mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
861aa9c1b8
This gives the root user low privileges so that when anonymous searches are denied the init scripts can still search the directory via ldapi to get the list of serevices to start. Fixes: https://fedorahosted.org/freeipa/ticket/795
265 lines
7.9 KiB
Python
Executable File
265 lines
7.9 KiB
Python
Executable File
#!/usr/bin/python
|
|
# Authors: Simo Sorce <ssorce@redhat.com>
|
|
#
|
|
# Copyright (C) 2008-2010 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
import sys
|
|
try:
|
|
from ipaserver.install import service
|
|
from ipaserver.install import dsinstance
|
|
from ipapython import config
|
|
from ipalib import api, errors
|
|
import logging
|
|
import ldap
|
|
import ldap.sasl
|
|
import socket
|
|
except ImportError:
|
|
print >> sys.stderr, """\
|
|
There was a problem importing one of the required Python modules. The
|
|
error was:
|
|
|
|
%s
|
|
""" % sys.exc_value
|
|
sys.exit(1)
|
|
|
|
SASL_EXTERNAL = ldap.sasl.sasl({}, 'EXTERNAL')
|
|
|
|
def parse_options():
|
|
usage = "%prog start|stop|restart|status\n"
|
|
parser = config.IPAOptionParser(usage=usage,
|
|
formatter=config.IPAFormatter())
|
|
|
|
parser.add_option("-d", "--debug", action="store_true", dest="debug",
|
|
help="Display debugging information")
|
|
|
|
options, args = parser.parse_args()
|
|
safe_options = parser.get_safe_opts(options)
|
|
|
|
return safe_options, options, args
|
|
|
|
def emit_err(err):
|
|
sys.stderr.write(err)
|
|
|
|
def get_config():
|
|
base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (socket.gethostname(),
|
|
api.env.basedn)
|
|
srcfilter = '(ipaConfigString=enabledService)'
|
|
attrs = ['cn', 'ipaConfigString']
|
|
|
|
try:
|
|
con = ldap.initialize(api.env.ldap_uri)
|
|
con.sasl_interactive_bind_s('', SASL_EXTERNAL)
|
|
res = con.search_st(base,
|
|
ldap.SCOPE_SUBTREE,
|
|
filterstr=srcfilter,
|
|
attrlist=attrs,
|
|
timeout=10)
|
|
except Exception, e:
|
|
print "Error retrieving list of services %s" % e
|
|
print "Is IPA installed ?"
|
|
raise
|
|
|
|
svc_list = []
|
|
|
|
for entry in res:
|
|
name = entry[1]['cn'][0]
|
|
for p in entry[1]['ipaConfigString']:
|
|
if p.startswith('startOrder '):
|
|
order = p.split()[1]
|
|
svc_list.append((order, name))
|
|
|
|
return svc_list
|
|
|
|
def ipa_start(serverid):
|
|
|
|
try:
|
|
print "Starting Directory Service"
|
|
service.start('dirsrv', instance_name=serverid, capture_output=False)
|
|
except:
|
|
emit_err("Failed to start Directory Service")
|
|
return
|
|
|
|
svc_list = []
|
|
try:
|
|
svc_list = get_config()
|
|
except:
|
|
emit_err("Failed to read data from Directory Service")
|
|
emit_err("Shutting down")
|
|
service.stop('dirsrv', instance_name=serverid, capture_output=False)
|
|
|
|
if len(svc_list) == 0:
|
|
return
|
|
|
|
for (order, svc) in sorted(svc_list):
|
|
svc_name = service.SERVICE_LIST[svc][0]
|
|
try:
|
|
print "Starting %s Service" % svc
|
|
service.start(svc_name, capture_output=False)
|
|
except:
|
|
emit_err("Failed to start %s Service" % svc)
|
|
emit_err("Shutting down")
|
|
for (order, svc) in sorted(svc_list):
|
|
svc_name = service.SERVICE_LIST[svc][0]
|
|
try:
|
|
service.stop(svc_name, capture_output=False)
|
|
except:
|
|
pass
|
|
try:
|
|
service.stop('dirsrv', instance_name=serverid, capture_output=False)
|
|
except:
|
|
pass
|
|
return
|
|
|
|
def ipa_stop(serverid):
|
|
|
|
svc_list = []
|
|
try:
|
|
svc_list = get_config()
|
|
except:
|
|
# ok if dirsrv died this may fail, so let's try to quickly restart it
|
|
