mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
ipaplatform, ipa.conf: Use paths variables in ipa.conf.template
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
parent
1adb3edea9
commit
e6c707b168
@ -43,7 +43,7 @@ FileETag None
|
|||||||
|
|
||||||
# FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package
|
# FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package
|
||||||
# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
|
# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
|
||||||
WSGISocketPrefix /run/httpd/wsgi
|
WSGISocketPrefix $WSGI_PREFIX_DIR
|
||||||
|
|
||||||
|
|
||||||
# Configure mod_wsgi handler for /ipa
|
# Configure mod_wsgi handler for /ipa
|
||||||
@ -77,10 +77,10 @@ WSGIScriptReloading Off
|
|||||||
# Uncomment the following to have shorter sessions, but beware this may break
|
# Uncomment the following to have shorter sessions, but beware this may break
|
||||||
# old IPA client tols that incorrectly parse cookies.
|
# old IPA client tols that incorrectly parse cookies.
|
||||||
# SessionMaxAge 1800
|
# SessionMaxAge 1800
|
||||||
GssapiSessionKey file:/etc/httpd/alias/ipasession.key
|
GssapiSessionKey file:$GSSAPI_SESSION_KEY
|
||||||
|
|
||||||
GssapiImpersonate On
|
GssapiImpersonate On
|
||||||
GssapiDelegCcacheDir /var/run/ipa/ccaches
|
GssapiDelegCcacheDir $IPA_CCACHES
|
||||||
GssapiDelegCcachePerms mode:0660 gid:ipaapi
|
GssapiDelegCcachePerms mode:0660 gid:ipaapi
|
||||||
GssapiUseS4U2Proxy on
|
GssapiUseS4U2Proxy on
|
||||||
GssapiAllowedMech krb5
|
GssapiAllowedMech krb5
|
||||||
@ -111,7 +111,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
|
|||||||
# This configuration needs to be loaded after <Location "/ipa">
|
# This configuration needs to be loaded after <Location "/ipa">
|
||||||
<Location "/ipa/session/login_x509">
|
<Location "/ipa/session/login_x509">
|
||||||
AuthType none
|
AuthType none
|
||||||
GssapiDelegCcacheDir /var/run/ipa/ccaches
|
GssapiDelegCcacheDir $IPA_CCACHES
|
||||||
GssapiDelegCcachePerms mode:0660 gid:ipaapi
|
GssapiDelegCcachePerms mode:0660 gid:ipaapi
|
||||||
NSSVerifyClient require
|
NSSVerifyClient require
|
||||||
NSSUserName SSL_CLIENT_CERT
|
NSSUserName SSL_CLIENT_CERT
|
||||||
@ -126,7 +126,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
|
|||||||
SessionCookieName ipa_session path=/ipa;httponly;secure;
|
SessionCookieName ipa_session path=/ipa;httponly;secure;
|
||||||
SessionHeader IPASESSION
|
SessionHeader IPASESSION
|
||||||
SessionMaxAge 1800
|
SessionMaxAge 1800
|
||||||
GssapiSessionKey file:/etc/httpd/alias/ipasession.key
|
GssapiSessionKey file:$GSSAPI_SESSION_KEY
|
||||||
|
|
||||||
Header unset Set-Cookie
|
Header unset Set-Cookie
|
||||||
</Location>
|
</Location>
|
||||||
@ -146,7 +146,7 @@ Alias /ipa/session/cookie "/usr/share/ipa/gssapi.login"
|
|||||||
# Custodia stuff is redirected to the custodia daemon
|
# Custodia stuff is redirected to the custodia daemon
|
||||||
# after authentication
|
# after authentication
|
||||||
<Location "/ipa/keys/">
|
<Location "/ipa/keys/">
|
||||||
ProxyPass "unix:/run/httpd/ipa-custodia.sock|http://localhost/keys/"
|
ProxyPass "unix:${IPA_CUSTODIA_SOCKET}|http://localhost/keys/"
|
||||||
RequestHeader set GSS_NAME %{GSS_NAME}s
|
RequestHeader set GSS_NAME %{GSS_NAME}s
|
||||||
RequestHeader set REMOTE_USER %{REMOTE_USER}s
|
RequestHeader set REMOTE_USER %{REMOTE_USER}s
|
||||||
</Location>
|
</Location>
|
||||||
@ -180,9 +180,9 @@ Alias /ipa/crl "$CRL_PUBLISH_PATH"
|
|||||||
|
|
||||||
|
|
||||||
# List explicitly only the fonts we want to serve
|
# List explicitly only the fonts we want to serve
|
||||||
Alias /ipa/ui/fonts/open-sans "/usr/share/fonts/open-sans"
|
Alias /ipa/ui/fonts/open-sans "${FONTS_DIR}/open-sans"
|
||||||
Alias /ipa/ui/fonts/fontawesome "/usr/share/fonts/fontawesome"
|
Alias /ipa/ui/fonts/fontawesome "${FONTS_DIR}/fontawesome"
|
||||||
<Directory "/usr/share/fonts">
|
<Directory "${FONTS_DIR}">
|
||||||
SetHandler None
|
SetHandler None
|
||||||
AllowOverride None
|
AllowOverride None
|
||||||
Satisfy Any
|
Satisfy Any
|
||||||
|
@ -41,6 +41,7 @@ class BasePathNamespace(object):
|
|||||||
HOSTS = "/etc/hosts"
|
HOSTS = "/etc/hosts"
|
||||||
ETC_HTTPD_DIR = "/etc/httpd"
|
ETC_HTTPD_DIR = "/etc/httpd"
|
||||||
HTTPD_ALIAS_DIR = "/etc/httpd/alias"
|
HTTPD_ALIAS_DIR = "/etc/httpd/alias"
|
||||||
|
GSSAPI_SESSION_KEY = "/etc/httpd/alias/ipasession.key"
|
||||||
OLD_KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
|
OLD_KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
