From ed849639272acf0aed44935591ba525ec1348d59 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Wed, 5 Dec 2012 14:58:06 +0200 Subject: convert the base platform modules into packages --- ipapython/platform/base.py | 226 --------------------------- ipapython/platform/base/__init__.py | 226 +++++++++++++++++++++++++++ ipapython/platform/base/systemd.py | 233 ++++++++++++++++++++++++++++ ipapython/platform/fedora16.py | 214 -------------------------- ipapython/platform/fedora16/__init__.py | 52 +++++++ ipapython/platform/fedora16/selinux.py | 26 ++++ ipapython/platform/fedora16/service.py | 179 ++++++++++++++++++++++ ipapython/platform/fedora18.py | 113 -------------- ipapython/platform/fedora18/__init__.py | 113 ++++++++++++++ ipapython/platform/redhat.py | 261 -------------------------------- ipapython/platform/redhat/__init__.py | 133 ++++++++++++++++ ipapython/platform/redhat/auth.py | 49 ++++++ ipapython/platform/redhat/service.py | 123 +++++++++++++++ ipapython/platform/systemd.py | 230 ---------------------------- ipapython/setup.py.in | 7 +- 15 files changed, 1140 insertions(+), 1045 deletions(-) delete mode 100644 ipapython/platform/base.py create mode 100644 ipapython/platform/base/__init__.py create mode 100644 ipapython/platform/base/systemd.py delete mode 100644 ipapython/platform/fedora16.py create mode 100644 ipapython/platform/fedora16/__init__.py create mode 100644 ipapython/platform/fedora16/selinux.py create mode 100644 ipapython/platform/fedora16/service.py delete mode 100644 ipapython/platform/fedora18.py create mode 100644 ipapython/platform/fedora18/__init__.py delete mode 100644 ipapython/platform/redhat.py create mode 100644 ipapython/platform/redhat/__init__.py create mode 100644 ipapython/platform/redhat/auth.py create mode 100644 ipapython/platform/redhat/service.py delete mode 100644 ipapython/platform/systemd.py (limited to 'ipapython') diff --git a/ipapython/platform/base.py b/ipapython/platform/base.py deleted file mode 100644 index e2aa33fa..00000000 --- a/ipapython/platform/base.py +++ /dev/null @@ -1,226 +0,0 @@ -# Authors: Alexander Bokovoy -# -# Copyright (C) 2011 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -from ipalib.plugable import MagicDict -import json -import os - -# Canonical names of services as IPA wants to see them. As we need to have -# *some* naming, set them as in Red Hat distributions. Actual implementation -# should make them available through knownservices. and take care of -# re-mapping internally, if needed -wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc', - 'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap', - 'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd', - 'rpcidmapd', 'pki_tomcatd', 'pki-cad', 'chronyd'] - -# System may support more time&date services. FreeIPA supports ntpd only, other -# services will be disabled during IPA installation -timedate_services = ['ntpd', 'chronyd'] - - -# The common ports for these services. This is used to wait for the -# service to become available. -wellknownports = { - 'dirsrv@PKI-IPA.service': [7389], - 'PKI-IPA': [7389], - 'dirsrv': [389], # this is only used if the incoming instance name is blank - 'pki-cad': [9180, 9443, 9444], - 'pki-tomcatd@pki-tomcat.service': [8080, 8443], - 'pki-tomcat': [8080, 8443], - 'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank -} - -SVC_LIST_FILE = "/var/run/ipa/services.list" - -class AuthConfig(object): - """ - AuthConfig class implements system-independent interface to configure - system authentication resources. In Red Hat systems this is done with - authconfig(8) utility. - - AuthConfig class is nothing more than a tool to gather configuration - options and execute their processing. These options then converted by - an actual implementation to series of a system calls to appropriate - utilities performing real configuration. - - IPA *expects* names of AuthConfig's options to follow authconfig(8) - naming scheme! - - Actual implementation should be done in ipapython/platform/.py - by inheriting from platform.AuthConfig and redefining __build_args() - and execute() methods. - - from ipapython.platform import platform - class PlatformAuthConfig(platform.AuthConfig): - def __build_args(): - ... - - def execute(): - ... - - authconfig = PlatformAuthConfig - .... - - See ipapython/platform/redhat.py for a sample implementation that uses - authconfig(8) as its backend. - - From IPA code perspective, the authentication configuration should be - done with use of ipapython.services.authconfig: - - from ipapython import services as ipaservices - auth_config = ipaservices.authconfig() - auth_config.disable("ldap").\ - disable("krb5").\ - disable("sssd").\ - disable("sssdauth").\ - disable("mkhomedir").\ - add_option("update").\ - enable("nis").\ - add_parameter("nisdomain","foobar") - auth_config.execute() - - If you need to re-use existing AuthConfig instance for multiple runs, - make sure to call 'AuthConfig.reset()' between the runs. - """ - - def __init__(self): - self.parameters = {} - - def enable(self, option): - self.parameters[option] = True - return self - - def disable(self, option): - self.parameters[option] = False - return self - - def add_option(self, option): - self.parameters[option] = None - return self - - def add_parameter(self, option, value): - self.parameters[option] = [value] - return self - - def __build_args(self): - # do nothing - return None - - def execute(self): - # do nothing - return None - - def reset(self): - self.parameters = {} - return self - -class PlatformService(object): - """ - PlatformService abstracts out external process running on the system - which is possible to administer (start, stop, check status, etc). - - """ - - def __init__(self, service_name): - self.service_name = service_name - - def start(self, instance_name="", capture_output=True, wait=True, - update_service_list=True): - """ - When a service is started record the fact in a special file. - This allows ipactl stop to always stop all services that have - been started via ipa tools - """ - if not update_service_list: - return - svc_list = [] - try: - f = open(SVC_LIST_FILE, 'r') - svc_list = json.load(f) - except Exception: - # not fatal, may be the first service - pass - - if self.service_name not in svc_list: - svc_list.append(self.service_name) - - f = open(SVC_LIST_FILE, 'w') - json.dump(svc_list, f) - f.flush() - f.close() - return - - def stop(self, instance_name="", capture_output=True, update_service_list=True): - """ - When a service is stopped remove it from the service list file. - """ - if not update_service_list: - return - svc_list = [] - try: - f = open(SVC_LIST_FILE, 'r') - svc_list = json.load(f) - except Exception: - # not fatal, may be the first service - pass - - while self.service_name in svc_list: - svc_list.remove(self.service_name) - - f = open(SVC_LIST_FILE, 'w') - json.dump(svc_list, f) - f.flush() - f.close() - return - - def restart(self, instance_name="", capture_output=True, wait=True): - return - - def is_running(self, instance_name=""): - return False - - def is_installed(self): - return False - - def is_enabled(self, instance_name=""): - return False - - def enable(self, instance_name=""): - return - - def disable(self, instance_name=""): - return - - def install(self, instance_name=""): - return - - def remove(self, instance_name=""): - return - - def get_config_dir(self, instance_name=""): - return - -class KnownServices(MagicDict): - """ - KnownServices is an abstract class factory that should give out instances - of well-known platform services. Actual implementation must create these - instances as its own attributes on first access (or instance creation) - and cache them. - """ - diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py new file mode 100644 index 00000000..e2aa33fa --- /dev/null +++ b/ipapython/platform/base/__init__.py @@ -0,0 +1,226 @@ +# Authors: Alexander Bokovoy +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from ipalib.plugable import MagicDict +import json +import os + +# Canonical names of services as IPA wants to see them. As we need to have +# *some* naming, set them as in Red Hat distributions. Actual implementation +# should make them available through knownservices. and take care of +# re-mapping internally, if needed +wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc', + 'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap', + 'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd', + 'rpcidmapd', 'pki_tomcatd', 'pki-cad', 'chronyd'] + +# System may support more time&date services. FreeIPA supports ntpd only, other +# services will be disabled during IPA installation +timedate_services = ['ntpd', 'chronyd'] + + +# The common ports for these services. This is used to wait for the +# service to become available. +wellknownports = { + 'dirsrv@PKI-IPA.service': [7389], + 'PKI-IPA': [7389], + 'dirsrv': [389], # this is only used if the incoming instance name is blank + 'pki-cad': [9180, 9443, 9444], + 'pki-tomcatd@pki-tomcat.service': [8080, 8443], + 