IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipaplatform: Move paths from installers to paths module

Browse Source 
Part of: https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Tomas Babej 2014-06-17 11:45:43 +02:00 committed by Petr Viktorin
parent c8511d3b3b
commit e5e42fc83a
15 changed files with 199 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
install/certmonger/dogtag-ipa-ca-renew-agent-submit
View File

@ -35,6 +35,7 @@ import contextlib
from ipapython import ipautil
from ipapython.dn import DN
from ipalib import api, errors, pkcs10, x509
from ipaplatform.paths import paths
from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import cainstance, certs
@ -58,7 +59,7 @@ def ldap_connect():
tmpdir = tempfile.mkdtemp(prefix="tmp-")
try:
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir,
ccache = ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir,
principal)
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
@ -77,7 +78,7 @@ def request_cert():
syslog.syslog(syslog.LOG_NOTICE,
"Forwarding request to dogtag-ipa-renew-agent")
path = '/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit'
path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT
args = [path] + sys.argv[1:]
stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ)
sys.stderr.write(stderr)
@ -261,7 +262,7 @@ def export_csr():
if not cert:
return (REJECTED, "New certificate requests not supported")
csr_file = '/var/lib/ipa/ca.csr'
csr_file = paths.IPA_CA_CSR
try:
with open(csr_file, 'wb') as f:
f.write(csr)

7
install/tools/ipa-adtrust-install
View File

@ -29,10 +29,11 @@ from ipapython import ipautil, sysrestore
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
import krbV
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
log_file_name = "/var/log/ipaserver-install.log"
log_file_name = paths.IPASERVER_INSTALL_LOG
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
@ -222,7 +223,7 @@ def main():
check_server_configuration()
global fstore
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
fstore = sysrestore.FileStore(paths.SYSRESTORE)
print "=============================================================================="
print "This program will setup components needed to establish trust to AD domains for"
@ -276,7 +277,7 @@ def main():
allow_empty = False):
sys.exit("Aborting installation.")
elif os.path.exists('/etc/samba/smb.conf'):
elif os.path.exists(paths.SMB_CONF):
print("WARNING: The smb.conf already exists. Running "
"ipa-adtrust-install will break your existing samba "
"configuration.\n\n")

7
install/tools/ipa-ca-install
View File

@ -40,8 +40,9 @@ from ipapython import sysrestore
from ipapython import dogtag
from ipapython.ipa_log_manager import *
from ipaplatform import services
from ipaplatform.paths import paths
log_file_name = "/var/log/ipareplica-ca-install.log"
log_file_name = paths.IPAREPLICA_CA_INSTALL_LOG
REPLICA_INFO_TOP_DIR = None
def parse_options():
@ -105,7 +106,7 @@ def main():
sys.exit("Replica file %s does not exist" % filename)
global sstore
sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
sstore = sysrestore.StateFile(paths.SYSRESTORE)
if not dsinstance.DsInstance().is_configured():
sys.exit("IPA server is not configured on this system.\n")
@ -194,7 +195,7 @@ def main():
#update dogtag version in config file
try:
fd = open("/etc/ipa/default.conf", "a")
fd = open(paths.IPA_DEFAULT_CONF, "a")
fd.write(
"dogtag_version=%s\n" % dogtag.install_constants.DOGTAG_VERSION)
fd.close()

3
install/tools/ipa-compat-manage
View File

@ -20,6 +20,7 @@
#
import sys
from ipaplatform.paths import paths
try:
from optparse import OptionParser
from ipapython import ipautil, config
@ -80,7 +81,7 @@ def get_entry(dn, conn):
def main():
retval = 0
files = ['/usr/share/ipa/schema_compat.uldif']
files = [paths.SCHEMA_COMPAT_ULDIF]
options, args = parse_options()

5
install/tools/ipa-dns-install
View File

@ -29,10 +29,11 @@ from ipaserver.install import installutils
from ipapython import version
from ipapython import ipautil, sysrestore
from ipalib import api, errors, util
from ipaplatform.paths import paths
from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
log_file_name = "/var/log/ipaserver-install.log"
log_file_name = paths.IPASERVER_INSTALL_LOG
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
@ -85,7 +86,7 @@ def main():
installutils.check_server_configuration()
global fstore
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
fstore = sysrestore.FileStore(paths.SYSRESTORE)
print "=============================================================================="
print "This program will setup DNS for the FreeIPA Server."

3
install/tools/ipa-nis-manage
View File

@ -21,6 +21,7 @@
import sys
import os
from ipaplatform.paths import paths
try:
from optparse import OptionParser
from ipapython import ipautil, config
@ -82,7 +83,7 @@ def get_entry(dn, conn):
def main():
retval = 0
files = ['/usr/share/ipa/nis.uldif']
files = [paths.NIS_ULDIF]
servicemsg = ""
if os.getegid() != 0:

9
install/tools/ipa-replica-conncheck
View File

@ -37,11 +37,12 @@ import threading
import errno
from socket import SOCK_STREAM, SOCK_DGRAM
import distutils.spawn
from ipaplatform.paths import paths
CONNECT_TIMEOUT = 5
RESPONDERS = [ ]
QUIET = False
CCACHE_FILE = "/etc/ipa/.conncheck_ccache"
CCACHE_FILE = paths.CONNCHECK_CCACHE
KRB5_CONFIG = None
class SshExec(object):
@ -168,7 +169,7 @@ def logging_setup(options):
log_file = None
if os.getegid() == 0:
log_file = "/var/log/ipareplica-conncheck.log"
log_file = paths.IPAREPLICA_CONNCHECK_LOG
standard_logging_setup(log_file, debug=options.debug)
@ -372,7 +373,7 @@ def main():
stderr=''
(stdout, stderr, returncode) = ipautil.run(['/usr/bin/kinit', principal],
(stdout, stderr, returncode) = ipautil.run([paths.KINIT, principal],
env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE},
stdin=password, raiseonerr=False)
if returncode != 0:
@ -380,7 +381,7 @@ def main():
# Verify kinit was actually successful
stderr=''
(stdout, stderr, returncode) = ipautil.run(['/usr/bin/kvno',
(stdout, stderr, returncode) = ipautil.run([paths.BIN_KVNO,
'host/%s' % options.master],
env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE},
raiseonerr=False)

