Provide ipa-advise tool

Provides a pluggable framework for generating configuration scriptlets and instructions for various machine setups and use cases. Creates a new ipa-advise command, available to root user on the IPA server. Also provides an example configuration plugin, config-fedora-authconfig. https://fedorahosted.org/freeipa/ticket/3670
2025-02-25 18:55:28 -06:00 · 2013-06-10 14:43:24 +02:00
parent 2a9be92855
commit c81849712f
14 changed files with 382 additions and 3 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -600,6 +600,7 @@ fi
 %{_sbindir}/ipa-managed-entries
 %{_sbindir}/ipactl
 %{_sbindir}/ipa-upgradeconfig
 %{_sbindir}/ipa-advise
 %{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit
 %{_libexecdir}/ipa-otpd
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
@@ -615,6 +616,8 @@ fi
 %dir %{python_sitelib}/ipaserver
 %dir %{python_sitelib}/ipaserver/install
 %dir %{python_sitelib}/ipaserver/install/plugins
 %dir %{python_sitelib}/ipaserver/advise
 %dir %{python_sitelib}/ipaserver/advise/plugins
 %dir %{python_sitelib}/ipaserver/plugins
 %dir %{_libdir}/ipa/certmonger
 %attr(755,root,root) %{_libdir}/ipa/certmonger/*
@@ -730,6 +733,7 @@ fi
 %{_mandir}/man8/ipa-upgradeconfig.8.gz
 %{_mandir}/man1/ipa-backup.1.gz
 %{_mandir}/man1/ipa-restore.1.gz
 %{_mandir}/man1/ipa-advise.1.gz
 %files server-trust-ad
 %{_sbindir}/ipa-adtrust-install
--- a/install/tools/Makefile.am
+++ b/install/tools/Makefile.am
@@ -23,6 +23,7 @@ sbin_SCRIPTS =			\
 	ipa-upgradeconfig	\
 	ipa-backup		\
 	ipa-restore		\
 	ipa-advise		\
 	$(NULL)
 EXTRA_DIST =			\
--- a/install/tools/ipa-advise
+++ b/install/tools/ipa-advise
@@ -0,0 +1,23 @@
 #! /usr/bin/python -E
 # Authors: Tomas Babej <tbabej@redhat.com>
 #
 # Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 from ipaserver.advise.base import IpaAdvise
 IpaAdvise.run_cli()
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -21,6 +21,7 @@ man1_MANS = 				\
 	ipa-managed-entries.1		\
 	ipa-backup.1			\
 	ipa-restore.1			\
 	ipa-advise.1			\
        $(NULL)
 man8_MANS =				\
--- a/install/tools/man/ipa-advise.1
+++ b/install/tools/man/ipa-advise.1
@@ -0,0 +1,44 @@
 .\" A man page for ipa-advise
 .\" Copyright (C) 2013 Red Hat, Inc.
 .\"
 .\" This program is free software; you can redistribute it and/or modify
 .\" it under the terms of the GNU General Public License as published by
 .\" the Free Software Foundation, either version 3 of the License, or
 .\" (at your option) any later version.
 .\"
 .\" This program is distributed in the hope that it will be useful, but
 .\" WITHOUT ANY WARRANTY; without even the implied warranty of
 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 .\" General Public License for more details.
 .\"
 .\" You should have received a copy of the GNU General Public License
 .\" along with this program.  If not, see <http://www.gnu.org/licenses/>.
 .\"
 .\" Author: Tomas Babej <tbabej@redhat.com>
 .\"
 .TH "ipa-advise" "1" "Jun 10 2013" "FreeIPA" "FreeIPA Manual Pages"
 .SH "NAME"
 ipa\-advise \- Provide configurations advice for various use cases.
 .SH "SYNOPSIS"
 ipa\-advise ADVICE
 .SH "DESCRIPTION"
 Provides customized advice for various IPA configuration issues.
 .TP
 For the list of possible ADVICEs available, run the ipa\-advise with no arguments.
