diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-05-29 14:47:17 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-16 19:48:20 +0200 |
commit | 4d2ef43f287aa96df3d65b97977fc7a824b6b33c (patch) | |
tree | 4adba8f39e1f874c89a73993d6a6455b649b7bb9 | |
parent | c7edd7b68c98d105f02a5977a0ff7c2a3081f2c9 (diff) | |
download | freeipa-4d2ef43f287aa96df3d65b97977fc7a824b6b33c.tar.gz freeipa-4d2ef43f287aa96df3d65b97977fc7a824b6b33c.tar.xz freeipa-4d2ef43f287aa96df3d65b97977fc7a824b6b33c.zip |
ipaplatform: Move all filesystem paths to ipaplatform.paths module
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
61 files changed, 743 insertions, 470 deletions
diff --git a/install/migration/migration.py b/install/migration/migration.py index acc1ee48d..b629b1c9f 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -30,6 +30,7 @@ from ipapython.ipautil import get_ipa_basedn from ipapython.dn import DN from ipapython.ipaldap import IPAdmin from ipalib import errors +from ipaplatform.paths import paths def wsgi_redirect(start_response, loc): @@ -89,7 +90,7 @@ def application(environ, start_response): if not form_data.has_key('username') or not form_data.has_key('password'): return wsgi_redirect(start_response, 'invalid.html') - slapd_sockets = glob.glob('/var/run/slapd-*.socket') + slapd_sockets = glob.glob(paths.ALL_SLAPD_INSTANCE_SOCKETS) if slapd_sockets: ldap_uri = 'ldapi://%s' % slapd_sockets[0].replace('/', '%2f') else: diff --git a/install/wsgi/plugins.py b/install/wsgi/plugins.py index 3c5354838..82b35eb43 100644 --- a/install/wsgi/plugins.py +++ b/install/wsgi/plugins.py @@ -22,9 +22,10 @@ Plugin index generation script """ import os +from ipaplatform.paths import paths from ipapython.ipa_log_manager import root_logger -PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins" +PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR def get_plugin_index(): diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index d5004c6bf..1e084dba1 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -26,6 +26,7 @@ from dns import resolver, rdatatype from dns.exception import DNSException from ipalib import errors from ipapython import ipaldap +from ipaplatform.paths import paths from ipapython.ipautil import valid_ip, get_ipa_basedn, realm_to_suffix from ipapython.dn import DN @@ -75,7 +76,7 @@ class IPADiscovery(object): domains = [] domain = None try: - fp = open('/etc/resolv.conf', 'r') + fp = open(paths.RESOLV_CONF, 'r') lines = fp.readlines() fp.close() diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index c01dea09c..ca97ec45e 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -22,6 +22,7 @@ import shutil import os from ipaplatform.tasks import tasks from ipaplatform import services +from ipaplatform.paths import paths ntp_conf = """# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. @@ -96,9 +97,9 @@ def __write_config(path, content): fd.close() def config_ntp(server_fqdn, fstore = None, sysstore = None): - path_step_tickers = "/etc/ntp/step-tickers" - path_ntp_conf = "/etc/ntp.conf" - path_ntp_sysconfig = "/etc/sysconfig/ntpd" + path_step_tickers = paths.NTP_STEP_TICKERS + path_ntp_conf = paths.NTP_CONF + path_ntp_sysconfig = paths.SYSCONFIG_NTPD sub_dict = { } sub_dict["SERVER"] = server_fqdn @@ -142,7 +143,7 @@ def synconce_ntp(server_fqdn): Returns True if sync was successful """ - ntpd = '/usr/sbin/ntpd' + ntpd = paths.NTPD if not os.path.exists(ntpd): return False diff --git a/ipalib/constants.py b/ipalib/constants.py index 2269189f4..8ae545526 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -22,6 +22,7 @@ All constants centralised in one file. """ import socket +from ipaplatform.paths import paths from ipapython.dn import DN from ipapython.version import VERSION, API_VERSION @@ -34,7 +35,7 @@ except: FQDN = None # Path to CA certificate bundle -CACERT = '/etc/ipa/ca.crt' +CACERT = paths.IPA_CA_CRT # regular expression NameSpace member names must match: NAME_REGEX = r'^[a-z][_a-z0-9]*[a-z0-9]$|^[a-z]$' diff --git a/ipalib/errors.py b/ipalib/errors.py index 95b8b3b26..d69e33062 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -105,6 +105,7 @@ current block assignments: from ipalib.text import ngettext as ungettext import messages +from ipaplatform.paths import paths class PrivateError(StandardError): @@ -142,7 +143,7 @@ class SubprocessError(PrivateError): The exit code of the sub-process is available via the ``returncode`` instance attribute. For example: - >>> e = SubprocessError(returncode=1, argv=('/bin/false',)) + >>> e = SubprocessError(returncode=1, argv=(paths.BIN_FALSE,)) >>> e.returncode 1 >>> e.argv # argv is also available diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index 8c44ccc27..6b630a464 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -33,6 +33,7 @@ from ipalib import _ from ipapython.dn import DN from ipapython.ipautil import write_tmp_file import datetime +from ipaplatform.paths import paths __doc__ = _(""" Migration to IPA @@ -185,13 +186,13 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx, **kwargs # fill in required attributes by IPA entry_attrs['ipauniqueid'] = 'autogenerate' if 'homedirectory' not in entry_attrs: - homes_root = config.get('ipahomesrootdir', ('/home', ))[0] + homes_root = config.get('ipahomesrootdir', (paths.HOME_DIR, ))[0] home_dir = '%s/%s' % (homes_root, pkey) home_dir = home_dir.replace('//', '/').rstrip('/') entry_attrs['homedirectory'] = home_dir if 'loginshell' not in entry_attrs: - default_shell = config.get('ipadefaultloginshell', ['/bin/sh'])[0] + default_shell = config.get('ipadefaultloginshell', [paths.SH])[0] entry_attrs.setdefault('loginshell', default_shell) # do not migrate all attributes diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 2f700b60f..2ffc1ef4b 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -31,6 +31,7 @@ from ipalib.plugins import baseldap from ipalib.request import context from ipalib import _, ngettext from ipalib import output +from ipaplatform.paths import paths from ipapython.ipautil import ipa_generate_password from ipapython.ipavalidate import Email from ipalib.capabilities import client_has_capability @@ -729,14 +730,14 @@ class user_add(LDAPCreate): len = int(config.get('ipamaxusernamelength')[0]) ) ) - default_shell = config.get('ipadefaultloginshell', ['/bin/sh'])[0] + default_shell = config.get('ipadefaultloginshell', [paths.SH])[0] entry_attrs.setdefault('loginshell', default_shell) # hack so we can request separate first and last name in CLI full_name = '%s %s' % (entry_attrs['givenname'], entry_attrs['sn']) entry_attrs.setdefault('cn', full_name) if 'homedirectory' not in entry_attrs: # get home's root directory from config - homes_root = config.get('ipahomesrootdir', ['/home'])[0] + homes_root = config.get('ipahomesrootdir', [paths.HOME_DIR])[0] # build user's home directory based on his uid entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1]) entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm)) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index f48a49481..9df22219e 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -59,6 +59,7 @@ from ipalib.util import get_current_principal from ipapython.ipa_log_manager import root_logger from ipapython import ipautil from ipapython import kernel_keyring +from ipaplatform.paths import paths from ipapython.cookie import Cookie from ipapython.dnsutil import DNSName from ipalib.text import _ @@ -482,7 +483,7 @@ class SSLTransport(LanguageAwareTransport): if self._connection and host == self._connection[0]: return self._connection[1] - dbdir = '/etc/pki/nssdb' + dbdir = paths.NSS_DB_DIR no_init = self.__nss_initialized(dbdir) if sys.version_info < (2, 7): conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init) diff --git a/ipalib/session.py b/ipalib/session.py index 68b9b264b..ae40fdfe1 100644 --- a/ipalib/session.py +++ b/ipalib/session.py @@ -27,6 +27,7 @@ from text import _ from ipapython.ipa_log_manager import * from ipalib import api, errors from ipalib import Command +from ipaplatform.paths import paths from ipalib.krb_utils import * from ipapython.cookie import Cookie @@ -795,7 +796,7 @@ class MemcacheSessionManager(SessionManager): session data (see `load_session_data()`) ''' - memcached_socket_path = '/var/run/ipa_memcached/ipa_memcached' + memcached_socket_path = paths.VAR_RUN_IPA_MEMCACHED session_cookie_name = 'ipa_session' mc_server_stat_name_re = re.compile(r'(.+)\s+\((\d+)\)') @@ -1208,7 +1209,7 @@ class MemcacheSessionManager(SessionManager): #------------------------------------------------------------------------------- -krbccache_dir ='/var/run/ipa_memcached' +krbccache_dir =paths.IPA_MEMCACHED_DIR krbccache_prefix = 'krbcc_' def _get_krbccache_pathname(): diff --git a/ipalib/x509.py b/ipalib/x509.py index ca6eac50f..790f425cb 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -42,6 +42,7 @@ from ipalib import api from ipalib import _ from ipalib import util from ipalib import errors +from ipaplatform.paths import paths from ipapython.dn import DN PEM = 0 @@ -99,7 +100,7 @@ def load_certificate(data, datatype=PEM, dbdir=None): if api.env.in_tree: dbdir = api.env.dot_ipa + os.sep + 'alias' else: - dbdir = "/etc/httpd/alias" + dbdir = paths.HTTPD_ALIAS_DIR nss.nss_init(dbdir) else: nss.nss_init_nodb() diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 7a3ff4042..ac7d274cc 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -21,5 +21,229 @@ This base platform module exports default filesystem paths. ''' -SVC_LIST_FILE = "/var/run/ipa/services.list" -SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/" +class BasePathNamespace(object): + BASH = "/bin/bash" + BIN_FALSE = "/bin/false" + BIN_HOSTNAME = "/bin/hostname" + LS = "/bin/ls" + PKICREATE = "/bin/pkicreate" + PKISILENT = "/bin/pkisilent" + SH = "/bin/sh" + SYSTEMCTL = "/bin/systemctl" + TAR = "/bin/tar" + BIN_TRUE = "/bin/true" + DEV_NULL = "/dev/null" + DEV_STDIN = "/dev/stdin" + ETC_DIRSRV = "/etc/dirsrv" + DS_KEYTAB = "/etc/dirsrv/ds.keytab" + ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s" + ETC_SLAPD_PKI_IPA_DIR = "/etc/dirsrv/slapd-PKI-IPA" + ETC_FEDORA_RELEASE = "/etc/fedora-release" + GROUP = "/etc/group" + ETC_HOSTNAME = "/etc/hostname" + HOSTS = "/etc/hosts" + ETC_HTTPD_DIR = "/etc/httpd" + HTTPD_ALIAS_DIR = "/etc/httpd/alias" + ALIAS_PWDFILE_TXT = "/etc/httpd/alias/pwdfile.txt" + HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/" + HTTPD_IPA_PKI_PROXY_CONF = "/etc/httpd/conf.d/ipa-pki-proxy.conf" + HTTPD_IPA_REWRITE_CONF = "/etc/httpd/conf.d/ipa-rewrite.conf" + HTTPD_IPA_CONF = "/etc/httpd/conf.d/ipa.conf" + HTTPD_NSS_CONF = "/etc/httpd/conf.d/nss.conf" + HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf" + IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab" + HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf" + ETC_IPA = "/etc/ipa" + IPA_CA_CRT = "/etc/ipa/ca.crt" + IPA_DEFAULT_CONF = "/etc/ipa/default.conf" + IPA_SMARTPROXY_CONF = "/etc/ipa/ipa-smartproxy.conf" + KRB5_CONF = "/etc/krb5.conf" + KRB5_KEYTAB = "/etc/krb5.keytab" + NAMED_CONF = "/etc/named.conf" + NAMED_KEYTAB = "/etc/named.keytab" + NAMED_RFC1912_ZONES = "/etc/named.rfc1912.zones" + NSSWITCH_CONF = "/etc/nsswitch.conf" + NTP_CONF = "/etc/ntp.conf" + NTP_STEP_TICKERS = "/etc/ntp/step-tickers" + OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf" + PASSWD = "/etc/passwd" + ETC_PKI_CA_DIR = "/etc/pki-ca" + SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/" + NSS_DB_DIR = "/etc/pki/nssdb" + NSSDB_CERT8_DB = "/etc/pki/nssdb/cert8.db" + NSSDB_KEY3_DB = "/etc/pki/nssdb/key3.db" + NSSDB_SECMOD_DB = "/etc/pki/nssdb/secmod.db" + PKI_TOMCAT = "/etc/pki/pki-tomcat" + PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias/" + PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf" + ETC_REDHAT_RELEASE = "/etc/redhat-release" + RESOLV_CONF = "/etc/resolv.conf" + SAMBA_KEYTAB = "/etc/samba/samba.keytab" + SMB_CONF = "/etc/samba/smb.conf" + LIMITS_CONF = "/etc/security/limits.conf" + SSH_CONFIG = "/etc/ssh/ssh_config" + SSHD_CONFIG = "/etc/ssh/sshd_config" + SSSD_CONF = "/etc/sssd/sssd.conf" + ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig" + SYSCONFIG_DIRSRV = "/etc/sysconfig/dirsrv" + SYSCONFIG_DIRSRV_INSTANCE = "/etc/sysconfig/dirsrv-%s" + SYSCONFIG_DIRSRV_PKI_IPA_DIR = "/etc/sysconfig/dirsrv-PKI-IPA" + SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc" + SYSCONFIG_NTPD = "/etc/sysconfig/ntpd" + SYSCONFIG_PKI = "/etc/sysconfig/pki" + SYSCONFIG_PKI_CA_DIR = "/etc/sysconfig/pki-ca" + SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat" + SYSCONFIG_PKI_CA_PKI_CA_DIR = "/etc/sysconfig/pki/ca/pki-ca" + SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat" + SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service" + SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service" + SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service" + SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service" + HOME_DIR = "/home" + ROOT_PKI = "/root/.pki" + CA_AGENT_P12 = "/root/ca-agent.p12" + CACERT_P12 = "/root/cacert.p12" + ROOT_TMP_CA_P12 = "/root/tmp-ca.p12" + IP = "/sbin/ip" + NOLOGIN = "/sbin/nologin" + SBIN_SERVICE = "/sbin/service" + TMP = "/tmp" + TMP_CA_P12 = "/tmp/ca.p12" + TMP_KRB5CC = "/tmp/krb5cc_%d" + USR_DIR = "/usr" + CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s" + PKCS12EXPORT = "/usr/bin/PKCS12Export" + CERTUTIL = "/usr/bin/certutil" + CHROMIUM_BROWSER = "/usr/bin/chromium-browser" + DS_NEWINST_PL = "/usr/bin/ds_newinst.pl" + FIREFOX = "/usr/bin/firefox" + GETCERT = "/usr/bin/getcert" + GPG = "/usr/bin/gpg" + GPG_AGENT = "/usr/bin/gpg-agent" + IPA_GETCERT = "/usr/bin/ipa-getcert" + KDESTROY = "/usr/bin/kdestroy" + KINIT = "/usr/bin/kinit" + LDAPMODIFY = "/usr/bin/ldapmodify" + LDAPPASSWD = "/usr/bin/ldappasswd" + NET = "/usr/bin/net" + OPENSSL = "/usr/bin/openssl" + PERL = "/usr/bin/perl" + PK12UTIL = "/usr/bin/pk12util" + PKICREATE = "/usr/bin/pkicreate" + PKIREMOVE = "/usr/bin/pkiremove" + PKISILENT = "/usr/bin/pkisilent" + SETPASSWD = "/usr/bin/setpasswd" + SIGNTOOL = "/usr/bin/signtool" + SSLGET = "/usr/bin/sslget" + ZIP = "/usr/bin/zip" + BIND_LDAP_SO = "/usr/lib/bind/ldap.so" + USR_LIB_DIRSRV = "/usr/lib/dirsrv" + USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s" + USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA" + LIB_FIREFOX = "/usr/lib/firefox" + BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so" + USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv" + USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s" + SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA" + LIB64_FIREFOX = "/usr/lib64/firefox" + DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit" + GETSEBOOL = "/usr/sbin/getsebool" + GROUPADD = "/usr/sbin/groupadd" + HTTPD = "/usr/sbin/httpd" + IPA_REPLICA_CONNCHECK = "/usr/sbin/ipa-replica-conncheck" + NTPD = "/usr/sbin/ntpd" + PKIDESTROY = "/usr/sbin/pkidestroy" + PKISPAWN = "/usr/sbin/pkispawn" + RESTORECON = "/usr/sbin/restorecon" + SELINUXENABLED = "/usr/sbin/selinuxenabled" + SETSEBOOL = "/usr/sbin/setsebool" + SETUP_DS_PL = "/usr/sbin/setup-ds.pl" + SMBD = "/usr/sbin/smbd" + USERADD = "/usr/sbin/useradd" + USR_SHARE_IPA_DIR = "/usr/share/ipa/" + FFEXTENSION = "/usr/share/ipa/ffextension" + IPA_HTML_DIR = "/usr/share/ipa/html" + CA_CRT = "/usr/share/ipa/html/ca.crt" + CONFIGURE_JAR = "/usr/share/ipa/html/configure.jar" + KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi" + KRB_CON = "/usr/share/ipa/html/krb.con" + KRB_JS = "/usr/share/ipa/html/krb.js" + HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini" + HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con" + PREFERENCES_HTML = "/usr/share/ipa/html/preferences.html" + IPA_PLUGINS = "/usr/share/ipa/plugins" + SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif" + IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins" + UPDATES_DIR = "/usr/share/ipa/updates/" + PKI_CONF_SERVER_XML = "/usr/share/pki/ca/conf/server.xml" + VAR_KRB5KDC_K5_REALM = "/var/kerberos/krb5kdc/.k5." + CACERT_PEM = "/var/kerberos/krb5kdc/cacert.pem" + KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf" + KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem" + VAR_LIB = "/var/lib" + AUTHCONFIG_LAST = "/var/lib/authconfig/last" + VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger" + CERTMONGER_CAS_DIR = "/var/lib/certmonger/cas/" + CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/" + VAR_LIB_DIRSRV = "/var/lib/dirsrv" + DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif" + VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s" + VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s" + SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s" + IPACA_DIRSRV_INSTANCE_DB_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/ipaca" + SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif" + VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-PKI-IPA" + VAR_LIB_IPA = "/var/lib/ipa" + IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore" + IPA_BACKUP_DIR = "/var/lib/ipa/backup" + PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish" + REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s" + REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg" + SYSRESTORE = "/var/lib/ipa/sysrestore" + STATEFILE_DIR = "/var/lib/ipa/sysupgrade" + VAR_LIB_PKI_DIR = "/var/lib/pki" + VAR_LIB_PKI_CA_DIR = "/var/lib/pki-ca" + PKI_ALIAS_CA_P12 = "/var/lib/pki-ca/alias/ca.p12" + VAR_LIB_PKI_TOMCAT_DIR = "/var/lib/pki/pki-tomcat" + CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12" + SAMBA_DIR = "/var/lib/samba/" + SSSD_MC_GROUP = "/var/lib/sss/mc/group" + SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd" + SSS_KRB5_INCLUDE_D = "/var/lib/sss/pubconf/krb5.include.d" + DIRSRV_LOCK_DIR = "/var/lock/dirsrv" + SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s" + VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s" + SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access" + SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors" + VAR_LOG_SLAPD_PKI_IPA_DIR = "/var/log/dirsrv/slapd-PKI-IPA" + VAR_LOG_HTTPD_DIR = "/var/log/httpd" + IPABACKUP_LOG = "/var/log/ipabackup.log" + IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log" + IPACLIENT_UNINSTALL_LOG = "/var/log/ipaclient-uninstall.log" + IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log" + IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log" + IPARESTORE_LOG = "/var/log/iparestore.log" + IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log" + IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log" + IPAUPGRADE_LOG = "/var/log/ipaupgrade.log" + KADMIND_LOG = "/var/log/kadmind.log" + MESSAGES = "/var/log/messages" + PKI_CA_LOG_DIR = "/var/log/pki-ca" + PKI_CA_INSTALL_LOG = "/var/log/pki-ca-install.log" + PKI_CA_UNINSTALL_LOG = "/var/log/pki-ca-uninstall.log" + VAR_LOG_PKI_DIR = "/var/log/pki/" + TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat" + TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca" + TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive" + TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit" + LOG_SECURE = "/var/log/secure" + NAMED_RUN = "/var/named/data/named.run" + VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv" + SVC_LIST_FILE = "/var/run/ipa/services.list" + IPA_MEMCACHED_DIR = "/var/run/ipa_memcached" + VAR_RUN_IPA_MEMCACHED = "/var/run/ipa_memcached/ipa_memcached" + KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba" + SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket" + ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket" + +path_namespace = BasePathNamespace diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py index e7edc64f2..0099d239d 100644 --- a/ipapython/certmonger.py +++ b/ipapython/certmonger.py @@ -27,9 +27,10 @@ import re import time from ipapython import ipautil from ipapython import dogtag +from ipaplatform.paths import paths -REQUEST_DIR='/var/lib/certmonger/requests/' -CA_DIR='/var/lib/certmonger/cas/' +REQUEST_DIR=paths.CERTMONGER_REQUESTS_DIR +CA_DIR=paths.CERTMONGER_CAS_DIR # Normalizer types for critera in get_request_id() NPATH = 1 @@ -176,7 +177,7 @@ def request_cert(nssdb, nickname, subject, principal, passwd_fname=None): """ Execute certmonger to request a server certificate """ - args = ['/usr/bin/ipa-getcert', + args = [paths.IPA_GETCERT, 'request', '-d', nssdb, '-n', nickname, @@ -202,7 +203,7 @@ def cert_exists(nickname, secdir): a database that doesn't exist and a nickname that doesn't exist within the database. """ - args = ["/usr/bin/certutil", "-L", + args = [paths.CERTUTIL, "-L", "-d", os.path.abspath(secdir), "-n", nickname ] @@ -227,7 +228,7 @@ def start_tracking(nickname, secdir, password_file=None, command=None): """ if not cert_exists(nickname, os.path.abspath(secdir)): raise RuntimeError('Nickname "%s" doesn\'t exist in NSS database "%s"' % (nickname, secdir)) - args = ["/usr/bin/ipa-getcert", "start-tracking", + args = [paths.IPA_GETCERT, "start-tracking", "-d", os.path.abspath(secdir), "-n", nickname] if password_file: @@ -261,7 +262,7 @@ def stop_tracking(secdir, request_id=None, nickname=None): # Fall back to trying to stop tracking using nickname pass - args = ['/usr/bin/getcert', + args = [paths.GETCERT, 'stop-tracking', ] if request_id: @@ -390,7 +391,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, if not cert_exists(nickname, os.path.abspath(secdir)): raise RuntimeError('Nickname "%s" doesn\'t exist in NSS database "%s"' % (nickname, secdir)) - args = ["/usr/bin/getcert", "start-tracking", + args = [paths.GETCERT, "start-tracking", "-d", os.path.abspath(secdir), "-n", nickname, "-c", ca, @@ -402,7 +403,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, libpath = 'lib64' else: libpath = 'lib' - pre_command = '/usr/%s/ipa/certmonger/%s' % (libpath, pre_command) + pre_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, pre_command) args.append("-B") args.append(pre_command) @@ -412,7 +413,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, libpath = 'lib64' else: libpath = 'lib' - post_command = '/usr/%s/ipa/certmonger/%s' % (libpath, post_command) + post_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, post_command) args.append("-C") args.append(post_command) @@ -446,7 +447,7 @@ def check_state(dirs): return reqids if __name__ == '__main__': - request_id = request_cert("/etc/httpd/alias", "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM") + request_id = request_cert(paths.HTTPD_ALIAS_DIR, "Test", "cn=tiger.example.com,O=IPA", "HTTP/tiger.example.com@EXAMPLE.COM") csr = get_request_value(request_id, 'csr') print csr stop_tracking(request_id) diff --git a/ipapython/config.py b/ipapython/config.py index b9b0b4e3d..60f556dc9 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -23,6 +23,7 @@ from copy import copy from dns import resolver, rdatatype from dns.exception import DNSException from ipapython.dn import DN +from ipaplatform.paths import paths import dns.name import socket @@ -152,7 +153,7 @@ config = IPAConfig() def __parse_config(discover_server = True): p = ConfigParser.SafeConfigParser() - p.read("/etc/ipa/default.conf") + p.read(paths.IPA_DEFAULT_CONF) try: if not config.default_realm: diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index f829b9340..178d2942b 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -30,6 +30,7 @@ from ipalib import api, errors from ipalib.errors import NetworkError, CertificateOperationError from ipalib.text import _ from ipapython import nsslib, ipautil +from ipaplatform.paths import paths from ipapython.ipa_log_manager import * # IPA can use either Dogtag version 9 or 10. @@ -50,17 +51,17 @@ class Dogtag10Constants(object): DS_PORT = 389 DS_SECURE_PORT = 636 - SPAWN_BINARY = '/usr/sbin/pkispawn' - DESTROY_BINARY = '/usr/sbin/pkidestroy' + SPAWN_BINARY = paths.PKISPAWN + DESTROY_BINARY = paths.PKIDESTROY - SERVER_ROOT = '/var/lib/pki' + SERVER_ROOT = paths.VAR_LIB_PKI_DIR PKI_INSTANCE_NAME = 'pki-tomcat' PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) - CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish' + CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT - ALIAS_DIR = '/etc/pki/pki-tomcat/alias' + ALIAS_DIR = paths.PKI_TOMCAT_ALIAS_DIR.rstrip('/') SERVICE_NAME = 'pki_tomcatd' @@ -82,13 +83,13 @@ class Dogtag9Constants(object): DS_PORT = 7389 DS_SECURE_PORT = 7636 - SPAWN_BINARY = '/bin/pkicreate' - DESTROY_BINARY = '/bin/pkisilent' + SPAWN_BINARY = paths.PKICREATE + DESTROY_BINARY = paths.PKISILENT - SERVER_ROOT = '/var/lib' + SERVER_ROOT = paths.VAR_LIB PKI_INSTANCE_NAME = 'pki-ca' PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) - CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish' + CRL_PUBLISH_PATH = paths.PKI_CA_PUBLISH_DIR CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT @@ -108,7 +109,7 @@ class Dogtag9Constants(object): DS_USER = "pkisrv" DS_NAME = "PKI-IPA" -if os.path.exists('/usr/sbin/pkispawn'): +if os.path.exists(paths.PKISPAWN): install_constants = Dogtag10Constants else: install_constants = Dogtag9Constants @@ -124,7 +125,7 @@ def _get_configured_version(api): return int(api.env.dogtag_version) else: p = ConfigParser.SafeConfigParser() - p.read("/etc/ipa/default.conf") + p.read(paths.IPA_DEFAULT_CONF) try: version = p.get('global', 'dogtag_version') except (ConfigParser.NoOptionError, ConfigParser.NoSectionError): diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index d95983b20..45b334d0a 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -17,13 +17,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -SHARE_DIR = "/usr/share/ipa/" -PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins" - -GEN_PWD_LEN = 12 - -IPA_BASEDN_INFO = 'ipa v2.0' - import string import tempfile import subprocess @@ -49,8 +42,16 @@ from dns.exception import DNSException from ipapython.ipa_log_manager import * from ipapython import ipavalidate from ipapython import config +from ipaplatform.paths import paths from ipapython.dn import DN +SHARE_DIR = paths.USR_SHARE_IPA_DIR +PLUGINS_SHARE_DIR = paths.IPA_PLUGINS + +GEN_PWD_LEN = 12 + +IPA_BASEDN_INFO = 'ipa v2.0' + try: from subprocess import CalledProcessError except ImportError: @@ -143,7 +144,7 @@ class CheckedIPAddress(netaddr.IPAddress): elif addr.version == 6: family = 'inet6' - ipresult = run(['/sbin/ip', '-family', family, '-oneline', 'address', 'show']) + ipresult = run([paths.IP, '-family', family, '-oneline', 'address', 'show']) lines = ipresult[0].split('\n') for line in lines: fields = line.split() @@ -261,7 +262,7 @@ def run(args, stdin=None, raiseonerr=True, Example: We have a command - ['/usr/bin/setpasswd', '--password', 'Secret123', 'someuser'] + [paths.SETPASSWD, '--password', 'Secret123', 'someuser'] and we don't want to log the password so nolog would be set to: ('Secret123',) The resulting log output would be: @@ -296,7 +297,7 @@ def run(args, stdin=None, raiseonerr=True, if stdin: p_in = subprocess.PIPE if skip_output: - p_out = p_err = open('/dev/null', 'w') + p_out = p_err = open(paths.DEV_NULL, 'w') elif capture_output: p_out = subprocess.PIPE p_err = subprocess.PIPE @@ -411,7 +412,7 @@ def encrypt_file(source, dest, password, workdir = None): #give gpg a fake dir so that we can leater remove all #the cruft when we clean up the tempdir os.mkdir(gpgdir) - args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source] + args = [paths.GPG_AGENT, '--batch', '--homedir', gpgdir, '--daemon', paths.GPG, '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-c', source] run(args, password, skip_output=True) except: raise @@ -441,7 +442,7 @@ def decrypt_file(source, dest, password, workdir = None): #give gpg a fake dir so that we can leater remove all #the cruft when we clean up the tempdir os.mkdir(gpgdir) - args = ['/usr/bin/gpg-agent', '--batch', '--homedir', gpgdir, '--daemon', '/usr/bin/gpg', '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source] + args = [paths.GPG_AGENT, '--batch', '--homedir', gpgdir, '--daemon', paths.GPG, '--batch', '--homedir', gpgdir, '--passphrase-fd', '0', '--yes', '--no-tty', '-o', dest, '-d', source] run(args, password, skip_output=True) except: raise @@ -1234,6 +1235,6 @@ def restore_hostname(statestore): system_hostname = socket.gethostname() if old_hostname is not None and old_hostname != system_hostname: try: - run(['/bin/hostname', old_hostname]) + run([paths.BIN_HOSTNAME, old_hostname]) except CalledProcessError, e: print >>sys.stderr, "Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e)) diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index d06b05fb2..22c81c0d6 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -29,6 +29,7 @@ import nss.io as io import nss.nss as nss import nss.ssl as ssl import nss.error as error +from ipaplatform.paths import paths def auth_certificate_callback(sock, check_sig, is_server, certdb): cert_is_valid = False @@ -309,7 +310,7 @@ if __name__ == "__main__": root_logger.info("Start") if False: - conn = NSSConnection("www.verisign.com", 443, dbdir="/etc/pki/nssdb") + conn = NSSConnection("www.verisign.com", 443, dbdir=paths.NSS_DB_DIR) conn.set_debuglevel(1) conn.connect() conn.request("GET", "/") @@ -322,7 +323,7 @@ if __name__ == "__main__": conn.close() if True: - h = NSSHTTPS("www.verisign.com", 443, dbdir="/etc/pki/nssdb") + h = NSSHTTPS("www.verisign.com", 443, dbdir=paths.NSS_DB_DIR) h.connect() h.putrequest('GET', '/') h.endheaders() diff --git a/ipapython/platform/base/__init__.py b/ipapython/platform/base/__init__.py index 3a6670a87..9b5960584 100644 --- a/ipapython/platform/base/__init__.py +++ b/ipapython/platform/base/__init__.py @@ -1,4 +1,5 @@ # Authors: Alexander Bokovoy <abokovoy@redhat.com> +from ipaplatform.paths import paths # # Copyright (C) 2011 Red Hat # see file 'COPYING' for use and warranty information @@ -17,8 +18,8 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # Firefox paths -FIREFOX_EXEC = "/usr/bin/firefox" -FIREFOX_INSTALL_DIRS = ["/usr/lib64/firefox", "/usr/lib/firefox"] +FIREFOX_EXEC = paths.FIREFOX +FIREFOX_INSTALL_DIRS = [paths.LIB64_FIREFOX, paths.LIB_FIREFOX] # /firefox/install/dir/FIREFOX_PREFERENCES_REL_PATH FIREFOX_PREFERENCES_REL_PATH = "browser/defaults/preferences" diff --git a/ipapython/platform/fedora16/selinux.py b/ipapython/platform/fedora16/selinux.py index cf71a38e4..4ecafdc5e 100644 --- a/ipapython/platform/fedora16/selinux.py +++ b/ipapython/platform/fedora16/selinux.py @@ -1,4 +1,5 @@ # Author: Alexander Bokovoy <abokovoy@redhat.com> +from ipaplatform.paths import paths # # Copyright (C) 2011 Red Hat # see file 'COPYING' for use and warranty information @@ -19,8 +20,8 @@ from ipapython.platform import redhat -def restore_context(filepath, restorecon='/usr/sbin/restorecon'): +def restore_context(filepath, restorecon=paths.RESTORECON): return redhat.restore_context(filepath, restorecon) -def check_selinux_status(restorecon='/usr/sbin/restorecon'): +def check_selinux_status(restorecon=paths.RESTORECON): return redhat.check_selinux_status(restorecon) diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py index 7d5aabdff..6db33a7ef 100644 --- a/ipapython/sysrestore.py +++ b/ipapython/sysrestore.py @@ -33,8 +33,9 @@ import string from ipapython import ipautil from ipaplatform.tasks import tasks +from ipaplatform.paths import paths -SYSRESTORE_PATH = "/tmp" +SYSRESTORE_PATH = paths.TMP SYSRESTORE_INDEXFILE = "sysrestore.index" SYSRESTORE_STATEFILE = "sysrestore.state" diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 312761662..ec6a26d5a 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -55,6 +55,7 @@ from dns import resolver, rdatatype from dns.exception import DNSException import pysss_nss_idmap import pysss +from ipaplatform.paths import paths __doc__ = _(""" Classes to manage trust joins using DCE-RPC calls @@ -474,13 +475,13 @@ class DomainValidator(object): realm = api.env.realm hostname = api.env.host principal = 'HTTP/%s@%s' % (hostname, realm) - keytab = '/etc/httpd/conf/ipa.keytab' + keytab = paths.IPA_KEYTAB # Destroy the contents of the ccache root_logger.debug('Destroying the contents of the separate ccache') (stdout, stderr, returncode) = ipautil.run( - ['/usr/bin/kdestroy', '-A', '-c', ccache_path], + [paths.KDESTROY, '-A', '-c', ccache_path], env={'KRB5CCNAME': ccache_path}, raiseonerr=False) @@ -489,7 +490,7 @@ class DomainValidator(object): 'service principal with MS-PAC attached.') (stdout, stderr, returncode) = ipautil.run( - ['/usr/bin/kinit', '-kt', keytab, principal], + [paths.KINIT, '-kt', keytab, principal], env={'KRB5CCNAME': ccache_path}, raiseonerr=False) diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 59a383e2e..362965e96 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -40,6 +40,7 @@ from ipapython.ipa_log_manager import * import ipaclient.ipachangeconf from ipaplatform import services +from ipaplatform.paths import paths ALLOWED_NETBIOS_CHARS = string.ascii_uppercase + string.digits @@ -60,7 +61,7 @@ and re-run ipa-adtrust-instal again afterwards. """ def check_inst(): - for smbfile in ['/usr/sbin/smbd', '/usr/bin/net']: + for smbfile in [paths.SMBD, paths.NET]: if not os.path.exists(smbfile): print "%s was not found on this system" % smbfile print "Please install the 'samba' packages and " \ @@ -73,7 +74,7 @@ def check_inst(): def ipa_smb_conf_exists(): try: - conf_fd = open('/etc/samba/smb.conf', 'r') + conf_fd = open(paths.SMB_CONF, 'r') except IOError, err: if err.errno == errno.ENOENT: return False @@ -134,7 +135,7 @@ class ADTRUSTInstance(service.Service): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) self.