def main():
# Create DS group if it doesn't exist yet
try:
grp.getgrnam(dsinstance.DS_GROUP)
logging.debug("ds group %s exists" % dsinstance.DS_GROUP)
root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP)
group_exists = True
except KeyError:
group_exists = False
args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP]
try:
ipautil.run(args)
logging.debug("done adding DS group")
root_logger.debug("done adding DS group")
except ipautil.CalledProcessError, e:
logging.critical("failed to add DS group: %s" % e)
root_logger.critical("failed to add DS group: %s" % e)
sstore.backup_state("install", "group_exists", group_exists)
#Automatically disable pkinit w/ dogtag until that is supported
@ -475,9 +476,9 @@ except Exception, e:
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.debug(message)
root_logger.debug(message)
except KeyboardInterrupt:
print "Installation cancelled."
print "Installation cancelled."
finally:
# always try to remove decrypted replica file
try:
@ -487,7 +488,7 @@ finally:
pass
print ""
print "Your system may be partly configured."
print "Your system may be partly configured."
print "Run /usr/sbin/ipa-server-install --uninstall to clean up."
# the only way to get here is on error or ^C

21
install/tools/ipa-replica-manage
View File

@ -21,7 +21,7 @@ import sys
import os
import ldap, re, krbV
import traceback, logging
import traceback
from ipapython import ipautil
from ipaserver.install import replication, dsinstance, installutils
@ -29,6 +29,7 @@ from ipaserver.install import bindinstance
from ipaserver import ipaldap
from ipapython import version
from ipalib import api, errors, util
from ipapython.ipa_log_manager import *
CACERT = "/etc/ipa/ca.crt"
@ -93,13 +94,6 @@ def parse_options():
cmdstr = " | ".join(commands.keys())
parser.error("must provide a command [%s]" % cmdstr)
# set log level
if options.verbose:
# if verbose, output events at INFO level if not already
mylogger = logging.getLogger()
if mylogger.getEffectiveLevel() > logging.INFO:
mylogger.setLevel(logging.INFO)
# else user has already configured logging externally lower
return options, args
def test_connection(realm, host):
@ -346,7 +340,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
if options.winsync:
if not options.binddn or not options.bindpw or not options.cacert or not options.passsync:
logging.error("The arguments --binddn, --bindpw, --passsync and --cacert are required to create a winsync agreement")
root_logger.error("The arguments --binddn, --bindpw, --passsync and --cacert are required to create a winsync agreement")
sys.exit(1)
if options.cacert:
@ -396,10 +390,10 @@ def re_initialize(realm, options):
filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost
entry = repl.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter)
if len(entry) == 0:
logging.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost))
root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost))
sys.exit(1)
if len(entry) > 1:
logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn))
root_logger.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn))
repl.initialize_replication(entry[0].dn, repl.conn)
repl.wait_for_repl_init(repl.conn, entry[0].dn)
@ -422,8 +416,9 @@ def main():
# Just initialize the environment. This is so the installer can have
# access to the plugin environment
api_env = {}
api_env['in_server'] = True
api_env = {'in_server' : True,
'verbose' : options.verbose,
}
if os.getegid() != 0:
api_env['log'] = None # turn off logging for non-root

11
install/tools/ipa-replica-prepare
View File

@ -20,7 +20,8 @@
import sys
import logging, tempfile, shutil, os, pwd
import tempfile, shutil, os, pwd
from ipapython.ipa_log_manager import *
import traceback
from ConfigParser import SafeConfigParser
import krbV
@ -51,7 +52,7 @@ def parse_options():
help="PIN for the Apache Server PKCS#12 file")
parser.add_option("--pkinit_pin", dest="pkinit_pin",
help="PIN for the KDC pkinit PKCS#12 file")
parser.add_option("-p", "--password", dest="password",
parser.add_option("-p", "--password", dest="password",
help="Directory Manager (existing master) password")
parser.add_option("--ip-address", dest="ip_address",
type="ip", help="Add A and PTR records of the future replica")
@ -100,7 +101,7 @@ def get_subject_base(host_name, dm_password, suffix):
conn = ldap2(shared_instance=False, base_dn=suffix)
conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
except errors.ExecutionError, e:
logging.critical("Could not connect to the Directory Server on %s" % host_name)
root_logger.critical("Could not connect to the Directory Server on %s" % host_name)
raise e
(dn, entry_attrs) = conn.get_ipa_config()
conn.disconnect()
@ -109,7 +110,7 @@ def get_subject_base(host_name, dm_password, suffix):
def check_ipa_configuration(realm_name):
config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
if not ipautil.dir_exists(config_dir):
logging.error("could not find directory instance: %s" % config_dir)
root_logger.error("could not find directory instance: %s" % config_dir)
sys.exit(1)
def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname, subject_base=None, is_kdc=False):
@ -472,6 +473,6 @@ except Exception, e:
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.debug(message)
root_logger.debug(message)
print message
sys.exit(1)

44
install/tools/ipa-server-install
View File

@ -29,7 +29,6 @@
import sys
import os
import errno
import logging
import grp
import subprocess
import signal
@ -63,6 +62,7 @@ from ipalib.dn import DN
from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
from ipalib.constants import DNS_ZONE_REFRESH
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
pw_name = None
uninstalling = False
@ -440,7 +440,7 @@ def uninstall():
try:
(stdout, stderr, rc) = run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"], raiseonerr=False)
if rc not in [0,2]:
logging.debug("ipa-client-install returned %d" % rc)
root_logger.debug("ipa-client-install returned %d" % rc)
raise RuntimeError(stdout)
except Exception, e:
rv = 1
@ -472,10 +472,10 @@ def uninstall():
try:
ipautil.run(["/usr/sbin/groupdel", dsinstance.DS_GROUP])
except ipautil.CalledProcessError, e:
logging.critical("failed to delete group %s" % e)
root_logger.critical("failed to delete group %s" % e)
rv = 1
except KeyError:
logging.info("Group %s already removed", dsinstance.DS_GROUP)
root_logger.info("Group %s already removed", dsinstance.DS_GROUP)
ipaservices.knownservices.ipa.disable()
@ -488,16 +488,16 @@ def uninstall():
print >>sys.stderr, "Failed to set this machine hostname back to %s (%s)." % (old_hostname, str(e))
if fstore.has_files():
logging.error('Some files have not been restored, see /var/lib/ipa/sysrestore/sysrestore.index')
root_logger.error('Some files have not been restored, see /var/lib/ipa/sysrestore/sysrestore.index')
has_state = False
for module in IPA_MODULES: # from installutils
if sstore.has_state(module):
logging.error('Some installation state for %s has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state' % module)
root_logger.error('Some installation state for %s has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state' % module)
has_state = True
rv = 1
if has_state:
logging.warn('Some installation state has not been restored.\nThis will cause re-installation to fail.\nIt should be safe to remove /var/lib/ipa/sysrestore.state but it may\nmean your system hasn\'t be restored to its pre-installation state.')
root_logger.warning('Some installation state has not been restored.\nThis will cause re-installation to fail.\nIt should be safe to remove /var/lib/ipa/sysrestore.state but it may\nmean your system hasn\'t be restored to its pre-installation state.')
return rv
@ -510,7 +510,7 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
except errors.ExecutionError, e:
logging.critical("Could not connect to the Directory Server on %s" % realm_name)
root_logger.critical("Could not connect to the Directory Server on %s" % realm_name)
raise e
(dn, entry_attrs) = conn.get_ipa_config()
if 'ipacertificatesubjectbase' not in entry_attrs:
@ -534,9 +534,9 @@ def main():
if options.uninstall:
uninstalling = True
standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug)
standard_logging_setup("/var/log/ipaserver-uninstall.log", debug=options.debug)
else:
standard_logging_setup("/var/log/ipaserver-install.log", options.debug)
standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug)
print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
if not options.external_ca and not options.external_cert_file and is_ipa_configured():
sys.exit("IPA server is already configured on this system.\n"
@ -547,8 +547,8 @@ def main():
sys.exit("IPA client is already configured on this system.\n"
+ "Please uninstall it first before configuring the IPA server.")
logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
logging.debug("missing options might be asked for interactively later\n")
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
global fstore
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
@ -706,7 +706,7 @@ def main():
sys.exit(str(e) + "\n")
host_name = host_name.lower()
logging.debug("will use host_name: %s\n" % host_name)
root_logger.debug("will use host_name: %s\n" % host_name)
system_hostname = get_fqdn()
if host_name != system_hostname:
@ -719,7 +719,7 @@ def main():
if not options.domain_name:
domain_name = read_domain_name(host_name[host_name.find(".")+1:], options.unattended)
logging.debug("read domain_name: %s\n" % domain_name)
root_logger.debug("read domain_name: %s\n" % domain_name)
else:
domain_name = options.domain_name
@ -751,7 +751,7 @@ def main():
if ip is None:
ip = read_ip_address(host_name, fstore)
logging.debug("read ip_address: %s\n" % str(ip))
root_logger.debug("read ip_address: %s\n" % str(ip))
ip_address = str(ip)
@ -785,7 +785,7 @@ def main():
if not options.realm_name:
realm_name = read_realm_name(domain_name, options.unattended)
logging.debug("read realm_name: %s\n" % realm_name)
root_logger.debug("read realm_name: %s\n" % realm_name)
else:
realm_name = options.realm_name.upper()
@ -831,7 +831,7 @@ def main():
print "Using reverse zone %s" % reverse_zone
else:
dns_forwarders = ()
logging.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
root_logger.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
# Create the management framework config file and finalize api
target_fname = '/etc/ipa/default.conf'
@ -862,7 +862,7 @@ def main():
print ""
if host_name != system_hostname:
logging.debug("Chosen hostname (%s) differs from system hostname (%s) - change it" \
root_logger.debug("Chosen hostname (%s) differs from system hostname (%s) - change it" \
% (host_name, system_hostname))
# configure /etc/sysconfig/network to contain the custom hostname
ipaservices.backup_and_replace_hostname(fstore, sstore, host_name)
@ -870,16 +870,16 @@ def main():
# Create DS group if it doesn't exist yet
try:
grp.getgrnam(dsinstance.DS_GROUP)
logging.debug("ds group %s exists" % dsinstance.DS_GROUP)
root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP)
group_exists = True
except KeyError:
group_exists = False
args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP]
try:
ipautil.run(args)
logging.debug("done adding DS group")
root_logger.debug("done adding DS group")
except ipautil.CalledProcessError, e:
logging.critical("failed to add DS group: %s" % e)
root_logger.critical("failed to add DS group: %s" % e)
sstore.backup_state("install", "group_exists", group_exists)
# Configure ntpd
@ -1131,7 +1131,7 @@ try:
message = str(e)
for str in traceback.format_tb(sys.exc_info()[2]):
message = message + "\n" + str
logging.debug(message)
root_logger.debug(message)
sys.exit(1)
finally:
if pw_name and ipautil.file_exists(pw_name):

1
install/tools/ipactl
View File

@ -29,7 +29,6 @@ try:
from ipapython import config
from ipalib import api, errors
from ipalib.dn import DN
import logging
import ldap
import ldap.sasl
import ldapurl

