Create DS user and group during ipa-restore

ipa-restore would fail if DS user did not exist. Check for presence of DS
user and group and create them if needed.

https://fedorahosted.org/freeipa/ticket/3856

install/tools/ipa-replica-install

@@ -22,7 +22,6 @@ import sys
 import socket
 
 import os, pwd, shutil
-import grp
 from optparse import OptionGroup
 from contextlib import contextmanager
 
@@ -33,13 +32,13 @@ import dns.exception
 from ipapython import ipautil
 
 from ipaserver.install import dsinstance, installutils, krbinstance, service
-from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
+from ipaserver.install import bindinstance, httpinstance, ntpinstance
 from ipaserver.install import memcacheinstance
 from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
-from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
-        ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
-        BadHostError, private_ccache)
+from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info,
+                                            read_replica_info ,get_host_name,
+                                            BadHostError, private_ccache)
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
 from ipalib import api, errors, util
@@ -574,18 +573,7 @@ def main():
     api.finalize()
 
     # Create DS group if it doesn't exist yet
-    try:
-        grp.getgrnam(dsinstance.DS_GROUP)
-        root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP)
-        group_exists = True
-    except KeyError:
-        group_exists = False
-        args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP]
-        try:
-            ipautil.run(args)
-            root_logger.debug("done adding DS group")
-        except ipautil.CalledProcessError, e:
-            root_logger.critical("failed to add DS group: %s" % e)
+    group_exists = dsinstance.create_ds_group()
     sstore.backup_state("install", "group_exists", group_exists)
 
     #Automatically disable pkinit w/ dogtag until that is supported

install/tools/ipa-server-install

@@ -971,16 +971,7 @@ def main():
         ipaservices.backup_and_replace_hostname(fstore, sstore, host_name)
 
     # Create DS group if it doesn't exist yet
-    try:
-        grp.getgrnam(dsinstance.DS_GROUP)
-        root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP)
-    except KeyError:
-        args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP]
-        try:
-            ipautil.run(args)
-            root_logger.debug("done adding DS group")
-        except ipautil.CalledProcessError, e:
-            root_logger.critical("failed to add DS group: %s" % e)
+    dsinstance.create_ds_group()
 
     # Create a directory server instance
     if external != 2:

ipaserver/install/dsinstance.py

@@ -27,6 +27,7 @@ import time
 import tempfile
 import base64
 import stat
+import grp
 
 from ipapython.ipa_log_manager import *
 from ipapython import ipautil, sysrestore, ipaldap
@@ -130,6 +131,52 @@ def check_ports():
 def is_ds_running(server_id=''):
     return ipaservices.knownservices.dirsrv.is_running(instance_name=server_id)
 
+
+def create_ds_user():
+    """
+    Create DS user if it doesn't exist yet.
+    """
+    try:
+        pwd.getpwnam(DS_USER)
+        root_logger.debug('DS user %s exists', DS_USER)
+    except KeyError:
+        root_logger.debug('Adding DS user %s', DS_USER)
+        args = [
+            '/usr/sbin/useradd',
+            '-g', DS_GROUP,
+            '-c', 'DS System User',
+            '-d', '/var/lib/dirsrv',
+            '-s', '/sbin/nologin',
+            '-M', '-r', DS_USER
+        ]
+        try:
+            ipautil.run(args)
+            root_logger.debug('Done adding DS user')
+        except ipautil.CalledProcessError, e:
+            root_logger.critical('Failed to add DS user: %s', e)
+
+
+def create_ds_group():
+    """
+    Create DS group if it doesn't exist yet.
+    Returns True if the group already exists.
+    """
+    try:
+        grp.getgrnam(DS_GROUP)
+        root_logger.debug('DS group %s exists', DS_GROUP)
+        group_exists = True
+    except KeyError:
+        group_exists = False
+        root_logger.debug('Adding DS group %s', DS_GROUP)
+        args = ['/usr/sbin/groupadd', '-r', DS_GROUP]
+        try:
+            ipautil.run(args)
+            root_logger.debug('Done adding DS group')
+        except ipautil.CalledProcessError, e:
+            root_logger.critical('Failed to add DS group: %s', e)
+
+    return group_exists
+
 INF_TEMPLATE = """
 [General]
 FullMachineName=   $FQDN
@@ -194,7 +241,7 @@ class DsInstance(service.Service):
 
     def __common_setup(self, enable_ssl=False):
 
-        self.step("creating directory server user", self.__create_ds_user)
+        self.step("creating directory server user", create_ds_user)
         self.step("creating directory server instance", self.__create_instance)
         self.step("adding default schema", self.__add_default_schemas)
         self.step("enabling memberof plugin", self.__add_memberof_module)
@@ -346,23 +393,6 @@ class DsInstance(service.Service):
                              IDRANGE_SIZE=idrange_size
                          )
 
-    def __create_ds_user(self):
-        try:
-            pwd.getpwnam(DS_USER)
-            root_logger.debug("ds user %s exists" % DS_USER)
-        except KeyError:
-            root_logger.debug("adding ds user %s" % DS_USER)
-            args = ["/usr/sbin/useradd", "-g", DS_GROUP,
-                                         "-c", "DS System User",
-                                         "-d", "/var/lib/dirsrv",
-                                         "-s", "/sbin/nologin",
-                                         "-M", "-r", DS_USER]
-            try:
-                ipautil.run(args)
-                root_logger.debug("done adding user")
-            except ipautil.CalledProcessError, e:
-                root_logger.critical("failed to add user %s" % e)
-
     def __create_instance(self):
         pent = pwd.getpwnam(DS_USER)
 

ipaserver/install/ipa_restore.py

@@ -20,28 +20,24 @@
 import os
 import sys
 import shutil
-import glob
 import tempfile
 import time
 import pwd
-from optparse import OptionGroup
 from ConfigParser import SafeConfigParser
 
 from ipalib import api, errors
 from ipapython import version
 from ipapython.ipautil import run, user_input
 from ipapython import admintool
-from ipapython.config import IPAOptionParser
 from ipapython.dn import DN
-from ipaserver.install.dsinstance import realm_to_serverid, DS_USER
+from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_group,
+                                          create_ds_user, DS_USER)
 from ipaserver.install.cainstance import PKI_USER
 from ipaserver.install.replication import (wait_for_task, ReplicationManager,
-    CSReplicationManager, get_cs_replication_manager)
+                                           get_cs_replication_manager)
 from ipaserver.install import installutils
 from ipapython import services as ipaservices
 from ipapython import ipaldap
-from ipapython import version
-from ipalib.session import ISO8601_DATETIME_FMT
 from ipaserver.install.ipa_backup import BACKUP_DIR
 
 
@@ -190,6 +186,8 @@ class Restore(admintool.AdminTool):
         if options.data_only and not instances:
             raise admintool.ScriptError('No instances to restore to')
 
+        create_ds_group()
+        create_ds_user()
         pent = pwd.getpwnam(DS_USER)
 
         # Temporary directory for decrypting files before restoring