IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ceee8fbc8b1bcfff4ff9db68b8b6ddb04ad01e2
freeipa/debian/patches/add-debian-platform.diff
Timo Aaltonen 2ceee8fbc8 fix check for bind9-dyndb-ldap
2014-10-14 13:48:37 +03:00

685 lines
26 KiB
Diff
Raw Blame History

commit b076743f2cdd3a3cb9e8d0e8be7be8c90160fc21
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Fri Mar 1 12:21:00 2013 +0200
add debian platform support
--- /dev/null
+++ b/ipapython/platform/debian/__init__.py
@@ -0,0 +1,43 @@
+import os
+
+from ipapython.platform import base, redhat, fedora18
+from ipapython.platform.debian.auth import DebianAuthConfig
+from ipapython.platform.debian.service import debian_service, DebianServices
+
+# All what we allow exporting directly from this module
+# Everything else is made available through these symbols when they are
+# directly imported into ipapython.services:
+#
+# authconfig -- class reference for platform-specific implementation of
+# authconfig(8)
+# service -- class reference for platform-specific implementation of a
+# PlatformService class
+# knownservices -- factory instance to access named services IPA cares about,
+# names are ipapython.services.wellknownservices
+# backup_and_replace_hostname -- platform-specific way to set hostname and
+# make it persistent over reboots
+# restore_network_configuration -- platform-specific way of restoring network
+# configuration (e.g. static hostname)
+# restore_context -- platform-sepcific way to restore security context, if
+# applicable
+# check_selinux_status -- platform-specific way to see if SELinux is enabled
+# and restorecon is installed.
+__all__ = ['authconfig', 'service', 'knownservices',
+ 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status',
+ 'restore_network_configuration', 'timedate_services']
+
+# Just copy a referential list of timedate services
+timedate_services = list(base.timedate_services)
+
+def restore_network_configuration(fstore, statestore):
+ filepath = '/etc/hostname'
+ if fstore.has_file(filepath):
+ fstore.restore_file(filepath)
+ hostname_was_configured = True
+
+authconfig = DebianAuthConfig
+service = debian_service
+knownservices = DebianServices()
+backup_and_replace_hostname = fedora18.backup_and_replace_hostname
+restore_context = redhat.restore_context
+check_selinux_status = redhat.check_selinux_status
--- /dev/null
+++ b/ipapython/platform/debian/auth.py
@@ -0,0 +1,33 @@
+from ipapython import ipautil
+from ipapython.platform import base
+
+class DebianAuthConfig(base.AuthConfig):
+ """
+ Debian implementation of the AuthConfig class.
+
+ Debian doesn't provide a single application for changing both
+ nss and pam configuration. PAM can be configured using debconf but there
+ is currently no such solution for updating NSS database and every package
+ does it by itself.
+
+ We'll have to play a catch-up game with the rest of the FreeIPA project
+ filtering out .enable() and .disable() calls that are useless for us,
+ and making the best out of the rest of them.
+ """
+
+ def __build_args(self):
+ args = ['--force', '--package']
+ for (option, value) in self.parameters.items():
+ if option == "sssdauth":
+ option = "sss"
+ if type(value) is bool and not value:
+ if not any("remove" in s for s in args):
+ args.append("--remove")
+ args.append("%s" % (option))
+ return args
+
+ def execute(self):
+ env = {"DEBCONF_FRONTEND" : "noninteractive"}
+ args = self.__build_args()
+ ipautil.run(["/usr/sbin/pam-auth-update"] + args, env = env)
+
--- /dev/null
+++ b/ipapython/platform/debian/service.py
@@ -0,0 +1,107 @@
+import time
+
+from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger
+from ipapython.platform import base
+from ipalib import api
+
+class DebianService(base.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""):
+ """
+ If this is a service we need to wait for do so.
