diff options
| author | Karl MacMillan <kmacmill@redhat.com> | 2007-11-05 14:42:11 -0500 |
|---|---|---|
| committer | Karl MacMillan <kmacmill@redhat.com> | 2007-11-05 14:42:11 -0500 |
| commit | 8e48393c61397e80f7d8d29d5b48d97988aa6c84 (patch) | |
| tree | 06f0868a03db8d2554acf926a61e4d3555c029a2 /ipa-server | |
| parent | 957a70e560c2109d9cd788327fa18918294c29d7 (diff) | |
| download | freeipa-8e48393c61397e80f7d8d29d5b48d97988aa6c84.tar.gz freeipa-8e48393c61397e80f7d8d29d5b48d97988aa6c84.tar.xz freeipa-8e48393c61397e80f7d8d29d5b48d97988aa6c84.zip | |
Introduce service base class and clean up ipa-server-install
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
Diffstat (limited to 'ipa-server')
| -rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 68 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | ipa-server/ipaserver/Makefile.am | 2 | ||||
| -rw-r--r-- | ipa-server/ipaserver/dsinstance.py | 54 | ||||
| -rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 102 | ||||
| -rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 80 | ||||
| -rw-r--r-- | ipa-server/ipaserver/ntpinstance.py | 16 | ||||
| -rw-r--r-- | ipa-server/ipaserver/radiusinstance.py | 21 | ||||
| -rw-r--r-- | ipa-server/ipaserver/service.py | 86 | ||||
| -rw-r--r-- | ipa-server/ipaserver/webguiinstance.py | 40 |
10 files changed, 306 insertions, 164 deletions
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 107c0d368..2de687fd7 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -48,6 +48,9 @@ import ipaserver.bindinstance import ipaserver.httpinstance import ipaserver.ntpinstance import ipaserver.radiusinstance +import ipaserver.webguiinstance + +from ipaserver import service from ipa.ipautil import run @@ -525,7 +528,11 @@ def main(): # Create a HTTP instance http = ipaserver.httpinstance.HTTPInstance() - http.create_instance() + http.create_instance(realm_name, host_name) + + # Create a Web Gui instance + webgui = ipaserver.webguiinstance.WebGuiInstance() + webgui.create_instance() # Create a radius instance radius = ipaserver.radiusinstance.RadiusInstance() @@ -548,69 +555,16 @@ def main(): bind.create_sample_bind_zone() # Restart ds and krb after configurations have been changed + service.print_msg("restarting the directory server") ds.restart() + + service.print_msg("restarting the KDC") krb.restart() # Configure ntpd ntp = ipaserver.ntpinstance.NTPInstance() ntp.create_instance() - try: - selinux=0 - try: - if (os.path.exists('/usr/sbin/selinuxenabled')): - run(["/usr/sbin/selinuxenabled"]) - selinux=1 - except subprocess.CalledProcessError, e: - # selinuxenabled returns 1 if not enabled - pass - - if selinux: - # Allow apache to connect to the turbogears web gui - # This can still fail even if selinux is enabled - try: - run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"]) - except: - print "WARNING: could not set selinux boolean httpd_can_network_connect to true." - print "The web interface may not function correctly until this boolean is" - print "successfully change with the command:" - print " /usr/sbin/setsebool -P httpd_can_network_connect true" - print "Try updating the policycoreutils and selinux-policy packages." - pass - - # Start the web gui - run(["/sbin/service", "ipa-webgui", "start"]) - - # Set the web gui to start on boot - run(["/sbin/chkconfig", "ipa-webgui", "on"]) - - # Restart apache - run(["/sbin/service", "httpd", "restart"]) - - # Set apache to start on boot - run(["/sbin/chkconfig", "httpd", "on"]) - - # Set fedora-ds to start on boot - run(["/sbin/chkconfig", "dirsrv", "on"]) - - # Set the KDC to start on boot - run(["/sbin/chkconfig", "krb5kdc", "on"]) - - # Set the Kpasswd to start on boot - run(["/sbin/chkconfig", "ipa-kpasswd", "on"]) - - # Start Kpasswd - run(["/sbin/service", "ipa-kpasswd", "start"]) - - # Set the ntpd to start on boot - run(["/sbin/chkconfig", "ntpd", "on"]) - - # Restart ntpd - run(["/sbin/service", "ntpd", "restart"]) - except subprocess.CalledProcessError, e: - print "Installation failed:", e - return 1 - # Set the admin user kerberos password ds.change_admin_password(admin_password) diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index cdccb5893..cbb2e149a 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -19,6 +19,7 @@ app_DATA = \ krbrealm.con.template \ ntp.conf.server.template \ radius.radiusd.conf.template \ + referint-conf.