summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xinstall/tools/ipa-replica-install5
-rwxr-xr-xinstall/tools/ipa-server-install7
-rw-r--r--ipaserver/install/cainstance.py28
-rw-r--r--ipaserver/install/dsinstance.py50
-rw-r--r--ipaserver/install/installutils.py44
-rw-r--r--ipaserver/install/ipa_restore.py3
6 files changed, 68 insertions, 69 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index e3b65b096..2986685d0 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -568,9 +568,8 @@ def main():
api.bootstrap(in_server=True, context='installer')
api.finalize()
- # Create DS group if it doesn't exist yet
- group_exists = dsinstance.create_ds_group()
- sstore.backup_state("install", "group_exists", group_exists)
+ # Create DS user/group if it doesn't exist yet
+ dsinstance.create_ds_user()
#Automatically disable pkinit w/ dogtag until that is supported
options.setup_pkinit = False
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index c81914951..86422e332 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -556,7 +556,8 @@ def uninstall():
ipaclient.ntpconf.restore_forced_ntpd(sstore)
- group_exists = sstore.restore_state("install", "group_exists")
+ # Clean up group_exists (unused since IPA 2.2, not being set since 4.1)
+ sstore.restore_state("install", "group_exists")
services.knownservices.ipa.disable()
@@ -1061,8 +1062,8 @@ def main():
# configure /etc/sysconfig/network to contain the custom hostname
tasks.backup_and_replace_hostname(fstore, sstore, host_name)
- # Create DS group if it doesn't exist yet
- dsinstance.create_ds_group()
+ # Create DS user/group if it doesn't exist yet
+ dsinstance.create_ds_user()
# Create a directory server instance
if external != 2:
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index a18312227..45c72198d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -249,6 +249,16 @@ def is_ca_installed_locally():
return os.path.exists(path)
+def create_ca_user():
+ """Create PKI user/group if it doesn't exist yet."""
+ installutils.create_system_user(
+ name=PKI_USER,
+ group=PKI_USER,
+ homedir=paths.VAR_LIB,
+ shell=paths.NOLOGIN,
+ )
+
+
class CADSInstance(service.Service):
"""Certificate Authority DS instance
@@ -396,7 +406,7 @@ class CAInstance(DogtagInstance):
self.cert_chain_file = cert_chain_file
self.external = 2
- self.step("creating certificate server user", self.__create_ca_user)
+ self.step("creating certificate server user", create_ca_user)
if self.dogtag_constants.DOGTAG_VERSION >= 10:
self.step("configuring certificate server instance", self.__spawn_instance)
else:
@@ -605,22 +615,6 @@ class CAInstance(DogtagInstance):
self.backup_state('installed', True)
ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn})
- def __create_ca_user(self):
- try:
- pwd.getpwnam(PKI_USER)
- self.log.debug("ca user %s exists", PKI_USER)
- except KeyError:
- self.log.debug("adding ca user %s", PKI_USER)
- args = [paths.USERADD, "-c", "CA System User",
- "-d", paths.VAR_LIB,
- "-s", paths.NOLOGIN,
- "-M", "-r", PKI_USER]
- try:
- ipautil.run(args)
- self.log.debug("done adding user")
- except ipautil.CalledProcessError, e:
- self.log.critical("failed to add user %s", e)
-
def __configure_instance(self):
# Only used for Dogtag 9
preop_pin = get_preop_pin(
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 0518dd0e0..0edd4ed63 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -26,7 +26,6 @@ import re
import time
import tempfile
import stat
-import grp
from ipapython.ipa_log_manager import *
from ipapython import ipautil, sysrestore, ipaldap
@@ -152,49 +151,14 @@ def is_ds_running(server_id=''):
def create_ds_user():
- """
- Create DS user if it doesn't exist yet.
- """
- try:
- pwd.getpwnam(DS_USER)
- root_logger.debug('DS user %s exists', DS_USER)
- except KeyError:
- root_logger.debug('Adding DS user %s', DS_USER)
- args = [
- paths.USERADD,
- '-g', DS_GROUP,
- '-c', 'DS System User',
- '-d', paths.VAR_LIB_DIRSRV,
- '-s', paths.NOLOGIN,
- '-M', '-r', DS_USER
- ]
- try:
- ipautil.run(args)
- root_logger.debug('Done adding DS user')
- except ipautil.CalledProcessError, e:
- root_logger.critical('Failed to add DS user: %s', e)
-
-
-def create_ds_group():
- """
- Create DS group if it doesn't exist yet.
