Introduce service base class and clean up ipa-server-install

1) Add a base class for all of the instance objects. 2) Normalize usage of logging. 3) General cleanups of ipa-server-install. 4) Make better use of httpinstance. 5) Add webguiinstance. 6) Improve progress reporting during installation. Works Here (TM), but it would be nice to get someone else to test since this moves code around a bit.
2025-02-25 18:55:28 -06:00
parent 957a70e560
commit 8e48393c61
10 changed files with 306 additions and 164 deletions
--- a/ipa-server/ipa-install/ipa-server-install
+++ b/ipa-server/ipa-install/ipa-server-install
@@ -48,6 +48,9 @@ import ipaserver.bindinstance
 import ipaserver.httpinstance
 import ipaserver.ntpinstance
 import ipaserver.radiusinstance
 import ipaserver.webguiinstance
 from ipaserver import service
 from ipa.ipautil import run
@@ -525,7 +528,11 @@ def main():
    # Create a HTTP instance
    http = ipaserver.httpinstance.HTTPInstance()
-    http.create_instance()
+    http.create_instance(realm_name, host_name)
    # Create a Web Gui instance
    webgui = ipaserver.webguiinstance.WebGuiInstance()
    webgui.create_instance()
    # Create a radius instance
    radius = ipaserver.radiusinstance.RadiusInstance()
@@ -548,69 +555,16 @@ def main():
        bind.create_sample_bind_zone()
    # Restart ds and krb after configurations have been changed
    service.print_msg("restarting the directory server")
    ds.restart()
    service.print_msg("restarting the KDC")
    krb.restart()
    # Configure ntpd
    ntp = ipaserver.ntpinstance.NTPInstance()
    ntp.create_instance()
    try:
        selinux=0
        try:
            if (os.path.exists('/usr/sbin/selinuxenabled')):
                run(["/usr/sbin/selinuxenabled"])
                selinux=1
        except subprocess.CalledProcessError, e:
            # selinuxenabled returns 1 if not enabled
            pass
        if selinux:
            # Allow apache to connect to the turbogears web gui
            # This can still fail even if selinux is enabled
            try:
                run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
            except:
                print "WARNING: could not set selinux boolean httpd_can_network_connect to true."
                print "The web interface may not function correctly until this boolean is"
                print "successfully change with the command:"
                print "   /usr/sbin/setsebool -P httpd_can_network_connect true"
                print "Try updating the policycoreutils and selinux-policy packages."
                pass
        # Start the web gui
        run(["/sbin/service", "ipa-webgui", "start"])
        # Set the web gui to start on boot
        run(["/sbin/chkconfig", "ipa-webgui", "on"])
        # Restart apache
        run(["/sbin/service", "httpd", "restart"])
        # Set apache to start on boot
        run(["/sbin/chkconfig", "httpd", "on"])
        # Set fedora-ds to start on boot
        run(["/sbin/chkconfig", "dirsrv", "on"])
        # Set the KDC to start on boot
        run(["/sbin/chkconfig", "krb5kdc", "on"])
        # Set the Kpasswd to start on boot
        run(["/sbin/chkconfig", "ipa-kpasswd", "on"])
        # Start Kpasswd
        run(["/sbin/service", "ipa-kpasswd", "start"])
        # Set the ntpd to start on boot
        run(["/sbin/chkconfig", "ntpd", "on"])
        # Restart ntpd
        run(["/sbin/service", "ntpd", "restart"])
    except subprocess.CalledProcessError, e:
        print "Installation failed:", e
        return 1
    # Set the admin user kerberos password
    ds.change_admin_password(admin_password)
--- a/ipa-server/ipa-install/share/Makefile.am
+++ b/ipa-server/ipa-install/share/Makefile.am
@@ -19,6 +19,7 @@ app_DATA =				\
 	krbrealm.con.template		\
 	ntp.conf.server.template 	\
 	radius.radiusd.conf.template	\
 	referint-conf.ldif		\
 	$(NULL)
 EXTRA_DIST =				\
--- a/ipa-server/ipaserver/Makefile.am
