Support the 1.4.x python installer tools in 389-ds

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

install/share/ldapi.ldif

@@ -3,4 +3,8 @@ dn: cn=config
 changetype: modify
 replace: nsslapd-ldapilisten
 nsslapd-ldapilisten: on
+-
+replace: nsslapd-ldapifilepath
+nsslapd-ldapifilepath: /var/run/slapd-$SERVERID.socket
+-
 

ipaplatform/base/paths.py

@@ -32,9 +32,6 @@ class BasePathNamespace:
     SYSTEMCTL = "/bin/systemctl"
     TAR = "/bin/tar"
     AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
-    ETC_DIRSRV = "/etc/dirsrv"
-    DS_KEYTAB = "/etc/dirsrv/ds.keytab"
-    ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
     ETC_FEDORA_RELEASE = "/etc/fedora-release"
     GROUP = "/etc/group"
     ETC_HOSTNAME = "/etc/hostname"
@@ -197,13 +194,11 @@ class BasePathNamespace:
     BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
     BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
     BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
-    USR_LIB_DIRSRV = "/usr/lib/dirsrv"
     LIB_FIREFOX = "/usr/lib/firefox"
     LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
     PAM_KRB5_SO = "/usr/lib/security/pam_krb5.so"
     LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
     BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
-    USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
     LIB64_FIREFOX = "/usr/lib64/firefox"
     LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
     PAM_KRB5_SO_64 = "/usr/lib64/security/pam_krb5.so"
@@ -236,11 +231,9 @@ class BasePathNamespace:
     PKIDESTROY = "/usr/sbin/pkidestroy"
     PKISPAWN = "/usr/sbin/pkispawn"
     PKI = "/usr/bin/pki"
-    REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
     RESTORECON = "/usr/sbin/restorecon"
     SELINUXENABLED = "/usr/sbin/selinuxenabled"
     SETSEBOOL = "/usr/sbin/setsebool"
-    SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
     SMBD = "/usr/sbin/smbd"
     USERADD = "/usr/sbin/useradd"
     FONTS_DIR = "/usr/share/fonts"
@@ -276,11 +269,6 @@ class BasePathNamespace:
     CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/"
     VAR_LIB_DIRSRV = "/var/lib/dirsrv"
     DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif"
-    VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
-    VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
-    SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
-    SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
-    SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
     VAR_LIB_IPA = "/var/lib/ipa"
     IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
     SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
@@ -315,10 +303,6 @@ class BasePathNamespace:
     SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
     SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
     VAR_LOG_AUDIT = "/var/log/audit/audit.log"
-    DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
-    VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
-    SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
-    SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
     VAR_LOG_HTTPD_DIR = "/var/log/httpd"
     VAR_LOG_HTTPD_ERROR = "/var/log/httpd/error_log"
     IPABACKUP_LOG = "/var/log/ipabackup.log"
@@ -358,13 +342,8 @@ class BasePathNamespace:
     SVC_LIST_FILE = "/var/run/ipa/services.list"
     KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
     SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
-    ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
     ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
     ENTROPY_AVAIL = '/proc/sys/kernel/random/entropy_avail'
-    LDIF2DB = '/usr/sbin/ldif2db'
-    DB2LDIF = '/usr/sbin/db2ldif'
-    BAK2DB = '/usr/sbin/bak2db'
-    DB2BAK = '/usr/sbin/db2bak'
     KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
     CERTMONGER = '/usr/sbin/certmonger'
     NETWORK_MANAGER_CONFIG_DIR = '/etc/NetworkManager/conf.d'
@@ -382,6 +361,33 @@ class BasePathNamespace:
     AUTHCONFIG = None
     AUTHSELECT = None
     SYSCONF_NETWORK = None
+    # 389 DS related commands.
+    DSCREATE = '/usr/sbin/dscreate'
+    DSCTL = '/usr/sbin/dsctl'
+    DSCONF = '/usr/sbin/dsconf'
+    # DS related constants
+    ETC_DIRSRV = "/etc/dirsrv"
+    DS_KEYTAB = "/etc/dirsrv/ds.keytab"
+    ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
+    USR_LIB_DIRSRV = "/usr/lib/dirsrv"
+    USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
+    VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
+    VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
+    SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
+    SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
+    SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
+    DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
+    ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
+    VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
+    SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
+    SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
+    # Legacy 389 commands
+    LDIF2DB = '/usr/sbin/ldif2db'
+    DB2LDIF = '/usr/sbin/db2ldif'
+    BAK2DB = '/usr/sbin/bak2db'
+    DB2BAK = '/usr/sbin/db2bak'
+    SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
+    REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
     IPA_SERVER_UPGRADE = '/usr/sbin/ipa-server-upgrade'
     KEYCTL = '/usr/bin/keyctl'
     GETENT = '/usr/bin/getent'

ipaserver/install/dsinstance.py

@@ -96,7 +96,7 @@ def schema_dirname(serverid):
     return config_dirname(serverid) + "/schema/"
 
 
-def remove_ds_instance(serverid, force=False):
+def __remove_instance_legacy(serverid, force=False):
     """A wrapper around the 'remove-ds.pl' script used by
     389ds to remove a single directory server instance. In case of error
     additional call with the '-f' flag is performed (forced removal). If this
@@ -118,6 +118,36 @@ def remove_ds_instance(serverid, force=False):
                      "Attempting to force removal", paths.REMOVE_DS_PL)
         remove_ds_instance(serverid, force=True)
 
