diff options
| author | Ana Krivokapic <akrivoka@redhat.com> | 2013-09-02 10:56:19 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-09-02 16:28:37 +0200 |
| commit | de7b1f86dc5bc120e570a99e722a06865cad3fdd (patch) | |
| tree | fde689c6d427c4c94d507d315d11ecfec505f8fb | |
| parent | f40cb4c031b21940309ff1fbbf6b4f64aa5a6c39 (diff) | |
| download | freeipa.git-de7b1f86dc5bc120e570a99e722a06865cad3fdd.tar.gz freeipa.git-de7b1f86dc5bc120e570a99e722a06865cad3fdd.tar.xz freeipa.git-de7b1f86dc5bc120e570a99e722a06865cad3fdd.zip | |
Create DS user and group during ipa-restore
ipa-restore would fail if DS user did not exist. Check for presence of DS
user and group and create them if needed.
https://fedorahosted.org/freeipa/ticket/3856
| -rwxr-xr-x | install/tools/ipa-replica-install | 22 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 11 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 66 | ||||
| -rw-r--r-- | ipaserver/install/ipa_restore.py | 12 |
4 files changed, 59 insertions, 52 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 947c51f6..2a88c102 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -22,7 +22,6 @@ import sys import socket import os, pwd, shutil -import grp from optparse import OptionGroup from contextlib import contextmanager @@ -33,13 +32,13 @@ import dns.exception from ipapython import ipautil from ipaserver.install import dsinstance, installutils, krbinstance, service -from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs +from ipaserver.install import bindinstance, httpinstance, ntpinstance from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager -from ipaserver.install.installutils import (HostnameLocalhost, resolve_host, - ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name, - BadHostError, private_ccache) +from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info, + read_replica_info ,get_host_name, + BadHostError, private_ccache) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance from ipalib import api, errors, util @@ -574,18 +573,7 @@ def main(): api.finalize() # Create DS group if it doesn't exist yet - try: - grp.getgrnam(dsinstance.DS_GROUP) - root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) - group_exists = True - except KeyError: - group_exists = False - args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] - try: - ipautil.run(args) - root_logger.debug("done adding DS group") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add DS group: %s" % e) + group_exists = dsinstance.create_ds_group() sstore.backup_state("install", "group_exists", group_exists) #Automatically disable pkinit w/ dogtag until that is supported diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 86ca3447..bfdef82a 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -971,16 +971,7 @@ def main(): ipaservices.backup_and_replace_hostname(fstore, sstore, host_name) # Create DS group if it doesn't exist yet - try: - grp.getgrnam(dsinstance.DS_GROUP) - root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) - except KeyError: - args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] - try: - ipautil.run(args) - root_logger.debug("done adding DS group") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add DS group: %s" % e) + dsinstance.create_ds_group() # Create a directory server instance if external != 2: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index f543efad..06f9e3a4 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -27,6 +27,7 @@ import time import tempfile import base64 import stat +import grp from ipapython.ipa_log_manager import * from ipapython import ipautil, sysrestore, ipaldap @@ -130,6 +131,52 @@ def check_ports(): def is_ds_running(server_id=''): return ipaservices.knownservices.dirsrv.is_running(instance_name=server_id) + +def create_ds_user(): + """ + Create DS user if it doesn't exist yet. + """ + try: + pwd.getpwnam(DS_USER) + root_logger.debug('DS user %s exists', DS_USER) + except KeyError: + root_logger.debug('Adding DS user %s', DS_USER) + args = [ + '/usr/sbin/useradd', + '-g', DS_GROUP, + '-c', 'DS System User', + '-d', '/var/lib/dirsrv', + '-s', '/sbin/nologin', + '-M', '-r', DS_USER + ] + try: + ipautil.run(args) + root_logger.debug('Done adding DS user') + except ipautil.CalledProcessError, e: + root_logger.critical('Failed to add DS user: %s', e) + + +def create_ds_group(): + """ + Create DS group if it doesn't exist yet. + Returns True if the group already exists. + """ + try: + grp.getgrnam(DS_GROUP) + root_logger.debug('DS group %s exists', DS_GROUP) + group_exists = True + except KeyError: + group_exists = False + root_logger.debug('Adding DS group %s', DS_GROUP) + args = ['/usr/sbin/groupadd', '-r', DS_GROUP] + try: + ipautil.run(args) + root_logger.debug('Done adding DS group') + except ipautil.CalledProcessError, e: + root_logger.critical('Failed to add DS group: %s', e) + + return group_exists + INF_TEMPLATE = """ [General] FullMachineName= $FQDN @@ -194,7 +241,7 @@ class DsInstance(service.Service): def __common_setup(self, enable_ssl=False): - self.step("creating directory server user", self.__create_ds_user) + self.step("creating directory server user", create_ds_user) self.step("creating directory server instance", self.__create_instance) self.step("adding default schema", self.__add_default_schemas) self.step("enabling memberof plugin", self.__add_memberof_module) @@ -346,23 +393,6 @@ class DsInstance(service.Service): IDRANGE_SIZE=idrange_size ) - def __create_ds_user(self): - try: - pwd.getpwnam(DS_USER) - root_logger.debug("ds user %s exists" % DS_USER) - except KeyError: - root_logger.debug("adding ds user %s" % DS_USER) - args = ["/usr/sbin/useradd", "-g", DS_GROUP, - "-c", "DS System User", - "-d", "/var/lib/dirsrv", - "-s", "/sbin/nologin", - "-M", "-r", DS_USER] - try: - ipautil.run(args) - root_logger.debug("done adding user") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add user %s" % e) - def __create_instance(self): pent = pwd.getpwnam(DS_USER) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 2d4be57f..82113716 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -20,28 +20,24 @@ import os import sys import shutil -import glob import tempfile import time import pwd -from optparse import OptionGroup from ConfigParser import SafeConfigParser from ipalib import api, errors from ipapython import version from ipapython.ipautil import run, user_input from ipapython import admintool -from ipapython.config import IPAOptionParser from ipapython.dn import DN -from ipaserver.install.dsinstance import realm_to_serverid, DS_USER +from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_group, + create_ds_user, DS_USER) from ipaserver.install.cainstance import PKI_USER from ipaserver.install.replication import (wait_for_task, ReplicationManager, - CSReplicationManager, get_cs_replication_manager) + get_cs_replication_manager) from ipaserver.install import installutils from ipapython import services as ipaservices from ipapython import ipaldap -from ipapython import version -from ipalib.session import ISO8601_DATETIME_FMT from ipaserver.install.ipa_backup import BACKUP_DIR @@ -190,6 +186,8 @@ class Restore(admintool.AdminTool): if options.data_only and not instances: raise admintool.ScriptError('No instances to restore to') + create_ds_group() + create_ds_user() pent = pwd.getpwnam(DS_USER) # Temporary directory for decrypting files before restoring |