+++ b/ipa-server/ipaserver/Makefile.am
@@ -10,6 +10,8 @@ app_PYTHON = 			\
 	httpinstance.py		\
 	ntpinstance.py		\
 	radiusinstance.py	\
 	webguiinstance.py	\
 	service.py		\
 	$(NULL)
 EXTRA_DIST =			\
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@@ -24,7 +24,9 @@ import tempfile
 import shutil
 import logging
 import pwd
 from ipa.ipautil import *
 import service
 SERVER_ROOT_64 = "/usr/lib64/dirsrv"
 SERVER_ROOT_32 = "/usr/lib/dirsrv"
@@ -57,8 +59,9 @@ RootDN=   cn=Directory Manager
 RootDNPwd= $PASSWORD
 """
-class DsInstance:
+class DsInstance(service.Service):
    def __init__(self):
        service.Service.__init__(self, "dirsrv")
        self.serverid = None
        self.realm_name = None
        self.suffix = None
@@ -75,6 +78,7 @@ class DsInstance:
        self.dm_password = dm_password
        self.__setup_sub_dict()
        self.start_creation(11, "Configuring directory server:")
        self.__create_ds_user()
        self.__create_instance()
        self.__add_default_schemas()
@@ -84,12 +88,18 @@ class DsInstance:
        self.__enable_ssl()
        self.__certmap_conf()
        try:
            self.step("restarting directory server")
            self.restart()
        except:
            # TODO: roll back here?
-            print "Failed to restart the ds instance"
+            logging.critical("Failed to restart the ds instance")
        self.__add_default_layout()
        self.step("configuring directoy to start on boot")
        self.chkconfig_on()
        self.done_creation()
    def config_dirname(self):
        if not self.serverid:
            raise RuntimeError("serverid not set")
@@ -98,15 +108,6 @@ class DsInstance:
    def schema_dirname(self):
        return self.config_dirname() + "/schema/"
    def stop(self):
        run(["/sbin/service", "dirsrv", "stop"])
    def start(self):
        run(["/sbin/service", "dirsrv", "start"])
    def restart(self):
        run(["/sbin/service", "dirsrv", "restart"])
    def __setup_sub_dict(self):
        server_root = find_server_root()
        self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid,
@@ -115,6 +116,7 @@ class DsInstance:
                             SERVER_ROOT=server_root)
    def __create_ds_user(self):
        self.step("creating directory server user")
 	try:
            pwd.getpwnam(self.ds_user)
            logging.debug("ds user %s exists" % self.ds_user)
@@ -125,11 +127,10 @@ class DsInstance:
                run(args)
                logging.debug("done adding user")
            except subprocess.CalledProcessError, e:
-                print "Failed to add user", e
+                logging.critical("failed to add user %s" % e)
                logging.debug("failed to add user %s" % e)
    def __create_instance(self):
-        logging.debug("creating ds instance . . . ")
+        self.step("creating directory server instance")
        inf_txt = template_str(INF_TEMPLATE, self.sub_dict)
        logging.debug(inf_txt)
        inf_fd = write_tmp_file(inf_txt)
@@ -144,8 +145,7 @@ class DsInstance:
            run(args)
            logging.debug("completed creating ds instance")
        except subprocess.CalledProcessError, e:
-            print "failed to restart ds instance", e
+            logging.critical("failed to restart ds instance %s" % e)
            logging.debug("failed to restart ds instance %s" % e)
        logging.debug("restarting ds instance")
        try:
            self.restart()
@@ -155,6 +155,7 @@ class DsInstance:
            logging.debug("failed to restart ds instance %s" % e)
    def __add_default_schemas(self):
        self.step("adding default schema")
        shutil.copyfile(SHARE_DIR + "60kerberos.ldif",
                        self.schema_dirname() + "60kerberos.ldif")
        shutil.copyfile(SHARE_DIR + "60samba.ldif",
@@ -163,15 +164,17 @@ class DsInstance:
                        self.schema_dirname() + "60radius.ldif")
    def __add_memberof_module(self):