77
ipa-client/ipa-install/ipa-client-install
View File

@ -25,7 +25,7 @@ try:
import os
import time
import socket
import logging
from ipapython.ipa_log_manager import *
import tempfile
import getpass
from ipaclient import ipadiscovery
@ -128,33 +128,14 @@ def parse_options():
return safe_opts, options
def logging_setup(options):
# Always log everything (i.e., DEBUG) to the log
# file.
log_file = "/var/log/ipaclient-install.log"
if options.uninstall:
log_file = "/var/log/ipaclient-uninstall.log"
old_umask = os.umask(077)
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s',
filename=log_file,
filemode='w')
os.umask(old_umask)
console = logging.StreamHandler()
# If the debug option is set, also log debug messages to the console
if options.debug:
console.setLevel(logging.DEBUG)
else:
# Otherwise, log critical and error messages
console.setLevel(logging.ERROR)
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
console.setFormatter(formatter)
logging.getLogger('').addHandler(console)
standard_logging_setup(log_file, debug=options.debug)
def log_service_error(name, action, error):
logging.error("%s failed to %s: %s" % (name, action, str(error)))
root_logger.error("%s failed to %s: %s" % (name, action, str(error)))
def nickname_exists(nickname):
(sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "/etc/pki/nssdb", "-n", nickname], raiseonerr=False)
@ -237,7 +218,7 @@ def uninstall(options, env, quiet=False):
try:
certmonger.stop_tracking('/etc/pki/nssdb', nickname=client_nss_nickname)
except (CalledProcessError, RuntimeError), e:
logging.error("%s failed to stop tracking certificate: %s" % (cmonger.service_name, str(e)))
root_logger.error("%s failed to stop tracking certificate: %s" % (cmonger.service_name, str(e)))
if nickname_exists(client_nss_nickname):
try:
@ -257,7 +238,7 @@ def uninstall(options, env, quiet=False):
cmonger.disable()
except Exception, e:
emit_quiet(quiet, "Failed to disable automatic startup of the %s service" % (cmonger.service_name))
logging.error("Failed to disable automatic startup of the %s service: %s" % (cmonger.service_name, str(e)))
root_logger.error("Failed to disable automatic startup of the %s service: %s" % (cmonger.service_name, str(e)))
if not options.on_master and os.path.exists('/etc/ipa/default.conf'):
emit_quiet(quiet, "Unenrolling client from IPA server")
@ -277,7 +258,7 @@ def uninstall(options, env, quiet=False):
run(["/usr/sbin/ipa-rmkeytab", "-k", "/etc/krb5.keytab", "-r", realm])
except Exception, e:
emit_quiet(quiet, "Failed to clean up /etc/krb5.keytab")
logging.debug("Failed to remove Kerberos service principals: %s" % str(e))
root_logger.debug("Failed to remove Kerberos service principals: %s" % str(e))
emit_quiet(quiet, "Disabling client Kerberos and LDAP configurations")
was_sssd_installed = False
@ -334,7 +315,7 @@ def uninstall(options, env, quiet=False):
emit_quiet(quiet, "Failed to configure automatic startup of the %s daemon" % (nscd.service_name))
else:
# this is optional service, just log
logging.info("%s daemon is not installed, skip configuration" % (nscd.service_name))
root_logger.info("%s daemon is not installed, skip configuration" % (nscd.service_name))
nslcd = ipaservices.knownservices.nslcd
if nslcd.is_installed():
@ -349,7 +330,7 @@ def uninstall(options, env, quiet=False):
emit_quiet(quiet, "Failed to disable automatic startup of the %s daemon" % (nslcd.service_name))
else:
# this is optional service, just log
logging.info("%s daemon is not installed, skip configuration" % (nslcd.service_name))
root_logger.info("%s daemon is not installed, skip configuration" % (nslcd.service_name))
ntp_configured = statestore.has_state('ntp')
if ntp_configured:
@ -519,9 +500,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
nslcd.enable()
except Exception, e:
print "Failed to configure automatic startup of the %s daemon" % (nslcd.service_name)
logging.error("Failed to enable automatic startup of the %s daemon: %s" % (nslcd.service_name, str(e)))
root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (nslcd.service_name, str(e)))
else:
logging.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name))
root_logger.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name))
return (0, None, None)
return (0, 'NSLCD', '/etc/nslcd.conf')
@ -598,7 +579,7 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, c
opts.append({'name':'domain_realm', 'type':'section', 'value':dropts})
opts.append({'name':'empty', 'type':'empty'})
logging.debug("Writing Kerberos configuration to %s:\n%s"
root_logger.debug("Writing Kerberos configuration to %s:\n%s"
% (filename, krbconf.dump(opts)))
krbconf.newConf(filename, opts)
@ -647,7 +628,7 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options):
except Exception, e:
print "Failed to configure automatic startup of the %s daemon" % (cmonger.service_name)
print "Automatic certificate management will not be available"
logging.error("Failed to disable automatic startup of the %s daemon: %s" % (cmonger.service_name, str(e)))
root_logger.error("Failed to disable automatic startup of the %s daemon: %s" % (cmonger.service_name, str(e)))
# Request our host cert
if started:
@ -669,7 +650,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
# This all means we can't use it and have to bail out
print "SSSD config exists but cannot be parsed: %s" % (str(e))
print "Correct errors in /etc/sssd/sssd.conf and re-run installation"
logging.error("Failed to parse SSSD configuration and was instructed to preserve existing SSSD config: %s" % (str(e)))
root_logger.error("Failed to parse SSSD configuration and was instructed to preserve existing SSSD config: %s" % (str(e)))
return 1
# SSSD configuration does not exist or we are not asked to preserve it, create new one
@ -684,8 +665,8 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
# It was not IOError so it must have been parsing error
print "Unable to parse existing SSSD config. As option --preserve-sssd was not specified, new config will override the old one."
print "The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall."
logging.error("Unable to parse existing SSSD config and --preserve-sssd was not specified: %s" % (str(e)))
logging.info("New SSSD config will be created")
root_logger.error("Unable to parse existing SSSD config and --preserve-sssd was not specified: %s" % (str(e)))
root_logger.info("New SSSD config will be created")
del sssdconfig
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.new_config()
@ -695,7 +676,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
except SSSDConfig.DomainAlreadyExistsError:
print "Domain %s is already configured in existing SSSD config, creating a new one." % cli_domain
print "The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall."
logging.debug("Domain %s is already configured in existing SSSD config, creating a new one." % cli_domain)
root_logger.debug("Domain %s is already configured in existing SSSD config, creating a new one." % cli_domain)
del sssdconfig
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.new_config()
@ -804,7 +785,7 @@ def update_dns(server, hostname):
update_txt = ipautil.template_str(template, sub_dict)
logging.debug("Writing nsupdate commands to %s:\n%s"
root_logger.debug("Writing nsupdate commands to %s:\n%s"
% (UPDATE_FILE, update_txt))
update_fd = file(UPDATE_FILE, "w")
@ -884,7 +865,7 @@ def install(options, env, fstore, statestore):
return CLIENT_INSTALL_ERROR
if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \
or not ds.getDomainName():
logging.debug("Domain not found")
root_logger.debug("Domain not found")
if options.domain:
cli_domain = options.domain
elif options.unattended:
@ -893,19 +874,19 @@ def install(options, env, fstore, statestore):
else:
print "DNS discovery failed to determine your DNS domain"
cli_domain = user_input("Provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
logging.debug("will use domain: %s\n", cli_domain)
root_logger.debug("will use domain: %s\n", cli_domain)
ret = ds.search(domain=cli_domain, server=options.server, hostname=hostname)
if not cli_domain:
if ds.getDomainName():
cli_domain = ds.getDomainName()
logging.debug("will use domain: %s\n", cli_domain)
root_logger.debug("will use domain: %s\n", cli_domain)
client_domain = hostname[hostname.find(".")+1:]
if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \
or not ds.getServerName():
logging.debug("IPA Server not found")
root_logger.debug("IPA Server not found")
if options.server:
cli_server = options.server
elif options.unattended:
@ -914,14 +895,14 @@ def install(options, env, fstore, statestore):
else:
print "DNS discovery failed to find the IPA Server"
cli_server = user_input("Provide your IPA server name (ex: ipa.example.com)", allow_empty = False)
logging.debug("will use server: %s\n", cli_server)
root_logger.debug("will use server: %s\n", cli_server)
ret = ds.search(domain=cli_domain, server=cli_server, hostname=hostname)
else:
dnsok = True
if not cli_server:
if ds.getServerName():
cli_server = ds.getServerName()
logging.debug("will use server: %s\n", cli_server)
root_logger.debug("will use server: %s\n", cli_server)
if ret == ipadiscovery.NOT_IPA_SERVER:
print >>sys.stderr, "%s is not an IPA v2 Server." % cli_server
@ -962,9 +943,9 @@ def install(options, env, fstore, statestore):
return CLIENT_INSTALL_ERROR
cli_realm = ds.getRealmName()
logging.debug("will use cli_realm: %s\n", cli_realm)
root_logger.debug("will use cli_realm: %s\n", cli_realm)
cli_basedn = ds.getBaseDN()
logging.debug("will use cli_basedn: %s\n", cli_basedn)
root_logger.debug("will use cli_basedn: %s\n", cli_basedn)
subject_base = "O=%s" % ds.getRealmName()
print "Hostname: "+hostname
@ -986,7 +967,7 @@ def install(options, env, fstore, statestore):
if not options.unattended:
if options.principal is None and options.password is None and options.prompt_password is False:
options.principal = user_input("User authorized to enroll computers", allow_empty=False)
logging.debug("will use principal: %s\n", options.principal)
root_logger.debug("will use principal: %s\n", options.principal)
# Get the CA certificate
try:
@ -1162,7 +1143,7 @@ def install(options, env, fstore, statestore):
else:
# this is optional service, just log
if not options.sssd:
logging.info("%s daemon is not installed, skip configuration" % (nscd.service_name))
root_logger.info("%s daemon is not installed, skip configuration" % (nscd.service_name))
retcode, conf, filename = (0, None, None)
# Modify nsswitch/pam stack
@ -1253,8 +1234,8 @@ def main():
if not os.getegid() == 0:
sys.exit("\nYou must be root to run ipa-client-install.\n")
logging_setup(options)
logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
logging.debug("missing options might be asked for interactively later\n")
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}

32
ipa-client/ipaclient/ipadiscovery.py
View File

@ -19,7 +19,7 @@
import socket
import os
import logging
from ipapython.ipa_log_manager import *
import ipapython.dnsclient
import tempfile
import ldap
@ -94,7 +94,7 @@ class IPADiscovery:
"""
server = None
while not server:
logging.debug("[ipadnssearchldap("+domain+")]")
root_logger.debug("[ipadnssearchldap("+domain+")]")
server = self.ipadnssearchldap(domain)
if server:
return (server, domain)
@ -148,7 +148,7 @@ class IPADiscovery:
if not self.domain: #no ldap server found
return NO_LDAP_SERVER
else:
logging.debug("[ipadnssearchldap]")
root_logger.debug("[ipadnssearchldap]")
self.server = self.ipadnssearchldap(domain)
if self.server:
self.domain = domain
@ -161,7 +161,7 @@ class IPADiscovery:
self.server = server
#search for kerberos
logging.debug("[ipadnssearchkrb]")
root_logger.debug("[ipadnssearchkrb]")
krbret = self.ipadnssearchkrb(self.domain)
if not server and not krbret[0]:
return REALM_NOT_FOUND
@ -169,7 +169,7 @@ class IPADiscovery:
self.realm = krbret[0]
self.kdc = krbret[1]
logging.debug("[ipacheckldap]")
root_logger.debug("[ipacheckldap]")
# check ldap now
ldapret = self.ipacheckldap(self.server, self.realm)
@ -180,12 +180,12 @@ class IPADiscovery:
if ldapret[0] == NO_ACCESS_TO_LDAP and self.realm is None:
# Assume realm is the same as domain.upper()
self.realm = self.domain.upper()
logging.debug("Assuming realm is the same as domain: %s" % self.realm)
root_logger.debug("Assuming realm is the same as domain: %s" % self.realm)
if ldapret[0] == NO_ACCESS_TO_LDAP and self.basedn is None:
# Generate suffix from realm
self.basedn = realm_to_suffix(self.realm)
logging.debug("Generate basedn from realm: %s" % self.basedn)
root_logger.debug("Generate basedn from realm: %s" % self.basedn)
return ldapret[0]
@ -223,12 +223,12 @@ class IPADiscovery:
run(["/usr/bin/wget", "-O", "%s/ca.crt" % temp_ca_dir, "-T", "15", "-t", "2",
"http://%s/ipa/config/ca.crt" % format_netloc(thost)])
except CalledProcessError, e:
logging.debug('Retrieving CA from %s failed.\n%s' % (thost, str(e)))
root_logger.debug('Retrieving CA from %s failed.\n%s' % (thost, str(e)))
return [NOT_IPA_SERVER]
#now verify the server is really an IPA server
try:
logging.debug("Init ldap with: ldap://"+format_netloc(thost, 389))
root_logger.debug("Init ldap with: ldap://"+format_netloc(thost, 389))
lh = ldap.initialize("ldap://"+format_netloc(thost, 389))
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, True)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "%s/ca.crt" % temp_ca_dir)
@ -238,7 +238,7 @@ class IPADiscovery:
lh.simple_bind_s("","")
# get IPA base DN
logging.debug("Search LDAP server for IPA base DN")
root_logger.debug("Search LDAP server for IPA base DN")
basedn = get_ipa_basedn(lh)
if basedn is None:
@ -247,12 +247,12 @@ class IPADiscovery:
self.basedn = basedn
#search and return known realms
logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)")
root_logger.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)")
lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)")
if not lret:
#something very wrong
return [REALM_NOT_FOUND]
logging.debug("Found: "+str(lret))
root_logger.debug("Found: "+str(lret))
for lres in lret:
for lattr in lres[1]:
@ -278,14 +278,14 @@ class IPADiscovery:
except LDAPError, err:
if isinstance(err, ldap.TIMEOUT):
logging.error("LDAP Error: timeout")
root_logger.error("LDAP Error: timeout")
return [NO_LDAP_SERVER]
if isinstance(err, ldap.INAPPROPRIATE_AUTH):
logging.debug("LDAP Error: Anonymous acces not allowed")
root_logger.debug("LDAP Error: Anonymous acces not allowed")
return [NO_ACCESS_TO_LDAP]
logging.error("LDAP Error: %s: %s" %
root_logger.error("LDAP Error: %s: %s" %
(err.args[0]['desc'], err.args[0].get('info', '')))
return [UNKNOWN_ERROR]
@ -372,6 +372,6 @@ class IPADiscovery:
kdc = qname
if not kdc:
logging.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname))
root_logger.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname))
return [realm, kdc]

17
ipalib/constants.py
View File

@ -59,23 +59,6 @@ CLI_TAB = ' ' # Two spaces
# The section to read in the config files, i.e. [global]
CONFIG_SECTION = 'global'
# Log format for stderr:
FORMAT_STDERR = ': '.join([
'ipa',
'%(levelname)s',
'%(message)s',
])
# Log format for log file:
FORMAT_FILE = '\t'.join([
'%(created)f',
'%(process)d',
'%(threadName)s',
'%(levelname)s',
'%(message)s',
])
# The default configuration for api.env
# This is a tuple instead of a dict so that it is immutable.
# To create a dict with this config, just "d = dict(DEFAULT_CONFIG)".