21
install/tools/ipa-replica-install
View File

@ -52,8 +52,9 @@ from ipapython.dn import DN
import ipaclient.ntpconf
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
log_file_name = "/var/log/ipareplica-install.log"
log_file_name = paths.IPAREPLICA_INSTALL_LOG
REPLICA_INFO_TOP_DIR = None
DIRMAN_DN = DN(('cn', 'directory manager'))
@ -236,15 +237,15 @@ def install_http(config, auto_redirect):
try:
if ipautil.file_exists(config.dir + "/preferences.html"):
shutil.copy(config.dir + "/preferences.html",
"/usr/share/ipa/html/preferences.html")
paths.PREFERENCES_HTML)
if ipautil.file_exists(config.dir + "/configure.jar"):
shutil.copy(config.dir + "/configure.jar",
"/usr/share/ipa/html/configure.jar")
paths.CONFIGURE_JAR)
if ipautil.file_exists(config.dir + "/krb.js"):
shutil.copy(config.dir + "/krb.js",
"/usr/share/ipa/html/krb.js")
paths.KRB_JS)
shutil.copy(config.dir + "/kerberosauth.xpi",
"/usr/share/ipa/html/kerberosauth.xpi")
paths.KERBEROSAUTH_XPI)
except Exception, e:
print "error copying files: " + str(e)
sys.exit(1)
@ -461,17 +462,17 @@ def main():
if not ipautil.file_exists(filename):
sys.exit("Replica file %s does not exist" % filename)
client_fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if client_fstore.has_files():
sys.exit("IPA client is already configured on this system.\n" +
"Please uninstall it first before configuring the replica, " +
"using 'ipa-client-install --uninstall'.")
global sstore
sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
sstore = sysrestore.StateFile(paths.SYSRESTORE)
global fstore
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
fstore = sysrestore.FileStore(paths.SYSRESTORE)
# check the bind is installed
if options.setup_dns:
@ -559,7 +560,7 @@ def main():
# Note: We must do this before bootstraping and finalizing ipalib.api
old_umask = os.umask(022) # must be readable for httpd
try:
fd = open("/etc/ipa/default.conf", "w")
fd = open(paths.IPA_DEFAULT_CONF, "w")
fd.write("[global]\n")
fd.write("host=%s\n" % config.host_name)
fd.write("basedn=%s\n" % str(ipautil.realm_to_suffix(config.realm_name)))
@ -728,7 +729,7 @@ def main():
# Call client install script
try:
args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]
args = [paths.IPA_CLIENT_INSTALL, "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]
if not options.create_sshfp:
args.append("--no-dns-sshfp")
if options.trust_sshfp:

3
install/tools/ipa-replica-manage
View File

@ -38,6 +38,7 @@ from ipapython.dn import DN
from ipapython.config import IPAOptionParser
from ipaclient import ipadiscovery
from xmlrpclib import MAXINT
from ipaplatform.paths import paths
# dict of command name and tuples of min/max num of args needed
commands = {
@ -1144,7 +1145,7 @@ def set_DNA_range(hostname, range, realm, dirman_passwd, next_range=False,
def main():
if os.getegid() == 0:
installutils.check_server_configuration()
elif not os.path.exists('/etc/ipa/default.conf'):
elif not os.path.exists(paths.IPA_DEFAULT_CONF):
sys.exit("IPA is not configured on this system.")
options, args = parse_options()

29
install/tools/ipa-server-install
View File

@ -79,6 +79,7 @@ from ipapython.dn import DN
import ipaclient.ntpconf
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
uninstalling = False
installation_cleanup = True
@ -91,7 +92,7 @@ VALID_SUBJECT_ATTRS = ['st', 'o', 'ou', 'dnqualifier', 'c',
'incorporationlocality', 'incorporationstate',
'incorporationcountry', 'businesscategory']
SYSRESTORE_DIR_PATH = '/var/lib/ipa/sysrestore'
SYSRESTORE_DIR_PATH = paths.SYSRESTORE
def subject_callback(option, opt_str, value, parser):
"""
@ -335,7 +336,7 @@ def signal_handler(signum, frame):
dsinstance.erase_ds_instance_data (ds.serverid)
sys.exit(1)
ANSWER_CACHE = "/root/.ipa_cache"
ANSWER_CACHE = paths.ROOT_IPA_CACHE
def read_cache(dm_password):
"""
@ -469,7 +470,7 @@ def uninstall():
print "Shutting down all IPA services"
try:
(stdout, stderr, rc) = run(["/usr/sbin/ipactl", "stop"], raiseonerr=False)
(stdout, stderr, rc) = run([paths.IPACTL, "stop"], raiseonerr=False)
except Exception, e:
pass
@ -478,7 +479,7 @@ def uninstall():
print "Removing IPA client configuration"
try:
(stdout, stderr, rc) = run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"], raiseonerr=False)
(stdout, stderr, rc) = run([paths.IPA_CLIENT_INSTALL, "--on-master", "--unattended", "--uninstall"], raiseonerr=False)
if rc not in [0,2]:
root_logger.debug("ipa-client-install returned %d" % rc)
raise RuntimeError(stdout)
@ -588,10 +589,10 @@ def main():
if options.uninstall:
uninstalling = True
standard_logging_setup("/var/log/ipaserver-uninstall.log", debug=options.debug)
standard_logging_setup(paths.IPASERVER_UNINSTALL_LOG, debug=options.debug)
installation_cleanup = False
else:
standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug)
standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug)
print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log"
if not options.external_ca and not options.external_cert_file and is_ipa_configured():
installation_cleanup = False
@ -599,7 +600,7 @@ def main():
"If you want to reinstall the IPA server, please uninstall " +
"it first using 'ipa-server-install --uninstall'.")
client_fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
if client_fstore.has_files():
installation_cleanup = False
sys.exit("IPA client is already configured on this system.\n" +
@ -1001,7 +1002,7 @@ def main():
installation_cleanup = False
# Create the management framework config file and finalize api
target_fname = '/etc/ipa/default.conf'
target_fname = paths.IPA_DEFAULT_CONF
fd = open(target_fname, "w")
fd.write("[global]\n")
fd.write("host=%s\n" % host_name)
@ -1093,7 +1094,7 @@ def main():
options.reverse_zone = reverse_zone
write_cache(vars(options))
ca.configure_instance(host_name, domain_name, dm_password,
dm_password, csr_file="/root/ipa.csr",
dm_password, csr_file=paths.ROOT_IPA_CSR,
subject_base=options.subject)
else:
# stage 2 of external CA installation
@ -1157,7 +1158,7 @@ def main():
http.create_instance(
realm_name, host_name, domain_name, dm_password,
subject_base=options.subject, auto_redirect=options.ui_redirect)
tasks.restore_context("/var/cache/ipa/sessions")
tasks.restore_context(paths.CACHE_IPA_SESSIONS)
set_subject_in_config(realm_name, dm_password, ipautil.realm_to_suffix(realm_name), options.subject)
@ -1201,7 +1202,7 @@ def main():
# Call client install script
try:
args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name]
args = [paths.IPA_CLIENT_INSTALL, "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name]
if not options.create_sshfp:
args.append("--no-dns-sshfp")
if options.trust_sshfp:
@ -1267,9 +1268,9 @@ if __name__ == '__main__':
# out from all install scripts
safe_options, options = parse_options()
if options.uninstall:
log_file_name = "/var/log/ipaserver-uninstall.log"
log_file_name = paths.IPASERVER_UNINSTALL_LOG
else:
log_file_name = "/var/log/ipaserver-install.log"
log_file_name = paths.IPASERVER_INSTALL_LOG
# Use private ccache
with private_ccache():
@ -1282,6 +1283,6 @@ if __name__ == '__main__':
# Do a cautious clean up as we don't know what failed and what is
# the state of the environment
try:
fstore.restore_file('/etc/hosts')
fstore.restore_file(paths.HOSTS)
except:
pass