|
||||||
HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
|
HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
|
||||||
HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
|
HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
|
||||||
@ -232,6 +233,7 @@ class BasePathNamespace(object):
|
|||||||
SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
|
SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
|
||||||
SMBD = "/usr/sbin/smbd"
|
SMBD = "/usr/sbin/smbd"
|
||||||
USERADD = "/usr/sbin/useradd"
|
USERADD = "/usr/sbin/useradd"
|
||||||
|
FONTS_DIR = "/usr/share/fonts"
|
||||||
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
|
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
|
||||||
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
|
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
|
||||||
IPA_HTML_DIR = "/usr/share/ipa/html"
|
IPA_HTML_DIR = "/usr/share/ipa/html"
|
||||||
@ -365,6 +367,7 @@ class BasePathNamespace(object):
|
|||||||
GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'
|
GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'
|
||||||
KRB5CC_HTTPD = '/tmp/krb5cc-httpd'
|
KRB5CC_HTTPD = '/tmp/krb5cc-httpd'
|
||||||
IF_INET6 = '/proc/net/if_inet6'
|
IF_INET6 = '/proc/net/if_inet6'
|
||||||
|
WSGI_PREFIX_DIR = "/run/httpd/wsgi"
|
||||||
AUTHCONFIG = None
|
AUTHCONFIG = None
|
||||||
IPA_SERVER_UPGRADE = '/usr/sbin/ipa-server-upgrade'
|
IPA_SERVER_UPGRADE = '/usr/sbin/ipa-server-upgrade'
|
||||||
KEYCTL = '/usr/bin/keyctl'
|
KEYCTL = '/usr/bin/keyctl'
|
||||||
|
@ -56,6 +56,7 @@ class DebianPathNamespace(BasePathNamespace):
|
|||||||
SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/apache2.service.d/"
|
SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/apache2.service.d/"
|
||||||
SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/apache2.service.d/ipa.conf"
|
SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/apache2.service.d/ipa.conf"
|
||||||
DNSSEC_TRUSTED_KEY = "/etc/bind/trusted-key.key"
|
DNSSEC_TRUSTED_KEY = "/etc/bind/trusted-key.key"
|
||||||
|
GSSAPI_SESSION_KEY = "/etc/apache2/ipasession.key"
|
||||||
OLD_KRA_AGENT_PEM = "/etc/apache2/nssdb/kra-agent.pem"
|
OLD_KRA_AGENT_PEM = "/etc/apache2/nssdb/kra-agent.pem"
|
||||||
SBIN_SERVICE = "/usr/sbin/service"
|
SBIN_SERVICE = "/usr/sbin/service"
|
||||||
CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
|
CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
|
||||||
@ -77,6 +78,7 @@ class DebianPathNamespace(BasePathNamespace):
|
|||||||
HTTPD = "/usr/sbin/apache2ctl"
|
HTTPD = "/usr/sbin/apache2ctl"
|
||||||
REMOVE_DS_PL = "/usr/sbin/remove-ds"
|
REMOVE_DS_PL = "/usr/sbin/remove-ds"
|
||||||
SETUP_DS_PL = "/usr/sbin/setup-ds"
|
SETUP_DS_PL = "/usr/sbin/setup-ds"
|
||||||
|
FONTS_DIR = "/usr/share/fonts/truetype"
|
||||||
VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
|
VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
|
||||||
VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
|
VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
|
||||||
CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
|
CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
|
||||||
@ -93,5 +95,6 @@ class DebianPathNamespace(BasePathNamespace):
|
|||||||
IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
|
IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
|
||||||
IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
|
IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
|
||||||
IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
|
IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
|
||||||
|
WSGI_PREFIX_DIR = "/run/apache2/wsgi"
|
||||||
|
|
||||||
paths = DebianPathNamespace()
|
paths = DebianPathNamespace()
|
||||||
|
@ -147,6 +147,11 @@ class HTTPInstance(service.Service):
|
|||||||
DOMAIN=self.domain,
|
DOMAIN=self.domain,
|
||||||
AUTOREDIR='' if auto_redirect else '#',
|
AUTOREDIR='' if auto_redirect else '#',
|
||||||
CRL_PUBLISH_PATH=paths.PKI_CA_PUBLISH_DIR,
|
CRL_PUBLISH_PATH=paths.PKI_CA_PUBLISH_DIR,
|
||||||
|
FONTS_DIR=paths.FONTS_DIR,
|
||||||
|
GSSAPI_SESSION_KEY=paths.GSSAPI_SESSION_KEY,
|
||||||
|
IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET,
|
||||||
|
IPA_CCACHES=paths.IPA_CCACHES,
|
||||||
|
WSGI_PREFIX_DIR=paths.WSGI_PREFIX_DIR,
|
||||||
)
|
)
|
||||||
self.ca_file = ca_file
|
self.ca_file = ca_file
|
||||||
if ca_is_configured is not None:
|
if ca_is_configured is not None:
|
||||||
|
Loading…
Reference in New Issue
Block a user