# and see if we can get anything. If not throw our hands up and just
|
|
# exit
|
|
try:
|
|
service.start('dirsrv', instance_name=serverid, capture_output=False)
|
|
svc_list = get_config()
|
|
except:
|
|
emit_err("Failed to read data from Directory Service")
|
|
emit_err("Shutting down")
|
|
service.stop('dirsrv', instance_name=serverid, capture_output=False)
|
|
|
|
if len(svc_list) == 0:
|
|
return
|
|
|
|
for (order, svc) in sorted(svc_list, reverse=True):
|
|
svc_name = service.SERVICE_LIST[svc][0]
|
|
try:
|
|
print "Stopping %s Service" % svc
|
|
service.stop(svc_name, capture_output=False)
|
|
except:
|
|
emit_err("Failed to stop %s Service" % svc)
|
|
|
|
try:
|
|
print "Stopping Directory Service"
|
|
service.stop('dirsrv', instance_name=serverid, capture_output=False)
|
|
except:
|
|
emit_err("Failed to stop Directory Service")
|
|
return
|
|
|
|
|
|
def ipa_restart(serverid):
|
|
try:
|
|
print "Restarting Directory Service"
|
|
service.restart('dirsrv', instance_name=serverid, capture_output=False)
|
|
except:
|
|
emit_err("Failed to restart Directory Service")
|
|
return
|
|
|
|
svc_list = []
|
|
try:
|
|
svc_list = get_config()
|
|
except:
|
|
emit_err("Failed to read data from Directory Service")
|
|
emit_err("Shutting down")
|
|
service.stop('dirsrv', instance_name=serverid, capture_output=False)
|
|
|
|
if len(svc_list) == 0:
|
|
return
|
|
|
|
for (order, svc) in sorted(svc_list):
|
|
svc_name = service.SERVICE_LIST[svc][0]
|
|
try:
|
|
print "Restarting %s Service" % svc
|
|
service.restart(svc_name, capture_output=False)
|
|
except:
|
|
emit_err("Failed to restart %s Service" % svc)
|
|
emit_err("Shutting down")
|
|
for (order, svc) in sorted(svc_list):
|
|
svc_name = service.SERVICE_LIST[svc][0]
|
|
try:
|
|
service.stop(svc_name, capture_output=False)
|
|
except:
|
|
pass
|
|
try:
|
|
service.stop('dirsrv', instance_name=serverid, capture_output=False)
|
|
except:
|
|
pass
|
|
return
|
|
|
|
def ipa_status(serverid):
|
|
try:
|
|
if service.is_running('dirsrv', instance_name=serverid):
|
|
print "Directory Service: RUNNING"
|
|
else:
|
|
print "Directory Service: STOPPED"
|
|
except:
|
|
print "Failed to get Directory Service status"
|
|
return
|
|
|
|
svc_list = []
|
|
try:
|
|
svc_list = get_config()
|
|
except:
|
|
print "Failed to get list of services to probe status"
|
|
|
|
if len(svc_list) == 0:
|
|
return
|
|
|
|
for (order, svc) in sorted(svc_list):
|
|
svc_name = service.SERVICE_LIST[svc][0]
|
|
try:
|
|
if service.is_running(svc_name):
|
|
print "%s Service: RUNNING" % svc
|
|
else:
|
|
print "%s Service: STOPPED" % svc
|
|
except:
|
|
print "Failed to get %s Service status" % svc
|
|
|
|
def main():
|
|
|
|
safe_options, options, args = parse_options()
|
|
|
|
if len(args) != 1:
|
|
sys.exit("You must specify one action")
|
|
elif args[0] != "start" and args[0] != "stop" and args[0] != "restart" and args[0] != "status":
|
|
sys.exit("Unrecognized action [" + args[0] + "]")
|
|
|
|
api.bootstrap(context='cli', debug=options.debug)
|
|
api.finalize()
|
|
|
|
serverid = dsinstance.realm_to_serverid(api.env.realm)
|
|
|
|
if args[0].lower() == "start":
|
|
ipa_start(serverid)
|
|
elif args[0].lower() == "stop":
|
|
ipa_stop(serverid)
|
|
elif args[0].lower() == "restart":
|
|
ipa_restart(serverid)
|
|
elif args[0].lower() == "status":
|
|
ipa_status(serverid)
|
|
|
|
try:
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|
|
except RuntimeError, e:
|
|
print "%s" % e
|
|
sys.exit(1)
|
|
except SystemExit, e:
|
|
sys.exit(e)
|
|
except KeyboardInterrupt, e:
|
|
sys.exit(1)
|