mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
opendnssec2.1 support: move all ods tasks to specific file
Move all the routines run_ods* from tasks to _ods14 or _ods21 module Related: https://pagure.io/freeipa/issue/8214 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
b6865831c9
commit
682b59c8e8
@ -24,12 +24,10 @@ This module contains default platform-specific implementations of system tasks.
|
||||
|
||||
from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
import logging
|
||||
|
||||
from pkg_resources import parse_version
|
||||
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython import ipautil
|
||||
from ipapython.ipachangeconf import IPAChangeConf
|
||||
@ -287,69 +285,6 @@ class BaseTaskNamespace:
|
||||
if fstore is not None and fstore.has_file(paths.RESOLV_CONF):
|
||||
fstore.restore_file(paths.RESOLV_CONF)
|
||||
|
||||
def run_ods_setup(self):
|
||||
"""Initialize a new kasp.db
|
||||
"""
|
||||
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
|
||||
# OpenDNSSEC 1.4
|
||||
cmd = [paths.ODS_KSMUTIL, 'setup']
|
||||
else:
|
||||
# OpenDNSSEC 2.x
|
||||
cmd = [paths.ODS_ENFORCER_DB_SETUP]
|
||||
return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
|
||||
|
||||
def run_ods_notify(self, **kwargs):
|
||||
"""Notify ods-enforcerd to reload its conf."""
|
||||
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
|
||||
# OpenDNSSEC 1.4
|
||||
cmd = [paths.ODS_KSMUTIL, 'notify']
|
||||
else:
|
||||
# OpenDNSSEC 2.x
|
||||
cmd = [paths.ODS_ENFORCER, 'flush']
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
|
||||
return ipautil.run(cmd, **kwargs)
|
||||
|
||||
def run_ods_policy_import(self, **kwargs):
|
||||
"""Run OpenDNSSEC manager command to import policy."""
|
||||
# This step is needed with OpenDNSSEC 2.1 only
|
||||
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
|
||||
# OpenDNSSEC 1.4
|
||||
return
|
||||
|
||||
# OpenDNSSEC 2.x
|
||||
cmd = [paths.ODS_ENFORCER, 'policy', 'import']
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
ipautil.run(cmd, **kwargs)
|
||||
|
||||
def run_ods_manager(self, params, **kwargs):
|
||||
"""Run OpenDNSSEC manager command (ksmutil, enforcer)
|
||||
|
||||
:param params: parameter for ODS command
|
||||
:param kwargs: additional arguments for ipautil.run()
|
||||
:return: result from ipautil.run()
|
||||
"""
|
||||
assert params[0] != 'setup'
|
||||
|
||||
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
|
||||
# OpenDNSSEC 1.4
|
||||
cmd = [paths.ODS_KSMUTIL]
|
||||
else:
|
||||
# OpenDNSSEC 2.x
|
||||
cmd = [paths.ODS_ENFORCER]
|
||||
cmd.extend(params)
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
|
||||
return ipautil.run(cmd, **kwargs)
|
||||
|
||||
def configure_pkcs11_modules(self, fstore):
|
||||
"""Disable p11-kit modules
|
||||
|
@ -2,11 +2,15 @@
|
||||
# Copyright (C) 2020 FreeIPA Contributors see COPYING for license
|
||||
#
|
||||
|
||||
import os
|
||||
import socket
|
||||
|
||||
from ipapython import ipautil
|
||||
from ipaserver.dnssec._odsbase import AbstractODSDBConnection
|
||||
from ipaserver.dnssec._odsbase import AbstractODSSignerConn
|
||||
from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
|
||||
|
||||
class ODSDBConnection(AbstractODSDBConnection):
|
||||
@ -43,3 +47,43 @@ class ODSSignerConn(AbstractODSSignerConn):
|
||||
self._conn.send(reply + b'\n')
|
||||
self._conn.shutdown(socket.SHUT_RDWR)
|
||||
self._conn.close()
|
||||
|
||||
|
||||
class ODSTask():
|
||||
def run_ods_setup(self):
|
||||
"""Initialize a new kasp.db"""
|
||||
cmd = [paths.ODS_KSMUTIL, 'setup']
|
||||
return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
|
||||
|
||||
def run_ods_notify(self, **kwargs):
|
||||
"""Notify ods-enforcerd to reload its conf."""
|
||||
cmd = [paths.ODS_KSMUTIL, 'notify']
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
|
||||
return ipautil.run(cmd, **kwargs)
|
||||
|
||||
def run_ods_policy_import(self, **kwargs):
|
||||
"""Run OpenDNSSEC manager command to import policy."""
