diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-05-26 12:07:39 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-16 19:48:17 +0200 |
commit | 0b974007dee7771b6c1c2ceab34ac802080910ca (patch) | |
tree | a857003ac3c8c7bd0114fe9b95d4fb6d254bbc6b /ipaplatform | |
parent | 1fc7b0485833d525be6114bf2178bd9efd04f371 (diff) | |
download | freeipa-0b974007dee7771b6c1c2ceab34ac802080910ca.tar.gz freeipa-0b974007dee7771b6c1c2ceab34ac802080910ca.tar.xz freeipa-0b974007dee7771b6c1c2ceab34ac802080910ca.zip |
ipaplatform: Move service base platfrom related functionality to ipaplatform/base/service.py
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaplatform')
-rw-r--r-- | ipaplatform/base/paths.py | 2 | ||||
-rw-r--r-- | ipaplatform/base/services.py | 414 |
2 files changed, 415 insertions, 1 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 46021e59c..1f865b6ea 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -20,3 +20,5 @@ ''' This base platform module exports default filesystem paths. ''' + +SVC_LIST_FILE = "/var/run/ipa/services.list"
\ No newline at end of file diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py index bff0f272e..625bd0dc5 100644 --- a/ipaplatform/base/services.py +++ b/ipaplatform/base/services.py @@ -1,4 +1,5 @@ -# Author: Tomas Babej <tbabej@redhat.com> +# Author: Alexander Bokovoy <abokovoy@redhat.com> +# Tomas Babej <tbabej@redhat.com> # # Copyright (C) 2014 Red Hat # see file 'COPYING' for use and warranty information @@ -21,3 +22,414 @@ This base module contains default implementations of IPA interface for interacting with system services. ''' + +import os +import json + +import ipalib +from ipapython import ipautil +from ipaplatform.paths import paths +from ipalib.plugable import MagicDict + +# Canonical names of services as IPA wants to see them. As we need to have +# *some* naming, set them as in Red Hat distributions. Actual implementation +# should make them available through knownservices.<name> and take care of +# re-mapping internally, if needed +wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc', + 'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap', + 'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd', + 'rpcidmapd', 'pki_tomcatd', 'pki_cad', 'chronyd', + 'domainname'] + +# The common ports for these services. This is used to wait for the +# service to become available. +wellknownports = { + 'dirsrv@PKI-IPA.service': [7389], + 'PKI-IPA': [7389], + 'dirsrv': [389], # only used if the incoming instance name is blank + 'pki-cad': [9180, 9443, 9444], + 'pki-tomcatd@pki-tomcat.service': [8080, 8443], + 'pki-tomcat': [8080, 8443], + 'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank +} + + +class KnownServices(MagicDict): + """ + KnownServices is an abstract class factory that should give out instances + of well-known platform services. Actual implementation must create these + instances as its own attributes on first access (or instance creation) + and cache them. + """ + + +class PlatformService(object): + """ + PlatformService abstracts out external process running on the system + which is possible to administer (start, stop, check status, etc). + + """ + + def __init__(self, service_name, api=ipalib.api): + self.service_name = service_name + self.api = api + + def start(self, instance_name="", capture_output=True, wait=True, + update_service_list=True): + """ + When a service is started record the fact in a special file. + This allows ipactl stop to always stop all services that have + been started via ipa tools + """ + if not update_service_list: + return + svc_list = [] + try: + with open(paths.SVC_LIST_FILE, 'r') as f: + svc_list = json.load(f) + except Exception: + # not fatal, may be the first service + pass + + if self.service_name not in svc_list: + svc_list.append(self.service_name) + + with open(paths.SVC_LIST_FILE, 'w') as f: + json.dump(svc_list, f) + + return + + def stop(self, instance_name="", capture_output=True, + update_service_list=True): + """ + When a service is stopped remove it from the service list file. + """ + if not update_service_list: + return + svc_list = [] + try: + with open(paths.SVC_LIST_FILE, 'r') as f: + svc_list = json.load(f) + except Exception: + # not fatal, may be the first service + pass + + while self.service_name in svc_list: + svc_list.remove(self.service_name) + + with open(paths.SVC_LIST_FILE, 'w') as f: + json.dump(svc_list, f) + + return + + def restart(self, instance_name="", capture_output=True, wait=True): + return + + def is_running(self, instance_name=""): + return False + + def is_installed(self): + return False + + def is_enabled(self, instance_name=""): + return False + + def enable(self, instance_name=""): + return + + def disable(self, instance_name=""): + return + + def install(self, instance_name=""): + return + + def remove(self, instance_name=""): + return + + def get_config_dir(self, instance_name=""): + return + + +class SystemdService(PlatformService): + SYSTEMD_ETC_PATH = "/etc/systemd/system/" + SYSTEMD_LIB_PATH = "/lib/systemd/system/" + SYSTEMD_SRV_TARGET = "%s.target.wants" + + def __init__(self, service_name, systemd_name, **kwargs): + super(SystemdService, self).__init__(service_name, **kwargs) + self.systemd_name = systemd_name + self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name) + self.lib_path_exists = None + + def service_instance(self, instance_name, operation=None): + if self.lib_path_exists is None: + self.lib_path_exists = os.path.exists(self.lib_path) + + elements = self.systemd_name.split("@") + + # Make sure the correct DS instance is returned + if (elements[0] == 'dirsrv' and not instance_name and + operation == 'is-active'): + + return ('dirsrv@%s.service' + % str(self.api.env.realm.replace('.', '-'))) + + # Short-cut: if there is already exact service name, return it + if self.lib_path_exists and instance_name: + if len(elements) == 1: + # service name is like pki-tomcatd.target or krb5kdc.service + return self.systemd_name + if len(elements) > 1 and elements[1][0] != '.': + # Service name is like pki-tomcatd@pki-tomcat.service + # and that file exists + return self.systemd_name + + if len(elements) > 1: + # We have dynamic service + if instance_name: + # Instanciate dynamic service + return "%s@%s.service" % (elements[0], instance_name) + else: + # No instance name, try with target + tgt_name = "%s.target" % (elements[0]) + srv_lib = os.path.join(self.SYSTEMD_LIB_PATH, tgt_name) + if os.path.exists(srv_lib): + return tgt_name + + return self.systemd_name + + def parse_variables(self, text, separator=None): + """ + Parses 'systemctl show' output and returns a dict[variable]=value + Arguments: text -- 'systemctl show' output as string + separator -- optional (defaults to None), what separates + the key/value pairs in the text + """ + + def splitter(x, separator=None): + if len(x) > 1: + y = x.split(separator) + return (y[0], y[-1]) + return (None, None) + + return dict(splitter(x, separator=separator) for x in text.split("\n")) + + def wait_for_open_ports(self, instance_name=""): + """ + If this is a service we need to wait for do so. + """ + ports = None + if instance_name in wellknownports: + ports = wellknownports[instance_name] + else: + elements = self.systemd_name.split("@") + if elements[0] in wellknownports: + ports = wellknownports[elements[0]] + if ports: + ipautil.wait_for_open_ports('localhost', ports, + self.api.env.startup_timeout) + + def stop(self, instance_name="", capture_output=True): + instance = self.service_instance(instance_name) + args = ["/bin/systemctl", "stop", instance] + + # The --ignore-dependencies switch is used to avoid possible + # deadlock during the shutdown transaction. For more details, see + # https://fedorahosted.org/freeipa/ticket/3729#comment:1 and + # https://bugzilla.redhat.com/show_bug.cgi?id=973331#c11 + if instance == "ipa-otpd.socket": + args.append("--ignore-dependencies") + + ipautil.run(args, capture_output=capture_output) + + if getattr(self.api.env, 'context', None) in ['ipactl', 'installer']: + update_service_list = True + else: + update_service_list = False + super(SystemdService, self).stop( + instance_name, + update_service_list=update_service_list) + + def start(self, instance_name="", capture_output=True, wait=True): + ipautil.run(["/bin/systemctl", "start", + self.service_instance(instance_name)], + capture_output=capture_output) + + if getattr(self.api.env, 'context', None) in ['ipactl', 'installer']: + update_service_list = True + else: + update_service_list = False + + if wait and self.is_running(instance_name): + self.wait_for_open_ports(self.service_instance(instance_name)) + super(SystemdService, self).start( + instance_name, + update_service_list=update_service_list) + + def