'pki-tomcat': [8080, 8443], + 'pki-tomcatd': [8080, 8443], # used if the incoming instance name is blank +} + +SVC_LIST_FILE = "/var/run/ipa/services.list" + +class AuthConfig(object): + """ + AuthConfig class implements system-independent interface to configure + system authentication resources. In Red Hat systems this is done with + authconfig(8) utility. + + AuthConfig class is nothing more than a tool to gather configuration + options and execute their processing. These options then converted by + an actual implementation to series of a system calls to appropriate + utilities performing real configuration. + + IPA *expects* names of AuthConfig's options to follow authconfig(8) + naming scheme! + + Actual implementation should be done in ipapython/platform/.py + by inheriting from platform.AuthConfig and redefining __build_args() + and execute() methods. + + from ipapython.platform import platform + class PlatformAuthConfig(platform.AuthConfig): + def __build_args(): + ... + + def execute(): + ... + + authconfig = PlatformAuthConfig + .... + + See ipapython/platform/redhat.py for a sample implementation that uses + authconfig(8) as its backend. + + From IPA code perspective, the authentication configuration should be + done with use of ipapython.services.authconfig: + + from ipapython import services as ipaservices + auth_config = ipaservices.authconfig() + auth_config.disable("ldap").\ + disable("krb5").\ + disable("sssd").\ + disable("sssdauth").\ + disable("mkhomedir").\ + add_option("update").\ + enable("nis").\ + add_parameter("nisdomain","foobar") + auth_config.execute() + + If you need to re-use existing AuthConfig instance for multiple runs, + make sure to call 'AuthConfig.reset()' between the runs. + """ + + def __init__(self): + self.parameters = {} + + def enable(self, option): + self.parameters[option] = True + return self + + def disable(self, option): + self.parameters[option] = False + return self + + def add_option(self, option): + self.parameters[option] = None + return self + + def add_parameter(self, option, value): + self.parameters[option] = [value] + return self + + def __build_args(self): + # do nothing + return None + + def execute(self): + # do nothing + return None + + def reset(self): + self.parameters = {} + return self + +class PlatformService(object): + """ + PlatformService abstracts out external process running on the system + which is possible to administer (start, stop, check status, etc). + + """ + + def __init__(self, service_name): + self.service_name = service_name + + def start(self, instance_name="", capture_output=True, wait=True, + update_service_list=True): + """ + When a service is started record the fact in a special file. + This allows ipactl stop to always stop all services that have + been started via ipa tools + """ + if not update_service_list: + return + svc_list = [] + try: + f = open(SVC_LIST_FILE, 'r') + svc_list = json.load(f) + except Exception: + # not fatal, may be the first service + pass + + if self.service_name not in svc_list: + svc_list.append(self.service_name) + + f = open(SVC_LIST_FILE, 'w') + json.dump(svc_list, f) + f.flush() + f.close() + return + + def stop(self, instance_name="", capture_output=True, update_service_list=True): + """ + When a service is stopped remove it from the service list file. + """ + if not update_service_list: + return + svc_list = [] + try: + f = open(SVC_LIST_FILE, 'r') + svc_list = json.load(f) + except Exception: + # not fatal, may be the first service + pass + + while self.service_name in svc_list: + svc_list.remove(self.service_name) + + f = open(SVC_LIST_FILE, 'w') + json.dump(svc_list, f) + f.flush() + f.close() + return + + def restart(self, instance_name="", capture_output=True, wait=True): + return + + def is_running(self, instance_name=""): + return False + + def is_installed(self): + return False + + def is_enabled(self, instance_name=""): + return False + + def enable(self, instance_name=""): + return + + def disable(self, instance_name=""): + return + + def install(self, instance_name=""): + return + + def remove(self, instance_name=""): + return + + def get_config_dir(self, instance_name=""): + return + +class KnownServices(MagicDict): + """ + KnownServices is an abstract class factory that should give out instances + of well-known platform services. Actual implementation must create these + instances as its own attributes on first access (or instance creation) + and cache them. + """ + diff --git a/ipapython/platform/base/systemd.py b/ipapython/platform/base/systemd.py new file mode 100644 index 00000000..a9c1ec03 --- /dev/null +++ b/ipapython/platform/base/systemd.py @@ -0,0 +1,233 @@ +# Author: Alexander Bokovoy +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import os +import shutil +import sys + +from ipapython import ipautil +from ipapython.platform import base +from ipalib import api + +class SystemdService(base.PlatformService): + SYSTEMD_ETC_PATH = "/etc/systemd/system/" + SYSTEMD_LIB_PATH = "/lib/systemd/system/" + SYSTEMD_SRV_TARGET = "%s.target.wants" + + def __init__(self, service_name, systemd_name): + super(SystemdService, self).__init__(service_name) + self.systemd_name = systemd_name + self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name) + self.lib_path_exists = None + + def service_instance(self, instance_name): + if self.lib_path_exists is None: + self.lib_path_exists = os.path.exists(self.lib_path) + + elements = self.systemd_name.split("@") + + # Short-cut: if there is already exact service name, return it + if self.lib_path_exists and len(instance_name) == 0: + if len(elements) == 1: + # service name is like pki-tomcatd.target or krb5kdc.service + return self.systemd_name + if len(elements) > 1 and elements[1][0] != '.': + # Service name is like pki-tomcatd@pki-tomcat.service and that file exists + return self.systemd_name + + if len(elements) > 1: + # We have dynamic service + if len(instance_name) > 0: + # Instanciate dynamic service + return "%s@%s.service" % (elements[0], instance_name) + else: + # No instance name, try with target + tgt_name = "%s.target" % (elements[0]) + srv_lib = os.path.join(self.SYSTEMD_LIB_PATH, tgt_name) + if os.path.exists(srv_lib): + return tgt_name + + return self.systemd_name + + def parse_variables(self, text, separator=None): + """ + Parses 'systemctl show' output and returns a dict[variable]=value + Arguments: text -- 'systemctl show' output as string + separator -- optional (defaults to None), what separates the key/value pairs in the text + """ + def splitter(x, separator=None): + if len(x) > 1: + y = x.split(separator) + return (y[0], y[-1]) + return (None,None) + return dict(map(lambda x: splitter(x, separator=separator), text.split("\n"))) + + def __wait_for_open_ports(self, instance_name=""): + """ + If this is a service we need to wait for do so. + """ + ports = None + if instance_name in base.wellknownports: + ports = base.wellknownports[instance_name] + else: + elements = self.systemd_name.split("@") + if elements[0] in base.wellknownports: + ports = base.wellknownports[elements[0]] + if ports: + ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) + + def stop(self, instance_name="", capture_output=True): + ipautil.run(["/bin/systemctl", "stop", self.service_instance(instance_name)], capture_output=capture_output) + if 'context' in api.env and api.env.context in ['ipactl', 'installer']: + update_service_list = True + else: + update_service_list = False + super(SystemdService, self).stop(instance_name,update_service_list=update_service_list) + + def start(self, instance_name="", capture_output=True, wait=True): + ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output) + if 'context' in api.env and api.env.context in ['ipactl', 'installer']: + update_service_list = True + else: + update_service_list = False + if wait and self.is_running(instance_name): + self.__wait_for_open_ports(self.service_instance(instance_name)) + super(SystemdService, self).start(instance_name, update_service_list=update_service_list) + + def restart(self, instance_name="", capture_output=True, wait=True): + # Restart command is broken before systemd-36-3.fc16 + # If you have older systemd version, restart of dependent services will hang systemd indefinetly + ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) + if wait and self.is_running(instance_name): + self.