diff options
44 files changed, 697 insertions, 807 deletions
diff --git a/contrib/RHEL4/ipa-client-setup b/contrib/RHEL4/ipa-client-setup index fe816167e..bba60c2ab 100644 --- a/contrib/RHEL4/ipa-client-setup +++ b/contrib/RHEL4/ipa-client-setup @@ -26,7 +26,7 @@ import os import string import shutil import socket -import logging +from ipapython.ipa_log_manager import * from optparse import OptionParser import ipachangeconf import ldap @@ -53,55 +53,55 @@ class ipaserver: return str(self.basedn) def check(self): - + lret = [] lres = [] lattr = "" linfo = "" lrealms = [] - + i = 0 - + #now verify the server is really an IPA server try: - logging.debug("Init ldap with: ldap://"+self.server+":389") + root_logger.debug("Init ldap with: ldap://"+self.server+":389") lh = ldap.initialize("ldap://"+self.server+":389") lh.simple_bind_s("","") - - logging.debug("Search rootdse") + + root_logger.debug("Search rootdse") lret = lh.search_s("", ldap.SCOPE_BASE, "(objectClass=*)") for lattr in lret[0][1]: if lattr.lower() == "namingcontexts": self.basedn = lret[0][1][lattr][0] - - logging.debug("Search for (info=*) in "+self.basedn+"(base)") + + root_logger.debug("Search for (info=*) in "+self.basedn+"(base)") lret = lh.search_s(self.basedn, ldap.SCOPE_BASE, "(info=IPA*)") if not lret: return False - logging.debug("Found: "+str(lret)) - + root_logger.debug("Found: "+str(lret)) + for lattr in lret[0][1]: if lattr.lower() == "info": linfo = lret[0][1][lattr][0].lower() break - + if not linfo: return False - + #search and return known realms - logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)") + root_logger.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)") lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)") if not lret: #something very wrong return False - logging.debug("Found: "+str(lret)) - + root_logger.debug("Found: "+str(lret)) + for lres in lret: for lattr in lres[1]: if lattr.lower() == "cn": lrealms.append(lres[1][lattr][0]) - - + + if len(lrealms) != 1: #which one? we can't attach to a multi-realm server without DNS working return False @@ -109,10 +109,10 @@ class ipaserver: self.realm = lrealms[0] self.domain = lrealms[0].lower() return True - + except LDAPError, err: #no good - logging.error("Ldap Error: "+str(err)) + root_logger.error("Ldap Error: "+str(err)) return False ntp_conf = """# Permit time synchronization with our time source, but do not @@ -123,7 +123,7 @@ restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. -restrict 127.0.0.1 +restrict 127.0.0.1 restrict -6 ::1 # Hosts on local network are less restricted. @@ -141,9 +141,9 @@ server $SERVER #manycastclient 239.255.254.254 key 42 # manycast client # Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. +# and when no outside source of synchronized time is available. server 127.127.1.0 # local clock -#fudge 127.127.1.0 stratum 10 +#fudge 127.127.1.0 stratum 10 # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file @@ -152,7 +152,7 @@ server 127.127.1.0 # local clock driftfile /var/lib/ntp/drift # Key file containing the keys and key identifiers used when operating -# with symmetric key cryptography. +# with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. @@ -222,26 +222,11 @@ def ask_for_confirmation(message): return True def logging_setup(options): - # Always log everything (i.e., DEBUG) to the log - # file. - logger = logging.getLogger('ipa-client-setup') - fh = logging.FileHandler('ipaclient-install.log') - formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s') - fh.setFormatter(formatter) - logger.addHandler(fh) - - # If the debug option is set, also log debug messages to the console - if options.debug: - logger.setLevel(logging.DEBUG) - else: - # Otherwise, log critical and error messages - logger.setLevel(logging.ERROR) - - return logger + standard_logging_setup('ipaclient-install.log', debug=options.debug) def main(): options = parse_options() - logger = logging_setup(options) + logging_setup(options) dnsok = True ipasrv = ipaserver(options.server) diff --git a/install/migration/migration.py b/install/migration/migration.py index 8edd67869..449d35c66 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -25,7 +25,7 @@ import errno import glob import ldap import wsgiref -import logging +from ipapython.ipa_log_manager import * from ipapython.ipautil import get_ipa_basedn BASE_DN = '' @@ -68,7 +68,7 @@ def get_base_dn(): conn.simple_bind_s('', '') BASE_DN = get_ipa_basedn(conn) except ldap.LDAPError, e: - logging.error('migration context search failed: %s' % e) + root_logger.error('migration context search failed: %s' % e) return '' finally: conn.unbind_s() @@ -78,7 +78,7 @@ def get_base_dn(): def bind(username, password): base_dn = get_base_dn() if not base_dn: - logging.error('migration unable to get base dn') + root_logger.error('migration unable to get base dn') raise IOError(errno.EIO, 'Cannot get Base DN') bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn) try: @@ -86,10 +86,10 @@ def bind(username, password): conn.simple_bind_s(bind_dn, password) except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT), e: - logging.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e))) + root_logger.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e))) raise IOError(errno.EPERM, 'Invalid LDAP credentials for user %s' % username) except ldap.LDAPError, e: - logging.error('migration bind failed: %s' % convert_exception(e)) + root_logger.error('migration bind failed: %s' % convert_exception(e)) raise IOError(errno.EIO, 'Bind error') finally: conn.unbind_s() diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index cc99b5551..9a6e61c2c 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -33,6 +33,7 @@ from ipalib import api, errors, util from ipapython.config import IPAOptionParser import krbV import ldap +from ipapython.ipa_log_manager import * def parse_options(): parser = IPAOptionParser(version=version.VERSION) @@ -82,11 +83,11 @@ def main(): if os.getegid() != 0: sys.exit("Must be root to setup AD trusts on server") - standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a') + standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug, filemode='a') print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log" - logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) - logging.debug("missing options might be asked for interactively later\n") + root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) + root_logger.debug("missing options might be asked for interactively later\n") installutils.check_server_configuration() @@ -149,7 +150,7 @@ def main(): sys.exit("Aborting installation.") ip_address = str(ip) - logging.debug("will use ip_address: %s\n", ip_address) + root_logger.debug("will use ip_address: %s\n", ip_address) if not options.unattended: print "" @@ -245,5 +246,5 @@ except Exception, e: message = str(e) for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str - logging.debug(message) + root_logger.debug(message) sys.exit(1) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 445b06214..57f867e70 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -21,7 +21,7 @@ import sys import socket -import os, traceback, logging, shutil +import os, traceback, shutil from ipapython import ipautil from ipapython import services as ipaservices @@ -37,6 +37,7 @@ from ipapython import version from ipalib import api, util from ipapython.config import IPAOptionParser from ipapython import sysrestore +from ipapython.ipa_log_manager import * CACERT="/etc/ipa/ca.crt" REPLICA_INFO_TOP_DIR=None @@ -71,8 +72,8 @@ def get_dirman_password(): def main(): safe_options, options, filename = parse_options() - installutils.standard_logging_setup("/var/log/ipareplica-ca-install.log", options.debug) - logging.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options)) + standard_logging_setup("/var/log/ipareplica-ca-install.log", debug=options.debug) + root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options)) if not ipautil.file_exists(filename): sys.exit("Replica file %s does not exist" % filename) @@ -120,7 +121,7 @@ def main(): try: host = get_host_name(options.no_host_dns) except BadHostError, e: - logging.error(str(e)) + root_logger.error(str(e)) sys.exit(1) if config.host_name != host: try: @@ -170,7 +171,7 @@ except Exception, e: message = str(e) for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str - logging.debug(message) + root_logger.debug(message) except KeyboardInterrupt: print "Installation cancelled." finally: diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 898a797cf..13a93cbed 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -27,7 +27,7 @@ try: from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors - import logging + from ipapython.ipa_log_manager import * except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -79,20 +79,16 @@ def get_entry(dn, conn): def main(): retval = 0 - loglevel = logging.ERROR files = ['/usr/share/ipa/schema_compat.uldif'] options, args = parse_options() - if options.debug: - loglevel = logging.DEBUG if len(args) != 1: sys.exit("You must specify one action, either enable or disable") elif args[0] != "enable" and args[0] != "disable" and args[0] != "status": sys.exit("Unrecognized action [" + args[0] + "]") - logging.basicConfig(level=loglevel, - format='%(levelname)s %(message)s') + standard_logging_setup(None, debug=options.debug) dirman_password = "" if options.password: diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 3b08abd4b..0178f18b3 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -23,7 +23,7 @@ import sys import os import ldap, krbV -import logging +from ipapython.ipa_log_manager import * from ipapython import ipautil from ipaserver.install import replication, installutils @@ -116,7 +116,7 @@ class CSReplicationManager(replication.ReplicationManager): try: self.conn.modify_s(dn, mod) except Exception, e: - logging.debug("Failed to remove referral value: %s" % convert_error(e)) + root_logger.debug("Failed to remove referral value: %s" % convert_error(e)) def parse_options(): from optparse import OptionParser @@ -154,13 +154,6 @@ def parse_options(): cmdstr = " | ".join(commands.keys()) parser.error("must provide a command [%s]" % cmdstr) - # set log level - if options.verbose: - # if verbose, output events at INFO level if not already - mylogger = logging.getLogger() - if mylogger.getEffectiveLevel() > logging.INFO: - mylogger.setLevel(logging.INFO) - # else user has already configured logging externally lower return options, args def list_replicas(realm, host, replica, dirman_passwd, verbose): @@ -357,10 +350,10 @@ def re_initialize(realm, options): filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost entry = repl.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter) if len(entry) == 0: - logging.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) + root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) sys.exit(1) if len(entry) > 1: - logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn)) + root_logger.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn)) repl.initialize_replication(entry[0].dn, repl.conn) repl.wait_for_repl_init(repl.conn, entry[0].dn) @@ -378,8 +371,9 @@ def main(): # Just initialize the environment. This is so the installer can have # access to the plugin environment - api_env = {} - api_env['in_server'] = True + api_env = {'in_server' : True, + 'verbose' : options.verbose, + } if os.getegid() != 0: api_env['log'] = None # turn off logging for non-root diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 7841c21dc..5c02c20c0 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -32,6 +32,7 @@ from ipapython.config import IPAOptionParser from ipalib.constants import DNS_ZONE_REFRESH import krbV import ldap +from ipapython.ipa_log_manager import * def parse_options(): parser = IPAOptionParser(version=version.VERSION) @@ -88,11 +89,11 @@ def main(): if os.getegid() != 0: sys.exit("Must be root to setup server") - standard_logging_setup("/var/log/ipaserver-install.log", options.debug, filemode='a') + standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug, filemode='a') print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log" - logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) - logging.debug("missing options might be asked for interactively later\n") + root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) + root_logger.debug("missing options might be asked for interactively later\n") installutils.check_server_configuration() @@ -157,7 +158,7 @@ def main(): else: ip = read_ip_address(api.env.host, fstore) ip_address = str(ip) - logging.debug("will use ip_address: %s\n", ip_address) + root_logger.debug("will use ip_address: %s\n", ip_address) if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): sys.exit(1) @@ -168,7 +169,7 @@ def main(): dns_forwarders = options.forwarders else: dns_forwarders = read_dns_forwarders() - logging.debug("will use dns_forwarders: %s\n", str(dns_forwarders)) + root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders)) if bind.dm_password: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password) @@ -236,5 +237,5 @@ except Exception, e: message = str(e) for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str - logging.debug(message) + root_logger.debug(message) sys.exit(1) diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater index 6ecb8c155..472495471 100755 --- a/install/tools/ipa-ldap-updater +++ b/install/tools/ipa-ldap-updater @@ -32,8 +32,8 @@ try: from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR from ipaserver.install.upgradeinstance import IPAUpgrade from ipapython import sysrestore - import logging import krbV + from ipapython.ipa_log_manager import * except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -76,13 +76,10 @@ def get_dirman_password(): return password def main(): - loglevel = logging.INFO badsyntax = False upgradefailed = False safe_options, options, args = parse_options() - if options.debug: - loglevel = logging.DEBUG if os.getegid() == 0: installutils.check_server_configuration() @@ -103,19 +100,11 @@ def main(): if len(args) > 0: files = args - # Clear all existing log handler - loggers = logging.getLogger() - if loggers.handlers: - for handler in loggers.handlers: - loggers.removeHandler(handler) if options.upgrade: if os.getegid() != 0: sys.exit('Upgrade can only be done as root') - logging.basicConfig(level=loglevel, - format='%(asctime)s %(levelname)s %(message)s', - filename='/var/log/ipaupgrade.log', - filemode='a') - logging.debug('%s was invoked with arguments %s and options: %s' % (sys.argv[0], args, safe_options)) + standard_logging_setup('/var/log/ipaupgrade.log', verbose=True, debug=options.debug, filemode='a') + root_logger.debug('%s was invoked with arguments %s and options: %s' % (sys.argv[0], args, safe_options)) realm = krbV.default_context().default_realm upgrade = IPAUpgrade(realm, files, live_run=not options.test) upgrade.create_instance() @@ -123,8 +112,7 @@ def main(): badsyntax = upgrade.badsyntax upgradefailed = upgrade.upgradefailed else: - logging.basicConfig(level=loglevel, - format='%(levelname)s %(message)s') + standard_logging_setup(None, verbose=True, debug=options.debug) ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, live_run=not options.test, ldapi=options.ldapi) if len(files) < 1: files = ld.get_all_files(UPDATES_DIR) diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index 92f02ef59..24ba0e760 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -29,7 +29,8 @@ try: from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors from ipalib.dn import * - import logging + from ipapython.ipa_log_manager import * + except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -75,11 +76,8 @@ def get_dirman_password(): def main(): retval = 0 - loglevel = logging.ERROR def_dn = None options, args = parse_options() - if options.debug: - loglevel = logging.DEBUG if options.list_managed_entries: pass @@ -87,8 +85,7 @@ def main(): sys.exit("You must specify an action, either