        self.step("enabling memboerof plugin")
        memberof_txt = template_file(SHARE_DIR + "memberof-conf.ldif", self.sub_dict)
        memberof_fd = write_tmp_file(memberof_txt)
        try:
            ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
        except subprocess.CalledProcessError, e:
-            print "Failed to load memberof-conf.ldif", e
+            logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
        memberof_fd.close()
    def __add_referint_module(self):
        self.step("enabling referential integrity plugin")
        referint_txt = template_file(SHARE_DIR + "referint-conf.ldif", self.sub_dict)
        referint_fd = write_tmp_file(referint_txt)
        try:
@@ -181,7 +184,7 @@ class DsInstance:
        referint_fd.close()
    def __enable_ssl(self):
-        logging.debug("configuring ssl for ds instance")
+        self.step("configuring ssl for ds instance")
        dirname = self.config_dirname()
        args = ["/usr/share/ipa/ipa-server-setupssl", self.dm_password,
                dirname, self.host_name]
@@ -189,13 +192,13 @@ class DsInstance:
            run(args)
            logging.debug("done configuring ssl for ds instance")
        except subprocess.CalledProcessError, e:
-            print "Failed to enable ssl in ds instance", e
+            logging.critical("Failed to configure ssl in ds instance %s" % e)
            logging.debug("Failed to configure ssl in ds instance %s" % e)
    def __add_default_layout(self):
        self.step("adding default layout")
        txt = template_file(SHARE_DIR + "bootstrap-template.ldif", self.sub_dict)
        inf_fd = write_tmp_file(txt)
-        logging.debug("adding default ds layout")
+        logging.debug("adding default dfrom ipa.ipautil import *s layout")
        args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager",
                "-w", self.dm_password, "-f", inf_fd.name]
        try:
@@ -203,9 +206,10 @@ class DsInstance:
            logging.debug("done adding default ds layout")
        except subprocess.CalledProcessError, e:
            print "Failed to add default ds layout", e
-            logging.debug("Failed to add default ds layout %s" % e)
+            logging.critical("Failed to add default ds layout %s" % e)
    def __create_indeces(self):
        self.step("creating indeces")
        txt = template_file(SHARE_DIR + "indeces.ldif", self.sub_dict)
        inf_fd = write_tmp_file(txt)
        logging.debug("adding/updating indeces")
@@ -215,17 +219,15 @@ class DsInstance:
            run(args)
            logging.debug("done adding/updating indeces")
        except subprocess.CalledProcessError, e:
-            print "Failed to add default ds layout", e
+            logging.critical("Failed to add/update indeces %s" % str(e))
            logging.debug("Failed to add/update indeces %s" % e)
    def __certmap_conf(self):
-        logging.debug("configuring certmap.conf for ds instance")
+        self.step("configuring certmap.conf")
        dirname = self.config_dirname()
        certmap_conf = template_file(SHARE_DIR+"certmap.conf.template", self.sub_dict)
        certmap_fd = open(dirname+"certmap.conf", "w+")
        certmap_fd.write(certmap_conf)
        certmap_fd.close()
        logging.debug("done configuring certmap.conf for ds instance")
    def change_admin_password(self, password):
        logging.debug("Changing admin password")
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -20,17 +20,26 @@
 import subprocess
 import string
 import tempfile
 import shutil
 import logging
 import pwd
 from ipa.ipautil import *
 import fileinput
 import sys
 import time
 import service
 from ipa.ipautil import *
 HTTPD_DIR = "/etc/httpd"
 SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
 NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf"
 selinux_warning = """WARNING: could not set selinux boolean httpd_can_network_connect to true.
