opendnssec2.1 support: move all ods tasks to specific file

Move all the routines run_ods* from tasks to _ods14 or _ods21 module

Related: https://pagure.io/freeipa/issue/8214
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2020-03-12 16:23:03 +01:00
parent b6865831c9
commit 682b59c8e8
6 changed files with 98 additions and 69 deletions

View File

@ -24,12 +24,10 @@ This module contains default platform-specific implementations of system tasks.
from __future__ import absolute_import
import os
import logging
from pkg_resources import parse_version
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython import ipautil
from ipapython.ipachangeconf import IPAChangeConf
@ -287,69 +285,6 @@ class BaseTaskNamespace:
if fstore is not None and fstore.has_file(paths.RESOLV_CONF):
fstore.restore_file(paths.RESOLV_CONF)
def run_ods_setup(self):
"""Initialize a new kasp.db
"""
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
# OpenDNSSEC 1.4
cmd = [paths.ODS_KSMUTIL, 'setup']
else:
# OpenDNSSEC 2.x
cmd = [paths.ODS_ENFORCER_DB_SETUP]
return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
def run_ods_notify(self, **kwargs):
"""Notify ods-enforcerd to reload its conf."""
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
# OpenDNSSEC 1.4
cmd = [paths.ODS_KSMUTIL, 'notify']
else:
# OpenDNSSEC 2.x
cmd = [paths.ODS_ENFORCER, 'flush']
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
return ipautil.run(cmd, **kwargs)
def run_ods_policy_import(self, **kwargs):
"""Run OpenDNSSEC manager command to import policy."""
# This step is needed with OpenDNSSEC 2.1 only
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
# OpenDNSSEC 1.4
return
# OpenDNSSEC 2.x
cmd = [paths.ODS_ENFORCER, 'policy', 'import']
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
ipautil.run(cmd, **kwargs)
def run_ods_manager(self, params, **kwargs):
"""Run OpenDNSSEC manager command (ksmutil, enforcer)
:param params: parameter for ODS command
:param kwargs: additional arguments for ipautil.run()
:return: result from ipautil.run()
"""
assert params[0] != 'setup'
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
# OpenDNSSEC 1.4
cmd = [paths.ODS_KSMUTIL]
else:
# OpenDNSSEC 2.x
cmd = [paths.ODS_ENFORCER]
cmd.extend(params)
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
return ipautil.run(cmd, **kwargs)
def configure_pkcs11_modules(self, fstore):
"""Disable p11-kit modules

View File

@ -2,11 +2,15 @@
# Copyright (C) 2020 FreeIPA Contributors see COPYING for license
#
import os
import socket
from ipapython import ipautil
from ipaserver.dnssec._odsbase import AbstractODSDBConnection
from ipaserver.dnssec._odsbase import AbstractODSSignerConn
from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
from ipaplatform.constants import constants
from ipaplatform.paths import paths
class ODSDBConnection(AbstractODSDBConnection):
@ -43,3 +47,43 @@ class ODSSignerConn(AbstractODSSignerConn):
self._conn.send(reply + b'\n')
self._conn.shutdown(socket.SHUT_RDWR)
self._conn.close()
class ODSTask():
def run_ods_setup(self):
"""Initialize a new kasp.db"""
cmd = [paths.ODS_KSMUTIL, 'setup']
return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
def run_ods_notify(self, **kwargs):
"""Notify ods-enforcerd to reload its conf."""
cmd = [paths.ODS_KSMUTIL, 'notify']
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
return ipautil.run(cmd, **kwargs)
def run_ods_policy_import(self, **kwargs):
"""Run OpenDNSSEC manager command to import policy."""
# This step is needed with OpenDNSSEC 2.1 only
return
def run_ods_manager(self, params, **kwargs):
"""Run OpenDNSSEC manager command (ksmutil, enforcer)
:param params: parameter for ODS command
:param kwargs: additional arguments for ipautil.run()
:return: result from ipautil.run()
"""
assert params[0] != 'setup'
cmd = [paths.ODS_KSMUTIL]
cmd.extend(params)
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
return ipautil.run(cmd, **kwargs)

View File

@ -3,10 +3,14 @@
#
from datetime import datetime
import os
from ipaserver.dnssec._odsbase import AbstractODSDBConnection
from ipaserver.dnssec._odsbase import AbstractODSSignerConn
from ipaserver.dnssec._odsbase import ODS_SE_MAXLINE
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython import ipautil
CLIENT_OPC_STDOUT = 0
CLIENT_OPC_EXIT = 4
@ -65,3 +69,47 @@ class ODSSignerConn(AbstractODSSignerConn):
prefix = bytearray([CLIENT_OPC_EXIT, 0, 1, 0])
self._conn.sendall(prefix)
self._conn.close()
class ODSTask():
def run_ods_setup(self):
"""Initialize a new kasp.db"""
cmd = [paths.ODS_ENFORCER_DB_SETUP]
return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
def run_ods_notify(self, **kwargs):
"""Notify ods-enforcerd to reload its conf."""
cmd = [paths.ODS_ENFORCER, 'flush']
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
return ipautil.run(cmd, **kwargs)
def run_ods_policy_import(self, **kwargs):
"""Run OpenDNSSEC manager command to import policy."""
cmd = [paths.ODS_ENFORCER, 'policy', 'import']
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
ipautil.run(cmd, **kwargs)
def run_ods_manager(self, params, **kwargs):
"""Run OpenDNSSEC manager command (ksmutil, enforcer)
:param params: parameter for ODS command
:param kwargs: additional arguments for ipautil.run()
:return: result from ipautil.run()
"""
assert params[0] != 'setup'
cmd = [paths.ODS_ENFORCER]
cmd.extend(params)
# run commands as ODS user
if os.geteuid() == 0:
kwargs['runas'] = constants.ODS_USER
return ipautil.run(cmd, **kwargs)

View File

@ -12,7 +12,7 @@ except ImportError:
from xml.etree import ElementTree as etree
from ipapython import ipa_log_manager, ipautil
from ipaplatform.tasks import tasks
from ipaserver.dnssec.opendnssec import tasks
logger = logging.getLogger(__name__)

View File

@ -7,6 +7,8 @@ from ipaplatform.paths import paths
# pylint: disable=unused-import
if paths.ODS_KSMUTIL is not None and os.path.exists(paths.ODS_KSMUTIL):
from ._ods14 import ODSDBConnection, ODSSignerConn
from ._ods14 import ODSDBConnection, ODSSignerConn, ODSTask
else:
from ._ods21 import ODSDBConnection, ODSSignerConn
from ._ods21 import ODSDBConnection, ODSSignerConn, ODSTask
tasks = ODSTask()

View File

@ -13,6 +13,7 @@ import shutil
from subprocess import CalledProcessError
from ipalib.install import sysrestore
from ipaserver.dnssec.opendnssec import tasks
from ipaserver.install import service
from ipaserver.masters import ENABLED_SERVICE
from ipapython.dn import DN
@ -21,7 +22,6 @@ from ipapython import ipautil
from ipaplatform import services
from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
from ipalib import errors, api
from ipaserver import p11helper
from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL