IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-27 09:21:59 -06:00
Code Issues Packages Projects Releases Wiki Activity
3a42bc0960
freeipa/daemons/dnssec/ipa-dnskeysyncd.in
Christian Heimes 6d02eddd3e Replace PYTHONSHEBANG with valid shebang 
Replace the @PYTHONSHEBANG@ substitution with a valid #!/usr/bin/python3
shebang. This turns Python .in files into valid Python files. The files
can now be checked with pylint and IDEs recognize the files as Python
files.

The shebang is still replaced with "#!$(PYTHON) -E" to support
platform-python.

Related: https://pagure.io/freeipa/issue/7984
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
2019-06-24 09:35:57 +02:00

121 lines
3.5 KiB
Python
Raw Blame History

#!/usr/bin/python3
#
# Copyright (C) 2014 FreeIPA Contributors see COPYING for license
#
import logging
import sys
import ldap
import ldapurl
import os
import signal
import time
from ipalib import api
from ipalib.install.kinit import kinit_keytab
from ipapython.dn import DN
from ipapython.ipa_log_manager import standard_logging_setup
from ipapython import ipaldap
from ipaplatform.paths import paths
from ipaserver.dnssec.keysyncer import KeySyncer
logger = logging.getLogger(os.path.basename(__file__))
# IPA framework initialization
standard_logging_setup(verbose=True)
api.bootstrap(context='dns', confdir=paths.ETC_IPA, in_server=True)
api.finalize()
if api.env.debug:
root_logger = logging.getLogger()
root_logger.setLevel(logging.DEBUG)
# Global state
watcher_running = True
ldap_connection = False
DAEMONNAME = 'ipa-dnskeysyncd'
PRINCIPAL = None # not initialized yet
WORKDIR = '/tmp' # private temp
KEYTAB_FB = paths.IPA_DNSKEYSYNCD_KEYTAB
# Shutdown handler
def commenceShutdown(signum, stack):
# Declare the needed global variables
global watcher_running
global ldap_connection # pylint: disable=global-variable-not-assigned
logger.info('Signal %s received: Shutting down!', signum)
# We are no longer running
watcher_running = False
# Tear down the server connection
if ldap_connection:
ldap_connection.close_db()
del ldap_connection
# Shutdown
sys.exit(0)
os.umask(0o07)
# Signal handlers
signal.signal(signal.SIGTERM, commenceShutdown)
signal.signal(signal.SIGINT, commenceShutdown)
# Kerberos initialization
PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host))
logger.debug('Kerberos principal: %s', PRINCIPAL)
ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysyncd.ccache')
try:
kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename, attempts=5)
except Exception as ex:
logger.critical("Kerberos authentication failed: %s", ex)
# signal failure and let init system to restart the daemon
sys.exit(1)
os.environ['KRB5CCNAME'] = ccache_filename
# LDAP initialization
basedn = DN(api.env.container_dns, api.env.basedn)
ldap_url = ldapurl.LDAPUrl(api.env.ldap_uri)
ldap_url.dn = str(basedn)
ldap_url.scope = ldapurl.LDAP_SCOPE_SUBTREE
ldap_url.filterstr = '(|(objectClass=idnsZone)(objectClass=idnsSecKey)(objectClass=ipk11PublicKey))'
logger.debug('LDAP URL: %s', ldap_url.unparse())
# Real work
while watcher_running:
# Prepare the LDAP server connection (triggers the connection as well)
ldap_connection = KeySyncer(ldap_url.initializeUrl(), ipa_api=api)
# Now we login to the LDAP server
try:
logger.info('LDAP bind...')
ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
except ldap.INVALID_CREDENTIALS as e:
logger.exception('Login to LDAP server failed: %s', e)
sys.exit(1)
except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR) as e:
logger.exception('LDAP server is down, going to retry: %s', e)
time.sleep(5)
continue
# Commence the syncing
logger.info('Commencing sync process')
ldap_search = ldap_connection.syncrepl_search(
ldap_url.dn,
ldap_url.scope,
mode='refreshAndPersist',
attrlist=ldap_url.attrs,
filterstr=ldap_url.filterstr
)
try:
while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
pass
except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR) as e:
logger.error('syncrepl_poll: LDAP error (%s)', e)
sys.exit(1)
Reference in New Issue View Git Blame Copy Permalink