diff options
-rw-r--r-- | ipsilon/helpers/common.py | 4 | ||||
-rw-r--r-- | ipsilon/helpers/ipa.py | 2 | ||||
-rw-r--r-- | ipsilon/info/common.py | 4 | ||||
-rw-r--r-- | ipsilon/info/infoldap.py | 2 | ||||
-rw-r--r-- | ipsilon/info/infonss.py | 2 | ||||
-rw-r--r-- | ipsilon/info/infosssd.py | 2 | ||||
-rwxr-xr-x | ipsilon/install/ipsilon-server-install | 46 | ||||
-rw-r--r-- | ipsilon/login/authfas.py | 2 | ||||
-rw-r--r-- | ipsilon/login/authform.py | 2 | ||||
-rw-r--r-- | ipsilon/login/authgssapi.py | 2 | ||||
-rw-r--r-- | ipsilon/login/authldap.py | 2 | ||||
-rw-r--r-- | ipsilon/login/authpam.py | 2 | ||||
-rw-r--r-- | ipsilon/login/authtest.py | 2 | ||||
-rw-r--r-- | ipsilon/login/common.py | 4 | ||||
-rw-r--r-- | ipsilon/providers/common.py | 4 | ||||
-rw-r--r-- | ipsilon/providers/openidp.py | 2 | ||||
-rw-r--r-- | ipsilon/providers/personaidp.py | 2 | ||||
-rw-r--r-- | ipsilon/providers/saml2idp.py | 2 |
18 files changed, 59 insertions, 29 deletions
diff --git a/ipsilon/helpers/common.py b/ipsilon/helpers/common.py index d3f7125..bdaa82f 100644 --- a/ipsilon/helpers/common.py +++ b/ipsilon/helpers/common.py @@ -12,7 +12,7 @@ class EnvHelpersInstaller(object): self.ptype = 'helper' self.name = None - def unconfigure(self, opts): + def unconfigure(self, opts, changes): return def install_args(self, group): @@ -21,7 +21,7 @@ class EnvHelpersInstaller(object): def validate_args(self, args): return - def configure_server(self, opts): + def configure_server(self, opts, changes): raise NotImplementedError diff --git a/ipsilon/helpers/ipa.py b/ipsilon/helpers/ipa.py index a785edb..9c786f9 100644 --- a/ipsilon/helpers/ipa.py +++ b/ipsilon/helpers/ipa.py @@ -163,7 +163,7 @@ class Installer(EnvHelpersInstaller): pw = pwd.getpwnam(HTTPD_USER) os.chown(opts['gssapi_httpd_keytab'], pw.pw_uid, pw.pw_gid) - def configure_server(self, opts): + def configure_server(self, opts, changes): if opts['ipa'] != 'yes' and opts['ipa'] != 'auto': return if opts['ipa'] != 'yes' and opts['gssapi'] == 'no': diff --git a/ipsilon/info/common.py b/ipsilon/info/common.py index 06b71aa..4cd6663 100644 --- a/ipsilon/info/common.py +++ b/ipsilon/info/common.py @@ -102,10 +102,10 @@ class InfoProviderInstaller(object): def validate_args(self, args): return - def unconfigure(self, opts): + def unconfigure(self, opts, changes): return - def configure(self, opts): + def configure(self, opts, changes): raise NotImplementedError diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py index 9494666..66e8d50 100644 --- a/ipsilon/info/infoldap.py +++ b/ipsilon/info/infoldap.py @@ -182,7 +182,7 @@ class Installer(InfoProviderInstaller): group.add_argument('--info-ldap-base-dn', action='store', help='LDAP Base DN') - def configure(self, opts): + def configure(self, opts, changes): if opts['info_ldap'] != 'yes': return diff --git a/ipsilon/info/infonss.py b/ipsilon/info/infonss.py index 1966c27..0cd6fa0 100644 --- a/ipsilon/info/infonss.py +++ b/ipsilon/info/infonss.py @@ -79,7 +79,7 @@ class Installer(InfoProviderInstaller): group.add_argument('--info-nss', choices=['yes', 'no'], default='no', help='Use passwd data to populate user attrs') - def configure(self, opts): + def configure(self, opts, changes): if opts['info_nss'] != 'yes': return diff --git a/ipsilon/info/infosssd.py b/ipsilon/info/infosssd.py index 75fcf24..54d0ba2 100644 --- a/ipsilon/info/infosssd.py +++ b/ipsilon/info/infosssd.py @@ -131,7 +131,7 @@ class Installer(InfoProviderInstaller): help='SSSD domain to enable mod_lookup_identity' ' for') - def configure(self, opts): + def configure(self, opts, changes): if opts['info_sssd'] != 'yes': return diff --git a/ipsilon/install/ipsilon-server-install b/ipsilon/install/ipsilon-server-install index 471fe9a..0677f0e 100755 --- a/ipsilon/install/ipsilon-server-install +++ b/ipsilon/install/ipsilon-server-install @@ -10,6 +10,7 @@ from ipsilon.tools import files import ConfigParser import argparse import cherrypy +import json import logging import os import pwd @@ -154,6 +155,12 @@ def install(plugins, args): # components cherrypy.config.update(ipsilon_conf) + # Prepare to allow plugins to save things changed during install + changes = {'env_helper': {}, + 'login_manager': {}, + 'info_provider': {}, + 'auth_provider': {}} + # Move pre-existing admin db