IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
daac5e2114d0873a7692c872d7d1d7d449c44898
freeipa/debian/patches/add-debian-platform.diff

761 lines
30 KiB
Diff
Raw Blame History

commit b076743f2cdd3a3cb9e8d0e8be7be8c90160fc21
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Fri Mar 1 12:21:00 2013 +0200
add debian platform support
--- /dev/null
+++ b/ipaplatform/debian/__init__.py
@@ -0,0 +1,22 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains Debian specific platform files.
+"""
--- /dev/null
+++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,353 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This Debian base platform module exports default filesystem paths as common
+in Debian-based systems.
+"""
+
+# Fallback to default path definitions
+from ipaplatform.base.paths import BasePathNamespace
+
+
+class DebianPathNamespace(BasePathNamespace):
+# BASH = "/bin/bash"
+# BIN_FALSE = "/bin/false"
+# BIN_HOSTNAME = "/bin/hostname"
+# LS = "/bin/ls"
+# SH = "/bin/sh"
+# SYSTEMCTL = "/bin/systemctl"
+# TAR = "/bin/tar"
+# BIN_TRUE = "/bin/true"
+# DEV_NULL = "/dev/null"
+# DEV_STDIN = "/dev/stdin"
+ AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
+# ETC_DIRSRV = "/etc/dirsrv"
+# DS_KEYTAB = "/etc/dirsrv/ds.keytab"
+# ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
+# ETC_FEDORA_RELEASE = "/etc/fedora-release"
+# GROUP = "/etc/group"
+# ETC_HOSTNAME = "/etc/hostname"
+# HOSTS = "/etc/hosts"
+ ETC_HTTPD_DIR = "/etc/apache2"
+ HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+ HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+# HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
+ HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf.enabled/ipa-kdc-proxy.conf"
+ HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
+ HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+ HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+# HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
+ IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+ HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+# IDMAPD_CONF = "/etc/idmapd.conf"
+# ETC_IPA = "/etc/ipa"
+# CONNCHECK_CCACHE = "/etc/ipa/.conncheck_ccache"
+# IPA_DNS_CCACHE = "/etc/ipa/.dns_ccache"
+# IPA_DNS_UPDATE_TXT = "/etc/ipa/.dns_update.txt"
+# IPA_CA_CRT = "/etc/ipa/ca.crt"
+# IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
+# IPA_DNSKEYSYNCD_KEYTAB = "/etc/ipa/dnssec/ipa-dnskeysyncd.keytab"
+# IPA_ODS_EXPORTER_KEYTAB = "/etc/ipa/dnssec/ipa-ods-exporter.keytab"
+# DNSSEC_SOFTHSM2_CONF = "/etc/ipa/dnssec/softhsm2.conf"
+# DNSSEC_SOFTHSM_PIN_SO = "/etc/ipa/dnssec/softhsm_pin_so"
+# IPA_NSSDB_DIR = "/etc/ipa/nssdb"
+# IPA_NSSDB_PWDFILE_TXT = "/etc/ipa/nssdb/pwdfile.txt"
+# KRB5_CONF = "/etc/krb5.conf"
+# KRB5_KEYTAB = "/etc/krb5.keytab"
+# LDAP_CONF = "/etc/ldap.conf"
+# LIBNSS_LDAP_CONF = "/etc/libnss-ldap.conf"
+ NAMED_CONF = "/etc/bind/named.conf"
+ NAMED_VAR_DIR = "/var/cache/bind"
+ NAMED_KEYTAB = "/etc/bind/named.keytab"
+ NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+ NAMED_ROOT_KEY = "/etc/bind/named.root.key"
+ NAMED_BINDKEYS_FILE = "/etc/bind/named.iscdlv.key"
+ NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
+# NSLCD_CONF = "/etc/nslcd.conf"
+# NSS_LDAP_CONF = "/etc/nss_ldap.conf"
+# NSSWITCH_CONF = "/etc/nsswitch.conf"
+# NTP_CONF = "/etc/ntp.conf"
+# NTP_STEP_TICKERS = "/etc/ntp/step-tickers"
+# ETC_OPENDNSSEC_DIR = "/etc/opendnssec"
+# OPENDNSSEC_CONF_FILE = "/etc/opendnssec/conf.xml"
+# OPENDNSSEC_KASP_FILE = "/etc/opendnssec/kasp.xml"
+# OPENDNSSEC_ZONELIST_FILE = "/etc/opendnssec/zonelist.xml"
+ OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
+ ETC_DEBIAN_VERSION = "/etc/debian_version"
+# PAM_LDAP_CONF = "/etc/pam_ldap.conf"
+# PASSWD = "/etc/passwd"
+# SYSTEMWIDE_IPA_CA_CRT = "/etc/pki/ca-trust/source/anchors/ipa-ca.crt"
+# IPA_P11_KIT = "/etc/pki/ca-trust/source/ipa.p11-kit"
+# NSS_DB_DIR = "/etc/pki/nssdb"
+# PKI_TOMCAT = "/etc/pki/pki-tomcat"
+# PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
+# PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
+# ETC_REDHAT_RELEASE = "/etc/redhat-release"
+# RESOLV_CONF = "/etc/resolv.conf"
+# SAMBA_KEYTAB = "/etc/samba/samba.keytab"
+# SMB_CONF = "/etc/samba/smb.conf"
+# LIMITS_CONF = "/etc/security/limits.conf"
+# SSH_CONFIG = "/etc/ssh/ssh_config"
+# SSHD_CONFIG = "/etc/ssh/sshd_config"
+# SSSD_CONF = "/etc/sssd/sssd.conf"
+# SSSD_CONF_BKP = "/etc/sssd/sssd.conf.bkp"
+# SSSD_CONF_DELETED = "/etc/sssd/sssd.conf.deleted"
+ ETC_SYSCONFIG_DIR = "/etc/default"
+# ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig"
+ SYSCONFIG_AUTOFS = "/etc/default/autofs"
+ SYSCONFIG_DIRSRV = "/etc/default/dirsrv"
+ SYSCONFIG_DIRSRV_INSTANCE = "/etc/default/dirsrv-%s"
+ SYSCONFIG_DIRSRV_SYSTEMD = "/etc/default/dirsrv.systemd"
+ SYSCONFIG_IPA_DNSKEYSYNCD = "/etc/default/ipa-dnskeysyncd"
+ SYSOCNFIG_IPA_ODS_EXPORTER = "/etc/default/ipa-ods-exporter"
+# SYSCONFIG_HTTPD = "/etc/sysconfig/httpd"
+ SYSCONFIG_KRB5KDC_DIR = "/etc/default/krb5-kdc"
+# SYSCONFIG_NAMED = "/etc/sysconfig/named"
+# SYSCONFIG_NETWORK = "/etc/sysconfig/network"
+# SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp"
+ SYSCONFIG_NFS = "/etc/default/nfs-common"
+ SYSCONFIG_NTPD = "/etc/default/ntp"
+#FIXME SYSCONFIG_ODS = "/etc/sysconfig/ods"
+ SYSCONFIG_PKI = "/etc/dogtag/"
+ SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat"
+ SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat"
+# ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
+# SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
+# SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
+# SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
+# SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
+#FIXME DNSSEC_TRUSTED_KEY = "/etc/trusted-key.key"
+# HOME_DIR = "/home"
+# ROOT_IPA_CACHE = "/root/.ipa_cache"
+# ROOT_PKI = "/root/.pki"
+# DOGTAG_ADMIN_P12 = "/root/ca-agent.p12"
+ KRA_AGENT_PEM = "/etc/apache2/nssdb/kra-agent.pem"
+# CACERT_P12 = "/root/cacert.p12"
+# ROOT_IPA_CSR = "/root/ipa.csr"
+# NAMED_PID = "/run/named/named.pid"
+# IP = "/sbin/ip"
+# NOLOGIN = "/sbin/nologin"
+# SBIN_REBOOT = "/sbin/reboot"
+# SBIN_RESTORECON = "/sbin/restorecon"
+ SBIN_SERVICE = "/usr/sbin/service"
+# TMP = "/tmp"
+# TMP_CA_P12 = "/tmp/ca.p12"
+# TMP_KRB5CC = "/tmp/krb5cc_%d"
+# USR_DIR = "/usr"
+# CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s"
+# PKCS12EXPORT = "/usr/bin/PKCS12Export"
+# CERTUTIL = "/usr/bin/certutil"
+# CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
+# DS_NEWINST_PL = "/usr/bin/ds_newinst.pl"
+# FIREFOX = "/usr/bin/firefox"
+# GETCERT = "/usr/bin/getcert"
+# GPG = "/usr/bin/gpg"
+# GPG_AGENT = "/usr/bin/gpg-agent"
+# IPA_GETCERT = "/usr/bin/ipa-getcert"
+# KDESTROY = "/usr/bin/kdestroy"
+# KINIT = "/usr/bin/kinit"
+# BIN_KVNO = "/usr/bin/kvno"
+# LDAPMODIFY = "/usr/bin/ldapmodify"
+# LDAPPASSWD = "/usr/bin/ldappasswd"
+# NET = "/usr/bin/net"
+# BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
+# NSUPDATE = "/usr/bin/nsupdate"
+# ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
+# ODS_SIGNER = "/usr/sbin/ods-signer"
+# OPENSSL = "/usr/bin/openssl"
+# PK12UTIL = "/usr/bin/pk12util"
+# SETPASSWD = "/usr/bin/setpasswd"
+# SIGNTOOL = "/usr/bin/signtool"
+# SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
+# SSLGET = "/usr/bin/sslget"
+# SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
+# SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
+# BIN_TIMEOUT = "/usr/bin/timeout"
+# UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
+# BIN_CURL = "/usr/bin/curl"
+# ZIP = "/usr/bin/zip"
+ BIND_LDAP_SO = "/usr/share/doc/bind9-dyndb-ldap/copyright"
+# BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
+# BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
+# USR_LIB_DIRSRV = "/usr/lib/dirsrv"
+# LIB_FIREFOX = "/usr/lib/firefox"
+#FIXME LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
+ LIB_SYSTEMD_SYSTEMD_DIR = "/lib/systemd/system/"
+# BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
+# USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
+# LIB64_FIREFOX = "/usr/lib64/firefox"
+# LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
+ DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit"
+ DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit"
+ IPA_SERVER_GUARD = "/usr/lib/certmonger/ipa-server-guard"
+ GENERATE_RNDC_KEY = "/usr/lib/ipa/generate-rndc-key.sh"
+ IPA_DNSKEYSYNCD_REPLICA = "/usr/lib/ipa/ipa-dnskeysync-replica"
+ IPA_DNSKEYSYNCD = "/usr/lib/ipa/ipa-dnskeysyncd"
+ IPA_ODS_EXPORTER = "/usr/lib/ipa/ipa-ods-exporter"
+# DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel-pkcs11"
+# GETSEBOOL = "/usr/sbin/getsebool"
+# GROUPADD = "/usr/sbin/groupadd"
+ HTTPD = "/usr/sbin/apache2ctl"
+# IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
+# IPA_DNS_INSTALL = "/usr/sbin/ipa-dns-install"
+# SBIN_IPA_JOIN = "/usr/sbin/ipa-join"
+# IPA_REPLICA_CONNCHECK = "/usr/sbin/ipa-replica-conncheck"
+# IPA_RMKEYTAB = "/usr/sbin/ipa-rmkeytab"
+# IPACTL = "/usr/sbin/ipactl"
+# NAMED = "/usr/sbin/named"
+# NAMED_PKCS11 = "/usr/sbin/named-pkcs11"
+# NTPD = "/usr/sbin/ntpd"
+# PKIDESTROY = "/usr/sbin/pkidestroy"
+# PKISPAWN = "/usr/sbin/pkispawn"
+ REMOVE_DS_PL = "/usr/sbin/remove-ds"
+# RESTORECON = "/usr/sbin/restorecon"
+# SELINUXENABLED = "/usr/sbin/selinuxenabled"
+# SETSEBOOL = "/usr/sbin/setsebool"
+ SETUP_DS_PL = "/usr/sbin/setup-ds"
+# SMBD = "/usr/sbin/smbd"
+# USERADD = "/usr/sbin/useradd"
+# USR_SHARE_IPA_DIR = "/usr/share/ipa/"
+# CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
+# FFEXTENSION = "/usr/share/ipa/ffextension"
+# IPA_HTML_DIR = "/usr/share/ipa/html"
+# CA_CRT = "/usr/share/ipa/html/ca.crt"
+# KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
+# KRB_CON = "/usr/share/ipa/html/krb.con"
+# KRB_JS = "/usr/share/ipa/html/krb.js"
+# HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
+# HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
+# NIS_ULDIF = "/usr/share/ipa/nis.uldif"
+# IPA_PLUGINS = "/usr/share/ipa/plugins"
+# SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
+# IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
+# UPDATES_DIR = "/usr/share/ipa/updates/"
+# CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
+ VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
+ VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
+ CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
+ KRB5KDC_KDC_CONF = "/var/lib/krb5kdc/kdc.conf"
+ KDC_PEM = "/var/lib/krb5kdc/kdc.pem"
+# VAR_LIB = "/var/lib"
+# AUTHCONFIG_LAST = "/var/lib/authconfig/last"
+# VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
+# CERTMONGER_CAS_DIR = "/var/lib/certmonger/cas/"
+# CERTMONGER_CAS_CA_RENEWAL = "/var/lib/certmonger/cas/ca_renewal"
+# CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/"
+# VAR_LIB_DIRSRV = "/var/lib/dirsrv"
+# DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif"
+# VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
+# VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
+# SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
+# SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
+# SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
+# VAR_LIB_IPA = "/var/lib/ipa"
+# IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
+# SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
+# IPA_BACKUP_DIR = "/var/lib/ipa/backup"
+# IPA_DNSSEC_DIR = "/var/lib/ipa/dnssec"
+# IPA_KASP_DB_BACKUP = "/var/lib/ipa/ipa-kasp.db.backup"
+# DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
+# DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
+# IPA_CA_CSR = "/var/lib/ipa/ca.csr"
+# PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
+# REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
+# REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
+# SYSRESTORE = "/var/lib/ipa/sysrestore"
+# STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
+# VAR_LIB_KDCPROXY = "/var/lib/kdcproxy"
+# VAR_LIB_PKI_DIR = "/var/lib/pki"