status, enable or disable") elif args[0] != "enable" and args[0] != "disable" and args[0] != "status": sys.exit("Unrecognized action [" + args[0] + "]") - logging.basicConfig(level=loglevel, - format='%(levelname)s %(message)s') + standard_logging_setup(None, debug=options.debug) host = installutils.get_fqdn() api.bootstrap(context='cli', debug=options.debug) diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 886f23ab8..5c5bbca8e 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -29,7 +29,7 @@ try: from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors - import logging + from ipapython.ipa_log_manager import * except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -81,7 +81,6 @@ def get_entry(dn, conn): def main(): retval = 0 - loglevel = logging.ERROR files = ['/usr/share/ipa/nis.uldif'] servicemsg = "" @@ -91,17 +90,13 @@ def main(): installutils.check_server_configuration() options, args = parse_options() - if options.debug: - loglevel = logging.DEBUG if len(args) != 1: sys.exit("You must specify one action, either enable or disable") elif args[0] != "enable" and args[0] != "disable": sys.exit("Unrecognized action [" + args[0] + "]") - logging.basicConfig(level=loglevel, - format='%(levelname)s %(message)s') - + standard_logging_setup(None, debug=options.debug) dirman_password = "" if options.password: try: diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index db074fbae..8f8163619 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -25,7 +25,7 @@ from ipapython.ipautil import CalledProcessError from ipaserver.install import installutils import ipaclient.ipachangeconf from optparse import OptionGroup -import logging +from ipapython.ipa_log_manager import * import sys import os import signal @@ -138,25 +138,12 @@ def parse_options(): return safe_options, options def logging_setup(options): + log_file = None + if os.getegid() == 0: log_file = "/var/log/ipareplica-conncheck.log" - old_umask = os.umask(077) - logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)s %(message)s', - filename=log_file, - filemode='w') - os.umask(old_umask) - - console = logging.StreamHandler() - # If the debug option is set, also log debug messages to the console - if options.debug: - console.setLevel(logging.DEBUG) - else: - # Otherwise, log critical and error messages - console.setLevel(logging.ERROR) - formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s') - console.setFormatter(formatter) - logging.getLogger('').addHandler(console) + + standard_logging_setup(log_file, debug=options.debug) def clean_responders(responders): if not responders: @@ -217,8 +204,8 @@ def configure_krb5_conf(realm, kdc, filename): appopts = [{'name':'pam', 'type':'subsection', 'value':pamopts}] opts.append({'name':'appdefaults', 'type':'section', 'value':appopts}) - logging.debug("Writing temporary Kerberos configuration to %s:\n%s" - % (filename, krbconf.dump(opts))) + root_logger.debug("Writing temporary Kerberos configuration to %s:\n%s" + % (filename, krbconf.dump(opts))) krbconf.newConf(filename, opts) @@ -265,8 +252,8 @@ def main(): safe_options, options = parse_options() logging_setup(options) - logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) - logging.debug("missing options might be asked for interactively later\n") + root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) + root_logger.debug("missing options might be asked for interactively later\n") signal.signal(signal.SIGTERM, sigterm_handler) signal.signal(signal.SIGINT, sigterm_handler) @@ -291,7 +278,7 @@ def main(): global RESPONDERS print_info("Start listening on required ports for remote master check") for port in required_ports: - logging.debug("Start listening on port %d (%s)" % (port.port, port.description)) + root_logger.debug("Start listening on port %d (%s)" % (port.port, port.description)) responder = PortResponder(port.port, port.stream) responder.start() RESPONDERS.append(responder) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 18a6c4a14..fd772e571 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -21,7 +21,7 @@ import sys import socket -import os, pwd, traceback, logging, shutil +import os, pwd, traceback, shutil import grp from optparse import OptionGroup @@ -40,6 +40,7 @@ from ipalib import api, errors, util from ipapython.config import IPAOptionParser from ipapython import sysrestore from ipapython import services as ipaservices +from ipapython.ipa_log_manager import * CACERT="/etc/ipa/ca.crt" REPLICA_INFO_TOP_DIR=None @@ -265,8 +266,8 @@ def check_bind(): def main(): safe_options, options, filename = parse_options() - installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug) - logging.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options)) + standard_logging_setup("/var/log/ipareplica-install.log", debug=options.debug) + root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options)) if not ipautil.file_exists(filename): sys.exit("Replica file %s does not exist" % filename) @@ -310,7 +311,7 @@ def main(): try: host = get_host_name(options.no_host_dns) except BadHostError, e: - logging.error(str(e)) + root_logger.error(str(e)) sys.exit(1) if config.host_name != host: try: @@ -355,16 +356,16 @@ def main(): # Create DS group if it doesn't exist yet try: grp.getgrnam(dsinstance.DS_GROUP) - logging.debug("ds group %s exists" % dsinstance.DS_GROUP) + root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) group_exists = True except KeyError: group_exists = False args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] try: ipautil.run(args) - logging.debug("done adding DS group") + root_logger.debug("done adding DS group") except ipautil.CalledProcessError, e: - logging.critical("failed to add DS group: %s" % e) + root_logger.critical("failed to add DS group: %s" % e) sstore.backup_state("install", "group_exists", group_exists) #Automatically disable pkinit w/ dogtag until that is supported @@ -475,9 +476,9 @@ except Exception, e: message = str(e) for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str - logging.debug(message) + root_logger.debug(message) except KeyboardInterrupt: - print "Installation cancelled." + print "Installation cancelled." finally: # always try to remove decrypted replica file try: @@ -487,7 +488,7 @@ finally: pass print "" -print "Your system may be partly configured." +print "Your system may be partly configured." print "Run /usr/sbin/ipa-server-install --uninstall to clean up." # the only way to get here is on error or ^C diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index e4ff7166e..8506fcba7 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -21,7 +21,7 @@ import sys import os import ldap, re, krbV -import traceback, logging +import traceback from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils @@ -29,6 +29,7 @@ from ipaserver.install import bindinstance from ipaserver import ipaldap from ipapython import version from ipalib import api, errors, util +from ipapython.ipa_log_manager import * CACERT = "/etc/ipa/ca.crt" @@ -93,13 +94,6 @@ def parse_options(): cmdstr = " | ".join(commands.keys()) parser.error("must provide a command [%s]" % cmdstr) - # set log level - if options.verbose: - # if verbose, output events at INFO level if not already - mylogger = logging.getLogger() - if mylogger.getEffectiveLevel() > logging.INFO: - mylogger.setLevel(logging.INFO) - # else user has already configured logging externally lower return options, args def test_connection(realm, host): @@ -346,7 +340,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): if options.winsync: if not options.binddn or not options.bindpw or not options.cacert or not options.passsync: - logging.error("The arguments --binddn, --bindpw, --passsync and --cacert are required to create a winsync agreement") + root_logger.error("The arguments --binddn, --bindpw, --passsync and --cacert are required to create a winsync agreement") sys.exit(1) if options.cacert: @@ -396,10 +390,10 @@ def re_initialize(realm, options): filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost entry = repl.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter) if len(entry) == 0: - logging.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) + root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) sys.exit(1) if len(entry) > 1: - logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn)) + root_logger.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn)) repl.initialize_replication(entry[0].dn, repl.conn) repl.wait_for_repl_init(repl.conn, entry[0].dn) @@ -422,8 +416,9 @@ def main(): # Just initialize the environment. This is so the installer can have # access to the plugin environment - api_env = {} - api_env['in_server'] = True + api_env = {'in_server' : True, + 'verbose' : options.verbose, + } if os.getegid() != 0: api_env['log'] = None # turn off logging for non-root diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 031c7b984..269fe5f46 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -20,7 +20,8 @@ import sys -import logging, tempfile, shutil, os, pwd +import tempfile, shutil, os, pwd +from ipapython.ipa_log_manager import * import traceback from ConfigParser import SafeConfigParser import krbV @@ -51,7 +52,7 @@ def parse_options(): help="PIN for the Apache Server PKCS#12 file") parser.add_option("--pkinit_pin", dest="pkinit_pin", help="PIN for the KDC pkinit PKCS#12 file") - parser.add_option("-p", "--password", dest="password", + parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") parser.add_option("--ip-address", dest="ip_address", type="ip", help="Add A and PTR records of the future replica") @@ -100,7 +101,7 @@ def get_subject_base(host_name, dm_password, suffix): conn = ldap2(shared_instance=False, base_dn=suffix) conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) except errors.ExecutionError, e: - logging.critical("Could not connect to the Directory Server on %s" % host_name) + root_logger.critical("Could not connect to the Directory Server on %s" % host_name) raise e (dn, entry_attrs) = conn.get_ipa_config() conn.disconnect() @@ -109,7 +110,7 @@ def get_subject_base(host_name, dm_password, suffix): def check_ipa_configuration(realm_name): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) if not ipautil.dir_exists(config_dir): - logging.error("could not find directory instance: %s" % config_dir) + root_logger.error("could not find directory instance: %s" % config_dir) sys.exit(1) def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname, subject_base=None, is_kdc=False): @@ -472,6 +473,6 @@ except Exception, e: message = str(e) for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str - logging.debug(message) + root_logger.debug(message) print message sys.exit(1) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 961c86c13..26bb8b4b4 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -29,7 +29,6 @@ import sys import os import errno -import logging import grp import subprocess import signal @@ -63,6 +62,7 @@ from ipalib.dn import DN from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file from ipalib.constants import DNS_ZONE_REFRESH from ipapython import services as ipaservices +from ipapython.ipa_log_manager import * pw_name = None uninstalling = False @@ -440,7 +440,7 @@ def uninstall(): try: (stdout, stderr, rc) = run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"], raiseonerr=False) if rc not in [0,2]: - logging.debug("ipa-client-install returned %d" % rc) + root_logger.debug("ipa-client-install returned %d" % rc) raise RuntimeError(stdout) except Exception, e: rv = 1 @@ -472,10 +472,10 @@ def uninstall(): try: ipautil.run(["/usr/sbin/groupdel", dsinstance.DS_GROUP]) except ipautil.CalledProcessError, e: - logging.critical("failed to delete group %s" % e) + root_logger.critical("failed to delete group %s" % e) rv = 1 except KeyError: - logging.info("Group %s already removed", dsinstance.DS_GROUP) + root_logger.info("Group %s already removed", dsinstance.DS_GROUP) ipaservices.knownservices.ipa.disable() @@ -488,16 +488,16 @@ def uninstall(): print >>sys.stderr, "Failed to set this machine hostname back to %s (%s)." % (old_hostname, str(e)) if fstore.has_files(): - logging.error('Some files have not been restored, see /var/lib/ipa/sysrestore/sysrestore.index') + root_logger.error('Some files have not been restored, see /var/lib/ipa/sysrestore/sysrestore.index') has_state = False for module in IPA_MODULES: # from installutils if sstore.has_state(module): - logging.error('Some installation state for %s has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state' % module) + root_logger.error('Some installation state for %s has not been restored, see /var/lib/ipa/sysrestore/sysrestore.state' % module) has_state = True rv = 1 if has_state: - logging.warn('Some installation state has not been restored.\nThis will cause re-installation to fail.\nIt should be safe to remove /var/lib/ipa/sysrestore.state but it may\nmean your system hasn\'t be restored to its pre-installation state.') + root_logger.warning('Some installation state has not been restored.\nThis will cause re-installation to fail.\nIt should be safe to remove /var/lib/ipa/sysrestore.state but it may\nmean your system hasn\'t be restored to its pre-installation state.') return rv @@ -510,7 +510,7 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base): conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) except errors.ExecutionError, e: - logging.critical("Could not connect to the Directory Server on %s" % realm_name) + root_logger.critical("Could not connect to the Directory Server on %s" % realm_name) raise e (dn, entry_attrs) = conn.get_ipa_config() if 'ipacertificatesubjectbase' not in entry_attrs: @@ -534,9 +534,9 @@ def main(): if options.uninstall: uninstalling = True - standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug) + standard_logging_setup("/var/log/ipaserver-uninstall.log", debug=options.debug) else: - standard_logging_setup("/var/log/ipaserver-install.log", options.debug) + standard_logging_setup("/var/log/ipaserver-install.log", debug=options.debug) print "\nThe log file for this installation can be found in /var/log/ipaserver-install.log" if not options.external_ca and not options.external_cert_file and is_ipa_configured(): sys.exit("IPA server is already configured on this system.\n" @@ -547,8 +547,8 @@ def main(): sys.exit("IPA client is already configured on this system.\n" + "Please uninstall it first before configuring the IPA server.") - logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) - logging.debug("missing options might be asked for interactively later\n") + root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) + root_logger.debug("missing options might be asked for interactively later\n") global fstore fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') @@ -706,7 +706,7 @@ def main(): sys.exit(str(e) + "\n") host_name = host_name.lower() - logging.debug("will use host_name: %s\n" % host_name) + root_logger.debug("will use host_name: %s\n" % host_name) system_hostname = get_fqdn() if host_name != system_hostname: @@ -719,7 +719,7 @@ def main(): if not options.domain_name: domain_name = read_domain_name(host_name[host_name.find(".")