diff options
Diffstat (limited to 'install/tools/ipa-upgradeconfig')
| -rw-r--r-- | install/tools/ipa-upgradeconfig | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig new file mode 100644 index 000000000..48c4117d2 --- /dev/null +++ b/install/tools/ipa-upgradeconfig @@ -0,0 +1,130 @@ +#!/usr/bin/python +# +# Upgrade configuration files to a newer template. + +import sys +try: + from ipa import ipautil + import krbV + import re + import os + import shutil + import fileinput +except ImportError: + print >> sys.stderr, """\ +There was a problem importing one of the required Python modules. The +error was: + + %s +""" % sys.exc_value + sys.exit(1) + +def backup_file(filename, ext): + """Make a backup of filename using ext as the extension. Do not overwrite + previous backups.""" + if not os.path.isabs(filename): + raise ValueError("Absolute path required") + + backupfile = filename + ".bak" + (reldir, file) = os.path.split(filename) + + while os.path.exists(backupfile): + backupfile = backupfile + "." + str(ext) + + shutil.copy2(filename, backupfile) + +def update_conf(sub_dict, filename, template_filename): + template = ipautil.template_file(template_filename, sub_dict) + fd = open(filename, "w") + fd.write(template) + fd.close() + +def find_hostname(): + """Find the hostname currently configured in ipa-rewrite.conf""" + filename="/etc/httpd/conf.d/ipa-rewrite.conf" + pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*" + p = re.compile(pattern) + for line in fileinput.input(filename): + if p.search(line): + fileinput.close() + return p.search(line).group(1) + fileinput.close() + + return None + +def find_version(filename): + """Find the version of a configuration file""" + if os.path.exists(filename): + pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*" + p = re.compile(pattern) + for line in fileinput.input(filename): + if p.search(line): + fileinput.close() + return p.search(line).group(1) + fileinput.close() + + # no VERSION found + return 0 + else: + return -1 + +def upgrade(sub_dict, filename, template): + old = int(find_version(filename)) + new = int(find_version(template)) + + if old < 0: + print "%s not found." % filename + sys.exit(1) + + if new < 0: + print "%s not found." % template + + if old < new: + backup_file(filename, new) + update_conf(sub_dict, filename, template) + print "Upgraded %s to version %d" % (filename, new) + +def check_certs(realm_name): + """Check ca.crt is in the right place, and try to fix if not""" + if not os.path.exists("/usr/share/ipa/html/ca.crt"): + ca_file = "/etc/dirsrv/slapd-" + ("-".join(realm_name.split("."))) + "/cacert.asc" + if os.path.exists(ca_file): + shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + else: + print "Missing Certification Authority file." + print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" + +def main(): + try: + krbctx = krbV.default_context() + except krbV.Krb5Error, e: + print "Unable to get default kerberos realm: %s" % e[1] + sys.exit(1) + + try: + check_certs(krbctx.default_realm) + except Error, e: + print "Failed to check CA certificate: %s" % e + + try: + fqdn = find_hostname() + except IOError: + # ipa-rewrite.conf doesn't exist, nothing to do + sys.exit(0) + + if fqdn is None: + print "Unable to determine hostname from ipa-rewrite.conf" + sys.exit(1) + + sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } + + upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") + upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") + +try: + if __name__ == "__main__": + sys.exit(main()) +except SystemExit, e: + sys.exit(e) +except KeyboardInterrupt, e: + sys.exit(1) |