47
install/tools/ipa-upgradeconfig
View File

@ -42,6 +42,7 @@ from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import *
from ipapython import certmonger
from ipapython import dogtag
from ipaplatform.paths import paths
from ipaserver.install import installutils
from ipaserver.install import dsinstance
from ipaserver.install import httpinstance
@ -114,7 +115,7 @@ def update_conf(sub_dict, filename, template_filename):
def find_hostname():
"""Find the hostname currently configured in ipa-rewrite.conf"""
filename="/etc/httpd/conf.d/ipa-rewrite.conf"
filename=paths.HTTPD_IPA_REWRITE_CONF
if not ipautil.file_exists(filename):
return None
@ -137,7 +138,7 @@ def find_autoredirect(fqdn):
Returns True if autoredirect is enabled, False otherwise
"""
filename = '/etc/httpd/conf.d/ipa-rewrite.conf'
filename = paths.HTTPD_IPA_REWRITE_CONF
if os.path.exists(filename):
pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn
p = re.compile(pattern)
@ -200,12 +201,12 @@ def upgrade(sub_dict, filename, template, add=False):
def check_certs():
"""Check ca.crt is in the right place, and try to fix if not"""
root_logger.info('[Verifying that root certificate is published]')
if not os.path.exists("/usr/share/ipa/html/ca.crt"):
ca_file = "/etc/httpd/alias/cacert.asc"
if not os.path.exists(paths.CA_CRT):
ca_file = paths.ALIAS_CACERT_ASC
if os.path.exists(ca_file):
old_umask = os.umask(022) # make sure its readable by httpd
try:
shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt")
shutil.copyfile(ca_file, paths.CA_CRT)
finally:
os.umask(old_umask)
else:
@ -231,14 +232,14 @@ def upgrade_pki(ca, fstore):
http.enable_mod_nss_renegotiate()
if not installutils.get_directive(configured_constants.CS_CFG_PATH,
'proxy.securePort', '=') and \
os.path.exists('/usr/bin/pki-setup-proxy'):
ipautil.run(['/usr/bin/pki-setup-proxy', '-pki_instance_root=/var/lib'
os.path.exists(paths.PKI_SETUP_PROXY):
ipautil.run([paths.PKI_SETUP_PROXY, '-pki_instance_root=/var/lib'
,'-pki_instance_name=pki-ca','-subsystem_type=ca'])
root_logger.debug('Proxy configuration updated')
else:
root_logger.debug('Proxy configuration up-to-date')
def update_dbmodules(realm, filename="/etc/krb5.conf"):
def update_dbmodules(realm, filename=paths.KRB5_CONF):
newfile = []
found_dbrealm = False
found_realm = False
@ -287,7 +288,7 @@ def cleanup_kdc(fstore):
"""
root_logger.info('[Checking for deprecated KDC configuration files]')
for file in ['kpasswd.keytab', 'ldappwd']:
filename = '/var/kerberos/krb5kdc/%s' % file
filename = os.path.join(paths.VAR_KERBEROS_KRB5KDC_DIR, file)
installutils.remove_file(filename)
if fstore.has_file(filename):
fstore.untrack_file(filename)
@ -301,7 +302,7 @@ def cleanup_adtrust(fstore):
root_logger.info('[Checking for deprecated backups of Samba '
'configuration files]')
for backed_up_file in ['/etc/samba/smb.conf']:
for backed_up_file in [paths.SMB_CONF]:
if fstore.has_file(backed_up_file):
fstore.untrack_file(backed_up_file)
root_logger.debug('Removing %s from backup', backed_up_file)
@ -540,7 +541,7 @@ def named_update_gssapi_configuration():
bindinstance.NAMED_SECTION_OPTIONS)
bindinstance.named_conf_set_directive('tkey-domain', None,
bindinstance.NAMED_SECTION_OPTIONS)
bindinstance.named_conf_set_directive('tkey-gssapi-keytab', '/etc/named.keytab',
bindinstance.named_conf_set_directive('tkey-gssapi-keytab', paths.NAMED_KEYTAB,
bindinstance.NAMED_SECTION_OPTIONS)
except IOError, e:
root_logger.error('Cannot update GSSAPI configuration in %s: %s',
@ -581,7 +582,7 @@ def named_update_pid_file():
return False
try:
bindinstance.named_conf_set_directive('pid-file', '/run/named/named.pid',
bindinstance.named_conf_set_directive('pid-file', paths.NAMED_PID,
bindinstance.NAMED_SECTION_OPTIONS)
except IOError, e:
root_logger.error('Cannot update pid-file configuration in %s: %s',
@ -625,7 +626,7 @@ def certificate_renewal_update(ca):
'renew_ca_cert',
),
(
'/etc/httpd/alias',
paths.HTTPD_ALIAS_DIR,
'ipaCert',
'dogtag-ipa-ca-renew-agent',
None,
@ -686,7 +687,7 @@ def certificate_renewal_update(ca):
if not sysupgrade.get_upgrade_state('dogtag',
'certificate_renewal_update_1'):
filename = '/var/lib/certmonger/cas/ca_renewal'
filename = paths.CERTMONGER_CAS_CA_RENEWAL
if os.path.exists(filename):
with installutils.stopped_service('certmonger'):
root_logger.info("Removing %s" % filename)
@ -916,10 +917,10 @@ def uninstall_selfsign(ds, http):
root_logger.warning(
'Removing self-signed CA. Certificates will need to managed manually.')
p = ConfigParser.SafeConfigParser()
p.read('/etc/ipa/default.conf')
p.read(paths.IPA_DEFAULT_CONF)
p.set('global', 'enable_ra', 'False')
p.set('global', 'ra_plugin', 'none')
with open('/etc/ipa/default.conf', 'w') as f:
with open(paths.IPA_DEFAULT_CONF, 'w') as f:
p.write(f)
ds.stop_tracking_certificates()
@ -994,7 +995,7 @@ def set_sssd_domain_option(option, value):
domain = sssdconfig.get_domain(str(api.env.domain))
domain.set_option(option, value)
sssdconfig.save_domain(domain)
sssdconfig.write("/etc/sssd/sssd.conf")
sssdconfig.write(paths.SSSD_CONF)
def main():
@ -1018,12 +1019,12 @@ def main():
else:
console_format = '%(message)s'
standard_logging_setup('/var/log/ipaupgrade.log', debug=options.debug,
standard_logging_setup(paths.IPAUPGRADE_LOG, debug=options.debug,
verbose=verbose, console_format=console_format, filemode='a')
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
fstore = sysrestore.FileStore(paths.SYSRESTORE)
api.bootstrap(context='restart', in_server=True)
api.finalize()
@ -1066,9 +1067,9 @@ def main():
certmap_dir = dsinstance.config_dirname(
dsinstance.realm_to_serverid(api.env.realm))
upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
upgrade(sub_dict, "/etc/httpd/conf.d/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True)
upgrade(sub_dict, paths.HTTPD_IPA_CONF, ipautil.SHARE_DIR + "ipa.conf")
upgrade(sub_dict, paths.HTTPD_IPA_REWRITE_CONF, ipautil.SHARE_DIR + "ipa-rewrite.conf")
upgrade(sub_dict, paths.HTTPD_IPA_PKI_PROXY_CONF, ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True)
if subject_base:
upgrade(
sub_dict,
@ -1079,7 +1080,7 @@ def main():
update_dbmodules(api.env.realm)
uninstall_ipa_kpasswd()
removed_sysconfig_file = '/etc/sysconfig/httpd'
removed_sysconfig_file = paths.SYSCONFIG_HTTPD
if fstore.has_file(removed_sysconfig_file):
root_logger.info('Restoring %s as it is no longer required',
removed_sysconfig_file)