+def __remove_instance_python(serverid):
+    """Call the lib389 api to remove the instance. Because of the
+    design of the api, there is no "force" command. Provided a marker
+    file exists, it will attempt the removal, and the marker is the *last*
+    file to be removed. IE just run this multiple times til it works (if
+    you even need multiple times ....)
+    """
+
+    from lib389.instance.remove import remove_ds_instance
+    from lib389 import DirSrv
+
+    logger.debug("Attempting to remove instance %s" % serverid)
+    # Alloc the local instance by name (no creds needed!)
+    inst = DirSrv(verbose=True, external_log=logger)
+    inst.local_simple_allocate(serverid)
+
+    # Remove it
+    remove_ds_instance(instance)
+    logger.debug("Instance removed correctly.")
+
+def remove_ds_instance(serverid, force=False):
+    if os.path.exists(paths.REMOVE_DS_PL):
+        # We still have legacy tools. Lets use them.
+        self.__remove_instance_legacy(serverid, force)
+    else:
+        # Okay, 389 have removed their perl tools. Great! Use the api driven installer
+        self.__remove_instance_python(serverid)
+
+
+
 
 def get_ds_instances():
     '''
@@ -549,7 +579,7 @@ class DsInstance(service.Service):
                              ' '.join(replication.TOTAL_EXCLUDES),
                          )
 
-    def __create_instance(self):
+    def __create_instance_legacy(self):
         pent = pwd.getpwnam(DS_USER)
 
         self.backup_state("serverid", self.serverid)
@@ -591,6 +621,68 @@ class DsInstance(service.Service):
         inf_fd.close()
         os.remove(paths.DIRSRV_BOOT_LDIF)
 
+    def __create_instance_python(self):
+        # We only import lib389 now, because we can't always guarantee it's presence
+        # yet. After f28, this can be made a dependency proper.
+        from lib389.instance.setup import SetupDs
+        from lib389.instance.options import General2Base, Slapd2Base
+        from lib389.idm.ipadomain import IpaDomain
+        from lib389 import DirSrv
+
+        # The new installer is api driven. We can pass it a log function
+        # and it will use it. Because of this, we can pass verbose true,
+        # and allow our logger to control the display based on level.
+        sds = SetupDs(verbose=True, dryrun=False, log=logger)
+
+        # General environmental options.
+        general_options = General2Base(logger)
+        general_options.set('strict_host_checking', False)
+        # Check that our requested configuration is actually valid ...
+        general_options.verify()
+        general = general_options.collect()
+
+        # Slapd options, ie instance name.
+        slapd_options = Slapd2Base(logger)
+        slapd_options.set('instance_name', self.serverid)
+        slapd_options.set('root_password', self.dm_password)
+        slapd_options.verify()
+        slapd = slapd_options.collect()
+
+        # Create userroot. Note that the new install does NOT
+        # create sample entries, so this is *empty*.
+        userroot = {
+            'cn': 'userRoot',
+            'nsslapd-suffix': self.suffix.ldap_text()
+        }
+
+        backends = [userroot,]
+
+        sds.create_from_args(general, slapd, backends, None)
+
+        # Now create the new domain root object in the format that IPA expects.
+        # Get the instance ....
+
+        inst = DirSrv(verbose=True, external_log=logger)
+        inst.remote_simple_allocate(ldapuri=ipaldap.get_ldap_uri(self.fqdn), password=self.dm_password)
+        # This actually opens the conn and binds.
+        inst.open()
+
+        ipadomain = IpaDomain(inst, dn=self.suffix.ldap_text())
+        ipadomain.create(properties={
+            'dc' : self.realm.split('.')[0].lower(),
+            'info': 'IPA V2.0',
+        })
+        # Done!
+        logger.debug("completed creating DS instance")
+
+    def __create_instance(self):
+        if os.path.exists(paths.SETUP_DS_PL):
+            # We still have legacy tools. Lets use them.
+            self.__create_instance_legacy()
+        else:
+            # Okay, 389 have removed their perl tools. Great! Use the api driven installer
+            self.__create_instance_python()
+
     def __update_dse_ldif(self):
         """
         This method updates dse.ldif right after instance creation. This is
@@ -1054,16 +1146,22 @@ class DsInstance(service.Service):
 
         try:
             self.fstore.restore_file(paths.LIMITS_CONF)
+        except ValueError as error:
+            logger.debug("%s: %s" % (paths.LIMITS_CONF , error))
+
+        try:
             self.fstore.restore_file(paths.SYSCONFIG_DIRSRV)
         except ValueError as error:
-            logger.debug("%s", error)
+            logger.debug("%s: %s" % (paths.SYSCONFIG_DIRSRV , error))
 
         # disabled during IPA installation
         if enabled:
+            logger.debug("Re-enabling instance of Directory Server")
             self.enable()
 
         serverid = self.restore_state("serverid")
         if serverid is not None:
+            # What if this fails? Then what?
             self.stop_tracking_certificates(serverid)
             logger.debug("Removing DS instance %s", serverid)
             try:
@@ -1072,9 +1170,14 @@ class DsInstance(service.Service):
                 logger.error("Failed to remove DS instance. You may "
                              "need to remove instance data manually")
 
-            installutils.remove_keytab(paths.DS_KEYTAB)
-            installutils.remove_ccache(run_as=DS_USER)
+        else:
+            logger.error("Failed to remove DS instance. No serverid present"
+                         "in sysrestore file.")
 
+        installutils.remove_keytab(paths.DS_KEYTAB)
+        installutils.remove_ccache(run_as=DS_USER)
+
+        if serverid is None:
             # Remove scripts dir
             scripts = paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % (
                 serverid)