Manage ipa-otpd.socket by IPA

Adds a new simple service called OtpdInstance, that manages
ipa-otpd.socket service. Added to server/replica installer
and ipa-upgradeconfig script.

https://fedorahosted.org/freeipa/ticket/3680

3 files changed, 33 insertions, 14 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 04cad42f6..209ca850f 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -35,6 +35,7 @@ from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import (HostnameLocalhost, resolve_host,
         ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name,
@@ -667,6 +668,11 @@ def main():
 
     krb = install_krb(config, setup_pkinit=options.setup_pkinit)
     http = install_http(config, auto_redirect=options.ui_redirect)
+
+    otpd = otpdinstance.OtpdInstance()
+    otpd.create_instance('OTPD', config.host_name, config.dirman_password,
+                         ipautil.realm_to_suffix(config.realm_name))
+
     if CA:
         CA.configure_certmonger_renewal()
         CA.import_ra_cert(dir + "/ra.p12")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 3e18c8e00..b90613295 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -49,6 +49,7 @@ from ipaserver.install import ntpinstance
 from ipaserver.install import certs
 from ipaserver.install import cainstance
 from ipaserver.install import memcacheinstance
+from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade
 
 from ipaserver.install import service, installutils
@@ -513,6 +514,7 @@ def uninstall():
     krbinstance.KrbInstance(fstore).uninstall()
     dsinstance.DsInstance(fstore=fstore).uninstall()
     memcacheinstance.MemcacheInstance().uninstall()
+    otpdinstance.OtpdInstance().uninstall()
     ipaservices.restore_network_configuration(fstore, sstore)
     fstore.restore_all_files()
     try:
@@ -1092,11 +1094,15 @@ def main():
     # generated
     ds.add_cert_to_service()
 
-    # Create a HTTP instance
-
     memcache = memcacheinstance.MemcacheInstance()
-    memcache.create_instance('MEMCACHE', host_name, dm_password, ipautil.realm_to_suffix(realm_name))
+    memcache.create_instance('MEMCACHE', host_name, dm_password,
+                             ipautil.realm_to_suffix(realm_name))
 
+    otpd = otpdinstance.OtpdInstance()
+    otpd.create_instance('OTPD', host_name, dm_password,
+                         ipautil.realm_to_suffix(realm_name))
+
+    # Create a HTTP instance
     http = httpinstance.HTTPInstance(fstore)
     if options.http_pkcs12:
         http.create_instance(
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 8e9357f20..4e9216964 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -48,6 +48,7 @@ from ipaserver.install import bindinstance
 from ipaserver.install import service
 from ipaserver.install import cainstance
 from ipaserver.install import certs
+from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade
 
 
@@ -925,17 +926,23 @@ def main():
 
     uninstall_selfsign(ds, http)
 
-    memcache = memcacheinstance.MemcacheInstance()
-    memcache.ldapi = True
-    memcache.realm = api.env.realm
-    try:
-        if not memcache.is_configured():
-            # 389-ds needs to be running to create the memcache instance
-            # because we record the new service in cn=masters.
-            ds.start()
-            memcache.create_instance('MEMCACHE', fqdn, None, ipautil.realm_to_suffix(api.env.realm))
-    except ipalib.errors.DuplicateEntry:
-        pass
+    simple_service_list = (
+        (memcacheinstance.MemcacheInstance(), 'MEMCACHE'),
+        (otpdinstance.OtpdInstance(), 'OTPD'),
+    )
+
+    for service, ldap_name in simple_service_list:
+        service.ldapi = True
+        try:
+            if not service.is_configured():
+                # 389-ds needs to be running to create the memcache instance
+                # because we record the new service in cn=masters.
+                ds.start()
+                service.create_instance(ldap_name, fqdn, None,
+                                        ipautil.realm_to_suffix(api.env.realm),
+                                        realm=api.env.realm)
+        except ipalib.errors.DuplicateEntry:
+            pass
 
     cleanup_kdc(fstore)
     setup_firefox_extension(fstore)