+ """
+ ports = None
+ if instance_name in base.wellknownports:
+ ports = base.wellknownports[instance_name]
+ else:
+ if self.service_name in base.wellknownports:
+ ports = base.wellknownports[self.service_name]
+ if ports:
+ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+ def stop(self, instance_name='', capture_output=True):
+ ipautil.run(["/usr/sbin/service", self.service_name, "stop",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ super(DebianService, self).stop(instance_name)
+
+ def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run(["/usr/sbin/service", self.service_name, "start",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+ super(DebianService, self).start(instance_name)
+
+ def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run(["/usr/sbin/service", self.service_name, "restart",
+ instance_name], capture_output=capture_output)
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+
+ def is_running(self, instance_name=""):
+ ret = True
+ try:
+ (sout, serr, rcode) = ipautil.run(["/usr/sbin/service",
+ self.service_name, "status",
+ instance_name])
+ if sout.find("NOT running") >= 0:
+ ret = False
+ if sout.find("stop") >= 0:
+ ret = False
+ except ipautil.CalledProcessError:
+ ret = False
+ return ret
+
+ def is_installed(self):
+ installed = True
+ try:
+ ipautil.run(["/usr/sbin/service", self.service_name, "status"])
+ except ipautil.CalledProcessError, e:
+ if e.returncode == 1:
+ # service is not installed or there is other serious issue
+ installed = False
+ return installed
+
+ def is_enabled(self, instance_name=""):
+ # Services are always assumed to be enabled when installed
+ return True
+
+ def enable(self):
+ return True
+
+ def disable(self):
+ return True
+
+ def install(self):
+ return True
+
+ def remove(self):
+ return True
+
+class DebianSSHService(DebianService):
+ def get_config_dir(self, instance_name=""):
+ return '/etc/ssh'
+
+def debian_service(name):
+ if name == 'sshd':
+ return DebianSSHService(name)
+ return DebianService(name)
+
+class DebianServices(base.KnownServices):
+ def __init__(self):
+ services = dict()
+ for s in base.wellknownservices:
+ if s == "messagebus":
+ services[s] = debian_service("dbus")
+ elif s == "ntpd":
+ services[s] = debian_service("ntp")
+ else:
+ services[s] = debian_service(s)
+ # Call base class constructor. This will lock services to read-only
+ super(DebianServices, self).__init__(services)
--- /dev/null
+++ b/ipaplatform/debian/__init__.py
@@ -0,0 +1,22 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains Debian specific platform files.
+"""
--- /dev/null
+++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,65 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This Debian base platform module exports default filesystem paths as common
+in Debian-based systems.
+"""
+
+# Fallback to default path definitions
+from ipaplatform.base.paths import BasePathNamespace
+
+
+class DebianPathNamespace(BasePathNamespace):
+ OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
+ NSS_DB_DIR = "sql:/etc/pki/nssdb"
+ SBIN_SERVICE = "/usr/sbin/service"
+ ETC_HTTPD_DIR = "/etc/apache2"
+ HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+ HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+ HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-enabled/ipa-rewrite.conf"
+ HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+ HTTPD_NSS_CONF = "/etc/apache2/mods-enabled/nss.conf"
+ HTTPD_SSL_CONF = "/etc/apache2/conf-enabled/ssl.conf"
+ IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+ HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+ SYSCONFIG_PKI = "/etc/dogtag/"
+ SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat"
+ SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat"
+ HTTPD = "/usr/sbin/apache2ctl"
+ BIND_LDAP_SO = "/usr/share/doc/bind9-dyndb-ldap/copyright"
+ NAMED_CONF = "/etc/bind/named.conf.local"
+ NAMED_KEYTAB = "/etc/bind/named.keytab"
+ NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+ ETC_DEBIAN_VERSION = "/etc/debian_version"
+ SYSCONFIG_NTPD = "/etc/default/ntp"
+ SETUP_DS_PL = "/usr/sbin/setup-ds"
+ VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
+ VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
+ CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
+ KRB5KDC_KDC_CONF = "/var/lib/krb5kdc/kdc.conf"
+ KDC_PEM = "/var/lib/krb5kdc/kdc.pem"
+ VAR_LOG_HTTPD_DIR = "/var/log/apache2"
+ SYSCONFIG_KRB5KDC_DIR = "/etc/default/krb5-kdc"
+ GENERATE_RNDC_KEY = "/usr/share/ipa/generate-rndc-key.sh"
+
+paths = DebianPathNamespace()
--- /dev/null
+++ b/ipaplatform/debian/services.py
@@ -0,0 +1,161 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Contains Debian-specific service class implementations.