25
ipa-client/ipa-install/ipa-client-automount
View File

@ -39,12 +39,13 @@ from ipapython.ipa_log_manager import *
from ipapython.dn import DN
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
AUTOFS_CONF = '/etc/sysconfig/autofs'
NSSWITCH_CONF = '/etc/nsswitch.conf'
AUTOFS_LDAP_AUTH = '/etc/autofs_ldap_auth.conf'
NFS_CONF = '/etc/sysconfig/nfs'
IDMAPD_CONF = '/etc/idmapd.conf'
AUTOFS_CONF = paths.SYSCONFIG_AUTOFS
NSSWITCH_CONF = paths.NSSWITCH_CONF
AUTOFS_LDAP_AUTH = paths.AUTOFS_LDAP_AUTH_CONF
NFS_CONF = paths.SYSCONFIG_NFS
IDMAPD_CONF = paths.IDMAPD_CONF
def parse_options():
usage = "%prog [options]\n"
@ -189,7 +190,7 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options):
sys.exit('SSSD is not configured.')
sssdconfig.save_domain(domain)
sssdconfig.write("/etc/sssd/sssd.conf")
sssdconfig.write(paths.SSSD_CONF)
statestore.backup_state('autofs', 'sssd', True)
sssd = services.service('sssd')
@ -279,7 +280,7 @@ def uninstall(fstore, statestore):
domain.remove_provider('autofs')
break
sssdconfig.save_domain(domain)
sssdconfig.write("/etc/sssd/sssd.conf")
sssdconfig.write(paths.SSSD_CONF)
sssd = services.service('sssd')
sssd.restart()
wait_for_sssd()
@ -357,15 +358,15 @@ def configure_nfs(fstore, statestore):
def main():
fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
statestore = sysrestore.StateFile('/var/lib/ipa-client/sysrestore')
if not fstore.has_files() and not os.path.exists('/etc/ipa/default.conf'):
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
if not fstore.has_files() and not os.path.exists(paths.IPA_DEFAULT_CONF):
sys.exit('IPA client is not configured on this system.\n')
options, args = parse_options()
standard_logging_setup(
'/var/log/ipaclient-install.log', verbose=False, debug=options.debug,
paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug,
filemode='a', console_format='%(message)s')
cfg = dict(
@ -430,7 +431,7 @@ def main():
try:
try:
os.environ['KRB5CCNAME'] = ccache_name
ipautil.run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', 'host/%s@%s' % (api.env.host, api.env.realm)])
ipautil.run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB, 'host/%s@%s' % (api.env.host, api.env.realm)])
except ipautil.CalledProcessError, e:
sys.exit("Failed to obtain host TGT.")
# Now we have a TGT, connect to IPA

