Convert server install code to platform-independent access to system services

https://fedorahosted.org/freeipa/ticket/1605

ipaserver/install/bindinstance.py

@@ -615,7 +615,7 @@ class BindInstance(service.Service):
                 pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.disable()
 
         if not running is None and running:
             self.start()

ipaserver/install/cainstance.py

@@ -47,6 +47,7 @@ import nss.nss as nss
 
 from ipapython import ipautil
 from ipapython import nsslib
+from ipapython import services as ipaservices
 
 from ipaserver import ipaldap
 from ipaserver.install import service
@@ -373,11 +374,7 @@ class CADSInstance(service.Service):
 
     def restart_instance(self):
         try:
-            # Have to trick the base class to use the right service name
+            ipaservices.knownservices.dirsrv.restart(self.serverid)
-            sav_name = self.service_name
-            self.service_name="dirsrv"
-            self.restart(self.serverid)
-            self.service_name=sav_name
             if not dsinstance.is_ds_running():
                 logging.critical("Failed to restart the directory server. See the installation log for details.")
                 sys.exit(1)
@@ -392,14 +389,12 @@ class CADSInstance(service.Service):
         running = self.restore_state("running")
         enabled = self.restore_state("enabled")
         serverid = self.restore_state("serverid")
-        sav_name = self.service_name
-        self.service_name="dirsrv"
 
         if not running is None:
-            self.stop(serverid)
+            ipaservices.knownservices.dirsrv.stop(self.serverid)
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            ipaservices.knownservices.dirsrv.disable()
 
         if not serverid is None:
             # drop the trailing / off the config_dirname so the directory
@@ -409,7 +404,6 @@ class CADSInstance(service.Service):
             dsdb.untrack_server_cert("Server-Cert")
             dsinstance.erase_ds_instance_data(serverid)
 
-        self.service_name="pkids"
         user_exists = self.restore_state("user_exists")
 
         if user_exists == False:
@@ -417,7 +411,6 @@ class CADSInstance(service.Service):
                 ipautil.run(["/usr/sbin/userdel", PKI_DS_USER])
             except ipautil.CalledProcessError, e:
                 logging.critical("failed to delete user %s" % e)
-        self.service_name = sav_name
 
 class CAInstance(service.Service):
     """
@@ -1044,7 +1037,7 @@ class CAInstance(service.Service):
         # Fix the CRL URI in the profile
         installutils.set_directive('/var/lib/%s/profiles/ca/caIPAserviceCert.cfg' % PKI_INSTANCE_NAME, 'policyset.serverCertSet.9.default.params.crlDistPointsPointName_0', 'https://%s/ipa/crl/MasterCRL.bin' % self.fqdn, quotes=False, separator='=')
 
-        ipautil.run(["/sbin/restorecon", publishdir])
+        ipaservices.restore_context(publishdir)
 
     def __set_subject_in_config(self):
         # dogtag ships with an IPA-specific profile that forces a subject
@@ -1058,7 +1051,7 @@ class CAInstance(service.Service):
 
         enabled = self.restore_state("enabled")
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.disable()
 
         try:
             ipautil.run(["/usr/bin/pkiremove", "-pki_instance_root=/var/lib",
@@ -1148,14 +1141,11 @@ def install_replica_ca(config, postinstall=False):
     # internally. In the case of the dogtag DS the name doesn't match the
     # unix service.
 
-    service_name = cs.service_name
     service.print_msg("Restarting the directory and certificate servers")
-    cs.service_name = "dirsrv"
     ca.stop()
-    cs.stop("PKI-IPA")
+    ipaservices.knownservices.dirsrv.stop("PKI-IPA")
-    cs.start("PKI-IPA")
+    ipaservices.knownservices.dirsrv.start("PKI-IPA")
     ca.start()
-    cs.service_name = service_name
 
     return (ca, cs)
 