+# VAR_LIB_PKI_CA_ALIAS_DIR = "/var/lib/pki-ca/alias"
+# VAR_LIB_PKI_TOMCAT_DIR = "/var/lib/pki/pki-tomcat"
+# CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12"
+# KRA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12"
+# CA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
+# CAJARSIGNINGCERT_CFG = (
+# "/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg")
+# CASIGNEDLOGCERT_CFG = (
+# "/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg")
+# KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
+# KRACERT_P12 = "/root/kracert.p12"
+# SAMBA_DIR = "/var/lib/samba/"
+# SSSD_DB = "/var/lib/sss/db"
+# SSSD_MC_GROUP = "/var/lib/sss/mc/group"
+# SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
+# SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
+# SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
+# DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
+# VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
+# SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
+# SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
+ VAR_LOG_HTTPD_DIR = "/var/log/apache2"
+# IPABACKUP_LOG = "/var/log/ipabackup.log"
+# IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
+# IPACLIENT_UNINSTALL_LOG = "/var/log/ipaclient-uninstall.log"
+# IPAREPLICA_CA_INSTALL_LOG = "/var/log/ipareplica-ca-install.log"
+# IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log"
+# IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log"
+# IPARESTORE_LOG = "/var/log/iparestore.log"
+# IPASERVER_CA_INSTALL_LOG = "/var/log/ipaserver-ca-install.log"
+# IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
+# IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
+# IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
+# IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
+# IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
+# KADMIND_LOG = "/var/log/kadmind.log"
+# MESSAGES = "/var/log/messages"
+# VAR_LOG_PKI_DIR = "/var/log/pki/"
+# TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat"
+# TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
+# TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"
+# TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"
+# TOMCAT_KRA_DIR = "/var/log/pki/pki-tomcat/kra"
+# TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
+# TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
+# LOG_SECURE = "/var/log/secure"
+ NAMED_RUN = "/var/cache/bind/data/named.run"
+ VAR_OPENDNSSEC_DIR = "/var/lib/opendnssec"
+ OPENDNSSEC_KASP_DB = "/var/lib/opendnssec/kasp.db"
+ IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
+# VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
+ KRB5CC_HTTPD = "/var/run/apache2/ipa/krbcache/krb5ccache"
+# IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
+# SVC_LIST_FILE = "/var/run/ipa/services.list"
+# IPA_MEMCACHED_DIR = "/var/run/ipa_memcached"
+# VAR_RUN_IPA_MEMCACHED = "/var/run/ipa_memcached/ipa_memcached"
+# KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
+# SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
+# ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
+# ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
+# ENTROPY_AVAIL = '/proc/sys/kernel/random/entropy_avail'
+# LDIF2DB = '/usr/sbin/ldif2db'
+# DB2LDIF = '/usr/sbin/db2ldif'
+# BAK2DB = '/usr/sbin/bak2db'
+# DB2BAK = '/usr/sbin/db2bak'
+# KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
+# CERTMONGER = '/usr/sbin/certmonger'
+# NETWORK_MANAGER_CONFIG_DIR = '/etc/NetworkManager/conf.d'
+# IPA_CUSTODIA_CONF_DIR = '/etc/ipa/custodia'
+# IPA_CUSTODIA_CONF = '/etc/ipa/custodia/custodia.conf'
+ IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
+ IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
+ IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
+
+paths = DebianPathNamespace()
--- /dev/null
+++ b/ipaplatform/debian/services.py
@@ -0,0 +1,202 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Contains Debian-specific service class implementations.