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipaserver/Makefile.am b/ipa-server/ipaserver/Makefile.am index 7c765f917..25b856878 100644 --- a/ipa-server/ipaserver/Makefile.am +++ b/ipa-server/ipaserver/Makefile.am @@ -10,6 +10,8 @@ app_PYTHON = \ httpinstance.py \ ntpinstance.py \ radiusinstance.py \ + webguiinstance.py \ + service.py \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 6bcbb6f15..284ad3a6d 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -24,7 +24,9 @@ import tempfile import shutil import logging import pwd + from ipa.ipautil import * +import service SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" @@ -57,8 +59,9 @@ RootDN= cn=Directory Manager RootDNPwd= $PASSWORD """ -class DsInstance: +class DsInstance(service.Service): def __init__(self): + service.Service.__init__(self, "dirsrv") self.serverid = None self.realm_name = None self.suffix = None @@ -75,6 +78,7 @@ class DsInstance: self.dm_password = dm_password self.__setup_sub_dict() + self.start_creation(11, "Configuring directory server:") self.__create_ds_user() self.__create_instance() self.__add_default_schemas() @@ -84,12 +88,18 @@ class DsInstance: self.__enable_ssl() self.__certmap_conf() try: + self.step("restarting directory server") self.restart() except: # TODO: roll back here? - print "Failed to restart the ds instance" + logging.critical("Failed to restart the ds instance") self.__add_default_layout() + self.step("configuring directoy to start on boot") + self.chkconfig_on() + + self.done_creation() + def config_dirname(self): if not self.serverid: raise RuntimeError("serverid not set") @@ -98,15 +108,6 @@ class DsInstance: def schema_dirname(self): return self.config_dirname() + "/schema/" - def stop(self): - run(["/sbin/service", "dirsrv", "stop"]) - - def start(self): - run(["/sbin/service", "dirsrv", "start"]) - - def restart(self): - run(["/sbin/service", "dirsrv", "restart"]) - def __setup_sub_dict(self): server_root = find_server_root() self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid, @@ -115,6 +116,7 @@ class DsInstance: SERVER_ROOT=server_root) def __create_ds_user(self): + self.step("creating directory server user") try: pwd.getpwnam(self.ds_user) logging.debug("ds user %s exists" % self.ds_user) @@ -125,11 +127,10 @@ class DsInstance: run(args) logging.debug("done adding user") except subprocess.CalledProcessError, e: - print "Failed to add user", e - logging.debug("failed to add user %s" % e) + logging.critical("failed to add user %s" % e) def __create_instance(self): - logging.debug("creating ds instance . . . ") + self.step("creating directory server instance") inf_txt = template_str(INF_TEMPLATE, self.sub_dict) logging.debug(inf_txt) inf_fd = write_tmp_file(inf_txt) @@ -144,8 +145,7 @@ class DsInstance: run(args) logging.debug("completed creating ds instance") except subprocess.CalledProcessError, e: - print "failed to restart ds instance", e - logging.debug("failed to restart ds instance %s" % e) + logging.critical("failed to restart ds instance %s" % e) logging.debug("restarting ds instance") try: self.restart() @@ -155,6 +155,7 @@ class DsInstance: logging.debug("failed to restart ds instance %s" % e) def __add_default_schemas(self): + self.step("adding default schema") shutil.copyfile(SHARE_DIR + "60kerberos.ldif", self.schema_dirname() + "60kerberos.ldif") shutil.copyfile(SHARE_DIR + "60samba.ldif", @@ -163,15 +164,17 @@ class DsInstance: self.schema_dirname() + "60radius.ldif") def __add_memberof_module(self): + self.step("enabling memboerof plugin") memberof_txt = template_file(SHARE_DIR + "memberof-conf.ldif", self.sub_dict) memberof_fd = write_tmp_file(memberof_txt) try: ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password) except subprocess.CalledProcessError, e: - print "Failed to load memberof-conf.ldif", e + logging.critical("Failed to load memberof-conf.ldif: %s" % str(e)) memberof_fd.close() def __add_referint_module(self): + self.step("enabling referential integrity plugin") referint_txt = template_file(SHARE_DIR + "referint-conf.ldif", self.sub_dict) referint_fd = write_tmp_file(referint_txt) try: @@ -181,7 +184,7 @@ class DsInstance: referint_fd.close() def __enable_ssl(self): - logging.debug("configuring