Manage ipa-otpd.socket by IPA

Adds a new simple service called OtpdInstance, that manages ipa-otpd.socket service. Added to server/replica installer and ipa-upgradeconfig script. https://fedorahosted.org/freeipa/ticket/3680
2025-02-25 18:55:28 -06:00 · 2013-06-05 15:48:35 +02:00 · 2013-06-05 15:48:35 +02:00 · b2c378dcc8
commit b2c378dcc8
parent bcf8ab24d5
6 changed files with 68 additions and 22 deletions
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@ -35,6 +35,7 @@ from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
        ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
@ -667,6 +668,11 @@ def main():

    krb = install_krb(config, setup_pkinit=options.setup_pkinit)
    http = install_http(config, auto_redirect=options.ui_redirect)
+
+    otpd = otpdinstance.OtpdInstance()
+    otpd.create_instance('OTPD', config.host_name, config.dirman_password,
+                         ipautil.realm_to_suffix(config.realm_name))
+
    if CA:
        CA.configure_certmonger_renewal()
        CA.import_ra_cert(dir + "/ra.p12")
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@ -49,6 +49,7 @@ from ipaserver.install import ntpinstance
 from ipaserver.install import certs
 from ipaserver.install import cainstance
 from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade

 from ipaserver.install import service, installutils
@ -513,6 +514,7 @@ def uninstall():
    krbinstance.KrbInstance(fstore).uninstall()
    dsinstance.DsInstance(fstore=fstore).uninstall()
    memcacheinstance.MemcacheInstance().uninstall()
+    otpdinstance.OtpdInstance().uninstall()
    ipaservices.restore_network_configuration(fstore, sstore)
    fstore.restore_all_files()
    try:
@ -1092,11 +1094,15 @@ def main():
    # generated
    ds.add_cert_to_service()

-    # Create a HTTP instance
-
    memcache = memcacheinstance.MemcacheInstance()
-    memcache.create_instance('MEMCACHE', host_name, dm_password, ipautil.realm_to_suffix(realm_name))
+    memcache.create_instance('MEMCACHE', host_name, dm_password,
+                             ipautil.realm_to_suffix(realm_name))

+    otpd = otpdinstance.OtpdInstance()
+    otpd.create_instance('OTPD', host_name, dm_password,
+                         ipautil.realm_to_suffix(realm_name))
+
+    # Create a HTTP instance
    http = httpinstance.HTTPInstance(fstore)
    if options.http_pkcs12:
        http.create_instance(
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@ -48,6 +48,7 @@ from ipaserver.install import bindinstance
 from ipaserver.install import service
 from ipaserver.install import cainstance
 from ipaserver.install import certs
+from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade


@ -925,17 +926,23 @@ def main():

    uninstall_selfsign(ds, http)

-    memcache = memcacheinstance.MemcacheInstance()
-    memcache.ldapi = True
-    memcache.realm = api.env.realm
-    try:
-        if not memcache.is_configured():
-            # 389-ds needs to be running to create the memcache instance
-            # because we record the new service in cn=masters.
-            ds.start()
-            memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm))
-    except ipalib.errors.DuplicateEntry:
-        pass
+    simple_service_list = (
+        (memcacheinstance.MemcacheInstance(), 'MEMCACHE'),
+        (otpdinstance.OtpdInstance(), 'OTPD'),
+    )
+
+    for service, ldap_name in simple_service_list:
+        service.ldapi = True
+        try:
+            if not service.is_configured():
+                # 389-ds needs to be running to create the memcache instance
+                # because we record the new service in cn=masters.
+                ds.start()
+                service.create_instance(ldap_name, fqdn, None,
+                                        ipautil.realm_to_suffix(api.env.realm),
+                                        realm=api.env.realm)
+        except ipalib.errors.DuplicateEntry:
+            pass

    cleanup_kdc(fstore)
    setup_firefox_extension(fstore)
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@ -53,6 +53,7 @@ system_units['pki_cad'] = system_units['pki-cad']
 # Our PKI instance is pki-tomcatd@pki-tomcat.service
 system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service'
 system_units['pki_tomcatd'] = system_units['pki-tomcatd']
+system_units['ipa-otpd'] = 'ipa-otpd.socket'

 class Fedora16Service(systemd.SystemdService):
    def __init__(self, service_name):
--- a/ipaserver/install/otpdinstance.py
+++ b/ipaserver/install/otpdinstance.py
@ -0,0 +1,25 @@
+# Authors: Tomas Babej <tbabej@redhat.com>
+#
+# Copyright (C) 2013  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import service
+
+
+class OtpdInstance(service.SimpleServiceInstance):
+    def __init__(self):
+        service.SimpleServiceInstance.__init__(self, "ipa-otpd")
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@ -40,14 +40,15 @@ DISABLED = 3
 # The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple
 # the first value is the *nix service name, the second the start order.
 SERVICE_LIST = {
-    'KDC':('krb5kdc', 10),
-    'KPASSWD':('kadmin', 20),
-    'DNS':('named', 30),
-    'MEMCACHE':('ipa_memcached', 39),
-    'HTTP':('httpd', 40),
-    'CA':('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
-    'ADTRUST':('smb', 60),
-    'EXTID':('winbind', 70)
+    'KDC': ('krb5kdc', 10),
+    'KPASSWD': ('kadmin', 20),
+    'DNS': ('named', 30),
+    'MEMCACHE': ('ipa_memcached', 39),
+    'HTTP': ('httpd', 40),
+    'CA': ('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
+    'ADTRUST': ('smb', 60),
+    'EXTID': ('winbind', 70),
+    'OTPD': ('ipa-otpd', 80),
 }

 def print_msg(message, output_fd=sys.stdout):