 The web interface may not function correctly until this boolean is
 successfully change with the command:
   /usr/sbin/setsebool -P httpd_can_network_connect true
 Try updating the policycoreutils and selinux-policy packages.
 """
 def update_file(filename, orig, subst):
    if os.path.exists(filename):
        pattern = "%s" % re.escape(orig)
@@ -42,35 +51,90 @@ def update_file(filename, orig, subst):
                sys.stdout.write(p.sub(subst, line))
        fileinput.close()
-class HTTPInstance:
+class HTTPInstance(service.Service):
    def __init__(self):
-        pass 
+        service.Service.__init__(self, "httpd")
-    def create_instance(self):
+    def create_instance(self, realm, fqdn):
        self.sub_dict = { "REALM" : realm }
        self.fqdn = fqdn
        self.realm = realm
        self.start_creation(6, "Configuring the web interface")
        self.__disable_mod_ssl()
        self.__set_mod_nss_port()
        self.__configure_http()
        self.__create_http_keytab()
        self.step("restarting httpd")
        self.restart()
        self.step("configuring httpd to start on boot")
        self.chkconfig_on()
        self.done_creation()
    def __selinux_config(self):
        self.step("configuring SELinux for httpd")
        selinux=0
        try:
-            self.restart()
+            if (os.path.exists('/usr/sbin/selinuxenabled')):
-        except:
+                run(["/usr/sbin/selinuxenabled"])
-            # TODO: roll back here?
+                selinux=1
-            print "Failed to restart httpd"
+        except subprocess.CalledProcessError:
            # selinuxenabled returns 1 if not enabled
            pass
-    def stop(self):
+        if selinux:
-        run(["/sbin/service", "httpd", "stop"])
+            # Allow apache to connect to the turbogears web gui
            # This can still fail even if selinux is enabled
            try:
                run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
            except:
                self.print_msg(selinux_warning)
    def __create_http_keytab(self):
        self.step("creating a keytab for httpd")
        try:
            if file_exists("/etc/httpd/conf/ipa.keytab"):
                os.remove("/etc/httpd/conf/ipa.keytab")
        except os.error:
            print "Failed to remove /etc/httpd/conf/ipa.keytab."
        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
        kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n")
        kwrite.flush()
        kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n")
        kwrite.flush()
        kwrite.close()
        kread.close()
        kerr.close()
-    def start(self):
+        # give kadmin time to actually write the file before we go on
-        run(["/sbin/service", "httpd", "start"])
+	retry = 0
        while not file_exists("/etc/httpd/conf/ipa.keytab"):
            time.sleep(1)
            retry += 1
            if retry > 15:
                print "Error timed out waiting for kadmin to finish operations\n"
                sys.exit(1)
        pent = pwd.getpwnam("apache")
        os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
    def __configure_http(self):
        self.step("configuring httpd")
        http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict)
        http_fd = open("/etc/httpd/conf.d/ipa.conf", "w")
        http_fd.write(http_txt)
        http_fd.close()                
    def restart(self):
        run(["/sbin/service", "httpd", "restart"])
    def __disable_mod_ssl(self):
-        logging.debug("disabling mod_ssl in httpd")
+        self.step("disabling mod_ssl in httpd")
        if os.path.exists(SSL_CONF):
            os.rename(SSL_CONF, "%s.moved_by_ipa" % SSL_CONF)
        logging.debug("done disabling mod_ssl")
    def __set_mod_nss_port(self):
-        logging.debug("Setting mod_nss port to 443")
+        self.step("Setting mod_nss port to 443")
        update_file(NSS_CONF, '8443', '443')
        logging.debug("done setting mod_nss port")
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -32,6 +32,8 @@ import os
 import pwd
 import socket
 import time
 import service
 from ipa.ipautil import *
 def host_to_domain(fqdn):
@@ -63,8 +65,9 @@ def update_key_val_in_file(filename, key, val):