ssl for ds instance") + self.step("configuring ssl for ds instance") dirname = self.config_dirname() args = ["/usr/share/ipa/ipa-server-setupssl", self.dm_password, dirname, self.host_name] @@ -189,13 +192,13 @@ class DsInstance: run(args) logging.debug("done configuring ssl for ds instance") except subprocess.CalledProcessError, e: - print "Failed to enable ssl in ds instance", e - logging.debug("Failed to configure ssl in ds instance %s" % e) + logging.critical("Failed to configure ssl in ds instance %s" % e) def __add_default_layout(self): + self.step("adding default layout") txt = template_file(SHARE_DIR + "bootstrap-template.ldif", self.sub_dict) inf_fd = write_tmp_file(txt) - logging.debug("adding default ds layout") + logging.debug("adding default dfrom ipa.ipautil import *s layout") args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager", "-w", self.dm_password, "-f", inf_fd.name] try: @@ -203,9 +206,10 @@ class DsInstance: logging.debug("done adding default ds layout") except subprocess.CalledProcessError, e: print "Failed to add default ds layout", e - logging.debug("Failed to add default ds layout %s" % e) + logging.critical("Failed to add default ds layout %s" % e) def __create_indeces(self): + self.step("creating indeces") txt = template_file(SHARE_DIR + "indeces.ldif", self.sub_dict) inf_fd = write_tmp_file(txt) logging.debug("adding/updating indeces") @@ -215,17 +219,15 @@ class DsInstance: run(args) logging.debug("done adding/updating indeces") except subprocess.CalledProcessError, e: - print "Failed to add default ds layout", e - logging.debug("Failed to add/update indeces %s" % e) + logging.critical("Failed to add/update indeces %s" % str(e)) def __certmap_conf(self): - logging.debug("configuring certmap.conf for ds instance") + self.step("configuring certmap.conf") dirname = self.config_dirname() certmap_conf = template_file(SHARE_DIR+"certmap.conf.template", self.sub_dict) certmap_fd = open(dirname+"certmap.conf", "w+") certmap_fd.write(certmap_conf) certmap_fd.close() - logging.debug("done configuring certmap.conf for ds instance") def change_admin_password(self, password): logging.debug("Changing admin password") diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index 818682785..0433025b2 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -20,17 +20,26 @@ import subprocess import string import tempfile -import shutil import logging import pwd -from ipa.ipautil import * import fileinput import sys +import time + +import service +from ipa.ipautil import * HTTPD_DIR = "/etc/httpd" SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf" NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf" +selinux_warning = """WARNING: could not set selinux boolean httpd_can_network_connect to true. +The web interface may not function correctly until this boolean is +successfully change with the command: + /usr/sbin/setsebool -P httpd_can_network_connect true +Try updating the policycoreutils and selinux-policy packages. +""" + def update_file(filename, orig, subst): if os.path.exists(filename): pattern = "%s" % re.escape(orig) @@ -42,35 +51,90 @@ def update_file(filename, orig, subst): sys.stdout.write(p.sub(subst, line)) fileinput.close() -class HTTPInstance: +class HTTPInstance(service.Service): def __init__(self): - pass + service.Service.__init__(self, "httpd") - def create_instance(self): + def create_instance(self, realm, fqdn): + self.sub_dict = { "REALM" : realm } + self.fqdn = fqdn + self.realm = realm + + self.start_creation(6, "Configuring the web interface") + self.__disable_mod_ssl() self.__set_mod_nss_port() + self.__configure_http() + self.__create_http_keytab() + + self.step("restarting httpd") + self.restart() + + self.step("configuring httpd to start on boot") + self.chkconfig_on() + + self.done_creation() + + def __selinux_config(self): + self.step("configuring SELinux for httpd") + selinux=0 try: - self.restart() - except: - # TODO: roll back here? - print "Failed to restart httpd" + if (os.path.exists('/usr/sbin/selinuxenabled')): + run(["/usr/sbin/selinuxenabled"]) + selinux=1 + except subprocess.CalledProcessError: + # selinuxenabled returns 1 if not enabled + pass + + if selinux: + # Allow apache to connect to the turbogears web gui + # This can still fail even if selinux is enabled + try: + run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"]) + except: + self.print_msg(selinux_warning) + + def __create_http_keytab(self): + self.step("creating a keytab for httpd") + try: + if file_exists("/etc/httpd/conf/ipa.keytab"): + os.remove("/etc/httpd/conf/ipa.keytab") + except os.error: + print "Failed to remove /etc/httpd/conf/ipa.keytab." + (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") + kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") + kwrite.flush() + kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n") + kwrite.flush() + kwrite.close() + kread.close() + kerr.close() + + # give kadmin time to actually write the file before we go on + retry = 0 + while not file_exists("/etc/httpd/conf/ipa.keytab"): + time.sleep(1) + retry += 1 + if retry > 15: + print "Error timed out waiting for kadmin to finish operations\n" + sys.exit(1) - def stop(self): - run(["/sbin/service", "httpd", "stop"]) + pent = pwd.getpwnam("apache") + os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) - def start(self): - run(["/sbin/service", "httpd", "start"]) + def __configure_http(self): + self.step("configuring httpd") + http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict) + http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") + http_fd.write(http_txt) + http_fd.close() - def restart(self): - run(["/sbin/service", "httpd", "restart"]) def __disable_mod_ssl(self): - logging.debug("disabling mod_ssl in httpd") + self.step("disabling mod_ssl in httpd") if os.path.exists(SSL_CONF): os.rename(SSL_CONF, "%s.moved_by_ipa" % SSL_CONF) - logging.debug("done disabling mod_ssl") def __set_mod_nss_port(self): - logging.debug("Setting mod_nss port to 443") + self.step("Setting mod_nss port to 443") update_file(NSS_CONF, '8443', '443') - logging.debug("done setting mod_nss port") diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index e17a3274d..c4ebde50c 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -32,6 +32,8 @@ import os import pwd import socket import time + +import service from ipa.ipautil import * def host_to_domain(fqdn): @@ -63,8 +65,9 @@ def update_key_val_in_file(filename, key, val): f.write("%s=%s\n" % (key, val)) f.close() -class KrbInstance: +class KrbInstance(service.Service): def __init__(self): + service.Service.__init__(self, "krb5kdc") self.ds_user = None self.fqdn = None self.realm = None @@ -95,39 +98,41 @@ class KrbInstance: # It could have been not running pass + self.start_creation(10, "Configuring Kerberos KDC") + self.__configure_kdc_account_password() self.__setup_sub_dict() self.__configure_ldap() - self.__configure_http() - self.__create_instance() self.__create_ds_keytab() - self.__create_http_keytab() - self.__export_kadmin_changepw_keytab() self.__add_pwd_extop_module() try: + self.step("starting the KDC") self.start() except: - print "krb5kdc service failed to start" + logging.critical("krb5kdc service failed to start") + + self.step("configuring KDC to start on boot") + self.chkconfig_on() - def stop(self): - run(["/sbin/service", "krb5kdc", "stop"]) + self.step("configuring ipa-kpasswd to start on boot") + service.chkconfig_on("ipa-kpasswd") - def start(self): - run(["/sbin/service", "krb5kdc", "start"]) + self.step("starting ipa-kpasswd") + service.start("ipa-kpasswd") - def restart(self): - run(["/sbin/service", "krb5kdc", "restart"]) + self.done_creation() def __configure_kdc_account_password(self): + self.step("setting KDC account password") hexpwd = '' for x in self.kdc_password: hexpwd += (hex(ord(x))[2:]) @@ -145,14 +150,14 @@ class KrbInstance: REALM=self.realm) def __configure_ldap(self): - + self.step("adding kerberos configuration to the directory") #TODO: test that the ldif is ok with any random charcter we may use in the password kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict) kerberos_fd = write_tmp_file(kerberos_txt) try: ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load kerberos.ldif", e + logging.critical("Failed to load kerberos.ldif: %s" % str(e)) kerberos_fd.close() #Change the default ACL to avoid anonimous access to kerberos keys and othe hashes @@ -161,10 +166,11 @@ class KrbInstance: try: ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load default-aci.ldif", e + logging.critical("Failed to load default-aci.ldif: %s" % str(e)) aci_fd.close() def __create_instance(self): + self.step("configuring KDC") kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict) kdc_fd = open("/var/kerberos/krb5kdc/kdc.conf", "w+") kdc_fd.write(kdc_conf) @@ -200,12 +206,13 @@ class KrbInstance: #add the password extop module def __add_pwd_extop_module(self): + self.step("adding the password extenstion to the directory") extop_txt = template_file(SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict) extop_fd = write_tmp_file(extop_txt) try: ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load pwd-extop-conf.ldif", e + logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e)) extop_fd.close() #add an ACL to let the DS user read the master key @@ -213,14 +220,15 @@ class KrbInstance: try: run(args) except subprocess.CalledProcessError, e: - print "Failed to set the ACL on the master key", e + logging.critical("Failed to set the ACL on the master key: %s" % str(e)) def __create_ds_keytab(self): + self.step("creating a keytab for the directory") try: if file_exists("/etc/dirsrv/ds.keytab"): os.remove("/etc/dirsrv/ds.keytab") except os.error: - print "Failed to remove /etc/dirsrv/ds.keytab." + logging.critical("Failed to remove /etc/dirsrv/ds.keytab.") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n") kwrite.flush() @@ -236,7 +244,7 @@ class KrbInstance: time.sleep(1) retry += 1 if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" + logging.critical("Error timed out waiting for kadmin to finish operations") sys.exit(1) update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab") @@ -244,6 +252,7 @@ class KrbInstance: os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid) def __export_kadmin_changepw_keytab(self): + self.step("exporting the kadmin keytab") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("modprinc +requires_preauth kadmin/changepw\n") kwrite.flush() @@ -264,42 +273,11 @@ class KrbInstance: time.sleep(1) retry += 1 if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" + logging.critical("Error timed out waiting for kadmin to finish operations") sys.exit(1) update_key_val_in_file("/etc/sysconfig/ipa-kpasswd", "export KRB5_KTNAME", "/var/kerberos/krb5kdc/kpasswd.keytab") pent = pwd.getpwnam(self.ds_user) os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid) - def __create_http_keytab(self): - try: - if file_exists("/etc/httpd/conf/ipa.keytab"): - os.remove("/etc/httpd/conf/ipa.keytab") - except os.error: - print "Failed to remove /etc/httpd/conf/ipa.keytab." - (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") - kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.close() - kread.close() - kerr.close() - - # give kadmin time to actually write the file before we go on - retry = 0 - while not file_exists("/etc/httpd/conf/ipa.keytab"): - time.sleep(1) - retry += 1 - if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" - sys.exit(1) - - pent = pwd.getpwnam("apache") - os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) - def __configure_http(self): - http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict) - http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") - http_fd.write(http_txt) - http_fd.close() diff --git a/ipa-server/ipaserver/ntpinstance.py b/ipa-server/ipaserver/ntpinstance.py index 2667a2026..46841b0b2 100644 --- a/ipa-server/ipaserver/ntpinstance.py +++ b/ipa-server/ipaserver/ntpinstance.py @@ -20,8 +20,16 @@ from ipa.ipautil import * import shutil -class NTPInstance: +import service + +class NTPInstance(service.Service): + def __init__(self): + service.Service.__init__(self, "ntpd") + def create_instance(self): + self.start_creation(3, "Configuring ntpd") + + self.step("writing configuration") # The template sets the config to point towards ntp.pool.org, but # they request that software not point towards the default pool. # We use the OS variable to point it towards either the rhel @@ -48,3 +56,9 @@ class NTPInstance: # we might consider setting the date manually using ntpd -qg in case # the current time is very far off. + + self.step("starting ntpd") + self.start() + + self.step("configuring ntpd to start on boot") + self.chkconfig_on() diff --git a/ipa-server/ipaserver/radiusinstance.py b/ipa-server/ipaserver/radiusinstance.py index 8c7a929d0..27e7527e0 100644 --- a/ipa-server/ipaserver/radiusinstance.py +++ b/ipa-server/ipaserver/radiusinstance.py @@ -27,6 +27,8 @@ import pwd import time from ipa.ipautil import * +import service + import os import re @@ -47,8 +49,9 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer #------------------------------------------------------------------------------- -class RadiusInstance: +class RadiusInstance(service.Service): def __init__(self): + service.Service.