 .SH "OPTIONS"
 .TP
 \fB\-\-v\fR, \fB\-\-verbose\fR
 Print debugging information
 .TP
 \fB\-d\fR, \fB\-\-debug\fR
 Alias for \-\-verbose
 .TP
 \fB\-q\fR, \fB\-\-quiet\fR
 Output only errors
 .TP
 \fB\-\-log\-file\fR=\fIFILE\fR
 Log to the given file
 .SH "EXIT STATUS"
 0 if the command was successful
 1 if an error occurred
--- a/ipalib/init.py
+++ b/ipalib/init.py
@@ -882,7 +882,7 @@ freeIPA.org:
 import os
 import plugable
 from backend import Backend
-from frontend import Command, LocalOrRemote, Updater
+from frontend import Command, LocalOrRemote, Updater, Advice
 from frontend import Object, Method, Property
 from crud import Create, Retrieve, Update, Delete, Search
 from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam, DeprecatedParam
@@ -912,9 +912,12 @@ def create_api(mode='dummy'):
        - `frontend.Property`
        - `frontend.Advice`
        - `backend.Backend`
    """
-    api = plugable.API(Command, Object, Method, Property, Backend, Updater)
+    api = plugable.API(Command, Object, Method, Property, Backend, Updater,
                       Advice)
    if mode is not None:
        api.env.mode = mode
    assert mode != 'production'
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -1445,3 +1445,48 @@ class Updater(Method):
        )
        return self.execute(**options)
 class _AdviceOutput(object):
    def __init__(self):
        self.content = []
        self.prefix = '# '
        self.options = None
    def comment(self, line):
        self.content.append(self.prefix + line)
    def debug(self, line):
        if self.options.verbose:
            self.comment('DEBUG: ' + line)
    def command(self, line):
        self.content.append(line)
 class Advice(Plugin):
    """
    Base class for advices, plugins for ipa-advise.
    """
    options = None
    require_root = False
    description = ''
    def __init__(self):
        super(Advice, self).__init__()
        self.log = _AdviceOutput()
    def set_options(self, options):
        self.options = options
        self.log.options = options
    def get_info(self):
        """
        This method should be overriden by child Advices.
        Returns a string with instructions.
        """
        raise NotImplementedError
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -615,6 +615,8 @@ class API(DictProxy):
            self.import_plugins('ipaserver')
        if self.env.context in ('installer', 'updates'):
            self.import_plugins('ipaserver/install/plugins')
        if self.env.context in ('advise'):
            self.import_plugins('ipaserver/advise/plugins')
    # FIXME: This method has no unit test
    def import_plugins(self, package):
--- a/ipaserver/advise/init.py
+++ b/ipaserver/advise/init.py
@@ -0,0 +1,22 @@
 # Authors: Tomas Babej <tbabej@redhat.com>
 #
 # Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 """
 Base subpackage for ipa-advise related code.
 """
--- a/ipaserver/advise/base.py
+++ b/ipaserver/advise/base.py
@@ -0,0 +1,169 @@
 #!/usr/bin/python
 # Authors: Tomas Babej <tbabej@redhat.com>
 #
 # Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 import os
 from ipalib import api
 from ipalib.errors import ValidationError
 from ipapython import admintool
 """
 To add configuration instructions for a new use case, define a new class that
 inherits from Advice class.
 You should create a plugin file for it in ipaserver/advise/plugins folder.
 The class can run any arbitrary code or IPA command via api.Command['command']()
 calls. It needs to override get_info() method, which returns the formatted
 advice string.
 >>> class sample_advice(Advice):
 >>>     description = 'Instructions for machine with SSSD 1.0 setup.'
 Description provided shows itself as a header and in the list of all advices
 currently available via ipa-advise.
 Optionally, you can require root privileges for your plugin:
 >>>     require_root = True
 The following method should be implemented in your plugin:
 >>>.....def get_info():
 >>>         self.log.debug('Entering execute() method')
 >>>         self.log.comment('Providing useful advice just for you')
 >>>         self.log.command('yum update sssd -y')
 As you can see, Advice's log has 3 different levels. Debug lines are printed
 out with '# DEBUG:' prefix if --verbose had been used. Comment lines utilize
 '# ' prefix and command lines are printed raw.
 As a result, you can redirect the advice's output directly to a script file.
 # ipa-advise sample-advice > script.sh
 # ./script.sh
 Important! Do not forget to register the class to the API.
 >>> api.register(sample_advice)
 """
 class IpaAdvise(admintool.AdminTool):
    """
    Admin tool that given systems's configuration provides instructions how to
    configure the systems for various use cases.
