diff options
| author | Karl MacMillan <kmacmill@redhat.com> | 2007-11-05 14:42:11 -0500 |
|---|---|---|
| committer | Karl MacMillan <kmacmill@redhat.com> | 2007-11-05 14:42:11 -0500 |
| commit | 8e48393c61397e80f7d8d29d5b48d97988aa6c84 (patch) | |
| tree | 06f0868a03db8d2554acf926a61e4d3555c029a2 /ipa-server/ipaserver/krbinstance.py | |
| parent | 957a70e560c2109d9cd788327fa18918294c29d7 (diff) | |
| download | freeipa-8e48393c61397e80f7d8d29d5b48d97988aa6c84.tar.gz freeipa-8e48393c61397e80f7d8d29d5b48d97988aa6c84.tar.xz freeipa-8e48393c61397e80f7d8d29d5b48d97988aa6c84.zip | |
Introduce service base class and clean up ipa-server-install
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
Diffstat (limited to 'ipa-server/ipaserver/krbinstance.py')
| -rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 80 |
1 files changed, 29 insertions, 51 deletions
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index e17a3274d..c4ebde50c 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -32,6 +32,8 @@ import os import pwd import socket import time + +import service from ipa.ipautil import * def host_to_domain(fqdn): @@ -63,8 +65,9 @@ def update_key_val_in_file(filename, key, val): f.write("%s=%s\n" % (key, val)) f.close() -class KrbInstance: +class KrbInstance(service.Service): def __init__(self): + service.Service.__init__(self, "krb5kdc") self.ds_user = None self.fqdn = None self.realm = None @@ -95,39 +98,41 @@ class KrbInstance: # It could have been not running pass + self.start_creation(10, "Configuring Kerberos KDC") + self.__configure_kdc_account_password() self.__setup_sub_dict() self.__configure_ldap() - self.__configure_http() - self.__create_instance() self.__create_ds_keytab() - self.__create_http_keytab() - self.__export_kadmin_changepw_keytab() self.__add_pwd_extop_module() try: + self.step("starting the KDC") self.start() except: - print "krb5kdc service failed to start" + logging.critical("krb5kdc service failed to start") + + self.step("configuring KDC to start on boot") + self.chkconfig_on() - def stop(self): - run(["/sbin/service", "krb5kdc", "stop"]) + self.step("configuring ipa-kpasswd to start on boot") + service.chkconfig_on("ipa-kpasswd") - def start(self): - run(["/sbin/service", "krb5kdc", "start"]) + self.step("starting ipa-kpasswd") + service.start("ipa-kpasswd") - def restart(self): - run(["/sbin/service", "krb5kdc", "restart"]) + self.done_creation() def __configure_kdc_account_password(self): + self.step("setting KDC account password") hexpwd = '' for x in self.kdc_password: hexpwd += (hex(ord(x))[2:]) @@ -145,14 +150,14 @@ class KrbInstance: REALM=self.realm) def __configure_ldap(self): - + self.step("adding kerberos configuration to the directory") #TODO: test that the ldif is ok with any random charcter we may use in the password kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict) kerberos_fd = write_tmp_file(kerberos_txt) try: ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load kerberos.ldif", e + logging.critical("Failed to load kerberos.ldif: %s" % str(e)) kerberos_fd.close() #Change the default ACL to avoid anonimous access to kerberos keys and othe hashes @@ -161,10 +166,11 @@ class KrbInstance: try: ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load default-aci.ldif", e + logging.critical("Failed to load default-aci.ldif: %s" % str(e)) aci_fd.close() def __create_instance(self): + self.step("configuring KDC") kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict) kdc_fd = open("/var/kerberos/krb5kdc/kdc.conf", "w+") kdc_fd.write(kdc_conf) @@ -200,12 +206,13 @@ class KrbInstance: #add the password extop module def __add_pwd_extop_module(self): + self.step("adding the password extenstion to the directory") extop_txt = template_file(SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict) extop_fd = write_tmp_file(extop_txt) try: ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load pwd-extop-conf.ldif", e + logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e)) extop_fd.close() #add an ACL to let the DS user read the master key @@ -213,14 +220,15 @@ class KrbInstance: try: run(args) except subprocess.CalledProcessError, e: - print "Failed to set the ACL on the master key", e + logging.critical("Failed to set the ACL on the master key: %s" % str(e)) def __create_ds_keytab(self): + self.step("creating a keytab for the directory") try: if file_exists("/etc/dirsrv/ds.keytab"): os.remove("/etc/dirsrv/ds.keytab") except os.error: - print "Failed to remove /etc/dirsrv/ds.keytab." + logging.critical("Failed to remove /etc/dirsrv/ds.keytab.") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n") kwrite.flush() @@ -236,7 +244,7 @@ class KrbInstance: time.sleep(1) retry += 1 if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" + logging.critical("Error timed out waiting for kadmin to finish operations") sys.exit(1) update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab") @@ -244,6 +252,7 @@ class KrbInstance: os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid) def __export_kadmin_changepw_keytab(self): + self.step("exporting the kadmin keytab") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("modprinc +requires_preauth kadmin/changepw\n") kwrite.flush() @@ -264,42 +273,11 @@ class KrbInstance: time.sleep(1) retry += 1 if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" + logging.critical("Error timed out waiting for kadmin to finish operations") sys.exit(1) update_key_val_in_file("/etc/sysconfig/ipa-kpasswd", "export KRB5_KTNAME", "/var/kerberos/krb5kdc/kpasswd.keytab") pent = pwd.getpwnam(self.ds_user) os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid) - def __create_http_keytab(self): - try: - if file_exists("/etc/httpd/conf/ipa.keytab"): - os.remove("/etc/httpd/conf/ipa.keytab") - except os.error: - print "Failed to remove /etc/httpd/conf/ipa.keytab." - (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") - kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.close() - kread.close() - kerr.close() - - # give kadmin time to actually write the file before we go on - retry = 0 - while not file_exists("/etc/httpd/conf/ipa.keytab"): - time.sleep(1) - retry += 1 - if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" - sys.exit(1) - - pent = pwd.getpwnam("apache") - os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) - def __configure_http(self): - http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict) - http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") - http_fd.write(http_txt) - http_fd.close() |