ipaserver/install/certs.py

@@ -36,7 +36,7 @@ from ipapython import certmonger
 from ipapython.certdb import get_ca_nickname
 from ipalib import pkcs10
 from ConfigParser import RawConfigParser, MissingSectionHeaderError
-import service
+from ipapython import services as ipaservices
 from ipalib import x509
 from ipalib.dn import DN
 from ipalib.errors import CertificateOperationError
@@ -483,29 +483,30 @@ class CertDB(object):
         """
         Tell certmonger to track the given certificate nickname.
         """
-        service.chkconfig_on("certmonger")
+        cmonger = ipaservices.knownservices.certmonger
-        service.start("messagebus")
+        cmonger.enable()
-        service.start("certmonger")
+        ipaservices.knownservices.messagebus.start()
+        cmonger.start()
         try:
             (stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file)
         except (ipautil.CalledProcessError, RuntimeError), e:
             logging.error("certmonger failed starting to track certificate: %s" % str(e))
             return
 
-        service.stop("certmonger")
+        cmonger.stop()
         cert = self.get_cert_from_db(nickname)
         nsscert = x509.load_certificate(cert, dbdir=self.secdir)
         subject = str(nsscert.subject)
         m = re.match('New tracking request "(\d+)" added', stdout)
         if not m:
-            logging.error('Didn\'t get new certmonger request, got %s' % stdout)
+            logging.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout))
-            raise RuntimeError('certmonger did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (nickname, self.secdir))
+            raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir))
         request_id = m.group(1)
 
         certmonger.add_principal(request_id, principal)
         certmonger.add_subject(request_id, subject)
 
-        service.start("certmonger")
+        cmonger.start()
 
     def untrack_server_cert(self, nickname):
         """
@@ -514,13 +515,14 @@ class CertDB(object):
 
         # Always start certmonger. We can't untrack something if it isn't
         # running
-        service.start("messagebus")
+        cmonger = ipaservices.knownservices.certmonger
-        service.start("certmonger")
+        ipaservices.knownservices.messagebus.start()
+        cmonger.start()
         try:
             certmonger.stop_tracking(self.secdir, nickname=nickname)
         except (ipautil.CalledProcessError, RuntimeError), e:
             logging.error("certmonger failed to stop tracking certificate: %s" % str(e))
-        service.stop("certmonger")
+        cmonger.stop()
 
     def create_server_cert(self, nickname, hostname, other_certdb=None, subject=None):
         """
@@ -770,6 +772,7 @@ class CertDB(object):
         f.write(pwdfile.read())
         f.close()
         pwdfile.close()
+        # TODO: replace explicit uid by a platform-specific one
         self.set_perms(self.pwd_conf, uid="apache")
 
     def find_root_cert(self, nickname):

ipaserver/install/dsinstance.py

@@ -30,6 +30,7 @@ import tempfile
 
 from ipapython import ipautil
 from ipapython import sysrestore
+from ipapython import services as ipaservices
 
 import service
 import installutils
@@ -107,18 +108,7 @@ def check_ports():
     return (ds_unsecure, ds_secure)
 
 def is_ds_running():
-    """The DS init script always returns 0 when requesting status so it cannot
+    return ipaservices.knownservices.dirsrv.is_running()
-       be used to determine if the server is running. We have to look at the
-       output.
-    """
-    ret = True
-    try:
-        (sout, serr, rcode) = ipautil.run(["/sbin/service", "dirsrv", "status"])
-        if sout.find("is stopped") >= 0:
-            ret = False
-    except ipautil.CalledProcessError:
-        ret = False
-    return ret
 
 def has_managed_entries(host_name, dm_password):
     """Check to see if the Managed Entries plugin is available"""
@@ -310,8 +300,7 @@ class DsInstance(service.Service):
         self.backup_state("enabled", self.is_enabled())
         # At the end of the installation ipa-server-install will enable the
         # 'ipa' service wich takes care of starting/stopping dirsrv
-        # self.chkconfig_on()
+        self.disable()
-        self.chkconfig_off()
 