132
ipa-client/ipa-install/ipa-client-install
View File

@ -69,14 +69,12 @@ CLIENT_NOT_CONFIGURED = 2
CLIENT_ALREADY_CONFIGURED = 3
CLIENT_UNINSTALL_ERROR = 4 # error after restoring files/state
SSH_AUTHORIZEDKEYSCOMMAND = '/usr/bin/sss_ssh_authorizedkeys'
SSH_PROXYCOMMAND = '/usr/bin/sss_ssh_knownhostsproxy'
SSH_KNOWNHOSTSFILE = '/var/lib/sss/pubconf/known_hosts'
SSH_AUTHORIZEDKEYSCOMMAND = paths.SSS_SSH_AUTHORIZEDKEYS
SSH_PROXYCOMMAND = paths.SSS_SSH_KNOWNHOSTSPROXY
SSH_KNOWNHOSTSFILE = paths.SSSD_PUBCONF_KNOWN_HOSTS
client_nss_nickname_format = 'IPA Machine Certificate - %s'
NSSWITCH_CONF = '/etc/nsswitch.conf'
def parse_options():
def validate_ca_cert_file_option(option, opt, value, parser):
if not os.path.exists(value):
@ -214,10 +212,10 @@ def parse_options():
return safe_opts, options
def logging_setup(options):
log_file = "/var/log/ipaclient-install.log"
log_file = paths.IPACLIENT_INSTALL_LOG
if options.uninstall:
log_file = "/var/log/ipaclient-uninstall.log"
log_file = paths.IPACLIENT_UNINSTALL_LOG
standard_logging_setup(
filename=log_file, verbose=True, debug=options.debug,
@ -228,7 +226,7 @@ def log_service_error(name, action, error):
root_logger.error("%s failed to %s: %s", name, action, str(error))
def nickname_exists(nickname):
(sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "/etc/pki/nssdb", "-n", nickname], raiseonerr=False)
(sout, serr, returncode) = run([paths.CERTUTIL, "-L", "-d", paths.NSS_DB_DIR, "-n", nickname], raiseonerr=False)
if returncode == 0:
return True
@ -297,8 +295,8 @@ def restore_state(service):
# Checks whether nss_ldap or nss-pam-ldapd is installed. If anyone of mandatory files was found returns True and list of all files found.
def nssldap_exists():
files_to_check = [{'function':'configure_ldap_conf', 'mandatory':['/etc/ldap.conf','/etc/nss_ldap.conf','/etc/libnss-ldap.conf'], 'optional':['/etc/pam_ldap.conf']},
{'function':'configure_nslcd_conf', 'mandatory':['/etc/nslcd.conf']}]
files_to_check = [{'function':'configure_ldap_conf', 'mandatory':[paths.LDAP_CONF,paths.NSS_LDAP_CONF,paths.LIBNSS_LDAP_CONF], 'optional':[paths.PAM_LDAP_CONF]},
{'function':'configure_nslcd_conf', 'mandatory':[paths.NSLCD_CONF]}]
files_found = {}
retval = False
@ -356,7 +354,7 @@ def is_ipa_client_installed(on_master=False):
"""
installed = fstore.has_files() or \
(not on_master and os.path.exists('/etc/ipa/default.conf'))
(not on_master and os.path.exists(paths.IPA_DEFAULT_CONF))
return installed
@ -380,15 +378,15 @@ def configure_nsswitch_database(fstore, database, services, preserve=True,
"""
# Backup the original version of nsswitch.conf, we're going to edit it now
if not fstore.has_file(NSSWITCH_CONF):
fstore.backup_file(NSSWITCH_CONF)
if not fstore.has_file(paths.NSSWITCH_CONF):
fstore.backup_file(paths.NSSWITCH_CONF)
conf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
conf.setOptionAssignment(':')
if preserve:
# Read the existing configuration
with open('/etc/nsswitch.conf', 'r') as f:
with open(paths.NSSWITCH_CONF, 'r') as f:
opts = conf.parse(f)
raw_database_entry = conf.findOpts(opts, 'option', database)[1]
@ -419,8 +417,8 @@ def configure_nsswitch_database(fstore, database, services, preserve=True,
'type':'empty'
}]
conf.changeConf(NSSWITCH_CONF, opts)
root_logger.info("Configured %s in %s" % (database, NSSWITCH_CONF))
conf.changeConf(paths.NSSWITCH_CONF, opts)
root_logger.info("Configured %s in %s" % (database, paths.NSSWITCH_CONF))
def uninstall(options, env):
@ -429,7 +427,7 @@ def uninstall(options, env):
root_logger.error("IPA client is not configured on this system.")
return CLIENT_NOT_CONFIGURED
server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
server_fstore = sysrestore.FileStore(paths.SYSRESTORE)
if server_fstore.has_files() and not options.on_master:
root_logger.error(
"IPA client is configured as a part of IPA server on this system.")
@ -487,7 +485,7 @@ def uninstall(options, env):
# Remove our host cert and CA cert
if nickname_exists("IPA CA"):
try:
run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", "IPA CA"])
run([paths.CERTUTIL, "-D", "-d", paths.NSS_DB_DIR, "-n", "IPA CA"])
except Exception, e:
root_logger.error(
"Failed to remove IPA CA from /etc/pki/nssdb: %s", str(e))
@ -507,14 +505,14 @@ def uninstall(options, env):
log_service_error(cmonger.service_name, 'start', e)
try:
certmonger.stop_tracking('/etc/pki/nssdb', nickname=client_nss_nickname)
certmonger.stop_tracking(paths.NSS_DB_DIR, nickname=client_nss_nickname)
except (CalledProcessError, RuntimeError), e:
root_logger.error("%s failed to stop tracking certificate: %s",
cmonger.service_name, str(e))
if nickname_exists(client_nss_nickname):
try:
run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", client_nss_nickname])
run([paths.CERTUTIL, "-D", "-d", paths.NSS_DB_DIR, "-n", client_nss_nickname])
except Exception, e:
root_logger.error("Failed to remove %s from /etc/pki/nssdb: %s",
client_nss_nickname, str(e))
@ -534,9 +532,9 @@ def uninstall(options, env):
"Failed to disable automatic startup of the %s service: %s",
cmonger.service_name, str(e))
if not options.on_master and os.path.exists('/etc/ipa/default.conf'):
if not options.on_master and os.path.exists(paths.IPA_DEFAULT_CONF):
root_logger.info("Unenrolling client from IPA server")
join_args = ["/usr/sbin/ipa-join", "--unenroll", "-h", hostname]
join_args = [paths.SBIN_IPA_JOIN, "--unenroll", "-h", hostname]
if options.debug:
join_args.append("-d")
env['XMLRPC_TRACE_CURL'] = 'yes'
@ -544,16 +542,16 @@ def uninstall(options, env):
if returncode != 0:
root_logger.error("Unenrolling host failed: %s", stderr)
if os.path.exists('/etc/ipa/default.conf'):
if os.path.exists(paths.IPA_DEFAULT_CONF):
root_logger.info(
"Removing Kerberos service principals from /etc/krb5.keytab")
