From 3b4ab8b4f224db67613544923a608c51ad476748 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Mon, 9 Jun 2014 13:45:48 +0200 Subject: ipaplatform: Move hardcoded paths from Fedora platform files to path namespace Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin --- ipaplatform/base/paths.py | 7 +++++++ ipaplatform/base/services.py | 30 ++++++++++++++---------------- ipaplatform/fedora/services.py | 15 +++++++-------- ipaplatform/fedora/tasks.py | 16 ++++++++-------- 4 files changed, 36 insertions(+), 32 deletions(-) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index ac7d274cc..ed7150ed8 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -86,15 +86,19 @@ class BasePathNamespace(object): SSSD_CONF = "/etc/sssd/sssd.conf" ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig" SYSCONFIG_DIRSRV = "/etc/sysconfig/dirsrv" + SYSCONFIG_DIRSRV_SYSTEMD = "/etc/sysconfig/dirsrv.systemd" SYSCONFIG_DIRSRV_INSTANCE = "/etc/sysconfig/dirsrv-%s" SYSCONFIG_DIRSRV_PKI_IPA_DIR = "/etc/sysconfig/dirsrv-PKI-IPA" SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc" + SYSCONFIG_NETWORK = "/etc/sysconfig/network" + SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp" SYSCONFIG_NTPD = "/etc/sysconfig/ntpd" SYSCONFIG_PKI = "/etc/sysconfig/pki" SYSCONFIG_PKI_CA_DIR = "/etc/sysconfig/pki-ca" SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat" SYSCONFIG_PKI_CA_PKI_CA_DIR = "/etc/sysconfig/pki/ca/pki-ca" SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat" + ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/" SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service" SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service" SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service" @@ -106,6 +110,7 @@ class BasePathNamespace(object): ROOT_TMP_CA_P12 = "/root/tmp-ca.p12" IP = "/sbin/ip" NOLOGIN = "/sbin/nologin" + SBIN_RESTORECON = "/sbin/restorecon" SBIN_SERVICE = "/sbin/service" TMP = "/tmp" TMP_CA_P12 = "/tmp/ca.p12" @@ -135,6 +140,7 @@ class BasePathNamespace(object): SETPASSWD = "/usr/bin/setpasswd" SIGNTOOL = "/usr/bin/signtool" SSLGET = "/usr/bin/sslget" + UPDATE_CA_TRUST = "/usr/bin/update-ca-trust" ZIP = "/usr/bin/zip" BIND_LDAP_SO = "/usr/lib/bind/ldap.so" USR_LIB_DIRSRV = "/usr/lib/dirsrv" @@ -144,6 +150,7 @@ class BasePathNamespace(object): BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so" USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv" USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s" + LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/" SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA" LIB64_FIREFOX = "/usr/lib64/firefox" DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit" diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py index 625bd0dc5..ea066b283 100644 --- a/ipaplatform/base/services.py +++ b/ipaplatform/base/services.py @@ -151,14 +151,12 @@ class PlatformService(object): class SystemdService(PlatformService): - SYSTEMD_ETC_PATH = "/etc/systemd/system/" - SYSTEMD_LIB_PATH = "/lib/systemd/system/" SYSTEMD_SRV_TARGET = "%s.target.wants" def __init__(self, service_name, systemd_name, **kwargs): super(SystemdService, self).__init__(service_name, **kwargs) self.systemd_name = systemd_name - self.lib_path = os.path.join(self.SYSTEMD_LIB_PATH, self.systemd_name) + self.lib_path = os.path.join(paths.LIB_SYSTEMD_SYSTEMD_DIR, self.systemd_name) self.lib_path_exists = None def service_instance(self, instance_name, operation=None): @@ -192,7 +190,7 @@ class SystemdService(PlatformService): else: # No instance name, try with target tgt_name = "%s.target" % (elements[0]) - srv_lib = os.path.join(self.SYSTEMD_LIB_PATH, tgt_name) + srv_lib = os.path.join(paths.LIB_SYSTEMD_SYSTEMD_DIR, tgt_name) if os.path.exists(srv_lib): return tgt_name @@ -231,7 +229,7 @@ class SystemdService(PlatformService): def stop(self, instance_name="", capture_output=True): instance = self.service_instance(instance_name) - args = ["/bin/systemctl", "stop", instance] + args = [paths.SYSTEMCTL, "stop", instance] # The --ignore-dependencies switch is used to avoid possible # deadlock during the shutdown transaction. For more details, see @@ -251,7 +249,7 @@ class SystemdService(PlatformService): update_service_list=update_service_list) def start(self, instance_name="", capture_output=True, wait=True): - ipautil.run(["/bin/systemctl", "start", + ipautil.run([paths.SYSTEMCTL, "start", self.service_instance(instance_name)], capture_output=capture_output) @@ -267,7 +265,7 @@ class SystemdService(PlatformService): update_service_list=update_service_list) def restart(self, instance_name="", capture_output=True, wait=True): - ipautil.run(["/bin/systemctl", "restart", + ipautil.run([paths.SYSTEMCTL, "restart", self.service_instance(instance_name)], capture_output=capture_output) @@ -280,7 +278,7 @@ class SystemdService(PlatformService): while True: try: (sout, serr, rcode) = ipautil.run( - ["/bin/systemctl", "is-active", instance], + [paths.SYSTEMCTL, "is-active", instance], capture_output=True ) except ipautil.CalledProcessError as e: @@ -299,7 +297,7 @@ class SystemdService(PlatformService): def