summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2011-09-13 00:10:45 +0300
committerMartin Kosek <mkosek@redhat.com>2011-09-13 11:35:25 +0200
commit7059bd195e3901c52920205b1fd9b91a8b2a52ca (patch)
tree7c751cacb02a964587d18960578a2c840e78a0e1
parentb73b0178971a0547ba72a9fdfaa85ad4cfa1cacf (diff)
downloadfreeipa-7059bd195e3901c52920205b1fd9b91a8b2a52ca.zip
freeipa-7059bd195e3901c52920205b1fd9b91a8b2a52ca.tar.gz
freeipa-7059bd195e3901c52920205b1fd9b91a8b2a52ca.tar.xz
Convert server install code to platform-independent access to system services
https://fedorahosted.org/freeipa/ticket/1605
-rw-r--r--ipaserver/install/bindinstance.py2
-rw-r--r--ipaserver/install/cainstance.py26
-rw-r--r--ipaserver/install/certs.py25
-rw-r--r--ipaserver/install/dsinstance.py23
-rw-r--r--ipaserver/install/httpinstance.py9
-rw-r--r--ipaserver/install/krbinstance.py7
-rw-r--r--ipaserver/install/ntpinstance.py7
-rw-r--r--ipaserver/install/replication.py4
8 files changed, 44 insertions, 59 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index c91b620..cdf7b93 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -615,7 +615,7 @@ class BindInstance(service.Service):
pass
if not enabled is None and not enabled:
- self.chkconfig_off()
+ self.disable()
if not running is None and running:
self.start()
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index d86b392..6a86e8c 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -47,6 +47,7 @@ import nss.nss as nss
from ipapython import ipautil
from ipapython import nsslib
+from ipapython import services as ipaservices
from ipaserver import ipaldap
from ipaserver.install import service
@@ -373,11 +374,7 @@ class CADSInstance(service.Service):
def restart_instance(self):
try:
- # Have to trick the base class to use the right service name
- sav_name = self.service_name
- self.service_name="dirsrv"
- self.restart(self.serverid)
- self.service_name=sav_name
+ ipaservices.knownservices.dirsrv.restart(self.serverid)
if not dsinstance.is_ds_running():
logging.critical("Failed to restart the directory server. See the installation log for details.")
sys.exit(1)
@@ -392,14 +389,12 @@ class CADSInstance(service.Service):
running = self.restore_state("running")
enabled = self.restore_state("enabled")
serverid = self.restore_state("serverid")
- sav_name = self.service_name
- self.service_name="dirsrv"
if not running is None:
- self.stop(serverid)
+ ipaservices.knownservices.dirsrv.stop(self.serverid)
if not enabled is None and not enabled:
- self.chkconfig_off()
+ ipaservices.knownservices.dirsrv.disable()
if not serverid is None:
# drop the trailing / off the config_dirname so the directory
@@ -409,7 +404,6 @@ class CADSInstance(service.Service):
dsdb.untrack_server_cert("Server-Cert")
dsinstance.erase_ds_instance_data(serverid)
- self.service_name="pkids"
user_exists = self.restore_state("user_exists")
if user_exists == False:
@@ -417,7 +411,6 @@ class CADSInstance(service.Service):
ipautil.run(["/usr/sbin/userdel", PKI_DS_USER])
except ipautil.CalledProcessError, e:
logging.critical("failed to delete user %s" % e)
- self.service_name = sav_name
class CAInstance(service.Service):
"""
@@ -1044,7 +1037,7 @@ class CAInstance(service.Service):
# Fix the CRL URI in the profile
installutils.set_directive('/var/lib/%s/profiles/ca/caIPAserviceCert.cfg' % PKI_INSTANCE_NAME, 'policyset.serverCertSet.9.default.params.crlDistPointsPointName_0', 'https://%s/ipa/crl/MasterCRL.bin' % self.fqdn, quotes=False, separator='=')
- ipautil.run(["/sbin/restorecon", publishdir])
+ ipaservices.restore_context(publishdir)
def __set_subject_in_config(self):
# dogtag ships with an IPA-specific profile that forces a subject
@@ -1058,7 +1051,7 @@ class CAInstance(service.Service):
enabled = self.restore_state("enabled")
if not enabled is None and not enabled:
- self.chkconfig_off()
+ self.disable()
try:
ipautil.run(["/usr/bin/pkiremove", "-pki_instance_root=/var/lib",
@@ -1148,14 +1141,11 @@ def install_replica_ca(config, postinstall=False):