    f.write("%s=%s\n" % (key, val))
    f.close()
-class KrbInstance:
+class KrbInstance(service.Service):
    def __init__(self):
        service.Service.__init__(self, "krb5kdc")
        self.ds_user = None
        self.fqdn = None
        self.realm = None
@@ -95,39 +98,41 @@ class KrbInstance:
            # It could have been not running
            pass
        self.start_creation(10, "Configuring Kerberos KDC")
 	self.__configure_kdc_account_password()
        self.__setup_sub_dict()
        self.__configure_ldap()
        self.__configure_http()
        self.__create_instance()
        self.__create_ds_keytab()
        self.__create_http_keytab()
        self.__export_kadmin_changepw_keytab()
        self.__add_pwd_extop_module()
        try:
            self.step("starting the KDC")
            self.start()
        except:
-            print "krb5kdc service failed to start"
+            logging.critical("krb5kdc service failed to start")
-    def stop(self):
+        self.step("configuring KDC to start on boot")
-        run(["/sbin/service", "krb5kdc", "stop"])
+        self.chkconfig_on()
-    def start(self):
+        self.step("configuring ipa-kpasswd to start on boot")
-        run(["/sbin/service", "krb5kdc", "start"])
+        service.chkconfig_on("ipa-kpasswd")
-    def restart(self):
+        self.step("starting ipa-kpasswd")
-        run(["/sbin/service", "krb5kdc", "restart"])
+        service.start("ipa-kpasswd")
        self.done_creation()
    def __configure_kdc_account_password(self):
        self.step("setting KDC account password")
        hexpwd = ''
 	for x in self.kdc_password:
            hexpwd += (hex(ord(x))[2:])
@@ -145,14 +150,14 @@ class KrbInstance:
                             REALM=self.realm)
    def __configure_ldap(self):
-
+        self.step("adding kerberos configuration to the directory")
 	#TODO: test that the ldif is ok with any random charcter we may use in the password
        kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict)
        kerberos_fd = write_tmp_file(kerberos_txt)
        try:
            ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password)
        except subprocess.CalledProcessError, e:
-            print "Failed to load kerberos.ldif", e
+            logging.critical("Failed to load kerberos.ldif: %s" % str(e))
        kerberos_fd.close()
 	#Change the default ACL to avoid anonimous access to kerberos keys and othe hashes
@@ -161,10 +166,11 @@ class KrbInstance:
        try:
            ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password)
        except subprocess.CalledProcessError, e:
-            print "Failed to load default-aci.ldif", e
+            logging.critical("Failed to load default-aci.ldif: %s" % str(e))
        aci_fd.close()
    def __create_instance(self):
        self.step("configuring KDC")
        kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict)
        kdc_fd = open("/var/kerberos/krb5kdc/kdc.conf", "w+")
        kdc_fd.write(kdc_conf)
@@ -200,12 +206,13 @@ class KrbInstance:
    #add the password extop module
    def __add_pwd_extop_module(self):
        self.step("adding the password extenstion to the directory")
        extop_txt = template_file(SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict)
        extop_fd = write_tmp_file(extop_txt)
        try:
            ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password)
        except subprocess.CalledProcessError, e:
-            print "Failed to load pwd-extop-conf.ldif", e
+            logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e))
        extop_fd.close()
        #add an ACL to let the DS user read the master key
@@ -213,14 +220,15 @@ class KrbInstance:
        try:
            run(args)
        except subprocess.CalledProcessError, e:
-            print "Failed to set the ACL on the master key", e
+            logging.critical("Failed to set the ACL on the master key: %s" % str(e))
    def __create_ds_keytab(self):
        self.step("creating a keytab for the directory")
        try:
            if file_exists("/etc/dirsrv/ds.keytab"):
                os.remove("/etc/dirsrv/ds.keytab")
        except os.error:
-            print "Failed to remove /etc/dirsrv/ds.keytab."
