summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2013-06-05 15:48:35 +0200
committerMartin Kosek <mkosek@redhat.com>2013-06-06 18:16:59 +0200
commitb2c378dcc8221dbf254b0cd0b204e84f0d0eeebf (patch)
treeb3a6a6c831f50b8aac50599bfcdc6ad2620e396d
parentbcf8ab24d5c8fefdaaf49a50ddce6f8fc8702be1 (diff)
downloadfreeipa-b2c378dcc8221dbf254b0cd0b204e84f0d0eeebf.zip
freeipa-b2c378dcc8221dbf254b0cd0b204e84f0d0eeebf.tar.gz
freeipa-b2c378dcc8221dbf254b0cd0b204e84f0d0eeebf.tar.xz
Manage ipa-otpd.socket by IPA
Adds a new simple service called OtpdInstance, that manages ipa-otpd.socket service. Added to server/replica installer and ipa-upgradeconfig script. https://fedorahosted.org/freeipa/ticket/3680
-rwxr-xr-xinstall/tools/ipa-replica-install6
-rwxr-xr-xinstall/tools/ipa-server-install12
-rw-r--r--install/tools/ipa-upgradeconfig29
-rw-r--r--ipapython/platform/fedora16/service.py1
-rw-r--r--ipaserver/install/otpdinstance.py25
-rw-r--r--ipaserver/install/service.py17
6 files changed, 68 insertions, 22 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 04cad42..209ca85 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -35,6 +35,7 @@ from ipapython import ipautil
from ipaserver.install import dsinstance, installutils, krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
from ipaserver.install.replication import replica_conn_check, ReplicationManager
from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
@@ -667,6 +668,11 @@ def main():
krb = install_krb(config, setup_pkinit=options.setup_pkinit)
http = install_http(config, auto_redirect=options.ui_redirect)
+
+ otpd = otpdinstance.OtpdInstance()
+ otpd.create_instance('OTPD', config.host_name, config.dirman_password,
+ ipautil.realm_to_suffix(config.realm_name))
+
if CA:
CA.configure_certmonger_renewal()
CA.import_ra_cert(dir + "/ra.p12")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 3e18c8e..b906132 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -49,6 +49,7 @@ from ipaserver.install import ntpinstance
from ipaserver.install import certs
from ipaserver.install import cainstance
from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
from ipaserver.install import sysupgrade
from ipaserver.install import service, installutils
@@ -513,6 +514,7 @@ def uninstall():
krbinstance.KrbInstance(fstore).uninstall()
dsinstance.DsInstance(fstore=fstore).uninstall()
memcacheinstance.MemcacheInstance().uninstall()
+ otpdinstance.OtpdInstance().uninstall()
ipaservices.restore_network_configuration(fstore, sstore)
fstore.restore_all_files()
try:
@@ -1092,11 +1094,15 @@ def main():
# generated
ds.add_cert_to_service()
- # Create a HTTP instance
-
memcache = memcacheinstance.MemcacheInstance()
- memcache.create_instance('MEMCACHE', host_name, dm_password, ipautil.realm_to_suffix(realm_name))
+ memcache.create_instance('MEMCACHE', host_name, dm_password,
+ ipautil.realm_to_suffix(realm_name))
+ otpd = otpdinstance.OtpdInstance()
+ otpd.create_instance('OTPD', host_name, dm_password,
+ ipautil.realm_to_suffix(realm_name))
+
+ # Create a HTTP instance
http = httpinstance.HTTPInstance(fstore)
if options.http_pkcs12:
http.create_instance(
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 8e9357f..4e92169 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -48,6 +48,7 @@ from ipaserver.install import bindinstance
from ipaserver.install import service
from ipaserver.install import cainstance
from ipaserver.install import certs
+from ipaserver.install import otpdinstance
from ipaserver.install import sysupgrade
@@ -925,17 +926,23 @@ def main():
uninstall_selfsign(ds, http)
- memcache = memcacheinstance.MemcacheInstance()
- memcache.ldapi = True
- memcache.realm = api.env.realm
- try:
- if not memcache.is_configured():
- # 389-ds needs to be running to create the memcache instance
- # because we record the new service in cn=masters.
- ds.start()
- memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm))
- except ipalib.errors.DuplicateEntry:
- pass
+ simple_service_list = (
+ (memcacheinstance.MemcacheInstance(), 'MEMCACHE'),
+ (otpdinstance.OtpdInstance(), 'OTPD'),
+ )
+
+ for service, ldap_name in simple_service_list:
+ service.ldapi = True
+ try:
+ if not service.is_configured():
+ # 389-ds needs to be running to create the memcache instance
+ # because we record the new service in cn=masters.
+ ds.start()
+ service.create_instance(ldap_name, fqdn, None,
+ ipautil.realm_to_suffix(api.env.realm),
+ realm=api.env.realm)
+ except ipalib.errors.DuplicateEntry:
+ pass
cleanup_kdc(fstore)
setup_firefox_extension(fstore)
diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index f8026b9..bceb87c 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -53,6 +53,7 @@ system_units['pki_cad'] = system_units['pki-cad']
# Our PKI instance is pki-tomcatd@pki-tomcat.service
system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service'
system_units['pki_tomcatd'] = system_units['pki-tomcatd']
+system_units['ipa-otpd'] = 'ipa-otpd.socket'
class Fedora16Service(systemd.SystemdService):
def __init__(self, service_name):
diff --git a/ipaserver/install/otpdinstance.py b/ipaserver/install/otpdinstance.py
new file mode 100644
index 0000000..2eed3f8
--- /dev/null
+++ b/ipaserver/install/otpdinstance.py
@@ -0,0 +1,25 @@
+# Authors: Tomas Babej <tbabej@redhat.com>
+#
+# Copyright (C) 2013 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import service
+
+
+class OtpdInstance(service.SimpleServiceInstance):
+ def __init__(self):
+ service.SimpleServiceInstance.__init__(self, "ipa-otpd") \ No newline at end of file
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 8f4a7db..f3cd189 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -40,14 +40,15 @@ DISABLED = 3
# The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple
# the first value is the *nix service name, the second the start order.
SERVICE_LIST = {
- 'KDC':('krb5kdc', 10),
- 'KPASSWD':('kadmin', 20),
- 'DNS':('named', 30),
- 'MEMCACHE':('ipa_memcached', 39),
- 'HTTP':('httpd', 40),
- 'CA':('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
- 'ADTRUST':('smb', 60),
- 'EXTID':('winbind', 70)
+ 'KDC': ('krb5kdc', 10),
+ 'KPASSWD': ('kadmin', 20),
+ 'DNS': ('named', 30),
+ 'MEMCACHE': ('ipa_memcached', 39),
+ 'HTTP': ('httpd', 40),
+ 'CA': ('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50),
+ 'ADTRUST': ('smb', 60),
+ 'EXTID': ('winbind', 70),
+ 'OTPD': ('ipa-otpd', 80),
}
def print_msg(message, output_fd=sys.stdout):