diff options
Diffstat (limited to 'ipaplatform')
-rw-r--r-- | ipaplatform/base/constants.py | 1 | ||||
-rw-r--r-- | ipaplatform/base/paths.py | 6 | ||||
-rw-r--r-- | ipaplatform/base/services.py | 2 | ||||
-rw-r--r-- | ipaplatform/redhat/services.py | 1 | ||||
-rw-r--r-- | ipaplatform/redhat/tasks.py | 15 |
5 files changed, 21 insertions, 4 deletions
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py index 3e1c4c6f7..3984147b6 100644 --- a/ipaplatform/base/constants.py +++ b/ipaplatform/base/constants.py @@ -11,6 +11,7 @@ class BaseConstantsNamespace(object): DS_USER = 'dirsrv' DS_GROUP = 'dirsrv' HTTPD_USER = "apache" + GSSPROXY_USER = "root" IPA_DNS_PACKAGE_NAME = "freeipa-server-dns" KDCPROXY_USER = "kdcproxy" NAMED_USER = "named" diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 374a1987b..28db7f1fc 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -49,7 +49,8 @@ class BasePathNamespace(object): HTTPD_IPA_CONF = "/etc/httpd/conf.d/ipa.conf" HTTPD_NSS_CONF = "/etc/httpd/conf.d/nss.conf" HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf" - IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab" + OLD_IPA_KEYTAB = "/etc/httpd/conf/ipa.keytab" + HTTP_KEYTAB = "/var/lib/ipa/gssproxy/http.keytab" ANON_KEYTAB = "/var/lib/ipa/api/anon.keytab" HTTPD_PASSWORD_CONF = "/etc/httpd/conf/password.conf" IDMAPD_CONF = "/etc/idmapd.conf" @@ -328,7 +329,7 @@ class BasePathNamespace(object): IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache" VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv" IPA_CCACHES = "/var/run/ipa/ccaches" - KRB5CC_HTTPD = "/var/run/ipa/ccaches/http.ccache" + HTTP_CCACHE = "/var/lib/ipa/gssproxy/http.ccache" IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock" SVC_LIST_FILE = "/var/run/ipa/services.list" KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba" @@ -349,5 +350,6 @@ class BasePathNamespace(object): IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log' IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab' EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d' + GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf' path_namespace = BasePathNamespace diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py index 9c9a5ae78..8149ff1ef 100644 --- a/ipaplatform/base/services.py +++ b/ipaplatform/base/services.py @@ -42,7 +42,7 @@ wellknownservices = ['certmonger', 'dirsrv', 'httpd', 'ipa', 'krb5kdc', 'messagebus', 'nslcd', 'nscd', 'ntpd', 'portmap', 'rpcbind', 'kadmin', 'sshd', 'autofs', 'rpcgssd', 'rpcidmapd', 'pki_tomcatd', 'chronyd', 'domainname', - 'named', 'ods_enforcerd', 'ods_signerd'] + 'named', 'ods_enforcerd', 'ods_signerd', 'gssproxy'] # The common ports for these services. This is used to wait for the # service to become available. diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index cc5d67477..5d8e1ecaa 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -68,6 +68,7 @@ redhat_system_units['ods-enforcerd'] = 'ods-enforcerd.service' redhat_system_units['ods_enforcerd'] = redhat_system_units['ods-enforcerd'] redhat_system_units['ods-signerd'] = 'ods-signerd.service' redhat_system_units['ods_signerd'] = redhat_system_units['ods-signerd'] +redhat_system_units['gssproxy'] = 'gssproxy.service' # Service classes that implement Red Hat OS family-specific behaviour diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 1191acd07..c9b1c49aa 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -451,7 +451,6 @@ class RedHatTaskNamespace(BaseTaskNamespace): os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa-httpd.conf.template'), paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, dict( - KRB5CC_HTTPD=paths.KRB5CC_HTTPD, KDCPROXY_CONFIG=paths.KDCPROXY_CONFIG, IPA_HTTPD_KDCPROXY=paths.IPA_HTTPD_KDCPROXY, POST='-{kdestroy} -A'.format(kdestroy=paths.KDESTROY) @@ -461,6 +460,20 @@ class RedHatTaskNamespace(BaseTaskNamespace): os.chmod(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, 0o644) self.restore_context(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF) + def configure_http_gssproxy_conf(self): + ipautil.copy_template_file( + os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'), + paths.GSSPROXY_CONF, + dict( + HTTP_KEYTAB=paths.HTTP_KEYTAB, + HTTP_CCACHE=paths.HTTP_CCACHE, + HTTPD_USER=constants.HTTPD_USER + ) + ) + + os.chmod(paths.GSSPROXY_CONF, 0o600) + self.restore_context(paths.GSSPROXY_CONF) + def remove_httpd_service_ipa_conf(self): """Remove systemd config for httpd service of IPA""" try: |