From b2c378dcc8221dbf254b0cd0b204e84f0d0eeebf Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Wed, 5 Jun 2013 15:48:35 +0200 Subject: Manage ipa-otpd.socket by IPA Adds a new simple service called OtpdInstance, that manages ipa-otpd.socket service. Added to server/replica installer and ipa-upgradeconfig script. https://fedorahosted.org/freeipa/ticket/3680 --- install/tools/ipa-replica-install | 6 ++++++ install/tools/ipa-server-install | 12 +++++++++--- install/tools/ipa-upgradeconfig | 29 ++++++++++++++++++----------- ipapython/platform/fedora16/service.py | 1 + ipaserver/install/otpdinstance.py | 25 +++++++++++++++++++++++++ ipaserver/install/service.py | 17 +++++++++-------- 6 files changed, 68 insertions(+), 22 deletions(-) create mode 100644 ipaserver/install/otpdinstance.py diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 04cad42f6..209ca850f 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -35,6 +35,7 @@ from ipapython import ipautil from ipaserver.install import dsinstance, installutils, krbinstance, service from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs from ipaserver.install import memcacheinstance +from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager from ipaserver.install.installutils import (HostnameLocalhost, resolve_host, ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name, @@ -667,6 +668,11 @@ def main(): krb = install_krb(config, setup_pkinit=options.setup_pkinit) http = install_http(config, auto_redirect=options.ui_redirect) + + otpd = otpdinstance.OtpdInstance() + otpd.create_instance('OTPD', config.host_name, config.dirman_password, + ipautil.realm_to_suffix(config.realm_name)) + if CA: CA.configure_certmonger_renewal() CA.import_ra_cert(dir + "/ra.p12") diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 3e18c8e00..b90613295 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -49,6 +49,7 @@ from ipaserver.install import ntpinstance from ipaserver.install import certs from ipaserver.install import cainstance from ipaserver.install import memcacheinstance +from ipaserver.install import otpdinstance from ipaserver.install import sysupgrade from ipaserver.install import service, installutils @@ -513,6 +514,7 @@ def uninstall(): krbinstance.KrbInstance(fstore).uninstall() dsinstance.DsInstance(fstore=fstore).uninstall() memcacheinstance.MemcacheInstance().uninstall() + otpdinstance.OtpdInstance().uninstall() ipaservices.restore_network_configuration(fstore, sstore) fstore.restore_all_files() try: @@ -1092,11 +1094,15 @@ def main(): # generated ds.add_cert_to_service() - # Create a HTTP instance - memcache = memcacheinstance.MemcacheInstance() - memcache.create_instance('MEMCACHE', host_name, dm_password, ipautil.realm_to_suffix(realm_name)) + memcache.create_instance('MEMCACHE', host_name, dm_password, + ipautil.realm_to_suffix(realm_name)) + otpd = otpdinstance.OtpdInstance() + otpd.create_instance('OTPD', host_name, dm_password, + ipautil.realm_to_suffix(realm_name)) + + # Create a HTTP instance http = httpinstance.HTTPInstance(fstore) if options.http_pkcs12: http.create_instance( diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 8e9357f20..4e9216964 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -48,6 +48,7 @@ from ipaserver.install import bindinstance from ipaserver.install import service from ipaserver.install import cainstance from ipaserver.install import certs +from ipaserver.install import otpdinstance from ipaserver.install import sysupgrade @@ -925,17 +926,23 @@ def main(): uninstall_selfsign(ds, http) - memcache = memcacheinstance.MemcacheInstance() - memcache.ldapi = True - memcache.realm = api.env.realm - try: - if not memcache.is_configured(): - # 389-ds needs to be running to create the memcache instance - # because we record the new service in cn=masters. - ds.start() - memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm)) - except ipalib.errors.DuplicateEntry: - pass + simple_service_list = ( + (memcacheinstance.MemcacheInstance(), 'MEMCACHE'), + (otpdinstance.OtpdInstance(), 'OTPD'), + ) + + for service, ldap_name in simple_service_list: + service.ldapi = True + try: + if not service.is_configured(): + # 389-ds needs to be running to create the memcache instance + # because we record the new service in cn=masters. + ds.start() + service.create_instance(ldap_name, fqdn, None, + ipautil.realm_to_suffix(api.env.realm), + realm=api.env.realm) + except ipalib.errors.DuplicateEntry: + pass cleanup_kdc(fstore) setup_firefox_extension(fstore) diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py index f8026b9f2..bceb87cd5 100644 --- a/ipapython/platform/fedora16/service.py +++ b/ipapython/platform/fedora16/service.py @@ -53,6 +53,7 @@ system_units['pki_cad'] = system_units['pki-cad'] # Our PKI instance is pki-tomcatd@pki-tomcat.service system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service' system_units['pki_tomcatd'] = system_units['pki-tomcatd'] +system_units['ipa-otpd'] = 'ipa-otpd.socket' class Fedora16Service(systemd.SystemdService): def __init__(self, service_name): diff --git a/ipaserver/install/otpdinstance.py b/ipaserver/install/otpdinstance.py new file mode 100644 index 000000000..2eed3f8a2 --- /dev/null +++ b/ipaserver/install/otpdinstance.py @@ -0,0 +1,25 @@ +# Authors: Tomas Babej +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import service + + +class OtpdInstance(service.SimpleServiceInstance): + def __init__(self): + service.SimpleServiceInstance.__init__(self, "ipa-otpd") \ No newline at end of file diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 8f4a7dbb0..f3cd1897f 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -40,14 +40,15 @@ DISABLED = 3 # The service name as stored in cn=masters,cn=ipa,cn=etc. In the tuple # the first value is the *nix service name, the second the start order. SERVICE_LIST = { - 'KDC':('krb5kdc', 10), - 'KPASSWD':('kadmin', 20), - 'DNS':('named', 30), - 'MEMCACHE':('ipa_memcached', 39), - 'HTTP':('httpd', 40), - 'CA':('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50), - 'ADTRUST':('smb', 60), - 'EXTID':('winbind', 70) + 'KDC': ('krb5kdc', 10), + 'KPASSWD': ('kadmin', 20), + 'DNS': ('named', 30), + 'MEMCACHE': ('ipa_memcached', 39), + 'HTTP': ('httpd', 40), + 'CA': ('%sd' % dogtag.configured_constants().PKI_INSTANCE_NAME, 50), + 'ADTRUST': ('smb', 60), + 'EXTID': ('winbind', 70), + 'OTPD': ('ipa-otpd', 80), } def print_msg(message, output_fd=sys.stdout): -- cgit