68
ipalib/plugable.py
View File

@ -29,7 +29,6 @@ import re
import sys
import inspect
import threading
import logging
import os
from os import path
import subprocess
@ -40,7 +39,8 @@ import util
import text
from text import _
from base import ReadOnly, NameSpace, lock, islocked, check_name
from constants import DEFAULT_CONFIG, FORMAT_STDERR, FORMAT_FILE
from constants import DEFAULT_CONFIG
from ipapython.ipa_log_manager import *
# FIXME: Updated constants.TYPE_ERROR to use this clearer format from wehjit:
TYPE_ERROR = '%s: need a %r; got a %r: %r'
@ -193,14 +193,7 @@ class Plugin(ReadOnly):
self.summary = '<%s>' % self.fullname
else:
self.summary = unicode(self.doc).split('\n\n', 1)[0].strip()
log = logging.getLogger(self.fullname)
for name in ('debug', 'info', 'warning', 'error', 'critical', 'exception'):
if hasattr(self, name):
raise StandardError(
'%s.%s attribute (%r) conflicts with Plugin logger' % (
self.name, name, getattr(self, name))
)
setattr(self, name, getattr(log, name))
log_mgr.get_logger(self, True)
if self.label is None:
self.label = text.FixMe(self.name + '.label')
if not isinstance(self.label, text.LazyText):
@ -307,8 +300,7 @@ class Plugin(ReadOnly):
for name in api:
assert not hasattr(self, name)
setattr(self, name, api[name])
# FIXME: the 'log' attribute is depreciated. See Plugin.__init__()
for name in ('env', 'context', 'log'):
for name in ('env', 'context'):
if hasattr(api, name):
assert not hasattr(self, name)
setattr(self, name, getattr(api, name))
@ -469,34 +461,32 @@ class API(DictProxy):
self.__doing('bootstrap')
self.env._bootstrap(**overrides)
self.env._finalize_core(**dict(DEFAULT_CONFIG))
log = logging.getLogger()
object.__setattr__(self, 'log_mgr', log_mgr)
log = log_mgr.root_logger
object.__setattr__(self, 'log', log)
# If logging has already been configured somewhere else (like in the
# installer), don't add handlers or change levels:
if len(log.handlers) > 0 or self.env.validate_api:
if log_mgr.configure_state != 'default' or self.env.validate_api:
return
if self.env.debug:
log.setLevel(logging.DEBUG)
else:
log.setLevel(logging.INFO)
log_mgr.configure_from_env(self.env, configure_state='api')
# Add stderr handler:
stderr = logging.StreamHandler()
level = 'info'
if self.env.debug:
stderr.setLevel(logging.DEBUG)
level = 'debug'
else:
if self.env.context == 'cli':
if self.env.verbose > 0:
stderr.setLevel(logging.INFO)
level = 'info'
else:
stderr.setLevel(logging.WARNING)
else:
stderr.setLevel(logging.INFO)
stderr.setFormatter(util.LogFormatter(FORMAT_STDERR))
log.addHandler(stderr)
level = 'warning'
if log_mgr.handlers.has_key('console'):
log_mgr.remove_handler('console')
log_mgr.create_log_handlers([dict(name='console',
stream=sys.stderr,
level=level,
format=LOGGING_FORMAT_STDERR)])
# Add file handler:
if self.env.mode in ('dummy', 'unit_test'):
return # But not if in unit-test mode
@ -509,17 +499,19 @@ class API(DictProxy):
except OSError:
log.error('Could not create log_dir %r', log_dir)
return
try:
handler = logging.FileHandler(self.env.log)
except IOError, e:
log.error('Cannot open log file %r: %s', self.env.log, e.strerror)
return
handler.setFormatter(util.LogFormatter(FORMAT_FILE))
level = 'info'
if self.env.debug:
handler.setLevel(logging.DEBUG)
else:
handler.setLevel(logging.INFO)
log.addHandler(handler)
level = 'debug'
try:
log_mgr.create_log_handlers([dict(name='file',
filename=self.env.log,
level=level,
format=LOGGING_FORMAT_FILE)])
except IOError, e:
log.error('Cannot open log file %r: %s', self.env.log, e)
return
def build_global_parser(self, parser=None, context=None):
"""

4
ipalib/plugins/aci.py
View File

@ -126,7 +126,7 @@ from ipalib import output
from ipalib import _, ngettext
if api.env.in_server and api.env.context in ['lite', 'server']:
from ldap import explode_dn
import logging
from ipapython.ipa_log_manager import *
ACI_NAME_PREFIX_SEP = ":"
@ -368,7 +368,7 @@ def _convert_strings_to_acis(acistrs):
try:
acis.append(ACI(a))
except SyntaxError, e:
logging.warn("Failed to parse: %s" % a)
root_logger.warning("Failed to parse: %s" % a)
return acis
def _find_aci_by_name(acis, aciprefix, aciname):

1
ipalib/plugins/cert.py
View File

@ -32,7 +32,6 @@ from ipalib import util
from ipalib.plugins.virtual import *
from ipalib.plugins.service import split_principal
import base64
import logging
import traceback
from ipalib.text import _
from ipalib.request import context

1
ipalib/plugins/migration.py
View File

@ -17,7 +17,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import re
import ldap as _ldap

8
ipalib/util.py
View File

@ -23,7 +23,6 @@ Various utility functions.
import os
import imp
import logging
import time
import socket
import re
@ -116,13 +115,6 @@ def import_plugins_subpackage(name):
__import__(full_name)
class LogFormatter(logging.Formatter):
"""
Log formatter that uses UTC for all timestamps.
"""
converter = time.gmtime
def make_repr(name, *args, **kw):
"""
Construct a standard representation of a class instance.

18
ipapython/dogtag.py
View File

@ -25,7 +25,7 @@ import nss.nss as nss
from nss.error import NSPRError
from ipalib.errors import NetworkError, CertificateOperationError
from urllib import urlencode
import logging
from ipapython.ipa_log_manager import *
def get_ca_certchain(ca_host=None):
"""
@ -74,8 +74,8 @@ def https_request(host, port, url, secdir, password, nickname, **kw):
host = host.encode('utf-8')
uri = 'https://%s%s' % (ipautil.format_netloc(host, port), url)
post = urlencode(kw)
logging.info('sslget %r', uri)
logging.debug('sslget post %r', post)
root_logger.info('sslget %r', uri)
root_logger.debug('sslget post %r', post)
request_headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain"}
try:
@ -112,8 +112,8 @@ def http_request(host, port, url, **kw):
host = host.encode('utf-8')
uri = 'http://%s%s' % (ipautil.format_netloc(host, port), url)
post = urlencode(kw)
logging.info('request %r', uri)
logging.debug('request post %r', post)
root_logger.info('request %r', uri)
root_logger.debug('request post %r', post)
conn = httplib.HTTPConnection(host, port)
try:
conn.request('POST', url,
@ -130,9 +130,9 @@ def http_request(host, port, url, **kw):
except NSPRError, e:
raise NetworkError(uri=uri, error=str(e))
logging.debug('request status %d', http_status)
logging.debug('request reason_phrase %r', http_reason_phrase)
logging.debug('request headers %s', http_headers)
logging.debug('request body %r', http_body)
root_logger.debug('request status %d', http_status)
root_logger.debug('request reason_phrase %r', http_reason_phrase)
root_logger.debug('request headers %s', http_headers)
root_logger.debug('request body %r', http_body)
return http_status, http_reason_phrase, http_headers, http_body

270
ipapython/ipa_log_manager.py Normal file
View File

@ -0,0 +1,270 @@
# Authors: John Dennis <jdennis@redhat.com>
#
# Copyright (C) 2011 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#-------------------------------------------------------------------------------
# Module exports
__all__ = ['log_mgr', 'root_logger', 'standard_logging_setup',
'IPA_ROOT_LOGGER_NAME', 'ISO8601_UTC_DATETIME_FMT',
'LOGGING_FORMAT_STDERR', 'LOGGING_FORMAT_STDOUT', 'LOGGING_FORMAT_FILE']
#-------------------------------------------------------------------------------
import sys
import re
import copy
from log_manager import LogManager, parse_log_level
#-------------------------------------------------------------------------------
# Our root logger, all loggers will be descendents of this.
IPA_ROOT_LOGGER_NAME = 'ipa'
# Format string for time.strftime() to produce a ISO 8601 date time
# formatted string in the UTC time zone.
ISO8601_UTC_DATETIME_FMT = '%Y-%m-%dT%H:%M:%SZ'
# Logging format string for use with logging stderr handlers
LOGGING_FORMAT_STDERR = 'ipa: %(levelname)s: %(message)s'
# Logging format string for use with logging stdout handlers
LOGGING_FORMAT_STDOUT = '[%(asctime)s %(name)s] <%(levelname)s>: %(message)s'
# Logging format string for use with logging file handlers
LOGGING_FORMAT_FILE = '\t'.join([
'%(asctime)s',
'%(process)d',
'%(threadName)s',
'%(name)s',
'%(levelname)s',
'%(message)s',
])
# Used by standard_logging_setup() for console message
LOGGING_FORMAT_STANDARD_CONSOLE = '%(name)-12s: %(levelname)-8s %(message)s'
# Used by standard_logging_setup() for file message
LOGGING_FORMAT_STANDARD_FILE = '%(asctime)s %(levelname)s %(message)s'
#-------------------------------------------------------------------------------
class IPALogManager(LogManager):
'''
Subclass the LogManager to enforce some IPA specfic logging
conventions.
* Default to timestamps in UTC.
* Default to ISO 8601 timestamp format.
* Default the message format.
'''
log_logger_level_config_re = re.compile(r'^log_logger_level_(debug|info|warn|warning|error|critical|\d+)$')
log_handler_level_config_re = re.compile(r'^log_handler_(\S+)_level$')
def __init__(self, configure_state=None):
'''
:parameters:
configure_state
Used by clients of the log manager to track the
configuration state, may be any object.
'''
super(IPALogManager, self).__init__(IPA_ROOT_LOGGER_NAME, configure_state)
def configure_from_env(self, env, configure_state=None):
'''
Read the loggger configuration from the Env config. The
following items may be configured:
Logger Levels
*log_logger_XXX = comma separated list of regexps*
Logger levels can be explicitly specified for specific loggers as
opposed to a global logging level. Specific loggers are indiciated
by a list of regular expressions bound to a level. If a logger's
name matches the regexp then it is assigned that level. The keys
in the Env config must begin with "log_logger_level\_" and then be
followed by a symbolic or numeric log level, for example::
log_logger_level_debug = ipalib\.dn\..*
log_logger_level_35 = ipalib\.plugins\.dogtag
The first line says any logger belonging to the ipalib.dn module
will have it's level configured to debug.
The second line say the ipa.plugins.dogtag logger will be
configured to level 35.
Note: logger names are a dot ('.') separated list forming a path
in the logger tree. The dot character is also a regular
expression metacharacter (matches any character) therefore you
will usually need to escape the dot in the logger names by
preceeding it with a backslash.
Handler Levels
*log_handler_XXX_level = level*
Handler levels may be specified with a key containing the
name of the handler (XXX) and whose value is the level. For
example::
log_handler_console_level = debug
Would set the console handler level to debug.
These are the predefined log handlers:
console
Writes to stderr.
file
Writes to the default log file.
The return value of this function is a dict with the following
format:
logger_regexps
List of (regexp, level) tuples
handlers
Dict, key is handler name, value is dict of handler config.
Handler config dict:
level
handler log level
:parameters:
env
Env object configuration values are read from.
configure_state
If other than None update the log manger's configure_state
variable to this object. Clients of the log manager can
use configure_state to track the state of the log manager.
'''
logger_regexps = []
handlers = {}
config = {'logger_regexps' : logger_regexps,
'handlers' : handlers,
}
for attr in ('debug', 'verbose'):
value = getattr(env, attr, None)
if value is not None:
config[attr] = value
for attr in list(env):
# Get logger level configuration
match = IPALogManager.log_logger_level_config_re.search(attr)
if match:
value = match.group(1)
level = parse_log_level(value)
value = getattr(env, attr)
regexps = re.split('\s*,\s*', value)
# Add the regexp, it maps to the configured level
for regexp in regexps:
print "%s %s" % (regexp, level)
logger_regexps.append((regexp, level))
continue
# Get handler configuration
match = IPALogManager.log_handler_level_config_re.search(attr)
if match:
value = getattr(env, attr)
try:
level = parse_log_level(value)
except Exception, e:
print >>sys.stderr, 'ERROR could not parse log handler level: %s=%s' % (attr, value)
continue
name = match.group(1)
print "%s %s" % (name, level)
handler_config = handlers.get(name)
if handler_config is None:
handler_config = {'name' : name}
handler_config['level'] = level
continue
self.configure(config, configure_state)
return config
def create_log_handlers(self, configs, logger=None, configure_state=None):
'Enforce some IPA specific configurations'
configs = copy.copy(configs)
for cfg in configs:
if not 'time_zone_converter' in cfg:
cfg['time_zone_converter'] = 'utc'
if not 'datefmt' in cfg:
cfg['datefmt'] = ISO8601_UTC_DATETIME_FMT
if not 'format' in cfg:
cfg['format'] = LOGGING_FORMAT_STDOUT
return super(IPALogManager, self).create_log_handlers(configs, logger, configure_state)
#-------------------------------------------------------------------------------
def standard_logging_setup(filename=None, verbose=False, debug=False, filemode='w'):
handlers = []
# File output is always logged at debug level
if filename is not None:
file_handler = dict(name='file',
filename=filename,
filemode=filemode,
permission=0600,
level='debug',
format=LOGGING_FORMAT_STANDARD_FILE)
handlers.append(file_handler)
if log_mgr.handlers.has_key('console'):
log_mgr.remove_handler('console')
level = 'error'
if verbose:
level = 'info'
if debug:
level = 'debug'
console_handler = dict(name='console',
stream=sys.stderr,
level=level,
format=LOGGING_FORMAT_STANDARD_CONSOLE)
handlers.append(console_handler)
# default_level must be debug becuase we want the file handler to
# always log at the debug level.
log_mgr.configure(dict(default_level='debug',
handlers=handlers),
configure_state='standard')
return log_mgr.root_logger
#-------------------------------------------------------------------------------
# Single shared instance of log manager
#
# By default always starts with stderr console handler at error level
# so messages generated before logging is fully configured have some
# place to got and won't get lost.
log_mgr = IPALogManager()
log_mgr.configure(dict(default_level='error',
handlers=[dict(name='console',
stream=sys.stderr)]),
configure_state='default')
root_logger = log_mgr.root_logger