     def __setup_sub_dict(self):
         server_root = find_server_root()
@@ -329,10 +318,10 @@ class DsInstance(service.Service):
 
     def __create_ds_user(self):
         user_exists = True
-	try:
+        try:
             pwd.getpwnam(DS_USER)
             logging.debug("ds user %s exists" % DS_USER)
-	except KeyError:
+        except KeyError:
             user_exists = False
             logging.debug("adding ds user %s" % DS_USER)
             args = ["/usr/sbin/useradd", "-g", DS_GROUP,
@@ -646,7 +635,7 @@ class DsInstance(service.Service):
             pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.disable()
 
         serverid = self.restore_state("serverid")
         if not serverid is None:

ipaserver/install/httpinstance.py

@@ -30,6 +30,7 @@ import dsinstance
 import installutils
 from ipapython import sysrestore
 from ipapython import ipautil
+from ipapython import services as ipaservices
 from ipalib import util, api
 
 HTTPD_DIR = "/etc/httpd"
@@ -220,13 +221,13 @@ class HTTPInstance(service.Service):
         os.chown(certs.NSS_DIR + "/pwdfile.txt", 0, pent.pw_gid )
 
         # Fix SELinux permissions on the database
-        ipautil.run(["/sbin/restorecon", certs.NSS_DIR + "/cert8.db"])
+        ipaservices.restore_context(certs.NSS_DIR + "/cert8.db")
-        ipautil.run(["/sbin/restorecon", certs.NSS_DIR + "/key3.db"])
+        ipaservices.restore_context(certs.NSS_DIR + "/key3.db")
 
         # In case this got generated as part of the install, reset the
         # context
         if ipautil.file_exists(certs.CA_SERIALNO):
-            ipautil.run(["/sbin/restorecon", certs.CA_SERIALNO])
+            ipaservices.restore_context(certs.CA_SERIALNO)
             os.chown(certs.CA_SERIALNO, 0, pent.pw_gid)
             os.chmod(certs.CA_SERIALNO, 0664)
 
@@ -272,7 +273,7 @@ class HTTPInstance(service.Service):
         db = certs.CertDB(api.env.realm)
         db.untrack_server_cert("Server-Cert")
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.disable()
 
         for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]:
             try:

ipaserver/install/krbinstance.py

@@ -30,6 +30,7 @@ import service
 import installutils
 from ipapython import sysrestore
 from ipapython import ipautil
+from ipapython import services as ipaservices
 from ipalib import util
 from ipalib import errors
 
@@ -453,7 +454,7 @@ class KrbInstance(service.Service):
                 pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.disable()
 
         if not running is None and running:
             self.start()

ipaserver/install/ntpinstance.py

@@ -23,6 +23,7 @@ import logging
 import service
 from ipapython import sysrestore
 from ipapython import ipautil
+from ipapython import services as ipaservices
 
 class NTPInstance(service.Service):
     def __init__(self, fstore=None):
@@ -143,7 +144,7 @@ class NTPInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        self.enable()
 
     def create_instance(self):
 
@@ -168,13 +169,13 @@ class NTPInstance(service.Service):
             self.stop()
 
         try:
-	    self.fstore.restore_file("/etc/ntp.conf")
+            self.fstore.restore_file("/etc/ntp.conf")
         except ValueError, error:
             logging.debug(error)
             pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.disable()
 
         if not running is None and running:
             self.start()

ipaserver/install/replication.py

@@ -23,7 +23,7 @@ import os
 import sys
 import ldap
 from ipaserver import ipaldap
-from ipaserver.install.service import restart
+from ipapython import services as ipaservices
 import installutils
 from ldap import modlist
 from ipalib import util
@@ -106,7 +106,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
         conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')])
         conn.unbind()
         serverid = "-".join(realm.split("."))
-        restart("dirsrv", instance_name=serverid)
+        ipaservices.knownservices.dirsrv.restart(instance_name=serverid)
         installutils.wait_for_open_ports('localhost', [389, 636], 300)
     else:
         conn.unbind()