+"""
+
+import time
+
+from ipaplatform.tasks import tasks
+from ipaplatform.base import services as base_services
+from ipaplatform.redhat import services as redhat_services
+from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger
+from ipalib import api
+from ipaplatform.paths import paths
+
+# Mappings from service names as FreeIPA code references to these services
+# to their actual systemd service names
+debian_system_units = redhat_services.redhat_system_units
+
+debian_system_units['pki-tomcatd'] = 'pki-tomcatd.service'
+debian_system_units['pki_tomcatd'] = debian_system_units['pki-tomcatd']
+
+# Service classes that implement Debian-specific behaviour
+
+class DebianService(redhat_services.RedHatService):
+ system_units = debian_system_units
+
+
+class DebianSysvService(base_services.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""):
+ """
+ If this is a service we need to wait for do so.
+ """
+ ports = None
+ if instance_name in base_services.wellknownports:
+ ports = base_services.wellknownports[instance_name]
+ else:
+ if self.service_name in base_services.wellknownports:
+ ports = base_services.wellknownports[self.service_name]
+ if ports:
+ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+ def stop(self, instance_name='', capture_output=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "stop",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ super(DebianSysvService, self).stop(instance_name)
+
+ def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "start",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+ super(DebianSysvService, self).start(instance_name)
+
+ def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart",
+ instance_name], capture_output=capture_output)
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+
+ def is_running(self, instance_name=""):
+ ret = True
+ try:
+ result = ipautil.run([paths.SBIN_SERVICE,
+ self.service_name, "status",
+ instance_name],
+ capture_output=True)
+ sout = result.output
+ if sout.find("NOT running") >= 0:
+ ret = False
+ if sout.find("stop") >= 0:
+ ret = False
+ if sout.find("inactive") >= 0:
+ ret = False
+ except ipautil.CalledProcessError:
+ ret = False
+ return ret
+
+ def is_installed(self):
+ installed = True
+ try:
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "status"])
+ except ipautil.CalledProcessError, e:
+ if e.returncode == 1:
+ # service is not installed or there is other serious issue
+ installed = False
+ return installed
+
+ def is_enabled(self, instance_name=""):
+ # Services are always assumed to be enabled when installed
+ return True
+
+ def enable(self):
+ return True
+
+ def disable(self):
+ return True
+
+ def install(self):
+ return True
+
+ def remove(self):
+ return True
+
+ def tune_nofile_platform(self):
+ return True
+
+# For services which have no Debian counterpart
+class DebianNoService(base_services.PlatformService):
+ def restart(self):
+ return True
+
+ def disable(self):
+ return True
+
+
+class DebianSSHService(DebianSysvService):
+ def get_config_dir(self, instance_name=""):
+ return '/etc/ssh'
+
+class DebianNamedService(DebianSysvService):
+ def get_user_name(self):
+ return u'bind'
+
+ def get_group_name(self):
+ return u'bind'
+
+ def get_binary_path(self):
+ return paths.NAMED
+
+ def get_package_name(self):
+ return u'bind9'
+
+
+# Function that constructs proper Debian-specific server classes for services
+# of specified name
+
+def debian_service_class_factory(name):
+ if name == 'dirsrv':
+ return redhat_services.RedHatDirectoryService(name)
+ if name == 'domainname':
+ return DebianNoService(name)
+ if name == 'ipa':
+ return redhat_services.RedHatIPAService(name)
+ if name == 'httpd':
+ return DebianSysvService("apache2")
+ if name == 'kadmin':
+ return DebianSysvService("krb5-admin-server")
+ if name == 'krb5kdc':
+ return DebianSysvService("krb5-kdc")
+ if name == 'messagebus':
+ return DebianSysvService("dbus")
+ if name == 'named':
+ return DebianNamedService("bind9")
+ if name == 'ntpd':
+ return DebianSysvService("ntp")
+ if name == 'sshd':
+ return DebianSSHService(name)
+ return DebianService(name)
+
+
+# Magicdict containing DebianService instances.