18
ipapython/ipautil.py
View File

@ -26,7 +26,7 @@ IPA_BASEDN_INFO = 'ipa v2.0'
import string
import tempfile
import logging
from ipapython.ipa_log_manager import *
import subprocess
import random
import os, sys, traceback, readline
@ -264,10 +264,10 @@ def run(args, stdin=None, raiseonerr=True,
stderr = stderr.replace(nolog_value, 'XXXXXXXX')
args = args.replace(nolog_value, 'XXXXXXXX')
logging.debug('args=%s' % args)
root_logger.debug('args=%s' % args)
if capture_output:
logging.debug('stdout=%s' % stdout)
logging.debug('stderr=%s' % stderr)
root_logger.debug('stdout=%s' % stdout)
root_logger.debug('stderr=%s' % stderr)
if p.returncode != 0 and raiseonerr:
raise CalledProcessError(p.returncode, args)
@ -1172,21 +1172,21 @@ def get_ipa_basedn(conn):
contexts = entries[0][1]['namingcontexts']
for context in contexts:
logging.debug("Check if naming context '%s' is for IPA" % context)
root_logger.debug("Check if naming context '%s' is for IPA" % context)
try:
entry = conn.search_s(context, ldap.SCOPE_BASE, "(info=IPA*)")
except ldap.NO_SUCH_OBJECT:
logging.debug("LDAP server did not return info attribute to check for IPA version")
root_logger.debug("LDAP server did not return info attribute to check for IPA version")
continue
if len(entry) == 0:
logging.debug("Info attribute with IPA server version not found")
root_logger.debug("Info attribute with IPA server version not found")
continue
info = entry[0][1]['info'][0].lower()
if info != IPA_BASEDN_INFO:
logging.debug("Detected IPA server version (%s) did not match the client (%s)" \
root_logger.debug("Detected IPA server version (%s) did not match the client (%s)" \
% (info, IPA_BASEDN_INFO))
continue
logging.debug("Naming context '%s' is a valid IPA context" % context)
root_logger.debug("Naming context '%s' is a valid IPA context" % context)
return context
return None

235
ipapython/log_manager.py
View File

@ -508,42 +508,11 @@ import pwd
import logging
import re
import time
import copy
#-------------------------------------------------------------------------------
# Our root logger, all loggers will be descendents of this.
IPA_ROOT_LOGGER_NAME = 'ipa'
# Format string for time.strftime() to produce a ISO 8601 date time
# formatted string in the UTC time zone.
ISO8601_UTC_DATETIME_FMT = '%Y-%m-%dT%H:%M:%SZ'
# Default format
LOGGING_DEFAULT_FORMAT = '%(levelname)s %(message)s'
# Logging format string for use with logging stderr handlers
LOGGING_FORMAT_STDERR = 'ipa: %(levelname)s: %(message)s'
# Logging format string for use with logging stdout handlers
LOGGING_FORMAT_STDOUT = '[%(asctime)s %(name)s] <%(levelname)s>: %(message)s'
# Logging format string for use with logging file handlers
LOGGING_FORMAT_FILE = '\t'.join([
'%(asctime)s',
'%(process)d',
'%(threadName)s',
'%(name)s',
'%(levelname)s',
'%(message)s',
])
# Used by standard_logging_setup() for console message
LOGGING_FORMAT_STANDARD_CONSOLE = '%(name)-12s: %(levelname)-8s %(message)s'
# Used by standard_logging_setup() for file message
LOGGING_FORMAT_STANDARD_FILE = '%(asctime)s %(levelname)s %(message)s'
# Maps a logging level name to it's numeric value
log_level_name_map = {
'notset' : logging.NOTSET,
@ -1100,7 +1069,7 @@ class LogManager(object):
# Create a logger for my_app.foo.bar
foo_bar_log = log_mgr.get_logger('foo.bar')
log_mgr.root_logger.info("Ready to process requests")
root_logger.info("Ready to process requests")
foo_bar_log.error("something went boom")
In the file my_app.log you would see::
@ -1544,205 +1513,3 @@ class LogManager(object):
return logger
class IPALogManager(LogManager):
'''
Subclass the LogManager to enforce some IPA specfic logging
conventions.
* Default to timestamps in UTC.
* Default to ISO 8601 timestamp format.
* Default the message format.
'''
log_logger_level_config_re = re.compile(r'^log_logger_level_(debug|info|warn|warning|error|critical|\d+)$')
log_handler_level_config_re = re.compile(r'^log_handler_(\S+)_level$')
def __init__(self, configure_state=None):
'''
:parameters:
configure_state
Used by clients of the log manager to track the
configuration state, may be any object.
'''
super(IPALogManager, self).__init__(IPA_ROOT_LOGGER_NAME, configure_state)
def configure_from_env(self, env, configure_state=None):
'''
Read the loggger configuration from the Env config. The
following items may be configured:
Logger Levels
*log_logger_XXX = comma separated list of regexps*
Logger levels can be explicitly specified for specific loggers as
opposed to a global logging level. Specific loggers are indiciated
by a list of regular expressions bound to a level. If a logger's
name matches the regexp then it is assigned that level. The keys
in the Env config must begin with "log_logger_level\_" and then be
followed by a symbolic or numeric log level, for example::
log_logger_level_debug = ipalib\.dn\..*
log_logger_level_35 = ipalib\.plugins\.dogtag
The first line says any logger belonging to the ipalib.dn module
will have it's level configured to debug.
The second line say the ipa.plugins.dogtag logger will be
configured to level 35.
Note: logger names are a dot ('.') separated list forming a path
in the logger tree. The dot character is also a regular
expression metacharacter (matches any character) therefore you
will usually need to escape the dot in the logger names by
preceeding it with a backslash.
Handler Levels
*log_handler_XXX_level = level*
Handler levels may be specified with a key containing the
name of the handler (XXX) and whose value is the level. For
example::
log_handler_console_level = debug
Would set the console handler level to debug.
These are the predefined log handlers:
console
Writes to stderr.
file
Writes to the default log file.
The return value of this function is a dict with the following
format:
logger_regexps
List of (regexp, level) tuples
handlers
Dict, key is handler name, value is dict of handler config.
Handler config dict:
level
handler log level
:parameters:
env
Env object configuration values are read from.
configure_state
If other than None update the log manger's configure_state
variable to this object. Clients of the log manager can
use configure_state to track the state of the log manager.
'''
logger_regexps = []
handlers = {}
config = {'logger_regexps' : logger_regexps,
'handlers' : handlers,
}
for attr in ('debug', 'verbose'):
value = getattr(env, attr, None)
if value is not None:
config[attr] = value
for attr in list(env):
# Get logger level configuration
match = IPALogManager.log_logger_level_config_re.search(attr)
if match:
value = match.group(1)
level = parse_log_level(value)
value = getattr(env, attr)
regexps = re.split('\s*,\s*', value)
# Add the regexp, it maps to the configured level
for regexp in regexps:
print "%s %s" % (regexp, level)
logger_regexps.append((regexp, level))
continue
# Get handler configuration
match = IPALogManager.log_handler_level_config_re.search(attr)
if match:
value = getattr(env, attr)
try:
level = parse_log_level(value)
except Exception, e:
print >>sys.stderr, 'ERROR could not parse log handler level: %s=%s' % (attr, value)
continue
name = match.group(1)
print "%s %s" % (name, level)
handler_config = handlers.get(name)
if handler_config is None:
handler_config = {'name' : name}
handler_config['level'] = level
continue
self.configure(config, configure_state)
return config
def create_log_handlers(self, configs, logger=None, configure_state=None):
'Enforce some IPA specific configurations'
configs = copy.copy(configs)
for cfg in configs:
if not 'time_zone_converter' in cfg:
cfg['time_zone_converter'] = 'utc'
if not 'datefmt' in cfg:
cfg['datefmt'] = ISO8601_UTC_DATETIME_FMT
if not 'format' in cfg:
cfg['format'] = LOGGING_FORMAT_STDOUT
return super(IPALogManager, self).create_log_handlers(configs, logger, configure_state)
#-------------------------------------------------------------------------------
def standard_logging_setup(filename=None, verbose=False, debug=False, filemode='w'):
handlers = []
# File output is always logged at debug level
if filename is not None:
file_handler = dict(name='file',
filename=filename,
filemode=filemode,
permission=0600,
level='debug',
format=LOGGING_FORMAT_STANDARD_FILE)
handlers.append(file_handler)
if log_mgr.handlers.has_key('console'):
log_mgr.remove_handler('console')
level = 'error'
if verbose:
level = 'info'
if debug:
level = 'debug'
console_handler = dict(name='console',
stream=sys.stderr,
level=level,
format=LOGGING_FORMAT_STANDARD_CONSOLE)
handlers.append(console_handler)
log_mgr.configure(dict(default_level=level,
handlers=handlers),
configure_state='standard')
return log_mgr.root_logger
#-------------------------------------------------------------------------------
# Single shared instance of log manager
#
# By default always starts with stderr console handler at error level
# so messages generated before logging is fully configured have some
# place to got and won't get lost.
log_mgr = IPALogManager()
log_mgr.configure(dict(default_level='error',
handlers=[dict(name='console',
stream=sys.stderr)]),
configure_state='default')