+"""
+
+import time
+
+from ipaplatform.tasks import tasks
+from ipaplatform.base import services as base_services
+
+from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger
+from ipalib import api
+from ipaplatform.paths import paths
+
+# Service classes that implement Debian-specific behaviour
+
+class DebianService(base_services.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""):
+ """
+ If this is a service we need to wait for do so.
+ """
+ ports = None
+ if instance_name in base_services.wellknownports:
+ ports = base_services.wellknownports[instance_name]
+ else:
+ if self.service_name in base_services.wellknownports:
+ ports = base_services.wellknownports[self.service_name]
+ if ports:
+ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+ def stop(self, instance_name='', capture_output=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "stop",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ super(DebianService, self).stop(instance_name)
+
+ def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "start",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+ super(DebianService, self).start(instance_name)
+
+ def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart",
+ instance_name], capture_output=capture_output)
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+
+ def is_running(self, instance_name=""):
+ ret = True
+ try:
+ (sout, serr, rcode) = ipautil.run([paths.SBIN_SERVICE,
+ self.service_name, "status",
+ instance_name])
+ if sout.find("NOT running") >= 0:
+ ret = False
+ if sout.find("stop") >= 0:
+ ret = False
+ except ipautil.CalledProcessError:
+ ret = False
+ return ret
+
+ def is_installed(self):
+ installed = True
+ try:
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "status"])
+ except ipautil.CalledProcessError, e:
+ if e.returncode == 1:
+ # service is not installed or there is other serious issue
+ installed = False
+ return installed
+
+ def is_enabled(self, instance_name=""):
+ # Services are always assumed to be enabled when installed
+ return True
+
+ def enable(self):
+ return True
+
+ def disable(self):
+ return True
+
+ def install(self):
+ return True
+
+ def remove(self):
+ return True
+
+ def tune_nofile_platform(self):
+ return True
+
+
+class DebianSSHService(DebianService):
+ def get_config_dir(self, instance_name=""):
+ return '/etc/ssh'
+
+# Function that constructs proper Debian-specific server classes for services
+# of specified name
+
+def debian_service_class_factory(name):
+ if name == 'httpd':
+ return DebianService("apache2")
+ if name == 'ipa_memcached':
+ return DebianService("ipa-memcached")
+ if name == 'kadmin':
+ return DebianService("krb5-admin-server")
+ if name == 'krb5kdc':
+ return DebianService("krb5-kdc")
+ if name == 'messagebus':
+ return DebianService("dbus")
+ if name == 'named':
+ return DebianService("bind9")
+ if name == 'ntpd':
+ return DebianService("ntp")
+ if name == 'sshd':
+ return DebianSSHService(name)
+ return DebianService(name)
+
+
+# Magicdict containing DebianService instances.
+
+class DebianServices(base_services.KnownServices):
+ def __init__(self):
+ services = dict()
+ for s in base_services.wellknownservices:
+ services[s] = debian_service_class_factory(s)
+ # Call base class constructor. This will lock services to read-only
+ super(DebianServices, self).__init__(services)
+
+
+# Objects below are expected to be exported by platform module
+
+from ipaplatform.base.services import timedate_services
+service = debian_service_class_factory
+knownservices = DebianServices()
--- /dev/null
+++ b/ipaplatform/debian/tasks.py
@@ -0,0 +1,37 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains default Debian-specific implementations of system tasks.
