diff options
-rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 68 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 1 | ||||
-rw-r--r-- | ipa-server/ipaserver/Makefile.am | 2 | ||||
-rw-r--r-- | ipa-server/ipaserver/dsinstance.py | 54 | ||||
-rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 102 | ||||
-rw-r--r-- | ipa-server/ipaserver/krbinstance.py | 80 | ||||
-rw-r--r-- | ipa-server/ipaserver/ntpinstance.py | 16 | ||||
-rw-r--r-- | ipa-server/ipaserver/radiusinstance.py | 21 | ||||
-rw-r--r-- | ipa-server/ipaserver/service.py | 86 | ||||
-rw-r--r-- | ipa-server/ipaserver/webguiinstance.py | 40 |
10 files changed, 306 insertions, 164 deletions
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 107c0d368..2de687fd7 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -48,6 +48,9 @@ import ipaserver.bindinstance import ipaserver.httpinstance import ipaserver.ntpinstance import ipaserver.radiusinstance +import ipaserver.webguiinstance + +from ipaserver import service from ipa.ipautil import run @@ -525,7 +528,11 @@ def main(): # Create a HTTP instance http = ipaserver.httpinstance.HTTPInstance() - http.create_instance() + http.create_instance(realm_name, host_name) + + # Create a Web Gui instance + webgui = ipaserver.webguiinstance.WebGuiInstance() + webgui.create_instance() # Create a radius instance radius = ipaserver.radiusinstance.RadiusInstance() @@ -548,69 +555,16 @@ def main(): bind.create_sample_bind_zone() # Restart ds and krb after configurations have been changed + service.print_msg("restarting the directory server") ds.restart() + + service.print_msg("restarting the KDC") krb.restart() # Configure ntpd ntp = ipaserver.ntpinstance.NTPInstance() ntp.create_instance() - try: - selinux=0 - try: - if (os.path.exists('/usr/sbin/selinuxenabled')): - run(["/usr/sbin/selinuxenabled"]) - selinux=1 - except subprocess.CalledProcessError, e: - # selinuxenabled returns 1 if not enabled - pass - - if selinux: - # Allow apache to connect to the turbogears web gui - # This can still fail even if selinux is enabled - try: - run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"]) - except: - print "WARNING: could not set selinux boolean httpd_can_network_connect to true." - print "The web interface may not function correctly until this boolean is" - print "successfully change with the command:" - print " /usr/sbin/setsebool -P httpd_can_network_connect true" - print "Try updating the policycoreutils and selinux-policy packages." - pass - - # Start the web gui - run(["/sbin/service", "ipa-webgui", "start"]) - - # Set the web gui to start on boot - run(["/sbin/chkconfig", "ipa-webgui", "on"]) - - # Restart apache - run(["/sbin/service", "httpd", "restart"]) - - # Set apache to start on boot - run(["/sbin/chkconfig", "httpd", "on"]) - - # Set fedora-ds to start on boot - run(["/sbin/chkconfig", "dirsrv", "on"]) - - # Set the KDC to start on boot - run(["/sbin/chkconfig", "krb5kdc", "on"]) - - # Set the Kpasswd to start on boot - run(["/sbin/chkconfig", "ipa-kpasswd", "on"]) - - # Start Kpasswd - run(["/sbin/service", "ipa-kpasswd", "start"]) - - # Set the ntpd to start on boot - run(["/sbin/chkconfig", "ntpd", "on"]) - - # Restart ntpd - run(["/sbin/service", "ntpd", "restart"]) - except subprocess.CalledProcessError, e: - print "Installation failed:", e - return 1 - # Set the admin user kerberos password ds.change_admin_password(admin_password) diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index cdccb5893..cbb2e149a 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -19,6 +19,7 @@ app_DATA = \ krbrealm.con.template \ ntp.conf.server.template \ radius.radiusd.conf.template \ + referint-conf.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipaserver/Makefile.am b/ipa-server/ipaserver/Makefile.am index 7c765f917..25b856878 100644 --- a/ipa-server/ipaserver/Makefile.am +++ b/ipa-server/ipaserver/Makefile.am @@ -10,6 +10,8 @@ app_PYTHON = \ httpinstance.py \ ntpinstance.py \ radiusinstance.py \ + webguiinstance.py \ + service.py \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 6bcbb6f15..284ad3a6d 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -24,7 +24,9 @@ import tempfile import shutil import logging import pwd + from ipa.ipautil import * +import service SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" @@ -57,8 +59,9 @@ RootDN= cn=Directory Manager RootDNPwd= $PASSWORD """ -class DsInstance: +class DsInstance(service.Service): def __init__(self): + service.Service.