away admin_db = cherrypy.config['admin.config.db'] if os.path.exists(admin_db): @@ -169,8 +176,10 @@ def install(plugins, args): logger.info('Configuring environment helpers') for plugin_name in plugins['Environment Helpers']: plugin = plugins['Environment Helpers'][plugin_name] - if plugin.configure_server(args) == False: + plugin_changes = {} + if plugin.configure_server(args, plugin_changes) == False: logger.info('Configuration of environment helper %s failed' % plugin_name) + changes['env_helper'][plugin_name] = plugin_changes logger.info('Configuring login managers') for plugin_name in args['lm_order']: @@ -178,20 +187,32 @@ def install(plugins, args): plugin = plugins['Login Managers'][plugin_name] except KeyError: sys.exit('Login provider %s not installed' % plugin_name) - if plugin.configure(args) == False: + plugin_changes = {} + if plugin.configure(args, plugin_changes) == False: logger.info('Configuration of login manager %s failed' % plugin_name) + changes['login_manager'][plugin_name] = plugin_changes logger.info('Configuring Info provider') for plugin_name in plugins['Info Provider']: plugin = plugins['Info Provider'][plugin_name] - if plugin.configure(args) == False: + plugin_changes = {} + if plugin.configure(args, plugin_changes) == False: logger.info('Configuration of info provider %s failed' % plugin_name) + changes['info_provider'][plugin_name] = plugin_changes logger.info('Configuring Authentication Providers') for plugin_name in plugins['Auth Providers']: plugin = plugins['Auth Providers'][plugin_name] - if plugin.configure(args) == False: + plugin_changes = {} + if plugin.configure(args, plugin_changes) == False: logger.info('Configuration of auth provider %s failed' % plugin_name) + changes['auth_provider'][plugin_name] = plugin_changes + + # Save any changes that were made + install_changes = os.path.join(instance_conf, 'install_changes') + changes = json.dumps(changes) + with open(install_changes, 'w+') as f: + f.write(changes) # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(instance_conf, opts['system_user']) @@ -223,28 +244,37 @@ def uninstall(plugins, args): if sure != 'yes': raise Exception('Aborting') + # Get the details of what we changed during installation + install_changes = os.path.join(instance_conf, 'install_changes') + with open(install_changes, 'r') as f: + changes = json.loads(f.read()) + logger.info('Removing environment helpers') for plugin_name in plugins['Environment Helpers']: plugin = plugins['Environment Helpers'][plugin_name] - if plugin.unconfigure(args) == False: + plugin_changes = changes['env_helper'][plugin_name] + if plugin.unconfigure(args, plugin_changes) == False: logger.info('Removal of environment helper %s failed' % plugin_name) logger.info('Removing login managers') for plugin_name in plugins['Login Managers']: plugin = plugins['Login Managers'][plugin_name] - if plugin.unconfigure(args) == False: + plugin_changes = changes['login_manager'][plugin_name] + if plugin.unconfigure(args, plugin_changes) == False: logger.info('Removal of login manager %s failed' % plugin_name) logger.info('Removing Info providers') for plugin_name in plugins['Info Provider']: plugin = plugins['Info Provider'][plugin_name] - if plugin.unconfigure(args) == False: + plugin_changes = changes['info_provider'][plugin_name] + if plugin.unconfigure(args, plugin_changes) == False: logger.info('Removal of info provider %s failed' % plugin_name) logger.info('Removing Authentication Providers') for plugin_name in plugins['Auth Providers']: plugin = plugins['Auth Providers'][plugin_name] - if plugin.unconfigure(args) == False: + plugin_changes = changes['auth_provider'][plugin_name] + if plugin.unconfigure(args, plugin_changes) == False: logger.info('Removal of auth provider %s failed' % plugin_name) logger.info('Removing httpd configuration') diff --git a/ipsilon/login/authfas.py b/ipsilon/login/authfas.py index 8af7f28..d0b834a 100644 --- a/ipsilon/login/authfas.py +++ b/ipsilon/login/authfas.py @@ -185,7 +185,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--fas', choices=['yes', 'no'], default='no', help='Configure FAS authentication') - def configure(self, opts): + def configure(self, opts, changes): if opts['fas'] != 'yes': return diff --git a/ipsilon/login/authform.py