try:
parser = RawConfigParser()
fp = open('/etc/ipa/default.conf', 'r')
fp = open(paths.IPA_DEFAULT_CONF, 'r')
parser.readfp(fp)
fp.close()
realm = parser.get('global', 'realm')
run(["/usr/sbin/ipa-rmkeytab", "-k", "/etc/krb5.keytab", "-r", realm])
run([paths.IPA_RMKEYTAB, "-k", paths.KRB5_KEYTAB, "-r", realm])
except Exception, e:
root_logger.error(
"Failed to remove Kerberos service principals: %s", str(e))
@ -562,7 +560,7 @@ def uninstall(options, env):
was_sssd_installed = False
was_sshd_configured = False
if fstore.has_files():
was_sssd_installed = fstore.has_file("/etc/sssd/sssd.conf")
was_sssd_installed = fstore.has_file(paths.SSSD_CONF)
sshd_config = os.path.join(services.knownservices.sshd.get_config_dir(), "sshd_config")
was_sshd_configured = fstore.has_file(sshd_config)
@ -595,7 +593,7 @@ def uninstall(options, env):
restored = False
try:
restored = fstore.restore_file("/etc/sssd/sssd.conf","/etc/sssd/sssd.conf.bkp")
restored = fstore.restore_file(paths.SSSD_CONF,paths.SSSD_CONF_BKP)
except OSError:
root_logger.debug("Error while restoring pre-IPA /etc/sssd/sssd.conf.")
@ -628,10 +626,10 @@ def uninstall(options, env):
# than IPA are configured in sssd.conf - make sure config file is removed
elif not was_sssd_installed and not was_sssd_configured:
try:
os.rename("/etc/sssd/sssd.conf","/etc/sssd/sssd.conf.deleted")
os.rename(paths.SSSD_CONF,paths.SSSD_CONF_DELETED)
except OSError:
root_logger.debug("Error while moving /etc/sssd/sssd.conf to "
"/etc/sssd/sssd.conf.deleted")
root_logger.debug("Error while moving /etc/sssd/sssd.conf to %s" %
paths.SSSD_CONF_DELETED)
root_logger.info("Redundant SSSD configuration file " +
"/etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted")
@ -680,10 +678,10 @@ def uninstall(options, env):
# the reason for it might be that freeipa-client was updated
# to this version but not unenrolled/enrolled again
# In such case it is OK to fail
restored = fstore.restore_file("/etc/ntp.conf")
restored |= fstore.restore_file("/etc/sysconfig/ntpd")
restored = fstore.restore_file(paths.NTP_CONF)
restored |= fstore.restore_file(paths.SYSCONFIG_NTPD)
if ntp_step_tickers:
restored |= fstore.restore_file("/etc/ntp/step-tickers")
restored |= fstore.restore_file(paths.NTP_STEP_TICKERS)
except Exception:
pass
@ -714,8 +712,8 @@ def uninstall(options, env):
rv = 0
if fstore.has_files():
root_logger.error('Some files have not been restored, see '
'/var/lib/ipa-client/sysrestore/sysrestore.index')
root_logger.error('Some files have not been restored, see %s' %
paths.SYSRESTORE_INDEX)
has_state = False
for module in statestore.modules.keys():
root_logger.error('Some installation state for %s has not been '
@ -734,7 +732,7 @@ def uninstall(options, env):
# Remove the IPA configuration file
try:
os.remove("/etc/ipa/default.conf")
os.remove(paths.IPA_DEFAULT_CONF)
except OSError, e:
root_logger.warning('/etc/ipa/default.conf could not be removed: %s',
str(e))
@ -766,7 +764,7 @@ def uninstall(options, env):
if not options.on_master:
if user_input("Do you want to reboot the machine?", False):
try:
run(["/sbin/reboot"])
run([paths.SBIN_REBOOT])
except Exception, e:
root_logger.error(
"Reboot command failed to exceute: %s", str(e))
@ -795,7 +793,7 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server):
opts.append({'name':'global', 'type':'section', 'value':defopts})
opts.append({'name':'empty', 'type':'empty'})
target_fname = '/etc/ipa/default.conf'
target_fname = paths.IPA_DEFAULT_CONF
fstore.backup_file(target_fname)
ipaconf.newConf(target_fname, opts)
os.chmod(target_fname, 0644)
@ -809,9 +807,9 @@ def disable_ra():
Note that api.env will retain the old value (it is readonly).
"""
parser = RawConfigParser()
parser.read('/etc/ipa/default.conf')
parser.read(paths.IPA_DEFAULT_CONF)
parser.set('global', 'enable_ra', 'False')
fp = open('/etc/ipa/default.conf', 'w')
fp = open(paths.IPA_DEFAULT_CONF, 'w')
parser.write(fp)
fp.close()
@ -948,7 +946,7 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
{'action':'addifnotset', 'name':'TLS_CACERT', 'type':'option',
'value':CACERT},]
target_fname = '/etc/openldap/ldap.conf'
target_fname = paths.OPENLDAP_LDAP_CONF
fstore.backup_file(target_fname)
error_msg = "Configuring {path} failed with: {err}"
@ -975,7 +973,7 @@ def hardcode_ldap_server(cli_server):
DNS Discovery didn't return a valid IPA server, hardcode a value into
the file instead.
"""
if not file_exists('/etc/ldap.conf'):
if not file_exists(paths.LDAP_CONF):
return
ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
@ -985,7 +983,7 @@ def hardcode_ldap_server(cli_server):
{'name':'empty', 'type':'empty'}]
# Errors raised by this should be caught by the caller
ldapconf.changeConf("/etc/ldap.conf", opts)
ldapconf.changeConf(paths.LDAP_CONF, opts)
root_logger.info("Changed configuration of /etc/ldap.conf to use " +
"hardcoded server name: %s", cli_server[0])
@ -1005,7 +1003,7 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
# SSSD include dir
if options.sssd:
opts.append({'name':'includedir', 'type':'option', 'value':'/var/lib/sss/pubconf/krb5.include.d/', 'delim':' '})
opts.append({'name':'includedir', 'type':'option', 'value':paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR, 'delim':' '})
opts.append({'name':'empty', 'type':'empty'})
#[libdefaults]
@ -1116,7 +1114,7 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options,
client_nss_nickname = client_nss_nickname_format % hostname
subject = DN(('CN', hostname), subject_base)
try:
run(["ipa-getcert", "request", "-d", "/etc/pki/nssdb",
run(["ipa-getcert", "request", "-d", paths.NSS_DB_DIR,
"-n", client_nss_nickname, "-N", str(subject),
"-K", principal])
except Exception:
@ -1132,7 +1130,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
except Exception, e:
