summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2013-06-03 12:06:06 +0200
committerPetr Viktorin <pviktori@redhat.com>2013-06-05 12:27:45 +0200
commit6f51f92138ff12eff732bf028751dcfa8ef9b442 (patch)
tree43790070a339e5cc8ae44ac6c48ee4bda16b57e5
parente31eea3268497dc048d50dfcd952a6fb89e8e388 (diff)
downloadfreeipa-6f51f92138ff12eff732bf028751dcfa8ef9b442.zip
freeipa-6f51f92138ff12eff732bf028751dcfa8ef9b442.tar.gz
freeipa-6f51f92138ff12eff732bf028751dcfa8ef9b442.tar.xz
Use private ccache in ipa install tools
All installers that handle Kerberos auth, have been altered to use private ccache, that is ipa-server-install, ipa-dns-install, ipa-replica-install, ipa-ca-install. https://fedorahosted.org/freeipa/ticket/3666
-rwxr-xr-xinstall/tools/ipa-ca-install13
-rwxr-xr-xinstall/tools/ipa-dns-install5
-rwxr-xr-xinstall/tools/ipa-replica-install13
-rwxr-xr-xinstall/tools/ipa-server-install7
-rw-r--r--ipaserver/install/installutils.py22
5 files changed, 44 insertions, 16 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 81c1183..3b7e9d2 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -28,9 +28,9 @@ from ipapython import services as ipaservices
from ipaserver.install import installutils, service
from ipaserver.install import certs
-from ipaserver.install.installutils import HostnameLocalhost
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig,
+ expand_replica_info, read_replica_info, get_host_name, BadHostError,
+ private_ccache)
from ipaserver.install import dsinstance, cainstance, bindinstance
from ipaserver.install.replication import replica_conn_check
from ipapython import version
@@ -212,9 +212,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
if __name__ == '__main__':
try:
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-ca-install',
- fail_message=fail_message)
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-ca-install',
+ fail_message=fail_message)
finally:
# always try to remove decrypted replica file
try:
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index e12a046..47bc31b 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -258,5 +258,6 @@ def main():
return 0
if __name__ == '__main__':
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-dns-install')
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-dns-install')
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index b194b85a..04cad42 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -36,9 +36,9 @@ from ipaserver.install import dsinstance, installutils, krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver.install import memcacheinstance
from ipaserver.install.replication import replica_conn_check, ReplicationManager
-from ipaserver.install.installutils import HostnameLocalhost, resolve_host
-from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
-from ipaserver.install.installutils import get_host_name, BadHostError
+from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
+ ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
+ BadHostError, private_ccache)
from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import cainstance
from ipalib import api, errors, util
@@ -726,9 +726,10 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
if __name__ == '__main__':
try:
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-replica-install',
- fail_message=fail_message)
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-replica-install',
+ fail_message=fail_message)
finally:
# always try to remove decrypted replica file
try:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 62adbd5..3e18c8e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1210,6 +1210,7 @@ def main():
if __name__ == '__main__':
success = False
+
try:
# FIXME: Common option parsing, logging setup, etc should be factored
# out from all install scripts
@@ -1219,8 +1220,10 @@ if __name__ == '__main__':
else:
log_file_name = "/var/log/ipaserver-install.log"
- installutils.run_script(main, log_file_name=log_file_name,
- operation_name='ipa-server-install')
+ # Use private ccache
+ with private_ccache():
+ installutils.run_script(main, log_file_name=log_file_name,
+ operation_name='ipa-server-install')
success = True
finally:
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 5ed2689..a568eae 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -28,6 +28,7 @@ import shutil
from ConfigParser import SafeConfigParser, NoOptionError
import traceback
import textwrap
+from contextlib import contextmanager
from dns import resolver, rdatatype
from dns.exception import DNSException
@@ -753,3 +754,24 @@ def check_pkcs12(pkcs12_info, ca_file, hostname):
(pkcs12_filename, e))
return server_cert_name
+
+
+@contextmanager
+def private_ccache():
+
+ (desc, path) = tempfile.mkstemp(prefix='krbcc')
+ os.close(desc)
+
+ original_value = os.environ.get('KRB5CCNAME', None)
+
+ os.environ['KRB5CCNAME'] = path
+
+ yield
+
+ if original_value is not None:
+ os.environ['KRB5CCNAME'] = original_value
+ else:
+ os.environ.pop('KRB5CCNAME')
+
+ if os.path.exists(path):
+ os.remove(path)