+1:], options.unattended) - logging.debug("read domain_name: %s\n" % domain_name) + root_logger.debug("read domain_name: %s\n" % domain_name) else: domain_name = options.domain_name @@ -751,7 +751,7 @@ def main(): if ip is None: ip = read_ip_address(host_name, fstore) - logging.debug("read ip_address: %s\n" % str(ip)) + root_logger.debug("read ip_address: %s\n" % str(ip)) ip_address = str(ip) @@ -785,7 +785,7 @@ def main(): if not options.realm_name: realm_name = read_realm_name(domain_name, options.unattended) - logging.debug("read realm_name: %s\n" % realm_name) + root_logger.debug("read realm_name: %s\n" % realm_name) else: realm_name = options.realm_name.upper() @@ -831,7 +831,7 @@ def main(): print "Using reverse zone %s" % reverse_zone else: dns_forwarders = () - logging.debug("will use dns_forwarders: %s\n" % str(dns_forwarders)) + root_logger.debug("will use dns_forwarders: %s\n" % str(dns_forwarders)) # Create the management framework config file and finalize api target_fname = '/etc/ipa/default.conf' @@ -862,7 +862,7 @@ def main(): print "" if host_name != system_hostname: - logging.debug("Chosen hostname (%s) differs from system hostname (%s) - change it" \ + root_logger.debug("Chosen hostname (%s) differs from system hostname (%s) - change it" \ % (host_name, system_hostname)) # configure /etc/sysconfig/network to contain the custom hostname ipaservices.backup_and_replace_hostname(fstore, sstore, host_name) @@ -870,16 +870,16 @@ def main(): # Create DS group if it doesn't exist yet try: grp.getgrnam(dsinstance.DS_GROUP) - logging.debug("ds group %s exists" % dsinstance.DS_GROUP) + root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) group_exists = True except KeyError: group_exists = False args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] try: ipautil.run(args) - logging.debug("done adding DS group") + root_logger.debug("done adding DS group") except ipautil.CalledProcessError, e: - logging.critical("failed to add DS group: %s" % e) + root_logger.critical("failed to add DS group: %s" % e) sstore.backup_state("install", "group_exists", group_exists) # Configure ntpd @@ -1131,7 +1131,7 @@ try: message = str(e) for str in traceback.format_tb(sys.exc_info()[2]): message = message + "\n" + str - logging.debug(message) + root_logger.debug(message) sys.exit(1) finally: if pw_name and ipautil.file_exists(pw_name): diff --git a/install/tools/ipactl b/install/tools/ipactl index 808849ff9..74ee38304 100755 --- a/install/tools/ipactl +++ b/install/tools/ipactl @@ -29,7 +29,6 @@ try: from ipapython import config from ipalib import api, errors from ipalib.dn import DN - import logging import ldap import ldap.sasl import ldapurl diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 9f7d3fd33..0a040b8fa 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -25,7 +25,7 @@ try: import os import time import socket - import logging + from ipapython.ipa_log_manager import * import tempfile import getpass from ipaclient import ipadiscovery @@ -128,33 +128,14 @@ def parse_options(): return safe_opts, options def logging_setup(options): - # Always log everything (i.e., DEBUG) to the log - # file. - log_file = "/var/log/ipaclient-install.log" if options.uninstall: log_file = "/var/log/ipaclient-uninstall.log" - old_umask = os.umask(077) - logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)s %(message)s', - filename=log_file, - filemode='w') - os.umask(old_umask) - - console = logging.StreamHandler() - # If the debug option is set, also log debug messages to the console - if options.debug: - console.setLevel(logging.DEBUG) - else: - # Otherwise, log critical and error messages - console.setLevel(logging.ERROR) - formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s') - console.setFormatter(formatter) - logging.getLogger('').addHandler(console) + standard_logging_setup(log_file, debug=options.debug) def log_service_error(name, action, error): - logging.error("%s failed to %s: %s" % (name, action, str(error))) + root_logger.error("%s failed to %s: %s" % (name, action, str(error))) def nickname_exists(nickname): (sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "/etc/pki/nssdb", "-n", nickname], raiseonerr=False) @@ -237,7 +218,7 @@ def uninstall(options, env, quiet=False): try: certmonger.stop_tracking('/etc/pki/nssdb', nickname=client_nss_nickname) except (CalledProcessError, RuntimeError), e: - logging.error("%s failed to stop tracking certificate: %s" % (cmonger.service_name, str(e))) + root_logger.error("%s failed to stop tracking certificate: %s" % (cmonger.service_name, str(e))) if nickname_exists(client_nss_nickname): try: @@ -257,7 +238,7 @@ def uninstall(options, env, quiet=False): cmonger.disable() except Exception, e: emit_quiet(quiet, "Failed to disable automatic startup of the %s service" % (cmonger.service_name)) - logging.error("Failed to disable automatic startup of the %s service: %s" % (cmonger.service_name, str(e))) + root_logger.error("Failed to disable automatic startup of the %s service: %s" % (cmonger.service_name, str(e))) if not options.on_master and os.path.exists('/etc/ipa/default.conf'): emit_quiet(quiet, "Unenrolling client from IPA server") @@ -277,7 +258,7 @@ def uninstall(options, env, quiet=False): run(["/usr/sbin/ipa-rmkeytab", "-k", "/etc/krb5.keytab", "-r", realm]) except Exception, e: emit_quiet(quiet, "Failed to clean up /etc/krb5.keytab") - logging.debug("Failed to remove Kerberos service principals: %s" % str(e)) + root_logger.debug("Failed to remove Kerberos service principals: %s" % str(e)) emit_quiet(quiet, "Disabling client Kerberos and LDAP configurations") was_sssd_installed = False @@ -334,7 +315,7 @@ def uninstall(options, env, quiet=False): emit_quiet(quiet, "Failed to configure automatic startup of the %s daemon" % (nscd.service_name)) else: # this is optional service, just log - logging.info("%s daemon is not installed, skip configuration" % (nscd.service_name)) + root_logger.info("%s daemon is not installed, skip configuration" % (nscd.service_name)) nslcd = ipaservices.knownservices.nslcd if nslcd.is_installed(): @@ -349,7 +330,7 @@ def uninstall(options, env, quiet=False): emit_quiet(quiet, "Failed to disable automatic startup of the %s daemon" % (nslcd.service_name)) else: # this is optional service, just log - logging.info("%s daemon is not installed, skip configuration" % (nslcd.service_name)) + root_logger.info("%s daemon is not installed, skip configuration" % (nslcd.service_name)) ntp_configured = statestore.has_state('ntp') if ntp_configured: @@ -519,9 +500,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, nslcd.enable() except Exception, e: print "Failed to configure automatic startup of the %s daemon" % (nslcd.service_name) - logging.error("Failed to enable automatic startup of the %s daemon: %s" % (nslcd.service_name, str(e))) + root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (nslcd.service_name, str(e))) else: - logging.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name)) + root_logger.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name)) return (0, None, None) return (0, 'NSLCD', '/etc/nslcd.conf') @@ -598,7 +579,7 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, c opts.append({'name':'domain_realm', 'type':'section', 'value':dropts}) opts.append({'name':'empty', 'type':'empty'}) - logging.debug("Writing Kerberos configuration to %s:\n%s" + root_logger.debug("Writing Kerberos configuration to %s:\n%s" % (filename, krbconf.dump(opts))) krbconf.newConf(filename, opts) @@ -647,7 +628,7 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options): except Exception, e: print "Failed to configure automatic startup of the %s daemon" % (cmonger.service_name) print "Automatic certificate management will not be available" - logging.error("Failed to disable automatic startup of the %s daemon: %s" % (cmonger.service_name, str(e))) + root_logger.error("Failed to disable automatic startup of the %s daemon: %s" % (cmonger.service_name, str(e))) # Request our host cert if started: @@ -669,7 +650,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): # This all means we can't use it and have to bail out print "SSSD config exists but cannot be parsed: %s" % (str(e)) print "Correct errors in /etc/sssd/sssd.conf and re-run installation" - logging.error("Failed to parse SSSD configuration and was instructed to preserve existing SSSD config: %s" % (str(e))) + root_logger.error("Failed to parse SSSD configuration and was instructed to preserve existing SSSD config: %s" % (str(e))) return 1 # SSSD configuration does not exist or we are not asked to preserve it, create new one @@ -684,8 +665,8 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): # It was not IOError so it must have been parsing error print "Unable to parse existing SSSD config. As option --preserve-sssd was not specified, new config will override the old one." print "The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall." - logging.error("Unable to parse existing SSSD config and --preserve-sssd was not specified: %s" % (str(e))) - logging.info("New SSSD config will be created") + root_logger.error("Unable to parse existing SSSD config and --preserve-sssd was not specified: %s" % (str(e))) + root_logger.info("New SSSD config will be created") del sssdconfig sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.new_config() @@ -695,7 +676,7 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): except SSSDConfig.DomainAlreadyExistsError: print "Domain %s is already configured in existing SSSD config, creating a new one." % cli_domain print "The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall." - logging.debug("Domain %s is already configured in existing SSSD config, creating a new one." % cli_domain) + root_logger.debug("Domain %s is already configured in existing SSSD config, creating a new one." % cli_domain) del sssdconfig sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.new_config() @@ -804,7 +785,7 @@ def update_dns(server, hostname): update_txt = ipautil.template_str(template, sub_dict) - logging.debug("Writing nsupdate commands to %s:\n%s" + root_logger.debug("Writing nsupdate commands to %s:\n%s" % (UPDATE_FILE, update_txt)) update_fd = file(UPDATE_FILE, "w") @@ -884,7 +865,7 @@ def install(options, env, fstore, statestore): return CLIENT_INSTALL_ERROR if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \ or not ds.getDomainName(): - logging.debug("Domain not found") + root_logger.debug("Domain not found") if options.domain: cli_domain = options.domain elif options.unattended: @@ -893,19 +874,19 @@ def install(options, env, fstore, statestore): else: print "DNS discovery failed to determine your DNS domain" cli_domain = user_input("Provide the domain name of your IPA server (ex: example.com)", allow_empty = False) - logging.debug("will use domain: %s\n", cli_domain) + root_logger.debug("will use domain: %s\n", cli_domain) ret = ds.search(domain=cli_domain, server=options.server, hostname=hostname) if not cli_domain: if ds.getDomainName(): cli_domain = ds.getDomainName() - logging.debug("will use domain: %s\n", cli_domain) + root_logger.debug("will use domain: %s\n", cli_domain) client_domain = hostname[hostname.find(".")+1:] if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \ or not ds.getServerName(): - logging.debug("IPA Server not found") + root_logger.debug("IPA Server not found") if options.server: cli_server = options.server elif options.unattended: @@ -914,14 +895,14 @@ def install(options, env, fstore, statestore): else: print "DNS discovery failed to find the IPA Server" cli_server = user_input("Provide your IPA server name (ex: ipa.example.com)", allow_empty = False) - logging.debug("will use server: %s\n", cli_server) + root_logger.debug("will use server: %s\n", cli_server) ret = ds.search(domain=cli_domain, server=cli_server, hostname=hostname) else: dnsok = True if not cli_server: if ds.getServerName(): cli_server = ds.getServerName() - logging.debug("will use server: %s\n", cli_server) + root_logger.debug("will use server: %s\n", cli_server) if ret == ipadiscovery.NOT_IPA_SERVER: print >>sys.stderr, "%s is not an IPA v2 Server." % cli_server @@ -962,9 +943,9 @@ def install(options, env, fstore, statestore): return CLIENT_INSTALL_ERROR cli_realm = ds.getRealmName() - logging.debug("will use cli_realm: %s\n", cli_realm) + root_logger.debug("will use cli_realm: %s\n", cli_realm) cli_basedn = ds.getBaseDN() - logging.debug("will use cli_basedn: %s\n", cli_basedn) + root_logger.debug("will use cli_basedn: %s\n", cli_basedn) subject_base = "O=%s" % ds.getRealmName() print "Hostname: "+hostname @@ -986,7 +967,7 @@ def install(options, env, fstore, statestore): if not options.unattended: if options.principal is None and options.password is None and options.prompt_password is False: options.principal = user_input("User authorized to enroll computers", allow_empty=False) - logging.debug("will use principal: %s\n", options.principal) + root_logger.debug("will use principal: %s\n", options.principal) # Get the CA certificate try: @@ -1162,7 +1143,7 @@ def install(options, env, fstore, statestore): else: # this is optional service, just log if not options.sssd: - logging.info("%s daemon is not installed, skip configuration" % (nscd.service_name)) + root_logger.info("%s daemon is not installed, skip configuration" % (nscd.service_name)) retcode, conf, filename = (0, None, None) # Modify nsswitch/pam stack @@ -1253,8 +1234,8 @@ def main(): if not os.getegid() == 0: sys.exit("\nYou must be root to run ipa-client-install.\n") logging_setup(options) - logging.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) - logging.debug("missing options might be asked for interactively later\n") + root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) + root_logger.debug("missing options might be asked for interactively later\n") env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index e786e98d8..94a04f39e 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -19,7 +19,7 @@ import socket import os -import logging +from ipapython.ipa_log_manager import * import ipapython.dnsclient import tempfile import ldap @@ -94,7 +94,7 @@ class IPADiscovery: """ server = None while not server: - logging.debug("[ipadnssearchldap("+domain+")]") + root_logger.debug("[ipadnssearchldap("+domain+")]") server = self.ipadnssearchldap(domain) if server: return (server, domain) @@ -148,7 +148,7 @@ class IPADiscovery: if not self.domain: #no ldap server found return NO_LDAP_SERVER else: - logging.debug("[ipadnssearchldap]") + root_logger.debug("[ipadnssearchldap]") self.server = self.ipadnssearchldap(domain) if self.server: self.domain = domain @@ -161,7 +161,7 @@ class IPADiscovery: self.server = server #search for kerberos - logging.debug("[ipadnssearchkrb]") + root_logger.debug("[ipadnssearchkrb]") krbret = self.ipadnssearchkrb(self.domain) if not server and not krbret[0]: return REALM_NOT_FOUND @@ -169,7 +169,7 @@ class IPADiscovery: self.realm = krbret[0] self.kdc = krbret[1] - logging.debug("[ipacheckldap]") + root_logger.debug("[ipacheckldap]") # check ldap now ldapret = self.ipacheckldap(self.server, self.realm) @@ -180,12 +180,12 @@ class IPADiscovery: if ldapret[0] == NO_ACCESS_TO_LDAP and self.realm is None: # Assume realm is the same as domain.upper() self.realm = self.domain.upper() - logging.debug("Assuming realm is the same as domain: %s" % self.realm) + root_logger.debug("Assuming realm is the same as domain: %s" % self.realm) if ldapret[0] == NO_ACCESS_TO_LDAP and self.basedn is None: # Generate suffix from realm self.basedn = realm_to_suffix(self.realm) - logging.debug("Generate basedn from realm: %s" % self.basedn) + root_logger.debug("Generate basedn from realm: %s" % self.basedn) return ldapret[0] @@ -223,12 +223,12 @@ class IPADiscovery: run(["/usr/bin/wget", "-O", "%s/ca.crt" % temp_ca_dir, "-T", "15", "-t", "2", "http://%s/ipa/config/ca.crt" % format_netloc(thost)]) except CalledProcessError, e: - logging.debug('Retrieving CA from %s failed.\n%s' % (thost, str(e))) + root_logger.debug('Retrieving CA from %s failed.\n%s' % (thost, str(e))) return [NOT_IPA_SERVER] #now verify the server is really an IPA server try: - logging.debug("Init ldap with: ldap://"+format_netloc(thost, 389)) + root_logger.debug("Init ldap with: ldap://"+format_netloc(thost, 389)) lh = ldap.initialize("ldap://"+format_netloc(thost, 389)) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, True) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "%s/ca.crt" % temp_ca_dir) @@ -238,7 +238,7 @@ class IPADiscovery: lh.simple_bind_s("","") # get IPA base DN - logging.debug("Search LDAP server for IPA base DN") + root_logger.debug("Search LDAP server for IPA base DN") basedn = get_ipa_basedn(lh) if basedn is None: @@ -247,12 +247,12 @@ class IPADiscovery: self.basedn = basedn #search and return known realms - logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)") + root_logger.