__setup_default_attributes() @@ -145,8 +146,8 @@ class ADTRUSTInstance(service.Service): """ # Constants - self.smb_conf = "/etc/samba/smb.conf" - self.samba_keytab = "/etc/samba/samba.keytab" + self.smb_conf = paths.SMB_CONF + self.samba_keytab = paths.SAMBA_KEYTAB self.selinux_booleans = ["samba_portmapper"] self.cifs_hosts = [] @@ -485,7 +486,7 @@ class ADTRUSTInstance(service.Service): os.write(tmp_fd, conf) os.close(tmp_fd) - args = ["/usr/bin/net", "conf", "import", tmp_name] + args = [paths.NET, "conf", "import", tmp_name] try: ipautil.run(args) @@ -608,8 +609,8 @@ class ADTRUSTInstance(service.Service): def __configure_selinux_for_smbd(self): selinux = False try: - if (os.path.exists('/usr/sbin/selinuxenabled')): - ipautil.run(["/usr/sbin/selinuxenabled"]) + if (os.path.exists(paths.SELINUXENABLED)): + ipautil.run([paths.SELINUXENABLED]) selinux = True except ipautil.CalledProcessError: # selinuxenabled returns 1 if not enabled @@ -620,7 +621,7 @@ class ADTRUSTInstance(service.Service): sebools = [] for var in self.selinux_booleans: try: - (stdout, stderr, returncode) = ipautil.run(["/usr/sbin/getsebool", var]) + (stdout, stderr, returncode) = ipautil.run([paths.GETSEBOOL, var]) if stdout and not stderr and returncode == 0: self.backup_state(var, stdout.split()[2]) sebools.append(var) @@ -629,7 +630,7 @@ class ADTRUSTInstance(service.Service): if sebools: bools = [var + "=true" for var in sebools] - args = ["/usr/sbin/setsebool", "-P"] + args = [paths.SETSEBOOL, "-P"] args.extend(bools); try: ipautil.run(args) @@ -665,7 +666,7 @@ class ADTRUSTInstance(service.Service): {'name':'realms', 'type':'section', 'action':'set', 'value':ropts}] - krbconf.changeConf("/etc/krb5.conf", opts) + krbconf.changeConf(paths.KRB5_CONF, opts) def __update_krb5_conf(self): """ @@ -673,7 +674,7 @@ class ADTRUSTInstance(service.Service): """ try: - krb5conf = open("/etc/krb5.conf", 'r') + krb5conf = open(paths.KRB5_CONF, 'r') except IOError, e: self.print_msg("Cannot open /etc/krb5.conf (%s)\n" % str(e)) return @@ -908,20 +909,20 @@ class ADTRUSTInstance(service.Service): sebool_state = self.restore_state(var) if not sebool_state is None: try: - ipautil.run(["/usr/sbin/setsebool", + ipautil.run([paths.SETSEBOOL, "-P", var, sebool_state]) except Exception: self.print_msg(SELINUX_WARNING % dict(var=var)) # Remove samba's credentials cache - krb5cc_samba = '/var/run/samba/krb5cc_samba' + krb5cc_samba = paths.KRB5CC_SAMBA installutils.remove_file(krb5cc_samba) # Remove samba's configuration file installutils.remove_file(self.smb_conf) # Remove samba's persistent and temporary tdb files - tdb_files = [tdb_file for tdb_file in os.listdir("/var/lib/samba/") + tdb_files = [tdb_file for tdb_file in os.listdir(paths.SAMBA_DIR) if tdb_file.endswith(".tdb")] for tdb_file in tdb_files: installutils.remove_file(tdb_file) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index af9ddbc9c..78810297a 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -35,13 +35,14 @@ from ipapython.ipa_log_manager import * from ipapython.dn import DN import ipalib from ipalib import api, errors +from ipaplatform.paths import paths from ipalib.util import (validate_zonemgr_str, normalize_zonemgr, get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy, normalize_zone, get_reverse_zone_default, zone_is_reverse) from ipalib.constants import CACERT -NAMED_CONF = '/etc/named.conf' -RESOLV_CONF = '/etc/resolv.conf' +NAMED_CONF = paths.NAMED_CONF +RESOLV_CONF = paths.RESOLV_CONF named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{') named_conf_section_options_start_re = re.compile('\s*options\s+{') @@ -55,14 +56,14 @@ def check_inst(unattended): has_bind = True # So far this file is always present in both RHEL5 and Fedora if all the necessary # bind packages are installed (RHEL5 requires also the pkg: caching-nameserver) - if not os.path.exists('/etc/named.rfc1912.zones'): + if not os.path.exists(paths.NAMED_RFC1912_ZONES): print "BIND was not found on this system" print "Please install the 'bind' package and start the installation again" has_bind = False # Also check for the LDAP BIND plug-in - if not os.path.exists('/usr/lib/bind/ldap.so') and \ - not os.path.exists('/usr/lib64/bind/ldap.so'): + if not os.path.exists(paths.BIND_LDAP_SO) and \ + not os.path.exists(paths.BIND_LDAP_SO_64): print "The BIND LDAP plug-in was not found on this system" print "Please install the 'bind-dyndb-ldap' package and start the installation again" has_bind = False @@ -458,7 +459,7 @@ class BindInstance(service.Service): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) suffix = ipautil.dn_attribute_property('_suffix') @@ -758,8 +759,8 @@ class BindInstance(service.Service): installutils.kadmin_addprinc(dns_principal) # Store the keytab on disk - self.fstore.backup_file("/etc/named.keytab") - installutils.create_keytab("/etc/named.keytab", dns_principal) + self.fstore.backup_file(paths.NAMED_KEYTAB) + installutils.create_keytab(paths.NAMED_KEYTAB, dns_principal) p = self.move_service(dns_principal) if p is None: # the service has already been moved, perhaps we're doing a DNS reinstall @@ -770,8 +771,8 @@ class BindInstance(service.Service): # Make sure access is strictly reserved to the named user pent = pwd.getpwnam(self.named_user) - os.chown("/etc/named.keytab", pent.pw_uid, pent.pw_gid) - os.chmod("/etc/named.keytab", 0400) + os.chown(paths.NAMED_KEYTAB, pent.pw_uid, pent.pw_gid) + os.chmod(paths.NAMED_KEYTAB, 0400) # modify the principal so that it is marked as an ipa service so that # it can host the memberof attribute, then also add it to the diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index b9c786be9..b5c6cdcde 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -59,8 +59,9 @@ from ipaserver.install.installutils import stopped_service from ipaserver.plugins import ldap2 from ipapython.ipa_log_manager import * from ipaplatform import services +from ipaplatform.paths import paths -HTTPD_CONFD = "/etc/httpd/conf.d/" +HTTPD_CONFD = paths.HTTPD_CONF_D_DIR DEFAULT_DSPORT = dogtag.install_constants.DS_PORT PKI_USER = "pkiuser" @@ -99,7 +100,7 @@ def check_inst(): return False # This is the template tomcat file for a CA - if not os.path.exists('/usr/share/pki/ca/conf/server.xml'): + if not os.path.exists(paths.PKI_CONF_SERVER_XML): return False return True @@ -132,7 +133,7 @@ def get_preop_pin(instance_root, instance_name): def import_pkcs12(input_file, input_passwd, cert_database, cert_passwd): - ipautil.run(["/usr/bin/pk12util", "-d", cert_database, + ipautil.run([paths.PK12UTIL, "-d", cert_database, "-i", input_file, "-k", cert_passwd, "-w", input_passwd]) @@ -322,7 +323,7 @@ def stop_tracking_certificates(dogtag_constants): "certmonger failed to stop tracking certificate: %s" % str(e)) try: - certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert') + certmonger.stop_tracking(paths.HTTPD_ALIAS_DIR, nickname='ipaCert') except (ipautil.CalledProcessError, RuntimeError), e: root_logger.error( "certmonger failed to stop tracking certificate: %s" % str(e)) @@ -444,7 +445,7 @@ class CAInstance(service.Service): if self.dogtag_constants.DOGTAG_VERSION >= 10: self.step("configuring certificate server instance", self.__spawn_instance) else: - if not ipautil.dir_exists("/var/lib/pki-ca"): + if not ipautil.dir_exists(paths.VAR_LIB_PKI_CA_DIR): self.step("creating pki-ca instance", self.create_instance) self.step("configuring certificate server instance", self.__configure_instance) self.step("stopping certificate server instance to update CS.cfg", self.__stop) @@ -526,7 +527,7 @@ class CAInstance(service.Service): config.set("CA", "pki_admin_nickname", "ipa-ca-agent") config.set("CA", "pki_admin_subject_dn", str(DN(('cn', 'ipa-ca-agent'), self.subject_base))) - config.set("CA", "pki_client_admin_cert_p12", "/root/ca-agent.p12") + config.set("CA", "pki_client_admin_cert_p12", paths.CA_AGENT_P12) # Directory server config.set("CA", "pki_ds_ldap_port", str(self.ds_port)) @@ -555,9 +556,9 @@ class CAInstance(service.Service): if (self.clone): cafile = self.pkcs12_info[0] - shutil.copy(cafile, "/tmp/ca.p12") + shutil.copy(cafile, paths.TMP_CA_P12) pent = pwd.getpwnam(PKI_USER) - os.chown("/tmp/ca.p12", pent.pw_uid, pent.pw_gid) + os.chown(paths.TMP_CA_P12, pent.pw_uid, pent.pw_gid) # Security domain registration config.set("CA", "pki_security_domain_hostname", self.master_host) @@ -567,7 +568,7 @@ class CAInstance(service.Service): # Clone config.set("CA", "pki_clone", "True") - config.set("CA", "pki_clone_pkcs12_path", "/tmp/ca.p12") + config.set("CA", "pki_clone_pkcs12_path", paths.TMP_CA_P12) config.set("CA", "pki_clone_pkcs12_password", self.dm_password) config.set("CA", "pki_clone_replication_security", "TLS") config.set("CA", "pki_clone_replication_master_port", str(self.master_replication_port)) @@ -593,7 +594,7 @@ class CAInstance(service.Service): # Define the things we don't want logged nolog = (self.admin_password, self.dm_password,) - args = ["/usr/sbin/pkispawn", "-s", "CA", "-f", cfg_file ] + args = [paths.PKISPAWN, "-s", "CA", "-f", cfg_file ] with open(cfg_file) as f: root_logger.debug( @@ -613,8 +614,8 @@ class CAInstance(service.Service): print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" sys.exit(0) else: - shutil.move("/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12", \ - "/root/cacert.p12") + shutil.move(paths.CA_BACKUP_KEYS_P12, \ + paths.CACERT_P12) root_logger.debug("completed creating ca instance") @@ -624,8 +625,8 @@ class CAInstance(service.Service): """ # Only used for Dogtag 9 - args = ['/usr/bin/pkicreate', - '-pki_instance_root', '/var/lib', + args = [paths.PKICREATE, + '-pki_instance_root', paths.VAR_LIB, '-pki_instance_name', self.dogtag_constants.PKI_INSTANCE_NAME, '-subsystem_type', 'ca', @@ -660,9 +661,9 @@ class CAInstance(service.Service): root_logger.debug("ca user %s exists" % PKI_USER) except KeyError: root_logger.debug("adding ca user %s" % PKI_USER) - args = ["/usr/sbin/useradd", "-c", "CA System User", - "-d", "/var/lib", - "-s", "/sbin/nologin", + args = [paths.USERADD, "-c", "CA System User", + "-d", paths.VAR_LIB, + "-s", paths.NOLOGIN, "-M", "-r", PKI_USER] try: ipautil.run(args) @@ -676,7 +677,7 @@ class CAInstance(service.Service): self.server_root, self.dogtag_constants.PKI_INSTANCE_NAME) try: - args = ["/usr/bin/perl", "/usr/bin/pkisilent", "ConfigureCA", + args = [paths.PERL, paths.PKISILENT, "ConfigureCA", "-cs_hostname", self.fqdn, "-cs_port", str(self.dogtag_constants.ADMIN_SECURE_PORT), "-client_certdb_dir", self.ca_agent_db, @@ -731,9 +732,9 @@ class CAInstance(service.Service): """ # The install wizard expects the file to be here. cafile = self.pkcs12_info[0] - shutil.copy(cafile, "/var/lib/pki-ca/alias/ca.p12") + shutil.copy(cafile, paths.PKI_ALIAS_CA_P12) pent = pwd.getpwnam(PKI_USER) - os.chown("/var/lib/pki-ca/alias/ca.p12", pent.pw_uid, pent.pw_gid ) + os.chown(paths.PKI_ALIAS_CA_P12, pent.pw_uid, pent.pw_gid ) args.append("-clone") args.append("true") args.append("-clone_p12_file") @@ -773,8 +774,8 @@ class CAInstance(service.Service): # pkisilent makes a copy of the CA PKCS#12 file for us but gives # it a lousy name. - if ipautil.file_exists("/root/tmp-ca.p12"): - shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") + if ipautil.file_exists(paths.ROOT_TMP_CA_P12): + shutil.move(paths.ROOT_TMP_CA_P12, paths.CACERT_P12) root_logger.debug("completed creating ca instance") @@ -805,7 +806,7 @@ class CAInstance(service.Service): # Look thru the cert chain to get all the certs we need to add # trust for - p = subprocess.Popen(["/usr/bin/certutil", "-d", self.ca_agent_db, + p = subprocess.Popen([paths.CERTUTIL, "-d", self.ca_agent_db, "-O", "-n", "ipa-ca-agent"], stdout=subprocess.PIPE) chain = p.stdout.read() @@ -836,7 +837,7 @@ class CAInstance(service.Service): # to use the final RA agent database when issuing certs for DS and # mod_nss. args = [ - '/usr/bin/sslget', + paths.SSLGET, '-v', '-n', 'ipa-ca-agent', '-p', self.admin_password, @@ -857,7 +858,7 @@ class CAInstance(service.Service): # Now issue the RA certificate. args = [ - '/usr/bin/sslget', + paths.SSLGET, '-v', '-n', 'ipa-ca-agent', '-p', self.admin_password, @@ -951,7 +952,7 @@ class CAInstance(service.Service): database = self.ra_agent_db if not pwd_file: pwd_file = self.ra_agent_pwd - new_args = ["/usr/bin/certutil", "-d", database, "-f", pwd_file] + new_args = [paths.CERTUTIL, "-d", database, "-f", pwd_file] new_args = new_args + args return ipautil.run(new_args, stdin, nolog=(pwd_file,)) @@ -987,9 +988,9 @@ class CAInstance(service.Service): os.write(pwd_fd, self.admin_password) os.close(pwd_fd) try: - ipautil.run(["/usr/bin/pk12util", + ipautil.run([paths.PK12UTIL, "-n", "ipa-ca-agent", - "-o", "/root/ca-agent.p12", + "-o", paths.CA_AGENT_P12, "-d", self.ca_agent_db, "-k", pwd_name, "-w", pwd_name]) @@ -1008,7 +1009,7 @@ class CAInstance(service.Service): # makes openssl throw up. data = base64.b64decode(chain) - (certlist, stderr, returncode) = ipautil.run(["/usr/bin/openssl", + (certlist, stderr, returncode) = ipautil.run([paths.OPENSSL, "pkcs7", "-inform", "DER", @@ -1318,11 +1319,11 @@ class CAInstance(service.Service): try: if self.dogtag_constants.DOGTAG_VERSION >= 10: - ipautil.run(["/usr/sbin/pkidestroy", "-i", + ipautil.run([paths.PKIDESTROY, "-i", self.dogtag_constants.PKI_INSTANCE_NAME, "-s", "CA"]) else: - ipautil.run(["/usr/bin/pkiremove", + ipautil.run([paths.PKIREMOVE, "-pki_instance_root=/var/lib", "-pki_instance_name=%s" % self.dogtag_constants.PKI_INSTANCE_NAME, @@ -1401,7 +1402,7 @@ class CAInstance(service.Service): if not path: iface.add_known_ca( 'dogtag-ipa-ca-renew-agent', - '/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit', []) + paths.DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT, []) def