convert the base platform modules into packages

2 files changed, 459 insertions, 0 deletions

diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py
new file mode 100644
index 000000000..e2aa33faf
--- /dev/null
+++ b/ipapython/platform/base/__init__.py
@@ -0,0 +1,226 @@
+# Authors: Alexander Bokovoy <abokovoy@redhat.com>
+#
+# Copyright (C) 2011  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from ipalib.plugable import MagicDict
+import json
+import os
+
+# Canonical names of services as IPA wants to see them. As we need to have
+# *some* naming, set them as in Red Hat distributions. Actual implementation
+# should make them available through knownservices.<name> and take care of
+# re-mapping internally, if needed
+wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc',
+                     'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap',
+                     'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd',
+                     'rpcidmapd', 'pki_tomcatd', 'pki-cad', 'chronyd']
+
+# System may support more time&date services. FreeIPA supports ntpd only, other
+# services will be disabled during IPA installation
+timedate_services = ['ntpd', 'chronyd']
+
+
+# The common ports for these services. This is used to wait for the
+# service to become available.
+wellknownports = {
+    'dirsrv@PKI-IPA.service': [7389],
+    'PKI-IPA': [7389],
+    'dirsrv': [389], # this is only used if the incoming instance name is blank
+    'pki-cad': [9180, 9443, 9444],
+    'pki-tomcatd@pki-tomcat.service': [8080, 8443],
+    'pki-tomcat': [8080, 8443],
+    'pki-tomcatd': [8080, 8443],  # used if the incoming instance name is blank
+}
+
+SVC_LIST_FILE = "/var/run/ipa/services.list"
+
+class AuthConfig(object):
+    """
+    AuthConfig class implements system-independent interface to configure
+    system authentication resources. In Red Hat systems this is done with
+    authconfig(8) utility.
+
+    AuthConfig class is nothing more than a tool to gather configuration
+    options and execute their processing. These options then converted by
+    an actual implementation to series of a system calls to appropriate
+    utilities performing real configuration.
+
+    IPA *expects* names of AuthConfig's options to follow authconfig(8)
+    naming scheme!
+
+    Actual implementation should be done in ipapython/platform/<platform>.py
+    by inheriting from platform.AuthConfig and redefining __build_args()
+    and execute() methods.
+
+    from ipapython.platform import platform
+    class PlatformAuthConfig(platform.AuthConfig):
+        def __build_args():
+        ...
+
+        def execute():
+        ...
+
+    authconfig = PlatformAuthConfig
+    ....
+
+    See ipapython/platform/redhat.py for a sample implementation that uses
+    authconfig(8) as its backend.
+
+    From IPA code perspective, the authentication configuration should be
+    done with use of ipapython.services.authconfig:
+
+    from ipapython import services as ipaservices
+    auth_config = ipaservices.authconfig()
+    auth_config.disable("ldap").\
+                disable("krb5").\
+                disable("sssd").\
+                disable("sssdauth").\
+                disable("mkhomedir").\
+                add_option("update").\
+                enable("nis").\
+                add_parameter("nisdomain","foobar")
+    auth_config.execute()
+
+    If you need to re-use existing AuthConfig instance for multiple runs,
+    make sure to call 'AuthConfig.reset()' between the runs.
+    """
+
+    def __init__(self):
+        self.parameters = {}
+
+    def enable(self, option):
+        self.parameters[option] = True
+        return self
+
+    def disable(self, option):
+        self.parameters[option] = False
+        return self
+
+    def add_option(self, option):
+        self.parameters[option] = None
+        return self
+
+    def add_parameter(self, option, value):
+        self.parameters[option] = [value]
+        return self
+
+    def __build_args(self):
+        # do nothing
+        return None
+
+    def execute(self):
+        # do nothing
+        return None
+
+    def reset(self):
+        self.parameters = {}
+        return self
+
+class PlatformService(object):
+    """
+    PlatformService abstracts out external process running on the system
+    which is possible to administer (start, stop, check status, etc).
+
+    """
+
+    def __init__(self, service_name):
+        self.service_name = service_name
+
+    def start(self, instance_name="", capture_output=True, wait=True,
+        update_service_list=True):
+        """
+        When a service is started record the fact in a special file.
+        This allows ipactl stop to always stop all services that have
+        been started via ipa tools
+        """
+        if not update_service_list:
+            return
+        svc_list = []
+        try:
+            f = open(SVC_LIST_FILE, 'r')
+            svc_list = json.load(f)
+        except Exception:
+            # not fatal, may be the first service
+            pass
+
+        if self.service_name not in svc_list:
+            svc_list.append(self.service_name)
+
+        f = open(SVC_LIST_FILE, 'w')
+        json.dump(svc_list, f)
+        f.flush()
+        f.close()
+        return
+
+    def stop(self, instance_name="", capture_output=True, update_service_list=True):
+        """
+        When a service is stopped remove it from the service list file.