# internally. In the case of the dogtag DS the name doesn't match the
# unix service.
- service_name = cs.service_name
service.print_msg("Restarting the directory and certificate servers")
- cs.service_name = "dirsrv"
ca.stop()
- cs.stop("PKI-IPA")
- cs.start("PKI-IPA")
+ ipaservices.knownservices.dirsrv.stop("PKI-IPA")
+ ipaservices.knownservices.dirsrv.start("PKI-IPA")
ca.start()
- cs.service_name = service_name
return (ca, cs)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index ead9c81..affa261 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -36,7 +36,7 @@ from ipapython import certmonger
from ipapython.certdb import get_ca_nickname
from ipalib import pkcs10
from ConfigParser import RawConfigParser, MissingSectionHeaderError
-import service
+from ipapython import services as ipaservices
from ipalib import x509
from ipalib.dn import DN
from ipalib.errors import CertificateOperationError
@@ -483,29 +483,30 @@ class CertDB(object):
"""
Tell certmonger to track the given certificate nickname.
"""
- service.chkconfig_on("certmonger")
- service.start("messagebus")
- service.start("certmonger")
+ cmonger = ipaservices.knownservices.certmonger
+ cmonger.enable()
+ ipaservices.knownservices.messagebus.start()
+ cmonger.start()
try:
(stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file)
except (ipautil.CalledProcessError, RuntimeError), e:
logging.error("certmonger failed starting to track certificate: %s" % str(e))
return
- service.stop("certmonger")
+ cmonger.stop()
cert = self.get_cert_from_db(nickname)
nsscert = x509.load_certificate(cert, dbdir=self.secdir)
subject = str(nsscert.subject)
m = re.match('New tracking request "(\d+)" added', stdout)
if not m:
- logging.error('Didn\'t get new certmonger request, got %s' % stdout)
- raise RuntimeError('certmonger did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (nickname, self.secdir))
+ logging.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout))
+ raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir))
request_id = m.group(1)
certmonger.add_principal(request_id, principal)
certmonger.add_subject(request_id, subject)
- service.start("certmonger")
+ cmonger.start()
def untrack_server_cert(self, nickname):
"""
@@ -514,13 +515,14 @@ class CertDB(object):
# Always start certmonger. We can't untrack something if it isn't
# running
- service.start("messagebus")
- service.start("certmonger")
+ cmonger = ipaservices.knownservices.certmonger
+ ipaservices.knownservices.messagebus.start()
+ cmonger.start()
try:
certmonger.stop_tracking(self.secdir, nickname=nickname)
except (ipautil.CalledProcessError, RuntimeError), e:
logging.error("certmonger failed to stop tracking certificate: %s" % str(e))
- service.stop("certmonger")
+ cmonger.stop()
def create_server_cert(self, nickname, hostname, other_certdb=None, subject=None):
"""
@@ -770,6 +772,7 @@ class CertDB(object):
f.write(pwdfile.read())
f.close()
pwdfile.close()
+ # TODO: replace explicit uid by a platform-specific one
self.set_perms(self.pwd_conf, uid="apache")
def find_root_cert(self, nickname):
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 8ccb22c..5abd5f3 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -30,6 +30,7 @@ import tempfile
from ipapython import ipautil
from ipapython import sysrestore
+from ipapython import services as ipaservices
import service
import installutils
@@ -107,18 +108,7 @@ def check_ports():
return (ds_unsecure, ds_secure)
def is_ds_running():
- """The DS init script always returns 0 when requesting status so it cannot
- be used to determine if the server is running. We have to look at the
- output.
