Introduce ipa control script that reads configuration off ldap

This replace the former ipactl script, as well as replace the current way ipa
components are started.

Instead of enabling each service in the system init scripts, enable only the
ipa script, and then let it start all components based on the configuration
read from the LDAP tree.

resolves: https://fedorahosted.org/freeipa/ticket/294

6 files changed, 72 insertions, 18 deletions

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index a10b85464..30ce41138 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -275,7 +275,10 @@ class BindInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_running())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        self.ldap_enable('DNS', self.fqdn, self.dm_password, self.suffix)
 
     def __setup_sub_dict(self):
         if self.forwarders:
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 5f13b721f..4a645bc84 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -242,7 +242,6 @@ class CADSInstance(service.Service):
 
         self.step("creating directory server user", self.__create_ds_user)
         self.step("creating directory server instance", self.__create_instance)
-        self.step("configuring directory to start on boot", self.__enable)
         self.step("restarting directory server", self.__restart_instance)
 
         self.start_creation("Configuring directory server for the CA", 30)
@@ -255,13 +254,6 @@ class CADSInstance(service.Service):
                              SERVER_ROOT=server_root, DOMAIN=self.domain,
                              TIME=int(time.time()), DSPORT=self.ds_port)
 
-    def __enable(self):
-        name = self.service_name
-        self.service_name="dirsrv"
-        self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
-        self.service_name = name
-
     def __create_ds_user(self):
         user_exists = True
         try:
@@ -483,7 +475,11 @@ class CAInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        suffix = util.realm_to_suffix(self.realm)
+        self.ldap_enable('CA', self.fqdn, self.dm_password, suffix)
 
     def __create_ca_user(self):
         user_exists = True
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 03066984e..6fdc479ca 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -295,7 +295,10 @@ class DsInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        # At the end of the installation ipa-server-install will enable the
+        # 'ipa' service wich takes care of starting/stopping dirsrv
+        # self.chkconfig_on()
+        self.chkconfig_off()
 
     def __setup_sub_dict(self):
         server_root = find_server_root()
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index f55995b19..73930825f 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -91,7 +91,10 @@ class HTTPInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_running())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix)
 
     def __selinux_config(self):
         selinux=0
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 8c22e6f41..516c7eac5 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -203,8 +203,7 @@ class KrbInstance(service.Service):
         self.start_creation("Configuring Kerberos KDC", 30)
 
         self.kpasswd = KpasswdInstance()
-
-        self.kpasswd.create_instance()
+        self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
 
     def create_replica(self, ds_user, realm_name, host_name,
                        domain_name, admin_password,
@@ -233,7 +232,7 @@ class KrbInstance(service.Service):
         self.start_creation("Configuring Kerberos KDC", 30)
 
         self.kpasswd = KpasswdInstance()
-        self.kpasswd.create_instance()
+        self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
 
     def __copy_ldap_passwd(self, filename):
         self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd")
@@ -258,7 +257,10 @@ class KrbInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        self.ldap_enable('KDC', self.fqdn, self.admin_password, self.suffix)
 
     def __start_instance(self):
         try:
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 43437306e..41b5455d3 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -29,6 +29,13 @@ import base64
 import time
 import datetime
 
+SERVICE_LIST = {
+    'KDC':('krb5kdc', 10),
+    'KPASSWD':('ipa_kpasswd', 20),
+    'DNS':('named', 30),
+    'HTTP':('httpd', 40),
+    'CA':('pki_cad', 50)
+}
 
 def stop(service_name, instance_name=""):
     ipautil.run(["/sbin/service", service_name, "stop", instance_name])
@@ -263,8 +270,44 @@ class Service:
 
         self.steps = []
 
+    def __get_conn(self, dm_password):
+        try:
+            conn = ipaldap.IPAdmin("127.0.0.1")
+            conn.simple_bind_s("cn=directory manager", dm_password)
+        except Exception, e:
+            logging.critical("Could not connect to the Directory Server on %s: %s" % (self.fqdn, str(e)))
+            raise e
+
+        return conn
+
+    def ldap_enable(self, name, fqdn, dm_password, ldap_suffix):
+        self.chkconfig_off()
+        conn = self.__get_conn(dm_password)
+
+        entry_name = "cn=%s,cn=%s,%s,%s" % (name, fqdn,
+                                            "cn=masters,cn=ipa,cn=etc",
+                                            ldap_suffix)
+        order = SERVICE_LIST[name][1]
+        entry = ipaldap.Entry(entry_name)
+        entry.setValues("objectclass",
+                        "nsContainer", "ipaConfigObject")
+        entry.setValues("cn", name)
+        entry.setValues("ipaconfigstring",
+                        "enabledService", "startOrder " + str(order))
+
+        try:
+            conn.add_s(entry)
+        except ldap.ALREADY_EXISTS:
+            logging.critical("failed to add %s Service startup entry" % name)
+            raise e
+
 class SimpleServiceInstance(Service):
-    def create_instance(self):
+    def create_instance(self, gensvc_name=None, fqdn=None, dm_password=None, ldap_suffix=None):
+        self.gensvc_name = gensvc_name
+        self.fqdn = fqdn
+        self.dm_password = dm_password
+        self.suffix = ldap_suffix
+
         self.step("starting %s " % self.service_name, self.__start)
         self.step("configuring %s to start on boot" % self.service_name, self.__enable)
         self.start_creation("Configuring %s" % self.service_name)
@@ -276,7 +319,11 @@ class SimpleServiceInstance(Service):
     def __enable(self):
         self.chkconfig_add()
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        if self.gensvc_name == None:
+            self.chkconfig_on()
+        else:
+            self.ldap_enable(self.gensvc_name, self.fqdn,
+                             self.dm_password, self.suffix)
 
     def uninstall(self):
         if self.is_configured():