configure_agent_renewal(self): try: @@ -1409,8 +1410,8 @@ class CAInstance(service.Service): ca='dogtag-ipa-ca-renew-agent', nickname='ipaCert', pin=None, - pinfile='/etc/httpd/alias/pwdfile.txt', - secdir='/etc/httpd/alias', + pinfile=paths.ALIAS_PWDFILE_TXT, + secdir=paths.HTTPD_ALIAS_DIR, pre_command=None, post_command='renew_ra_cert') except (ipautil.CalledProcessError, RuntimeError), e: @@ -1802,5 +1803,5 @@ if __name__ == "__main__": standard_logging_setup("install.log") ds = dsinstance.DsInstance() - ca = CAInstance("EXAMPLE.COM", "/etc/httpd/alias") + ca = CAInstance("EXAMPLE.COM", paths.HTTPD_ALIAS_DIR) ca.configure_instance("catest.example.com", "example.com", "password", "password") diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index a005fb9f7..6e01efb9c 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -42,10 +42,11 @@ from ipalib import pkcs10, x509, api from ipalib.errors import CertificateOperationError from ipalib.text import _ from ipaplatform import services +from ipaplatform.paths import paths # Apache needs access to this database so we need to create it # where apache can reach -NSS_DIR = "/etc/httpd/alias" +NSS_DIR = paths.HTTPD_ALIAS_DIR def find_cert_from_txt(cert, start=0): """ @@ -114,7 +115,7 @@ class NSSDatabase(object): self.close() def run_certutil(self, args, stdin=None): - new_args = ["/usr/bin/certutil", "-d", self.secdir] + new_args = [paths.CERTUTIL, "-d", self.secdir] new_args = new_args + args return ipautil.run(new_args, stdin) @@ -177,12 +178,12 @@ class NSSDatabase(object): def import_pkcs12(self, pkcs12_filename, db_password_filename, pkcs12_passwd=None): - args = ["/usr/bin/pk12util", "-d", self.secdir, + args = [paths.PK12UTIL, "-d", self.secdir, "-i", pkcs12_filename, "-k", db_password_filename, '-v'] if pkcs12_passwd is not None: pkcs12_passwd = pkcs12_passwd + '\n' - args = args + ["-w", "/dev/stdin"] + args = args + ["-w", paths.DEV_STDIN] try: ipautil.run(args, stdin=pkcs12_passwd) except ipautil.CalledProcessError, e: @@ -298,7 +299,7 @@ class CertDB(object): self.cacert_fname = self.secdir + "/cacert.asc" self.pk12_fname = self.secdir + "/cacert.p12" self.pin_fname = self.secdir + "/pin.txt" - self.pwd_conf = "/etc/httpd/conf/password.conf" + self.pwd_conf = paths.HTTPD_PASSWORD_CONF self.reqdir = None self.certreq_fname = None self.certder_fname = None @@ -328,7 +329,7 @@ class CertDB(object): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) subject_base = ipautil.dn_attribute_property('_subject_base') @@ -351,7 +352,7 @@ class CertDB(object): if self.reqdir is not None: return - self.reqdir = tempfile.mkdtemp('', 'ipa-', '/var/lib/ipa') + self.reqdir = tempfile.mkdtemp('', 'ipa-', paths.VAR_LIB_IPA) self.certreq_fname = self.reqdir + "/tmpcertreq" self.certder_fname = self.reqdir + "/tmpcert.der" @@ -379,7 +380,7 @@ class CertDB(object): def run_signtool(self, args, stdin=None): with open(self.passwd_fname, "r") as f: password = f.readline() - new_args = ["/usr/bin/signtool", "-d", self.secdir, "-p", password] + new_args = [paths.SIGNTOOL, "-d", self.secdir, "-p", password] new_args = new_args + args ipautil.run(new_args, stdin) @@ -446,7 +447,7 @@ class CertDB(object): os.chmod(self.cacert_fname, stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH) if create_pkcs12: ipautil.backup_file(self.pk12_fname) - ipautil.run(["/usr/bin/pk12util", "-d", self.secdir, + ipautil.run([paths.PK12UTIL, "-d", self.secdir, "-o", self.pk12_fname, "-n", self.cacert_name, "-w", self.passwd_fname, @@ -508,7 +509,7 @@ class CertDB(object): libpath = 'lib64' else: libpath = 'lib' - command = '/usr/%s/ipa/certmonger/%s' % (libpath, command) + command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command) cmonger = services.knownservices.certmonger cmonger.enable() services.knownservices.messagebus.start() @@ -779,7 +780,7 @@ class CertDB(object): if nickname is None: nickname = get_ca_nickname(api.env.realm) - ipautil.run(["/usr/bin/pk12util", "-d", self.secdir, + ipautil.run([paths.PK12UTIL, "-d", self.secdir, "-o", pkcs12_fname, "-n", nickname, "-k", self.passwd_fname, @@ -787,7 +788,7 @@ class CertDB(object): def export_pem_p12(self, pkcs12_fname, pkcs12_pwd_fname, nickname, pem_fname): - ipautil.run(["/usr/bin/openssl", "pkcs12", + ipautil.run([paths.OPENSSL, "pkcs12", "-export", "-name", nickname, "-in", pem_fname, "-out", pkcs12_fname, "-passout", "file:" + pkcs12_pwd_fname]) @@ -857,7 +858,7 @@ class CertDB(object): def install_pem_from_p12(self, p12_fname, p12_passwd, pem_fname): pwd = ipautil.write_tmp_file(p12_passwd) - ipautil.run(["/usr/bin/openssl", "pkcs12", "-nodes", + ipautil.run([paths.OPENSSL, "pkcs12", "-nodes", "-in", p12_fname, "-out", pem_fname, "-passin", "file:" + pwd.name]) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index c1b2ba62a..2a9f3b618 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -43,9 +43,10 @@ from ipaplatform.tasks import tasks from ipalib.constants import CACERT from ipapython.dn import DN from ipaplatform import services +from ipaplatform.paths import paths -SERVER_ROOT_64 = "/usr/lib64/dirsrv" -SERVER_ROOT_32 = "/usr/lib/dirsrv" +SERVER_ROOT_64 = paths.USR_LIB_DIRSRV_64 +SERVER_ROOT_32 = paths.USR_LIB_DIRSRV DS_USER = 'dirsrv' DS_GROUP = 'dirsrv' @@ -75,32 +76,32 @@ def realm_to_serverid(realm_name): return "-".join(realm_name.split(".")) def config_dirname(serverid): - return "/etc/dirsrv/slapd-" + serverid + "/" + return (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid) + "/" def schema_dirname(serverid): return config_dirname(serverid) + "/schema/" def erase_ds_instance_data(serverid): - installutils.rmtree("/etc/dirsrv/slapd-%s" % serverid) + installutils.rmtree(paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid) - installutils.rmtree("/usr/lib/dirsrv/slapd-%s" % serverid) + installutils.rmtree(paths.USR_LIB_SLAPD_INSTANCE_TEMPLATE % serverid) - installutils.rmtree("/usr/lib64/dirsrv/slapd-%s" % serverid) + installutils.rmtree(paths.USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE % serverid) - installutils.rmtree("/var/lib/dirsrv/slapd-%s" % serverid) + installutils.rmtree(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % serverid) - installutils.rmtree("/var/lock/dirsrv/slapd-%s" % serverid) + installutils.rmtree(paths.SLAPD_INSTANCE_LOCK_TEMPLATE % serverid) - installutils.remove_file("/var/run/slapd-%s.socket" % serverid) + installutils.remove_file(paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % serverid) - installutils.rmtree("/var/lib/dirsrv/scripts-%s" % serverid) + installutils.rmtree(paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid) - installutils.remove_file("/etc/dirsrv/ds.keytab") + installutils.remove_file(paths.DS_KEYTAB) - installutils.remove_file("/etc/sysconfig/dirsrv-%s" % serverid) + installutils.remove_file(paths.SYSCONFIG_DIRSRV_INSTANCE % serverid) # try: -# shutil.rmtree("/var/log/dirsrv/slapd-%s" % serverid) +# shutil.rmtree(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % serverid) # except: # pass @@ -112,7 +113,7 @@ def get_ds_instances(): matches 389ds behavior. ''' - dirsrv_instance_dir='/etc/dirsrv' + dirsrv_instance_dir=paths.ETC_DIRSRV instance_prefix = 'slapd-' instances = [] @@ -158,11 +159,11 @@ def create_ds_user(): except KeyError: root_logger.debug('Adding DS user %s', DS_USER) args = [ - '/usr/sbin/useradd', + paths.USERADD, '-g', DS_GROUP, '-c', 'DS System User', - '-d', '/var/lib/dirsrv', - '-s', '/sbin/nologin', + '-d', paths.VAR_LIB_DIRSRV, + '-s', paths.NOLOGIN, '-M', '-r', DS_USER ] try: @@ -184,7 +185,7 @@ def create_ds_group(): except KeyError: group_exists = False root_logger.debug('Adding DS group %s', DS_GROUP) - args = ['/usr/sbin/groupadd', '-r', DS_GROUP] + args = [paths.GROUPADD, '-r', DS_GROUP] try: ipautil.run(args) root_logger.debug('Done adding DS group') @@ -251,7 +252,7 @@ class DsInstance(service.Service): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) subject_base = ipautil.dn_attribute_property('_subject_base') @@ -433,13 +434,13 @@ class DsInstance(service.Service): pent = pwd.getpwnam(DS_USER) self.backup_state("serverid", self.serverid) - self.fstore.backup_file("/etc/sysconfig/dirsrv") + self.fstore.backup_file(paths.SYSCONFIG_DIRSRV) self.sub_dict['BASEDC'] = self.realm.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) root_logger.debug(base_txt) - target_fname = '/var/lib/dirsrv/boot.ldif' + target_fname = paths.DIRSRV_BOOT_LDIF base_fd = open(target_fname, "w") base_fd.write(base_txt) base_fd.close() @@ -453,11 +454,11 @@ class DsInstance(service.Service): inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) root_logger.debug(inf_txt) - if ipautil.file_exists("/usr/sbin/setup-ds.pl"): - args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name] + if ipautil.file_exists(paths.SETUP_DS_PL): + args = [paths.SETUP_DS_PL, "--silent", "--logfile", "-", "-f", inf_fd.name] root_logger.debug("calling setup-ds.pl") else: - args = ["/usr/bin/ds_newinst.pl", inf_fd.name] + args = [paths.DS_NEWINST_PL, inf_fd.name] root_logger.debug("calling ds_newinst.pl") try: ipautil.run(args) @@ -476,7 +477,7 @@ class DsInstance(service.Service): print "failed to restart ds instance", e root_logger.debug("failed to restart ds instance %s" % e) inf_fd.close() - os.remove("/var/lib/dirsrv/boot.ldif") + os.remove(paths.DIRSRV_BOOT_LDIF) def __add_default_schemas(self): pent = pwd.getpwnam(DS_USER) @@ -560,7 +561,7 @@ class DsInstance(service.Service): def __enable_compat_plugin(self): ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict) - rv = ld.update(['/usr/share/ipa/schema_compat.uldif']) + rv = ld.update([paths.SCHEMA_COMPAT_ULDIF]) if not rv: raise RuntimeError("Enabling compatibility plugin failed") @@ -591,8 +592,8 @@ class DsInstance(service.Service): def configure_dirsrv_ccache(self): pent = pwd.getpwnam("dirsrv") - ccache = '/tmp/krb5cc_%d' % pent.pw_uid - filepath = '/etc/sysconfig/dirsrv' + ccache = paths.TMP_KRB5CC % pent.pw_uid + filepath = paths.SYSCONFIG_DIRSRV if not os.path.exists(filepath): # file doesn't exist; create it with correct ownership & mode open(filepath, 'a').close() @@ -753,15 +754,15 @@ class DsInstance(service.Service): admpwdfile = "" try: - (dmpwdfd, dmpwdfile) = tempfile.mkstemp(dir='/var/lib/ipa') + (dmpwdfd, dmpwdfile) = tempfile.mkstemp(dir=paths.VAR_LIB_IPA) os.write(dmpwdfd, self.dm_password) os.close(dmpwdfd) - (admpwdfd, admpwdfile) = tempfile.mkstemp(dir='/var/lib/ipa') + (admpwdfd, admpwdfile) = tempfile.mkstemp(dir=paths.VAR_LIB_IPA) os.write(admpwdfd, password) os.close(admpwdfd) - args = ["/usr/bin/ldappasswd", "-h", self.fqdn, + args = [paths.LDAPPASSWD, "-h", self.fqdn, "-ZZ", "-x", "-D", str(DN(('cn', 'Directory Manager'))), "-y", dmpwdfile, "-T", admpwdfile, str(DN(('uid', 'admin'), ('cn', 'users'), ('cn', 'accounts'), self.suffix))] @@ -790,8 +791,8 @@ class DsInstance(service.Service): running = self.restore_state("running") try: - self.fstore.restore_file("/etc/security/limits.conf") - self.fstore.restore_file("/etc/sysconfig/dirsrv") + self.fstore.restore_file(paths.LIMITS_CONF) + self.fstore.restore_file(paths.SYSCONFIG_DIRSRV) except ValueError, error: root_logger.debug(error) pass diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 2709356be..3ca3bf77f 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -35,19 +35,9 @@ from ipapython.ipa_log_manager import * from ipaserver.install import sysupgrade from ipalib import api from ipaplatform.tasks import tasks +from ipaplatform.paths import paths from ipalib.constants import CACERT -HTTPD_DIR = "/etc/httpd" -SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf" -NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf" - -selinux_warning = """ -WARNING: could not set selinux boolean(s) %(var)s to true. The web -interface may not function correctly until this boolean is successfully -change with the command: - /usr/sbin/setsebool -P %(var)s true -Try updating the policycoreutils and selinux-policy packages. -""" def httpd_443_configured(): """ @@ -58,7 +48,7 @@ def httpd_443_configured(): False otherwise. """ try: - (stdout, stderr, rc) = ipautil.run(['/usr/sbin/httpd', '-t', '-D', 'DUMP_VHOSTS']) + (stdout, stderr, rc) = ipautil.run([paths.HTTPD, '-t', '-D', 'DUMP_VHOSTS']) except ipautil.CalledProcessError, e: service.print_msg("WARNING: cannot check if port 443 is already configured") service.print_msg("httpd returned error when checking: %s" % e) @@ -84,7 +74,7 @@ class HTTPInstance(service.Service): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) self.cert_nickname = cert_nickname @@ -151,15 +141,15 @@ class HTTPInstance(service.Service): else: updates = ["%s=%s" % update for update in changes.iteritems()] - args = ["/usr/sbin/setsebool", "-P"] + args = [paths.SETSEBOOL, "-P"] args.extend(updates) return args selinux = False try: - if (os.path.exists('/usr/sbin/selinuxenabled')): - ipautil.run(["/usr/sbin/selinuxenabled"]) + if (os.path.exists(paths.SELINUXENABLED)): + ipautil.run([paths.SELINUXENABLED]) selinux = True except ipautil.CalledProcessError: # selinuxenabled returns 1 if not enabled @@ -173,7 +163,7 @@ class HTTPInstance(service.Service): ("httpd_manage_ipa", "on")) for setting, state in required_settings: try: - (stdout, stderr, returncode) = ipautil.run(["/usr/sbin/getsebool", setting]) + (stdout, stderr, returncode) = ipautil.run([paths.GETSEBOOL, setting]) original_state = stdout.split()[2] self.backup_state(setting, original_state) @@ -208,12 +198,12 @@ class HTTPInstance(service.Service): def __create_http_keytab(self): installutils.kadmin_addprinc(self.principal) - installutils.create_keytab("/etc/httpd/conf/ipa.keytab", self.principal) + installutils.create_keytab(paths.IPA_KEYTAB, self.principal) self.move_service(self.principal) self.add_cert_to_service() pent = pwd.getpwnam("apache") - os.chown("/etc/httpd/conf/ipa.keytab", pent.pw_uid, pent.pw_gid) + os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid) def remove_httpd_ccache(self): # Clean up existing ccache @@ -222,17 +212,17 @@ class HTTPInstance(service.Service): ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={}) def __configure_http(self): - target_fname = '/etc/httpd/conf.d/ipa.conf' + target_fname = paths.HTTPD_IPA_CONF http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict) - self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf") + self.fstore.backup_file(paths.HTTPD_IPA_CONF) http_fd = open(target_fname, "w") http_fd.write(http_txt) http_fd.close() os.chmod(target_fname, 0644) - target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf' + target_fname = paths.HTTPD_IPA_REWRITE_CONF http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict) - self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf") + self.fstore.backup_file(paths.HTTPD_IPA_REWRITE_CONF) http_fd = open(target_fname, "w") http_fd.write(http_txt) http_fd.close() @@ -249,28 +239,28 @@ class HTTPInstance(service.Service): # # Remove the workaround. if sysupgrade.get_upgrade_state('nss.conf', 'listen_port_updated'): - installutils.set_directive(NSS_CONF, 'Listen', '443', quotes=False) + installutils.set_directive(paths.HTTPD_NSS_CONF, 'Listen', '443', quotes=False) sysupgrade.set_upgrade_state('nss.conf', 'listen_port_updated', False) def __set_mod_nss_port(self): - self.fstore.backup_file(NSS_CONF) - if installutils.update_file(NSS_CONF, '8443', '443') != 0: - print "Updating port in %s failed." % NSS_CONF + self.fstore.backup_file(paths.HTTPD_NSS_CONF) + if installutils.update_file(paths.HTTPD_NSS_CONF, '8443', '443') != 0: + print "Updating port in %s failed." % paths.HTTPD_NSS_CONF def __set_mod_nss_nickname(self, nickname): - installutils.set_directive(NSS_CONF, 'NSSNickname', nickname) + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', nickname) def