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)") lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)") if not lret: #something very wrong return [REALM_NOT_FOUND] - logging.debug("Found: "+str(lret)) + root_logger.debug("Found: "+str(lret)) for lres in lret: for lattr in lres[1]: @@ -278,14 +278,14 @@ class IPADiscovery: except LDAPError, err: if isinstance(err, ldap.TIMEOUT): - logging.error("LDAP Error: timeout") + root_logger.error("LDAP Error: timeout") return [NO_LDAP_SERVER] if isinstance(err, ldap.INAPPROPRIATE_AUTH): - logging.debug("LDAP Error: Anonymous acces not allowed") + root_logger.debug("LDAP Error: Anonymous acces not allowed") return [NO_ACCESS_TO_LDAP] - logging.error("LDAP Error: %s: %s" % + root_logger.error("LDAP Error: %s: %s" % (err.args[0]['desc'], err.args[0].get('info', ''))) return [UNKNOWN_ERROR] @@ -372,6 +372,6 @@ class IPADiscovery: kdc = qname if not kdc: - logging.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname)) + root_logger.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname)) return [realm, kdc] diff --git a/ipalib/constants.py b/ipalib/constants.py index 7ec897b58..ba5f470b0 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -59,23 +59,6 @@ CLI_TAB = ' ' # Two spaces # The section to read in the config files, i.e. [global] CONFIG_SECTION = 'global' -# Log format for stderr: -FORMAT_STDERR = ': '.join([ - 'ipa', - '%(levelname)s', - '%(message)s', -]) - -# Log format for log file: -FORMAT_FILE = '\t'.join([ - '%(created)f', - '%(process)d', - '%(threadName)s', - '%(levelname)s', - '%(message)s', -]) - - # The default configuration for api.env # This is a tuple instead of a dict so that it is immutable. # To create a dict with this config, just "d = dict(DEFAULT_CONFIG)". diff --git a/ipalib/plugable.py b/ipalib/plugable.py index a76f884d5..d8b07c1e8 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -29,7 +29,6 @@ import re import sys import inspect import threading -import logging import os from os import path import subprocess @@ -40,7 +39,8 @@ import util import text from text import _ from base import ReadOnly, NameSpace, lock, islocked, check_name -from constants import DEFAULT_CONFIG, FORMAT_STDERR, FORMAT_FILE +from constants import DEFAULT_CONFIG +from ipapython.ipa_log_manager import * # FIXME: Updated constants.TYPE_ERROR to use this clearer format from wehjit: TYPE_ERROR = '%s: need a %r; got a %r: %r' @@ -193,14 +193,7 @@ class Plugin(ReadOnly): self.summary = '<%s>' % self.fullname else: self.summary = unicode(self.doc).split('\n\n', 1)[0].strip() - log = logging.getLogger(self.fullname) - for name in ('debug', 'info', 'warning', 'error', 'critical', 'exception'): - if hasattr(self, name): - raise StandardError( - '%s.%s attribute (%r) conflicts with Plugin logger' % ( - self.name, name, getattr(self, name)) - ) - setattr(self, name, getattr(log, name)) + log_mgr.get_logger(self, True) if self.label is None: self.label = text.FixMe(self.name + '.label') if not isinstance(self.label, text.LazyText): @@ -307,8 +300,7 @@ class Plugin(ReadOnly): for name in api: assert not hasattr(self, name) setattr(self, name, api[name]) - # FIXME: the 'log' attribute is depreciated. See Plugin.__init__() - for name in ('env', 'context', 'log'): + for name in ('env', 'context'): if hasattr(api, name): assert not hasattr(self, name) setattr(self, name, getattr(api, name)) @@ -469,34 +461,32 @@ class API(DictProxy): self.__doing('bootstrap') self.env._bootstrap(**overrides) self.env._finalize_core(**dict(DEFAULT_CONFIG)) - log = logging.getLogger() + object.__setattr__(self, 'log_mgr', log_mgr) + log = log_mgr.root_logger object.__setattr__(self, 'log', log) - # If logging has already been configured somewhere else (like in the # installer), don't add handlers or change levels: - if len(log.handlers) > 0 or self.env.validate_api: + if log_mgr.configure_state != 'default' or self.env.validate_api: return - if self.env.debug: - log.setLevel(logging.DEBUG) - else: - log.setLevel(logging.INFO) - + log_mgr.configure_from_env(self.env, configure_state='api') # Add stderr handler: - stderr = logging.StreamHandler() + level = 'info' if self.env.debug: - stderr.setLevel(logging.DEBUG) + level = 'debug' else: if self.env.context == 'cli': if self.env.verbose > 0: - stderr.setLevel(logging.INFO) + level = 'info' else: - stderr.setLevel(logging.WARNING) - else: - stderr.setLevel(logging.INFO) - stderr.setFormatter(util.LogFormatter(FORMAT_STDERR)) - log.addHandler(stderr) - + level = 'warning' + + if log_mgr.handlers.has_key('console'): + log_mgr.remove_handler('console') + log_mgr.create_log_handlers([dict(name='console', + stream=sys.stderr, + level=level, + format=LOGGING_FORMAT_STDERR)]) # Add file handler: if self.env.mode in ('dummy', 'unit_test'): return # But not if in unit-test mode @@ -509,17 +499,19 @@ class API(DictProxy): except OSError: log.error('Could not create log_dir %r', log_dir) return + + + level = 'info' + if self.env.debug: + level = 'debug' try: - handler = logging.FileHandler(self.env.log) + log_mgr.create_log_handlers([dict(name='file', + filename=self.env.log, + level=level, + format=LOGGING_FORMAT_FILE)]) except IOError, e: - log.error('Cannot open log file %r: %s', self.env.log, e.strerror) + log.error('Cannot open log file %r: %s', self.env.log, e) return - handler.setFormatter(util.LogFormatter(FORMAT_FILE)) - if self.env.debug: - handler.setLevel(logging.DEBUG) - else: - handler.setLevel(logging.INFO) - log.addHandler(handler) def build_global_parser(self, parser=None, context=None): """ diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 585dab837..04f25f289 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -126,7 +126,7 @@ from ipalib import output from ipalib import _, ngettext if api.env.in_server and api.env.context in ['lite', 'server']: from ldap import explode_dn -import logging +from ipapython.ipa_log_manager import * ACI_NAME_PREFIX_SEP = ":" @@ -368,7 +368,7 @@ def _convert_strings_to_acis(acistrs): try: acis.append(ACI(a)) except SyntaxError, e: - logging.warn("Failed to parse: %s" % a) + root_logger.warning("Failed to parse: %s" % a) return acis def _find_aci_by_name(acis, aciprefix, aciname): diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index aa3cf2197..130ebc79f 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -32,7 +32,6 @@ from ipalib import util from ipalib.plugins.virtual import * from ipalib.plugins.service import split_principal import base64 -import logging import traceback from ipalib.text import _ from ipalib.request import context diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 852cc9d64..5d6631f58 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -17,7 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import logging import re import ldap as _ldap diff --git a/ipalib/util.py b/ipalib/util.py index 7a4d256d7..b0574f949 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -23,7 +23,6 @@ Various utility functions. import os import imp -import logging import time import socket import re @@ -116,13 +115,6 @@ def import_plugins_subpackage(name): __import__(full_name) -class LogFormatter(logging.Formatter): - """ - Log formatter that uses UTC for all timestamps. - """ - converter = time.gmtime - - def make_repr(name, *args, **kw): """ Construct a standard representation of a class instance. diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index c5317166a..20f2643b9 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -25,7 +25,7 @@ import nss.nss as nss from nss.error import NSPRError from ipalib.errors import NetworkError, CertificateOperationError from urllib import urlencode -import logging +from ipapython.ipa_log_manager import * def get_ca_certchain(ca_host=None): """ @@ -74,8 +74,8 @@ def https_request(host, port, url, secdir, password, nickname, **kw): host = host.encode('utf-8') uri = 'https://%s%s' % (ipautil.format_netloc(host, port), url) post = urlencode(kw) - logging.info('sslget %r', uri) - logging.debug('sslget post %r', post) + root_logger.info('sslget %r', uri) + root_logger.debug('sslget post %r', post) request_headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"} try: @@ -112,8 +112,8 @@ def http_request(host, port, url, **kw): host = host.encode('utf-8') uri = 'http://%s%s' % (ipautil.format_netloc(host, port), url) post = urlencode(kw) - logging.info('request %r', uri) - logging.debug('request post %r', post) + root_logger.info('request %r', uri) + root_logger.debug('request post %r', post) conn = httplib.HTTPConnection(host, port) try: conn.request('POST', url, @@ -130,9 +130,9 @@ def http_request(host, port, url, **kw): except NSPRError, e: raise NetworkError(uri=uri, error=str(e)) - logging.debug('request status %d', http_status) - logging.debug('request reason_phrase %r', http_reason_phrase) - logging.debug('request headers %s', http_headers) - logging.debug('request body %r', http_body) + root_logger.debug('request status %d', http_status) + root_logger.debug('request reason_phrase %r', http_reason_phrase) + root_logger.debug('request headers %s', http_headers) + root_logger.debug('request body %r', http_body) return http_status, http_reason_phrase, http_headers, http_body diff --git a/ipapython/ipa_log_manager.py b/ipapython/ipa_log_manager.py new file mode 100644 index 000000000..11e30d11a --- /dev/null +++ b/ipapython/ipa_log_manager.py @@ -0,0 +1,270 @@ +# Authors: John Dennis <jdennis@redhat.com> +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +#------------------------------------------------------------------------------- + +# Module exports +__all__ = ['log_mgr', 'root_logger', 'standard_logging_setup', + 'IPA_ROOT_LOGGER_NAME', 'ISO8601_UTC_DATETIME_FMT', + 'LOGGING_FORMAT_STDERR', 'LOGGING_FORMAT_STDOUT', 'LOGGING_FORMAT_FILE'] + +#------------------------------------------------------------------------------- + +import sys +import re +import copy + +from log_manager import LogManager, parse_log_level + +#------------------------------------------------------------------------------- + +# Our root logger, all loggers will be descendents of this. +IPA_ROOT_LOGGER_NAME = 'ipa' + +# Format string for time.strftime() to produce a ISO 8601 date time +# formatted string in the UTC time zone. +ISO8601_UTC_DATETIME_FMT = '%Y-%m-%dT%H:%M:%SZ' + +# Logging format string for use with logging stderr handlers +LOGGING_FORMAT_STDERR = 'ipa: %(levelname)s: %(message)s' + +# Logging format string for use with logging stdout handlers +LOGGING_FORMAT_STDOUT = '[%(asctime)s %(name)s] <%(levelname)s>: %(message)s' + +# Logging format string for use with logging file handlers +LOGGING_FORMAT_FILE = '\t'.join([ + '%(asctime)s', + '%(process)d', + '%(threadName)s', + '%(name)s', + '%(levelname)s', + '%(message)s', +]) + +# Used by standard_logging_setup() for console message +LOGGING_FORMAT_STANDARD_CONSOLE = '%(name)-12s: %(levelname)-8s %(message)s' + +# Used by standard_logging_setup() for file message +LOGGING_FORMAT_STANDARD_FILE = '%(asctime)s %(levelname)s %(message)s' + +#------------------------------------------------------------------------------- + +class IPALogManager(LogManager): + ''' + Subclass the LogManager to enforce some IPA specfic logging + conventions. + + * Default to timestamps in UTC. + * Default to ISO 8601 timestamp format. + * Default the message format. + ''' + + log_logger_level_config_re = re.compile(r'^log_logger_level_(debug|info|warn|warning|error|critical|\d+)$') + log_handler_level_config_re = re.compile(r'^log_handler_(\S+)_level$') + + def __init__(self, configure_state=None): + ''' + :parameters: + configure_state + Used by clients of the log manager to track the + configuration state, may be any object. + ''' + + super(IPALogManager, self).__init__(IPA_ROOT_LOGGER_NAME, configure_state) + + def configure_from_env(self, env, configure_state=None): + ''' + Read the loggger configuration from the Env config. The + following items may be configured: + + Logger Levels + *log_logger_XXX = comma separated list of regexps* + + Logger levels can be explicitly specified for specific loggers as + opposed to a global logging level. Specific loggers are indiciated + by a list of regular expressions bound to a level. If a logger's + name matches the regexp then it is assigned that level. The keys + in the Env config must begin with "log_logger_level\_" and then be + followed by a symbolic or numeric log level, for example:: + + log_logger_level_debug = ipalib\.dn\..* + log_logger_level_35 = ipalib\.plugins\.dogtag + + The first line says any logger belonging to the ipalib.dn module + will have it's level configured to debug. + + The second line say the ipa.plugins.dogtag logger will be + configured to level 35. + + Note: logger names are a dot ('.') separated list forming a path + in the logger tree. The dot character is also a regular + expression metacharacter (matches any character) therefore you + will usually need to escape the dot in the logger names by + preceeding it with a backslash. + + Handler Levels + *log_handler_XXX_level = level* + + Handler levels may be specified with a key containing the + name of the handler (XXX) and whose value is the level. For + example:: + + log_handler_console_level = debug + + Would set the console handler level to debug. + + These are the predefined log handlers: + + console + Writes to stderr. + file + Writes to the default log file. + + + The return value of this function is a dict with the following + format: + + logger_regexps + List of (regexp, level) tuples + handlers + Dict, key is handler name, value is dict of handler config. + + Handler config dict: + + level + handler log level + + :parameters: + env + Env object configuration values are read from. + configure_state + If other than None update the log manger's configure_state + variable to this object. Clients of the log manager can + use configure_state to track the state of the log manager. + ''' + logger_regexps = [] + handlers = {} + config = {'logger_regexps' : logger_regexps, + 'handlers' : handlers, + } + + for attr in ('debug', 'verbose'): + value = getattr(env, attr, None) + if value is not None: + config[attr] = value + + for attr in list(env): + # Get logger level configuration + match = IPALogManager.log_logger_level_config_re.search(attr) + if match: + value = match.group(1) + level = parse_log_level(value) + value = getattr(env, attr) + regexps = re.split('\s*,\s*', value) + # Add the regexp, it maps to the configured level + for regexp in regexps: + print "%s %s" % (regexp, level) + logger_regexps.append((regexp, level)) + continue + + # Get handler configuration + match = IPALogManager.log_handler_level_config_re.search(attr) + if match: + value = getattr(env, attr) + try: + level = parse_log_level(value) + except Exception, e: + print >>sys.stderr, 'ERROR could not parse log handler level: %s=%s' % (attr, value) + continue + name = match.group(1) + print "%s %s" % (name, level) + handler_config = handlers.get(name) + if handler_config is None: + handler_config = {'name' : name} + handler_config['level'] = level + continue + + self.configure(config, configure_state) + return config + + def create_log_handlers(self, configs, logger=None, configure_state=None): + 'Enforce some IPA specific configurations' + configs = copy.copy(configs) + + for cfg in configs: + if not 'time_zone_converter' in cfg: + cfg['time_zone_converter'] = 'utc' + if not 'datefmt' in cfg: + cfg['datefmt'] = ISO8601_UTC_DATETIME_FMT + if not 'format' in cfg: + cfg['format'] = LOGGING_FORMAT_STDOUT + + return super(IPALogManager, self).create_log_handlers(configs, logger, configure_state) + +#------------------------------------------------------------------------------- + +def standard_logging_setup(filename=None, verbose=False, debug=False, filemode='w'): + handlers = [] + + # File output is always logged at debug level + if filename is not None: + file_handler = dict(name='file', + filename=filename, + filemode=filemode, + permission=0600, + level='debug', + format=LOGGING_FORMAT_STANDARD_FILE) + handlers.append(file_handler) + + if log_mgr.handlers.has_key('console'): + log_mgr.remove_handler('console') + level = 'error' + if verbose: + level = 'info' + if debug: + level = 'debug' + + console_handler = dict(name='console', + stream=sys.stderr, + level=level, + format=LOGGING_FORMAT_STANDARD_CONSOLE) + handlers.append(console_handler) + + + # default_level must be debug becuase we want the file handler to + # always log at the debug level. + log_mgr.configure(dict(default_level='debug', + handlers=handlers), + configure_state='standard') + + return log_mgr.root_logger + +#------------------------------------------------------------------------------- + +# Single shared instance of log manager +# +# By default always starts with stderr console handler at error level +# so messages generated before logging is fully configured have some +# place to got and won't get lost. + +log_mgr = IPALogManager() +log_mgr.configure(dict(default_level='error', + handlers=[dict(name='console', + stream=sys.stderr)]), + configure_state='default') +root_logger = log_mgr.root_logger diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 718f209b3..c06e7bbcf 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -26,7 +26,7 @@ IPA_BASEDN_INFO = 'ipa v2.0' import string import tempfile -import logging +from ipapython.ipa_log_manager import * import subprocess import random import os, sys, traceback, readline @@ -264,10 +264,10 @@ def run(args, stdin=None, raiseonerr=True, stderr = stderr.replace(nolog_value, 'XXXXXXXX') args = args.replace(nolog_value, 'XXXXXXXX') - logging.debug('args=%s' % args) + root_logger.debug('args=%s' % args) if capture_output: - logging.debug('stdout=%s' % stdout) - logging.debug('stderr=%s' % stderr) + root_logger.debug('stdout=%s' % stdout) + root_logger.debug('stderr=%s' % stderr) if p.returncode != 0 and raiseonerr: raise CalledProcessError(p.returncode, args) @@ -1172,21 +1172,21 @@ def get_ipa_basedn(conn): contexts = entries[0][1]['namingcontexts'] for context in contexts: - logging.debug("Check if naming context '%s' is for IPA" % context) + root_logger.debug("Check if naming context '%s' is for IPA" % context) try: entry = conn.search_s(context, ldap.SCOPE_BASE, "(info=IPA*)") except ldap.NO_SUCH_OBJECT: - logging.debug("LDAP server did not return info attribute to check for IPA version") + root_logger.debug("LDAP server did not return info attribute to check for IPA version") continue if len(entry) == 0: - logging.debug("Info attribute with IPA server version not found") + root_logger.debug("Info attribute with IPA server version not found") continue info = entry[0][1]['info'][0].lower() if info != IPA_BASEDN_INFO: - logging.debug("Detected IPA server version (%s) did not match the client (%s)" \ + root_logger.debug("Detected IPA server version (%s) did not match the client (%s)" \ % (info, IPA_BASEDN_INFO)) continue - logging.debug("Naming context '%s' is a valid IPA context" % context) + root_logger.debug("Naming context '%s' is a valid IPA context" % context) return context return None diff --git a/ipapython/log_manager.py b/ipapython/log_manager.py index 6fa5ec5a1..736d95310 100644 --- a/ipapython/log_manager.py +++ b/ipapython/log_manager.py @@ -508,42 +508,11 @@ import pwd import logging import re import time -import copy #------------------------------------------------------------------------------- -# Our root logger, all loggers will be descendents of this. -IPA_ROOT_LOGGER_NAME = 'ipa' - -# Format string for time.strftime() to produce a ISO 8601 date time -# formatted string in the UTC time zone. -ISO8601_UTC_DATETIME_FMT = '%Y-%m-%dT%H:%M:%SZ' - # Default format LOGGING_DEFAULT_FORMAT = '%(levelname)s %(message)s' -# Logging format string for use with logging stderr handlers -LOGGING_FORMAT_STDERR = 'ipa: %(levelname)s: %(message)s' - -# Logging format string for use with logging stdout handlers -LOGGING_FORMAT_STDOUT = '[%(asctime)s %(name)s] <%(levelname)s>: %(message)s' - -# Logging format string for use with logging file handlers -LOGGING_FORMAT_FILE = '\t'.join([ - '%(asctime)s', - '%(process)d', - '%(threadName)s', - '%(name)s', - '%(levelname)s', - '%(message)s', -]) - -# Used by standard_logging_setup() for console message -LOGGING_FORMAT_STANDARD_CONSOLE = '%(name)-12s: %(levelname)-8s %(message)s' - -# Used by standard_logging_setup() for file message -LOGGING_FORMAT_STANDARD_FILE = '%(asctime)s %(levelname)s %(message)s' - - # Maps a logging level name to it's numeric value log_level_name_map = { 'notset' : logging.NOTSET, @@ -1100,7 +1069,7 @@ class LogManager(object): # Create a logger for my_app.foo.bar foo_bar_log = log_mgr.get_logger('foo.bar') - log_mgr.root_logger.info("Ready to process requests") + root_logger.info("Ready to process requests") foo_bar_log.error("something went boom") In the file my_app.log you would see:: @@ -1544,205 +1513,3 @@ class LogManager(object): return logger -class IPALogManager(LogManager): - ''' - Subclass the LogManager to enforce some IPA specfic logging - conventions. - - * Default to timestamps in UTC. - * Default to ISO 8601 timestamp format. - * Default the message format. - ''' - - log_logger_level_config_re = re.compile(r'^log_logger_level_(debug|info|warn|warning|error|critical|\d+)$') - log_handler_level_config_re = re.compile(r'^log_handler_(\S+)_level$') - - def __init__(self, configure_state=None): - ''' - :parameters: - configure_state - Used by clients of the log manager to track the - configuration state, may be any object. - ''' - - super(IPALogManager, self).__init__(IPA_ROOT_LOGGER_NAME, configure_state) - - def configure_from_env(self, env, configure_state=None): - ''' - Read the loggger configuration from the Env config. The - following items may be configured: - - Logger Levels - *log_logger_XXX = comma separated list of regexps* - - Logger levels can be explicitly specified for specific loggers as - opposed to a global logging level. Specific loggers are indiciated - by a list of regular expressions bound to a level. If a logger's - name matches the regexp then it is assigned that level. The keys - in the Env config must begin with "log_logger_level\_" and then be - followed by a symbolic or numeric log level, for example:: - - log_logger_level_debug = ipalib\.dn\..* - log_logger_level_35 = ipalib\.plugins\.dogtag - - The first line says any logger belonging to the ipalib.dn module - will have it's level configured to debug. - - The second line say the ipa.plugins.dogtag logger will be - configured to level 35. - - Note: logger names are a dot ('.') separated list forming a path - in the logger tree. The dot character is also a regular - expression metacharacter (matches any character) therefore you - will usually need to escape the dot in the logger names by - preceeding it with a backslash. - - Handler Levels - *log_handler_XXX_level = level* - - Handler levels may be specified with a key containing the - name of the handler (XXX) and whose value is the level. For - example:: - - log_handler_console_level = debug - - Would set the console handler level to debug. - - These are the predefined log handlers: - - console - Writes to stderr. - file - Writes to the default log file. - - - The return value of this function is a dict with the following - format: - - logger_regexps - List of (regexp, level) tuples - handlers - Dict, key is handler name, value is dict of handler config. - - Handler config dict: - - level - handler log level - - :parameters: - env - Env object configuration values are read from. - configure_state - If other than None update the log manger's configure_state - variable to this object. Clients of the log manager can - use configure_state to track the state of the log manager. - ''' - logger_regexps = [] - handlers = {} - config = {'logger_regexps' : logger_regexps, - 'handlers' : handlers, - } - - for attr in ('debug', 'verbose'): - value = getattr(env, attr, None) - if value is not None: - config[attr] = value - - for attr in list(env): - # Get logger level configuration - match = IPALogManager.log_logger_level_config_re.search(attr) - if match: - value = match.group(1) - level = parse_log_level(value) - value = getattr(env, attr) - regexps = re.split('\s*,\s*', value) - # Add the regexp, it maps to the configured level - for regexp in regexps: - print "%s %s" % (regexp, level) - logger_regexps.append((regexp, level)) - continue - - # Get handler configuration - match = IPALogManager.log_handler_level_config_re.search(attr) - if match: - value = getattr(env, attr) - try: - level = parse_log_level(value) - except Exception, e: - print >>sys.stderr, 'ERROR could not parse log handler level: %s=%s' % (attr, value) - continue - name = match.group(1) - print "%s %s" % (name, level) - handler_config = handlers.get(name) - if handler_config is None: - handler_config = {'name' : name} - handler_config['level'] = level - continue - - self.configure(config, configure_state) - return config - - def create_log_handlers(self, configs, logger=None, configure_state=None): - 'Enforce some IPA specific configurations' - configs = copy.copy(configs) - - for cfg in configs: - if not 'time_zone_converter' in cfg: - cfg['time_zone_converter'] = 'utc' - if not 'datefmt' in cfg: - cfg['datefmt'] = ISO8601_UTC_DATETIME_FMT - if not 'format' in cfg: - cfg['format'] = LOGGING_FORMAT_STDOUT - - return super(IPALogManager, self).create_log_handlers(configs, logger, configure_state) - -#------------------------------------------------------------------------------- - -def standard_logging_setup(filename=None, verbose=False, debug=False, filemode='w'): - handlers = [] - - # File output is always logged at debug level - if filename is not None: - file_handler = dict(name='file', - filename=filename, - filemode=filemode, - permission=0600, - level='debug', - format=LOGGING_FORMAT_STANDARD_FILE) - handlers.append(file_handler) - - if log_mgr.handlers.has_key('console'): - log_mgr.remove_handler('console') - level = 'error' - if verbose: - level = 'info' - if debug: - level = 'debug' - - console_handler = dict(name='console', - stream=sys.stderr, - level=level, - format=LOGGING_FORMAT_STANDARD_CONSOLE) - handlers.append(console_handler) - - - log_mgr.configure(dict(default_level=level, - handlers=handlers), - configure_state='standard') - - return log_mgr.root_logger - -#------------------------------------------------------------------------------- - -# Single shared instance of log manager -# -# By default always starts with stderr console handler at error level -# so messages generated before logging is fully configured have some -# place to got and won't get lost. - -log_mgr = IPALogManager() -log_mgr.configure(dict(default_level='error', - handlers=[dict(name='console', - stream=sys.stderr)]), - configure_state='default') - diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index 467de1c42..37b02f929 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -22,7 +22,7 @@ import sys import httplib import getpass import socket -import logging +from ipapython.ipa_log_manager import * from nss.error import NSPRError import nss.io as io @@ -35,8 +35,8 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb): cert = sock.get_peer_certificate() - logging.debug("auth_certificate_callback: check_sig=%s is_server=%s\n%s", - check_sig, is_server, str(cert)) + root_logger.debug("auth_certificate_callback: check_sig=%s is_server=%s\n%s", + check_sig, is_server, str(cert)) pin_args = sock.get_pkcs11_pin_arg() if pin_args is None: @@ -56,13 +56,13 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb): # and the strerror attribute will contain a string describing the reason. approved_usage = cert.verify_now(certdb, check_sig, intended_usage, *pin_args) except Exception, e: - logging.error('cert validation failed for "%s" (%s)', cert.subject, e.strerror) + root_logger.error('cert validation failed for "%s" (%s)', cert.subject, e.strerror) cert_is_valid = False return cert_is_valid - logging.debug("approved_usage = %s intended_usage = %s", - ', '.join(nss.cert_usage_flags(approved_usage)), - ', '.join(nss.cert_usage_flags(intended_usage))) + root_logger.debug("approved_usage = %s intended_usage = %s", + ', '.join(nss.cert_usage_flags(approved_usage)), + ', '.join(nss.cert_usage_flags(intended_usage))) # Is the intended usage a proper subset of the approved usage if approved_usage & intended_usage: @@ -72,7 +72,7 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb): # If this is a server, we're finished if is_server or not cert_is_valid: - logging.debug('cert valid %s for "%s"', cert_is_valid, cert.subject) + root_logger.debug('cert valid %s for "%s"', cert_is_valid, cert.subject) return cert_is_valid # Certificate is OK. Since this is the client side of an SSL @@ -85,12 +85,12 @@ def auth_certificate_callback(sock, check_sig, is_server, certdb): # If the cert fails validation it will raise an exception cert_is_valid = cert.verify_hostname(hostname) except Exception, e: - logging.error('failed verifying socket hostname "%s" matches cert subject "%s" (%s)', - hostname, cert.subject, e.strerror) + root_logger.error('failed verifying socket hostname "%s" matches cert subject "%s" (%s)', + hostname, cert.subject, e.strerror) cert_is_valid = False return cert_is_valid - logging.debug('cert valid %s for "%s"', cert_is_valid, cert.subject) + root_logger.debug('cert valid %s for "%s"', cert_is_valid, cert.subject) return cert_is_valid def client_auth_data_callback(ca_names, chosen_nickname, password, certdb): @@ -142,8 +142,8 @@ class NSSAddressFamilyFallback(object): self.sock = io.Socket(family=self.family) def _connect_socket_family(self, host, port, family): - logging.debug("connect_socket_family: host=%s port=%s family=%s", - host, port, io.addr_family_name(family)) + root_logger.debug("connect_socket_family: host=%s port=%s family=%s", + host, port, io.addr_family_name(family)) try: addr_info = [ ai for ai in io.AddrInfo(host) if ai.family == family ] # No suitable families @@ -154,12 +154,12 @@ class NSSAddressFamilyFallback(object): # Try connecting to the NetworkAddresses for net_addr in addr_info: net_addr.port = port - logging.debug("connecting: %s", net_addr) + root_logger.debug("connecting: %s", net_addr) try: self.sock.connect(net_addr) except Exception, e: - logging.debug("Could not connect socket to %s, error: %s, retrying..", - net_addr, str(e)) + root_logger.debug("Could not connect socket to %s, error: %s, retrying..", + net_addr, str(e)) continue else: return @@ -181,7 +181,7 @@ class NSSAddressFamilyFallback(object): self._create_socket() self._connect_socket_family(host, port, self.family) else: - logging.debug('No next family to try..') + root_logger.debug('No next family to try..') raise e else: raise e @@ -197,7 +197,7 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback): if not dbdir: raise RuntimeError("dbdir is required") - logging.debug('%s init %s', self.__class__.__name__, host) + root_logger.debug('%s init %s', self.__class__.