__init__(self, "radiusd") self.fqdn = None self.realm = None self.principal = None @@ -66,6 +69,8 @@ class RadiusInstance: else: self.rpm_name = self.rpm_version = self.rpm_release = None + self.start_creation(4, "Configuring radiusd") + try: self.stop() except: @@ -76,22 +81,17 @@ class RadiusInstance: self.__radiusd_conf() try: + self.step("starting radiusd") self.start() except: logging.error("radiusd service failed to start") + self.step("configuring radiusd to start on boot") + self.chkconfig_on() - def stop(self): - run(['/sbin/service', 'radiusd', 'stop']) - - def start(self): - run(['/sbin/service', 'radiusd', 'start']) - - def restart(self): - run(['/sbin/service', 'radiusd', 'restart']) def __radiusd_conf(self): - logging.debug('configuring radiusd.conf for radius instance') + self.step('configuring radiusd.conf for radius instance') version = 'IPA_RADIUS_VERSION=%s RADIUS_PACKAGE_VERSION=%s' % (IPA_RADIUS_VERSION, self.rpm_nvr) sub_dict = {'CONFIG_FILE_VERSION_INFO' : version, @@ -110,6 +110,7 @@ class RadiusInstance: logging.error("could not create %s: %s", RADIUSD_CONF_FILEPATH, e) def __create_radius_keytab(self): + self.step("create radiusd keytab") try: if file_exists(IPA_KEYTAB_FILEPATH): os.remove(IPA_KEYTAB_FILEPATH) diff --git a/ipa-server/ipaserver/service.py b/ipa-server/ipaserver/service.py new file mode 100644 index 000000000..f0109488d --- /dev/null +++ b/ipa-server/ipaserver/service.py @@ -0,0 +1,86 @@ +# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 or later +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from ipa.ipautil import * +import logging, sys + + +def stop(service_name): + run(["/sbin/service", service_name, "stop"]) + +def start(service_name): + run(["/sbin/service", service_name, "start"]) + +def restart(service_name): + run(["/sbin/service", service_name, "restart"]) + +def chkconfig_on(service_name): + run(["/sbin/chkconfig", service_name, "on"]) + +def chkconfig_off(service_name): + run(["/sbin/chkconfig", service_name, "off"]) + +def print_msg(message, output_fd=sys.stdout): + logging.debug(message) + output_fd.write(message) + output_fd.write("\n") + + +class Service: + def __init__(self, service_name): + self.service_name = service_name + self.num_steps = -1 + self.current_step = -1 + self.output_fd = sys.stdout + + def set_output(self, fd): + self.output_fd = fd + + def stop(self): + stop(self.service_name) + + def start(self): + start(self.service_name) + + def restart(self): + restart(self.service_name) + + def chkconfig_on(self): + chkconfig_on(self.service_name) + + def chkconfig_off(self): + chkconfig_off(self.service_name) + + def print_msg(self, message): + print_msg(message, self.output_fd) + + def start_creation(self, num_steps, message): + self.num_steps = num_steps + self.cur_step = 0 + self.print_msg(message) + + def step(self, message): + self.cur_step += 1 + self.print_msg(" [%d/%d]: %s" % (self.cur_step, self.num_steps, message)) + + def done_creation(self): + self.cur_step = -1 + self.num_steps = -1 + self.print_msg("done configuring %s." % self.service_name) + diff --git a/ipa-server/ipaserver/webguiinstance.py b/ipa-server/ipaserver/webguiinstance.py new file mode 100644 index 000000000..757b50c5d --- /dev/null +++ b/ipa-server/ipaserver/webguiinstance.py @@ -0,0 +1,40 @@ +# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 or later +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import logging + +from ipa.ipautil import * +import service + +class WebGuiInstance(service.Service): + def __init__(self): + service.Service.__init__(self, "ipa-webgui") + + def create_instance(self): + self.start_creation(2, "Configuring ipa-webgui") + + self.step("starting ipa-webgui") + service.start("ipa-webgui") + + self.step("configuring ipa-webgui to start on boot") + service.chkconfig_on("ipa-webgui") + + self.done_creation() + + |