|
||||
# This step is needed with OpenDNSSEC 2.1 only
|
||||
return
|
||||
|
||||
def run_ods_manager(self, params, **kwargs):
|
||||
"""Run OpenDNSSEC manager command (ksmutil, enforcer)
|
||||
|
||||
:param params: parameter for ODS command
|
||||
:param kwargs: additional arguments for ipautil.run()
|
||||
:return: result from ipautil.run()
|
||||
"""
|
||||
assert params[0] != 'setup'
|
||||
|
||||
cmd = [paths.ODS_KSMUTIL]
|
||||
cmd.extend(params)
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
|
||||
return ipautil.run(cmd, **kwargs)
|
||||
|
@ -3,10 +3,14 @@
|
||||
#
|
||||
|
||||
from datetime import datetime
|
||||
import os
|
||||
|
||||
from ipaserver.dnssec._odsbase import AbstractODSDBConnection
|
||||
from ipaserver.dnssec._odsbase import AbstractODSSignerConn
|
||||
from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython import ipautil
|
||||
|
||||
CLIENT_OPC_STDOUT = 0
|
||||
CLIENT_OPC_EXIT = 4
|
||||
@ -65,3 +69,47 @@ class ODSSignerConn(AbstractODSSignerConn):
|
||||
prefix = bytearray([CLIENT_OPC_EXIT, 0, 1, 0])
|
||||
self._conn.sendall(prefix)
|
||||
self._conn.close()
|
||||
|
||||
|
||||
class ODSTask():
|
||||
def run_ods_setup(self):
|
||||
"""Initialize a new kasp.db"""
|
||||
cmd = [paths.ODS_ENFORCER_DB_SETUP]
|
||||
return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
|
||||
|
||||
def run_ods_notify(self, **kwargs):
|
||||
"""Notify ods-enforcerd to reload its conf."""
|
||||
cmd = [paths.ODS_ENFORCER, 'flush']
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
|
||||
return ipautil.run(cmd, **kwargs)
|
||||
|
||||
def run_ods_policy_import(self, **kwargs):
|
||||
"""Run OpenDNSSEC manager command to import policy."""
|
||||
cmd = [paths.ODS_ENFORCER, 'policy', 'import']
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
ipautil.run(cmd, **kwargs)
|
||||
|
||||
def run_ods_manager(self, params, **kwargs):
|
||||
"""Run OpenDNSSEC manager command (ksmutil, enforcer)
|
||||
|
||||
:param params: parameter for ODS command
|
||||
:param kwargs: additional arguments for ipautil.run()
|
||||
:return: result from ipautil.run()
|
||||
"""
|
||||
assert params[0] != 'setup'
|
||||
|
||||
cmd = [paths.ODS_ENFORCER]
|
||||
cmd.extend(params)
|
||||
|
||||
# run commands as ODS user
|
||||
if os.geteuid() == 0:
|
||||
kwargs['runas'] = constants.ODS_USER
|
||||
|
||||
return ipautil.run(cmd, **kwargs)
|
||||
|
@ -12,7 +12,7 @@ except ImportError:
|
||||
from xml.etree import ElementTree as etree
|
||||
|
||||
from ipapython import ipa_log_manager, ipautil
|
||||
from ipaplatform.tasks import tasks
|
||||
from ipaserver.dnssec.opendnssec import tasks
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -7,6 +7,8 @@ from ipaplatform.paths import paths
|
||||
|
||||
# pylint: disable=unused-import
|
||||
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
|
||||
from ._ods14 import ODSDBConnection, ODSSignerConn
|
||||
from ._ods14 import ODSDBConnection, ODSSignerConn, ODSTask
|
||||
else:
|
||||
from ._ods21 import ODSDBConnection, ODSSignerConn
|
||||
from ._ods21 import ODSDBConnection, ODSSignerConn, ODSTask
|
||||
|
||||
tasks = ODSTask()
|
||||
|
@ -13,6 +13,7 @@ import shutil
|
||||
from subprocess import CalledProcessError
|
||||
|
||||
from ipalib.install import sysrestore
|
||||
from ipaserver.dnssec.opendnssec import tasks
|
||||
from ipaserver.install import service
|
||||
from ipaserver.masters import ENABLED_SERVICE
|
||||
from ipapython.dn import DN
|
||||
@ -21,7 +22,6 @@ from ipapython import ipautil
|
||||
from ipaplatform import services
|
||||
from ipaplatform.constants import constants
|
||||
from ipaplatform.paths import paths
|
||||
from ipaplatform.tasks import tasks
|
||||
from ipalib import errors, api
|
||||
from ipaserver import p11helper
|
||||
from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL
|
||||
|
Loading…
Reference in New Issue
Block a user