__name__, host) if nss.nss_is_initialized(): # close any open NSS database and use the new one ssl.clear_session_cache() @@ -243,7 +243,7 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback): """ Verify callback. If we get here then the certificate is ok. """ - logging.debug("handshake complete, peer = %s", sock.get_peer_name()) + root_logger.debug("handshake complete, peer = %s", sock.get_peer_name()) pass def connect(self): @@ -307,20 +307,8 @@ class NSSHTTPS(httplib.HTTP): #------------------------------------------------------------------------------ if __name__ == "__main__": - logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)-8s %(message)s', - datefmt='%m-%d %H:%M', - filename='nsslib.log', - filemode='a') - # Create a seperate logger for the console - console_logger = logging.StreamHandler() - console_logger.setLevel(logging.DEBUG) - # set a format which is simpler for console use - formatter = logging.Formatter('%(levelname)s %(message)s') - console_logger.setFormatter(formatter) - # add the handler to the root logger - logging.getLogger('').addHandler(console_logger) - logging.info("Start") + standard_logging_setup('nsslib.log', debug=True, filemode='a') + root_logger.info("Start") if False: conn = NSSConnection("www.verisign.com", 443, dbdir="/etc/pki/nssdb") diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py index e22b4d4fa..8177a1bf2 100644 --- a/ipapython/sysrestore.py +++ b/ipapython/sysrestore.py @@ -26,7 +26,7 @@ import os import os.path import shutil -import logging +from ipapython.ipa_log_manager import * import ConfigParser import random import string @@ -61,7 +61,7 @@ class FileStore: be an empty dictionary if the file doesn't exist. """ - logging.debug("Loading Index file from '%s'", self._index) + root_logger.debug("Loading Index file from '%s'", self._index) self.files = {} @@ -78,10 +78,10 @@ class FileStore: """Save the file list to @_index. If @files is an empty dict, then @_index should be removed. """ - logging.debug("Saving Index File to '%s'", self._index) + root_logger.debug("Saving Index File to '%s'", self._index) if len(self.files) == 0: - logging.debug(" -> no files, removing file") + root_logger.debug(" -> no files, removing file") if os.path.exists(self._index): os.remove(self._index) return @@ -101,13 +101,13 @@ class FileStore: does not already exist - which will be restored to its original location by restore_files(). """ - logging.debug("Backing up system configuration file '%s'", path) + root_logger.debug("Backing up system configuration file '%s'", path) if not os.path.isabs(path): raise ValueError("Absolute path required") if not os.path.isfile(path): - logging.debug(" -> Not backing up - '%s' doesn't exist", path) + root_logger.debug(" -> Not backing up - '%s' doesn't exist", path) return (reldir, backupfile) = os.path.split(path) @@ -120,7 +120,7 @@ class FileStore: backup_path = os.path.join(self._path, filename) if os.path.exists(backup_path): - logging.debug(" -> Not backing up - already have a copy of '%s'", path) + root_logger.debug(" -> Not backing up - already have a copy of '%s'", path) return shutil.copy2(path, backup_path) @@ -151,7 +151,7 @@ class FileStore: was no backup file to restore """ - logging.debug("Restoring system configuration file '%s'", path) + root_logger.debug("Restoring system configuration file '%s'", path) if not os.path.isabs(path): raise ValueError("Absolute path required") @@ -172,7 +172,7 @@ class FileStore: backup_path = os.path.join(self._path, filename) if not os.path.exists(backup_path): - logging.debug(" -> Not restoring - '%s' doesn't exist", backup_path) + root_logger.debug(" -> Not restoring - '%s' doesn't exist", backup_path) return False shutil.move(backup_path, path) @@ -203,7 +203,7 @@ class FileStore: backup_path = os.path.join(self._path, filename) if not os.path.exists(backup_path): - logging.debug(" -> Not restoring - '%s' doesn't exist", backup_path) + root_logger.debug(" -> Not restoring - '%s' doesn't exist", backup_path) continue shutil.move(backup_path, path) @@ -257,7 +257,7 @@ class StateFile: """Load the modules from the file @_path. @modules will be an empty dictionary if the file doesn't exist. """ - logging.debug("Loading StateFile from '%s'", self._path) + root_logger.debug("Loading StateFile from '%s'", self._path) self.modules = {} @@ -277,14 +277,14 @@ class StateFile: """Save the modules to @_path. If @modules is an empty dict, then @_path should be removed. """ - logging.debug("Saving StateFile to '%s'", self._path) + root_logger.debug("Saving StateFile to '%s'", self._path) for module in self.modules.keys(): if len(self.modules[module]) == 0: del self.modules[module] if len(self.modules) == 0: - logging.debug(" -> no modules, removing file") + root_logger.debug(" -> no modules, removing file") if os.path.exists(self._path): os.remove(self._path) return diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index d1dc759c6..f655b2004 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -17,8 +17,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import logging - import os import errno import ldap @@ -30,6 +28,7 @@ from ipaserver.install.dsinstance import realm_to_serverid from ipalib import errors from ipapython import sysrestore from ipapython import ipautil +from ipapython.ipa_log_manager import * import random import string @@ -119,7 +118,7 @@ class ADTRUSTInstance(service.Service): try: self.admin_conn.modify_s(self.suffix, mod) except ldap.TYPE_OR_VALUE_EXISTS: - logging.debug("samba user aci already exists in suffix %s on %s" % (self.suffix, self.admin_conn.host)) + root_logger.debug("samba user aci already exists in suffix %s on %s" % (self.suffix, self.admin_conn.host)) def __gen_sid_string(self): sub_ids = struct.unpack("<LLL", os.urandom(12)) @@ -237,20 +236,20 @@ class ADTRUSTInstance(service.Service): "-k", "/etc/krb5.keytab"]) except ipautil.CalledProcessError, e: if e.returncode != 5: - logging.critical("Failed to remove old key for %s" % cifs_principal) + root_logger.critical("Failed to remove old key for %s" % cifs_principal) try: ipautil.run(["ipa-getkeytab", "--server", self.fqdn, "--principal", cifs_principal, "-k", "/etc/krb5.keytab"]) except ipautil.CalledProcessError, e: - logging.critical("Failed to add key for %s" % cifs_principal) + root_logger.critical("Failed to add key for %s" % cifs_principal) def __start(self): try: self.start() except: - logging.critical("smbd service failed to start") + root_logger.critical("smbd service failed to start") def __stop(self): self.backup_state("running", self.is_running()) @@ -267,7 +266,7 @@ class ADTRUSTInstance(service.Service): try: self.ldap_enable('ADTRUST', self.fqdn, self.dm_password, self.suffix) except ldap.ALREADY_EXISTS: - logging.critical("ADTRUST Service startup entry already exists.") + root_logger.critical("ADTRUST Service startup entry already exists.") pass def __setup_sub_dict(self): @@ -332,7 +331,7 @@ class ADTRUSTInstance(service.Service): try: self.fstore.restore_file(f) except ValueError, error: - logging.debug(error) + root_logger.debug(error) pass if not enabled is None and not enabled: diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 7330264fe..7da4a891b 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -20,7 +20,6 @@ import tempfile import os import pwd -import logging import netaddr import installutils @@ -34,6 +33,7 @@ from ipapython import ipautil from ipalib.constants import DNS_ZONE_REFRESH from ipalib.parameters import IA5Str from ipalib.util import validate_zonemgr +from ipapython.ipa_log_manager import * import ipalib from ipalib import api, util, errors @@ -482,9 +482,9 @@ class BindInstance(service.Service): def __setup_zone(self): if self.host_domain != self.domain: # add DNS domain for host first - logging.debug("Host domain (%s) is different from DNS domain (%s)!" \ + root_logger.debug("Host domain (%s) is different from DNS domain (%s)!" \ % (self.host_domain, self.domain)) - logging.debug("Add DNS zone for host first.") + root_logger.debug("Add DNS zone for host first.") add_zone(self.host_domain, self.zonemgr, dns_backup=self.dns_backup, ns_hostname=api.env.host, ns_ip_address=self.ip_address) @@ -557,7 +557,7 @@ class BindInstance(service.Service): except ldap.TYPE_OR_VALUE_EXISTS: pass except Exception, e: - logging.critical("Could not modify principal's %s entry" % dns_principal) + root_logger.critical("Could not modify principal's %s entry" % dns_principal) raise e def __setup_named_conf(self): @@ -639,7 +639,7 @@ class BindInstance(service.Service): try: self.fstore.restore_file(f) except ValueError, error: - logging.debug(error) + root_logger.debug(error) pass if not enabled is None and not enabled: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index fed4b2cdf..94b9d6d05 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -19,7 +19,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import logging import pwd import os import sys @@ -56,6 +55,7 @@ from ipaserver.install import dsinstance from ipaserver.install import certs from ipaserver.install.installutils import ReplicaConfig from ipalib import util +from ipapython.ipa_log_manager import * HTTPD_CONFD = "/etc/httpd/conf.d/" DEFAULT_DSPORT=7389 @@ -115,7 +115,7 @@ def get_preop_pin(instance_root, instance_name): try: f=open(filename) except IOError, e: - logging.error("Cannot open configuration file." + str(e)) + root_logger.error("Cannot open configuration file." + str(e)) raise e data = f.read() data = data.split('\n') @@ -277,10 +277,10 @@ class CADSInstance(service.Service): user_exists = True try: pwd.getpwnam(PKI_DS_USER) - logging.debug("ds user %s exists" % PKI_DS_USER) + root_logger.debug("ds user %s exists" % PKI_DS_USER) except KeyError: user_exists = False - logging.debug("adding ds user %s" % PKI_DS_USER) + root_logger.debug("adding ds user %s" % PKI_DS_USER) args = ["/usr/sbin/useradd", "-g", dsinstance.DS_GROUP, "-c", "PKI DS System User", "-d", "/var/lib/dirsrv", @@ -288,9 +288,9 @@ class CADSInstance(service.Service): "-M", "-r", PKI_DS_USER] try: ipautil.run(args) - logging.debug("done adding user") + root_logger.debug("done adding user") except ipautil.CalledProcessError, e: - logging.critical("failed to add user %s" % e) + root_logger.critical("failed to add user %s" % e) self.backup_state("user_exists", user_exists) @@ -299,21 +299,21 @@ class CADSInstance(service.Service): self.backup_state("serverid", self.serverid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) - logging.debug("writing inf template") + root_logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) - logging.debug(inf_txt) + root_logger.debug(inf_txt) if ipautil.file_exists("/usr/sbin/setup-ds.pl"): args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name] - logging.debug("calling setup-ds.pl") + root_logger.debug("calling setup-ds.pl") else: args = ["/usr/bin/ds_newinst.pl", inf_fd.name] - logging.debug("calling ds_newinst.pl") + root_logger.debug("calling ds_newinst.pl") try: ipautil.run(args) - logging.debug("completed creating ds instance") + root_logger.debug("completed creating ds instance") except ipautil.CalledProcessError, e: - logging.critical("failed to restart ds instance %s" % e) + root_logger.critical("failed to restart ds instance %s" % e) inf_fd.close() def load_pkcs12(self): @@ -376,11 +376,11 @@ class CADSInstance(service.Service): try: ipaservices.knownservices.dirsrv.restart(self.serverid) if not dsinstance.is_ds_running(self.serverid): - logging.critical("Failed to restart the directory server. See the installation log for details.") + root_logger.critical("Failed to restart the directory server. See the installation log for details.") sys.exit(1) except Exception: # TODO: roll back here? - logging.critical("Failed to restart the directory server. See the installation log for details.") + root_logger.critical("Failed to restart the directory server. See the installation log for details.") def uninstall(self): if self.is_configured(): @@ -410,7 +410,7 @@ class CADSInstance(service.Service): try: ipautil.run(["/usr/sbin/userdel", PKI_DS_USER]) except ipautil.CalledProcessError, e: - logging.critical("failed to delete user %s" % e) + root_logger.critical("failed to delete user %s" % e) class CAInstance(service.Service): """ @@ -569,19 +569,19 @@ class CAInstance(service.Service): user_exists = True try: pwd.getpwnam(PKI_USER) - logging.debug("ca user %s exists" % PKI_USER) + root_logger.debug("ca user %s exists" % PKI_USER) except KeyError: user_exists = False - logging.debug("adding ca user %s" % PKI_USER) + root_logger.debug("adding ca user %s" % PKI_USER) args = ["/usr/sbin/useradd", "-c", "CA System User", "-d", "/var/lib", "-s", "/sbin/nologin", "-M", "-r", PKI_USER] try: ipautil.run(args) - logging.debug("done adding user") + root_logger.debug("done adding user") except ipautil.CalledProcessError, e: - logging.critical("failed to add user %s" % e) + root_logger.critical("failed to add user %s" % e) self.backup_state("user_exists", user_exists) @@ -676,7 +676,7 @@ class CAInstance(service.Service): ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog) except ipautil.CalledProcessError, e: - logging.critical("failed to configure ca instance %s" % e) + root_logger.critical("failed to configure ca instance %s" % e) raise RuntimeError('Configuration of CA failed') if self.external == 1: @@ -689,7 +689,7 @@ class CAInstance(service.Service): if ipautil.file_exists("/root/tmp-ca.p12"): shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") - logging.debug("completed creating ca instance") + root_logger.debug("completed creating ca instance") def __restart_instance(self): try: @@ -697,7 +697,7 @@ class CAInstance(service.Service): installutils.wait_for_open_ports('localhost', 9180, 300) except Exception: # TODO: roll back here? - logging.critical("Failed to restart the certificate server. See the installation log for details.") + root_logger.critical("Failed to restart the certificate server. See the installation log for details.") def __disable_nonce(self): # Turn off Nonces @@ -1060,14 +1060,14 @@ class CAInstance(service.Service): ipautil.run(["/usr/bin/pkiremove", "-pki_instance_root=/var/lib", "-pki_instance_name=%s" % PKI_INSTANCE_NAME, "--force"]) except ipautil.CalledProcessError, e: - logging.critical("failed to uninstall CA instance %s" % e) + root_logger.critical("failed to uninstall CA instance %s" % e) user_exists = self.restore_state("user_exists") if user_exists == False: try: ipautil.run(["/usr/sbin/userdel", PKI_USER]) except ipautil.CalledProcessError, e: - logging.critical("failed to delete user %s" % e) + root_logger.critical("failed to delete user %s" % e) def publish_ca_cert(self, location): args = ["-L", "-n", self.canickname, "-a"] @@ -1153,7 +1153,7 @@ def install_replica_ca(config, postinstall=False): return (ca, cs) if __name__ == "__main__": - installutils.standard_logging_setup("install.log", False) + standard_logging_setup("install.log") cs = CADSInstance() cs.create_instance("EXAMPLE.COM", "catest.example.com", "example.com", "password") ca = CAInstance("EXAMPLE.COM", "/etc/httpd/alias") diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index feac48a89..3cbcec5c8 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -21,7 +21,7 @@ import os, stat, subprocess, re import errno import tempfile import shutil -import logging +from ipapython.ipa_log_manager import * import urllib import xml.dom.minidom import pwd @@ -503,7 +503,7 @@ class CertDB(object): try: (stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file) except (ipautil.CalledProcessError, RuntimeError), e: - logging.error("certmonger failed starting to track certificate: %s" % str(e)) + root_logger.error("certmonger failed starting to track certificate: %s" % str(e)) return cmonger.stop() @@ -512,7 +512,7 @@ class CertDB(object): subject = str(nsscert.subject) m = re.match('New tracking request "(\d+)" added', stdout) if not m: - logging.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout)) + root_logger.