__wait_for_open_ports(self.service_instance(instance_name)) + + def is_running(self, instance_name=""): + ret = True + try: + (sout, serr, rcode) = ipautil.run(["/bin/systemctl", "is-active", self.service_instance(instance_name)],capture_output=True) + if rcode != 0: + ret = False + except ipautil.CalledProcessError: + ret = False + return ret + + def is_installed(self): + installed = True + try: + (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "list-unit-files", "--full"]) + if rcode != 0: + installed = False + else: + svar = self.parse_variables(sout) + if not self.service_instance("") in svar: + # systemd doesn't show the service + installed = False + except ipautil.CalledProcessError, e: + installed = False + return installed + + def is_enabled(self, instance_name=""): + enabled = True + try: + (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "is-enabled", self.service_instance(instance_name)]) + if rcode != 0: + enabled = False + except ipautil.CalledProcessError, e: + enabled = False + return enabled + + def enable(self, instance_name=""): + if self.lib_path_exists is None: + self.lib_path_exists = os.path.exists(self.lib_path) + elements = self.systemd_name.split("@") + l = len(elements) + + if self.lib_path_exists and (l > 1 and elements[1][0] != '.'): + # There is explicit service unit supporting this instance, follow normal systemd enabler + self.__enable(instance_name) + return + + if self.lib_path_exists and (l == 1): + # There is explicit service unit which does not support the instances, ignore instance + self.__enable() + return + + if len(instance_name) > 0 and l > 1: + # New instance, we need to do following: + # 1. Make /etc/systemd/system/.target.wants/ if it is not there + # 2. Link /etc/systemd/system/.target.wants/@.service to + # /lib/systemd/system/@.service + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) + try: + if not ipautil.dir_exists(srv_tgt): + os.mkdir(srv_tgt) + if os.path.exists(srv_lnk): + # Remove old link + os.unlink(srv_lnk) + if not os.path.exists(srv_lnk): + # object does not exist _or_ is a broken link + if not os.path.islink(srv_lnk): + # if it truly does not exist, make a link + os.symlink(self.lib_path, srv_lnk) + else: + # Link exists and it is broken, make new one + os.unlink(srv_lnk) + os.symlink(self.lib_path, srv_lnk) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + except: + pass + else: + self.__enable(instance_name) + + def disable(self, instance_name=""): + elements = self.systemd_name.split("@") + if instance_name != "" and len(elements) > 1: + # Remove instance, we need to do following: + # Remove link from /etc/systemd/system/.target.wants/@.service + # to /lib/systemd/system/@.service + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) + try: + if ipautil.dir_exists(srv_tgt): + if os.path.islink(srv_lnk): + os.unlink(srv_lnk) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + except: + pass + else: + self.__disable(instance_name) + + def __enable(self, instance_name=""): + try: + ipautil.run(["/bin/systemctl", "enable", self.service_instance(instance_name)]) + except ipautil.CalledProcessError, e: + pass + + def __disable(self, instance_name=""): + try: + ipautil.run(["/bin/systemctl", "disable", self.service_instance(instance_name)]) + except ipautil.CalledProcessError, e: + pass + + def install(self): + self.enable() + + def remove(self): + self.disable() diff --git a/ipapython/platform/fedora16.py b/ipapython/platform/fedora16.py deleted file mode 100644 index 628cad13..00000000 --- a/ipapython/platform/fedora16.py +++ /dev/null @@ -1,214 +0,0 @@ -# Author: Alexander Bokovoy -# -# Copyright (C) 2011 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -import os -import time - -from ipapython import ipautil, dogtag -from ipapython.platform import base, redhat, systemd -from ipapython.ipa_log_manager import root_logger -from ipalib import api - -# All what we allow exporting directly from this module -# Everything else is made available through these symbols when they are -# directly imported into ipapython.services: -# authconfig -- class reference for platform-specific implementation of -# authconfig(8) -# service -- class reference for platform-specific implementation of a -# PlatformService class -# knownservices -- factory instance to access named services IPA cares about, -# names are ipapython.services.wellknownservices -# backup_and_replace_hostname -- platform-specific way to set hostname and -# make it persistent over reboots -# restore_network_configuration -- platform-specific way of restoring network -# configuration (e.g. static hostname) -# restore_context -- platform-sepcific way to restore security context, if -# applicable -# check_selinux_status -- platform-specific way to see if SELinux is enabled -# and restorecon is installed. -__all__ = ['authconfig', 'service', 'knownservices', - 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', - 'restore_network_configuration', 'timedate_services'] - -# Just copy a referential list of timedate services -timedate_services = list(base.timedate_services) - -# For beginning just remap names to add .service -# As more services will migrate to systemd, unit names will deviate and -# mapping will be kept in this dictionary -system_units = dict(map(lambda x: (x, "%s.service" % (x)), base.wellknownservices)) - -system_units['rpcgssd'] = 'nfs-secure.service' -system_units['rpcidmapd'] = 'nfs-idmap.service' - -# Rewrite dirsrv and pki-tomcatd services as they support instances via separate -# service generator. To make this working, one needs to have both foo@.servic -# and foo.target -- the latter is used when request should be coming for -# all instances (like stop). systemd, unfortunately, does not allow one -# to request action for all service instances at once if only foo@.service -# unit is available. To add more, if any of those services need to be -# started/stopped automagically, one needs to manually create symlinks in -# /etc/systemd/system/foo.target.wants/ (look into systemd.py's enable() -# code). -system_units['dirsrv'] = 'dirsrv@.service' -# Our directory server instance for PKI is dirsrv@PKI-IPA.service -system_units['pkids'] = 'dirsrv@PKI-IPA.service' -# Old style PKI instance -system_units['pki-cad'] = 'pki-cad@pki-ca.service' -system_units['pki_cad'] = system_units['pki-cad'] -# Our PKI instance is pki-tomcatd@pki-tomcat.service -system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service' -system_units['pki_tomcatd'] = system_units['pki-tomcatd'] - -class Fedora16Service(systemd.SystemdService): - def __init__(self, service_name): - systemd_name = service_name - if service_name in system_units: - systemd_name = system_units[service_name] - else: - if len(service_name.split('.')) == 1: - # if service_name does not have a dot, it is not foo.service - # and not a foo.target. Thus, not correct service name for - # systemd, default to foo.service style then - systemd_name = "%s.service" % (service_name) - super(Fedora16Service, self).__init__(service_name, systemd_name) -# Special handling of directory server service -# -# We need to explicitly enable instances to install proper symlinks as -# dirsrv.target.wants/ dependencies. Standard systemd service class does it -# on enable() method call. Unfortunately, ipa-server-install does not do -# explicit dirsrv.enable() because the service startup is handled by ipactl. -# -# If we wouldn't do this, our instances will not be started as systemd would -# not have any clue about instances (PKI-IPA and the domain we serve) at all. -# Thus, hook into dirsrv.restart(). -class Fedora16DirectoryService(Fedora16Service): - def enable(self, instance_name=""): - super(Fedora16DirectoryService, self).enable(instance_name) - dirsrv_systemd = "/etc/sysconfig/dirsrv.systemd" - if os.path.exists(dirsrv_systemd): - # We need to enable LimitNOFILE=8192 in the dirsrv@.service - # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the - # service parameters is performed via - # /etc/sysconfig/dirsrv.systemd file which is imported by systemd - # into dirsrv@.service unit - replacevars = {'LimitNOFILE':'8192'} - ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars) - restore_context(dirsrv_systemd) - ipautil.run(["/bin/systemctl", "--system", "daemon-reload"],raiseonerr=False) - - def restart(self, instance_name="", capture_output=True, wait=True): - if len(instance_name) > 0: - elements = self.systemd_name.split("@") - srv_etc = os.path.join(self.SYSTEMD_ETC_PATH, self.systemd_name) - srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) - srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) - if not os.path.exists(srv_etc): - self.enable(instance_name) - elif not os.path.samefile(srv_etc, srv_lnk): - os.unlink(srv_lnk) - os.symlink(srv_etc, srv_lnk) - super(Fedora16DirectoryService, self).restart(instance_name, capture_output=capture_output, wait=wait) - -# Enforce restart of IPA services when we do enable it -# This gets around the fact that after ipa-server-install systemd thinks -# ipa.service is not yet started but all services were actually started -# already. -class Fedora16IPAService(Fedora16Service): - def enable(self, instance_name=""): - super(Fedora16IPAService, self).enable(instance_name) - self.restart(instance_name) - -class Fedora16SSHService(Fedora16Service): - def get_config_dir(self, instance_name=""): - return '/etc/ssh' - - -class Fedora16CAService(Fedora16Service): - def __wait_until_running(self): - # We must not wait for the httpd proxy if httpd is not set up yet. - # Unfortunately, knownservices.httpd.is_installed() can return - # false positives, so check for existence of our configuration file. - # TODO: Use a cleaner solution - if not os.path.exists('/etc/httpd/conf.d/ipa.conf'): - root_logger.debug( - 'The httpd proxy is not installed, skipping wait for CA') - return - if dogtag.install_constants.DOGTAG_VERSION < 10: - # The server status information isn't available on DT 9 - root_logger.debug('Using Dogtag 9, skipping wait for CA') - return - root_logger.debug('Waiting until the CA is running') - timeout = api.env.startup_timeout - op_timeout = time.time() + timeout - while time.time() < op_timeout: - status = dogtag.ca_status() - root_logger.debug('The CA status is: %s' % status) - if status == 'running': - break - root_logger.debug('Waiting for CA to start...') - time.sleep(1) - else: - raise RuntimeError('CA did not start in %ss' % timeout) - - def start(self, instance_name="", capture_output=True, wait=True): - super(Fedora16CAService, self).start( - instance_name, capture_output=capture_output, wait=wait) - if wait: - self.