From 7059bd195e3901c52920205b1fd9b91a8b2a52ca Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 13 Sep 2011 00:10:45 +0300 Subject: Convert server install code to platform-independent access to system services https://fedorahosted.org/freeipa/ticket/1605 --- ipaserver/install/bindinstance.py | 2 +- ipaserver/install/cainstance.py | 26 ++++++++------------------ ipaserver/install/certs.py | 25 ++++++++++++++----------- ipaserver/install/dsinstance.py | 23 ++++++----------------- ipaserver/install/httpinstance.py | 9 +++++---- ipaserver/install/krbinstance.py | 7 ++++--- ipaserver/install/ntpinstance.py | 7 ++++--- ipaserver/install/replication.py | 4 ++-- 8 files changed, 44 insertions(+), 59 deletions(-) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index c91b62061..cdf7b939d 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -615,7 +615,7 @@ class BindInstance(service.Service): pass if not enabled is None and not enabled: - self.chkconfig_off() + self.disable() if not running is None and running: self.start() diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index d86b3928c..6a86e8ccc 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -47,6 +47,7 @@ import nss.nss as nss from ipapython import ipautil from ipapython import nsslib +from ipapython import services as ipaservices from ipaserver import ipaldap from ipaserver.install import service @@ -373,11 +374,7 @@ class CADSInstance(service.Service): def restart_instance(self): try: - # Have to trick the base class to use the right service name - sav_name = self.service_name - self.service_name="dirsrv" - self.restart(self.serverid) - self.service_name=sav_name + ipaservices.knownservices.dirsrv.restart(self.serverid) if not dsinstance.is_ds_running(): logging.critical("Failed to restart the directory server. See the installation log for details.") sys.exit(1) @@ -392,14 +389,12 @@ class CADSInstance(service.Service): running = self.restore_state("running") enabled = self.restore_state("enabled") serverid = self.restore_state("serverid") - sav_name = self.service_name - self.service_name="dirsrv" if not running is None: - self.stop(serverid) + ipaservices.knownservices.dirsrv.stop(self.serverid) if not enabled is None and not enabled: - self.chkconfig_off() + ipaservices.knownservices.dirsrv.disable() if not serverid is None: # drop the trailing / off the config_dirname so the directory @@ -409,7 +404,6 @@ class CADSInstance(service.Service): dsdb.untrack_server_cert("Server-Cert") dsinstance.erase_ds_instance_data(serverid) - self.service_name="pkids" user_exists = self.restore_state("user_exists") if user_exists == False: @@ -417,7 +411,6 @@ class CADSInstance(service.Service): ipautil.run(["/usr/sbin/userdel", PKI_DS_USER]) except ipautil.CalledProcessError, e: logging.critical("failed to delete user %s" % e) - self.service_name = sav_name class CAInstance(service.Service): """ @@ -1044,7 +1037,7 @@ class CAInstance(service.Service): # Fix the CRL URI in the profile installutils.set_directive('/var/lib/%s/profiles/ca/caIPAserviceCert.cfg' % PKI_INSTANCE_NAME, 'policyset.serverCertSet.9.default.params.crlDistPointsPointName_0', 'https://%s/ipa/crl/MasterCRL.bin' % self.fqdn, quotes=False, separator='=') - ipautil.run(["/sbin/restorecon", publishdir]) + ipaservices.restore_context(publishdir) def __set_subject_in_config(self): # dogtag ships with an IPA-specific profile that forces a subject @@ -1058,7 +1051,7 @@ class CAInstance(service.Service): enabled = self.restore_state("enabled") if not enabled is None and not enabled: - self.chkconfig_off() + self.disable() try: ipautil.run(["/usr/bin/pkiremove", "-pki_instance_root=/var/lib", @@ -1148,14 +1141,11 @@ def install_replica_ca(config, postinstall=False): # internally. In the case of the dogtag DS the name doesn't match the # unix service. - service_name = cs.service_name service.print_msg("Restarting the directory and certificate servers") - cs.service_name = "dirsrv" ca.stop() - cs.stop("PKI-IPA") - cs.start("PKI-IPA") + ipaservices.knownservices.dirsrv.stop("PKI-IPA") + ipaservices.knownservices.dirsrv.start("PKI-IPA") ca.start() - cs.service_name = service_name return (ca, cs) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index ead9c8159..affa26127 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -36,7 +36,7 @@ from ipapython import certmonger from ipapython.certdb import get_ca_nickname from ipalib import pkcs10 from ConfigParser import RawConfigParser, MissingSectionHeaderError -import service +from ipapython import services as ipaservices from ipalib import x509 from ipalib.dn import DN from ipalib.errors import CertificateOperationError @@ -483,29 +483,30 @@ class CertDB(object): """ Tell certmonger to track the given certificate nickname. """ - service.chkconfig_on("certmonger") - service.start("messagebus") - service.start("certmonger") + cmonger = ipaservices.knownservices.certmonger + cmonger.enable() + ipaservices.knownservices.messagebus.start() + cmonger.start() try: (stdout, stderr, rc) = certmonger.start_tracking(nickname, self.secdir, password_file) except (ipautil.CalledProcessError, RuntimeError), e: logging.error("certmonger failed starting to track certificate: %s" % str(e)) return - service.stop("certmonger") + cmonger.stop() cert = self.get_cert_from_db(nickname) nsscert = x509.load_certificate(cert, dbdir=self.secdir) subject = str(nsscert.subject) m = re.match('New tracking request "(\d+)" added', stdout) if not m: - logging.error('Didn\'t get new certmonger request, got %s' % stdout) - raise RuntimeError('certmonger did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (nickname, self.secdir)) + logging.error('Didn\'t get new %s request, got %s' % (cmonger.service_name, stdout)) + raise RuntimeError('%s did not issue new tracking request for \'%s\' in \'%s\'. Use \'ipa-getcert list\' to list existing certificates.' % (cmonger.service_name, nickname, self.secdir)) request_id = m.group(1) certmonger.add_principal(request_id, principal) certmonger.add_subject(request_id, subject) - service.start("certmonger") + cmonger.start() def untrack_server_cert(self, nickname): """ @@ -514,13 +515,14 @@ class CertDB(object): # Always start certmonger. We can't untrack something if it isn't # running - service.start("messagebus") - service.start("certmonger") + cmonger = ipaservices.knownservices.certmonger + ipaservices.knownservices.messagebus.start() + cmonger.start() try: certmonger.stop_tracking(self.secdir, nickname=nickname) except (ipautil.CalledProcessError, RuntimeError), e: logging.error("certmonger failed to stop tracking certificate: %s" % str(e)) - service.stop("certmonger") + cmonger.stop() def create_server_cert(self, nickname, hostname, other_certdb=None, subject=None): """ @@ -770,6 +772,7 @@ class CertDB(object): f.write(pwdfile.read()) f.close() pwdfile.close() + # TODO: replace explicit uid by a platform-specific one self.set_perms(self.pwd_conf, uid="apache") def find_root_cert(self, nickname): diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 8ccb22cf0..5abd5f3d2 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -30,6 +30,7 @@ import tempfile from ipapython import ipautil from ipapython import sysrestore +from ipapython import services as ipaservices import service import installutils @@ -107,18 +108,7 @@ def check_ports(): return (ds_unsecure, ds_secure) def is_ds_running(): - """The DS init script always returns 0 when requesting status so it cannot - be used to determine if the server is running. We have to look at the - output. - """ - ret = True - try: - (sout, serr, rcode) = ipautil.run(["/sbin/service", "dirsrv", "status"]) - if sout.find("is stopped") >= 0: - ret = False - except ipautil.CalledProcessError: - ret = False - return ret + return ipaservices.knownservices.dirsrv.is_running() def has_managed_entries(host_name, dm_password): """Check to see if the Managed Entries plugin is available""" @@ -310,8 +300,7 @@ class DsInstance(service.Service): self.backup_state("enabled", self.is_enabled()) # At the end of the installation ipa-server-install will enable the # 'ipa' service wich takes care of starting/stopping dirsrv - # self.chkconfig_on() - self.chkconfig_off() + self.disable() def __setup_sub_dict(self): server_root = find_server_root() @@ -329,10 +318,10 @@ class DsInstance(service.Service): def __create_ds_user(self): user_exists = True - try: + try: pwd.getpwnam(DS_USER) logging.debug("ds user %s exists" % DS_USER) - except KeyError: + except KeyError: user_exists = False logging.debug("adding ds user %s" % DS_USER) args = ["/usr/sbin/useradd", "-g", DS_GROUP, @@ -644,7 +633,7 @@ class