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout)) raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir)) request_id = m.group(1) @@ -534,7 +534,7 @@ class CertDB(object): try: certmonger.stop_tracking(self.secdir, nickname=nickname) except (ipautil.CalledProcessError, RuntimeError), e: - logging.error("certmonger failed to stop tracking certificate: %s" % str(e)) + root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e)) cmonger.stop() def create_server_cert(self, nickname, hostname, other_certdb=None, subject=None): @@ -859,17 +859,17 @@ class CertDB(object): def trust_root_cert(self, root_nickname): if root_nickname is None: - logging.debug("Unable to identify root certificate to trust. Continueing but things are likely to fail.") + root_logger.debug("Unable to identify root certificate to trust. Continueing but things are likely to fail.") return if root_nickname[:7] == "Builtin": - logging.debug("No need to add trust for built-in root CA's, skipping %s" % root_nickname) + root_logger.debug("No need to add trust for built-in root CA's, skipping %s" % root_nickname) else: try: self.run_certutil(["-M", "-n", root_nickname, "-t", "CT,CT,"]) except ipautil.CalledProcessError, e: - logging.error("Setting trust on %s failed" % root_nickname) + root_logger.error("Setting trust on %s failed" % root_nickname) def find_server_certs(self): p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir, diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 8ca33c13c..4260579af 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -19,7 +19,7 @@ # import shutil -import logging +from ipapython.ipa_log_manager import * import pwd import glob import sys @@ -290,10 +290,10 @@ class DsInstance(service.Service): user_exists = True try: pwd.getpwnam(DS_USER) - logging.debug("ds user %s exists" % DS_USER) + root_logger.debug("ds user %s exists" % DS_USER) except KeyError: user_exists = False - logging.debug("adding ds user %s" % DS_USER) + root_logger.debug("adding ds user %s" % DS_USER) args = ["/usr/sbin/useradd", "-g", DS_GROUP, "-c", "DS System User", "-d", "/var/lib/dirsrv", @@ -301,9 +301,9 @@ class DsInstance(service.Service): "-M", "-r", DS_USER] try: ipautil.run(args) - logging.debug("done adding user") + root_logger.debug("done adding user") except ipautil.CalledProcessError, e: - logging.critical("failed to add user %s" % e) + root_logger.critical("failed to add user %s" % e) self.backup_state("user_exists", user_exists) @@ -314,7 +314,7 @@ class DsInstance(service.Service): self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) - logging.debug(base_txt) + root_logger.debug(base_txt) target_fname = '/var/lib/dirsrv/boot.ldif' base_fd = open(target_fname, "w") @@ -325,32 +325,32 @@ class DsInstance(service.Service): os.chmod(target_fname, 0440) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) - logging.debug("writing inf template") + root_logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) - logging.debug(inf_txt) + root_logger.debug(inf_txt) if ipautil.file_exists("/usr/sbin/setup-ds.pl"): args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name] - logging.debug("calling setup-ds.pl") + root_logger.debug("calling setup-ds.pl") else: args = ["/usr/bin/ds_newinst.pl", inf_fd.name] - logging.debug("calling ds_newinst.pl") + root_logger.debug("calling ds_newinst.pl") try: ipautil.run(args) - logging.debug("completed creating ds instance") + root_logger.debug("completed creating ds instance") except ipautil.CalledProcessError, e: - logging.critical("failed to restart ds instance %s" % e) + root_logger.critical("failed to restart ds instance %s" % e) # check for open port 389 from now on self.open_ports.append(389) - logging.debug("restarting ds instance") + root_logger.debug("restarting ds instance") try: self.__restart_instance() - logging.debug("done restarting ds instance") + root_logger.debug("done restarting ds instance") except ipautil.CalledProcessError, e: print "failed to restart ds instance", e - logging.debug("failed to restart ds instance %s" % e) + root_logger.debug("failed to restart ds instance %s" % e) inf_fd.close() os.remove("/var/lib/dirsrv/boot.ldif") @@ -384,14 +384,14 @@ class DsInstance(service.Service): try: super(DsInstance, self).restart(instance) if not is_ds_running(instance): - logging.critical("Failed to restart the directory server. See the installation log for details.") + root_logger.critical("Failed to restart the directory server. See the installation log for details.") sys.exit(1) installutils.wait_for_open_ports('localhost', self.open_ports, 300) except SystemExit, e: raise e except Exception, e: # TODO: roll back here? - logging.critical("Failed to restart the directory server (%s). See the installation log for details." % e) + root_logger.critical("Failed to restart the directory server (%s). See the installation log for details." % e) def __restart_instance(self): self.restart(self.serverid) @@ -410,7 +410,7 @@ class DsInstance(service.Service): self._ldap_mod("memberof-task.ldif", self.sub_dict) # Note, keep dn in sync with dn in install/share/memberof-task.ldif dn = "cn=IPA install %s,cn=memberof task,cn=tasks,cn=config" % self.sub_dict["TIME"] - logging.debug("Waiting for memberof task to complete.") + root_logger.debug("Waiting for memberof task to complete.") conn = ipaldap.IPAdmin("127.0.0.1") if self.dm_password: conn.simple_bind_s("cn=directory manager", self.dm_password) @@ -558,7 +558,7 @@ class DsInstance(service.Service): self._ldap_mod("default-hbac.ldif", self.sub_dict) def change_admin_password(self, password): - logging.debug("Changing admin password") + root_logger.debug("Changing admin password") dirname = config_dirname(self.serverid) dmpwdfile = "" admpwdfile = "" @@ -580,10 +580,10 @@ class DsInstance(service.Service): env = { 'LDAPTLS_CACERTDIR':os.path.dirname(CACERT), 'LDAPTLS_CACERT':CACERT } ipautil.run(args, env=env) - logging.debug("ldappasswd done") + root_logger.debug("ldappasswd done") except ipautil.CalledProcessError, e: print "Unable to set admin password", e - logging.debug("Unable to set admin password %s" % e) + root_logger.debug("Unable to set admin password %s" % e) finally: if os.path.isfile(dmpwdfile): @@ -605,7 +605,7 @@ class DsInstance(service.Service): self.fstore.restore_file("/etc/security/limits.conf") self.fstore.restore_file("/etc/sysconfig/dirsrv") except ValueError, error: - logging.debug(error) + root_logger.debug(error) pass if not enabled is None and not enabled: @@ -628,7 +628,7 @@ class DsInstance(service.Service): try: ipautil.run(["/usr/sbin/userdel", DS_USER]) except ipautil.CalledProcessError, e: - logging.critical("failed to delete user %s" % e) + root_logger.critical("failed to delete user %s" % e) # Make sure some upgrade-related state is removed. This could cause # re-installation problems. @@ -653,12 +653,12 @@ class DsInstance(service.Service): # first make sure we have a valid cacert_fname try: if not os.access(cacert_fname, os.R_OK): - logging.critical("The given CA cert file named [%s] could not be read" % - cacert_fname) + root_logger.critical("The given CA cert file named [%s] could not be read" % + cacert_fname) return False except OSError, e: - logging.critical("The given CA cert file named [%s] could not be read: %s" % - (cacert_fname, str(e))) + root_logger.critical("The given CA cert file named [%s] could not be read: %s" % + (cacert_fname, str(e))) return False # ok - ca cert file can be read # shutdown the server @@ -674,8 +674,8 @@ class DsInstance(service.Service): try: certdb.load_cacert(cacert_fname) except ipautil.CalledProcessError, e: - logging.critical("Error importing CA cert file named [%s]: %s" % - (cacert_fname, str(e))) + root_logger.critical("Error importing CA cert file named [%s]: %s" % + (cacert_fname, str(e))) status = False # restart the directory server self.start() @@ -729,7 +729,7 @@ class DsInstance(service.Service): fd.close() else: - logging.info("Custom file limits are already set! Skipping\n") + root_logger.info("Custom file limits are already set! Skipping\n") print "Custom file limits are already set! Skipping\n" return diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index c5c047c35..79b617289 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -20,7 +20,7 @@ import os import os.path import tempfile -import logging +from ipapython.ipa_log_manager import * import pwd import shutil @@ -279,7 +279,7 @@ class HTTPInstance(service.Service): try: self.fstore.restore_file(f) except ValueError, error: - logging.debug(error) + root_logger.debug(error) pass # Remove the configuration files we create diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 4e6788cc3..817308f1d 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -17,7 +17,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import logging import socket import errno import getpass @@ -34,6 +33,7 @@ import shutil from ConfigParser import SafeConfigParser from ipapython import ipautil, dnsclient, sysrestore +from ipapython.ipa_log_manager import * # Used to determine install status IPA_MODULES = ['httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pkids', 'install', 'krb5kdc', 'ntpd', 'named'] @@ -314,27 +314,6 @@ def port_available(port): return rv -def standard_logging_setup(log_filename, debug=False, filemode='w'): - old_umask = os.umask(077) - # Always log everything (i.e., DEBUG) to the log - # file. - logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)s %(message)s', - filename=log_filename, - filemode=filemode) - os.umask(old_umask) - - console = logging.StreamHandler() - # If the debug option is set, also log debug messages to the console - if debug: - console.setLevel(logging.DEBUG) - else: - # Otherwise, log critical and error messages - console.setLevel(logging.ERROR) - formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s') - console.setFormatter(formatter) - logging.getLogger('').addHandler(console) - def get_password(prompt): if os.isatty(sys.stdin.fileno()): return getpass.getpass(prompt) @@ -459,7 +438,7 @@ def create_keytab(path, principal): if ipautil.file_exists(path): os.remove(path) except os.error: - logging.critical("Failed to remove %s." % path) + root_logger.critical("Failed to remove %s." % path) kadmin("ktadd -k " + path + " " + principal) @@ -596,7 +575,7 @@ def remove_file(filename): if os.path.exists(filename): os.unlink(filename) except Exception, e: - logging.error('Error removing %s: %s' % (filename, str(e))) + root_logger.error('Error removing %s: %s' % (filename, str(e))) def rmtree(path): """ @@ -606,7 +585,7 @@ def rmtree(path): if os.path.exists(path): shutil.rmtree(path) except Exception, e: - logging.error('Error removing %s: %s' % (path, str(e))) + root_logger.error('Error removing %s: %s' % (path, str(e))) def is_ipa_configured(): """ @@ -620,15 +599,15 @@ def is_ipa_configured(): for module in IPA_MODULES: if sstore.has_state(module): - logging.debug('%s is configured' % module) + root_logger.debug('%s is configured' % module) installed = True else: - logging.debug('%s is not configured' % module) + root_logger.debug('%s is not configured' % module) if fstore.has_files(): - logging.debug('filestore has files') + root_logger.debug('filestore has files') installed = True else: - logging.debug('filestore is tracking no files') + root_logger.debug('filestore is tracking no files') return installed diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index fa47e09ec..6ed385162 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -18,7 +18,6 @@ # import shutil -import logging import fileinput import re import sys @@ -33,6 +32,7 @@ from ipapython import ipautil from ipapython import services as ipaservices from ipalib import util from ipalib import errors +from ipapython.ipa_log_manager import * from ipaserver import ipaldap from ipaserver.install import replication @@ -221,7 +221,7 @@ class KrbInstance(service.Service): try: self.start() except: - logging.critical("krb5kdc service failed to start") + root_logger.critical("krb5kdc service failed to start") def __setup_sub_dict(self): self.sub_dict = dict(FQDN=self.fqdn, @@ -245,10 +245,10 @@ class KrbInstance(service.Service): try: self.admin_conn.delete_s(r.dn) except LDAPError, e: - logging.critical("Error during SASL mapping removal: %s" % str(e)) + root_logger.critical("Error during SASL mapping removal: %s" % str(e)) raise e except LDAPError, e: - logging.critical("Error while enumerating SASL mappings %s" % str(e)) + root_logger.critical("Error while enumerating SASL mappings %s" % str(e)) raise e entry = ipaldap.Entry("cn=Full Principal,cn=mapping,cn=sasl,cn=config") @@ -261,7 +261,7 @@ class KrbInstance(service.Service): try: self.admin_conn.add_s(entry) except ldap.ALREADY_EXISTS: - logging.critical("failed to add Full Principal Sasl mapping") + root_logger.critical("failed to add Full Principal Sasl mapping") raise e entry = ipaldap.Entry("cn=Name Only,cn=mapping,cn=sasl,cn=config") @@ -274,7 +274,7 @@ class KrbInstance(service.Service): try: self.admin_conn.add_s(entry) except ldap.ALREADY_EXISTS: - logging.critical("failed to add Name Only Sasl mapping") + root_logger.critical("failed to add Name Only Sasl mapping") raise e def __add_krb_container(self): @@ -342,7 +342,7 @@ class KrbInstance(service.Service): entry = self.admin_conn.getEntry(self.get_realm_suffix(), ldap.SCOPE_SUBTREE) except errors.NotFound, e: - logging.critical("Could not find master key in DS") + root_logger.critical("Could not find master key in DS") raise e krbMKey = pyasn1.codec.ber.decoder.decode(entry.krbmkey) @@ -356,7 +356,7 @@ class KrbInstance(service.Service): fd.write(s) fd.close() except os.error, e: - logging.critical("failed to write stash file") + root_logger.critical("failed to write stash file") raise e #add the password extop module @@ -445,7 +445,7 @@ class KrbInstance(service.Service): try: self.fstore.restore_file(f) except ValueError, error: - logging.debug(error) + root_logger.debug(error) pass if not enabled is None and not enabled: diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index e1f6b1f43..34637c1ee 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -33,7 +33,7 @@ from ipalib import util from ipalib import errors import ldap from ldap.dn import escape_dn_chars -import logging +from ipapython.ipa_log_manager import * import krbV import platform import time @@ -258,7 +258,7 @@ class LDAPUpdate: else: e['updates'] = update['updates'] else: - logging.debug("Unknown key in updates %s" % update.keys()) + root_logger.debug("Unknown key in updates %s" % update.keys()) all_updates[dn] = e @@ -353,8 +353,8 @@ class LDAPUpdate: e.setValue('nsInstance', 'userRoot') e.setValues('nsIndexAttribute', attribute) - logging.info("Creating task to index attribute: %s", attribute) - logging.debug("Task id: %s", dn) + root_logger.info("Creating task to index attribute: %s", attribute) + root_logger.debug("Task id: %s", dn) if self.live_run: self.conn.addEntry(e.dn, e.toTupleList()) @@ -379,10 +379,10 @@ class LDAPUpdate: try: entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) except errors.NotFound, e: - logging.error("Task not found: %s", dn) + root_logger.error("Task not found: %s", dn) return except errors.DatabaseError, e: - logging.error("Task lookup failure %s", e) + root_logger.error("Task lookup failure %s", e) return status = entry.getValue('nstaskstatus') @@ -392,10 +392,10 @@ class LDAPUpdate: continue if status.lower().find("finished") > -1: - logging.info("Indexing finished") + root_logger.info("Indexing finished") break - logging.debug("Indexing in progress") + root_logger.debug("Indexing in progress") time.sleep(1) return @@ -507,49 +507,49 @@ class LDAPUpdate: e = [e] for v in values: if utype == 'remove': - logging.debug("remove: '%s' from %s, current value %s", v, k, e) + root_logger.debug("remove: '%s' from %s, current value %s", v, k, e) try: e.remove(v) except ValueError: - logging.warn("remove: '%s' not in %s", v, k) + root_logger.warning("remove: '%s' not in %s", v, k) pass entry.setValues(k, e) - logging.debug('remove: updated value %s', e) + root_logger.debug('remove: updated value %s', e) elif utype == 'add': - logging.debug("add: '%s' to %s, current value %s", v, k, e) + root_logger.debug("add: '%s' to %s, current value %s", v, k, e) # Remove it, ignoring errors so we can blindly add it later try: e.remove(v) except ValueError: pass e.append(v) - logging.debug('add: updated value %s', e) + root_logger.debug('add: updated value %s', e) entry.setValues(k, e) elif utype == 'addifnew': - logging.debug("addifnew: '%s' to %s, current value %s", v, k, e) + root_logger.debug("addifnew: '%s' to %s, current value %s", v, k, e) # Only add the attribute if it doesn't exist. Only works # with single-value attributes. if len(e) == 0: e.append(v) - logging.debug('addifnew: set %s to %s', k, e) + root_logger.debug('addifnew: set %s to %s', k, e) entry.setValues(k, e) elif utype == 'addifexist': - logging.debug("addifexist: '%s' to %s, current value %s", v, k, e) + root_logger.debug("addifexist: '%s' to %s, current value %s", v, k, e) # Only add the attribute if the entry doesn't exist. We # determine this based on whether it has an objectclass if entry.getValues('objectclass'): e.append(v) - logging.debug('addifexist: set %s to %s', k, e) + root_logger.debug('addifexist: set %s to %s', k, e) entry.setValues(k, e) elif utype == 'only': - logging.debug("only: set %s to '%s', current value %s", k, v, e) + root_logger.debug("only: set %s to '%s', current value %s", k, v, e) if only.get(k): e.append(v) else: e = [v] only[k] = True entry.setValues(k, e) - logging.debug('only: updated value %s', e) + root_logger.debug('only: updated value %s', e) elif utype == 'deleteentry': # skip this update type, it occurs in __delete_entries() return None @@ -562,10 +562,10 @@ class LDAPUpdate: try: e.remove(old) e.append(new) - logging.debug('replace: updated value %s', e) + root_logger.debug('replace: updated value %s', e) entry.setValues(k, e) except ValueError: - logging.debug('replace: %s not found, skipping', old) + root_logger.debug('replace: %s not found, skipping', old) self.print_entity(entry) @@ -573,19 +573,19 @@ class LDAPUpdate: def print_entity(self, e, message=None): """The entity object currently lacks a str() method""" - logging.debug("---------------------------------------------") + root_logger.debug("---------------------------------------------") if message: - logging.debug("%s", message) - logging.debug("dn: " + e.dn) + root_logger.debug("%s", message) + root_logger.debug("dn: " + e.dn) attr = e.attrList() for a in attr: value = e.getValues(a) if isinstance(value,str): - logging.debug(a + ": " + value) + root_logger.debug(a + ": " + value) else: - logging.debug(a + ": ") + root_logger.debug(a + ": ") for l in value: - logging.debug("\t" + l) + root_logger.debug("\t" + l) def is_schema_updated(self, s): """Compare the schema in 's' with the current schema in the DS to @@ -626,15 +626,15 @@ class LDAPUpdate: raise BadSyntax, "More than 1 entry returned on a dn search!? %s" % new_entry.dn entry = self.