__init__(self, "dirsrv") self.serverid = None self.realm_name = None self.suffix = None @@ -75,6 +78,7 @@ class DsInstance: self.dm_password = dm_password self.__setup_sub_dict() + self.start_creation(11, "Configuring directory server:") self.__create_ds_user() self.__create_instance() self.__add_default_schemas() @@ -84,12 +88,18 @@ class DsInstance: self.__enable_ssl() self.__certmap_conf() try: + self.step("restarting directory server") self.restart() except: # TODO: roll back here? - print "Failed to restart the ds instance" + logging.critical("Failed to restart the ds instance") self.__add_default_layout() + self.step("configuring directoy to start on boot") + self.chkconfig_on() + + self.done_creation() + def config_dirname(self): if not self.serverid: raise RuntimeError("serverid not set") @@ -98,15 +108,6 @@ class DsInstance: def schema_dirname(self): return self.config_dirname() + "/schema/" - def stop(self): - run(["/sbin/service", "dirsrv", "stop"]) - - def start(self): - run(["/sbin/service", "dirsrv", "start"]) - - def restart(self): - run(["/sbin/service", "dirsrv", "restart"]) - def __setup_sub_dict(self): server_root = find_server_root() self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid, @@ -115,6 +116,7 @@ class DsInstance: SERVER_ROOT=server_root) def __create_ds_user(self): + self.step("creating directory server user") try: pwd.getpwnam(self.ds_user) logging.debug("ds user %s exists" % self.ds_user) @@ -125,11 +127,10 @@ class DsInstance: run(args) logging.debug("done adding user") except subprocess.CalledProcessError, e: - print "Failed to add user", e - logging.debug("failed to add user %s" % e) + logging.critical("failed to add user %s" % e) def __create_instance(self): - logging.debug("creating ds instance . . . ") + self.step("creating directory server instance") inf_txt = template_str(INF_TEMPLATE, self.sub_dict) logging.debug(inf_txt) inf_fd = write_tmp_file(inf_txt) @@ -144,8 +145,7 @@ class DsInstance: run(args) logging.debug("completed creating ds instance") except subprocess.CalledProcessError, e: - print "failed to restart ds instance", e - logging.debug("failed to restart ds instance %s" % e) + logging.critical("failed to restart ds instance %s" % e) logging.debug("restarting ds instance") try: self.restart() @@ -155,6 +155,7 @@ class DsInstance: logging.debug("failed to restart ds instance %s" % e) def __add_default_schemas(self): + self.step("adding default schema") shutil.copyfile(SHARE_DIR + "60kerberos.ldif", self.schema_dirname() + "60kerberos.ldif") shutil.copyfile(SHARE_DIR + "60samba.ldif", @@ -163,15 +164,17 @@ class DsInstance: self.schema_dirname() + "60radius.ldif") def __add_memberof_module(self): + self.step("enabling memboerof plugin") memberof_txt = template_file(SHARE_DIR + "memberof-conf.ldif", self.sub_dict) memberof_fd = write_tmp_file(memberof_txt) try: ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password) except subprocess.CalledProcessError, e: - print "Failed to load memberof-conf.ldif", e + logging.critical("Failed to load memberof-conf.ldif: %s" % str(e)) memberof_fd.close() def __add_referint_module(self): + self.step("enabling referential integrity plugin") referint_txt = template_file(SHARE_DIR + "referint-conf.ldif", self.sub_dict) referint_fd = write_tmp_file(referint_txt) try: @@ -181,7 +184,7 @@ class DsInstance: referint_fd.close() def __enable_ssl(self): - logging.debug("configuring ssl for ds instance") + self.step("configuring ssl for ds instance") dirname = self.config_dirname() args = ["/usr/share/ipa/ipa-server-setupssl", self.dm_password, dirname, self.host_name] @@ -189,13 +192,13 @@ class DsInstance: run(args) logging.debug("done configuring ssl for ds instance") except subprocess.CalledProcessError, e: - print "Failed to enable ssl in ds instance", e - logging.debug("Failed to configure ssl in ds instance %s" % e) + logging.critical("Failed to configure ssl in ds instance %s" % e) def __add_default_layout(self): + self.step("adding default layout") txt = template_file(SHARE_DIR + "bootstrap-template.ldif", self.sub_dict) inf_fd = write_tmp_file(txt) - logging.debug("adding default ds layout") + logging.debug("adding default dfrom ipa.ipautil import *s layout") args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager", "-w", self.dm_password, "-f", inf_fd.name] try: @@ -203,9 +206,10 @@ class DsInstance: logging.debug("done adding default ds layout") except subprocess.CalledProcessError, e: print "Failed to add default ds layout", e - logging.debug("Failed to add default ds layout %s" % e) + logging.critical("Failed to add default ds layout %s" % e) def __create_indeces(self): + self.step("creating indeces") txt = template_file(SHARE_DIR + "indeces.ldif", self.sub_dict) inf_fd = write_tmp_file(txt) logging.debug("adding/updating indeces") @@ -215,17 +219,15 @@ class DsInstance: run(args) logging.debug("done adding/updating indeces") except subprocess.CalledProcessError, e: - print "Failed to add default ds layout", e - logging.debug("Failed to add/update indeces %s" % e) + logging.critical("Failed to add/update indeces %s" % str(e)) def __certmap_conf(self): - logging.debug("configuring certmap.conf for ds instance") + self.step("configuring certmap.conf") dirname = self.config_dirname() certmap_conf = template_file(SHARE_DIR+"certmap.conf.template", self.sub_dict) certmap_fd = open(dirname+"certmap.conf", "w+") certmap_fd.write(certmap_conf) certmap_fd.close() - logging.debug("done configuring certmap.conf for ds instance") def change_admin_password(self, password): logging.debug("Changing admin password") diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index 818682785..0433025b2 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -20,17 +20,26 @@ import subprocess import string import tempfile -import shutil import logging import pwd -from ipa.ipautil import * import fileinput import sys +import time + +import service +from ipa.ipautil import * HTTPD_DIR = "/etc/httpd" SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf" NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf" +selinux_warning = """WARNING: could not set selinux boolean httpd_can_network_connect to true. +The web interface may not function correctly until this boolean is +successfully change with the command: + /usr/sbin/setsebool -P httpd_can_network_connect true +Try updating the policycoreutils and selinux-policy packages. +""" + def update_file(filename, orig, subst): if os.path.exists(filename): pattern = "%s" % re.escape(orig) @@ -42,35 +51,90 @@ def update_file(filename, orig, subst): sys.stdout.write(p.sub(subst, line)) fileinput.close() -class HTTPInstance: +class HTTPInstance(service.Service): def __init__(self): - pass + service.Service.__init__(self, "httpd") - def create_instance(self): + def create_instance(self, realm, fqdn): + self.sub_dict = { "REALM" : realm } + self.fqdn = fqdn + self.realm = realm + + self.start_creation(6, "Configuring the web interface") + self.__disable_mod_ssl() self.__set_mod_nss_port() + self.__configure_http() + self.__create_http_keytab() + + self.step("restarting httpd") + self.restart() + + self.step("configuring httpd to start on boot") + self.chkconfig_on() + + self.done_creation() + + def __selinux_config(self): + self.step("configuring SELinux for httpd") + selinux=0 try: - self.restart() - except: - # TODO: roll back here? - print "Failed to restart httpd" + if (os.path.exists('/usr/sbin/selinuxenabled')): + run(["/usr/sbin/selinuxenabled"]) + selinux=1 + except subprocess.CalledProcessError: + # selinuxenabled returns 1 if not enabled + pass + + if selinux: + # Allow apache to connect to the turbogears web gui + # This can still fail even if selinux is enabled + try: + run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"]) + except: + self.print_msg(selinux_warning) + + def __create_http_keytab(self): + self.step("creating a keytab for httpd") + try: + if file_exists("/etc/httpd/conf/ipa.keytab"): + os.remove("/etc/httpd/conf/ipa.keytab") + except os.error: + print "Failed to remove /etc/httpd/conf/ipa.keytab." + (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") + kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") + kwrite.flush() + kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n") + kwrite.flush() + kwrite.close() + kread.close() + kerr.close() + + # give