Generate tmpfiles config at install time

We do not want to generate runtime directories just because the packages
are installed, but only if the server is actually setup and run. Also this
will be needed later because we will create a user at install time and some
tmpfiles will need to be owned by this user.
As we are changing this code also rationalize the directory structure and
move it from the http rundir to the ipa specific rundir.

https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>

3 files changed, 33 insertions, 2 deletions

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 44108e52a..d62ffa224 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -130,6 +130,7 @@ class BasePathNamespace(object):
     SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
     SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
     ETC_TMPFILESD_DIRSRV = "/etc/tmpfiles.d/dirsrv-%s.conf"
+    ETC_TMPFILESD_IPA = "/etc/tmpfiles.d/ipa.conf"
     DNSSEC_TRUSTED_KEY = "/etc/trusted-key.key"
     HOME_DIR = "/home"
     PROC_FIPS_ENABLED = "/proc/sys/crypto/fips_enabled"
@@ -325,10 +326,10 @@ class BasePathNamespace(object):
     OPENDNSSEC_KASP_DB = "/var/opendnssec/kasp.db"
     IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache"
     VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
-    KRB5CC_HTTPD = "/var/run/httpd/ipa/krbcache/krb5ccache"
+    IPA_CCACHES = "/var/run/ipa/ccaches"
+    KRB5CC_HTTPD = "/var/run/ipa/ccaches/http.ccache"
     IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
     SVC_LIST_FILE = "/var/run/ipa/services.list"
-    IPA_HTTPD_DIR = "/var/run/httpd"
     KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
     SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
     ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 8cf6fded1..49b87613f 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -243,6 +243,14 @@ class BaseTaskNamespace(object):
         """
         raise NotImplementedError()
 
+    def configure_tmpfiles(self):
+        """Configure tmpfiles to be created at boot"""
+        raise NotImplementedError()
+
+    def create_tmpfiles_dirs(self):
+        """Create run dirs for the install phase"""
+        raise NotImplementedError()
+
     def configure_httpd_service_ipa_conf(self):
         """Configure httpd service to work with IPA"""
         raise NotImplementedError()
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 9dd71b453..1191acd07 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -26,6 +26,8 @@ system tasks.
 from __future__ import print_function
 
 import os
+import pwd
+import shutil
 import socket
 import base64
 import traceback
@@ -497,4 +499,24 @@ class RedHatTaskNamespace(BaseTaskNamespace):
             pass
         return False
 
+    def _create_tmpfiles_dir(self, name, mode, uid, gid):
+        if not os.path.exists(name):
+            os.mkdir(name)
+        os.chmod(name, mode)
+        os.chown(name, uid, gid)
+
+    def create_tmpfiles_dirs(self):
+        parent = os.path.dirname(paths.IPA_CCACHES)
+        pent = pwd.getpwnam(constants.HTTPD_USER)
+        self._create_tmpfiles_dir(parent, 0o711, 0, 0)
+        self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770,
+                                  pent.pw_uid, pent.pw_gid)
+
+    def configure_tmpfiles(self):
+        shutil.copy(
+            os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa.conf.tmpfiles'),
+            paths.ETC_TMPFILESD_IPA
+        )
+
+
 tasks = RedHatTaskNamespace()