- Returns True if the group already exists.
- """
- try:
- grp.getgrnam(DS_GROUP)
- root_logger.debug('DS group %s exists', DS_GROUP)
- group_exists = True
- except KeyError:
- group_exists = False
- root_logger.debug('Adding DS group %s', DS_GROUP)
- args = [paths.GROUPADD, '-r', DS_GROUP]
- try:
- ipautil.run(args)
- root_logger.debug('Done adding DS group')
- except ipautil.CalledProcessError, e:
- root_logger.critical('Failed to add DS group: %s', e)
+ """Create DS user/group if it doesn't exist yet."""
+ installutils.create_system_user(
+ name=DS_USER,
+ group=DS_USER,
+ homedir=paths.VAR_LIB_DIRSRV,
+ shell=paths.NOLOGIN,
+ )
- return group_exists
INF_TEMPLATE = """
[General]
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index e4cf5040f..34ae30624 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -29,6 +29,8 @@ from ConfigParser import SafeConfigParser, NoOptionError
import traceback
import textwrap
from contextlib import contextmanager
+import pwd
+import grp
from dns import resolver, rdatatype
from dns.exception import DNSException
@@ -37,7 +39,7 @@ from nss.error import NSPRError
from ipapython import ipautil, sysrestore, admintool, dogtag, version
from ipapython.admintool import ScriptError
-from ipapython.ipa_log_manager import root_logger
+from ipapython.ipa_log_manager import root_logger, log_mgr
from ipalib.util import validate_hostname
from ipapython import config
from ipalib import errors, x509
@@ -82,6 +84,8 @@ class ReplicaConfig:
subject_base = ipautil.dn_attribute_property('_subject_base')
+log = log_mgr.get_logger(__name__)
+
def get_fqdn():
fqdn = ""
try:
@@ -982,3 +986,41 @@ def validate_external_cert(cert_file, ca_file, subject_base):
raise ValueError(
"The external CA chain is incomplete (%s is missing from the "
"chain)." % certsubject)
+
+
+def create_system_user(name, group, homedir, shell):
+ """Create a system user with a corresponding group"""
+ try:
+ grp.getgrnam(group)
+ except KeyError:
+ log.debug('Adding group %s', group)
+ args = [paths.GROUPADD, '-r', group]
+ try:
+ ipautil.run(args)
+ log.debug('Done adding group')
+ except ipautil.CalledProcessError as e:
+ log.critical('Failed to add group: %s', e)
+ raise
+ else:
+ log.debug('group %s exists', group)
+
+ try:
+ pwd.getpwnam(name)
+ except KeyError:
+ log.debug('Adding user %s', name)
+ args = [
+ paths.USERADD,
+ '-g', group,
+ '-c', 'DS System User',
+ '-d', homedir,
+ '-s', shell,
+ '-M', '-r', name,
+ ]
+ try:
+ ipautil.run(args)
+ log.debug('Done adding user')
+ except ipautil.CalledProcessError as e:
+ log.critical('Failed to add user: %s', e)
+ raise
+ else:
+ log.debug('user %s exists', name)
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 948d0be32..7929503f1 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -30,7 +30,7 @@ from ipapython import version
from ipapython.ipautil import run, user_input
from ipapython import admintool
from ipapython.dn import DN
-from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_group,
+from ipaserver.install.dsinstance import (realm_to_serverid,
create_ds_user, DS_USER)
from ipaserver.install.cainstance import PKI_USER
from ipaserver.install.replication import (wait_for_task, ReplicationManager,
@@ -188,7 +188,6 @@ class Restore(admintool.AdminTool):
if options.data_only and not instances:
raise admintool.ScriptError('No instances to restore to')
- create_ds_group()
create_ds_user()
pent = pwd.getpwnam(DS_USER)
generated by cgit (git 2.34.1) at 2024-07-04 15:29:09 +0000