DsInstance(service.Service): pass if not enabled is None and not enabled: - self.chkconfig_off() + self.disable() serverid = self.restore_state("serverid") if not serverid is None: diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 4294bee1b..eae60754a 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -30,6 +30,7 @@ import dsinstance import installutils from ipapython import sysrestore from ipapython import ipautil +from ipapython import services as ipaservices from ipalib import util, api HTTPD_DIR = "/etc/httpd" @@ -220,13 +221,13 @@ class HTTPInstance(service.Service): os.chown(certs.NSS_DIR + "/pwdfile.txt", 0, pent.pw_gid ) # Fix SELinux permissions on the database - ipautil.run(["/sbin/restorecon", certs.NSS_DIR + "/cert8.db"]) - ipautil.run(["/sbin/restorecon", certs.NSS_DIR + "/key3.db"]) + ipaservices.restore_context(certs.NSS_DIR + "/cert8.db") + ipaservices.restore_context(certs.NSS_DIR + "/key3.db") # In case this got generated as part of the install, reset the # context if ipautil.file_exists(certs.CA_SERIALNO): - ipautil.run(["/sbin/restorecon", certs.CA_SERIALNO]) + ipaservices.restore_context(certs.CA_SERIALNO) os.chown(certs.CA_SERIALNO, 0, pent.pw_gid) os.chmod(certs.CA_SERIALNO, 0664) @@ -272,7 +273,7 @@ class HTTPInstance(service.Service): db = certs.CertDB(api.env.realm) db.untrack_server_cert("Server-Cert") if not enabled is None and not enabled: - self.chkconfig_off() + self.disable() for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]: try: diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 47fd520d3..513dc5523 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -30,6 +30,7 @@ import service import installutils from ipapython import sysrestore from ipapython import ipautil +from ipapython import services as ipaservices from ipalib import util from ipalib import errors @@ -226,7 +227,7 @@ class KrbInstance(service.Service): def __configure_kdc_account_password(self): hexpwd = '' - for x in self.kdc_password: + for x in self.kdc_password: hexpwd += (hex(ord(x))[2:]) self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd") pwd_fd = open("/var/kerberos/krb5kdc/ldappwd", "w") @@ -464,7 +465,7 @@ class KrbInstance(service.Service): keydata = stash.read(keylen) except os.error: logging.critical("Failed to retrieve Master Key from Stash file: %s") - #encode it in the asn.1 attribute + #encode it in the asn.1 attribute MasterKey = univ.Sequence() MasterKey.setComponentByPosition(0, univ.Integer(keytype)) MasterKey.setComponentByPosition(1, univ.OctetString(keydata)) @@ -574,7 +575,7 @@ class KrbInstance(service.Service): pass if not enabled is None and not enabled: - self.chkconfig_off() + self.disable() if not running is None and running: self.start() diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py index d85e430b7..00217c390 100644 --- a/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py @@ -23,6 +23,7 @@ import logging import service from ipapython import sysrestore from ipapython import ipautil +from ipapython import services as ipaservices class NTPInstance(service.Service): def __init__(self, fstore=None): @@ -143,7 +144,7 @@ class NTPInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_enabled()) - self.chkconfig_on() + self.enable() def create_instance(self): @@ -168,13 +169,13 @@ class NTPInstance(service.Service): self.stop() try: - self.fstore.restore_file("/etc/ntp.conf") + self.fstore.restore_file("/etc/ntp.conf") except ValueError, error: logging.debug(error) pass if not enabled is None and not enabled: - self.chkconfig_off() + self.disable() if not running is None and running: self.start() diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index fbf9c95b5..961e71330 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -23,7 +23,7 @@ import os import sys import ldap from ipaserver import ipaldap -from ipaserver.install.service import restart +from ipapython import services as ipaservices import installutils from ldap import modlist from ipalib import util @@ -106,7 +106,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')]) conn.unbind() serverid = "-".join(realm.split(".")) - restart("dirsrv", instance_name=serverid) + ipaservices.knownservices.dirsrv.restart(instance_name=serverid) installutils.wait_for_open_ports('localhost', [389, 636], 300) else: conn.unbind() -- cgit