kadmin time to actually write the file before we go on + retry = 0 + while not file_exists("/etc/httpd/conf/ipa.keytab"): + time.sleep(1) + retry += 1 + if retry > 15: + print "Error timed out waiting for kadmin to finish operations\n" + sys.exit(1) - def stop(self): - run(["/sbin/service", "httpd", "stop"]) + pent = pwd.getpwnam("apache") + os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) - def start(self): - run(["/sbin/service", "httpd", "start"]) + def __configure_http(self): + self.step("configuring httpd") + http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict) + http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") + http_fd.write(http_txt) + http_fd.close() - def restart(self): - run(["/sbin/service", "httpd", "restart"]) def __disable_mod_ssl(self): - logging.debug("disabling mod_ssl in httpd") + self.step("disabling mod_ssl in httpd") if os.path.exists(SSL_CONF): os.rename(SSL_CONF, "%s.moved_by_ipa" % SSL_CONF) - logging.debug("done disabling mod_ssl") def __set_mod_nss_port(self): - logging.debug("Setting mod_nss port to 443") + self.step("Setting mod_nss port to 443") update_file(NSS_CONF, '8443', '443') - logging.debug("done setting mod_nss port") diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index e17a3274d..c4ebde50c 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -32,6 +32,8 @@ import os import pwd import socket import time + +import service from ipa.ipautil import * def host_to_domain(fqdn): @@ -63,8 +65,9 @@ def update_key_val_in_file(filename, key, val): f.write("%s=%s\n" % (key, val)) f.close() -class KrbInstance: +class KrbInstance(service.Service): def __init__(self): + service.Service.__init__(self, "krb5kdc") self.ds_user = None self.fqdn = None self.realm = None @@ -95,39 +98,41 @@ class KrbInstance: # It could have been not running pass + self.start_creation(10, "Configuring Kerberos KDC") + self.__configure_kdc_account_password() self.__setup_sub_dict() self.__configure_ldap() - self.__configure_http() - self.__create_instance() self.__create_ds_keytab() - self.__create_http_keytab() - self.__export_kadmin_changepw_keytab() self.__add_pwd_extop_module() try: + self.step("starting the KDC") self.start() except: - print "krb5kdc service failed to start" + logging.critical("krb5kdc service failed to start") + + self.step("configuring KDC to start on boot") + self.chkconfig_on() - def stop(self): - run(["/sbin/service", "krb5kdc", "stop"]) + self.step("configuring ipa-kpasswd to start on boot") + service.chkconfig_on("ipa-kpasswd") - def start(self): - run(["/sbin/service", "krb5kdc", "start"]) + self.step("starting ipa-kpasswd") + service.start("ipa-kpasswd") - def restart(self): - run(["/sbin/service", "krb5kdc", "restart"]) + self.done_creation() def __configure_kdc_account_password(self): + self.step("setting KDC account password") hexpwd = '' for x in self.kdc_password: hexpwd += (hex(ord(x))[2:]) @@ -145,14 +150,14 @@ class KrbInstance: REALM=self.realm) def __configure_ldap(self): - + self.step("adding kerberos configuration to the directory") #TODO: test that the ldif is ok with any random charcter we may use in the password kerberos_txt = template_file(SHARE_DIR + "kerberos.ldif", self.sub_dict) kerberos_fd = write_tmp_file(kerberos_txt) try: ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load kerberos.ldif", e + logging.critical("Failed to load kerberos.ldif: %s" % str(e)) kerberos_fd.close() #Change the default ACL to avoid anonimous access to kerberos keys and othe hashes @@ -161,10 +166,11 @@ class KrbInstance: try: ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load default-aci.ldif", e + logging.critical("Failed to load default-aci.ldif: %s" % str(e)) aci_fd.close() def __create_instance(self): + self.step("configuring KDC") kdc_conf = template_file(SHARE_DIR+"kdc.conf.template", self.sub_dict) kdc_fd = open("/var/kerberos/krb5kdc/kdc.conf", "w+") kdc_fd.write(kdc_conf) @@ -200,12 +206,13 @@ class KrbInstance: #add the password extop module def __add_pwd_extop_module(self): + self.step("adding the password extenstion to the directory") extop_txt = template_file(SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict) extop_fd = write_tmp_file(extop_txt) try: ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password) except subprocess.CalledProcessError, e: - print "Failed to load pwd-extop-conf.ldif", e + logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e)) extop_fd.close() #add an ACL to let the DS user read the master key @@ -213,14 +220,15 @@ class KrbInstance: try: run(args) except subprocess.CalledProcessError, e: - print "Failed to set the ACL on the master key", e + logging.critical("Failed to set the ACL on the master key: %s" % str(e)) def __create_ds_keytab(self): + self.step("creating a keytab for the directory") try: if file_exists("/etc/dirsrv/ds.keytab"): os.remove("/etc/dirsrv/ds.keytab") except os.error: - print "Failed to remove /etc/dirsrv/ds.keytab." + logging.critical("Failed to remove /etc/dirsrv/ds.keytab.") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("addprinc -randkey ldap/"+self.fqdn+"@"+self.realm+"\n") kwrite.flush() @@ -236,7 +244,7 @@ class KrbInstance: time.sleep(1) retry += 1 if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" + logging.critical("Error timed out waiting for kadmin to finish operations") sys.exit(1) update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab") @@ -244,6 +252,7 @@ class KrbInstance: os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid) def __export_kadmin_changepw_keytab(self): + self.step("exporting the kadmin keytab") (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") kwrite.write("modprinc +requires_preauth kadmin/changepw\n") kwrite.flush() @@ -264,42 +273,11 @@ class KrbInstance: time.sleep(1) retry += 1 if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" + logging.critical("Error timed out waiting for kadmin to finish operations") sys.exit(1) update_key_val_in_file("/etc/sysconfig/ipa-kpasswd", "export KRB5_KTNAME", "/var/kerberos/krb5kdc/kpasswd.keytab") pent = pwd.getpwnam(self.ds_user) os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid) - def __create_http_keytab(self): - try: - if file_exists("/etc/httpd/conf/ipa.keytab"): - os.remove("/etc/httpd/conf/ipa.keytab") - except os.error: - print "Failed to remove /etc/httpd/conf/ipa.keytab." - (kwrite, kread, kerr) = os.popen3("/usr/kerberos/sbin/kadmin.local") - kwrite.write("addprinc -randkey HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.write("ktadd -k /etc/httpd/conf/ipa.keytab HTTP/"+self.fqdn+"@"+self.realm+"\n") - kwrite.flush() - kwrite.close() - kread.close() - kerr.close() - - # give kadmin time to actually write the file before we go on - retry = 0 - while not file_exists("/etc/httpd/conf/ipa.keytab"): - time.sleep(1) - retry += 1 - if retry > 15: - print "Error timed out waiting for kadmin to finish operations\n" - sys.exit(1) - - pent = pwd.getpwnam("apache") - os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) - def __configure_http(self): - http_txt = template_file(SHARE_DIR + "ipa.conf", self.sub_dict) - http_fd = open("/etc/httpd/conf.d/ipa.conf", "w") - http_fd.write(http_txt) - http_fd.close() diff --git a/ipa-server/ipaserver/ntpinstance.py b/ipa-server/ipaserver/ntpinstance.py index 2667a2026..46841b0b2 100644 --- a/ipa-server/ipaserver/ntpinstance.py +++ b/ipa-server/ipaserver/ntpinstance.py @@ -20,8 +20,16 @@ from ipa.ipautil import * import shutil -class NTPInstance: +import service + +class NTPInstance(service.Service): + def __init__(self): + service.Service.__init__(self, "ntpd") + def create_instance(self): + self.start_creation(3, "Configuring ntpd") + + self.step("writing configuration") # The template sets the config to point towards ntp.pool.org, but # they request that software not point towards the default pool. # We use the OS variable to point it towards either the rhel @@ -48,3 +56,9 @@ class NTPInstance: # we might consider setting the date manually using ntpd -qg in case # the current time is very far off. + + self.step("starting ntpd") + self.start() + + self.step("configuring ntpd to start on boot") + self.chkconfig_on() diff --git a/ipa-server/ipaserver/radiusinstance.py b/ipa-server/ipaserver/radiusinstance.py index 8c7a929d0..27e7527e0 100644 --- a/ipa-server/ipaserver/radiusinstance.py +++ b/ipa-server/ipaserver/radiusinstance.py @@ -27,6 +27,8 @@ import pwd import time from ipa.ipautil import * +import service + import os import re @@ -47,8 +49,9 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer #------------------------------------------------------------------------------- -class RadiusInstance: +class RadiusInstance(service.Service): def __init__(self): + service.Service.