- """
- ret = True
- try:
- (sout, serr, rcode) = ipautil.run(["/sbin/service", "dirsrv", "status"])
- if sout.find("is stopped") >= 0:
- ret = False
- except ipautil.CalledProcessError:
- ret = False
- return ret
+ return ipaservices.knownservices.dirsrv.is_running()
def has_managed_entries(host_name, dm_password):
"""Check to see if the Managed Entries plugin is available"""
@@ -310,8 +300,7 @@ class DsInstance(service.Service):
self.backup_state("enabled", self.is_enabled())
# At the end of the installation ipa-server-install will enable the
# 'ipa' service wich takes care of starting/stopping dirsrv
- # self.chkconfig_on()
- self.chkconfig_off()
+ self.disable()
def __setup_sub_dict(self):
server_root = find_server_root()
@@ -329,10 +318,10 @@ class DsInstance(service.Service):
def __create_ds_user(self):
user_exists = True
- try:
+ try:
pwd.getpwnam(DS_USER)
logging.debug("ds user %s exists" % DS_USER)
- except KeyError:
+ except KeyError:
user_exists = False
logging.debug("adding ds user %s" % DS_USER)
args = ["/usr/sbin/useradd", "-g", DS_GROUP,
@@ -644,7 +633,7 @@ class DsInstance(service.Service):
pass
if not enabled is None and not enabled:
- self.chkconfig_off()
+ self.disable()
serverid = self.restore_state("serverid")
if not serverid is None:
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 4294bee..eae6075 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -30,6 +30,7 @@ import dsinstance
import installutils
from ipapython import sysrestore
from ipapython import ipautil
+from ipapython import services as ipaservices
from ipalib import util, api
HTTPD_DIR = "/etc/httpd"
@@ -220,13 +221,13 @@ class HTTPInstance(service.Service):
os.chown(certs.NSS_DIR + "/pwdfile.txt", 0, pent.pw_gid )
# Fix SELinux permissions on the database
- ipautil.run(["/sbin/restorecon", certs.NSS_DIR + "/cert8.db"])
- ipautil.run(["/sbin/restorecon", certs.NSS_DIR + "/key3.db"])
+ ipaservices.restore_context(certs.NSS_DIR + "/cert8.db")
+ ipaservices.restore_context(certs.NSS_DIR + "/key3.db")
# In case this got generated as part of the install, reset the
# context
if ipautil.file_exists(certs.CA_SERIALNO):
- ipautil.run(["/sbin/restorecon", certs.CA_SERIALNO])
+ ipaservices.restore_context(certs.CA_SERIALNO)
os.chown(certs.CA_SERIALNO, 0, pent.pw_gid)
os.chmod(certs.CA_SERIALNO, 0664)
@@ -272,7 +273,7 @@ class HTTPInstance(service.Service):
db = certs.CertDB(api.env.realm)
db.untrack_server_cert("Server-Cert")
if not enabled is None and not enabled:
- self.chkconfig_off()
+ self.disable()
for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]:
try:
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 47fd520..513dc55 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -30,6 +30,7 @@ import service
import installutils
from ipapython import sysrestore
from ipapython import ipautil
+from ipapython import services as ipaservices
from ipalib import util
from ipalib import errors
@@ -226,7 +227,7 @@ class KrbInstance(service.Service):
def __configure_kdc_account_password(self):
hexpwd = ''
- for x in self.kdc_password:
+ for x in self.kdc_password:
hexpwd += (hex(ord(x))[2:])
self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd")
pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "w")
@@ -464,7 +465,7 @@ class KrbInstance(service.Service):
keydata = stash.read(keylen)
except os.error:
logging.critical("Failed to retrieve Master Key from Stash file: %s")
- #encode it in the asn.1 attribute
+ #encode it in the asn.1 attribute
MasterKey = univ.Sequence()
MasterKey.setComponentByPosition(0, univ.Integer(keytype))
MasterKey.setComponentByPosition(1, univ.OctetString(keydata))
@@ -574,7 +575,7 @@ class KrbInstance(service.Service):
pass
if not enabled is None and not enabled:
- self.chkconfig_off()
+ self.disable()
if not running is None and running:
self.start()
diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py
index d85e430..00217c3 100644
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -23,6 +23,7 @@ import logging
import service
from ipapython import sysrestore
from ipapython import ipautil
+from ipapython import services as ipaservices
class NTPInstance(service.Service):
def __init__(self, fstore=None):
@@ -143,7 +144,7 @@ class NTPInstance(service.Service):
def __enable(self):
self.backup_state("enabled", self.is_enabled())
- self.chkconfig_on()
+ self.enable()
def create_instance(self):
@@ -168,13 +169,13 @@ class NTPInstance(service.Service):
self.stop()
try:
- self.fstore.restore_file("/etc/ntp.conf")
+ self.fstore.restore_file("/etc/ntp.conf")
except ValueError, error:
logging.debug(error)
pass
if not enabled is None and not enabled:
- self.chkconfig_off()
+ self.disable()
if not running is None and running:
self.start()
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index fbf9c95..961e713 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -23,7 +23,7 @@ import os
import sys
import ldap
from ipaserver import ipaldap
-from ipaserver.install.service import restart
+from ipapython import services as ipaservices
import installutils
from ldap import modlist
from ipalib import util
@@ -106,7 +106,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')])
conn.unbind()
serverid = "-".join(realm.split("."))
- restart("dirsrv", instance_name=serverid)
+ ipaservices.knownservices.dirsrv.restart(instance_name=serverid)
installutils.wait_for_open_ports('localhost', [389, 636], 300)
else:
conn.unbind()