+            logging.critical("Failed to remove /etc/dirsrv/ds.keytab.")
        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
        kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n")
        kwrite.flush()
@@ -236,7 +244,7 @@ class KrbInstance:
            time.sleep(1)
            retry += 1
            if retry > 15:
-                print "Error timed out waiting for kadmin to finish operations\n"
+                logging.critical("Error timed out waiting for kadmin to finish operations")
                sys.exit(1)
        update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
@@ -244,6 +252,7 @@ class KrbInstance:
        os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid)
    def __export_kadmin_changepw_keytab(self):
        self.step("exporting the kadmin keytab")
        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
        kwrite.write("modprinc +requires_preauth kadmin/changepw\n")
        kwrite.flush()
@@ -264,42 +273,11 @@ class KrbInstance:
            time.sleep(1)
            retry += 1
            if retry > 15:
-                print "Error timed out waiting for kadmin to finish operations\n"
+                logging.critical("Error timed out waiting for kadmin to finish operations")
                sys.exit(1)
        update_key_val_in_file("/etc/sysconfig/ipa-kpasswd", "export KRB5_KTNAME", "/var/kerberos/krb5kdc/kpasswd.keytab")
        pent = pwd.getpwnam(self.ds_user)
        os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid)
    def __create_http_keytab(self):
        try:
            if file_exists("/etc/httpd/conf/ipa.keytab"):
                os.remove("/etc/httpd/conf/ipa.keytab")
        except os.error:
            print "Failed to remove /etc/httpd/conf/ipa.keytab."
        (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local")
        kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n")
        kwrite.flush()
        kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n")
        kwrite.flush()
        kwrite.close()
        kread.close()
        kerr.close()
        # give kadmin time to actually write the file before we go on
 	retry = 0
        while not file_exists("/etc/httpd/conf/ipa.keytab"):
            time.sleep(1)
            retry += 1
            if retry > 15:
                print "Error timed out waiting for kadmin to finish operations\n"
                sys.exit(1)
        pent = pwd.getpwnam("apache")
        os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid)
    def __configure_http(self):
        http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict)
        http_fd = open("/etc/httpd/conf.d/ipa.conf", "w")
        http_fd.write(http_txt)
        http_fd.close()
--- a/ipa-server/ipaserver/ntpinstance.py
+++ b/ipa-server/ipaserver/ntpinstance.py
@@ -20,8 +20,16 @@
 from ipa.ipautil import *
 import shutil
-class NTPInstance:
+import service
 class NTPInstance(service.Service):
    def __init__(self):
        service.Service.__init__(self, "ntpd")
    def create_instance(self):
        self.start_creation(3, "Configuring ntpd")
        self.step("writing configuration")
        # The template sets the config to point towards ntp.pool.org, but
        # they request that software not point towards the default pool.
        # We use the OS variable to point it towards either the rhel
@@ -48,3 +56,9 @@ class NTPInstance:
