diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-09-02 10:56:19 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-09-02 16:28:37 +0200 |
commit | de7b1f86dc5bc120e570a99e722a06865cad3fdd (patch) | |
tree | fde689c6d427c4c94d507d315d11ecfec505f8fb /ipaserver | |
parent | f40cb4c031b21940309ff1fbbf6b4f64aa5a6c39 (diff) | |
download | freeipa-de7b1f86dc5bc120e570a99e722a06865cad3fdd.tar.gz freeipa-de7b1f86dc5bc120e570a99e722a06865cad3fdd.tar.xz freeipa-de7b1f86dc5bc120e570a99e722a06865cad3fdd.zip |
Create DS user and group during ipa-restore
ipa-restore would fail if DS user did not exist. Check for presence of DS
user and group and create them if needed.
https://fedorahosted.org/freeipa/ticket/3856
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/dsinstance.py | 66 | ||||
-rw-r--r-- | ipaserver/install/ipa_restore.py | 12 |
2 files changed, 53 insertions, 25 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index f543efadc..06f9e3a4b 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -27,6 +27,7 @@ import time import tempfile import base64 import stat +import grp from ipapython.ipa_log_manager import * from ipapython import ipautil, sysrestore, ipaldap @@ -130,6 +131,52 @@ def check_ports(): def is_ds_running(server_id=''): return ipaservices.knownservices.dirsrv.is_running(instance_name=server_id) + +def create_ds_user(): + """ + Create DS user if it doesn't exist yet. + """ + try: + pwd.getpwnam(DS_USER) + root_logger.debug('DS user %s exists', DS_USER) + except KeyError: + root_logger.debug('Adding DS user %s', DS_USER) + args = [ + '/usr/sbin/useradd', + '-g', DS_GROUP, + '-c', 'DS System User', + '-d', '/var/lib/dirsrv', + '-s', '/sbin/nologin', + '-M', '-r', DS_USER + ] + try: + ipautil.run(args) + root_logger.debug('Done adding DS user') + except ipautil.CalledProcessError, e: + root_logger.critical('Failed to add DS user: %s', e) + + +def create_ds_group(): + """ + Create DS group if it doesn't exist yet. + Returns True if the group already exists. + """ + try: + grp.getgrnam(DS_GROUP) + root_logger.debug('DS group %s exists', DS_GROUP) + group_exists = True + except KeyError: + group_exists = False + root_logger.debug('Adding DS group %s', DS_GROUP) + args = ['/usr/sbin/groupadd', '-r', DS_GROUP] + try: + ipautil.run(args) + root_logger.debug('Done adding DS group') + except ipautil.CalledProcessError, e: + root_logger.critical('Failed to add DS group: %s', e) + + return group_exists + INF_TEMPLATE = """ [General] FullMachineName= $FQDN @@ -194,7 +241,7 @@ class DsInstance(service.Service): def __common_setup(self, enable_ssl=False): - self.step("creating directory server user", self.__create_ds_user) + self.step("creating directory server user", create_ds_user) self.step("creating directory server instance", self.__create_instance) self.step("adding default schema", self.__add_default_schemas) self.step("enabling memberof plugin", self.__add_memberof_module) @@ -346,23 +393,6 @@ class DsInstance(service.Service): IDRANGE_SIZE=idrange_size ) - def __create_ds_user(self): - try: - pwd.getpwnam(DS_USER) - root_logger.debug("ds user %s exists" % DS_USER) - except KeyError: - root_logger.debug("adding ds user %s" % DS_USER) - args = ["/usr/sbin/useradd", "-g", DS_GROUP, - "-c", "DS System User", - "-d", "/var/lib/dirsrv", - "-s", "/sbin/nologin", - "-M", "-r", DS_USER] - try: - ipautil.run(args) - root_logger.debug("done adding user") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add user %s" % e) - def __create_instance(self): pent = pwd.getpwnam(DS_USER) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 2d4be57f7..821137160 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -20,28 +20,24 @@ import os import sys import shutil -import glob import tempfile import time import pwd -from optparse import OptionGroup from ConfigParser import SafeConfigParser from ipalib import api, errors from ipapython import version from ipapython.ipautil import run, user_input from ipapython import admintool -from ipapython.config import IPAOptionParser from ipapython.dn import DN -from ipaserver.install.dsinstance import realm_to_serverid, DS_USER +from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_group, + create_ds_user, DS_USER) from ipaserver.install.cainstance import PKI_USER from ipaserver.install.replication import (wait_for_task, ReplicationManager, - CSReplicationManager, get_cs_replication_manager) + get_cs_replication_manager) from ipaserver.install import installutils from ipapython import services as ipaservices from ipapython import ipaldap -from ipapython import version -from ipalib.session import ISO8601_DATETIME_FMT from ipaserver.install.ipa_backup import BACKUP_DIR @@ -190,6 +186,8 @@ class Restore(admintool.AdminTool): if options.data_only and not instances: raise admintool.ScriptError('No instances to restore to') + create_ds_group() + create_ds_user() pent = pwd.getpwnam(DS_USER) # Temporary directory for decrypting files before restoring |