54
ipapython/nsslib.py
View File

@ -22,7 +22,7 @@ import sys
import httplib
import getpass
import socket
import logging
from ipapython.ipa_log_manager import *
from nss.error import NSPRError
import nss.io as io
@ -35,8 +35,8 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb):
cert = sock.get_peer_certificate()
logging.debug("auth_certificate_callback: check_sig=%s is_server=%s\n%s",
check_sig, is_server, str(cert))
root_logger.debug("auth_certificate_callback: check_sig=%s is_server=%s\n%s",
check_sig, is_server, str(cert))
pin_args = sock.get_pkcs11_pin_arg()
if pin_args is None:
@ -56,13 +56,13 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb):
# and the strerror attribute will contain a string describing the reason.
approved_usage = cert.verify_now(certdb, check_sig, intended_usage, *pin_args)
except Exception, e:
logging.error('cert validation failed for "%s" (%s)', cert.subject, e.strerror)
root_logger.error('cert validation failed for "%s" (%s)', cert.subject, e.strerror)
cert_is_valid = False
return cert_is_valid
logging.debug("approved_usage = %s intended_usage = %s",
', '.join(nss.cert_usage_flags(approved_usage)),
', '.join(nss.cert_usage_flags(intended_usage)))
root_logger.debug("approved_usage = %s intended_usage = %s",
', '.join(nss.cert_usage_flags(approved_usage)),
', '.join(nss.cert_usage_flags(intended_usage)))
# Is the intended usage a proper subset of the approved usage
if approved_usage & intended_usage:
@ -72,7 +72,7 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb):
# If this is a server, we're finished
if is_server or not cert_is_valid:
logging.debug('cert valid %s for "%s"', cert_is_valid, cert.subject)
root_logger.debug('cert valid %s for "%s"', cert_is_valid, cert.subject)
return cert_is_valid
# Certificate is OK. Since this is the client side of an SSL
@ -85,12 +85,12 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb):
# If the cert fails validation it will raise an exception
cert_is_valid = cert.verify_hostname(hostname)
except Exception, e:
logging.error('failed verifying socket hostname "%s" matches cert subject "%s" (%s)',
hostname, cert.subject, e.strerror)
root_logger.error('failed verifying socket hostname "%s" matches cert subject "%s" (%s)',
hostname, cert.subject, e.strerror)
cert_is_valid = False
return cert_is_valid
logging.debug('cert valid %s for "%s"', cert_is_valid, cert.subject)
root_logger.debug('cert valid %s for "%s"', cert_is_valid, cert.subject)
return cert_is_valid
def client_auth_data_callback(ca_names, chosen_nickname, password, certdb):
@ -142,8 +142,8 @@ class NSSAddressFamilyFallback(object):
self.sock = io.Socket(family=self.family)
def _connect_socket_family(self, host, port, family):
logging.debug("connect_socket_family: host=%s port=%s family=%s",
host, port, io.addr_family_name(family))
root_logger.debug("connect_socket_family: host=%s port=%s family=%s",
host, port, io.addr_family_name(family))
try:
addr_info = [ ai for ai in io.AddrInfo(host) if ai.family == family ]
# No suitable families
@ -154,12 +154,12 @@ class NSSAddressFamilyFallback(object):
# Try connecting to the NetworkAddresses
for net_addr in addr_info:
net_addr.port = port
logging.debug("connecting: %s", net_addr)
root_logger.debug("connecting: %s", net_addr)
try:
self.sock.connect(net_addr)
except Exception, e:
logging.debug("Could not connect socket to %s, error: %s, retrying..",
net_addr, str(e))
root_logger.debug("Could not connect socket to %s, error: %s, retrying..",
net_addr, str(e))
continue
else:
return
@ -181,7 +181,7 @@ class NSSAddressFamilyFallback(object):
self._create_socket()
self._connect_socket_family(host, port, self.family)
else:
logging.debug('No next family to try..')
root_logger.debug('No next family to try..')
raise e
else:
raise e
@ -197,7 +197,7 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback):
if not dbdir:
raise RuntimeError("dbdir is required")
logging.debug('%s init %s', self.__class__.__name__, host)
root_logger.debug('%s init %s', self.__class__.__name__, host)
if nss.nss_is_initialized():
# close any open NSS database and use the new one
ssl.clear_session_cache()
@ -243,7 +243,7 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback):
"""
Verify callback. If we get here then the certificate is ok.
"""
logging.debug("handshake complete, peer = %s", sock.get_peer_name())
root_logger.debug("handshake complete, peer = %s", sock.get_peer_name())
pass
def connect(self):
@ -307,20 +307,8 @@ class NSSHTTPS(httplib.HTTP):
#------------------------------------------------------------------------------
if __name__ == "__main__":
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='nsslib.log',
filemode='a')
# Create a seperate logger for the console
console_logger = logging.StreamHandler()
console_logger.setLevel(logging.DEBUG)
# set a format which is simpler for console use
formatter = logging.Formatter('%(levelname)s %(message)s')
console_logger.setFormatter(formatter)
# add the handler to the root logger
logging.getLogger('').addHandler(console_logger)
logging.info("Start")
standard_logging_setup('nsslib.log', debug=True, filemode='a')
root_logger.info("Start")
if False:
conn = NSSConnection("www.verisign.com", 443, dbdir="/etc/pki/nssdb")

26
ipapython/sysrestore.py
View File

@ -26,7 +26,7 @@
import os
import os.path
import shutil
import logging
from ipapython.ipa_log_manager import *
import ConfigParser
import random
import string
@ -61,7 +61,7 @@ class FileStore:
be an empty dictionary if the file doesn't exist.
"""
logging.debug("Loading Index file from '%s'", self._index)
root_logger.debug("Loading Index file from '%s'", self._index)
self.files = {}
@ -78,10 +78,10 @@ class FileStore:
"""Save the file list to @_index. If @files is an empty
dict, then @_index should be removed.
"""
logging.debug("Saving Index File to '%s'", self._index)
root_logger.debug("Saving Index File to '%s'", self._index)
if len(self.files) == 0:
logging.debug(" -> no files, removing file")
root_logger.debug(" -> no files, removing file")
if os.path.exists(self._index):
os.remove(self._index)
return
@ -101,13 +101,13 @@ class FileStore:
does not already exist - which will be restored to its
original location by restore_files().
"""
logging.debug("Backing up system configuration file '%s'", path)
root_logger.debug("Backing up system configuration file '%s'", path)
if not os.path.isabs(path):
raise ValueError("Absolute path required")
if not os.path.isfile(path):
logging.debug(" -> Not backing up - '%s' doesn't exist", path)
root_logger.debug(" -> Not backing up - '%s' doesn't exist", path)
return
(reldir, backupfile) = os.path.split(path)
@ -120,7 +120,7 @@ class FileStore:
backup_path = os.path.join(self._path, filename)
if os.path.exists(backup_path):
logging.debug(" -> Not backing up - already have a copy of '%s'", path)
root_logger.debug(" -> Not backing up - already have a copy of '%s'", path)
return
shutil.copy2(path, backup_path)
@ -151,7 +151,7 @@ class FileStore:
was no backup file to restore
"""
logging.debug("Restoring system configuration file '%s'", path)
root_logger.debug("Restoring system configuration file '%s'", path)
if not os.path.isabs(path):
raise ValueError("Absolute path required")
@ -172,7 +172,7 @@ class FileStore:
backup_path = os.path.join(self._path, filename)
if not os.path.exists(backup_path):
logging.debug(" -> Not restoring - '%s' doesn't exist", backup_path)
root_logger.debug(" -> Not restoring - '%s' doesn't exist", backup_path)
return False
shutil.move(backup_path, path)
@ -203,7 +203,7 @@ class FileStore:
backup_path = os.path.join(self._path, filename)
if not os.path.exists(backup_path):
logging.debug(" -> Not restoring - '%s' doesn't exist", backup_path)
root_logger.debug(" -> Not restoring - '%s' doesn't exist", backup_path)
continue
shutil.move(backup_path, path)
@ -257,7 +257,7 @@ class StateFile:
"""Load the modules from the file @_path. @modules will
be an empty dictionary if the file doesn't exist.
"""
logging.debug("Loading StateFile from '%s'", self._path)
root_logger.debug("Loading StateFile from '%s'", self._path)
self.modules = {}
@ -277,14 +277,14 @@ class StateFile:
"""Save the modules to @_path. If @modules is an empty
dict, then @_path should be removed.
"""
logging.debug("Saving StateFile to '%s'", self._path)
root_logger.debug("Saving StateFile to '%s'", self._path)
for module in self.modules.keys():
if len(self.modules[module]) == 0:
del self.modules[module]
if len(self.modules) == 0:
logging.debug(" -> no modules, removing file")
root_logger.debug(" -> no modules, removing file")
if os.path.exists(self._path):
os.remove(self._path)
return

15
ipaserver/install/adtrustinstance.py
View File

@ -17,8 +17,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import logging
import os
import errno
import ldap
@ -30,6 +28,7 @@ from ipaserver.install.dsinstance import realm_to_serverid
from ipalib import errors
from ipapython import sysrestore
from ipapython import ipautil
from ipapython.ipa_log_manager import *
import random
import string
@ -119,7 +118,7 @@ class ADTRUSTInstance(service.Service):
try:
self.admin_conn.modify_s(self.suffix, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
logging.debug("samba user aci already exists in suffix %s on %s" % (self.suffix, self.admin_conn.host))
root_logger.debug("samba user aci already exists in suffix %s on %s" % (self.suffix, self.admin_conn.host))
def __gen_sid_string(self):
sub_ids = struct.unpack("<LLL", os.urandom(12))
@ -237,20 +236,20 @@ class ADTRUSTInstance(service.Service):
"-k", "/etc/krb5.keytab"])
except ipautil.CalledProcessError, e:
if e.returncode != 5:
logging.critical("Failed to remove old key for %s" % cifs_principal)
root_logger.critical("Failed to remove old key for %s" % cifs_principal)
try:
ipautil.run(["ipa-getkeytab", "--server", self.fqdn,
"--principal", cifs_principal,
"-k", "/etc/krb5.keytab"])
except ipautil.CalledProcessError, e:
logging.critical("Failed to add key for %s" % cifs_principal)
root_logger.critical("Failed to add key for %s" % cifs_principal)
def __start(self):
try:
self.start()
except:
logging.critical("smbd service failed to start")
root_logger.critical("smbd service failed to start")
def __stop(self):
self.backup_state("running", self.is_running())
@ -267,7 +266,7 @@ class ADTRUSTInstance(service.Service):
try:
self.ldap_enable('ADTRUST', self.fqdn, self.dm_password, self.suffix)
except ldap.ALREADY_EXISTS:
logging.critical("ADTRUST Service startup entry already exists.")
root_logger.critical("ADTRUST Service startup entry already exists.")
pass
def __setup_sub_dict(self):
@ -332,7 +331,7 @@ class ADTRUSTInstance(service.Service):
try:
self.fstore.restore_file(f)
except ValueError, error:
logging.debug(error)
root_logger.debug(error)
pass
if not enabled is None and not enabled:

10
ipaserver/install/bindinstance.py
View File

@ -20,7 +20,6 @@
import tempfile
import os
import pwd
import logging
import netaddr
import installutils
@ -34,6 +33,7 @@ from ipapython import ipautil
from ipalib.constants import DNS_ZONE_REFRESH
from ipalib.parameters import IA5Str
from ipalib.util import validate_zonemgr
from ipapython.ipa_log_manager import *
import ipalib
from ipalib import api, util, errors
@ -482,9 +482,9 @@ class BindInstance(service.Service):
def __setup_zone(self):
if self.host_domain != self.domain:
# add DNS domain for host first
logging.debug("Host domain (%s) is different from DNS domain (%s)!" \
root_logger.debug("Host domain (%s) is different from DNS domain (%s)!" \
% (self.host_domain, self.domain))
logging.debug("Add DNS zone for host first.")
root_logger.debug("Add DNS zone for host first.")
add_zone(self.host_domain, self.zonemgr, dns_backup=self.dns_backup,
ns_hostname=api.env.host, ns_ip_address=self.ip_address)
@ -557,7 +557,7 @@ class BindInstance(service.Service):
except ldap.TYPE_OR_VALUE_EXISTS:
pass
except Exception, e:
logging.critical("Could not modify principal's %s entry" % dns_principal)
root_logger.critical("Could not modify principal's %s entry" % dns_principal)
raise e
def __setup_named_conf(self):
@ -639,7 +639,7 @@ class BindInstance(service.Service):
try:
self.fstore.restore_file(f)
except ValueError, error:
logging.debug(error)
root_logger.debug(error)
pass
if not enabled is None and not enabled:

