diff options
author | Timo Aaltonen <tjaalton@ubuntu.com> | 2012-12-05 14:58:06 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-01-14 14:39:54 +0100 |
commit | ed849639272acf0aed44935591ba525ec1348d59 (patch) | |
tree | dce45b15575c4c9561a260a898d358575b45c610 /ipapython/platform/base | |
parent | 38dded7db6529be096b92c9d63182a980e0b3a93 (diff) | |
download | freeipa-ed849639272acf0aed44935591ba525ec1348d59.tar.gz freeipa-ed849639272acf0aed44935591ba525ec1348d59.tar.xz freeipa-ed849639272acf0aed44935591ba525ec1348d59.zip |
convert the base platform modules into packages
Diffstat (limited to 'ipapython/platform/base')
-rw-r--r-- | ipapython/platform/base/__init__.py | 226 | ||||
-rw-r--r-- | ipapython/platform/base/systemd.py | 233 |
2 files changed, 459 insertions, 0 deletions
diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py new file mode 100644 index 000000000..e2aa33faf --- /dev/null +++ b/ipapython/platform/base/__init__.py @@ -0,0 +1,226 @@ +# Authors: Alexander Bokovoy <abokovoy@redhat.com> +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from ipalib.plugable import MagicDict +import json +import os + +# Canonical names of services as IPA wants to see them. As we need to have +# *some* naming, set them as in Red Hat distributions. Actual implementation +# should make them available through knownservices.<name> and take care of +# re-mapping internally, if needed +wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc', + 'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap', + 'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd', + 'rpcidmapd', 'pki_tomcatd', 'pki-cad', 'chronyd'] + +# System may support more time&date services. FreeIPA supports ntpd only, other +# services will be disabled during IPA installation +timedate_services = ['ntpd', 'chronyd'] + + +# The common ports for these services. This is used to wait for the +# service to become available. +wellknownports = { + 'dirsrv@PKI-IPA.service': [7389], + 'PKI-IPA': [7389], + 'dirsrv': [389], # this is only used if the incoming instance name is blank + 'pki-cad': [9180, 9443, 9444], + 'pki-tomcatd@pki-tomcat.service': [8080, 8443], + 'pki-tomcat': [8080, 8443], + 'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank +} + +SVC_LIST_FILE = "/var/run/ipa/services.list" + +class AuthConfig(object): + """ + AuthConfig class implements system-independent interface to configure + system authentication resources. In Red Hat systems this is done with + authconfig(8) utility. + + AuthConfig class is nothing more than a tool to gather configuration + options and execute their processing. These options then converted by + an actual implementation to series of a system calls to appropriate + utilities performing real configuration. + + IPA *expects* names of AuthConfig's options to follow authconfig(8) + naming scheme! + + Actual implementation should be done in ipapython/platform/<platform>.py + by inheriting from platform.AuthConfig and redefining __build_args() + and execute() methods. + + from ipapython.platform import platform + class PlatformAuthConfig(platform.AuthConfig): + def __build_args(): + ... + + def execute(): + ... + + authconfig = PlatformAuthConfig + .... + + See ipapython/platform/redhat.py for a sample implementation that uses + authconfig(8) as its backend. + + From IPA code perspective, the authentication configuration should be + done with use of ipapython.services.authconfig: + + from ipapython import services as ipaservices + auth_config = ipaservices.authconfig() + auth_config.disable("ldap").\ + disable("krb5").\ + disable("sssd").\ + disable("sssdauth").\ + disable("mkhomedir").\ + add_option("update").\ + enable("nis").\ + add_parameter("nisdomain","foobar") + auth_config.execute() + + If you need to re-use existing AuthConfig instance for multiple runs, + make sure to call 'AuthConfig.reset()' between the runs. + """ + + def __init__(self): + self.parameters = {} + + def enable(self, option): + self.parameters[option] = True + return self + + def disable(self, option): + self.parameters[option] = False + return self + + def add_option(self, option): + self.parameters[option] = None + return self + + def add_parameter(self, option, value): + self.parameters[option] = [value] + return self + + def __build_args(self): + # do nothing + return None + + def execute(self): + # do nothing + return None + + def reset(self): + self.parameters = {} + return self + +class PlatformService(object): + """ + PlatformService abstracts out external process running on the system + which is possible to administer (start, stop, check status, etc). + + """ + + def __init__(self, service_name): + self.service_name = service_name + + def start(self, instance_name="", capture_output=True, wait=True, + update_service_list=True): + """ + When a service is started record the fact in a special file. + This allows ipactl stop to always stop all services that have + been started via ipa tools + """ + if not update_service_list: + return + svc_list = [] + try: + f = open(SVC_LIST_FILE, 'r') + svc_list = json.load(f) + except Exception: + # not fatal, may be the first service + pass + + if self.service_name not in svc_list: + svc_list.append(self.service_name) + + f = open(SVC_LIST_FILE, 'w') + json.dump(svc_list, f) + f.flush() + f.close() + return + + def stop(self, instance_name="", capture_output=True, update_service_list=True): + """ + When a service is stopped remove it from the service list file. + """ + if not update_service_list: + return + svc_list = [] + try: + f = open(SVC_LIST_FILE, 'r') + svc_list = json.load(f) + except Exception: + # not fatal, may be the first service + pass + + while self.service_name in svc_list: + svc_list.remove(self.service_name) + + f = open(SVC_LIST_FILE, 'w') + json.dump(svc_list, f) + f.flush() + f.close() + return + + def restart(self, instance_name="", capture_output=True, wait=True): + return + + def is_running(self, instance_name=""): + return False + + def is_installed(self): + return False + + def is_enabled(self, instance_name=""): + return False + + def enable(self, instance_name=""): + return + + def disable(self, instance_name=""): + return + + def install(self, instance_name=""): + return + + def remove(self, instance_name=""): + return + + def get_config_dir(self, instance_name=""): + return + +class KnownServices(MagicDict): + """ + KnownServices is an abstract class factory that should give out instances + of well-known platform services. Actual implementation must create these + instances as its own attributes on first access (or instance creation) + and cache them. + """ + diff --git a/ipapython/platform/base/systemd.py b/ipapython/platform/base/systemd.py new file mode 100644 index 000000000..a9c1ec032 --- /dev/null +++ b/ipapython/platform/base/systemd.py @@ -0,0 +1,233 @@ +# Author: Alexander Bokovoy <abokovoy@redhat.com> +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import os +import shutil +import sys + +from ipapython import ipautil +from ipapython.platform import base +from ipalib import api + +class SystemdService(base.PlatformService): + SYSTEMD_ETC_PATH = "/etc/systemd/system/" + SYSTEMD_LIB_PATH = "/lib/systemd/system/" + SYSTEMD_SRV_TARGET = "%s.target.wants" + + def __init__(self, service_name, systemd_name): + super(SystemdService, self).__init__(service_name) + self.systemd_name = systemd_name + self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name) + self.lib_path_exists = None + + def service_instance(self, instance_name): + if self.lib_path_exists is None: + self.lib_path_exists = os.path.exists(self.lib_path) + + elements = self.systemd_name.split("@") + + # Short-cut: if there is already exact service name, return it + if self.lib_path_exists and len(instance_name) == 0: + if len(elements) == 1: + # service name is like pki-tomcatd.target or krb5kdc.service + return self.systemd_name + if len(elements) > 1 and elements[1][0] != '.': + # Service name is like pki-tomcatd@pki-tomcat.service and that file exists + return self.systemd_name + + if len(elements) > 1: + # We have dynamic service + if len(instance_name) > 0: + # Instanciate dynamic service + return "%s@%s.service" % (elements[0], instance_name) + else: + # No instance name, try with target + tgt_name = "%s.target" % (elements[0]) + srv_lib = os.path.join(self.SYSTEMD_LIB_PATH, tgt_name) + if os.path.exists(srv_lib): + return tgt_name + + return self.systemd_name + + def parse_variables(self, text, separator=None): + """ + Parses 'systemctl show' output and returns a dict[variable]=value + Arguments: text -- 'systemctl show' output as string + separator -- optional (defaults to None), what separates the key/value pairs in the text + """ + def splitter(x, separator=None): + if len(x) > 1: + y = x.split(separator) + return (y[0], y[-1]) + return (None,None) + return dict(map(lambda x: splitter(x, separator=separator), text.split("\n"))) + + def __wait_for_open_ports(self, instance_name=""): + """ + If this is a service we need to wait for do so. + """ + ports = None + if instance_name in base.wellknownports: + ports = base.wellknownports[instance_name] + else: + elements = self.systemd_name.split("@") + if elements[0] in base.wellknownports: + ports = base.wellknownports[elements[0]] + if ports: + ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) + + def