Add ODS manager abstraction to ipaplatform

OpenDNSSEC 1.4 and 2.x use different commands to initialize kasp.db and manage zones. ipaplatform.tasks abstracts the commands. Note: I added the logic to the base task instead of having different implementations for Red Hat and Debian platforms. Eventually Fedora is going to move to OpenDNSSEC 2.x, too. The design will make it easier to support OpenDNSSEC 2.x on Fedora. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-04-18 08:02:38 +02:00
parent 8592603ea3
commit edaea8865f
5 changed files with 46 additions and 25 deletions
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -186,7 +186,7 @@ class BasePathNamespace:
    ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
    ODS_SIGNER = "/usr/sbin/ods-signer"
    ODS_ENFORCER = None
-    ODS_ENFORCER_SETUP = None
+    ODS_ENFORCER_DB_SETUP = None
    OPENSSL = "/usr/bin/openssl"
    PK12UTIL = "/usr/bin/pk12util"
    SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -24,10 +24,12 @@ This module contains default platform-specific implementations of system tasks.

 from __future__ import absolute_import

+import os
 import logging

 from pkg_resources import parse_version

+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import ipautil

@@ -272,5 +274,37 @@ class BaseTaskNamespace:
        if fstore is not None and fstore.has_file(paths.RESOLV_CONF):
            fstore.restore_file(paths.RESOLV_CONF)

+    def run_ods_setup(self):
+        """Initialize a new kasp.db
+        """
+        if paths.ODS_KSMUTIL is not None:
+            cmd = [paths.ODS_KSMUTIL, 'setup']
+        else:
+            cmd = [paths.ODS_ENFORCER_DB_SETUP]
+        return ipautil.run(cmd, stdin="y", runas=constants.ODS_USER)
+
+    def run_ods_manager(self, params, **kwargs):
+        """Run OpenDNSSEC manager command (ksmutil, enforcer)
+
+        :param params: parameter for ODS command
+        :param kwargs: additional arguments for ipautil.run()
+        :return: result from ipautil.run()
+        """
+        assert params[0] != 'setup'
+
+        if paths.ODS_KSMUTIL is not None:
+            # OpenDNSSEC 1.4
+            cmd = [paths.ODS_KSMUTIL]
+        else:
+            # OpenDNSSEC 2.x
+            cmd = [paths.ODS_ENFORCER]
+        cmd.extend(params)
+
+        # run commands as ODS user
+        if os.geteuid() == 0:
+            kwargs['runas'] = constants.ODS_USER
+
+        return ipautil.run(cmd, **kwargs)
+

 tasks = BaseTaskNamespace()