50
ipaserver/install/cainstance.py
View File

@ -19,7 +19,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import logging
import pwd
import os
import sys
@ -56,6 +55,7 @@ from ipaserver.install import dsinstance
from ipaserver.install import certs
from ipaserver.install.installutils import ReplicaConfig
from ipalib import util
from ipapython.ipa_log_manager import *
HTTPD_CONFD = "/etc/httpd/conf.d/"
DEFAULT_DSPORT=7389
@ -115,7 +115,7 @@ def get_preop_pin(instance_root, instance_name):
try:
f=open(filename)
except IOError, e:
logging.error("Cannot open configuration file." + str(e))
root_logger.error("Cannot open configuration file." + str(e))
raise e
data = f.read()
data = data.split('\n')
@ -277,10 +277,10 @@ class CADSInstance(service.Service):
user_exists = True
try:
pwd.getpwnam(PKI_DS_USER)
logging.debug("ds user %s exists" % PKI_DS_USER)
root_logger.debug("ds user %s exists" % PKI_DS_USER)
except KeyError:
user_exists = False
logging.debug("adding ds user %s" % PKI_DS_USER)
root_logger.debug("adding ds user %s" % PKI_DS_USER)
args = ["/usr/sbin/useradd", "-g", dsinstance.DS_GROUP,
"-c", "PKI DS System User",
"-d", "/var/lib/dirsrv",
@ -288,9 +288,9 @@ class CADSInstance(service.Service):
"-M", "-r", PKI_DS_USER]
try:
ipautil.run(args)
logging.debug("done adding user")
root_logger.debug("done adding user")
except ipautil.CalledProcessError, e:
logging.critical("failed to add user %s" % e)
root_logger.critical("failed to add user %s" % e)
self.backup_state("user_exists", user_exists)
@ -299,21 +299,21 @@ class CADSInstance(service.Service):
self.backup_state("serverid", self.serverid)
inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict)
logging.debug("writing inf template")
root_logger.debug("writing inf template")
inf_fd = ipautil.write_tmp_file(inf_txt)
inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt)
logging.debug(inf_txt)
root_logger.debug(inf_txt)
if ipautil.file_exists("/usr/sbin/setup-ds.pl"):
args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name]
logging.debug("calling setup-ds.pl")
root_logger.debug("calling setup-ds.pl")
else:
args = ["/usr/bin/ds_newinst.pl", inf_fd.name]
logging.debug("calling ds_newinst.pl")
root_logger.debug("calling ds_newinst.pl")
try:
ipautil.run(args)
logging.debug("completed creating ds instance")
root_logger.debug("completed creating ds instance")
except ipautil.CalledProcessError, e:
logging.critical("failed to restart ds instance %s" % e)
root_logger.critical("failed to restart ds instance %s" % e)
inf_fd.close()
def load_pkcs12(self):
@ -376,11 +376,11 @@ class CADSInstance(service.Service):
try:
ipaservices.knownservices.dirsrv.restart(self.serverid)
if not dsinstance.is_ds_running(self.serverid):
logging.critical("Failed to restart the directory server. See the installation log for details.")
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
sys.exit(1)
except Exception:
# TODO: roll back here?
logging.critical("Failed to restart the directory server. See the installation log for details.")
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
def uninstall(self):
if self.is_configured():
@ -410,7 +410,7 @@ class CADSInstance(service.Service):
try:
ipautil.run(["/usr/sbin/userdel", PKI_DS_USER])
except ipautil.CalledProcessError, e:
logging.critical("failed to delete user %s" % e)
root_logger.critical("failed to delete user %s" % e)
class CAInstance(service.Service):
"""
@ -569,19 +569,19 @@ class CAInstance(service.Service):
user_exists = True
try:
pwd.getpwnam(PKI_USER)
logging.debug("ca user %s exists" % PKI_USER)
root_logger.debug("ca user %s exists" % PKI_USER)
except KeyError:
user_exists = False
logging.debug("adding ca user %s" % PKI_USER)
root_logger.debug("adding ca user %s" % PKI_USER)
args = ["/usr/sbin/useradd", "-c", "CA System User",
"-d", "/var/lib",
"-s", "/sbin/nologin",
"-M", "-r", PKI_USER]
try:
ipautil.run(args)
logging.debug("done adding user")
root_logger.debug("done adding user")
except ipautil.CalledProcessError, e:
logging.critical("failed to add user %s" % e)
root_logger.critical("failed to add user %s" % e)
self.backup_state("user_exists", user_exists)
@ -676,7 +676,7 @@ class CAInstance(service.Service):
ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog)
except ipautil.CalledProcessError, e:
logging.critical("failed to configure ca instance %s" % e)
root_logger.critical("failed to configure ca instance %s" % e)
raise RuntimeError('Configuration of CA failed')
if self.external == 1:
@ -689,7 +689,7 @@ class CAInstance(service.Service):
if ipautil.file_exists("/root/tmp-ca.p12"):
shutil.move("/root/tmp-ca.p12", "/root/cacert.p12")
logging.debug("completed creating ca instance")
root_logger.debug("completed creating ca instance")
def __restart_instance(self):
try:
@ -697,7 +697,7 @@ class CAInstance(service.Service):
installutils.wait_for_open_ports('localhost', 9180, 300)
except Exception:
# TODO: roll back here?
logging.critical("Failed to restart the certificate server. See the installation log for details.")
root_logger.critical("Failed to restart the certificate server. See the installation log for details.")
def __disable_nonce(self):
# Turn off Nonces
@ -1060,14 +1060,14 @@ class CAInstance(service.Service):
ipautil.run(["/usr/bin/pkiremove", "-pki_instance_root=/var/lib",
"-pki_instance_name=%s" % PKI_INSTANCE_NAME, "--force"])
except ipautil.CalledProcessError, e:
logging.critical("failed to uninstall CA instance %s" % e)
root_logger.critical("failed to uninstall CA instance %s" % e)
user_exists = self.restore_state("user_exists")
if user_exists == False:
try:
ipautil.run(["/usr/sbin/userdel", PKI_USER])
except ipautil.CalledProcessError, e:
logging.critical("failed to delete user %s" % e)
root_logger.critical("failed to delete user %s" % e)
def publish_ca_cert(self, location):
args = ["-L", "-n", self.canickname, "-a"]
@ -1153,7 +1153,7 @@ def install_replica_ca(config, postinstall=False):
return (ca, cs)
if __name__ == "__main__":
installutils.standard_logging_setup("install.log", False)
standard_logging_setup("install.log")
cs = CADSInstance()
cs.create_instance("EXAMPLE.COM", "catest.example.com", "example.com", "password")
ca = CAInstance("EXAMPLE.COM", "/etc/httpd/alias")

14
ipaserver/install/certs.py
View File

@ -21,7 +21,7 @@ import os, stat, subprocess, re
import errno
import tempfile
import shutil
import logging
from ipapython.ipa_log_manager import *
import urllib
import xml.dom.minidom
import pwd
@ -503,7 +503,7 @@ class CertDB(object):
try:
(stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file)
except (ipautil.CalledProcessError, RuntimeError), e:
logging.error("certmonger failed starting to track certificate: %s" % str(e))
root_logger.error("certmonger failed starting to track certificate: %s" % str(e))
return
cmonger.stop()
@ -512,7 +512,7 @@ class CertDB(object):
subject = str(nsscert.subject)
m = re.match('New tracking request "(\d+)" added', stdout)
if not m:
logging.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout))
root_logger.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout))
raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir))
request_id = m.group(1)
@ -534,7 +534,7 @@ class CertDB(object):
try:
certmonger.stop_tracking(self.secdir, nickname=nickname)
except (ipautil.CalledProcessError, RuntimeError), e:
logging.error("certmonger failed to stop tracking certificate: %s" % str(e))
root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e))
cmonger.stop()
def create_server_cert(self, nickname, hostname, other_certdb=None, subject=None):
@ -859,17 +859,17 @@ class CertDB(object):
def trust_root_cert(self, root_nickname):
if root_nickname is None:
logging.debug("Unable to identify root certificate to trust. Continueing but things are likely to fail.")
root_logger.debug("Unable to identify root certificate to trust. Continueing but things are likely to fail.")
return
if root_nickname[:7] == "Builtin":
logging.debug("No need to add trust for built-in root CA's, skipping %s" % root_nickname)
root_logger.debug("No need to add trust for built-in root CA's, skipping %s" % root_nickname)
else:
try:
self.run_certutil(["-M", "-n", root_nickname,
"-t", "CT,CT,"])
except ipautil.CalledProcessError, e:
logging.error("Setting trust on %s failed" % root_nickname)
root_logger.error("Setting trust on %s failed" % root_nickname)
def find_server_certs(self):
p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir,

60
ipaserver/install/dsinstance.py
View File

@ -19,7 +19,7 @@
#
import shutil
import logging
from ipapython.ipa_log_manager import *
import pwd
import glob
import sys
@ -290,10 +290,10 @@ class DsInstance(service.Service):
user_exists = True
try:
pwd.getpwnam(DS_USER)
logging.debug("ds user %s exists" % DS_USER)
root_logger.debug("ds user %s exists" % DS_USER)
except KeyError:
user_exists = False
logging.debug("adding ds user %s" % DS_USER)
root_logger.debug("adding ds user %s" % DS_USER)
args = ["/usr/sbin/useradd", "-g", DS_GROUP,
"-c", "DS System User",
"-d", "/var/lib/dirsrv",
@ -301,9 +301,9 @@ class DsInstance(service.Service):
"-M", "-r", DS_USER]
try:
ipautil.run(args)
logging.debug("done adding user")
root_logger.debug("done adding user")
except ipautil.CalledProcessError, e:
logging.critical("failed to add user %s" % e)
root_logger.critical("failed to add user %s" % e)
self.backup_state("user_exists", user_exists)
@ -314,7 +314,7 @@ class DsInstance(service.Service):
self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower()
base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict)
logging.debug(base_txt)
root_logger.debug(base_txt)
target_fname = '/var/lib/dirsrv/boot.ldif'
base_fd = open(target_fname, "w")
@ -325,32 +325,32 @@ class DsInstance(service.Service):
os.chmod(target_fname, 0440)
inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict)
logging.debug("writing inf template")
root_logger.debug("writing inf template")
inf_fd = ipautil.write_tmp_file(inf_txt)
inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt)
logging.debug(inf_txt)
root_logger.debug(inf_txt)
if ipautil.file_exists("/usr/sbin/setup-ds.pl"):
args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name]
logging.debug("calling setup-ds.pl")
root_logger.debug("calling setup-ds.pl")
else:
args = ["/usr/bin/ds_newinst.pl", inf_fd.name]
logging.debug("calling ds_newinst.pl")
root_logger.debug("calling ds_newinst.pl")
try:
ipautil.run(args)
logging.debug("completed creating ds instance")
root_logger.debug("completed creating ds instance")
except ipautil.CalledProcessError, e:
logging.critical("failed to restart ds instance %s" % e)
root_logger.critical("failed to restart ds instance %s" % e)
# check for open port 389 from now on
self.open_ports.append(389)
logging.debug("restarting ds instance")
root_logger.debug("restarting ds instance")
try:
self.__restart_instance()
logging.debug("done restarting ds instance")
root_logger.debug("done restarting ds instance")
except ipautil.CalledProcessError, e:
print "failed to restart ds instance", e
logging.debug("failed to restart ds instance %s" % e)
root_logger.debug("failed to restart ds instance %s" % e)
inf_fd.close()
os.remove("/var/lib/dirsrv/boot.ldif")
@ -384,14 +384,14 @@ class DsInstance(service.Service):
try:
super(DsInstance, self).restart(instance)
if not is_ds_running(instance):
logging.critical("Failed to restart the directory server. See the installation log for details.")
root_logger.critical("Failed to restart the directory server. See the installation log for details.")
sys.exit(1)
installutils.wait_for_open_ports('localhost', self.open_ports, 300)
except SystemExit, e:
raise e
except Exception, e:
# TODO: roll back here?
logging.critical("Failed to restart the directory server (%s). See the installation log for details." % e)
root_logger.critical("Failed to restart the directory server (%s). See the installation log for details." % e)
def __restart_instance(self):
self.restart(self.serverid)
@ -410,7 +410,7 @@ class DsInstance(service.Service):
self._ldap_mod("memberof-task.ldif", self.sub_dict)
# Note, keep dn in sync with dn in install/share/memberof-task.ldif
dn = "cn=IPA install %s,cn=memberof task,cn=tasks,cn=config" % self.sub_dict["TIME"]
logging.debug("Waiting for memberof task to complete.")
root_logger.debug("Waiting for memberof task to complete.")
conn = ipaldap.IPAdmin("127.0.0.1")
if self.dm_password:
conn.simple_bind_s("cn=directory manager", self.dm_password)
@ -558,7 +558,7 @@ class DsInstance(service.Service):
self._ldap_mod("default-hbac.ldif", self.sub_dict)
def change_admin_password(self, password):
logging.debug("Changing admin password")
root_logger.debug("Changing admin password")
dirname = config_dirname(self.serverid)
dmpwdfile = ""
admpwdfile = ""
@ -580,10 +580,10 @@ class DsInstance(service.Service):
env = { 'LDAPTLS_CACERTDIR':os.path.dirname(CACERT),
'LDAPTLS_CACERT':CACERT }
ipautil.run(args, env=env)
logging.debug("ldappasswd done")
root_logger.debug("ldappasswd done")
except ipautil.CalledProcessError, e:
print "Unable to set admin password", e
logging.debug("Unable to set admin password %s" % e)
root_logger.debug("Unable to set admin password %s" % e)
finally:
if os.path.isfile(dmpwdfile):
@ -605,7 +605,7 @@ class DsInstance(service.Service):
self.fstore.restore_file("/etc/security/limits.conf")
self.fstore.restore_file("/etc/sysconfig/dirsrv")
except ValueError, error:
logging.debug(error)
root_logger.debug(error)
pass
if not enabled is None and not enabled:
@ -628,7 +628,7 @@ class DsInstance(service.Service):
try:
ipautil.run(["/usr/sbin/userdel", DS_USER])
except ipautil.CalledProcessError, e:
logging.critical("failed to delete user %s" % e)
root_logger.critical("failed to delete user %s" % e)
# Make sure some upgrade-related state is removed. This could cause
# re-installation problems.
@ -653,12 +653,12 @@ class DsInstance(service.Service):
# first make sure we have a valid cacert_fname
try:
if not os.access(cacert_fname, os.R_OK):
logging.critical("The given CA cert file named [%s] could not be read" %
cacert_fname)
root_logger.critical("The given CA cert file named [%s] could not be read" %
cacert_fname)
return False
except OSError, e:
logging.critical("The given CA cert file named [%s] could not be read: %s" %
(cacert_fname, str(e)))
root_logger.critical("The given CA cert file named [%s] could not be read: %s" %
(cacert_fname, str(e)))
return False
# ok - ca cert file can be read
# shutdown the server
@ -674,8 +674,8 @@ class DsInstance(service.Service):
try:
certdb.load_cacert(cacert_fname)
except ipautil.CalledProcessError, e:
logging.critical("Error importing CA cert file named [%s]: %s" %
(cacert_fname, str(e)))
root_logger.critical("Error importing CA cert file named [%s]: %s" %
(cacert_fname, str(e)))
status = False
# restart the directory server
self.start()
@ -729,7 +729,7 @@ class DsInstance(service.Service):
fd.close()
else:
logging.info("Custom file limits are already set! Skipping\n")
root_logger.info("Custom file limits are already set! Skipping\n")
print "Custom file limits are already set! Skipping\n"
return