+
+class DebianServices(base_services.KnownServices):
+ def __init__(self):
+ services = dict()
+ for s in base_services.wellknownservices:
+ services[s] = debian_service_class_factory(s)
+ # Call base class constructor. This will lock services to read-only
+ super(DebianServices, self).__init__(services)
+
+
+# Objects below are expected to be exported by platform module
+
+from ipaplatform.base.services import timedate_services
+service = debian_service_class_factory
+knownservices = DebianServices()
--- /dev/null
+++ b/ipaplatform/debian/tasks.py
@@ -0,0 +1,53 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains default Debian-specific implementations of system tasks.
+"""
+
+from ipaplatform.paths import paths
+from ipaplatform.base.tasks import *
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+class DebianTaskNamespace(RedHatTaskNamespace):
+
+ def restore_pre_ipa_client_configuration(self, fstore, statestore,
+ was_sssd_installed,
+ was_sssd_configured):
+ return True
+
+ def set_nisdomain(self, nisdomain):
+ return True
+
+ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+ return True
+
+ def modify_pam_to_use_krb5(self, statestore):
+ return True
+
+ def insert_ca_cert_into_systemwide_ca_store(self, ca_certs):
+ return True
+
+ def remove_ca_certs_from_systemwide_ca_store(self):
+ return True
+
+ def restore_network_configuration(self, fstore, statestore):
+ return True
+
+tasks = DebianTaskNamespace()
--- a/ipaplatform/setup.py.in
+++ b/ipaplatform/setup.py.in
@@ -67,6 +67,7 @@ def setup_package():
package_dir = {'ipaplatform': ''},
packages = ["ipaplatform",
"ipaplatform.base",
+ "ipaplatform.debian",
"ipaplatform.fedora",
"ipaplatform.redhat",
"ipaplatform.rhel"],
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -50,6 +50,8 @@ class NTPInstance(service.Service):
os = "fedora"
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel"
+ elif ipautil.file_exists(paths.ETC_DEBIAN_VERSION):
+ os = "debian"
srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os)
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -332,9 +332,9 @@ class LDAPUpdate:
bits = platform.architecture()[0]
if bits == "64bit":
- return "64"
+ return "/x86_64-linux-gnu"
else:
- return ""
+ return "/i386-linux-gnu"
def _template_str(self, s):
try:
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -168,6 +168,7 @@ class HTTPInstance(service.Service):
self.step("create KDC proxy user", create_kdcproxy_user)
self.step("create KDC proxy config", self.create_kdcproxy_conf)
self.step("enable KDC proxy", self.enable_kdcproxy)
+ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable)
self.step("enabling oddjobd", self.enable_and_start_oddjobd)
@@ -483,6 +484,8 @@ class HTTPInstance(service.Service):
except Exception:
pass
+ ipautil.run(["/usr/sbin/a2dismod", "nss"], capture_output=True)
+
self.stop_tracking_certificates()
helper = self.restore_state('certmonger_ipa_helper')
--- a/init/ipa_memcached.conf
+++ b/init/ipa_memcached.conf
@@ -1,5 +1,5 @@
SOCKET_PATH=/var/run/ipa_memcached/ipa_memcached
-USER=apache
+USER=www-data
MAXCONN=1024
CACHESIZE=64
OPTIONS=
--- a/init/systemd/ipa_memcached.service
+++ b/init/systemd/ipa_memcached.service
@@ -4,7 +4,7 @@ After=network.target
[Service]
Type=forking
-EnvironmentFile=/etc/sysconfig/ipa_memcached
+EnvironmentFile=/etc/default/ipa_memcached
PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -38,10 +38,6 @@ logging {
};
};
-zone "." IN {
- type hint;
- file "named.ca";
-};
include "$RFC1912_ZONES";
include "$ROOT_KEY";
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+'''
+This Debian family platform module exports platform dependant constants.
+'''
+
+# Fallback to default path definitions
+from ipaplatform.base.constants import BaseConstantsNamespace
+
+
+class DebianConstantsNamespace(BaseConstantsNamespace):
+ HTTPD_USER = "www-data"
+ NAMED_USER = "bind"
+ # ntpd init variable used for daemon options
+ NTPD_OPTS_VAR = "NTPD_OPTS"
+ # quote used for daemon options
+ NTPD_OPTS_QUOTE = "\'"
+ SECURE_NFS_VAR = "NEED_GSSD"
+
+constants = DebianConstantsNamespace()
Reference in New Issue View Git Blame Copy Permalink