__wait_until_running() - - def restart(self, instance_name="", capture_output=True, wait=True): - super(Fedora16CAService, self).restart( - instance_name, capture_output=capture_output, wait=wait) - if wait: - self.__wait_until_running() - - -# Redirect directory server service through special sub-class due to its -# special handling of instances -def f16_service(name): - if name == 'dirsrv': - return Fedora16DirectoryService(name) - if name == 'ipa': - return Fedora16IPAService(name) - if name == 'sshd': - return Fedora16SSHService(name) - if name in ('pki-cad', 'pki_cad', 'pki-tomcatd', 'pki_tomcatd'): - return Fedora16CAService(name) - return Fedora16Service(name) - -class Fedora16Services(base.KnownServices): - def __init__(self): - services = dict() - for s in base.wellknownservices: - services[s] = f16_service(s) - # Call base class constructor. This will lock services to read-only - super(Fedora16Services, self).__init__(services) - -def restore_context(filepath, restorecon='/usr/sbin/restorecon'): - return redhat.restore_context(filepath, restorecon) - -def check_selinux_status(restorecon='/usr/sbin/restorecon'): - return redhat.check_selinux_status(restorecon) - -authconfig = redhat.authconfig -service = f16_service -knownservices = Fedora16Services() -backup_and_replace_hostname = redhat.backup_and_replace_hostname -restore_network_configuration = redhat.restore_network_configuration diff --git a/ipapython/platform/fedora16/__init__.py b/ipapython/platform/fedora16/__init__.py new file mode 100644 index 00000000..26a6afd2 --- /dev/null +++ b/ipapython/platform/fedora16/__init__.py @@ -0,0 +1,52 @@ +# Author: Alexander Bokovoy +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +from ipapython.platform import base, redhat +from ipapython.platform.fedora16 import selinux +from ipapython.platform.fedora16.service import f16_service, Fedora16Services + +# All what we allow exporting directly from this module +# Everything else is made available through these symbols when they are +# directly imported into ipapython.services: +# authconfig -- class reference for platform-specific implementation of +# authconfig(8) +# service -- class reference for platform-specific implementation of a +# PlatformService class +# knownservices -- factory instance to access named services IPA cares about, +# names are ipapython.services.wellknownservices +# backup_and_replace_hostname -- platform-specific way to set hostname and +# make it persistent over reboots +# restore_context -- platform-sepcific way to restore security context, if +# applicable +# check_selinux_status -- platform-specific way to see if SELinux is enabled +# and restorecon is installed. +__all__ = ['authconfig', 'service', 'knownservices', + 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', + 'restore_network_configuration', 'timedate_services'] + +# Just copy a referential list of timedate services +timedate_services = list(base.timedate_services) + +authconfig = redhat.authconfig +service = f16_service +knownservices = Fedora16Services() +backup_and_replace_hostname = redhat.backup_and_replace_hostname +restore_context = selinux.restore_context +check_selinux_status = selinux.check_selinux_status +restore_network_configuration = redhat.restore_network_configuration diff --git a/ipapython/platform/fedora16/selinux.py b/ipapython/platform/fedora16/selinux.py new file mode 100644 index 00000000..cf71a38e --- /dev/null +++ b/ipapython/platform/fedora16/selinux.py @@ -0,0 +1,26 @@ +# Author: Alexander Bokovoy +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +from ipapython.platform import redhat + +def restore_context(filepath, restorecon='/usr/sbin/restorecon'): + return redhat.restore_context(filepath, restorecon) + +def check_selinux_status(restorecon='/usr/sbin/restorecon'): + return redhat.check_selinux_status(restorecon) diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py new file mode 100644 index 00000000..c2e35d32 --- /dev/null +++ b/ipapython/platform/fedora16/service.py @@ -0,0 +1,179 @@ +# Author: Alexander Bokovoy +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import os +import time + +from ipapython import ipautil, dogtag +from ipapython.platform import base, redhat +from ipapython.platform.base import systemd +from ipapython.platform.fedora16 import selinux +from ipapython.ipa_log_manager import root_logger +from ipalib import api + +# For beginning just remap names to add .service +# As more services will migrate to systemd, unit names will deviate and +# mapping will be kept in this dictionary +system_units = dict(map(lambda x: (x, "%s.service" % (x)), base.wellknownservices)) + +system_units['rpcgssd'] = 'nfs-secure.service' +system_units['rpcidmapd'] = 'nfs-idmap.service' + +# Rewrite dirsrv and pki-tomcatd services as they support instances via separate +# service generator. To make this working, one needs to have both foo@.servic +# and foo.target -- the latter is used when request should be coming for +# all instances (like stop). systemd, unfortunately, does not allow one +# to request action for all service instances at once if only foo@.service +# unit is available. To add more, if any of those services need to be +# started/stopped automagically, one needs to manually create symlinks in +# /etc/systemd/system/foo.target.wants/ (look into systemd.py's enable() +# code). +system_units['dirsrv'] = 'dirsrv@.service' +# Our directory server instance for PKI is dirsrv@PKI-IPA.service +system_units['pkids'] = 'dirsrv@PKI-IPA.service' +# Old style PKI instance +system_units['pki-cad'] = 'pki-cad@pki-ca.service' +system_units['pki_cad'] = system_units['pki-cad'] +# Our PKI instance is pki-tomcatd@pki-tomcat.service +system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service' +system_units['pki_tomcatd'] = system_units['pki-tomcatd'] + +class Fedora16Service(systemd.SystemdService): + def __init__(self, service_name): + systemd_name = service_name + if service_name in system_units: + systemd_name = system_units[service_name] + else: + if len(service_name.split('.')) == 1: + # if service_name does not have a dot, it is not foo.service + # and not a foo.target. Thus, not correct service name for + # systemd, default to foo.service style then + systemd_name = "%s.service" % (service_name) + super(Fedora16Service, self).__init__(service_name, systemd_name) + +# Special handling of directory server service +# +# We need to explicitly enable instances to install proper symlinks as +# dirsrv.target.wants/ dependencies. Standard systemd service class does it +# on enable() method call. Unfortunately, ipa-server-install does not do +# explicit dirsrv.enable() because the service startup is handled by ipactl. +# +# If we wouldn't do this, our instances will not be started as systemd would +# not have any clue about instances (PKI-IPA and the domain we serve) at all. +# Thus, hook into dirsrv.restart(). +class Fedora16DirectoryService(Fedora16Service): + def enable(self, instance_name=""): + super(Fedora16DirectoryService, self).enable(instance_name) + dirsrv_systemd = "/etc/sysconfig/dirsrv.systemd" + if os.path.exists(dirsrv_systemd): + # We need to enable LimitNOFILE=8192 in the dirsrv@.service + # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the + # service parameters is performed via + # /etc/sysconfig/dirsrv.systemd file which is imported by systemd + # into dirsrv@.service unit + replacevars = {'LimitNOFILE':'8192'} + ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars) + selinux.restore_context(dirsrv_systemd) + ipautil.run(["/bin/systemctl", "--system", "daemon-reload"],raiseonerr=False) + + def restart(self, instance_name="", capture_output=True, wait=True): + if len(instance_name) > 0: + elements = self.systemd_name.split("@") + srv_etc = os.path.join(self.SYSTEMD_ETC_PATH, self.systemd_name) + srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) + srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) + if not os.path.exists(srv_etc): + self.enable(instance_name) + elif not