__entry_to_entity(e[0]) found = True - logging.info("Updating existing entry: %s", entry.dn) + root_logger.info("Updating existing entry: %s", entry.dn) except errors.NotFound: # Doesn't exist, start with the default entry entry = new_entry - logging.info("New entry: %s", entry.dn) + root_logger.info("New entry: %s", entry.dn) except errors.DatabaseError: # Doesn't exist, start with the default entry entry = new_entry - logging.info("New entry, using default value: %s", entry.dn) + root_logger.info("New entry, using default value: %s", entry.dn) self.print_entity(entry) @@ -660,7 +660,7 @@ class LDAPUpdate: self.conn.addEntry(entry.dn, entry.toTupleList()) self.modified = True except Exception, e: - logging.error("Add failure %s", e) + root_logger.error("Add failure %s", e) else: # Update LDAP try: @@ -671,19 +671,19 @@ class LDAPUpdate: else: if len(changes) >= 1: updated = True - logging.debug("%s" % changes) - logging.debug("Live %d, updated %d" % (self.live_run, updated)) + root_logger.debug("%s" % changes) + root_logger.debug("Live %d, updated %d" % (self.live_run, updated)) if self.live_run and updated: self.conn.updateEntry(entry.dn, entry.origDataDict(), entry.toDict()) - logging.info("Done") + root_logger.info("Done") except errors.EmptyModlist: - logging.info("Entry already up-to-date") + root_logger.info("Entry already up-to-date") updated = False except errors.DatabaseError, e: - logging.error("Update failed: %s", e) + root_logger.error("Update failed: %s", e) updated = False except errors.ACIError, e: - logging.error("Update failed: %s", e) + root_logger.error("Update failed: %s", e) updated = False if ("cn=index" in entry.dn and @@ -712,10 +712,10 @@ class LDAPUpdate: self.conn.deleteEntry(dn) self.modified = True except errors.NotFound, e: - logging.info("Deleting non-existent entry %s", e) + root_logger.info("Deleting non-existent entry %s", e) self.modified = True except errors.DatabaseError, e: - logging.error("Delete failed: %s", e) + root_logger.error("Delete failed: %s", e) updates = updates.get('updates', []) for u in updates: @@ -728,10 +728,10 @@ class LDAPUpdate: self.conn.deleteEntry(dn) self.modified = True except errors.NotFound, e: - logging.info("Deleting non-existent entry %s", e) + root_logger.info("Deleting non-existent entry %s", e) self.modified = True except errors.DatabaseError, e: - logging.error("Delete failed: %s", e) + root_logger.error("Delete failed: %s", e) return @@ -784,7 +784,7 @@ class LDAPUpdate: dn_list = {} for f in files: try: - logging.info("Parsing file %s" % f) + root_logger.info("Parsing file %s" % f) data = self.read_file(f) except Exception, e: print e diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py index 00217c390..e1b72dda5 100644 --- a/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py @@ -18,12 +18,11 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import logging - import service from ipapython import sysrestore from ipapython import ipautil from ipapython import services as ipaservices +from ipapython.ipa_log_manager import * class NTPInstance(service.Service): def __init__(self, fstore=None): @@ -171,7 +170,7 @@ class NTPInstance(service.Service): try: self.fstore.restore_file("/etc/ntp.conf") except ValueError, error: - logging.debug(error) + root_logger.debug(error) pass if not enabled is None and not enabled: diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index a29b98147..a139fd0fb 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -17,7 +17,8 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import time, logging +import time +from ipapython.ipa_log_manager import * import os import sys @@ -152,10 +153,10 @@ class ReplicationManager(object): try: replica = master_conn.search_s(dn, ldap.SCOPE_BASE, "objectclass=*")[0] if not replica.getValue('nsDS5ReplicaId'): - logging.debug("Unable to retrieve nsDS5ReplicaId from remote server") + root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server") raise RuntimeError("Unable to retrieve nsDS5ReplicaId from remote server") except ldap.NO_SUCH_OBJECT: - logging.debug("Unable to retrieve nsDS5ReplicaId from remote server") + root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server") raise # Now update the value on the master @@ -165,7 +166,7 @@ class ReplicationManager(object): try: master_conn.modify_s(dn, mod) except Exception, e: - logging.debug("Problem updating nsDS5ReplicaID %s" % e) + root_logger.debug("Problem updating nsDS5ReplicaID %s" % e) raise return retval @@ -327,14 +328,14 @@ class ReplicationManager(object): conn.modify_s(self.suffix, [(ldap.MOD_ADD, 'aci', [ "(targetattr = \"*\")(version 3.0; acl \"Proxied authorization for database links\"; allow (proxy) userdn = \"ldap:///%s\";)" % self.repl_man_dn ])]) except ldap.TYPE_OR_VALUE_EXISTS: - logging.debug("proxy aci already exists in suffix %s on %s" % (self.suffix, conn.host)) + root_logger.debug("proxy aci already exists in suffix %s on %s" % (self.suffix, conn.host)) def get_mapping_tree_entry(self): try: entry = self.conn.getEntry("cn=mapping tree,cn=config", ldap.SCOPE_ONELEVEL, "(cn=\"%s\")" % (self.suffix)) except errors.NotFound, e: - logging.debug("failed to find mappting tree entry for %s" % self.suffix) + root_logger.debug("failed to find mappting tree entry for %s" % self.suffix) raise e return entry @@ -356,7 +357,7 @@ class ReplicationManager(object): try: self.conn.modify_s(dn, mod) except ldap.TYPE_OR_VALUE_EXISTS: - logging.debug("chainOnUpdate already enabled for %s" % self.suffix) + root_logger.debug("chainOnUpdate already enabled for %s" % self.suffix) def setup_chain_on_update(self, other_conn): chainbe = self.setup_chaining_backend(other_conn) @@ -397,7 +398,7 @@ class ReplicationManager(object): try: conn.modify_s(self.suffix, mod) except ldap.TYPE_OR_VALUE_EXISTS: - logging.debug("passsync aci already exists in suffix %s on %s" % (self.suffix, conn.host)) + root_logger.debug("passsync aci already exists in suffix %s on %s" % (self.suffix, conn.host)) def setup_winsync_agmt(self, entry, win_subtree=None): if win_subtree is None: @@ -508,9 +509,9 @@ class ReplicationManager(object): b_pn = a.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_b) if a_pn is None: - logging.critical('Unable to find entry for %s on %s' % (filter_a, str(b))) + root_logger.critical('Unable to find entry for %s on %s' % (filter_a, str(b))) if b_pn is None: - logging.critical('Unable to find entry for %s on %s' % (filter_b, str(a))) + root_logger.critical('Unable to find entry for %s on %s' % (filter_b, str(a))) if a_pn is None or b_pn is None: raise RuntimeError('Replication agreement cannot be converted') @@ -567,7 +568,7 @@ class ReplicationManager(object): try: self.conn.modify_s(dn, mod) except Exception, e: - logging.debug("Failed to remove referral value: %s" % str(e)) + root_logger.debug("Failed to remove referral value: %s" % str(e)) def check_repl_init(self, conn, agmtdn): done = False @@ -623,7 +624,7 @@ class ReplicationManager(object): end = entry.nsds5ReplicaLastUpdateEnd # incremental update is done if inprogress is false and end >= start done = inprogress and inprogress.lower() == 'false' and start and end and (start <= end) - logging.info("Replication Update in progress: %s: status: %s: start: %s: end: %s" % + root_logger.info("Replication Update in progress: %s: status: %s: start: %s: end: %s" % (inprogress, status, start, end)) if not done and status: # check for errors # status will usually be a number followed by a string @@ -729,14 +730,14 @@ class ReplicationManager(object): for dn,entry in res: if dn == "": self.ad_suffix = entry['defaultNamingContext'][0] - logging.info("AD Suffix is: %s" % self.ad_suffix) + root_logger.info("AD Suffix is: %s" % self.ad_suffix) if self.ad_suffix == "": raise RuntimeError("Failed to lookup AD's Ldap suffix") ad_conn.unbind_s() del ad_conn except Exception, e: - logging.info("Failed to connect to AD server %s" % ad_dc_name) - logging.info("The error was: %s" % e) + root_logger.info("Failed to connect to AD server %s" % ad_dc_name) + root_logger.info("The error was: %s" % e) raise RuntimeError("Failed to setup winsync replication") # Setup the only half. @@ -751,10 +752,10 @@ class ReplicationManager(object): self.setup_agreement(self.conn, ad_dc_name, repl_man_dn=ad_binddn, repl_man_passwd=ad_pwd, iswinsync=True, win_subtree=ad_subtree) - logging.info("Added new sync agreement, waiting for it to become ready . . .") + root_logger.info("Added new sync agreement, waiting for it to become ready . . .") cn, dn = self.agreement_dn(ad_dc_name) self.wait_for_repl_update(self.conn, dn, 30) - logging.info("Agreement is ready, starting replication . . .") + root_logger.info("Agreement is ready, starting replication . . .") # Add winsync replica to the public DIT dn = str(DN(('cn',ad_dc_name),('cn','replicas'),('cn','ipa'),('cn','etc'), self.suffix)) @@ -766,7 +767,7 @@ class ReplicationManager(object): try: self.conn.add_s(entry) except Exception, e: - logging.info("Failed to create public entry for winsync replica") + root_logger.info("Failed to create public entry for winsync replica") #Finally start replication ret = self.start_replication(self.conn, ad_dc_name) @@ -833,12 +834,12 @@ class ReplicationManager(object): '(objectclass=nsds5ReplicationAgreement)))' % hostname entry = conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter) if len(entry) == 0: - logging.error("Unable to find replication agreement for %s" % + root_logger.error("Unable to find replication agreement for %s" % (hostname)) raise RuntimeError("Unable to proceed") if len(entry) > 1: - logging.error("Found multiple agreements for %s" % hostname) - logging.error("Using the first one only (%s)" % entry[0].dn) + root_logger.error("Found multiple agreements for %s" % hostname) + root_logger.error("Using the first one only (%s)" % entry[0].dn) dn = entry[0].dn schedule = entry[0].nsds5replicaupdateschedule @@ -850,12 +851,12 @@ class ReplicationManager(object): # it back. if newschedule == schedule: newschedule = '2358-2359 1' - logging.info("Changing agreement %s schedule to %s to force synch" % + root_logger.info("Changing agreement %s schedule to %s to force synch" % (dn, newschedule)) mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ newschedule ])] conn.modify_s(dn, mod) time.sleep(1) - logging.info("Changing agreement %s to restore original schedule %s" % + root_logger.info("Changing agreement %s to restore original schedule %s" % (dn, schedule)) mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaUpdateSchedule', [ schedule ])] conn.modify_s(dn, mod) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index c9ff793f7..249727b15 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -17,7 +17,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import logging, sys +import sys import os, socket import tempfile from ipapython import sysrestore @@ -30,6 +30,7 @@ import base64 import time import datetime from ipaserver.install import installutils +from ipapython.ipa_log_manager import * CACERT = "/etc/ipa/ca.crt" @@ -43,7 +44,7 @@ SERVICE_LIST = { } def print_msg(message, output_fd=sys.stdout): - logging.debug(message) + root_logger.debug(message) output_fd.write(message) output_fd.write("\n") @@ -110,7 +111,7 @@ class Service(object): try: ipautil.run(args, nolog=nologlist) except ipautil.CalledProcessError, e: - logging.critical("Failed to load %s: %s" % (ldif, str(e))) + root_logger.critical("Failed to load %s: %s" % (ldif, str(e))) finally: if pw_name: os.remove(pw_name) @@ -177,7 +178,7 @@ class Service(object): try: self.admin_conn.modify_s(dn, mod) except Exception, e: - logging.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e))) + root_logger.critical("Could not add certificate to service %s entry: %s" % (self.principal, str(e))) def is_configured(self): return self.sstore.has_state(self.service_name) @@ -249,7 +250,7 @@ class Service(object): method() e = datetime.datetime.now() d = e - s - logging.debug(" duration: %d seconds" % d.seconds) + root_logger.debug(" duration: %d seconds" % d.seconds) step += 1 self.print_msg("done configuring %s." % self.service_name) @@ -267,7 +268,7 @@ class Service(object): else: conn.do_sasl_gssapi_bind() except Exception, e: - logging.debug("Could not connect to the Directory Server on %s: %s" % (fqdn, str(e))) + root_logger.debug("Could not connect to the Directory Server on %s: %s" % (fqdn, str(e))) raise e return conn @@ -290,7 +291,7 @@ class Service(object): try: conn.add_s(entry) except ldap.ALREADY_EXISTS, e: - logging.critical("failed to add %s Service startup entry" % name) + root_logger.critical("failed to add %s Service startup entry" % name) raise e class SimpleServiceInstance(Service): diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index 2f42358b7..72636497c 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -21,7 +21,7 @@ import os import sys import shutil import random -import logging +from ipapython.ipa_log_manager import * from ipaserver.install import installutils from ipaserver.install import dsinstance @@ -111,7 +111,7 @@ class IPAUpgrade(service.Service): # Bad things happened, return gracefully self.modified = False self.upgradefailed = True - logging.error('Upgrade failed with %s' % str(e)) + root_logger.error('Upgrade failed with %s' % str(e)) def main(): if os.getegid() != 0: diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 32a1eccb4..57981869d 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -36,7 +36,7 @@ import time import re import krbV -import logging +from ipapython.ipa_log_manager import * import ldap as _ldap import ldap.filter as _ldap_filter import ldap.sasl as _ldap_sasl @@ -1098,8 +1098,7 @@ class ldap2(CrudBackend, Encoder): try: indirect.remove(r[0].lower()) except ValueError, e: - logging.info('Failed to remove' - ' indirect entry %s from %s' % r[0], entry_dn) + root_logger.info('Failed to remove indirect entry %s from %s' % r[0], entry_dn) raise e return (direct, indirect) |