4
ipaserver/install/httpinstance.py
View File

@ -20,7 +20,7 @@
import os
import os.path
import tempfile
import logging
from ipapython.ipa_log_manager import *
import pwd
import shutil
@ -279,7 +279,7 @@ class HTTPInstance(service.Service):
try:
self.fstore.restore_file(f)
except ValueError, error:
logging.debug(error)
root_logger.debug(error)
pass
# Remove the configuration files we create

37
ipaserver/install/installutils.py
View File

@ -17,7 +17,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import logging
import socket
import errno
import getpass
@ -34,6 +33,7 @@ import shutil
from ConfigParser import SafeConfigParser
from ipapython import ipautil, dnsclient, sysrestore
from ipapython.ipa_log_manager import *
# Used to determine install status
IPA_MODULES = ['httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pkids', 'install', 'krb5kdc', 'ntpd', 'named']
@ -314,27 +314,6 @@ def port_available(port):
return rv
def standard_logging_setup(log_filename, debug=False, filemode='w'):
old_umask = os.umask(077)
# Always log everything (i.e., DEBUG) to the log
# file.
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s',
filename=log_filename,
filemode=filemode)
os.umask(old_umask)
console = logging.StreamHandler()
# If the debug option is set, also log debug messages to the console
if debug:
console.setLevel(logging.DEBUG)
else:
# Otherwise, log critical and error messages
console.setLevel(logging.ERROR)
formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
console.setFormatter(formatter)
logging.getLogger('').addHandler(console)
def get_password(prompt):
if os.isatty(sys.stdin.fileno()):
return getpass.getpass(prompt)
@ -459,7 +438,7 @@ def create_keytab(path, principal):
if ipautil.file_exists(path):
os.remove(path)
except os.error:
logging.critical("Failed to remove %s." % path)
root_logger.critical("Failed to remove %s." % path)
kadmin("ktadd -k " + path + " " + principal)
@ -596,7 +575,7 @@ def remove_file(filename):
if os.path.exists(filename):
os.unlink(filename)
except Exception, e:
logging.error('Error removing %s: %s' % (filename, str(e)))
root_logger.error('Error removing %s: %s' % (filename, str(e)))
def rmtree(path):
"""
@ -606,7 +585,7 @@ def rmtree(path):
if os.path.exists(path):
shutil.rmtree(path)
except Exception, e:
logging.error('Error removing %s: %s' % (path, str(e)))
root_logger.error('Error removing %s: %s' % (path, str(e)))
def is_ipa_configured():
"""
@ -620,15 +599,15 @@ def is_ipa_configured():
for module in IPA_MODULES:
if sstore.has_state(module):
logging.debug('%s is configured' % module)
root_logger.debug('%s is configured' % module)
installed = True
else:
logging.debug('%s is not configured' % module)
root_logger.debug('%s is not configured' % module)
if fstore.has_files():
logging.debug('filestore has files')
root_logger.debug('filestore has files')
installed = True
else:
logging.debug('filestore is tracking no files')
root_logger.debug('filestore is tracking no files')
return installed

18
ipaserver/install/krbinstance.py
View File

@ -18,7 +18,6 @@
#
import shutil
import logging
import fileinput
import re
import sys
@ -33,6 +32,7 @@ from ipapython import ipautil
from ipapython import services as ipaservices
from ipalib import util
from ipalib import errors
from ipapython.ipa_log_manager import *
from ipaserver import ipaldap
from ipaserver.install import replication
@ -221,7 +221,7 @@ class KrbInstance(service.Service):
try:
self.start()
except:
logging.critical("krb5kdc service failed to start")
root_logger.critical("krb5kdc service failed to start")
def __setup_sub_dict(self):
self.sub_dict = dict(FQDN=self.fqdn,
@ -245,10 +245,10 @@ class KrbInstance(service.Service):
try:
self.admin_conn.delete_s(r.dn)
except LDAPError, e:
logging.critical("Error during SASL mapping removal: %s" % str(e))
root_logger.critical("Error during SASL mapping removal: %s" % str(e))
raise e
except LDAPError, e:
logging.critical("Error while enumerating SASL mappings %s" % str(e))
root_logger.critical("Error while enumerating SASL mappings %s" % str(e))
raise e
entry = ipaldap.Entry("cn=Full Principal,cn=mapping,cn=sasl,cn=config")
@ -261,7 +261,7 @@ class KrbInstance(service.Service):
try:
self.admin_conn.add_s(entry)
except ldap.ALREADY_EXISTS:
logging.critical("failed to add Full Principal Sasl mapping")
root_logger.critical("failed to add Full Principal Sasl mapping")
raise e
entry = ipaldap.Entry("cn=Name Only,cn=mapping,cn=sasl,cn=config")
@ -274,7 +274,7 @@ class KrbInstance(service.Service):
try:
self.admin_conn.add_s(entry)
except ldap.ALREADY_EXISTS:
logging.critical("failed to add Name Only Sasl mapping")
root_logger.critical("failed to add Name Only Sasl mapping")
raise e
def __add_krb_container(self):
@ -342,7 +342,7 @@ class KrbInstance(service.Service):
entry = self.admin_conn.getEntry(self.get_realm_suffix(),
ldap.SCOPE_SUBTREE)
except errors.NotFound, e:
logging.critical("Could not find master key in DS")
root_logger.critical("Could not find master key in DS")
raise e
krbMKey = pyasn1.codec.ber.decoder.decode(entry.krbmkey)
@ -356,7 +356,7 @@ class KrbInstance(service.Service):
fd.write(s)
fd.close()
except os.error, e:
logging.critical("failed to write stash file")
root_logger.critical("failed to write stash file")
raise e
#add the password extop module
@ -445,7 +445,7 @@ class KrbInstance(service.Service):
try:
self.fstore.restore_file(f)
except ValueError, error:
logging.debug(error)
root_logger.debug(error)
pass
if not enabled is None and not enabled:

84
ipaserver/install/ldapupdate.py
View File

@ -33,7 +33,7 @@ from ipalib import util
from ipalib import errors
import ldap
from ldap.dn import escape_dn_chars
import logging
from ipapython.ipa_log_manager import *
import krbV
import platform
import time
@ -258,7 +258,7 @@ class LDAPUpdate:
else:
e['updates'] = update['updates']
else:
logging.debug("Unknown key in updates %s" % update.keys())
root_logger.debug("Unknown key in updates %s" % update.keys())
all_updates[dn] = e
@ -353,8 +353,8 @@ class LDAPUpdate:
e.setValue('nsInstance', 'userRoot')
e.setValues('nsIndexAttribute', attribute)
logging.info("Creating task to index attribute: %s", attribute)
logging.debug("Task id: %s", dn)
root_logger.info("Creating task to index attribute: %s", attribute)
root_logger.debug("Task id: %s", dn)
if self.live_run:
self.conn.addEntry(e.dn, e.toTupleList())
@ -379,10 +379,10 @@ class LDAPUpdate:
try:
entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
except errors.NotFound, e:
logging.error("Task not found: %s", dn)
root_logger.error("Task not found: %s", dn)
return
except errors.DatabaseError, e:
logging.error("Task lookup failure %s", e)
root_logger.error("Task lookup failure %s", e)
return
status = entry.getValue('nstaskstatus')
@ -392,10 +392,10 @@ class LDAPUpdate:
continue
if status.lower().find("finished") > -1:
logging.info("Indexing finished")
root_logger.info("Indexing finished")
break
logging.debug("Indexing in progress")
root_logger.debug("Indexing in progress")
time.sleep(1)
return
@ -507,49 +507,49 @@ class LDAPUpdate:
e = [e]
for v in values:
if utype == 'remove':
logging.debug("remove: '%s' from %s, current value %s", v, k, e)
root_logger.debug("remove: '%s' from %s, current value %s", v, k, e)
try:
e.remove(v)
except ValueError:
logging.warn("remove: '%s' not in %s", v, k)
root_logger.warning("remove: '%s' not in %s", v, k)
pass
entry.setValues(k, e)
logging.debug('remove: updated value %s', e)
root_logger.debug('remove: updated value %s', e)
elif utype == 'add':
logging.debug("add: '%s' to %s, current value %s", v, k, e)
root_logger.debug("add: '%s' to %s, current value %s", v, k, e)
# Remove it, ignoring errors so we can blindly add it later
try:
e.remove(v)
except ValueError:
pass
e.append(v)
logging.debug('add: updated value %s', e)
root_logger.debug('add: updated value %s', e)
entry.setValues(k, e)
elif utype == 'addifnew':
logging.debug("addifnew: '%s' to %s, current value %s", v, k, e)
root_logger.debug("addifnew: '%s' to %s, current value %s", v, k, e)
# Only add the attribute if it doesn't exist. Only works
# with single-value attributes.
if len(e) == 0:
e.append(v)
logging.debug('addifnew: set %s to %s', k, e)
root_logger.debug('addifnew: set %s to %s', k, e)
entry.setValues(k, e)
elif utype == 'addifexist':
logging.debug("addifexist: '%s' to %s, current value %s", v, k, e)
root_logger.debug("addifexist: '%s' to %s, current value %s", v, k, e)
# Only add the attribute if the entry doesn't exist. We
# determine this based on whether it has an objectclass
if entry.getValues('objectclass'):
e.append(v)
logging.debug('addifexist: set %s to %s', k, e)
root_logger.debug('addifexist: set %s to %s', k, e)
entry.setValues(k, e)
elif utype == 'only':
logging.debug("only: set %s to '%s', current value %s", k, v, e)
root_logger.debug("only: set %s to '%s', current value %s", k, v, e)
if only.get(k):
e.append(v)
else:
e = [v]
only[k] = True
entry.setValues(k, e)
logging.debug('only: updated value %s', e)
root_logger.debug('only: updated value %s', e)
elif utype == 'deleteentry':
# skip this update type, it occurs in __delete_entries()
return None
@ -562,10 +562,10 @@ class LDAPUpdate:
try:
e.remove(old)
e.append(new)
logging.debug('replace: updated value %s', e)
root_logger.debug('replace: updated value %s', e)
entry.setValues(k, e)
except ValueError:
logging.debug('replace: %s not found, skipping', old)
root_logger.debug('replace: %s not found, skipping', old)
self.print_entity(entry)
@ -573,19 +573,19 @@ class LDAPUpdate:
def print_entity(self, e, message=None):
"""The entity object currently lacks a str() method"""
logging.debug("---------------------------------------------")
root_logger.debug("---------------------------------------------")
if message:
logging.debug("%s", message)
logging.debug("dn: " + e.dn)
root_logger.debug("%s", message)
root_logger.debug("dn: " + e.dn)
attr = e.attrList()
for a in attr:
value = e.getValues(a)
if isinstance(value,str):
logging.debug(a + ": " + value)
root_logger.debug(a + ": " + value)
else:
logging.debug(a + ": ")
root_logger.debug(a + ": ")
for l in value:
logging.debug("\t" + l)
root_logger.debug("\t" + l)
def is_schema_updated(self, s):
"""Compare the schema in 's' with the current schema in the DS to
@ -626,15 +626,15 @@ class LDAPUpdate:
raise BadSyntax, "More than 1 entry returned on a dn search!? %s" % new_entry.dn
entry = self.__entry_to_entity(e[0])
found = True
logging.info("Updating existing entry: %s", entry.dn)
root_logger.info("Updating existing entry: %s", entry.dn)
except errors.NotFound:
# Doesn't exist, start with the default entry
entry = new_entry
logging.info("New entry: %s", entry.dn)
root_logger.info("New entry: %s", entry.dn)
except errors.DatabaseError:
# Doesn't exist, start with the default entry
entry = new_entry
logging.info("New entry, using default value: %s", entry.dn)
root_logger.info("New entry, using default value: %s", entry.dn)
self.print_entity(entry)
@ -660,7 +660,7 @@ class LDAPUpdate:
self.conn.addEntry(entry.dn, entry.toTupleList())
self.modified = True
except Exception, e:
logging.error("Add failure %s", e)
root_logger.error("Add failure %s", e)
else:
# Update LDAP
try:
@ -671,19 +671,19 @@ class LDAPUpdate:
else:
if len(changes) >= 1:
updated = True
logging.debug("%s" % changes)
logging.debug("Live %d, updated %d" % (self.live_run, updated))
root_logger.debug("%s" % changes)
root_logger.debug("Live %d, updated %d" % (self.live_run, updated))
if self.live_run and updated:
self.conn.updateEntry(entry.dn, entry.origDataDict(), entry.toDict())
logging.info("Done")
root_logger.info("Done")
except errors.EmptyModlist:
logging.info("Entry already up-to-date")
root_logger.info("Entry already up-to-date")
updated = False
except errors.DatabaseError, e:
logging.error("Update failed: %s", e)
root_logger.error("Update failed: %s", e)
updated = False
except errors.ACIError, e:
logging.error("Update failed: %s", e)
root_logger.error("Update failed: %s", e)
updated = False
if ("cn=index" in entry.dn and
@ -712,10 +712,10 @@ class LDAPUpdate:
self.conn.deleteEntry(dn)
self.modified = True
except errors.NotFound, e:
logging.info("Deleting non-existent entry %s", e)
root_logger.info("Deleting non-existent entry %s", e)
self.modified = True
except errors.DatabaseError, e:
logging.error("Delete failed: %s", e)
root_logger.error("Delete failed: %s", e)
updates = updates.get('updates', [])
for u in updates:
@ -728,10 +728,10 @@ class LDAPUpdate:
self.conn.deleteEntry(dn)
self.modified = True
except errors.NotFound, e:
logging.info("Deleting non-existent entry %s", e)
root_logger.info("Deleting non-existent entry %s", e)
self.modified = True
except errors.DatabaseError, e:
logging.error("Delete failed: %s", e)
root_logger.error("Delete failed: %s", e)
return
@ -784,7 +784,7 @@ class LDAPUpdate:
dn_list = {}
for f in files:
try:
logging.info("Parsing file %s" % f)
root_logger.info("Parsing file %s" % f)
data = self.read_file(f)
except Exception, e:
print e