os.path.samefile(srv_etc, srv_lnk): + os.unlink(srv_lnk) + os.symlink(srv_etc, srv_lnk) + super(Fedora16DirectoryService, self).restart(instance_name, capture_output=capture_output, wait=wait) + +# Enforce restart of IPA services when we do enable it +# This gets around the fact that after ipa-server-install systemd thinks +# ipa.service is not yet started but all services were actually started +# already. +class Fedora16IPAService(Fedora16Service): + def enable(self, instance_name=""): + super(Fedora16IPAService, self).enable(instance_name) + self.restart(instance_name) + +class Fedora16SSHService(Fedora16Service): + def get_config_dir(self, instance_name=""): + return '/etc/ssh' + +class Fedora16CAService(Fedora16Service): + def __wait_until_running(self): + # We must not wait for the httpd proxy if httpd is not set up yet. + # Unfortunately, knownservices.httpd.is_installed() can return + # false positives, so check for existence of our configuration file. + # TODO: Use a cleaner solution + if not os.path.exists('/etc/httpd/conf.d/ipa.conf'): + root_logger.debug( + 'The httpd proxy is not installed, skipping wait for CA') + return + if dogtag.install_constants.DOGTAG_VERSION < 10: + # The server status information isn't available on DT 9 + root_logger.debug('Using Dogtag 9, skipping wait for CA') + return + root_logger.debug('Waiting until the CA is running') + timeout = api.env.startup_timeout + op_timeout = time.time() + timeout + while time.time() < op_timeout: + status = dogtag.ca_status() + root_logger.debug('The CA status is: %s' % status) + if status == 'running': + break + root_logger.debug('Waiting for CA to start...') + time.sleep(1) + else: + raise RuntimeError('CA did not start in %ss' % timeout) + + def start(self, instance_name="", capture_output=True, wait=True): + super(Fedora16CAService, self).start( + instance_name, capture_output=capture_output, wait=wait) + if wait: + self.__wait_until_running() + + def restart(self, instance_name="", capture_output=True, wait=True): + super(Fedora16CAService, self).restart( + instance_name, capture_output=capture_output, wait=wait) + if wait: + self.__wait_until_running() + +# Redirect directory server service through special sub-class due to its +# special handling of instances +def f16_service(name): + if name == 'dirsrv': + return Fedora16DirectoryService(name) + if name == 'ipa': + return Fedora16IPAService(name) + if name == 'sshd': + return Fedora16SSHService(name) + if name in ('pki-cad', 'pki_cad', 'pki-tomcatd', 'pki_tomcatd'): + return Fedora16CAService(name) + return Fedora16Service(name) + +class Fedora16Services(base.KnownServices): + def __init__(self): + services = dict() + for s in base.wellknownservices: + services[s] = f16_service(s) + # Call base class constructor. This will lock services to read-only + super(Fedora16Services, self).__init__(services) diff --git a/ipapython/platform/fedora18.py b/ipapython/platform/fedora18.py deleted file mode 100644 index d12bdcad..00000000 --- a/ipapython/platform/fedora18.py +++ /dev/null @@ -1,113 +0,0 @@ -# Author: Martin Kosek -# -# Copyright (C) 2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -import stat -import sys -import socket -import os - -from ipapython import ipautil -from ipapython.platform import fedora16, base - -# All what we allow exporting directly from this module -# Everything else is made available through these symbols when they are -# directly imported into ipapython.services: -# authconfig -- class reference for platform-specific implementation of -# authconfig(8) -# service -- class reference for platform-specific implementation of a -# PlatformService class -# knownservices -- factory instance to access named services IPA cares about, -# names are ipapython.services.wellknownservices -# backup_and_replace_hostname -- platform-specific way to set hostname and -# make it persistent over reboots -# restore_network_configuration -- platform-specific way of restoring network -# configuration (e.g. static hostname) -# restore_context -- platform-sepcific way to restore security context, if -# applicable -# check_selinux_status -- platform-specific way to see if SELinux is enabled -# and restorecon is installed. -__all__ = ['authconfig', 'service', 'knownservices', - 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', - 'restore_network_configuration', 'timedate_services'] - -# Just copy a referential list of timedate services -timedate_services = list(base.timedate_services) - -def backup_and_replace_hostname(fstore, statestore, hostname): - old_hostname = socket.gethostname() - try: - ipautil.run(['/bin/hostname', hostname]) - except ipautil.CalledProcessError, e: - print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) - - filepath = '/etc/hostname' - if os.path.exists(filepath): - # read old hostname - with open(filepath, 'r') as f: - for line in f.readlines(): - line = line.strip() - if not line or line.startswith('#'): - # skip comment or empty line - continue - old_hostname = line - break - fstore.backup_file(filepath) - - with open(filepath, 'w') as f: - f.write("%s\n" % hostname) - os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) - os.chown(filepath, 0, 0) - restore_context(filepath) - - # store old hostname - statestore.backup_state('network', 'hostname', old_hostname) - -def restore_network_configuration(fstore, statestore): - old_filepath = '/etc/sysconfig/network' - old_hostname = statestore.get_state('network', 'hostname') - hostname_was_configured = False - - if fstore.has_file(old_filepath): - # This is Fedora >=18 instance that was upgraded from previous - # Fedora version which held network configuration - # in /etc/sysconfig/network - old_filepath_restore = '/etc/sysconfig/network.ipabkp' - fstore.restore_file(old_filepath, old_filepath_restore) - print "Deprecated configuration file '%s' was restored to '%s'" \ - % (old_filepath, old_filepath_restore) - hostname_was_configured = True - - filepath = '/etc/hostname' - if fstore.has_file(filepath): - fstore.restore_file(filepath) - hostname_was_configured = True - - if not hostname_was_configured and old_hostname: - # hostname was not configured before but was set by IPA. Delete - # /etc/hostname to restore previous configuration - try: - os.remove(filepath) - except OSError: - pass - -authconfig = fedora16.authconfig -service = fedora16.service -knownservices = fedora16.knownservices -restore_context = fedora16.restore_context -check_selinux_status = fedora16.check_selinux_status diff --git a/ipapython/platform/fedora18/__init__.py b/ipapython/platform/fedora18/__init__.py new file mode 100644 index 00000000..d12bdcad --- /dev/null +++ b/ipapython/platform/fedora18/__init__.py @@ -0,0 +1,113 @@ +# Author: Martin Kosek +# +# Copyright (C) 2012 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import stat +import sys +import socket +import os + +from ipapython import ipautil +from ipapython.platform import fedora16, base + +# All what we allow exporting directly from this module +# Everything else is made available through these symbols when they are +# directly imported into ipapython.services: +# authconfig -- class reference for platform-specific implementation of +# authconfig(8) +# service -- class reference for platform-specific implementation of a +# PlatformService class +# knownservices -- factory instance to access named services IPA cares about, +# names are ipapython.services.wellknownservices +# backup_and_replace_hostname -- platform-specific way to set hostname and +# make it persistent over reboots +# restore_network_configuration -- platform-specific way of restoring network +# configuration (e.g. static hostname) +# restore_context -- platform-sepcific way to restore security context, if +# applicable +# check_selinux_status -- platform-specific way to see if SELinux is enabled +# and restorecon is installed. +__all__ = ['authconfig', 'service', 'knownservices', + 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', + 'restore_network_configuration', 'timedate_services'] + +# Just copy a referential list of timedate services +timedate_services = list(base.timedate_services) + +def backup_and_replace_hostname(fstore, statestore, hostname): + old_hostname = socket.gethostname() + try: + ipautil.run(['/bin/hostname', hostname]) + except ipautil.CalledProcessError, e: + print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) + + filepath = '/etc/hostname' + if os.path.exists(filepath): + # read old hostname + with open(filepath, 'r') as f: + for line in f.readlines(): + line = line.strip() + if not line or line.startswith('#'): + # skip comment or empty line + continue + old_hostname = line + break + fstore.backup_file(filepath) + + with open(filepath, 'w') as f: + f.write("%s\n" % hostname) + os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) + os.chown(filepath, 0, 0) + restore_context(filepath) + + # store old hostname + statestore.backup_state('network', 'hostname', old_hostname) + +def restore_network_configuration(fstore, statestore): + old_filepath = '/etc/sysconfig/network' + old_hostname = statestore.get_state('network', 