diff options
-rwxr-xr-x | install/tools/ipa-replica-install | 5 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 7 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 28 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 50 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 44 | ||||
-rw-r--r-- | ipaserver/install/ipa_restore.py | 3 |
6 files changed, 68 insertions, 69 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index e3b65b096..2986685d0 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -568,9 +568,8 @@ def main(): api.bootstrap(in_server=True, context='installer') api.finalize() - # Create DS group if it doesn't exist yet - group_exists = dsinstance.create_ds_group() - sstore.backup_state("install", "group_exists", group_exists) + # Create DS user/group if it doesn't exist yet + dsinstance.create_ds_user() #Automatically disable pkinit w/ dogtag until that is supported options.setup_pkinit = False diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c81914951..86422e332 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -556,7 +556,8 @@ def uninstall(): ipaclient.ntpconf.restore_forced_ntpd(sstore) - group_exists = sstore.restore_state("install", "group_exists") + # Clean up group_exists (unused since IPA 2.2, not being set since 4.1) + sstore.restore_state("install", "group_exists") services.knownservices.ipa.disable() @@ -1061,8 +1062,8 @@ def main(): # configure /etc/sysconfig/network to contain the custom hostname tasks.backup_and_replace_hostname(fstore, sstore, host_name) - # Create DS group if it doesn't exist yet - dsinstance.create_ds_group() + # Create DS user/group if it doesn't exist yet + dsinstance.create_ds_user() # Create a directory server instance if external != 2: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index a18312227..45c72198d 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -249,6 +249,16 @@ def is_ca_installed_locally(): return os.path.exists(path) +def create_ca_user(): + """Create PKI user/group if it doesn't exist yet.""" + installutils.create_system_user( + name=PKI_USER, + group=PKI_USER, + homedir=paths.VAR_LIB, + shell=paths.NOLOGIN, + ) + + class CADSInstance(service.Service): """Certificate Authority DS instance @@ -396,7 +406,7 @@ class CAInstance(DogtagInstance): self.cert_chain_file = cert_chain_file self.external = 2 - self.step("creating certificate server user", self.__create_ca_user) + self.step("creating certificate server user", create_ca_user) if self.dogtag_constants.DOGTAG_VERSION >= 10: self.step("configuring certificate server instance", self.__spawn_instance) else: @@ -605,22 +615,6 @@ class CAInstance(DogtagInstance): self.backup_state('installed', True) ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}) - def __create_ca_user(self): - try: - pwd.getpwnam(PKI_USER) - self.log.debug("ca user %s exists", PKI_USER) - except KeyError: - self.log.debug("adding ca user %s", PKI_USER) - args = [paths.USERADD, "-c", "CA System User", - "-d", paths.VAR_LIB, - "-s", paths.NOLOGIN, - "-M", "-r", PKI_USER] - try: - ipautil.run(args) - self.log.debug("done adding user") - except ipautil.CalledProcessError, e: - self.log.critical("failed to add user %s", e) - def __configure_instance(self): # Only used for Dogtag 9 preop_pin = get_preop_pin( diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 0518dd0e0..0edd4ed63 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -26,7 +26,6 @@ import re import time import tempfile import stat -import grp from ipapython.ipa_log_manager import * from ipapython import ipautil, sysrestore, ipaldap @@ -152,49 +151,14 @@ def is_ds_running(server_id=''): def create_ds_user(): - """ - Create DS user if it doesn't exist yet. - """ - try: - pwd.getpwnam(DS_USER) - root_logger.debug('DS user %s exists', DS_USER) - except KeyError: - root_logger.debug('Adding DS user %s', DS_USER) - args = [ - paths.USERADD, - '-g', DS_GROUP, - '-c', 'DS System User', - '-d', paths.VAR_LIB_DIRSRV, - '-s', paths.NOLOGIN, - '-M', '-r', DS_USER - ] - try: - ipautil.run(args) - root_logger.debug('Done adding DS user') - except ipautil.CalledProcessError, e: - root_logger.critical('Failed to add DS user: %s', e) - - -def create_ds_group(): - """ - Create DS group if it doesn't exist yet. - Returns True if the group already exists. - """ - try: - grp.getgrnam(DS_GROUP) - root_logger.debug('DS group %s exists', DS_GROUP) - group_exists = True - except KeyError: - group_exists = False - root_logger.debug('Adding DS group %s', DS_GROUP) - args = [paths.GROUPADD, '-r', DS_GROUP] - try: - ipautil.run(args) - root_logger.debug('Done adding DS group') - except ipautil.CalledProcessError, e: - root_logger.critical('Failed to add DS group: %s', e) + """Create DS user/group if it doesn't exist yet.""" + installutils.create_system_user( + name=DS_USER, + group=DS_USER, + homedir=paths.VAR_LIB_DIRSRV, + shell=paths.NOLOGIN, + ) - return group_exists INF_TEMPLATE = """ [General] diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index e4cf5040f..34ae30624 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -29,6 +29,8 @@ from ConfigParser import SafeConfigParser, NoOptionError import traceback import textwrap from contextlib import contextmanager +import pwd +import grp from dns import resolver, rdatatype from dns.exception import DNSException @@ -37,7 +39,7 @@ from nss.error import NSPRError from ipapython import ipautil, sysrestore, admintool, dogtag, version from ipapython.admintool import ScriptError -from ipapython.ipa_log_manager import root_logger +from ipapython.ipa_log_manager import root_logger, log_mgr from ipalib.util import validate_hostname from ipapython import config from ipalib import errors, x509 @@ -82,6 +84,8 @@ class ReplicaConfig: subject_base = ipautil.dn_attribute_property('_subject_base') +log = log_mgr.get_logger(__name__) + def get_fqdn(): fqdn = "" try: @@ -982,3 +986,41 @@ def validate_external_cert(cert_file, ca_file, subject_base): raise ValueError( "The external CA chain is incomplete (%s is missing from the " "chain)." % certsubject) + + +def create_system_user(name, group, homedir, shell): + """Create a system user with a corresponding group""" + try: + grp.getgrnam(group) + except KeyError: + log.debug('Adding group %s', group) + args = [paths.GROUPADD, '-r', group] + try: + ipautil.run(args) + log.debug('Done adding group') + except ipautil.CalledProcessError as e: + log.critical('Failed to add group: %s', e) + raise + else: + log.debug('group %s exists', group) + + try: + pwd.getpwnam(name) + except KeyError: + log.debug('Adding user %s', name) + args = [ + paths.USERADD, + '-g', group, + '-c', 'DS System User', + '-d', homedir, + '-s', shell, + '-M', '-r', name, + ] + try: + ipautil.run(args) + log.debug('Done adding user') + except ipautil.CalledProcessError as e: + log.critical('Failed to add user: %s', e) + raise + else: + log.debug('user %s exists', name) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 948d0be32..7929503f1 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -30,7 +30,7 @@ from ipapython import version from ipapython.ipautil import run, user_input from ipapython import admintool from ipapython.dn import DN -from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_group, +from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_user, DS_USER) from ipaserver.install.cainstance import PKI_USER from ipaserver.install.replication import (wait_for_task, ReplicationManager, @@ -188,7 +188,6 @@ class Restore(admintool.AdminTool): if options.data_only and not instances: raise admintool.ScriptError('No instances to restore to') - create_ds_group() create_ds_user() pent = pwd.getpwnam(DS_USER) |