+"""
+
+from ipaplatform.paths import paths
+from ipaplatform.base.tasks import *
+from ipaplatform.fedora.tasks import FedoraTaskNamespace
+
+class DebianTaskNamespace(FedoraTaskNamespace):
+
+ def restore_network_configuration(self, fstore, statestore):
+ filepath = paths.ETC_HOSTNAME
+ if fstore.has_file(filepath):
+ fstore.restore_file(filepath)
+ hostname_was_configured = True
+
+
+tasks = DebianTaskNamespace()
--- a/ipaplatform/setup.py.in
+++ b/ipaplatform/setup.py.in
@@ -67,6 +67,7 @@ def setup_package():
package_dir = {'ipaplatform': ''},
packages = ["ipaplatform",
"ipaplatform.base",
+ "ipaplatform.debian",
"ipaplatform.fedora"],
)
finally:
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -46,6 +46,8 @@ class NTPInstance(service.Service):
os = "fedora"
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel"
+ elif ipautil.file_exists(paths.ETC_DEBIAN_VERSION):
+ os = "debian"
srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os)
@@ -105,9 +107,9 @@ class NTPInstance(service.Service):
fd.close()
for line in lines:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
for opt in needopts:
if sline.find(opt['val']) != -1:
opt['need'] = False
@@ -123,12 +125,12 @@ class NTPInstance(service.Service):
for line in lines:
if not done:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
fd.write(line)
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
(variable, opts) = sline.split('=', 1)
- fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+ fd.write('NTPD_OPTS="%s %s"\n' % (opts, ' '.join(newopts)))
done = True
else:
fd.write(line)
--- a/setup.py
+++ b/setup.py
@@ -80,6 +80,7 @@ setup(
'ipalib.plugins',
'ipaplatform',
'ipaplatform.base',
+ 'ipaplatform.debian',
'ipaplatform.fedora',
'ipaserver',
'ipaserver.advise',
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -247,9 +247,9 @@ class LDAPUpdate:
bits = platform.architecture()[0]
if bits == "64bit":
- return "64"
+ return "/x86_64-linux-gnu"
else:
- return ""
+ return "/i386-linux-gnu"
def _template_str(self, s):
try:
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -202,14 +202,14 @@ class HTTPInstance(service.Service):
self.move_service(self.principal)
self.add_cert_to_service()
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
# Make sure that empty env is passed to avoid passing KRB5CCNAME from
# current env
- ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+ ipautil.run(['kdestroy', '-A'], runas='www-data', raiseonerr=False, env={})
def __configure_http(self):
target_fname = paths.HTTPD_IPA_CONF
@@ -255,7 +255,7 @@ class HTTPInstance(service.Service):
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
def __set_mod_nss_passwordfile(self):
- installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
+ installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', paths.HTTPD_PASSWORD_CONF)
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
@@ -300,7 +300,7 @@ class HTTPInstance(service.Service):
os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -148,7 +148,7 @@ class ServerCertInstall(admintool.AdminT
os.chmod(os.path.join(dirname, 'key3.db'), 0640)
os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1122,7 +1122,7 @@ class CAInstance(service.Service):
os.chmod(self.ra_agent_db + "/key3.db", 0640)
os.chmod(self.ra_agent_db + "/secmod.db", 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -740,7 +740,7 @@ class CertDB(object):
f.close()
pwdfile.close()
# TODO: replace explicit uid by a platform-specific one
- self.set_perms(self.pwd_conf, uid="apache")
+ self.set_perms(self.pwd_conf, uid="www-data")
def find_root_cert(self, nickname):
"""
--- a/init/ipa_memcached.conf
+++ b/init/ipa_memcached.conf
@@ -1,5 +1,5 @@
SOCKET_PATH=/var/run/ipa_memcached/ipa_memcached
-USER=apache
+USER=www-data
MAXCONN=1024
CACHESIZE=64
OPTIONS=
--- a/init/systemd/ipa.conf.tmpfiles
+++ b/init/systemd/ipa.conf.tmpfiles
@@ -1,2 +1,2 @@
-d /var/run/ipa_memcached 0700 apache apache
+d /var/run/ipa_memcached 0700 www-data www-data
d /var/run/ipa 0700 root root
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -482,7 +482,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
- reverse_zone, named_user="named", zonemgr=None,
+ reverse_zone, named_user="bind", zonemgr=None,
ca_configured=None):
self.named_user = named_user
self.fqdn = fqdn
@@ -844,7 +844,7 @@ class BindInstance(service.Service):
def __generate_rndc_key(self):
installutils.check_entropy()
- ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+ ipautil.run(paths.GENERATE_RNDC_KEY)
def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name,
reverse_zone, ntp=False, ca_configured=None):
--- a/init/systemd/ipa_memcached.service
+++ b/init/systemd/ipa_memcached.service
@@ -4,7 +4,7 @@ After=network.target
[Service]
Type=forking
-EnvironmentFile=/etc/sysconfig/ipa_memcached
+EnvironmentFile=/etc/default/ipa-memcached
PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS
Reference in New Issue View Git Blame Copy Permalink