enable_mod_nss_renegotiate(self): - installutils.set_directive(NSS_CONF, 'NSSRenegotiation', 'on', False) - installutils.set_directive(NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False) + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRenegotiation', 'on', False) + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False) def __set_mod_nss_passwordfile(self): - installutils.set_directive(NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf') + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf') def __add_include(self): """This should run after __set_mod_nss_port so is already backed up""" - if installutils.update_file(NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0: - print "Adding Include conf.d/ipa-rewrite to %s failed." % NSS_CONF + if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0: + print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF def __setup_ssl(self): fqdn = self.fqdn @@ -321,7 +311,7 @@ class HTTPInstance(service.Service): tasks.restore_context(certs.NSS_DIR + "/key3.db") def __setup_autoconfig(self): - target_fname = '/usr/share/ipa/html/preferences.html' + target_fname = paths.PREFERENCES_HTML ipautil.copy_template_file( ipautil.SHARE_DIR + "preferences.html.template", target_fname, self.sub_dict) @@ -335,8 +325,8 @@ class HTTPInstance(service.Service): # Setup configure.jar if db.has_nickname('Signing-Cert'): tmpdir = tempfile.mkdtemp(prefix="tmp-") - target_fname = '/usr/share/ipa/html/configure.jar' - shutil.copy("/usr/share/ipa/html/preferences.html", tmpdir) + target_fname = paths.CONFIGURE_JAR + shutil.copy(paths.PREFERENCES_HTML, tmpdir) db.run_signtool(["-k", "Signing-Cert", "-Z", target_fname, "-e", ".html", "-p", pwd, @@ -356,7 +346,7 @@ class HTTPInstance(service.Service): ``force`` is true. """ - target_fname = '/usr/share/ipa/html/krb.js' + target_fname = paths.KRB_JS if os.path.exists(target_fname) and not force: root_logger.info( '%s exists, skipping install of Firefox extension', @@ -375,8 +365,8 @@ class HTTPInstance(service.Service): # Setup extension tmpdir = tempfile.mkdtemp(prefix="tmp-") extdir = tmpdir + "/ext" - target_fname = "/usr/share/ipa/html/kerberosauth.xpi" - shutil.copytree("/usr/share/ipa/ffextension", extdir) + target_fname = paths.KERBEROSAUTH_XPI + shutil.copytree(paths.FFEXTENSION, extdir) if db.has_nickname('Signing-Cert'): db.run_signtool(["-k", "Signing-Cert", "-p", pwd, @@ -386,14 +376,14 @@ class HTTPInstance(service.Service): root_logger.warning('Object-signing certificate was not found. ' 'Creating unsigned Firefox configuration extension.') filenames = os.listdir(extdir) - ipautil.run(['/usr/bin/zip', '-r', target_fname] + filenames, + ipautil.run([paths.ZIP, '-r', target_fname] + filenames, cwd=extdir) shutil.rmtree(tmpdir) os.chmod(target_fname, 0644) def __publish_ca_cert(self): ca_db = certs.CertDB(self.realm) - ca_db.publish_ca_cert("/usr/share/ipa/html/ca.crt") + ca_db.publish_ca_cert(paths.CA_CRT) def uninstall(self): if self.is_configured(): @@ -409,7 +399,7 @@ class HTTPInstance(service.Service): if not enabled is None and not enabled: self.disable() - for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]: + for f in [paths.HTTPD_IPA_CONF, paths.HTTPD_SSL_CONF, paths.HTTPD_NSS_CONF]: try: self.fstore.restore_file(f) except ValueError, error: @@ -417,15 +407,15 @@ class HTTPInstance(service.Service): pass # Remove the configuration files we create - installutils.remove_file("/etc/httpd/conf.d/ipa-rewrite.conf") - installutils.remove_file("/etc/httpd/conf.d/ipa.conf") - installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf") + installutils.remove_file(paths.HTTPD_IPA_REWRITE_CONF) + installutils.remove_file(paths.HTTPD_IPA_CONF) + installutils.remove_file(paths.HTTPD_IPA_PKI_PROXY_CONF) for var in ["httpd_can_network_connect", "httpd_manage_ipa"]: sebool_state = self.restore_state(var) if not sebool_state is None: try: - ipautil.run(["/usr/sbin/setsebool", "-P", var, sebool_state]) + ipautil.run([paths.SETSEBOOL, "-P", var, sebool_state]) except ipautil.CalledProcessError, e: self.print_msg("Cannot restore SELinux boolean '%s' back to '%s': %s" \ % (var, sebool_state, e)) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 48c347e04..2c7479795 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -43,6 +43,7 @@ from ipalib import errors from ipapython.dn import DN from ipaserver.install import certs, service from ipaplatform import services +from ipaplatform.paths import paths # Used to determine install status IPA_MODULES = [ @@ -172,7 +173,7 @@ def verify_fqdn(host_name, no_host_dns=False, local_hostname=True): raise HostReverseLookupError("The host name %s does not match the reverse lookup %s" % (host_name, revname)) verified.add(address) -def record_in_hosts(ip, host_name=None, file="/etc/hosts"): +def record_in_hosts(ip, host_name=None, file=paths.HOSTS): """ Search record in /etc/hosts - static table lookup for hostnames @@ -209,7 +210,7 @@ def record_in_hosts(ip, host_name=None, file="/etc/hosts"): return None -def add_record_to_hosts(ip, host_name, file="/etc/hosts"): +def add_record_to_hosts(ip, host_name, file=paths.HOSTS): hosts_fd = open(file, 'r+') hosts_fd.seek(0, 2) hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n') @@ -488,7 +489,7 @@ def get_server_ip_address(host_name, fstore, unattended, options): if hosts_record is None: if ip_add_to_hosts: print "Adding ["+ip_address+" "+host_name+"] to your /etc/hosts file" - fstore.backup_file("/etc/hosts") + fstore.backup_file(paths.HOSTS) add_record_to_hosts(ip_address, host_name) else: primary_host = hosts_record[1][0] @@ -566,7 +567,7 @@ def check_server_configuration(): Most convenient use case for the function is in install tools that require configured IPA for its function. """ - server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + server_fstore = sysrestore.FileStore(paths.SYSRESTORE) if not server_fstore.has_files(): raise RuntimeError("IPA is not configured on this system.") @@ -597,8 +598,8 @@ def is_ipa_configured(): """ installed = False - sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore') - fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + sstore = sysrestore.StateFile(paths.SYSRESTORE) + fstore = sysrestore.FileStore(paths.SYSRESTORE) for module in IPA_MODULES: if sstore.has_state(module): diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index e704c1cb8..91330dfa3 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -25,6 +25,7 @@ import time import pwd from optparse import OptionGroup from ConfigParser import SafeConfigParser +from ipaplatform.paths import paths from ipaplatform import services from ipalib import api, errors @@ -62,14 +63,14 @@ EOF --keyring /root/backup.pub --list-secret-keys """ -BACKUP_DIR = '/var/lib/ipa/backup' +BACKUP_DIR = paths.IPA_BACKUP_DIR def encrypt_file(filename, keyring, remove_original=True): source = filename dest = filename + '.gpg' - args = ['/usr/bin/gpg', + args = [paths.GPG, '--batch', '--default-recipient-self', '-o', dest] @@ -96,91 +97,91 @@ def encrypt_file(filename, keyring, remove_original=True): class Backup(admintool.AdminTool): command_name = 'ipa-backup' - log_file_name = '/var/log/ipabackup.log' + log_file_name = paths.IPABACKUP_LOG usage = "%prog [options]" description = "Back up IPA files and databases." - dirs = ('/usr/share/ipa/html', - '/root/.pki', - '/etc/pki-ca', - '/etc/pki/pki-tomcat', - '/etc/sysconfig/pki', - '/etc/httpd/alias', - '/var/lib/pki', - '/var/lib/pki-ca', - '/var/lib/ipa/sysrestore', - '/var/lib/ipa-client/sysrestore', - '/var/lib/sss/pubconf/krb5.include.d', - '/var/lib/authconfig/last', - '/var/lib/certmonger', - '/var/lib/ipa', - '/var/run/dirsrv', - '/var/lock/dirsrv', + dirs = (paths.IPA_HTML_DIR, + paths.ROOT_PKI, + paths.ETC_PKI_CA_DIR, + paths.PKI_TOMCAT, + paths.SYSCONFIG_PKI, + paths.HTTPD_ALIAS_DIR, + paths.VAR_LIB_PKI_DIR, + paths.VAR_LIB_PKI_CA_DIR, + paths.SYSRESTORE, + paths.IPA_CLIENT_SYSRESTORE, + paths.SSS_KRB5_INCLUDE_D, + paths.AUTHCONFIG_LAST, + paths.VAR_LIB_CERTMONGER_DIR, + paths.VAR_LIB_IPA, + paths.VAR_RUN_DIRSRV_DIR, + paths.DIRSRV_LOCK_DIR, ) files = ( - '/etc/named.conf', - '/etc/named.keytab', - '/etc/resolv.conf', - '/etc/sysconfig/pki-ca', - '/etc/sysconfig/pki-tomcat', - '/etc/sysconfig/dirsrv', - '/etc/sysconfig/ntpd', - '/etc/sysconfig/krb5kdc', - '/etc/sysconfig/pki/ca/pki-ca', - '/etc/sysconfig/authconfig', - '/etc/pki/nssdb/cert8.db', - '/etc/pki/nssdb/key3.db', - '/etc/pki/nssdb/secmod.db', - '/etc/nsswitch.conf', - '/etc/krb5.keytab', - '/etc/sssd/sssd.conf', - '/etc/openldap/ldap.conf', - '/etc/security/limits.conf', - '/etc/httpd/conf/password.conf', - '/etc/httpd/conf/ipa.keytab', - '/etc/httpd/conf.d/ipa-pki-proxy.conf', - '/etc/httpd/conf.d/ipa-rewrite.conf', - '/etc/httpd/conf.d/nss.conf', - '/etc/httpd/conf.d/ipa.conf', - '/etc/ssh/sshd_config', - '/etc/ssh/ssh_config', - '/etc/krb5.conf', - '/etc/group', - '/etc/passwd', + paths.NAMED_CONF, + paths.NAMED_KEYTAB, + paths.RESOLV_CONF, + paths.SYSCONFIG_PKI_CA_DIR, + paths.SYSCONFIG_PKI_TOMCAT, + paths.SYSCONFIG_DIRSRV, + paths.SYSCONFIG_NTPD, + paths.SYSCONFIG_KRB5KDC_DIR, + paths.SYSCONFIG_PKI_CA_PKI_CA_DIR, + paths.ETC_SYSCONFIG_AUTHCONFIG, + paths.NSSDB_CERT8_DB, + paths.NSSDB_KEY3_DB, + paths.NSSDB_SECMOD_DB, + paths.NSSWITCH_CONF, + paths.KRB5_KEYTAB, + paths.SSSD_CONF, + paths.OPENLDAP_LDAP_CONF, + paths.LIMITS_CONF, + paths.HTTPD_PASSWORD_CONF, + paths.IPA_KEYTAB, + paths.HTTPD_IPA_PKI_PROXY_CONF, + paths.HTTPD_IPA_REWRITE_CONF, + paths.HTTPD_NSS_CONF, + paths.HTTPD_IPA_CONF, + paths.SSHD_CONFIG, + paths.SSH_CONFIG, + paths.KRB5_CONF, + paths.GROUP, + paths.PASSWD, CACERT, - '/etc/ipa/default.conf', - '/etc/dirsrv/ds.keytab', - '/etc/ntp.conf', - '/etc/samba/smb.conf', - '/etc/samba/samba.keytab', - '/root/ca-agent.p12', - '/root/cacert.p12', - '/var/kerberos/krb5kdc/kdc.conf', - '/etc/systemd/system/multi-user.target.wants/ipa.service', - '/etc/systemd/system/multi-user.target.wants/sssd.service', - '/etc/systemd/system/multi-user.target.wants/certmonger.service', - '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service', - '/var/run/ipa/services.list', + paths.IPA_DEFAULT_CONF, + paths.DS_KEYTAB, + paths.NTP_CONF, + paths.SMB_CONF, + paths.SAMBA_KEYTAB, + paths.CA_AGENT_P12, + paths.CACERT_P12, + paths.KRB5KDC_KDC_CONF, + paths.SYSTEMD_IPA_SERVICE, + paths.SYSTEMD_SSSD_SERVICE, + paths.SYSTEMD_CERTMONGER_SERVICE, + paths.SYSTEMD_PKI_TOMCAT_SERVICE, + paths.SVC_LIST_FILE, ) logs=( - '/var/log/pki-ca', - '/var/log/pki/', - '/var/log/dirsrv/slapd-PKI-IPA', - '/var/log/httpd', - '/var/log/ipaserver-install.log', - '/var/log/kadmind.log', - '/var/log/pki-ca-install.log', - '/var/log/messages', - '/var/log/ipaclient-install.log', - '/var/log/secure', - '/var/log/ipaserver-uninstall.log', - '/var/log/pki-ca-uninstall.log', - '/var/log/ipaclient-uninstall.log', - '/var/named/data/named.run', + paths.PKI_CA_LOG_DIR, + paths.VAR_LOG_PKI_DIR, + paths.VAR_LOG_SLAPD_PKI_IPA_DIR, + paths.VAR_LOG_HTTPD_DIR, + paths.IPASERVER_INSTALL_LOG, + paths.KADMIND_LOG, + paths.PKI_CA_INSTALL_LOG, + paths.MESSAGES, + paths.IPACLIENT_INSTALL_LOG, + paths.LOG_SECURE, + paths.IPASERVER_UNINSTALL_LOG, + paths.PKI_CA_UNINSTALL_LOG, + paths.IPACLIENT_UNINSTALL_LOG, + paths.NAMED_RUN, ) def __init__(self, options, args): @@ -277,8 +278,8 @@ class Backup(admintool.AdminTool): run(['ipactl', 'stop']) for instance in [realm_to_serverid(api.env.realm), 'PKI-IPA']: - if os.path.exists('/var/lib/dirsrv/slapd-%s' % instance): - if os.path.exists('/var/lib/dirsrv/slapd-%s/db/ipaca' % instance): + if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): + if os.path.exists(paths.IPACA_DIRSRV_INSTANCE_DB_TEMPLATE % instance): self.db2ldif(instance, 'ipaca', online=options.online) self.db2ldif(instance, 'userRoot', online=options.online) self.db2bak(instance, online=options.online) @@ -310,26 +311,26 @@ class Backup(admintool.AdminTool): instance. ''' for dir in [ - '/etc/dirsrv/slapd-%s' % realm_to_serverid(api.env.realm), - '/var/lib/dirsrv/scripts-%s' % realm_to_serverid(api.env.realm), - '/var/lib/dirsrv/slapd-%s' % realm_to_serverid(api.env.realm), - '/usr/lib64/dirsrv/slapd-PKI-IPA', - '/usr/lib/dirsrv/slapd-PKI-IPA', - '/etc/dirsrv/slapd-PKI-IPA', - '/var/lib/dirsrv/slapd-PKI-IPA', + paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % realm_to_serverid(api.env.realm), + paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % realm_to_serverid(api.env.realm), + paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % realm_to_serverid(api.env.realm), + paths.VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE, + paths.USR_LIB_SLAPD_PKI_IPA_DIR, + paths.ETC_SLAPD_PKI_IPA_DIR, + paths.VAR_LIB_SLAPD_PKI_IPA_DIR_TEMPLATE, self.__find_scripts_dir('PKI-IPA'), ]: if os.path.exists(dir): self.dirs.append(dir) for file in [ - '/etc/sysconfig/dirsrv-%s' % realm_to_serverid(api.env.realm), - '/etc/sysconfig/dirsrv-PKI-IPA']: + paths.SYSCONFIG_DIRSRV_INSTANCE % realm_to_serverid(api.env.realm), + paths.SYSCONFIG_DIRSRV_PKI_IPA_DIR]: if os.path.exists(file): self.files.append(file) for log in [ - '/var/log/dirsrv/slapd-%s' % realm_to_serverid(api.env.realm),]: + paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % realm_to_serverid(api.env.realm),]: self.logs.append(log) @@ -372,7 +373,7 @@ class Backup(admintool.AdminTool): ldifname = '%s-%s.ldif' % (instance, backend) ldiffile = os.path.join( - '/var/lib/dirsrv/slapd-%s/ldif' % instance, + paths.SLAPD_INSTANCE_LDIF_DIR_TEMPLATE % instance, ldifname) if online: @@ -421,7 +422,7 @@ class Backup(admintool.AdminTool): cn = time.strftime('backup_%Y_%m_%d_%H_%M_%S') dn = DN(('cn', cn), ('cn', 'backup'), ('cn', 'tasks'), ('cn', 'config')) - bakdir = os.path.join('/var/lib/dirsrv/slapd-%s/bak/%s' % (instance, instance)) + bakdir = os.path.join(paths.SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE % (instance, instance)) if online: conn = self.get_connection() @@ -560,10 +561,10 @@ class Backup(admintool.AdminTool): does so we need to probe for it. """ if instance != 'PKI-IPA': - return os.path.join('/var/lib/dirsrv', 'scripts-%s' % instance) + return os.path.join(paths.VAR_LIB_DIRSRV, 'scripts-%s' % instance) else: if sys.maxsize > 2**32L: libpath = 'lib64' else: libpath = 'lib' - return os.path.join('/usr', libpath, 'dirsrv', 'slapd-PKI-IPA') + return os.path.join(paths.USR_DIR, libpath, 'dirsrv', 'slapd-PKI-IPA') diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py index d894b3024..e8ef2b576 100644 --- a/ipaserver/install/ipa_ldap_updater.py +++ b/ipaserver/install/ipa_ldap_updater.py @@ -30,6 +30,7 @@ import krbV from ipalib import api from ipapython import ipautil, admintool +from ipaplatform.paths import paths from ipaserver.install import installutils, dsinstance, schemaupdate from ipaserver.install.ldapupdate import LDAPUpdate, UPDATES_DIR from ipaserver.install.upgradeinstance import IPAUpgrade @@ -94,7 +95,7 @@ class LDAPUpdater(admintool.AdminTool): except RuntimeError, e: print unicode(e) sys.exit(1) - elif not os.path.exists('/etc/ipa/default.conf'): + elif not os.path.exists(paths.IPA_DEFAULT_CONF): print "IPA is not configured on this system." sys.exit(1) @@ -124,7 +125,7 @@ class LDAPUpdater(admintool.AdminTool): class LDAPUpdater_Upgrade(LDAPUpdater): - log_file_name = '/var/log/ipaupgrade.log' + log_file_name = paths.IPAUPGRADE_LOG def validate_options(self): if os.getegid() != 0: @@ -154,7 +155,7 @@ class LDAPUpdater_Upgrade(LDAPUpdater): class LDAPUpdater_NonUpgrade(LDAPUpdater): - log_file_name = '/var/log/ipaupgrade.log' + log_file_name = paths.IPAUPGRADE_LOG def validate_options(self): super(LDAPUpdater_NonUpgrade, self).validate_options() diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index