if os.path.exists("/etc/sssd/sssd.conf") and options.preserve_sssd:
if os.path.exists(paths.SSSD_CONF) and options.preserve_sssd:
# SSSD config is in place but we are unable to read it
# In addition, we are instructed to preserve it
# This all means we can't use it and have to bail out
@ -1254,7 +1252,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
domain.set_active(True)
sssdconfig.save_domain(domain)
sssdconfig.write("/etc/sssd/sssd.conf")
sssdconfig.write(paths.SSSD_CONF)
return 0
@ -1376,7 +1374,7 @@ def configure_sshd_config(fstore, options):
)
for candidate in candidates:
args = ['sshd', '-t', '-f', '/dev/null']
args = ['sshd', '-t', '-f', paths.DEV_NULL]
for item in candidate.iteritems():
args.append('-o')
args.append('%s=%s' % item)
@ -1432,9 +1430,9 @@ def configure_nisdomain(options, domain):
nis_domain_name = ''
# First backup the old NIS domain name
if os.path.exists('/usr/bin/nisdomainname'):
if os.path.exists(paths.BIN_NISDOMAINNAME):
try:
nis_domain_name, _, _ = ipautil.run(['/usr/bin/nisdomainname'])
nis_domain_name, _, _ = ipautil.run([paths.BIN_NISDOMAINNAME])
except CalledProcessError, e:
pass
@ -1515,7 +1513,7 @@ def do_nsupdate(update_txt):
result = False
try:
ipautil.run(['/usr/bin/nsupdate', '-g', UPDATE_FILE])
ipautil.run([paths.NSUPDATE, '-g', UPDATE_FILE])
result = True
except CalledProcessError, e:
root_logger.debug('nsupdate failed: %s', str(e))
@ -1549,8 +1547,8 @@ show
send
"""
UPDATE_FILE = "/etc/ipa/.dns_update.txt"
CCACHE_FILE = "/etc/ipa/.dns_ccache"
UPDATE_FILE = paths.IPA_DNS_UPDATE_TXT
CCACHE_FILE = paths.IPA_DNS_CCACHE
def update_dns(server, hostname):
@ -1723,7 +1721,7 @@ def get_ca_cert_from_http(url, ca_file, warn=True):
root_logger.debug("trying to retrieve CA cert via HTTP from %s", url)
try:
run(["/usr/bin/wget", "-O", ca_file, url])
run([paths.BIN_WGET, "-O", ca_file, url])
except CalledProcessError, e:
raise errors.NoCertificateError(entry=url)
@ -2306,8 +2304,8 @@ def install(options, env, fstore, statestore):
if not options.on_master:
# Try removing old principals from the keytab
try:
ipautil.run(['/usr/sbin/ipa-rmkeytab',
'-k', '/etc/krb5.keytab', '-r', cli_realm])
ipautil.run([paths.IPA_RMKEYTAB,
'-k', paths.KRB5_KEYTAB, '-r', cli_realm])
except CalledProcessError, e:
if e.returncode not in (3, 5):
# 3 - Unable to open keytab
@ -2316,7 +2314,7 @@ def install(options, env, fstore, statestore):
"/usr/sbin/ipa-rmkeytab returned %s" % e.returncode)
else:
root_logger.info("Removed old keys for realm %s from %s" % (
cli_realm, '/etc/krb5.keytab'))
cli_realm, paths.KRB5_KEYTAB))
if options.hostname and not options.on_master:
# configure /etc/sysconfig/network to contain the hostname we set.
@ -2372,7 +2370,7 @@ def install(options, env, fstore, statestore):
(ccache_fd, ccache_name) = tempfile.mkstemp()
os.close(ccache_fd)
env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = ccache_name
join_args = ["/usr/sbin/ipa-join",
join_args = [paths.SBIN_IPA_JOIN,
"-s", cli_server[0],
"-b", str(realm_to_suffix(cli_realm)),
"-h", hostname]
@ -2422,7 +2420,7 @@ def install(options, env, fstore, statestore):
join_args.append("-f")
if os.path.exists(options.keytab):
(stderr, stdout, returncode) = run(
['/usr/bin/kinit','-k', '-t', options.keytab,
[paths.KINIT,'-k', '-t', options.keytab,
'host/%s@%s' % (hostname, cli_realm)],
env=env,
raiseonerr=False)
@ -2502,7 +2500,7 @@ def install(options, env, fstore, statestore):
# Once we have the TGT, it's usable on any server.
env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = CCACHE_FILE
try:
run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab',
run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB,
'host/%s@%s' % (hostname, cli_realm)], env=env)
except CalledProcessError, e:
root_logger.error("Failed to obtain host TGT.")
@ -2536,7 +2534,7 @@ def install(options, env, fstore, statestore):
return CLIENT_INSTALL_ERROR
# Always back up sssd.conf. It gets updated by authconfig --enablekrb5.
fstore.backup_file("/etc/sssd/sssd.conf")
fstore.backup_file(paths.SSSD_CONF)
if options.sssd:
if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, client_domain, hostname):
return CLIENT_INSTALL_ERROR
@ -2549,7 +2547,7 @@ def install(options, env, fstore, statestore):
try:
root_logger.debug("Attempting to add CA directly to the "
"default NSS database.")
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb",
run([paths.CERTUTIL, "-A", "-d", paths.NSS_DB_DIR,
"-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT])
except CalledProcessError, e:
root_logger.info("Failed to add CA to the default NSS database.")
@ -2563,14 +2561,14 @@ def install(options, env, fstore, statestore):
# Get the host TGT.
os.environ['KRB5CCNAME'] = CCACHE_FILE
try:
run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab',
run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB,
host_principal])
except CalledProcessError, e:
root_logger.error("Failed to obtain host TGT.")
return CLIENT_INSTALL_ERROR
else:
# Configure krb5.conf
fstore.backup_file("/etc/krb5.conf")
fstore.backup_file(paths.KRB5_CONF)
if configure_krb5_conf(
cli_realm=cli_realm,
cli_domain=cli_domain,
@ -2578,7 +2576,7 @@ def install(options, env, fstore, statestore):
cli_kdc=cli_kdc,
dnsok=dnsok,
options=options,
filename="/etc/krb5.conf",
filename=paths.KRB5_CONF,
client_domain=client_domain):
return CLIENT_INSTALL_ERROR
@ -2816,10 +2814,10 @@ def main():
env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
global fstore
fstore = sysrestore.FileStore('/var/lib/ipa-client/sysrestore')
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
global statestore
statestore = sysrestore.StateFile('/var/lib/ipa-client/sysrestore')
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
if options.uninstall:
return uninstall(options, env)

