3 files changed, 40 insertions, 0 deletions

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 4aa55d870..585a5d26e 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -127,6 +127,8 @@ class BasePathNamespace(object):
     SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat"
     SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat"
     ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
+    SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/httpd.d/"
+    SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/httpd.d/ipa.conf"
     SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
     SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
     SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
@@ -197,6 +199,7 @@ class BasePathNamespace(object):
     GENERATE_RNDC_KEY = "/usr/libexec/generate-rndc-key.sh"
     IPA_DNSKEYSYNCD_REPLICA = "/usr/libexec/ipa/ipa-dnskeysync-replica"
     IPA_DNSKEYSYNCD = "/usr/libexec/ipa/ipa-dnskeysyncd"
+    IPA_HTTPD_KDCPROXY = "/usr/libexec/ipa/ipa-httpd-kdcproxy"
     IPA_ODS_EXPORTER = "/usr/libexec/ipa/ipa-ods-exporter"
     DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel-pkcs11"
     GETSEBOOL = "/usr/sbin/getsebool"
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 573287c6b..f5fb2b155 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -236,3 +236,11 @@ class BaseTaskNamespace(object):
         :return: object implementing proper __cmp__ method for version compare
         """
         return parse_version(version)
+
+    def configure_httpd_service_ipa_conf(self):
+        """Configure httpd service to work with IPA"""
+        raise NotImplementedError()
+
+    def remove_httpd_service_ipa_conf(self):
+        """Remove configuration of httpd service of IPA"""
+        raise NotImplementedError()
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 7c29b51e1..4be9a146e 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -460,5 +460,34 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         """
         return IPAVersion(version)
 
+    def configure_httpd_service_ipa_conf(self):
+        """Create systemd config for httpd service to work with IPA
+        """
+        if not os.path.exists(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR):
+            os.mkdir(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR, 0o755)
+
+        ipautil.copy_template_file(
+            os.path.join(ipautil.SHARE_DIR, 'ipa-httpd.conf.template'),
+            paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF,
+            dict(
+                KRB5CC_HTTPD=paths.KRB5CC_HTTPD,
+                KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG,
+                IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY,
+                POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY)
+            )
+        )
+
+        os.chmod(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, 0o644)
+        self.restore_context(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
+
+    def remove_httpd_service_ipa_conf(self):
+        """Remove systemd config for httpd service of IPA"""
+        try:
+            os.unlink(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
+        except OSError as e:
+            root_logger.error(
+                'Error removing %s: %s',
+                paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, e
+            )
 
 tasks = RedHatTaskNamespace()