5
ipaserver/install/ntpinstance.py
View File

@ -18,12 +18,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import logging
import service
from ipapython import sysrestore
from ipapython import ipautil
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
class NTPInstance(service.Service):
def __init__(self, fstore=None):
@ -171,7 +170,7 @@ class NTPInstance(service.Service):
try:
self.fstore.restore_file("/etc/ntp.conf")
except ValueError, error:
logging.debug(error)
root_logger.debug(error)
pass
if not enabled is None and not enabled:

47
ipaserver/install/replication.py
View File

@ -17,7 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import time, logging
import time
from ipapython.ipa_log_manager import *
import os
import sys
@ -152,10 +153,10 @@ class ReplicationManager(object):
try:
replica = master_conn.search_s(dn, ldap.SCOPE_BASE, "objectclass=*")[0]
if not replica.getValue('nsDS5ReplicaId'):
logging.debug("Unable to retrieve nsDS5ReplicaId from remote server")
root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server")
raise RuntimeError("Unable to retrieve nsDS5ReplicaId from remote server")
except ldap.NO_SUCH_OBJECT:
logging.debug("Unable to retrieve nsDS5ReplicaId from remote server")
root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server")
raise
# Now update the value on the master
@ -165,7 +166,7 @@ class ReplicationManager(object):
try:
master_conn.modify_s(dn, mod)
except Exception, e:
logging.debug("Problem updating nsDS5ReplicaID %s" % e)
root_logger.debug("Problem updating nsDS5ReplicaID %s" % e)
raise
return retval
@ -327,14 +328,14 @@ class ReplicationManager(object):
conn.modify_s(self.suffix, [(ldap.MOD_ADD, 'aci',
[ "(targetattr = \"*\")(version 3.0; acl \"Proxied authorization for database links\"; allow (proxy) userdn = \"ldap:///%s\";)" % self.repl_man_dn ])])
except ldap.TYPE_OR_VALUE_EXISTS:
logging.debug("proxy aci already exists in suffix %s on %s" % (self.suffix, conn.host))
root_logger.debug("proxy aci already exists in suffix %s on %s" % (self.suffix, conn.host))
def get_mapping_tree_entry(self):
try:
entry = self.conn.getEntry("cn=mapping tree,cn=config", ldap.SCOPE_ONELEVEL,
"(cn=\"%s\")" % (self.suffix))
except errors.NotFound, e:
logging.debug("failed to find mappting tree entry for %s" % self.suffix)
root_logger.debug("failed to find mappting tree entry for %s" % self.suffix)
raise e
return entry
@ -356,7 +357,7 @@ class ReplicationManager(object):
try:
self.conn.modify_s(dn, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
logging.debug("chainOnUpdate already enabled for %s" % self.suffix)
root_logger.debug("chainOnUpdate already enabled for %s" % self.suffix)
def setup_chain_on_update(self, other_conn):
chainbe = self.setup_chaining_backend(other_conn)
@ -397,7 +398,7 @@ class ReplicationManager(object):
try:
conn.modify_s(self.suffix, mod)
except ldap.TYPE_OR_VALUE_EXISTS:
logging.debug("passsync aci already exists in suffix %s on %s" % (self.suffix, conn.host))
root_logger.debug("passsync aci already exists in suffix %s on %s" % (self.suffix, conn.host))
def setup_winsync_agmt(self, entry, win_subtree=None):
if win_subtree is None:
@ -508,9 +509,9 @@ class ReplicationManager(object):
b_pn = a.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_b)
if a_pn is None:
logging.critical('Unable to find entry for %s on %s' % (filter_a, str(b)))
root_logger.critical('Unable to find entry for %s on %s' % (filter_a, str(b)))
if b_pn is None:
logging.critical('Unable to find entry for %s on %s' % (filter_b, str(a)))
root_logger.critical('Unable to find entry for %s on %s' % (filter_b, str(a)))
if a_pn is None or b_pn is None:
raise RuntimeError('Replication agreement cannot be converted')
@ -567,7 +568,7 @@ class ReplicationManager(object):
try:
self.conn.modify_s(dn, mod)
except Exception, e:
logging.debug("Failed to remove referral value: %s" % str(e))
root_logger.debug("Failed to remove referral value: %s" % str(e))
def check_repl_init(self, conn, agmtdn):
done = False
@ -623,7 +624,7 @@ class ReplicationManager(object):
end = entry.nsds5ReplicaLastUpdateEnd
# incremental update is done if inprogress is false and end >= start
done = inprogress and inprogress.lower() == 'false' and start and end and (start <= end)
logging.info("Replication Update in progress: %s: status: %s: start: %s: end: %s" %
root_logger.info("Replication Update in progress: %s: status: %s: start: %s: end: %s" %
(inprogress, status, start, end))
if not done and status: # check for errors
# status will usually be a number followed by a string
@ -729,14 +730,14 @@ class ReplicationManager(object):
for dn,entry in res:
if dn == "":
self.ad_suffix = entry['defaultNamingContext'][0]
logging.info("AD Suffix is: %s" % self.ad_suffix)
root_logger.info("AD Suffix is: %s" % self.ad_suffix)
if self.ad_suffix == "":
raise RuntimeError("Failed to lookup AD's Ldap suffix")
ad_conn.unbind_s()
del ad_conn
except Exception, e:
logging.info("Failed to connect to AD server %s" % ad_dc_name)
logging.info("The error was: %s" % e)
root_logger.info("Failed to connect to AD server %s" % ad_dc_name)
root_logger.info("The error was: %s" % e)
raise RuntimeError("Failed to setup winsync replication")
# Setup the only half.
@ -751,10 +752,10 @@ class ReplicationManager(object):
self.setup_agreement(self.conn, ad_dc_name,
repl_man_dn=ad_binddn, repl_man_passwd=ad_pwd,
iswinsync=True, win_subtree=ad_subtree)
logging.info("Added new sync agreement, waiting for it to become ready . . .")
root_logger.info("Added new sync agreement, waiting for it to become ready . . .")
cn, dn = self.agreement_dn(ad_dc_name)
self.wait_for_repl_update(self.conn, dn, 30)
logging.info("Agreement is ready, starting replication . . .")
root_logger.info("Agreement is ready, starting replication . . .")
# Add winsync replica to the public DIT
dn = str(DN(('cn',ad_dc_name),('cn','replicas'),('cn','ipa'),('cn','etc'), self.suffix))
@ -766,7 +767,7 @@ class ReplicationManager(object):
try:
self.conn.add_s(entry)
except Exception, e:
logging.info("Failed to create public entry for winsync replica")
root_logger.info("Failed to create public entry for winsync replica")
#Finally start replication
ret = self.start_replication(self.conn, ad_dc_name)
@ -833,12 +834,12 @@ class ReplicationManager(object):
'(objectclass=nsds5ReplicationAgreement)))' % hostname
entry = conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter)
if len(entry) == 0:
logging.error("Unable to find replication agreement for %s" %
root_logger.error("Unable to find replication agreement for %s" %
(hostname))
raise RuntimeError("Unable to proceed")
if len(entry) > 1:
logging.error("Found multiple agreements for %s" % hostname)
logging.error("Using the first one only (%s)" % entry[0].dn)
root_logger.error("Found multiple agreements for %s" % hostname)
root_logger.error("Using the first one only (%s)" % entry[0].dn)
dn = entry[0].dn
schedule = entry[0].nsds5replicaupdateschedule
@ -850,12 +851,12 @@ class ReplicationManager(object):
# it back.
if newschedule == schedule:
newschedule = '2358-2359 1'
logging.info("Changing agreement %s schedule to %s to force synch" %
root_logger.info("Changing agreement %s schedule to %s to force synch" %
(dn, newschedule))
mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ newschedule ])]
conn.modify_s(dn, mod)
time.sleep(1)
logging.info("Changing agreement %s to restore original schedule %s" %
root_logger.info("Changing agreement %s to restore original schedule %s" %
(dn, schedule))
mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ schedule ])]
conn.modify_s(dn, mod)

15
ipaserver/install/service.py
View File

@ -17,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import logging, sys
import sys
import os, socket
import tempfile
from ipapython import sysrestore
@ -30,6 +30,7 @@ import base64
import time
import datetime
from ipaserver.install import installutils
from ipapython.ipa_log_manager import *
CACERT = "/etc/ipa/ca.crt"
@ -43,7 +44,7 @@ SERVICE_LIST = {
}
def print_msg(message, output_fd=sys.stdout):
logging.debug(message)
root_logger.debug(message)
output_fd.write(message)
output_fd.write("\n")
@ -110,7 +111,7 @@ class Service(object):
try:
ipautil.run(args, nolog=nologlist)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load %s: %s" % (ldif, str(e)))
root_logger.critical("Failed to load %s: %s" % (ldif, str(e)))
finally:
if pw_name:
os.remove(pw_name)
@ -177,7 +178,7 @@ class Service(object):
try:
self.admin_conn.modify_s(dn, mod)
except Exception, e:
logging.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e)))
root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e)))
def is_configured(self):
return self.sstore.has_state(self.service_name)
@ -249,7 +250,7 @@ class Service(object):
method()
e = datetime.datetime.now()
d = e - s
logging.debug(" duration: %d seconds" % d.seconds)
root_logger.debug(" duration: %d seconds" % d.seconds)
step += 1
self.print_msg("done configuring %s." % self.service_name)
@ -267,7 +268,7 @@ class Service(object):
else:
conn.do_sasl_gssapi_bind()
except Exception, e:
logging.debug("Could not connect to the Directory Server on %s: %s" % (fqdn, str(e)))
root_logger.debug("Could not connect to the Directory Server on %s: %s" % (fqdn, str(e)))
raise e
return conn
@ -290,7 +291,7 @@ class Service(object):
try:
conn.add_s(entry)
except ldap.ALREADY_EXISTS, e:
logging.critical("failed to add %s Service startup entry" % name)
root_logger.critical("failed to add %s Service startup entry" % name)
raise e
class SimpleServiceInstance(Service):

4
ipaserver/install/upgradeinstance.py
View File

@ -21,7 +21,7 @@ import os
import sys
import shutil
import random
import logging
from ipapython.ipa_log_manager import *
from ipaserver.install import installutils
from ipaserver.install import dsinstance
@ -111,7 +111,7 @@ class IPAUpgrade(service.Service):
# Bad things happened, return gracefully
self.modified = False
self.upgradefailed = True
logging.error('Upgrade failed with %s' % str(e))
root_logger.error('Upgrade failed with %s' % str(e))
def main():
if os.getegid() != 0:

5
ipaserver/plugins/ldap2.py
View File

@ -36,7 +36,7 @@ import time
import re
import krbV
import logging
from ipapython.ipa_log_manager import *
import ldap as _ldap
import ldap.filter as _ldap_filter
import ldap.sasl as _ldap_sasl
@ -1098,8 +1098,7 @@ class ldap2(CrudBackend, Encoder):
try:
indirect.remove(r[0].lower())
except ValueError, e:
logging.info('Failed to remove'
' indirect entry %s from %s' % r[0], entry_dn)
root_logger.info('Failed to remove indirect entry %s from %s' % r[0], entry_dn)
raise e
return (direct, indirect)