__init__(self, "radiusd") self.fqdn = None self.realm = None self.principal = None @@ -66,6 +69,8 @@ class RadiusInstance: else: self.rpm_name = self.rpm_version = self.rpm_release = None + self.start_creation(4, "Configuring radiusd") + try: self.stop() except: @@ -76,22 +81,17 @@ class RadiusInstance: self.__radiusd_conf() try: + self.step("starting radiusd") self.start() except: logging.error("radiusd service failed to start") + self.step("configuring radiusd to start on boot") + self.chkconfig_on() - def stop(self): - run(['/sbin/service', 'radiusd', 'stop']) - - def start(self): - run(['/sbin/service', 'radiusd', 'start']) - - def restart(self): - run(['/sbin/service', 'radiusd', 'restart']) def __radiusd_conf(self): - logging.debug('configuring radiusd.conf for radius instance') + self.step('configuring radiusd.conf for radius instance') version = 'IPA_RADIUS_VERSION=%s RADIUS_PACKAGE_VERSION=%s' % (IPA_RADIUS_VERSION, self.rpm_nvr) sub_dict = {'CONFIG_FILE_VERSION_INFO' : version, @@ -110,6 +110,7 @@ class RadiusInstance: logging.error("could not create %s: %s", RADIUSD_CONF_FILEPATH, e) def __create_radius_keytab(self): + self.step("create radiusd keytab") try: if file_exists(IPA_KEYTAB_FILEPATH): os.remove(IPA_KEYTAB_FILEPATH) diff --git a/ipa-server/ipaserver/service.py b/ipa-server/ipaserver/service.py new file mode 100644 index 000000000..f0109488d --- /dev/null +++ b/ipa-server/ipaserver/service.py @@ -0,0 +1,86 @@ +# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 or later +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from ipa.ipautil import * +import logging, sys + + +def stop(service_name): + run(["/sbin/service", service_name, "stop"]) + +def start(service_name): + run(["/sbin/service", service_name, "start"]) + +def restart(service_name): + run(["/sbin/service", service_name, "restart"]) + +def chkconfig_on(service_name): + run(["/sbin/chkconfig", service_name, "on"]) + +def chkconfig_off(service_name): + run(["/sbin/chkconfig", service_name, "off"]) + +def print_msg(message, output_fd=sys.stdout): + logging.debug(message) + output_fd.write(message) + output_fd.write("\n") + + +class Service: + def __init__(self, service_name): + self.service_name = service_name + self.num_steps = -1 + self.current_step = -1 + self.output_fd = sys.stdout + + def set_output(self, fd): + self.output_fd = fd + + def stop(self): + stop(self.service_name) + + def start(self): + start(self.service_name) + + def restart(self): + restart(self.service_name) + + def chkconfig_on(self): + chkconfig_on(self.service_name) + + def chkconfig_off(self): + chkconfig_off(self.service_name) + + def print_msg(self, message): + print_msg(message, self.output_fd) + + def start_creation(self, num_steps, message): + self.num_steps = num_steps + self.cur_step = 0 + self.print_msg(message) + + def step(self, message): + self.cur_step += 1 + self.print_msg(" [%d/%d]: %s" % (self.cur_step, self.num_steps, message)) + + def done_creation(self): + self.cur_step = -1 + self.num_steps = -1 + self.print_msg("done configuring %s." % self.service_name) + diff --git a/ipa-server/ipaserver/webguiinstance.py b/ipa-server/ipaserver/webguiinstance.py new file mode 100644 index 000000000..757b50c5d --- /dev/null +++ b/ipa-server/ipaserver/webguiinstance.py @@ -0,0 +1,40 @@ +# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> +# +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 or later +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import logging + +from ipa.ipautil import * +import service + +class WebGuiInstance(service.Service): + def __init__(self): + service.Service.__init__(self, "ipa-webgui") + + def create_instance(self): + self.start_creation(2, "Configuring ipa-webgui") + + self.step("starting ipa-webgui") + service.start("ipa-webgui") + + self.step("configuring ipa-webgui to start on boot") + service.chkconfig_on("ipa-webgui") + + self.done_creation() + + |