        # we might consider setting the date manually using ntpd -qg in case
        # the current time is very far off.
        self.step("starting ntpd")
        self.start()
        self.step("configuring ntpd to start on boot")
        self.chkconfig_on()
--- a/ipa-server/ipaserver/radiusinstance.py
+++ b/ipa-server/ipaserver/radiusinstance.py
@@ -27,6 +27,8 @@ import pwd
 import time
 from ipa.ipautil import *
 import service
 import os
 import re
@@ -47,8 +49,9 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer
 #-------------------------------------------------------------------------------
-class RadiusInstance:
+class RadiusInstance(service.Service):
    def __init__(self):
        service.Service.__init__(self, "radiusd")
        self.fqdn        = None
        self.realm       = None
        self.principal   = None
@@ -66,6 +69,8 @@ class RadiusInstance:
        else:
            self.rpm_name = self.rpm_version = self.rpm_release = None
        self.start_creation(4, "Configuring radiusd")
        try:
            self.stop()
        except:
@@ -76,22 +81,17 @@ class RadiusInstance:
        self.__radiusd_conf()
        try:
            self.step("starting radiusd")
            self.start()
        except:
            logging.error("radiusd service failed to start")
        self.step("configuring radiusd to start on boot")
        self.chkconfig_on()
    def stop(self):
        run(['/sbin/service', 'radiusd', 'stop'])
    def start(self):
        run(['/sbin/service', 'radiusd', 'start'])
    def restart(self):
        run(['/sbin/service', 'radiusd', 'restart'])
    def __radiusd_conf(self):
-        logging.debug('configuring radiusd.conf for radius instance')
+        self.step('configuring radiusd.conf for radius instance')
        version = 'IPA_RADIUS_VERSION=%s RADIUS_PACKAGE_VERSION=%s' % (IPA_RADIUS_VERSION, self.rpm_nvr)
        sub_dict = {'CONFIG_FILE_VERSION_INFO' : version,
@@ -110,6 +110,7 @@ class RadiusInstance:
            logging.error("could not create %s: %s", RADIUSD_CONF_FILEPATH, e)
    def __create_radius_keytab(self):
        self.step("create radiusd keytab")
        try:
            if file_exists(IPA_KEYTAB_FILEPATH):
                os.remove(IPA_KEYTAB_FILEPATH)
--- a/ipa-server/ipaserver/service.py
+++ b/ipa-server/ipaserver/service.py
@@ -0,0 +1,86 @@
 # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
 #
 # Copyright (C) 2007  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License as
 # published by the Free Software Foundation; version 2 or later
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 #
 from ipa.ipautil import *
 import logging, sys
 def stop(service_name):
    run(["/sbin/service", service_name, "stop"])
 def start(service_name):
    run(["/sbin/service", service_name, "start"])
 def restart(service_name):
    run(["/sbin/service", service_name, "restart"])
 def chkconfig_on(service_name):
    run(["/sbin/chkconfig", service_name, "on"])
 def chkconfig_off(service_name):
    run(["/sbin/chkconfig", service_name, "off"])
 def print_msg(message, output_fd=sys.stdout):
    logging.debug(message)
    output_fd.write(message)
    output_fd.write("\n")
 class Service:
    def __init__(self, service_name):
        self.service_name = service_name
        self.num_steps = -1
        self.current_step = -1
        self.output_fd = sys.stdout
    def set_output(self, fd):
        self.output_fd = fd
    def stop(self):
        stop(self.service_name)
    def start(self):
        start(self.service_name)
    def restart(self):
        restart(self.service_name)
    def chkconfig_on(self):
        chkconfig_on(self.service_name)
    def chkconfig_off(self):
        chkconfig_off(self.service_name)
    def print_msg(self, message):
        print_msg(message, self.output_fd)
    def start_creation(self, num_steps, message):
        self.num_steps = num_steps
        self.cur_step = 0
        self.print_msg(message)
    def step(self, message):
        self.cur_step += 1
        self.print_msg("  [%d/%d]: %s" % (self.cur_step, self.num_steps, message))
    def done_creation(self):
        self.cur_step = -1
        self.num_steps = -1
        self.print_msg("done configuring %s." % self.service_name)
--- a/ipa-server/ipaserver/webguiinstance.py
+++ b/ipa-server/ipaserver/webguiinstance.py
@@ -0,0 +1,40 @@
 # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
 #
 # Copyright (C) 2007  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License as
 # published by the Free Software Foundation; version 2 or later
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 #
 import logging
 from ipa.ipautil import *
 import service
 class WebGuiInstance(service.Service):
    def __init__(self):
        service.Service.__init__(self, "ipa-webgui")
    def create_instance(self):
        self.start_creation(2, "Configuring ipa-webgui")
        self.step("starting ipa-webgui")
        service.start("ipa-webgui")
        self.step("configuring ipa-webgui to start on boot")
        service.chkconfig_on("ipa-webgui")
        self.done_creation()