+        """
+        if not update_service_list:
+            return
+        svc_list = []
+        try:
+            f = open(SVC_LIST_FILE, 'r')
+            svc_list = json.load(f)
+        except Exception:
+            # not fatal, may be the first service
+            pass
+
+        while self.service_name in svc_list:
+            svc_list.remove(self.service_name)
+
+        f = open(SVC_LIST_FILE, 'w')
+        json.dump(svc_list, f)
+        f.flush()
+        f.close()
+        return
+
+    def restart(self, instance_name="", capture_output=True, wait=True):
+        return
+
+    def is_running(self, instance_name=""):
+        return False
+
+    def is_installed(self):
+        return False
+
+    def is_enabled(self, instance_name=""):
+        return False
+
+    def enable(self, instance_name=""):
+        return
+
+    def disable(self, instance_name=""):
+        return
+
+    def install(self, instance_name=""):
+        return
+
+    def remove(self, instance_name=""):
+        return
+
+    def get_config_dir(self, instance_name=""):
+        return
+
+class KnownServices(MagicDict):
+    """
+    KnownServices is an abstract class factory that should give out instances
+    of well-known platform services. Actual implementation must create these
+    instances as its own attributes on first access (or instance creation)
+    and cache them.
+    """
+
diff --git a/ipapython/platform/base/systemd.py b/ipapython/platform/base/systemd.py
new file mode 100644
index 000000000..a9c1ec032
--- /dev/null
+++ b/ipapython/platform/base/systemd.py
@@ -0,0 +1,233 @@
+# Author: Alexander Bokovoy <abokovoy@redhat.com>
+#
+# Copyright (C) 2011   Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.    See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import shutil
+import sys
+
+from ipapython import ipautil
+from ipapython.platform import base
+from ipalib import api
+
+class SystemdService(base.PlatformService):
+    SYSTEMD_ETC_PATH = "/etc/systemd/system/"
+    SYSTEMD_LIB_PATH = "/lib/systemd/system/"
+    SYSTEMD_SRV_TARGET = "%s.target.wants"
+
+    def __init__(self, service_name, systemd_name):
+        super(SystemdService, self).__init__(service_name)
+        self.systemd_name = systemd_name
+        self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name)
+        self.lib_path_exists = None
+
+    def service_instance(self, instance_name):
+        if self.lib_path_exists is None:
+            self.lib_path_exists = os.path.exists(self.lib_path)
+
+        elements = self.systemd_name.split("@")
+
+        # Short-cut: if there is already exact service name, return it
+        if self.lib_path_exists and len(instance_name) == 0:
+            if len(elements) == 1:
+                # service name is like pki-tomcatd.target or krb5kdc.service
+                return self.systemd_name
+            if len(elements) > 1 and elements[1][0] != '.':
+                # Service name is like pki-tomcatd@pki-tomcat.service and that file exists
+                return self.systemd_name
+
+        if len(elements) > 1:
+            # We have dynamic service
+            if len(instance_name) > 0:
+                # Instanciate dynamic service
+                return "%s@%s.service" % (elements[0], instance_name)
+            else:
+                # No instance name, try with target
+                tgt_name = "%s.target" % (elements[0])
+                srv_lib = os.path.join(self.SYSTEMD_LIB_PATH, tgt_name)
+                if os.path.exists(srv_lib):
+                    return tgt_name
+
+        return self.systemd_name
+
+    def parse_variables(self, text, separator=None):
+        """
+        Parses 'systemctl show' output and returns a dict[variable]=value
+        Arguments: text -- 'systemctl show' output as string
+                   separator -- optional (defaults to None), what separates the key/value pairs in the text
+        """
+        def splitter(x, separator=None):
+            if len(x) > 1:
+                y = x.split(separator)
+                return (y[0], y[-1])
+            return (None,None)
+        return dict(map(lambda x: splitter(x, separator=separator), text.split("\n")))
+
+    def __wait_for_open_ports(self, instance_name=""):
+        """
+        If this is a service we need to wait for do so.