    """
    command_name = 'ipa-advise'
    usage = "%prog ADVICE"
    description = "Provides configuration advice for various use cases. To "\
                  "see the list of possible ADVICEs, run ipa-advise without "\
                  "any arguments."
    def __init__(self, options, args):
        super(IpaAdvise, self).__init__(options, args)
    @classmethod
    def add_options(cls, parser):
        super(IpaAdvise, cls).add_options(parser)
    def validate_options(self):
        super(IpaAdvise, self).validate_options(needs_root=False)
        if len(self.args) > 1:
            raise self.option_parser.error("You can only provide one "
                                           "positional argument.")
    def log_success(self):
        pass
    def print_config_list(self):
        self.print_header('List of available advices')
        max_keyword_len = max((len(keyword) for keyword in api.Advice))
        for keyword in api.Advice:
            advice = getattr(api.Advice, keyword, '')
            description = getattr(advice, 'description', '')
            keyword = keyword.replace('_', '-')
            # Compute the number of spaces needed for the table to be aligned
            offset = max_keyword_len - len(keyword)
            print("    {key} {off}: {desc}".format(key=keyword,
                                                   desc=description,
                                                   off=' ' * offset))
    def print_header(self, header, print_shell=False):
        header_size = len(header)
        prefix = ''
        if print_shell:
            prefix = '# '
            print '#!/bin/sh'
        # Do not print out empty header
        if header_size > 0:
            print(prefix + '-' * (header_size - len(prefix)))
            print(prefix + header)
            print(prefix + '-' * (header_size - len(prefix)))
    def print_advice(self, keyword):
        advice = getattr(api.Advice, keyword, None)
        # Ensure that Configuration class for given --setup option value exists
        if advice is None:
            raise ValidationError(
                name="advice",
                error="No instructions are available for '{con}'. "
                      "See the list of available configuration "
                      "by invoking the ipa-advise command with no argument."
                      .format(con=keyword.replace('_', '-')))
        # Check whether root privileges are needed
        if advice.require_root and os.getegid() != 0:
            raise admintool.ScriptError(
                'Must be root to get advice for {adv}'
                .format(adv=keyword.replace('_', '-')), 1)
        # Print out nicely formatted header
        self.print_header(advice.description, print_shell=True)
        # Set options so that plugin can use verbose/quiet options
        advice.set_options(self.options)
        # Print out the actual advice
        advice.get_info()
        for line in advice.log.content:
            print line
    def run(self):
        super(IpaAdvise, self).run()
        api.bootstrap(in_server=False, context='advise')
        api.finalize()
        # With no argument, print the list out and exit
        if not self.args:
            self.print_config_list()
            return
        else:
            keyword = self.args[0].replace('-', '_')
            self.print_advice(keyword)
--- a/ipaserver/advise/plugins/init.py
+++ b/ipaserver/advise/plugins/init.py
@@ -0,0 +1,22 @@
 # Authors: Tomas Babej <tbabej@redhat.com>
 #
 # Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 """
 Provides a separate api for ipa-advise plugins.
 """
--- a/ipaserver/advise/plugins/fedora_authconfig.py
+++ b/ipaserver/advise/plugins/fedora_authconfig.py
@@ -0,0 +1,41 @@
 # Authors: Tomas Babej <tbabej@redhat.com>
 #
 # Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 from ipalib import api
 from ipalib.frontend import Advice
 class config_fedora_authconfig(Advice):
    """
    Provides client configuration instructions using authconfig.
    """
    description = 'Authconfig instructions for configuring Fedora 18/19 '\
                  'client with IPA server without use of SSSD.'
    def get_info(self):
        self.log.debug("Hostname obtained via api.env.host")
        self.log.comment("Run the following command as a root:")
        template = "/sbin/authconfig --enableldap --ldapserver={server} "\
                   "--enablerfc2307bis --enablekrb5"
        advice = template.format(server=api.env.host)
        self.log.command(advice)
 api.register(config_fedora_authconfig)
--- a/2
+++ b/2
@@ -42,7 +42,7 @@ IGNORE_PATHS = ('build', 'rpmbuild', 'dist', 'install/po/test_i18n.py',
 class IPATypeChecker(TypeChecker):
    NAMESPACE_ATTRS = ['Command', 'Object', 'Method', 'Property', 'Backend',
-        'Updater']
+        'Updater', 'Advice']
    LOGGING_ATTRS = ['log', 'debug', 'info', 'warning', 'error', 'exception',
        'critical']
--- a/setup.py
+++ b/setup.py
@@ -79,6 +79,8 @@ setup(
        'ipalib',
        'ipalib.plugins',
        'ipaserver',
        'ipaserver.advise',
        'ipaserver.advise.plugins',
        'ipaserver.plugins',
        'ipaserver.install',
        'ipaserver.install.plugins',