'hostname') + hostname_was_configured = False + + if fstore.has_file(old_filepath): + # This is Fedora >=18 instance that was upgraded from previous + # Fedora version which held network configuration + # in /etc/sysconfig/network + old_filepath_restore = '/etc/sysconfig/network.ipabkp' + fstore.restore_file(old_filepath, old_filepath_restore) + print "Deprecated configuration file '%s' was restored to '%s'" \ + % (old_filepath, old_filepath_restore) + hostname_was_configured = True + + filepath = '/etc/hostname' + if fstore.has_file(filepath): + fstore.restore_file(filepath) + hostname_was_configured = True + + if not hostname_was_configured and old_hostname: + # hostname was not configured before but was set by IPA. Delete + # /etc/hostname to restore previous configuration + try: + os.remove(filepath) + except OSError: + pass + +authconfig = fedora16.authconfig +service = fedora16.service +knownservices = fedora16.knownservices +restore_context = fedora16.restore_context +check_selinux_status = fedora16.check_selinux_status diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py deleted file mode 100644 index 274062e4..00000000 --- a/ipapython/platform/redhat.py +++ /dev/null @@ -1,261 +0,0 @@ -# Authors: Simo Sorce -# Alexander Bokovoy -# -# Copyright (C) 2007-2011 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -import tempfile -import re -import os -import stat -import sys -import socket -import stat -import time - -from ipapython import ipautil -from ipapython.platform import base -from ipapython.ipa_log_manager import root_logger -from ipalib import api - -# All what we allow exporting directly from this module -# Everything else is made available through these symbols when they are -# directly imported into ipapython.services: -# -# authconfig -- class reference for platform-specific implementation of -# authconfig(8) -# service -- class reference for platform-specific implementation of a -# PlatformService class -# knownservices -- factory instance to access named services IPA cares about, -# names are ipapython.services.wellknownservices -# backup_and_replace_hostname -- platform-specific way to set hostname and -# make it persistent over reboots -# restore_network_configuration -- platform-specific way of restoring network -# configuration (e.g. static hostname) -# restore_context -- platform-sepcific way to restore security context, if -# applicable -# check_selinux_status -- platform-specific way to see if SELinux is enabled -# and restorecon is installed. -__all__ = ['authconfig', 'service', 'knownservices', - 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', - 'restore_network_configuration', 'timedate_services'] - -# Just copy a referential list of timedate services -timedate_services = list(base.timedate_services) - -class RedHatService(base.PlatformService): - def __wait_for_open_ports(self, instance_name=""): - """ - If this is a service we need to wait for do so. - """ - ports = None - if instance_name in base.wellknownports: - ports = base.wellknownports[instance_name] - else: - if self.service_name in base.wellknownports: - ports = base.wellknownports[self.service_name] - if ports: - ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) - - def stop(self, instance_name="", capture_output=True): - ipautil.run(["/sbin/service", self.service_name, "stop", instance_name], capture_output=capture_output) - super(RedHatService, self).stop(instance_name) - - def start(self, instance_name="", capture_output=True, wait=True): - ipautil.run(["/sbin/service", self.service_name, "start", instance_name], capture_output=capture_output) - if wait and self.is_running(instance_name): - self.__wait_for_open_ports(instance_name) - super(RedHatService, self).start(instance_name) - - def restart(self, instance_name="", capture_output=True, wait=True): - ipautil.run(["/sbin/service", self.service_name, "restart", instance_name], capture_output=capture_output) - if wait and self.is_running(instance_name): - self.__wait_for_open_ports(instance_name) - - def is_running(self, instance_name=""): - ret = True - try: - (sout,serr,rcode) = ipautil.run(["/sbin/service", self.service_name, "status", instance_name]) - if sout.find("is stopped") >= 0: - ret = False - except ipautil.CalledProcessError: - ret = False - return ret - - def is_installed(self): - installed = True - try: - ipautil.run(["/sbin/service", self.service_name, "status"]) - except ipautil.CalledProcessError, e: - if e.returncode == 1: - # service is not installed or there is other serious issue - installed = False - return installed - - def is_enabled(self, instance_name=""): - (stdout, stderr, returncode) = ipautil.run(["/sbin/chkconfig", self.service_name],raiseonerr=False) - return (returncode == 0) - - def enable(self, instance_name=""): - ipautil.run(["/sbin/chkconfig", self.service_name, "on"]) - - def disable(self, instance_name=""): - ipautil.run(["/sbin/chkconfig", self.service_name, "off"]) - - def install(self, instance_name=""): - ipautil.run(["/sbin/chkconfig", "--add", self.service_name]) - - def remove(self, instance_name=""): - ipautil.run(["/sbin/chkconfig", "--del", self.service_name]) - -class RedHatSSHService(RedHatService): - def get_config_dir(self, instance_name=""): - return '/etc/ssh' - -class RedHatHTTPDService(RedHatService): - def restart(self, instance_name="", capture_output=True, wait=True): - try: - super(RedHatHTTPDService, self).restart(instance_name, capture_output, wait) - except ipautil.CalledProcessError: - # http may have issues with binding to ports, try to fallback - # https://bugzilla.redhat.com/show_bug.cgi?id=845405 - root_logger.debug("%s restart failed, try to stop&start again", self.service_name) - time.sleep(5) - self.stop(instance_name, capture_output) - time.sleep(5) - self.start(instance_name, capture_output, wait) - -class RedHatAuthConfig(base.AuthConfig): - """ - AuthConfig class implements system-independent interface to configure - system authentication resources. In Red Hat-produced systems this is done with - authconfig(8) utility. - """ - def __build_args(self): - args = [] - for (option, value) in self.parameters.items(): - if type(value) is bool: - if value: - args.append("--enable%s" % (option)) - else: - args.append("--disable%s" % (option)) - elif type(value) in (tuple, list): - args.append("--%s" % (option)) - args.append("%s" % (value[0])) - elif value is None: - args.append("--%s" % (option)) - else: - args.append("--%s%s" % (option,value)) - return args - - def execute(self): - args = self.__build_args() - ipautil.run(["/usr/sbin/authconfig"]+args) - -def redhat_service(name): - if name == 'sshd': - return RedHatSSHService(name) - elif name == 'httpd': - return RedHatHTTPDService(name) - return RedHatService(name) - -class RedHatServices(base.KnownServices): - def __init__(self): - services = dict() - for s in base.wellknownservices: - services[s] = redhat_service(s) - # Call base class constructor. This will lock services to read-only - super(RedHatServices, self).__init__(services) - -authconfig = RedHatAuthConfig -service = redhat_service -knownservices = RedHatServices() - -def restore_context(filepath, restorecon='/sbin/restorecon'): - """ - restore security context on the file path - SELinux equivalent is /path/to/restorecon - - restorecon's return values are not reliable so we have to - ignore them (BZ #739604). - - ipautil.run() will do the logging. - """ - try: - if (os.path.exists('/usr/sbin/selinuxenabled')): - ipautil.run(["/usr/sbin/selinuxenabled"]) - else: - # No selinuxenabled, no SELinux - return - except ipautil.CalledProcessError: - # selinuxenabled returns 1 if not enabled - return - - if (os.path.exists(restorecon)): - ipautil.run([restorecon, filepath], raiseonerr=False) - -def backup_and_replace_hostname(fstore, statestore, hostname): - old_hostname = socket.gethostname() - try: - ipautil.run(['/bin/hostname', hostname]) - except ipautil.CalledProcessError, e: - print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) - replacevars = {'HOSTNAME':hostname} - - filepath = '/etc/sysconfig/network' - if not os.path.exists(filepath): - # file doesn't exist; create it with correct ownership & mode - open(filepath, 'a').close() - os.chmod(filepath, - stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) - os.chown(filepath, 0, 0) - old_values = ipautil.backup_config_and_replace_variables( - fstore, filepath, replacevars=replacevars) - restore_context("/etc/sysconfig/network") - - if 'HOSTNAME' in old_values: - statestore.backup_state('network', 'hostname', old_values['HOSTNAME']) - else: - statestore.backup_state('network', 'hostname', old_hostname) - -def restore_network_configuration(fstore, statestore): - filepath = '/etc/sysconfig/network' - if fstore.has_file(filepath): - fstore.restore_file(filepath) - -def check_selinux_status(restorecon='/sbin/restorecon'): - """ - We don't have a specific package requirement for policycoreutils - which provides restorecon. This is because we don't require - SELinux on client installs. However if SELinux is enabled then - this package is required. - - This function returns nothing but may raise a Runtime exception - if SELinux is enabled but restorecon is not available. - """ - try: - if (os.path.exists('/usr/sbin/selinuxenabled')): - ipautil.run(["/usr/sbin/selinuxenabled"]) - else: - # No selinuxenabled, no SELinux - return - except ipautil.CalledProcessError: - # selinuxenabled returns 1 if not enabled - return - - if not os.path.exists(restorecon): - raise RuntimeError('SELinux is enabled but %s does not exist.