+        """
+        ports = None
+        if instance_name in base.wellknownports:
+            ports = base.wellknownports[instance_name]
+        else:
+            elements = self.systemd_name.split("@")
+            if elements[0] in base.wellknownports:
+                ports = base.wellknownports[elements[0]]
+        if ports:
+            ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+
+    def stop(self, instance_name="", capture_output=True):
+        ipautil.run(["/bin/systemctl", "stop", self.service_instance(instance_name)], capture_output=capture_output)
+        if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+            update_service_list = True
+        else:
+            update_service_list = False
+        super(SystemdService, self).stop(instance_name,update_service_list=update_service_list)
+
+    def start(self, instance_name="", capture_output=True, wait=True):
+        ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output)
+        if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+            update_service_list = True
+        else:
+            update_service_list = False
+        if wait and self.is_running(instance_name):
+            self.__wait_for_open_ports(self.service_instance(instance_name))
+        super(SystemdService, self).start(instance_name, update_service_list=update_service_list)
+
+    def restart(self, instance_name="", capture_output=True, wait=True):
+        # Restart command is broken before systemd-36-3.fc16
+        # If you have older systemd version, restart of dependent services will hang systemd indefinetly
+        ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output)
+        if wait and self.is_running(instance_name):
+            self.__wait_for_open_ports(self.service_instance(instance_name))
+
+    def is_running(self, instance_name=""):
+        ret = True
+        try:
+            (sout, serr, rcode) = ipautil.run(["/bin/systemctl", "is-active", self.service_instance(instance_name)],capture_output=True)
+            if rcode != 0:
+                ret = False
+        except ipautil.CalledProcessError:
+                ret = False
+        return ret
+
+    def is_installed(self):
+        installed = True
+        try:
+            (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "list-unit-files", "--full"])
+            if rcode != 0:
+                installed = False
+            else:
+                svar = self.parse_variables(sout)
+                if not self.service_instance("") in svar:
+                    # systemd doesn't show the service
+                    installed = False
+        except ipautil.CalledProcessError, e:
+                installed = False
+        return installed
+
+    def is_enabled(self, instance_name=""):
+        enabled = True
+        try:
+            (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "is-enabled", self.service_instance(instance_name)])
+            if rcode != 0:
+                enabled = False
+        except ipautil.CalledProcessError, e:
+                enabled = False
+        return enabled
+
+    def enable(self, instance_name=""):
+        if self.lib_path_exists is None:
+            self.lib_path_exists = os.path.exists(self.lib_path)
+        elements = self.systemd_name.split("@")
+        l = len(elements)
+
+        if self.lib_path_exists and (l > 1 and elements[1][0] != '.'):
+            # There is explicit service unit supporting this instance, follow normal systemd enabler
+            self.__enable(instance_name)
+            return
+
+        if self.lib_path_exists and (l == 1):
+            # There is explicit service unit which does not support the instances, ignore instance
+            self.__enable()
+            return
+
+        if len(instance_name) > 0 and l > 1:
+            # New instance, we need to do following:
+            # 1. Make /etc/systemd/system/<service>.target.wants/ if it is not there
+            # 2. Link /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service to
+            #    /lib/systemd/system/<service>@.service
+            srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0]))
+            srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name))
+            try:
+                if not ipautil.dir_exists(srv_tgt):
+                    os.mkdir(srv_tgt)
+                if os.path.exists(srv_lnk):
+                    # Remove old link
+                    os.unlink(srv_lnk)
+                if not os.path.exists(srv_lnk):
+                    # object does not exist _or_ is a broken link
+                    if not os.path.islink(srv_lnk):
+                        # if it truly does not exist, make a link
+                        os.symlink(self.lib_path, srv_lnk)
+                    else:
+                        # Link exists and it is broken, make new one
+                        os.unlink(srv_lnk)
+                        os.symlink(self.lib_path, srv_lnk)
+                ipautil.run(["/bin/systemctl", "--system", "daemon-reload"])
+            except:
+                pass
+        else:
+            self.__enable(instance_name)
+
+    def disable(self, instance_name=""):
+        elements = self.systemd_name.split("@")
+        if instance_name != "" and len(elements) > 1:
+            # Remove instance, we need to do following:
+            #  Remove link from /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service
+            #  to /lib/systemd/system/<service>@.service
+            srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0]))
+            srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name))
+            try:
+                if ipautil.dir_exists(srv_tgt):
+                    if os.path.islink(srv_lnk):
+                        os.unlink(srv_lnk)
+                ipautil.run(["/bin/systemctl", "--system", "daemon-reload"])
+            except:
+                pass
+        else:
+            self.__disable(instance_name)
+
+    def __enable(self, instance_name=""):
+        try:
+            ipautil.run(["/bin/systemctl", "enable", self.service_instance(instance_name)])
+        except ipautil.CalledProcessError, e:
+            pass
+
+    def __disable(self, instance_name=""):
+        try:
+            ipautil.run(["/bin/systemctl", "disable", self.service_instance(instance_name)])
+        except ipautil.CalledProcessError, e:
+            pass
+
+    def install(self):
+        self.enable()
+
+    def remove(self):
+        self.disable()