47
ipaplatform/base/paths.py
View File

@ -21,6 +21,7 @@
This base platform module exports default filesystem paths.
'''
class BasePathNamespace(object):
BASH = "/bin/bash"
BIN_FALSE = "/bin/false"
@ -34,6 +35,7 @@ class BasePathNamespace(object):
BIN_TRUE = "/bin/true"
DEV_NULL = "/dev/null"
DEV_STDIN = "/dev/stdin"
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
ETC_DIRSRV = "/etc/dirsrv"
DS_KEYTAB = "/etc/dirsrv/ds.keytab"
ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
@ -44,6 +46,7 @@ class BasePathNamespace(object):
HOSTS = "/etc/hosts"
ETC_HTTPD_DIR = "/etc/httpd"
HTTPD_ALIAS_DIR = "/etc/httpd/alias"
ALIAS_CACERT_ASC = "/etc/httpd/alias/cacert.asc"
ALIAS_PWDFILE_TXT = "/etc/httpd/alias/pwdfile.txt"
HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
HTTPD_IPA_PKI_PROXY_CONF = "/etc/httpd/conf.d/ipa-pki-proxy.conf"
@ -53,19 +56,28 @@ class BasePathNamespace(object):
HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab"
HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf"
IDMAPD_CONF = "/etc/idmapd.conf"
ETC_IPA = "/etc/ipa"
CONNCHECK_CCACHE = "/etc/ipa/.conncheck_ccache"
IPA_DNS_CCACHE = "/etc/ipa/.dns_ccache"
IPA_DNS_UPDATE_TXT = "/etc/ipa/.dns_update.txt"
IPA_CA_CRT = "/etc/ipa/ca.crt"
IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
IPA_SMARTPROXY_CONF = "/etc/ipa/ipa-smartproxy.conf"
KRB5_CONF = "/etc/krb5.conf"
KRB5_KEYTAB = "/etc/krb5.keytab"
LDAP_CONF = "/etc/ldap.conf"
LIBNSS_LDAP_CONF = "/etc/libnss-ldap.conf"
NAMED_CONF = "/etc/named.conf"
NAMED_KEYTAB = "/etc/named.keytab"
NAMED_RFC1912_ZONES = "/etc/named.rfc1912.zones"
NSLCD_CONF = "/etc/nslcd.conf"
NSS_LDAP_CONF = "/etc/nss_ldap.conf"
NSSWITCH_CONF = "/etc/nsswitch.conf"
NTP_CONF = "/etc/ntp.conf"
NTP_STEP_TICKERS = "/etc/ntp/step-tickers"
OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf"
PAM_LDAP_CONF = "/etc/pam_ldap.conf"
PASSWD = "/etc/passwd"
ETC_PKI_CA_DIR = "/etc/pki-ca"
SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/"
@ -84,14 +96,19 @@ class BasePathNamespace(object):
SSH_CONFIG = "/etc/ssh/ssh_config"
SSHD_CONFIG = "/etc/ssh/sshd_config"
SSSD_CONF = "/etc/sssd/sssd.conf"
SSSD_CONF_BKP = "/etc/sssd/sssd.conf.bkp"
SSSD_CONF_DELETED = "/etc/sssd/sssd.conf.deleted"
ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig"
SYSCONFIG_AUTOFS = "/etc/sysconfig/autofs"
SYSCONFIG_DIRSRV = "/etc/sysconfig/dirsrv"
SYSCONFIG_DIRSRV_SYSTEMD = "/etc/sysconfig/dirsrv.systemd"
SYSCONFIG_DIRSRV_INSTANCE = "/etc/sysconfig/dirsrv-%s"
SYSCONFIG_DIRSRV_PKI_IPA_DIR = "/etc/sysconfig/dirsrv-PKI-IPA"
SYSCONFIG_DIRSRV_SYSTEMD = "/etc/sysconfig/dirsrv.systemd"
SYSCONFIG_HTTPD = "/etc/sysconfig/httpd"
SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc"
SYSCONFIG_NETWORK = "/etc/sysconfig/network"
SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp"
SYSCONFIG_NFS = "/etc/sysconfig/nfs"
SYSCONFIG_NTPD = "/etc/sysconfig/ntpd"
SYSCONFIG_PKI = "/etc/sysconfig/pki"
SYSCONFIG_PKI_CA_DIR = "/etc/sysconfig/pki-ca"
@ -104,12 +121,16 @@ class BasePathNamespace(object):
SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
HOME_DIR = "/home"
ROOT_IPA_CACHE = "/root/.ipa_cache"
ROOT_PKI = "/root/.pki"
CA_AGENT_P12 = "/root/ca-agent.p12"
CACERT_P12 = "/root/cacert.p12"
ROOT_IPA_CSR = "/root/ipa.csr"
ROOT_TMP_CA_P12 = "/root/tmp-ca.p12"
NAMED_PID = "/run/named/named.pid"
IP = "/sbin/ip"
NOLOGIN = "/sbin/nologin"
SBIN_REBOOT = "/sbin/reboot"
SBIN_RESTORECON = "/sbin/restorecon"
SBIN_SERVICE = "/sbin/service"
TMP = "/tmp"
@ -128,36 +149,48 @@ class BasePathNamespace(object):
IPA_GETCERT = "/usr/bin/ipa-getcert"
KDESTROY = "/usr/bin/kdestroy"
KINIT = "/usr/bin/kinit"
BIN_KVNO = "/usr/bin/kvno"
LDAPMODIFY = "/usr/bin/ldapmodify"
LDAPPASSWD = "/usr/bin/ldappasswd"
NET = "/usr/bin/net"
BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
NSUPDATE = "/usr/bin/nsupdate"
OPENSSL = "/usr/bin/openssl"
PERL = "/usr/bin/perl"
PK12UTIL = "/usr/bin/pk12util"
PKI_SETUP_PROXY = "/usr/bin/pki-setup-proxy"
PKICREATE = "/usr/bin/pkicreate"
PKIREMOVE = "/usr/bin/pkiremove"
PKISILENT = "/usr/bin/pkisilent"
SETPASSWD = "/usr/bin/setpasswd"
SIGNTOOL = "/usr/bin/signtool"
SSLGET = "/usr/bin/sslget"
SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
BIN_WGET = "/usr/bin/wget"
ZIP = "/usr/bin/zip"
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
USR_LIB_DIRSRV = "/usr/lib/dirsrv"
USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s"
USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA"
LIB_FIREFOX = "/usr/lib/firefox"
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s"
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA"
LIB64_FIREFOX = "/usr/lib64/firefox"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit"
GETSEBOOL = "/usr/sbin/getsebool"
GROUPADD = "/usr/sbin/groupadd"
HTTPD = "/usr/sbin/httpd"
IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
SBIN_IPA_JOIN = "/usr/sbin/ipa-join"
IPA_REPLICA_CONNCHECK = "/usr/sbin/ipa-replica-conncheck"
IPA_RMKEYTAB = "/usr/sbin/ipa-rmkeytab"
IPACTL = "/usr/sbin/ipactl"
NTPD = "/usr/sbin/ntpd"
PKIDESTROY = "/usr/sbin/pkidestroy"
PKISPAWN = "/usr/sbin/pkispawn"
@ -178,11 +211,14 @@ class BasePathNamespace(object):
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
PREFERENCES_HTML = "/usr/share/ipa/html/preferences.html"
NIS_ULDIF = "/usr/share/ipa/nis.uldif"
IPA_PLUGINS = "/usr/share/ipa/plugins"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
UPDATES_DIR = "/usr/share/ipa/updates/"
PKI_CONF_SERVER_XML = "/usr/share/pki/ca/conf/server.xml"
CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
VAR_KERBEROS_KRB5KDC_DIR = "/var/kerberos/krb5kdc/"
VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5."
CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem"
KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf"
@ -191,6 +227,7 @@ class BasePathNamespace(object):
AUTHCONFIG_LAST = "/var/lib/authconfig/last"
VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
CERTMONGER_CAS_DIR = "/var/lib/certmonger/cas/"
CERTMONGER_CAS_CA_RENEWAL = "/var/lib/certmonger/cas/ca_renewal"
CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/"
VAR_LIB_DIRSRV = "/var/lib/dirsrv"
DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif"
@ -202,7 +239,9 @@ class BasePathNamespace(object):
VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-PKI-IPA"
VAR_LIB_IPA = "/var/lib/ipa"
IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
IPA_BACKUP_DIR = "/var/lib/ipa/backup"
IPA_CA_CSR = "/var/lib/ipa/ca.csr"
PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
@ -216,7 +255,8 @@ class BasePathNamespace(object):
SAMBA_DIR = "/var/lib/samba/"
SSSD_MC_GROUP = "/var/lib/sss/mc/group"
SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
SSS_KRB5_INCLUDE_D = "/var/lib/sss/pubconf/krb5.include.d"
SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s"
VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
@ -227,6 +267,7 @@ class BasePathNamespace(object):
IPABACKUP_LOG = "/var/log/ipabackup.log"
IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
IPACLIENT_UNINSTALL_LOG = "/var/log/ipaclient-uninstall.log"
IPAREPLICA_CA_INSTALL_LOG = "/var/log/ipareplica-ca-install.log"
IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log"
IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log"
IPARESTORE_LOG = "/var/log/iparestore.log"

2
ipaserver/install/ipa_backup.py
View File

@ -113,7 +113,7 @@ class Backup(admintool.AdminTool):
paths.VAR_LIB_PKI_CA_DIR,
paths.SYSRESTORE,
paths.IPA_CLIENT_SYSRESTORE,
paths.SSS_KRB5_INCLUDE_D,
paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR,
paths.AUTHCONFIG_LAST,
paths.VAR_LIB_CERTMONGER_DIR,
paths.VAR_LIB_IPA,