e71dd22e4..81b54211f 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -34,6 +34,7 @@ from ipapython.dn import DN from ipapython import version from ipalib import api from ipalib import errors +from ipaplatform.paths import paths from ipalib.constants import CACERT @@ -60,7 +61,7 @@ class ReplicaPrepare(admintool.AdminTool): parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", default=True, help="disables pkinit setup steps") - parser.add_option("--ca", dest="ca_file", default="/root/cacert.p12", + parser.add_option("--ca", dest="ca_file", default=paths.CACERT_P12, metavar="FILE", help="location of CA PKCS#12 file, default /root/cacert.p12") @@ -358,16 +359,16 @@ class ReplicaPrepare(admintool.AdminTool): self.log.info("Copying additional files") self.copy_info_file(CACERT, "ca.crt") - preferences_filename = "/usr/share/ipa/html/preferences.html" + preferences_filename = paths.PREFERENCES_HTML if ipautil.file_exists(preferences_filename): self.copy_info_file(preferences_filename, "preferences.html") - self.copy_info_file("/usr/share/ipa/html/krb.js", "krb.js") + self.copy_info_file(paths.KRB_JS, "krb.js") self.copy_info_file( - "/usr/share/ipa/html/kerberosauth.xpi", "kerberosauth.xpi") - jar_filename = "/usr/share/ipa/html/configure.jar" + paths.KERBEROSAUTH_XPI, "kerberosauth.xpi") + jar_filename = paths.CONFIGURE_JAR if ipautil.file_exists(jar_filename): self.copy_info_file(jar_filename, "configure.jar") - cacert_filename = "/var/kerberos/krb5kdc/cacert.pem" + cacert_filename = paths.CACERT_PEM if ipautil.file_exists(cacert_filename): self.copy_info_file(cacert_filename, "cacert.pem") @@ -387,12 +388,12 @@ class ReplicaPrepare(admintool.AdminTool): config.write(fd) def package_replica_file(self): - replicafile = "/var/lib/ipa/replica-info-%s" % self.replica_fqdn + replicafile = paths.REPLICA_INFO_TEMPLATE % self.replica_fqdn encfile = "%s.gpg" % replicafile self.log.info("Packaging replica information into %s", encfile) ipautil.run( - ["/bin/tar", "cf", replicafile, "-C", self.top_dir, "realm_info"]) + [paths.TAR, "cf", replicafile, "-C", self.top_dir, "realm_info"]) ipautil.encrypt_file( replicafile, encfile, self.dirman_password, self.top_dir) @@ -546,7 +547,7 @@ class ReplicaPrepare(admintool.AdminTool): dm_pwd_fd = ipautil.write_tmp_file(self.dirman_password) keydb_pwd = '' - with open('/etc/pki/pki-tomcat/password.conf') as f: + with open(paths.PKI_TOMCAT_PASSWORD_CONF) as f: for line in f.readlines(): key, value = line.strip().split('=') if key == 'internal': @@ -556,8 +557,8 @@ class ReplicaPrepare(admintool.AdminTool): keydb_pwd_fd = ipautil.write_tmp_file(keydb_pwd) ipautil.run([ - '/usr/bin/PKCS12Export', - '-d', '/etc/pki/pki-tomcat/alias/', + paths.PKCS12EXPORT, + '-d', paths.PKI_TOMCAT_ALIAS_DIR, '-p', keydb_pwd_fd.name, '-w', dm_pwd_fd.name, '-o', ca_file diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index bf9b95a84..948d0be32 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -40,6 +40,7 @@ from ipapython import ipaldap from ipaplatform.tasks import tasks from ipaserver.install.ipa_backup import BACKUP_DIR from ipaplatform import services +from ipaplatform.paths import paths def recursive_chown(path, uid, gid): @@ -65,7 +66,7 @@ def decrypt_file(tmpdir, filename, keyring): dest = os.path.basename(dest) dest = os.path.join(tmpdir, dest) - args = ['/usr/bin/gpg', + args = [paths.GPG, '--batch', '-o', dest] @@ -88,7 +89,7 @@ def decrypt_file(tmpdir, filename, keyring): class Restore(admintool.AdminTool): command_name = 'ipa-restore' - log_file_name = '/var/log/iparestore.log' + log_file_name = paths.IPARESTORE_LOG usage = "%prog [options] backup" @@ -180,7 +181,7 @@ class Restore(admintool.AdminTool): if not options.instance: instances = [] for instance in [realm_to_serverid(api.env.realm), 'PKI-IPA']: - if os.path.exists('/var/lib/dirsrv/slapd-%s' % instance): + if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): instances.append(instance) else: instances = [options.instance] @@ -277,10 +278,10 @@ class Restore(admintool.AdminTool): # have a unified instance we need to restore both userRoot and # ipaca. for instance in instances: - if os.path.exists('/var/lib/dirsrv/slapd-%s' % instance): + if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % instance): if options.backend is None: self.ldif2db(instance, 'userRoot', online=options.online) - if os.path.exists('/var/lib/dirsrv/slapd-%s/db/ipaca' % instance): + if os.path.exists(paths.IPACA_DIRSRV_INSTANCE_DB_TEMPLATE % instance): self.ldif2db(instance, 'ipaca', online=options.online) else: self.ldif2db(instance, options.backend, online=options.online) @@ -589,13 +590,13 @@ class Restore(admintool.AdminTool): does so we need to probe for it. """ if instance != 'PKI-IPA': - return os.path.join('/var/lib/dirsrv', 'scripts-%s' % instance) + return os.path.join(paths.VAR_LIB_DIRSRV, 'scripts-%s' % instance) else: if sys.maxsize > 2**32L: libpath = 'lib64' else: libpath = 'lib' - return os.path.join('/usr', libpath, 'dirsrv', 'slapd-PKI-IPA') + return os.path.join(paths.USR_DIR, libpath, 'dirsrv', 'slapd-PKI-IPA') def __create_dogtag_log_dirs(self): """ @@ -606,16 +607,16 @@ class Restore(admintool.AdminTool): or a d10-based installation. We can tell based on whether there is a PKI-IPA 389-ds instance. """ - if os.path.exists('/etc/dirsrv/slapd-PKI-IPA'): # dogtag 9 - topdir = '/var/log/pki-ca' + if os.path.exists(paths.ETC_SLAPD_PKI_IPA_DIR): # dogtag 9 + topdir = paths.PKI_CA_LOG_DIR dirs = [topdir, '/var/log/pki-ca/signedAudit,'] else: # dogtag 10 - topdir = '/var/log/pki/pki-tomcat' + topdir = paths.TOMCAT_TOPLEVEL_DIR dirs = [topdir, - '/var/log/pki/pki-tomcat/ca', - '/var/log/pki/pki-tomcat/ca/archive', - '/var/log/pki/pki-tomcat/ca/signedAudit',] + paths.TOMCAT_CA_DIR, + paths.TOMCAT_CA_ARCHIVE_DIR, + paths.TOMCAT_SIGNEDAUDIT_DIR,] if os.path.exists(topdir): return diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index a1c7c8e91..af5d21a2a 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -24,6 +24,7 @@ import os.path import pwd import optparse +from ipaplatform.paths import paths from ipapython import admintool from ipapython.dn import DN from ipapython.ipautil import user_input, write_tmp_file @@ -132,14 +133,14 @@ class ServerCertInstall(admintool.AdminTool): def install_http_cert(self): dirname = certs.NSS_DIR - old_cert = installutils.get_directive(httpinstance.NSS_CONF, + old_cert = installutils.get_directive(paths.HTTPD_NSS_CONF, 'NSSNickname') server_cert = self.import_cert(dirname, self.options.pin, old_cert, 'HTTP/%s' % api.env.host, 'restart_httpd') - installutils.set_directive(httpinstance.NSS_CONF, + installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSNickname', server_cert) # Fix the database permissions diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index cbb54236e..81ed10581 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -45,6 +45,7 @@ import struct import certs from distutils import version from ipaplatform.tasks import tasks +from ipaplatform.paths import paths def update_key_val_in_file(filename, key, val): if os.path.exists(filename): @@ -88,7 +89,7 @@ class KrbInstance(service.Service): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) suffix = ipautil.dn_attribute_property('_suffix') subject_base = ipautil.dn_attribute_property('_subject_base') @@ -345,11 +346,11 @@ class KrbInstance(service.Service): print "Failed to initialize the realm container" def __configure_instance(self): - self.__template_file("/var/kerberos/krb5kdc/kdc.conf", chmod=None) - self.__template_file("/etc/krb5.conf") - self.__template_file("/usr/share/ipa/html/krb5.ini") - self.__template_file("/usr/share/ipa/html/krb.con") - self.__template_file("/usr/share/ipa/html/krbrealm.con") + self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None) + self.__template_file(paths.KRB5_CONF) + self.__template_file(paths.HTML_KRB5_INI) + self.__template_file(paths.KRB_CON) + self.__template_file(paths.HTML_KRBREALM_CON) MIN_KRB5KDC_WITH_WORKERS = "1.9" cpus = os.sysconf('SC_NPROCESSORS_ONLN') @@ -367,10 +368,10 @@ class KrbInstance(service.Service): appendvars = {} if workers and cpus > 1: appendvars = {'KRB5KDC_ARGS': "'-w %s'" % str(cpus)} - ipautil.backup_config_and_replace_variables(self.fstore, "/etc/sysconfig/krb5kdc", + ipautil.backup_config_and_replace_variables(self.fstore, paths.SYSCONFIG_KRB5KDC_DIR, replacevars=replacevars, appendvars=appendvars) - tasks.restore_context("/etc/sysconfig/krb5kdc") + tasks.restore_context(paths.SYSCONFIG_KRB5KDC_DIR) def __write_stash_from_ds(self): try: @@ -390,7 +391,7 @@ class KrbInstance(service.Service): format = '=hi%ss' % len(keydata) s = struct.pack(format, keytype, len(keydata), keydata) try: - fd = open("/var/kerberos/krb5kdc/.k5."+self.realm, "w") + fd = open(paths.VAR_KRB5KDC_K5_REALM+self.realm, "w") fd.write(s) fd.close() except os.error, e: @@ -406,23 +407,23 @@ class KrbInstance(service.Service): installutils.kadmin_addprinc(ldap_principal) self.move_service(ldap_principal) - self.fstore.backup_file("/etc/dirsrv/ds.keytab") - installutils.create_keytab("/etc/dirsrv/ds.keytab", ldap_principal) + self.fstore.backup_file(paths.DS_KEYTAB) + installutils.create_keytab(paths.DS_KEYTAB, ldap_principal) - update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab") + update_key_val_in_file(paths.SYSCONFIG_DIRSRV, "KRB5_KTNAME", paths.DS_KEYTAB) pent = pwd.getpwnam(dsinstance.DS_USER) - os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid) + os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid) def __create_host_keytab(self): host_principal = "host/" + self.fqdn + "@" + self.realm installutils.kadmin_addprinc(host_principal) - self.fstore.backup_file("/etc/krb5.keytab") - installutils.create_keytab("/etc/krb5.keytab", host_principal) + self.fstore.backup_file(paths.KRB5_KEYTAB) + installutils.create_keytab(paths.KRB5_KEYTAB, host_principal) # Make sure access is strictly reserved to root only for now - os.chown("/etc/krb5.keytab", 0, 0) - os.chmod("/etc/krb5.keytab", 0600) + os.chown(paths.KRB5_KEYTAB, 0, 0) + os.chmod(paths.KRB5_KEYTAB, 0600) self.move_service_to_host(host_principal) @@ -433,13 +434,13 @@ class KrbInstance(service.Service): if self.pkcs12_info: ca_db.install_pem_from_p12(self.pkcs12_info[0], self.pkcs12_info[1], - "/var/kerberos/krb5kdc/kdc.pem") + paths.KDC_PEM) else: raise RuntimeError("PKI not supported yet\n") # Finally copy the cacert in the krb directory so we don't # have any selinux issues with the file context - shutil.copyfile(CACERT, "/var/kerberos/krb5kdc/cacert.pem") + shutil.copyfile(CACERT, paths.CACERT_PEM) def __add_anonymous_pkinit_principal(self): princ = "WELLKNOWN/ANONYMOUS" @@ -472,7 +473,7 @@ class KrbInstance(service.Service): except: pass - for f in ["/var/kerberos/krb5kdc/kdc.conf", "/etc/krb5.conf"]: + for f in [paths.KRB5KDC_KDC_CONF, paths.KRB5_CONF]: try: self.fstore.restore_file(f) except ValueError, error: diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index a9167aeee..ecdf8e6e1 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -22,8 +22,6 @@ # TODO # save undo files? -UPDATES_DIR="/usr/share/ipa/updates/" - import sys import uuid import platform @@ -41,11 +39,14 @@ from ipaserver.install import installutils from ipapython import ipautil, ipaldap from ipalib import errors from ipalib import api +from ipaplatform.paths import paths from ipapython.dn import DN from ipapython.ipa_log_manager import * from ipaserver.install.plugins import PRE_UPDATE, POST_UPDATE from ipaserver.plugins import ldap2 +UPDATES_DIR=paths.UPDATES_DIR + def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None): """Create a connection for updates""" diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py index f2e8ffe36..c653525d3 100644 --- a/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py @@ -21,6 +21,7 @@ import service from ipapython import sysrestore from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.ipa_log_manager import * class NTPInstance(service.Service): @@ -30,20 +31,20 @@ class NTPInstance(service.Service): if fstore: self.fstore = fstore else: - self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + self.fstore = sysrestore.FileStore(paths.SYSRESTORE) def __write_config(self): - self.fstore.backup_file("/etc/ntp.conf") - self.fstore.backup_file("/etc/sysconfig/ntpd") + self.fstore.backup_file(paths.NTP_CONF) + self.fstore.backup_file(paths.SYSCONFIG_NTPD) # We use the OS variable to point it towards either the rhel # or fedora pools. Other distros should be added in the future # or we can get our own pool. os = "" - if ipautil.file_exists("/etc/fedora-release"): + if ipautil.file_exists(paths.ETC_FEDORA_RELEASE): os = "fedora" - elif ipautil.file_exists("/etc/redhat-release"): + elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE): os = "rhel" srv_vals = [] @@ -57,7 +58,7 @@ class NTPInstance(service.Service): file_changed = False fudge_present = False ntpconf = [] - fd = open("/etc/ntp.conf", "r") + fd = open(paths.NTP_CONF, "r") for line in fd: opt = line.split() if len(opt) < 1: @@ -85,7 +86,7 @@ class NTPInstance(service.Service): ntpconf.append(line) if file_changed or len(srv_vals) != 0 or not fudge_present: - fd = open("/etc/ntp.conf", "w") + fd = open(paths.NTP_CONF, "w") for line in ntpconf: fd.write(line) fd.write("\n### Added by IPA Installer ###\n") @@ -99,7 +100,7 @@ class NTPInstance(service.Service): #read in memory, find OPTIONS, check/change it, then overwrite file needopts = [ {'val':'-x', 'need':True}, {'val':'-g', 'need':True} ] - fd = open("/etc/sysconfig/ntpd", "r") + fd = open(paths.SYSCONFIG_NTPD, "r") lines = fd.readlines() fd.close() for line in lines: @@ -118,7 +119,7 @@ class NTPInstance(service.Service): done = False if newopts: - fd = open("/etc/sysconfig/ntpd", "w") + fd = open(paths.SYSCONFIG_NTPD, "w") for line in lines: if not done: sline = line.strip() @@ -167,7 +168,7 @@ class NTPInstance(service.Service): self.stop() try: - self.fstore.restore_file("/etc/ntp.conf") + self.fstore.restore_file(paths.NTP_CONF) except ValueError, error: root_logger.debug(error) pass diff --git a/ipaserver/install/plugins/ca_renewal_master.py b/ipaserver/install/plugins/ca_renewal_master.py index b2a7ba7cc..37b5487fe 100644 --- a/ipaserver/install/plugins/ca_renewal_master.py +++ b/ipaserver/install/plugins/ca_renewal_master.py @@ -22,6 +22,7 @@ from ipaserver.install import installutils, certs, cainstance from ipalib import errors from ipalib.plugable import Registry from ipapython import certmonger, dogtag +from ipaplatform.paths import paths from ipapython.dn import DN register = Registry() @@ -52,7 +53,7 @@ class update_ca_renewal_master(PostUpdate): return (False, False, []) criteria = ( - ('cert_storage_location', '/etc/httpd/alias', certmonger.NPATH), + ('cert_storage_location', paths.HTTPD_ALIAS_DIR, certmonger.NPATH), ('cert_nickname', 'ipaCert', None), ) request_id = certmonger.get_request_id(criteria) diff --git a/ipaserver/install/plugins/updateclient.py b/ipaserver/install/plugins/updateclient.py index a4bc79238..7566b6cd8 100644 --- a/ipaserver/install/plugins/updateclient.py +++ b/ipaserver/install/plugins/updateclient.py @@ -22,6 +22,7 @@ from ipaserver.install.ldapupdate import LDAPUpdate from ipapython.ipautil import wait_for_open_socket from ipalib import api from ipalib import backend +from ipaplatform.paths import paths from ipapython.dn import DN class updateclient(backend.Executioner): @@ -143,7 +144,7 @@ class updateclient(backend.Executioner): def restart(self, dm_password, live_run): dsrestart = DSRestart() - socket_name = '/var/run/slapd-%s.socket' % \ + socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % \ api.env.realm.replace('.','-') if live_run: self.destroy_context() diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index dd12c0d1d..2805624af 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -30,6 +30,7 @@ from ipapython.ipa_log_manager import * from ipapython import ipautil, dogtag, ipaldap from ipapython.dn import DN from ipaplatform import services +from ipaplatform.paths import paths # the default container used by AD for user entries WIN_USER_CONTAINER = DN(('cn', 'Users')) @@ -68,7 +69,7 @@ def replica_conn_check(master_host, host_name, realm, check_ca, Does not return a value, will sys.exit() on failure. """ print "Run connection check to master" - args = ["/usr/sbin/ipa-replica-conncheck", "--master", master_host, + args = [paths.IPA_REPLICA_CONNCHECK, "--master", master_host, "--auto-master-check", "--realm", realm, "--principal", "admin", "--hostname", host_name] diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6108a2b2a..9e4ea3700 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -29,6 +29,7 @@ from ipapython.dn import DN from ipapython.ipa_log_manager import * from ipalib import errors from ipaplatform import services +from ipaplatform.paths import paths # Autobind modes AUTO = 1 @@ -88,7 +89,7 @@ class Service(object): if sstore: self.sstore = sstore else: - self.sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore') + self.sstore = sysrestore.StateFile(paths.SYSRESTORE) self.realm = None self.suffix = DN() @@ -155,7 +156,7 @@ class Service(object): if 'RANDOM_PASSWORD' in sub_dict: nologlist.append(sub_dict['RANDOM_PASSWORD']) - args = ["/usr/bin/ldapmodify", "-v", "-f", path] + args = [paths.LDAPMODIFY, "-v", "-f", path] # As we always connect to the local host, # use URI of admin connection diff --git a/ipaserver/install/sysupgrade.py b/ipaserver/install/sysupgrade.py index c508d2bbd..d11d0a979 100644 --- a/ipaserver/install/sysupgrade.py +++ b/ipaserver/install/sysupgrade.py @@ -21,9 +21,10 @@ import os import os.path from ipapython import sysrestore +from ipaplatform.paths import paths from ipapython.ipa_log_manager import * -STATEFILE_DIR = '/var/lib/ipa/sysupgrade' +STATEFILE_DIR = paths.STATEFILE_DIR STATEFILE_FILE = 'sysupgrade.state' _sstore = sysrestore.StateFile(STATEFILE_DIR, STATEFILE_FILE) diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index 85c39b554..66eafa8cc 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -22,6 +22,7 @@ import sys import shutil import random import traceback +from ipaplatform.paths import paths from ipapython.ipa_log_manager import * from ipaserver.install import installutils @@ -30,7 +31,7 @@ from ipaserver.install import schemaupdate from ipaserver.install import ldapupdate from ipaserver.install import service -DSBASE = '/etc/dirsrv/slapd-' +DSBASE = paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE DSE = 'dse.ldif' class IPAUpgrade(service.Service): @@ -53,8 +54,8 @@ class IPAUpgrade(service.Service): ext += h service.Service.__init__(self, "dirsrv") serverid = dsinstance.realm_to_serverid(realm_name) - self.filename = '%s%s/%s' % (DSBASE, serverid, DSE) - self.savefilename = '%s%s/%s.ipa.%s' % (DSBASE, serverid, DSE, ext) + self.filename = '%s/%s' % (DSBASE % serverid, DSE) + self.savefilename = '%s/%s.ipa.%s' % (DSBASE % serverid, DSE, ext) self.live_run = live_run self.files = files self.modified = False diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 123c2d54a..0b95ece79 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1212,6 +1212,7 @@ from ipalib.constants import TYPE_ERROR from ipalib.util import cachedproperty from ipapython import dogtag from ipalib import _ +from ipaplatform.paths import paths class ra(rabase.rabase): """ @@ -1222,8 +1223,8 @@ class ra(rabase.rabase): self.sec_dir = api.env.dot_ipa + os.sep + 'alias' self.pwd_file = self.sec_dir + os.sep + '.pwd' else: - self.sec_dir = "/etc/httpd/alias" - self.pwd_file = "/etc/httpd/alias/pwdfile.txt" + self.sec_dir = paths.HTTPD_ALIAS_DIR + self.pwd_file = paths.ALIAS_PWDFILE_TXT self.noise_file = self.sec_dir + os.sep + '.noise' self.ipa_key_size = "2048" self.ipa_certificate_nickname = "ipaCert" diff --git a/ipaserver/plugins/rabase.py b/ipaserver/plugins/rabase.py index aa379be60..e14969970 100644 --- a/ipaserver/plugins/rabase.py +++ b/ipaserver/plugins/rabase.py @@ -35,6 +35,7 @@ from ipalib import Backend from ipalib import errors from ipaserver.install import certs import os +from ipaplatform.paths import paths class rabase(Backend): """ @@ -45,8 +46,8 @@ class rabase(Backend): self.sec_dir = api.env.dot_ipa + os.sep + 'alias' self.pwd_file = self.sec_dir + os.sep + '.pwd' else: - self.sec_dir = "/etc/httpd/alias" - self.pwd_file = "/etc/httpd/alias/pwdfile.txt" + self.sec_dir = paths.HTTPD_ALIAS_DIR + self.pwd_file = paths.ALIAS_PWDFILE_TXT super(rabase, self).__init__() diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index edce23654..ff1b7fe65 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -51,6 +51,7 @@ from ipalib.krb_utils import ( KRB5_CCache, krb_ticket_expiration_threshold, krb5_format_principal_name, krb5_format_service_principal_name) from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.version import VERSION from ipalib.text import _ @@ -977,7 +978,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): # get http service ccache as an armor for FAST to enable OTP authentication armor_principal = krb5_format_service_principal_name( 'HTTP', self.api.env.host, realm) - keytab = '/etc/httpd/conf/ipa.keytab' + keytab = paths.IPA_KEYTAB armor_name = "%sA_%s" % (krbccache_prefix, user) armor_path = os.path.join(krbccache_dir, armor_name) @@ -985,7 +986,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): armor_principal, keytab, armor_path) (stdout, stderr, returncode) = ipautil.run( - ['/usr/bin/kinit', '-kt', keytab, armor_principal], + [paths.KINIT, '-kt', keytab, armor_principal], env={'KRB5CCNAME': armor_path}, raiseonerr=False) if returncode != 0: @@ -995,7 +996,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): principal = krb5_format_principal_name(user, realm) (stdout, stderr, returncode) = ipautil.run( - ['/usr/bin/kinit', principal, '-T', armor_path], + [paths.KINIT, principal, '-T', armor_path], env={'KRB5CCNAME': ccache_name}, stdin=password, raiseonerr=False) self.debug('kinit: principal=%s returncode=%s, stderr="%s"', @@ -1003,7 +1004,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): self.debug('Cleanup the armor ccache') ipautil.run( - ['/usr/bin/kdestroy', '-A', '-c', armor_path], + [paths.KDESTROY, '-A', '-c', armor_path], env={'KRB5CCNAME': armor_path}, raiseonerr=False) diff --git a/ipatests/beakerlib_plugin.py b/ipatests/beakerlib_plugin.py index 71c1df537..1f7811a68 100644 --- a/ipatests/beakerlib_plugin.py +++ b/ipatests/beakerlib_plugin.py @@ -31,6 +31,7 @@ import nose from nose.plugins import Plugin from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.ipa_log_manager import log_mgr LINK_RE = re.compile(r'https?://[^\s]+') @@ -63,8 +64,8 @@ class BeakerLibProcess(object): # Set up the Bash process self.bash = subprocess.Popen(['bash'], stdin=subprocess.PIPE, - stdout=open('/dev/null', 'w'), - stderr=open('/dev/null', 'w')) + stdout=open(paths.DEV_NULL, 'w'), + stderr=open(paths.DEV_NULL, 'w')) source_path = os.path.join(self.env['BEAKERLIB'], 'beakerlib.sh') self.run_beakerlib_command(['.', source_path]) diff --git a/ipatests/test_cmdline/cmdline.py b/ipatests/test_cmdline/cmdline.py index 0ef0137a6..e790f022e 100644 --- a/ipatests/test_cmdline/cmdline.py +++ b/ipatests/test_cmdline/cmdline.py @@ -28,6 +28,7 @@ import os from ipalib import api from ipalib import errors +from ipaplatform.paths import paths from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test from ipaserver.plugins.ldap2 import ldap2 @@ -49,7 +50,7 @@ class cmdline_test(XMLRPC_test): Base class for all command-line tests """ # some reasonable default command - command = '/bin/ls' + command = paths.LS def setUp(self): # Find the executable in $PATH diff --git a/ipatests/test_install/test_updates.py b/ipatests/test_install/test_updates.py index c8147f244..ce932ae00 100644 --- a/ipatests/test_install/test_updates.py +++ b/ipatests/test_install/test_updates.py @@ -30,6 +30,7 @@ from ipalib import errors from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.install import installutils from ipapython import ipautil, ipaldap +from ipaplatform.paths import paths from ipapython.dn import DN """ @@ -123,7 +124,7 @@ class test_update(unittest.TestCase): for item in ('top', 'person', 'posixaccount', 'krbprincipalaux', 'inetuser'): self.assertTrue(item in objectclasses) - self.assertEqual(entry.single_value['loginshell'], '/bin/bash') + self.assertEqual(entry.single_value['loginshell'], paths.BASH) self.assertEqual(entry.single_value['sn'], 'User') self.assertEqual(entry.single_value['uid'], 'tuser') self.assertEqual(entry.single_value['cn'], 'Test User') @@ -307,7 +308,7 @@ class test_update(unittest.TestCase): for item in ('top', 'person', 'posixaccount', 'krbprincipalaux', 'inetuser'): self.assertTrue(item in objectclasses) - self.assertEqual(entry.single_value['loginshell'], '/bin/bash') + self.assertEqual(entry.single_value['loginshell'], paths.BASH) self.assertEqual(entry.single_value['sn'], 'User') self.assertEqual(entry.single_value['uid'], 'tuser') self.assertEqual(entry.single_value['cn'], 'Test User') diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index ca5b44e4f..ccb0d8693 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -30,6 +30,7 @@ import StringIO from ldif import LDIFWriter from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.dn import DN from ipapython.ipa_log_manager import log_mgr from ipatests.test_integration import util @@ -75,8 +76,8 @@ def backup_file(host, filename): def fix_etc_hosts(host): - backup_file(host, '/etc/hosts') - contents = host.get_file_contents('/etc/hosts') + backup_file(host, paths.HOSTS) + contents = host.get_file_contents(paths.HOSTS) # Remove existing mentions of the host's FQDN, short name, and IP contents = re.sub('\s%s(\s|$)' % re.escape(host.hostname), ' ', contents, flags=re.MULTILINE) @@ -87,12 +88,12 @@ def fix_etc_hosts(host): # Add the host's info again contents += '\n%s %s %s\n' % (host.ip, host.hostname, host.shortname) log.debug('Writing the following to /etc/hosts:\n%s', contents) - host.put_file_contents('/etc/hosts', contents) + host.put_file_contents(paths.HOSTS, contents) def fix_hostname(host): - backup_file(host, '/etc/hostname') - host.put_file_contents('/etc/hostname', host.hostname + '\n') + backup_file(host, paths.ETC_HOSTNAME) + host.put_file_contents(paths.ETC_HOSTNAME, host.hostname + '\n') host.run_command(['hostname', host.hostname]) backupname = os.path.join(host.config.test_dir, 'backup_hostname') @@ -100,24 +101,24 @@ def fix_hostname(host): def fix_resolv_conf(host): - backup_file(host, '/etc/resolv.conf') - lines = host.get_file_contents('/etc/resolv.conf').splitlines() + backup_file(host, paths.RESOLV_CONF) + lines = host.get_file_contents(paths.RESOLV_CONF).splitlines() lines = ['#' + l if l.startswith('nameserver') else l for l in lines] for other_host in host.domain.hosts: if other_host.role in ('master', 'replica'): lines.append('nameserver %s' % other_host.ip) contents = '\n'.join(lines) log.debug('Writing the following to /etc/resolv.conf:\n%s', contents) - host.put_file_contents('/etc/resolv.conf', contents) + host.put_file_contents(paths.RESOLV_CONF, contents) def fix_apache_semaphores(master): - systemd_available = master.transport.file_exists('/bin/systemctl') + systemd_available = master.transport.file_exists(paths.SYSTEMCTL) if systemd_available: master.run_command(['systemctl', 'stop', 'httpd'], raiseonerr=False) else: - master.run_command(['/sbin/service', 'httpd', 'stop'], raiseonerr=False) + master.run_command([paths.SBIN_SERVICE, 'httpd', 'stop'], raiseonerr=False) master.run_command('for line in `ipcs -s | grep apache | cut -d " " -f 2`; ' 'do ipcrm -s $line; done', raiseonerr=False) @@ -184,11 +185,11 @@ def enable_replication_debugging(host): def install_master(host): - host.collect_log('/var/log/ipaserver-install.log') - host.collect_log('/var/log/ipaclient-install.log') + host.collect_log(paths.IPASERVER_INSTALL_LOG) + host.collect_log(paths.IPACLIENT_INSTALL_LOG) inst = host.domain.realm.replace('.', '-') - host.collect_log('/var/log/dirsrv/slapd-%s/errors' % inst) - host.collect_log('/var/log/dirsrv/slapd-%s/access' % inst) + host.collect_log(paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst) + host.collect_log(paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst) apply_common_fixes(host) fix_apache_semaphores(host) @@ -207,8 +208,8 @@ def install_master(host): def install_replica(master, replica, setup_ca=True): - replica.collect_log('/var/log/ipareplica-install.log') - replica.collect_log('/var/log/ipareplica-conncheck.log') + replica.collect_log(paths.IPAREPLICA_INSTALL_LOG) + replica.collect_log(paths.IPAREPLICA_CONNCHECK_LOG) apply_common_fixes(replica) fix_apache_semaphores(replica) @@ -218,7 +219,7 @@ def install_replica(master, replica, setup_ca=True): '--ip-address', replica.ip, replica.hostname]) replica_bundle = master.get_file_contents( - '/var/lib/ipa/replica-info-%s.gpg' % replica.hostname) + paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname) replica_filename = os.path.join(replica.config.test_dir, 'replica-info.gpg') replica.put_file_contents(replica_filename, replica_bundle) @@ -239,7 +240,7 @@ def install_replica(master, replica, setup_ca=True): def install_client(master, client, extra_args=()): - client.collect_log('/var/log/ipaclient-install.log') + client.collect_log(paths.IPACLIENT_INSTALL_LOG) apply_common_fixes(client) @@ -262,11 +263,11 @@ def install_adtrust(host): """ # ipa-adtrust-install appends to ipaserver-install.log - host.collect_log('/var/log/ipaserver-install.log') + host.collect_log(paths.IPASERVER_INSTALL_LOG) inst = host.domain.realm.replace('.', '-') - host.collect_log('/var/log/dirsrv/slapd-%s/errors' % inst) - host.collect_log('/var/log/dirsrv/slapd-%s/access' % inst) + host.collect_log(paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst) + host.collect_log(paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst) kinit_admin(host) host.run_command(['ipa-adtrust-install', '-U', @@ -354,7 +355,7 @@ def establish_trust_with_ad(master, ad, extra_args=()): """ # Force KDC to reload MS-PAC info by trying to get TGT for HTTP - master.run_command(['kinit', '-kt', '/etc/httpd/conf/ipa.keytab', + master.run_command(['kinit', '-kt', paths.IPA_KEYTAB, 'HTTP/%s' % master.hostname]) master.run_command(['systemctl', 'restart', 'krb5kdc.service']) master.run_command(['kdestroy', '-A']) @@ -397,7 +398,7 @@ def configure_auth_to_local_rule(master, ad): % (ad.domain.realm, ad.domain.realm, ad.domain.name)) line2 = " auth_to_local = DEFAULT" - krb5_conf_content = master.get_file_contents('/etc/krb5.conf') + krb5_conf_content = master.get_file_contents(paths.KRB5_CONF) krb5_lines = [line.rstrip() for line in krb5_conf_content.split('\n')] realm_section_index = krb5_lines.index(section_identifier) @@ -405,7 +406,7 @@ def configure_auth_to_local_rule(master, ad): krb5_lines.insert(realm_section_index + 2, line2) krb5_conf_new_content = '\n'.join(krb5_lines) - master.put_file_contents('/etc/krb5.conf', krb5_conf_new_content) + master.put_file_contents(paths.KRB5_CONF, krb5_conf_new_content) master.run_command(['systemctl', 'restart', 'sssd']) @@ -419,13 +420,13 @@ def setup_sssd_debugging(host): # First, remove any previous occurences host.run_command(['sed', '-i', '/debug_level = 7/d', - '/etc/sssd/sssd.conf' + paths.SSSD_CONF ], raiseonerr=False) # Add the debug directive to each section host.run_command(['sed', '-i', '/\[*\]/ a\debug_level = 7', - '/etc/sssd/sssd.conf' + paths.SSSD_CONF ], raiseonerr=False) @@ -440,22 +441,22 @@ def clear_sssd_cache(host): Clears SSSD cache by removing the cache files. Restarts SSSD. """ - systemd_available = host.transport.file_exists('/bin/systemctl') + systemd_available = host.transport.file_exists(paths.SYSTEMCTL) if systemd_available: host.run_command(['systemctl', 'stop', 'sssd']) else: - host.run_command(['/sbin/service', 'sssd', 'stop']) + host.run_command([paths.SBIN_SERVICE, 'sssd', 'stop']) host.run_command("find /var/lib/sss/db -name '*.ldb' | " "xargs rm -fv") - host.run_command(['rm', '-fv', '/var/lib/sss/mc/group']) - host.run_command(['rm', '-fv', '/var/lib/sss/mc/passwd']) + host.run_command(['rm', '-fv', paths.SSSD_MC_GROUP]) + host.run_command(['rm', '-fv', paths.SSSD_MC_PASSWD]) if systemd_available: host.run_command(['systemctl', 'start', 'sssd']) else: - host.run_command(['/sbin/service', 'sssd', 'start']) + host.run_command([paths.SBIN_SERVICE, 'sssd', 'start']) # To avoid false negatives due to SSSD not responding yet time.sleep(10) @@ -487,24 +488,24 @@ def kinit_admin(host): def uninstall_master(host): - host.collect_log('/var/log/ipaserver-uninstall.log') + host.collect_log(paths.IPASERVER_UNINSTALL_LOG) host.run_command(['ipa-server-install', '--uninstall', '-U'], raiseonerr=False) host.run_command(['pkidestroy', '-s', 'CA', '-i', 'pki-tomcat'], raiseonerr=False) host.run_command(['rm', '-rf', - '/var/log/pki/pki-tomcat', - '/etc/sysconfig/pki-tomcat', - '/etc/sysconfig/pki/tomcat/pki-tomcat', - '/var/lib/pki/pki-tomcat', - '/etc/pki/pki-tomcat'], + paths.TOMCAT_TOPLEVEL_DIR, + paths.SYSCONFIG_PKI_TOMCAT, + paths.SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR, + paths.VAR_LIB_PKI_TOMCAT_DIR, + paths.PKI_TOMCAT], raiseonerr=False) unapply_fixes(host) def uninstall_client(host): - host.collect_log('/var/log/ipaclient-uninstall.log') + host.collect_log(paths.IPACLIENT_UNINSTALL_LOG) host.run_command(['ipa-client-install', '--uninstall', '-U'], raiseonerr=False) diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py index d20a8511c..d5382988b 100644 --- a/ipatests/test_integration/test_caless.py +++ b/ipatests/test_integration/test_caless.py @@ -27,6 +27,7 @@ import nose from ipalib import x509 from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.dn import DN from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration import tasks @@ -113,7 +114,7 @@ class CALessBase(IntegrationTest): # Remove CA cert in /etc/pki/nssdb, in case of failed (un)install for host in cls.get_all_hosts(): - cls.master.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D', + cls.master.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D', '-n', 'External CA cert'], raiseonerr=False) @@ -145,11 +146,11 @@ class CALessBase(IntegrationTest): for filename in set(files_to_copy): cls.copy_cert(host, filename) - cls.collect_log(host, '/var/log/ipaserver-install.log') - cls.collect_log(host, '/var/log/ipaclient-install.log') + cls.collect_log(host, paths.IPASERVER_INSTALL_LOG) + cls.collect_log(host, paths.IPACLIENT_INSTALL_LOG) inst = host.domain.realm.replace('.', '-') - cls.collect_log(host, '/var/log/dirsrv/slapd-%s/errors' % inst) - cls.collect_log(host, '/var/log/dirsrv/slapd-%s/access' % inst) + cls.collect_log(host, paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst) + cls.collect_log(host, paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst) args = [ 'ipa-server-install', @@ -216,11 +217,11 @@ class CALessBase(IntegrationTest): os.path.join(self.cert_dir, filename), os.path.join(master.config.test_dir, filename)) - self.collect_log(replica, '/var/log/ipareplica-install.log') - self.collect_log(replica, '/var/log/ipaclient-install.log') + self.collect_log(replica, paths.IPAREPLICA_INSTALL_LOG) + self.collect_log(replica, paths.IPACLIENT_INSTALL_LOG) inst = replica.domain.realm.replace('.', '-') - self.collect_log(replica, '/var/log/dirsrv/slapd-%s/errors' % inst) - self.collect_log(replica, '/var/log/dirsrv/slapd-%s/access' % inst) + self.collect_log(replica, paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst) + self.collect_log(replica, paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst) args = [ 'ipa-replica-prepare', @@ -244,7 +245,7 @@ class CALessBase(IntegrationTest): if result.returncode == 0: replica_bundle = master.get_file_contents( - '/var/lib/ipa/replica-info-%s.gpg' % replica.hostname) + paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname) replica.put_file_contents(self.get_replica_filename(replica), replica_bundle) else: @@ -327,7 +328,7 @@ class CALessBase(IntegrationTest): for host in self.get_all_hosts(): # Check the cert PEM file - remote_cacrt = host.get_file_contents('/etc/ipa/ca.crt') + remote_cacrt = host.get_file_contents(paths.IPA_CA_CRT) self.log.debug('%s:/etc/ipa/ca.crt contents:\n%s', host, remote_cacrt) binary_cacrt = base64.b64decode(x509.strip_header(remote_cacrt)) @@ -344,7 +345,7 @@ class TestServerInstall(CALessBase): # Remove CA cert in /etc/pki/nssdb, in case of failed (un)install for host in self.get_all_hosts(): - self.master.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D', + self.master.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D', '-n', 'External CA cert'], raiseonerr=False) @@ -768,11 +769,11 @@ class TestReplicaInstall(CALessBase): self.master.run_command(['ipa', 'host-del', replica.hostname], raiseonerr=False) - replica.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D', + replica.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D', '-n', 'External CA cert'], raiseonerr=False) self.uninstall_server() - self.master.run_command(['certutil', '-d', '/etc/pki/nssdb', '-D', + self.master.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D', '-n', 'External CA cert'], raiseonerr=False) def test_no_certs(self): diff --git a/ipatests/test_integration/test_forced_client_reenrollment.py b/ipatests/test_integration/test_forced_client_reenrollment.py index cece522f8..ded1a2397 100644 --- a/ipatests/test_integration/test_forced_client_reenrollment.py +++ b/ipatests/test_integration/test_forced_client_reenrollment.py @@ -18,11 +18,12 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import os import subprocess +from ipaplatform.paths import paths from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration import tasks -CLIENT_KEYTAB = '/etc/krb5.keytab' +CLIENT_KEYTAB = paths.KRB5_KEYTAB class TestForcedClientReenrollment(IntegrationTest): @@ -274,9 +275,9 @@ class TestForcedClientReenrollment(IntegrationTest): """ Put server's ip address at the top of resolv.conf """ - contents = client.get_file_contents('/etc/resolv.conf') + contents = client.get_file_contents(paths.RESOLV_CONF) nameserver = 'nameserver %s\n' % server.ip if not contents.startswith(nameserver): contents = nameserver + contents.replace(nameserver, '') - client.put_file_contents('/etc/resolv.conf', contents) + client.put_file_contents(paths.RESOLV_CONF, contents) diff --git a/ipatests/test_integration/test_legacy_clients.py b/ipatests/test_integration/test_legacy_clients.py index b7fbd0165..513664e50 100644 --- a/ipatests/test_integration/test_legacy_clients.py +++ b/ipatests/test_integration/test_legacy_clients.py @@ -21,6 +21,7 @@ import os import re import nose +from ipaplatform.paths import paths from ipatests.test_integration import tasks @@ -40,7 +41,7 @@ class BaseTestLegacyClient(object): '/etc/openldap/cacerts', '/etc/openldap/ldap.conf', '/etc/nsswitch.conf', - '/etc/sssd/sssd.conf'] + paths.SSSD_CONF] # Actual test classes need to override these attributes to set the expected # values on the UID and GID results, since this varies with the usage of the @@ -88,7 +89,7 @@ class BaseTestLegacyClient(object): advice_path]) # Restart SSHD to load new PAM configuration - self.legacy_client.run_command(['/sbin/service', 'sshd', 'restart']) + self.legacy_client.run_command([paths.SBIN_SERVICE, 'sshd', 'restart']) def clear_sssd_caches(self): tasks.clear_sssd_cache(self.master) diff --git a/ipatests/test_ipalib/test_config.py b/ipatests/test_ipalib/test_config.py index e04dd9530..b4d71e558 100644 --- a/ipatests/test_ipalib/test_config.py +++ b/ipatests/test_ipalib/test_config.py @@ -32,6 +32,7 @@ from ipatests.util import TempDir, TempHome from ipalib.constants import TYPE_ERROR, OVERRIDE_ERROR, SET_ERROR, DEL_ERROR from ipalib.constants import NAME_REGEX, NAME_ERROR from ipalib import config, constants, base +from ipaplatform.paths import paths # Valid environment variables in (key, raw, value) tuples: @@ -448,8 +449,8 @@ class test_Env(ClassChecker): assert o.dot_ipa == home.join('.ipa') assert o.in_tree is False assert o.context == 'default' - assert o.confdir == '/etc/ipa' - assert o.conf == '/etc/ipa/default.conf' + assert o.confdir == paths.ETC_IPA + assert o.conf == paths.IPA_DEFAULT_CONF assert o.conf_default == o.conf # Test overriding values created by _bootstrap() @@ -461,11 +462,11 @@ class test_Env(ClassChecker): assert o.in_tree is False assert o.context == 'default' assert o.conf == '/my/wacky/whatever.conf' - assert o.conf_default == '/etc/ipa/default.conf' + assert o.conf_default == paths.IPA_DEFAULT_CONF (o, home) = self.bootstrap(conf_default='/my/wacky/default.conf') assert o.in_tree is False assert o.context == 'default' - assert o.conf == '/etc/ipa/default.conf' + assert o.conf == paths.IPA_DEFAULT_CONF assert o.conf_default == '/my/wacky/default.conf' # Test various overrides and types conversion diff --git a/ipatests/test_ipalib/test_errors.py b/ipatests/test_ipalib/test_errors.py index 258af3b3f..dcff72191 100644 --- a/ipatests/test_ipalib/test_errors.py +++ b/ipatests/test_ipalib/test_errors.py @@ -26,6 +26,7 @@ import inspect from ipatests.util import assert_equal, raises from ipalib import errors, text +from ipaplatform.paths import paths from ipalib.constants import TYPE_ERROR @@ -102,9 +103,9 @@ class test_SubprocessError(PrivateExceptionTester): """ Test the `ipalib.errors.SubprocessError.__init__` method. """ - inst = self.new(returncode=1, argv=('/bin/false',)) + inst = self.new(returncode=1, argv=(paths.BIN_FALSE,)) assert inst.returncode == 1 - assert inst.argv == ('/bin/false',) + assert inst.argv == (paths.BIN_FALSE,) assert str(inst) == "return code 1 from ('/bin/false',)" assert inst.message == str(inst) diff --git a/ipatests/test_ipalib/test_plugable.py b/ipatests/test_ipalib/test_plugable.py index c495e74dc..73b263a90 100644 --- a/ipatests/test_ipalib/test_plugable.py +++ b/ipatests/test_ipalib/test_plugable.py @@ -26,6 +26,7 @@ from ipatests.util import raises, no_set, no_del, read_only from ipatests.util import getitem, setitem, delitem from ipatests.util import ClassChecker, create_test_api from ipalib import plugable, errors, text +from ipaplatform.paths import paths class test_SetProxy(ClassChecker): @@ -277,10 +278,10 @@ class test_Plugin(ClassChecker): Test the `ipalib.plugable.Plugin.call` method. """ o = self.cls() - o.call('/bin/true') is None - e = raises(errors.SubprocessError, o.call, '/bin/false') + o.call(paths.BIN_TRUE) is None + e = raises(errors.SubprocessError, o.call, paths.BIN_FALSE) assert e.returncode == 1 - assert e.argv == ('/bin/false',) + assert e.argv == (paths.BIN_FALSE,) def test_Registrar(): diff --git a/ipatests/test_ipaserver/test_ldap.py b/ipatests/test_ipaserver/test_ldap.py index 7168a69b0..46182dbea 100644 --- a/ipatests/test_ipaserver/test_ldap.py +++ b/ipatests/test_ipaserver/test_ldap.py @@ -36,6 +36,7 @@ from ipalib.plugins.service import service, service_show from ipalib.plugins.host import host from ipalib import api, x509, create_api, errors from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.dn import DN class test_ldap(object): @@ -46,7 +47,7 @@ class test_ldap(object): def setUp(self): self.conn = None self.ldapuri = 'ldap://%s' % ipautil.format_netloc(api.env.host) - self.ccache = '/tmp/krb5cc_%d' % os.getuid() + self.ccache = paths.TMP_KRB5CC % os.getuid() nss.nss_init_nodb() self.dn = DN(('krbprincipalname','ldap/%s@%s' % (api.env.host, api.env.realm)), ('cn','services'),('cn','accounts'),api.env.basedn) diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py index 13ee972d3..3f40efd5a 100644 --- a/ipatests/test_webui/ui_driver.py +++ b/ipatests/test_webui/ui_driver.py @@ -53,6 +53,7 @@ try: except ImportError: NO_YAML = True from urllib2 import URLError +from ipaplatform.paths import paths ENV_MAP = { 'MASTER': 'ipa_server', @@ -186,7 +187,7 @@ class UI_driver(object): if browser == 'chromium': options = ChromeOptions() - options.binary_location = '/usr/bin/chromium-browser' + options.binary_location = paths.CHROMIUM_BROWSER if driver_type == 'remote': if not 'host' in self.config: diff --git a/ipatests/test_xmlrpc/test_automount_plugin.py b/ipatests/test_xmlrpc/test_automount_plugin.py index bd55c8583..759fa8dcc 100644 --- a/ipatests/test_xmlrpc/test_automount_plugin.py +++ b/ipatests/test_xmlrpc/test_automount_plugin.py @@ -32,6 +32,7 @@ from ipapython.dn import DN from nose.tools import raises, assert_raises # pylint: disable=E0611 from xmlrpc_test import XMLRPC_test, assert_attr_equal +from ipaplatform.paths import paths from ipatests.util import assert_deepequal diff --git a/ipatests/test_xmlrpc/test_cert_plugin.py b/ipatests/test_xmlrpc/test_cert_plugin.py index 508e9141a..af9994430 100644 --- a/ipatests/test_xmlrpc/test_cert_plugin.py +++ b/ipatests/test_xmlrpc/test_cert_plugin.py @@ -33,6 +33,7 @@ import tempfile from ipapython import ipautil import nose import base64 +from ipaplatform.paths import paths from ipapython.dn import DN # So we can save the cert from issuance and compare it later @@ -78,7 +79,7 @@ class test_cert(XMLRPC_test): is_db_configured() def run_certutil(self, args, stdin=None): - new_args = ["/usr/bin/certutil", "-d", self.reqdir] + new_args = [paths.CERTUTIL, "-d", self.reqdir] new_args = new_args + args return ipautil.run(new_args, stdin) @@ -105,7 +106,7 @@ class test_cert(XMLRPC_test): def generateCSR(self, subject): self.run_certutil(["-R", "-s", subject, "-o", self.reqfile, - "-z", "/etc/group", + "-z", paths.GROUP, "-f", self.pwname, "-a", ]) diff --git a/ipatests/test_xmlrpc/testcert.py b/ipatests/test_xmlrpc/testcert.py index ead6ee7f5..77179fc78 100644 --- a/ipatests/test_xmlrpc/testcert.py +++ b/ipatests/test_xmlrpc/testcert.py @@ -31,6 +31,7 @@ import shutil from ipalib import api, x509 from ipaserver.plugins import rabase from ipapython import ipautil +from ipaplatform.paths import paths from ipapython.dn import DN _testcert = None @@ -52,7 +53,7 @@ def run_certutil(reqdir, args, stdin=None): """ Run an NSS certutil command """ - new_args = ["/usr/bin/certutil", "-d", reqdir] + new_args = [paths.CERTUTIL, "-d", reqdir] new_args = new_args + args return ipautil.run(new_args, stdin) @@ -64,7 +65,7 @@ def generate_csr(reqdir, pwname, subject): req_path = os.path.join(reqdir, 'req') run_certutil(reqdir, ["-R", "-s", subject, "-o", req_path, - "-z", "/etc/group", + "-z", paths.GROUP, "-f", pwname, "-a"]) with open(req_path, "r") as fp: diff --git a/smartproxy/ipa-smartproxy.py b/smartproxy/ipa-smartproxy.py index 8cc704cf9..1e5418636 100644 --- a/smartproxy/ipa-smartproxy.py +++ b/smartproxy/ipa-smartproxy.py @@ -28,6 +28,7 @@ import traceback as tb_internal from cherrypy import response from ipalib import api from ipalib import errors +from ipaplatform.paths import paths from ipalib.request import context from ipalib.rpc import json_encode_binary from ipapython.version import VERSION, API_VERSION @@ -391,8 +392,8 @@ wsgi_config = {'environment': 'embedded', 'engine.autoreload_on': False } -api.bootstrap(context='ipasmartproxy', log='/dev/null') +api.bootstrap(context='ipasmartproxy', log=paths.DEV_NULL) api.finalize() cherrypy.config.update(wsgi_config) -start(['/etc/ipa/ipa-smartproxy.conf']) +start([paths.IPA_SMARTPROXY_CONF]) |