\nInstall the policycoreutils package and start the installation again.' % restorecon) diff --git a/ipapython/platform/redhat/__init__.py b/ipapython/platform/redhat/__init__.py new file mode 100644 index 00000000..f7680e7e --- /dev/null +++ b/ipapython/platform/redhat/__init__.py @@ -0,0 +1,133 @@ +# Authors: Simo Sorce +# Alexander Bokovoy +# +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import os +import socket +import stat +import sys + +from ipapython import ipautil +from ipapython.platform import base +from ipapython.platform.redhat.auth import RedHatAuthConfig +from ipapython.platform.redhat.service import redhat_service, RedHatServices + +# All what we allow exporting directly from this module +# Everything else is made available through these symbols when they are +# directly imported into ipapython.services: +# +# authconfig -- class reference for platform-specific implementation of +# authconfig(8) +# service -- class reference for platform-specific implementation of a +# PlatformService class +# knownservices -- factory instance to access named services IPA cares about, +# names are ipapython.services.wellknownservices +# backup_and_replace_hostname -- platform-specific way to set hostname and +# make it persistent over reboots +# restore_network_configuration -- platform-specific way of restoring network +# configuration (e.g. static hostname) +# restore_context -- platform-sepcific way to restore security context, if +# applicable +# check_selinux_status -- platform-specific way to see if SELinux is enabled +# and restorecon is installed. +__all__ = ['authconfig', 'service', 'knownservices', + 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', + 'restore_network_configuration', 'timedate_services'] + +# Just copy a referential list of timedate services +timedate_services = list(base.timedate_services) + +authconfig = RedHatAuthConfig +service = redhat_service +knownservices = RedHatServices() + +def restore_context(filepath, restorecon='/sbin/restorecon'): + """ + restore security context on the file path + SELinux equivalent is /path/to/restorecon + + restorecon's return values are not reliable so we have to + ignore them (BZ #739604). + + ipautil.run() will do the logging. + """ + try: + if (os.path.exists('/usr/sbin/selinuxenabled')): + ipautil.run(["/usr/sbin/selinuxenabled"]) + else: + # No selinuxenabled, no SELinux + return + except ipautil.CalledProcessError: + # selinuxenabled returns 1 if not enabled + return + + if (os.path.exists(restorecon)): + ipautil.run([restorecon, filepath], raiseonerr=False) + +def backup_and_replace_hostname(fstore, statestore, hostname): + old_hostname = socket.gethostname() + try: + ipautil.run(['/bin/hostname', hostname]) + except ipautil.CalledProcessError, e: + print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) + replacevars = {'HOSTNAME':hostname} + + filepath = '/etc/sysconfig/network' + if not os.path.exists(filepath): + # file doesn't exist; create it with correct ownership & mode + open(filepath, 'a').close() + os.chmod(filepath, + stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) + os.chown(filepath, 0, 0) + old_values = ipautil.backup_config_and_replace_variables( + fstore, filepath, replacevars=replacevars) + restore_context("/etc/sysconfig/network") + + if 'HOSTNAME' in old_values: + statestore.backup_state('network', 'hostname', old_values['HOSTNAME']) + else: + statestore.backup_state('network', 'hostname', old_hostname) + +def check_selinux_status(restorecon='/sbin/restorecon'): + """ + We don't have a specific package requirement for policycoreutils + which provides restorecon. This is because we don't require + SELinux on client installs. However if SELinux is enabled then + this package is required. + + This function returns nothing but may raise a Runtime exception + if SELinux is enabled but restorecon is not available. + """ + try: + if (os.path.exists('/usr/sbin/selinuxenabled')): + ipautil.run(["/usr/sbin/selinuxenabled"]) + else: + # No selinuxenabled, no SELinux + return + except ipautil.CalledProcessError: + # selinuxenabled returns 1 if not enabled + return + + if not os.path.exists(restorecon): + raise RuntimeError('SELinux is enabled but %s does not exist.\nInstall the policycoreutils package and start the installation again.' % restorecon) + +def restore_network_configuration(fstore, statestore): + filepath = '/etc/sysconfig/network' + if fstore.has_file(filepath): + fstore.restore_file(filepath) diff --git a/ipapython/platform/redhat/auth.py b/ipapython/platform/redhat/auth.py new file mode 100644 index 00000000..93c3c5e9 --- /dev/null +++ b/ipapython/platform/redhat/auth.py @@ -0,0 +1,49 @@ +# Authors: Simo Sorce +# Alexander Bokovoy +# +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +from ipapython import ipautil +from ipapython.platform import base + +class RedHatAuthConfig(base.AuthConfig): + """ + AuthConfig class implements system-independent interface to configure + system authentication resources. In Red Hat-produced systems this is done with + authconfig(8) utility. + """ + def __build_args(self): + args = [] + for (option, value) in self.parameters.items(): + if type(value) is bool: + if value: + args.append("--enable%s" % (option)) + else: + args.append("--disable%s" % (option)) + elif type(value) in (tuple, list): + args.append("--%s" % (option)) + args.append("%s" % (value[0])) + elif value is None: + args.append("--%s" % (option)) + else: + args.append("--%s%s" % (option,value)) + return args + + def execute(self): + args = self.__build_args() + ipautil.run(["/usr/sbin/authconfig"]+args) diff --git a/ipapython/platform/redhat/service.py b/ipapython/platform/redhat/service.py new file mode 100644 index 00000000..61511b48 --- /dev/null +++ b/ipapython/platform/redhat/service.py @@ -0,0 +1,123 @@ +# Authors: Simo Sorce +# Alexander Bokovoy +# +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import time + +from ipapython import ipautil +from ipapython.ipa_log_manager import root_logger +from ipapython.platform import base +from ipalib import api + +class RedHatService(base.PlatformService): + def __wait_for_open_ports(self, instance_name=""): + """ + If this is a service we need to wait for do so. + """ + ports = None + if instance_name in base.wellknownports: + ports = base.wellknownports[instance_name] + else: + if self.service_name in base.wellknownports: + ports = base.wellknownports[self.service_name] + if ports: + ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) + + def stop(self, instance_name="", capture_output=True): + ipautil.run(["/sbin/service", self.service_name, "stop", instance_name], capture_output=capture_output) + super(RedHatService, self).stop(instance_name) + + def start(self, instance_name="", capture_output=True, wait=True): + ipautil.run(["/sbin/service", self.service_name, "start", instance_name], capture_output=capture_output) + if wait and self.is_running(instance_name): + self.__wait_for_open_ports(instance_name) + super(RedHatService, self).start(instance_name) + + def restart(self, instance_name="", capture_output=True, wait=True): + ipautil.run(["/sbin/service", self.service_name, "restart", instance_name], capture_output=capture_output) + if wait and self.is_running(instance_name): + self.__wait_for_open_ports(instance_name) + + def is_running(self, instance_name=""): + ret = True + try: + (sout,serr,rcode) = ipautil.run(["/sbin/service", self.service_name, "status", instance_name]) + if sout.find("is stopped") >= 0: + ret = False + except ipautil.CalledProcessError: + ret = False + return ret + + def is_installed(self): + installed = True + try: + ipautil.run(["/sbin/service", self.service_name, "status"]) + except ipautil.CalledProcessError, e: + if e.returncode == 1: + # service is not installed or there is other serious issue + installed = False + return installed + + def is_enabled(self, instance_name=""): + (stdout, stderr, returncode) = ipautil.run(["/sbin/chkconfig", self.service_name],raiseonerr=False) + return (returncode == 0) + + def enable(self, instance_name=""): + ipautil.run(["/sbin/chkconfig", self.service_name, "on"]) + + def disable(self, instance_name=""): + ipautil.run(["/sbin/chkconfig", self.service_name, "off"]) + + def install(self, instance_name=""): + ipautil.run(["/sbin/chkconfig", "--add", self.service_name]) + + def remove(self, instance_name=""): + ipautil.run(["/sbin/chkconfig", "--del", self.service_name]) + +class RedHatSSHService(RedHatService): + def get_config_dir(self, instance_name=""): + return '/etc/ssh' + +class RedHatHTTPDService(RedHatService): + def restart(self, instance_name="", capture_output=True, wait=True): + try: + super(RedHatHTTPDService, self).restart(instance_name, capture_output, wait) + except ipautil.CalledProcessError: + # http may have issues with binding to ports, try to fallback + # https://bugzilla.redhat.com/show_bug.cgi?id=845405 + root_logger.debug("%s restart failed, try to stop&start again", self.service_name) + time.sleep(5) + self.stop(instance_name, capture_output) + time.sleep(5) + self.start(instance_name, capture_output, wait) + +def redhat_service(name): + if name == 'sshd': + return RedHatSSHService(name) + elif name == 'httpd': + return RedHatHTTPDService(name) + return RedHatService(name) + +class RedHatServices(base.KnownServices): + def __init__(self): + services = dict() + for s in base.wellknownservices: + services[s] = redhat_service(s) + # Call base class constructor. This will lock services to read-only + super(RedHatServices, self).