restart(self, instance_name="", capture_output=True, wait=True): + ipautil.run(["/bin/systemctl", "restart", + self.service_instance(instance_name)], + capture_output=capture_output) + + if wait and self.is_running(instance_name): + self.wait_for_open_ports(self.service_instance(instance_name)) + + def is_running(self, instance_name=""): + instance = self.service_instance(instance_name, 'is-active') + + while True: + try: + (sout, serr, rcode) = ipautil.run( + ["/bin/systemctl", "is-active", instance], + capture_output=True + ) + except ipautil.CalledProcessError as e: + if e.returncode == 3 and 'activating' in str(e.output): + continue + return False + else: + # activating + if rcode == 3 and 'activating' in str(sout): + continue + # active + if rcode == 0: + return True + # not active + return False + + def is_installed(self): + try: + (sout, serr, rcode) = ipautil.run(["/bin/systemctl", + "list-unit-files", + "--full"]) + if rcode != 0: + return False + else: + svar = self.parse_variables(sout) + if not self.service_instance("") in svar: + # systemd doesn't show the service + return False + except ipautil.CalledProcessError: + return False + + return True + + def is_enabled(self, instance_name=""): + enabled = True + try: + (sout, serr, rcode) = ipautil.run( + ["/bin/systemctl", + "is-enabled", + self.service_instance(instance_name)]) + + if rcode != 0: + enabled = False + + except ipautil.CalledProcessError: + enabled = False + return enabled + + def enable(self, instance_name=""): + if self.lib_path_exists is None: + self.lib_path_exists = os.path.exists(self.lib_path) + elements = self.systemd_name.split("@") + l = len(elements) + + if self.lib_path_exists and (l > 1 and elements[1][0] != '.'): + # There is explicit service unit supporting this instance, + # follow normal systemd enabler + self.__enable(instance_name) + return + + if self.lib_path_exists and (l == 1): + # There is explicit service unit which does not support + # the instances, ignore instance + self.__enable() + return + + if len(instance_name) > 0 and l > 1: + # New instance, we need to do following: + # 1. Make /etc/systemd/system/<service>.target.wants/ + # if it is not there + # 2. Link /etc/systemd/system/<service>.target.wants/ + # <service>@<instance_name>.service to + # /lib/systemd/system/<service>@.service + + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, + self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, + self.service_instance(instance_name)) + + try: + if not ipautil.dir_exists(srv_tgt): + os.mkdir(srv_tgt) + if os.path.exists(srv_lnk): + # Remove old link + os.unlink(srv_lnk) + if not os.path.exists(srv_lnk): + # object does not exist _or_ is a broken link + if not os.path.islink(srv_lnk): + # if it truly does not exist, make a link + os.symlink(self.lib_path, srv_lnk) + else: + # Link exists and it is broken, make new one + os.unlink(srv_lnk) + os.symlink(self.lib_path, srv_lnk) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + except: + pass + else: + self.__enable(instance_name) + + def disable(self, instance_name=""): + elements = self.systemd_name.split("@") + if instance_name != "" and len(elements) > 1: + # Remove instance, we need to do following: + # Remove link from /etc/systemd/system/<service>.target.wants/ + # <service>@<instance_name>.service + # to /lib/systemd/system/<service>@.service + + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, + self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, + self.service_instance(instance_name)) + + try: + if ipautil.dir_exists(srv_tgt): + if os.path.islink(srv_lnk): + os.unlink(srv_lnk) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + except: + pass + else: + self.__disable(instance_name) + + def __enable(self, instance_name=""): + try: + ipautil.run(["/bin/systemctl", "enable", + self.service_instance(instance_name)]) + except ipautil.CalledProcessError: + pass + + def __disable(self, instance_name=""): + try: + ipautil.run(["/bin/systemctl", "disable", + self.service_instance(instance_name)]) + except ipautil.CalledProcessError: + pass + + def install(self): + self.enable() + + def remove(self): + self.disable() + + +# Objects below are expected to be exported by platform module + +service = None +knownservices = None + +# System may support more time&date services. FreeIPA supports ntpd only, other +# services will be disabled during IPA installation +timedate_services = ['ntpd', 'chronyd'] |