stop(self, instance_name="", capture_output=True): + ipautil.run(["/bin/systemctl", "stop", self.service_instance(instance_name)], capture_output=capture_output) + if 'context' in api.env and api.env.context in ['ipactl', 'installer']: + update_service_list = True + else: + update_service_list = False + super(SystemdService, self).stop(instance_name,update_service_list=update_service_list) + + def start(self, instance_name="", capture_output=True, wait=True): + ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output) + if 'context' in api.env and api.env.context in ['ipactl', 'installer']: + update_service_list = True + else: + update_service_list = False + if wait and self.is_running(instance_name): + self.__wait_for_open_ports(self.service_instance(instance_name)) + super(SystemdService, self).start(instance_name, update_service_list=update_service_list) + + def restart(self, instance_name="", capture_output=True, wait=True): + # Restart command is broken before systemd-36-3.fc16 + # If you have older systemd version, restart of dependent services will hang systemd indefinetly + ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) + if wait and self.is_running(instance_name): + self.__wait_for_open_ports(self.service_instance(instance_name)) + + def is_running(self, instance_name=""): + ret = True + try: + (sout, serr, rcode) = ipautil.run(["/bin/systemctl", "is-active", self.service_instance(instance_name)],capture_output=True) + if rcode != 0: + ret = False + except ipautil.CalledProcessError: + ret = False + return ret + + def is_installed(self): + installed = True + try: + (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "list-unit-files", "--full"]) + if rcode != 0: + installed = False + else: + svar = self.parse_variables(sout) + if not self.service_instance("") in svar: + # systemd doesn't show the service + installed = False + except ipautil.CalledProcessError, e: + installed = False + return installed + + def is_enabled(self, instance_name=""): + enabled = True + try: + (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "is-enabled", self.service_instance(instance_name)]) + if rcode != 0: + enabled = False + except ipautil.CalledProcessError, e: + enabled = False + return enabled + + def enable(self, instance_name=""): + if self.lib_path_exists is None: + self.lib_path_exists = os.path.exists(self.lib_path) + elements = self.systemd_name.split("@") + l = len(elements) + + if self.lib_path_exists and (l > 1 and elements[1][0] != '.'): + # There is explicit service unit supporting this instance, follow normal systemd enabler + self.__enable(instance_name) + return + + if self.lib_path_exists and (l == 1): + # There is explicit service unit which does not support the instances, ignore instance + self.__enable() + return + + if len(instance_name) > 0 and l > 1: + # New instance, we need to do following: + # 1. Make /etc/systemd/system/<service>.target.wants/ if it is not there + # 2. Link /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service to + # /lib/systemd/system/<service>@.service + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) + try: + if not ipautil.dir_exists(srv_tgt): + os.mkdir(srv_tgt) + if os.path.exists(srv_lnk): + # Remove old link + os.unlink(srv_lnk) + if not os.path.exists(srv_lnk): + # object does not exist _or_ is a broken link + if not os.path.islink(srv_lnk): + # if it truly does not exist, make a link + os.symlink(self.lib_path, srv_lnk) + else: + # Link exists and it is broken, make new one + os.unlink(srv_lnk) + os.symlink(self.lib_path, srv_lnk) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + except: + pass + else: + self.__enable(instance_name) + + def disable(self, instance_name=""): + elements = self.systemd_name.split("@") + if instance_name != "" and len(elements) > 1: + # Remove instance, we need to do following: + # Remove link from /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service + # to /lib/systemd/system/<service>@.service + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) + try: + if ipautil.dir_exists(srv_tgt): + if os.path.islink(srv_lnk): + os.unlink(srv_lnk) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + except: + pass + else: + self.__disable(instance_name) + + def __enable(self, instance_name=""): + try: + ipautil.run(["/bin/systemctl", "enable", self.service_instance(instance_name)]) + except ipautil.CalledProcessError, e: + pass + + def __disable(self, instance_name=""): + try: + ipautil.run(["/bin/systemctl", "disable", self.service_instance(instance_name)]) + except ipautil.CalledProcessError, e: + pass + + def install(self): + self.enable() + + def remove(self): + self.disable() |