__init__(services) diff --git a/ipapython/platform/systemd.py b/ipapython/platform/systemd.py deleted file mode 100644 index 4e8a03f2..00000000 --- a/ipapython/platform/systemd.py +++ /dev/null @@ -1,230 +0,0 @@ -# Author: Alexander Bokovoy -# -# Copyright (C) 2011 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -from ipapython import ipautil -from ipapython.platform import base -import sys, os, shutil -from ipalib import api - -class SystemdService(base.PlatformService): - SYSTEMD_ETC_PATH = "/etc/systemd/system/" - SYSTEMD_LIB_PATH = "/lib/systemd/system/" - SYSTEMD_SRV_TARGET = "%s.target.wants" - - def __init__(self, service_name, systemd_name): - super(SystemdService, self).__init__(service_name) - self.systemd_name = systemd_name - self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name) - self.lib_path_exists = None - - def service_instance(self, instance_name): - if self.lib_path_exists is None: - self.lib_path_exists = os.path.exists(self.lib_path) - - elements = self.systemd_name.split("@") - - # Short-cut: if there is already exact service name, return it - if self.lib_path_exists and len(instance_name) == 0: - if len(elements) == 1: - # service name is like pki-tomcatd.target or krb5kdc.service - return self.systemd_name - if len(elements) > 1 and elements[1][0] != '.': - # Service name is like pki-tomcatd@pki-tomcat.service and that file exists - return self.systemd_name - - if len(elements) > 1: - # We have dynamic service - if len(instance_name) > 0: - # Instanciate dynamic service - return "%s@%s.service" % (elements[0], instance_name) - else: - # No instance name, try with target - tgt_name = "%s.target" % (elements[0]) - srv_lib = os.path.join(self.SYSTEMD_LIB_PATH, tgt_name) - if os.path.exists(srv_lib): - return tgt_name - - return self.systemd_name - - def parse_variables(self, text, separator=None): - """ - Parses 'systemctl show' output and returns a dict[variable]=value - Arguments: text -- 'systemctl show' output as string - separator -- optional (defaults to None), what separates the key/value pairs in the text - """ - def splitter(x, separator=None): - if len(x) > 1: - y = x.split(separator) - return (y[0], y[-1]) - return (None,None) - return dict(map(lambda x: splitter(x, separator=separator), text.split("\n"))) - - def __wait_for_open_ports(self, instance_name=""): - """ - If this is a service we need to wait for do so. - """ - ports = None - if instance_name in base.wellknownports: - ports = base.wellknownports[instance_name] - else: - elements = self.systemd_name.split("@") - if elements[0] in base.wellknownports: - ports = base.wellknownports[elements[0]] - if ports: - ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) - - def stop(self, instance_name="", capture_output=True): - ipautil.run(["/bin/systemctl", "stop", self.service_instance(instance_name)], capture_output=capture_output) - if 'context' in api.env and api.env.context in ['ipactl', 'installer']: - update_service_list = True - else: - update_service_list = False - super(SystemdService, self).stop(instance_name,update_service_list=update_service_list) - - def start(self, instance_name="", capture_output=True, wait=True): - ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output) - if 'context' in api.env and api.env.context in ['ipactl', 'installer']: - update_service_list = True - else: - update_service_list = False - if wait and self.is_running(instance_name): - self.__wait_for_open_ports(self.service_instance(instance_name)) - super(SystemdService, self).start(instance_name, update_service_list=update_service_list) - - def restart(self, instance_name="", capture_output=True, wait=True): - # Restart command is broken before systemd-36-3.fc16 - # If you have older systemd version, restart of dependent services will hang systemd indefinetly - ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) - if wait and self.is_running(instance_name): - self.__wait_for_open_ports(self.service_instance(instance_name)) - - def is_running(self, instance_name=""): - ret = True - try: - (sout, serr, rcode) = ipautil.run(["/bin/systemctl", "is-active", self.service_instance(instance_name)],capture_output=True) - if rcode != 0: - ret = False - except ipautil.CalledProcessError: - ret = False - return ret - - def is_installed(self): - installed = True - try: - (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "list-unit-files", "--full"]) - if rcode != 0: - installed = False - else: - svar = self.parse_variables(sout) - if not self.service_instance("") in svar: - # systemd doesn't show the service - installed = False - except ipautil.CalledProcessError, e: - installed = False - return installed - - def is_enabled(self, instance_name=""): - enabled = True - try: - (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "is-enabled", self.service_instance(instance_name)]) - if rcode != 0: - enabled = False - except ipautil.CalledProcessError, e: - enabled = False - return enabled - - def enable(self, instance_name=""): - if self.lib_path_exists is None: - self.lib_path_exists = os.path.exists(self.lib_path) - elements = self.systemd_name.split("@") - l = len(elements) - - if self.lib_path_exists and (l > 1 and elements[1][0] != '.'): - # There is explicit service unit supporting this instance, follow normal systemd enabler - self.__enable(instance_name) - return - - if self.lib_path_exists and (l == 1): - # There is explicit service unit which does not support the instances, ignore instance - self.__enable() - return - - if len(instance_name) > 0 and l > 1: - # New instance, we need to do following: - # 1. Make /etc/systemd/system/.target.wants/ if it is not there - # 2. Link /etc/systemd/system/.target.wants/@.service to - # /lib/systemd/system/@.service - srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) - srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) - try: - if not ipautil.dir_exists(srv_tgt): - os.mkdir(srv_tgt) - if os.path.exists(srv_lnk): - # Remove old link - os.unlink(srv_lnk) - if not os.path.exists(srv_lnk): - # object does not exist _or_ is a broken link - if not os.path.islink(srv_lnk): - # if it truly does not exist, make a link - os.symlink(self.lib_path, srv_lnk) - else: - # Link exists and it is broken, make new one - os.unlink(srv_lnk) - os.symlink(self.lib_path, srv_lnk) - ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) - except: - pass - else: - self.__enable(instance_name) - - def disable(self, instance_name=""): - elements = self.systemd_name.split("@") - if instance_name != "" and len(elements) > 1: - # Remove instance, we need to do following: - # Remove link from /etc/systemd/system/.target.wants/@.service - # to /lib/systemd/system/@.service - srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0])) - srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) - try: - if ipautil.dir_exists(srv_tgt): - if os.path.islink(srv_lnk): - os.unlink(srv_lnk) - ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) - except: - pass - else: - self.__disable(instance_name) - - def __enable(self, instance_name=""): - try: - ipautil.run(["/bin/systemctl", "enable", self.service_instance(instance_name)]) - except ipautil.CalledProcessError, e: - pass - - def __disable(self, instance_name=""): - try: - ipautil.run(["/bin/systemctl", "disable", self.service_instance(instance_name)]) - except ipautil.CalledProcessError, e: - pass - - def install(self): - self.enable() - - def remove(self): - self.disable() diff --git a/ipapython/setup.py.in b/ipapython/setup.py.in index df1cacf8..d3bbcaf1 100644 --- a/ipapython/setup.py.in +++ b/ipapython/setup.py.in @@ -65,7 +65,12 @@ def setup_package(): classifiers=filter(None, CLASSIFIERS.split('\n')), platforms = ["Linux", "Solaris", "Unix"], package_dir = {'ipapython': ''}, - packages = [ "ipapython", "ipapython.platform" ], + packages = [ "ipapython", + "ipapython.platform", + "ipapython.platform.base", + "ipapython.platform.fedora16", + "ipapython.platform.fedora18", + "ipapython.platform.redhat" ], ) finally: del sys.path[0] -- cgit