b/ipsilon/login/authform.py index c6b958f..eed35fc 100644 --- a/ipsilon/login/authform.py +++ b/ipsilon/login/authform.py @@ -99,7 +99,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--form-service', action='store', default='remote', help='PAM service name to use for authentication') - def configure(self, opts): + def configure(self, opts, changes): if opts['form'] != 'yes': return diff --git a/ipsilon/login/authgssapi.py b/ipsilon/login/authgssapi.py index ce8213d..a05644d 100644 --- a/ipsilon/login/authgssapi.py +++ b/ipsilon/login/authgssapi.py @@ -114,7 +114,7 @@ class Installer(LoginManagerInstaller): default='/etc/httpd/conf/http.keytab', help='Kerberos keytab location for HTTPD') - def configure(self, opts): + def configure(self, opts, changes): if opts['gssapi'] != 'yes': return diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py index 161ef75..ce096f4 100644 --- a/ipsilon/login/authldap.py +++ b/ipsilon/login/authldap.py @@ -194,7 +194,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--ldap-base-dn', action='store', help='LDAP Base DN') - def configure(self, opts): + def configure(self, opts, changes): if opts['ldap'] != 'yes': return diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py index c2a6afb..1a34f8f 100644 --- a/ipsilon/login/authpam.py +++ b/ipsilon/login/authpam.py @@ -114,7 +114,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--pam-service', action='store', default='remote', help='PAM service name to use for authentication') - def configure(self, opts): + def configure(self, opts, changes): if opts['pam'] != 'yes': return diff --git a/ipsilon/login/authtest.py b/ipsilon/login/authtest.py index 0b05e0a..aa2a73a 100644 --- a/ipsilon/login/authtest.py +++ b/ipsilon/login/authtest.py @@ -101,7 +101,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--testauth', choices=['yes', 'no'], default='no', help='Configure PAM authentication') - def configure(self, opts): + def configure(self, opts, changes): if opts['testauth'] != 'yes': return diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py index 7cf0c2a..db71fb0 100644 --- a/ipsilon/login/common.py +++ b/ipsilon/login/common.py @@ -322,7 +322,7 @@ class LoginManagerInstaller(object): self.ptype = 'login' self.name = None - def unconfigure(self, opts): + def unconfigure(self, opts, changes): return def install_args(self, group): @@ -331,7 +331,7 @@ class LoginManagerInstaller(object): def validate_args(self, args): return - def configure(self, opts): + def configure(self, opts, changes): raise NotImplementedError diff --git a/ipsilon/providers/common.py b/ipsilon/providers/common.py index b842b39..c4d6658 100644 --- a/ipsilon/providers/common.py +++ b/ipsilon/providers/common.py @@ -105,7 +105,7 @@ class ProviderInstaller(object): self.ptype = 'provider' self.name = None - def unconfigure(self, opts): + def unconfigure(self, opts, changes): return def install_args(self, group): @@ -114,7 +114,7 @@ class ProviderInstaller(object): def validate_args(self, args): return - def configure(self, opts): + def configure(self, opts, changes): raise NotImplementedError diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py index 052ab43..8f74578 100644 --- a/ipsilon/providers/openidp.py +++ b/ipsilon/providers/openidp.py @@ -146,7 +146,7 @@ class Installer(ProviderInstaller): group.add_argument('--openid-extensions', default='', help='List of OpenID Extensions to enable') - def configure(self, opts): + def configure(self, opts, changes): if opts['openid'] != 'yes': return diff --git a/ipsilon/providers/personaidp.py b/ipsilon/providers/personaidp.py index d2794e0..f0146db 100644 --- a/ipsilon/providers/personaidp.py +++ b/ipsilon/providers/personaidp.py @@ -85,7 +85,7 @@ class Installer(ProviderInstaller): group.add_argument('--persona', choices=['yes', 'no'], default='yes', help='Configure Persona Provider') - def configure(self, opts): + def configure(self, opts, changes): if opts['persona'] != 'yes': return diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 6dfb03a..11ba832 100644 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -452,7 +452,7 @@ class Installer(ProviderInstaller): '(default - %d)' % METADATA_DEFAULT_VALIDITY_PERIOD)) - def configure(self, opts): + def configure(self, opts, changes): if opts['saml2'] != 'yes': return |