diff options
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/bindinstance.py | 5 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 14 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 5 | ||||
-rw-r--r-- | ipaserver/install/httpinstance.py | 5 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 10 | ||||
-rw-r--r-- | ipaserver/install/service.py | 51 |
6 files changed, 72 insertions, 18 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index a10b85464..30ce41138 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -275,7 +275,10 @@ class BindInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_running()) - self.chkconfig_on() + # We do not let the system start IPA components on its own, + # Instead we reply on the IPA init script to start only enabled + # components as found in our LDAP configuration tree + self.ldap_enable('DNS', self.fqdn, self.dm_password, self.suffix) def __setup_sub_dict(self): if self.forwarders: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 5f13b721f..4a645bc84 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -242,7 +242,6 @@ class CADSInstance(service.Service): self.step("creating directory server user", self.__create_ds_user) self.step("creating directory server instance", self.__create_instance) - self.step("configuring directory to start on boot", self.__enable) self.step("restarting directory server", self.__restart_instance) self.start_creation("Configuring directory server for the CA", 30) @@ -255,13 +254,6 @@ class CADSInstance(service.Service): SERVER_ROOT=server_root, DOMAIN=self.domain, TIME=int(time.time()), DSPORT=self.ds_port) - def __enable(self): - name = self.service_name - self.service_name="dirsrv" - self.backup_state("enabled", self.is_enabled()) - self.chkconfig_on() - self.service_name = name - def __create_ds_user(self): user_exists = True try: @@ -483,7 +475,11 @@ class CAInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_enabled()) - self.chkconfig_on() + # We do not let the system start IPA components on its own, + # Instead we reply on the IPA init script to start only enabled + # components as found in our LDAP configuration tree + suffix = util.realm_to_suffix(self.realm) + self.ldap_enable('CA', self.fqdn, self.dm_password, suffix) def __create_ca_user(self): user_exists = True diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 03066984e..6fdc479ca 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -295,7 +295,10 @@ class DsInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_enabled()) - self.chkconfig_on() + # At the end of the installation ipa-server-install will enable the + # 'ipa' service wich takes care of starting/stopping dirsrv + # self.chkconfig_on() + self.chkconfig_off() def __setup_sub_dict(self): server_root = find_server_root() diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index f55995b19..73930825f 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -91,7 +91,10 @@ class HTTPInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_running()) - self.chkconfig_on() + # We do not let the system start IPA components on its own, + # Instead we reply on the IPA init script to start only enabled + # components as found in our LDAP configuration tree + self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix) def __selinux_config(self): selinux=0 diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 8c22e6f41..516c7eac5 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -203,8 +203,7 @@ class KrbInstance(service.Service): self.start_creation("Configuring Kerberos KDC", 30) self.kpasswd = KpasswdInstance() - - self.kpasswd.create_instance() + self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix) def create_replica(self, ds_user, realm_name, host_name, domain_name, admin_password, @@ -233,7 +232,7 @@ class KrbInstance(service.Service): self.start_creation("Configuring Kerberos KDC", 30) self.kpasswd = KpasswdInstance() - self.kpasswd.create_instance() + self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix) def __copy_ldap_passwd(self, filename): self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd") @@ -258,7 +257,10 @@ class KrbInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_enabled()) - self.chkconfig_on() + # We do not let the system start IPA components on its own, + # Instead we reply on the IPA init script to start only enabled + # components as found in our LDAP configuration tree + self.ldap_enable('KDC', self.fqdn, self.admin_password, self.suffix) def __start_instance(self): try: diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 43437306e..41b5455d3 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -29,6 +29,13 @@ import base64 import time import datetime +SERVICE_LIST = { + 'KDC':('krb5kdc', 10), + 'KPASSWD':('ipa_kpasswd', 20), + 'DNS':('named', 30), + 'HTTP':('httpd', 40), + 'CA':('pki_cad', 50) +} def stop(service_name, instance_name=""): ipautil.run(["/sbin/service", service_name, "stop", instance_name]) @@ -263,8 +270,44 @@ class Service: self.steps = [] + def __get_conn(self, dm_password): + try: + conn = ipaldap.IPAdmin("127.0.0.1") + conn.simple_bind_s("cn=directory manager", dm_password) + except Exception, e: + logging.critical("Could not connect to the Directory Server on %s: %s" % (self.fqdn, str(e))) + raise e + + return conn + + def ldap_enable(self, name, fqdn, dm_password, ldap_suffix): + self.chkconfig_off() + conn = self.__get_conn(dm_password) + + entry_name = "cn=%s,cn=%s,%s,%s" % (name, fqdn, + "cn=masters,cn=ipa,cn=etc", + ldap_suffix) + order = SERVICE_LIST[name][1] + entry = ipaldap.Entry(entry_name) + entry.setValues("objectclass", + "nsContainer", "ipaConfigObject") + entry.setValues("cn", name) + entry.setValues("ipaconfigstring", + "enabledService", "startOrder " + str(order)) + + try: + conn.add_s(entry) + except ldap.ALREADY_EXISTS: + logging.critical("failed to add %s Service startup entry" % name) + raise e + class SimpleServiceInstance(Service): - def create_instance(self): + def create_instance(self, gensvc_name=None, fqdn=None, dm_password=None, ldap_suffix=None): + self.gensvc_name = gensvc_name + self.fqdn = fqdn + self.dm_password = dm_password + self.suffix = ldap_suffix + self.step("starting %s " % self.service_name, self.__start) self.step("configuring %s to start on boot" % self.service_name, self.__enable) self.start_creation("Configuring %s" % self.service_name) @@ -276,7 +319,11 @@ class SimpleServiceInstance(Service): def __enable(self): self.chkconfig_add() self.backup_state("enabled", self.is_enabled()) - self.chkconfig_on() + if self.gensvc_name == None: + self.chkconfig_on() + else: + self.ldap_enable(self.gensvc_name, self.fqdn, + self.dm_password, self.suffix) def uninstall(self): if self.is_configured(): |