is_installed(self): try: - (sout, serr, rcode) = ipautil.run(["/bin/systemctl", + (sout, serr, rcode) = ipautil.run([paths.SYSTEMCTL, "list-unit-files", "--full"]) if rcode != 0: @@ -318,7 +316,7 @@ class SystemdService(PlatformService): enabled = True try: (sout, serr, rcode) = ipautil.run( - ["/bin/systemctl", + [paths.SYSTEMCTL, "is-enabled", self.service_instance(instance_name)]) @@ -355,7 +353,7 @@ class SystemdService(PlatformService): # @.service to # /lib/systemd/system/@.service - srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, + srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR, self.SYSTEMD_SRV_TARGET % (elements[0])) srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) @@ -375,7 +373,7 @@ class SystemdService(PlatformService): # Link exists and it is broken, make new one os.unlink(srv_lnk) os.symlink(self.lib_path, srv_lnk) - ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"]) except: pass else: @@ -389,7 +387,7 @@ class SystemdService(PlatformService): # @.service # to /lib/systemd/system/@.service - srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, + srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR, self.SYSTEMD_SRV_TARGET % (elements[0])) srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) @@ -398,7 +396,7 @@ class SystemdService(PlatformService): if ipautil.dir_exists(srv_tgt): if os.path.islink(srv_lnk): os.unlink(srv_lnk) - ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) + ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"]) except: pass else: @@ -406,14 +404,14 @@ class SystemdService(PlatformService): def __enable(self, instance_name=""): try: - ipautil.run(["/bin/systemctl", "enable", + ipautil.run([paths.SYSTEMCTL, "enable", self.service_instance(instance_name)]) except ipautil.CalledProcessError: pass def __disable(self, instance_name=""): try: - ipautil.run(["/bin/systemctl", "disable", + ipautil.run([paths.SYSTEMCTL, "disable", self.service_instance(instance_name)]) except ipautil.CalledProcessError: pass diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py index 788f62a16..d98c2d6d7 100644 --- a/ipaplatform/fedora/services.py +++ b/ipaplatform/fedora/services.py @@ -31,6 +31,7 @@ from ipaplatform.base import services as base_services from ipapython import ipautil, dogtag from ipapython.ipa_log_manager import root_logger from ipalib import api +from ipaplatform.paths import paths # Mappings from service names as FreeIPA code references to these services # to their actual systemd service names @@ -97,9 +98,7 @@ class FedoraDirectoryService(FedoraService): Returns False if the setting of the nofile limit needs to be skipped. """ - dirsrv_systemd = "/etc/sysconfig/dirsrv.systemd" - - if os.path.exists(dirsrv_systemd): + if os.path.exists(paths.SYSCONFIG_DIRSRV_SYSTEMD): # We need to enable LimitNOFILE=8192 in the dirsrv@.service # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the # service parameters is performed via @@ -107,10 +106,10 @@ class FedoraDirectoryService(FedoraService): # into dirsrv@.service unit replacevars = {'LimitNOFILE': str(num)} - ipautil.inifile_replace_variables(dirsrv_systemd, + ipautil.inifile_replace_variables(paths.SYSCONFIG_DIRSRV_SYSTEMD, 'service', replacevars=replacevars) - tasks.restore_context(dirsrv_systemd) + tasks.restore_context(paths.SYSCONFIG_DIRSRV_SYSTEMD) ipautil.run(["/bin/systemctl", "--system", "daemon-reload"], raiseonerr=False) @@ -129,9 +128,9 @@ class FedoraDirectoryService(FedoraService): if instance_name: elements = self.systemd_name.split("@") - srv_etc = os.path.join(self.SYSTEMD_ETC_PATH, + srv_etc = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR, self.systemd_name) - srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, + srv_tgt = os.path.join(paths.ETC_SYSTEMD_SYSTEM_DIR, self.SYSTEMD_SRV_TARGET % (elements[0])) srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name)) @@ -169,7 +168,7 @@ class FedoraCAService(FedoraService): # TODO: Use a cleaner solution use_proxy = True if not (os.path.exists('/etc/httpd/conf.d/ipa.conf') and - os.path.exists('/etc/httpd/conf.d/ipa-pki-proxy.conf')): + os.path.exists(paths.HTTPD_IPA_PKI_PROXY_CONF)): root_logger.debug( 'The httpd proxy is not installed, wait on local port') use_proxy = False diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py index 525e550ce..a3a507364 100644 --- a/ipaplatform/fedora/tasks.py +++ b/ipaplatform/fedora/tasks.py @@ -41,7 +41,7 @@ from ipaplatform.base.tasks import * class FedoraTaskNamespace(BaseTaskNamespace): - def restore_context(self, filepath, restorecon='/sbin/restorecon'): + def restore_context(self, filepath, restorecon=paths.SBIN_RESTORECON): """ restore security context on the file path SELinux equivalent is /path/to/restorecon @@ -157,7 +157,7 @@ class FedoraTaskNamespace(BaseTaskNamespace): # Add the CA to the systemwide CA trust database try: shutil.copy(cacert_path, new_cacert_path) - ipautil.run(['/usr/bin/update-ca-trust']) + ipautil.run([paths.UPDATE_CA_TRUST]) except OSError, e: root_logger.info("Failed to copy %s to %s" % (cacert_path, new_cacert_path)) @@ -181,7 +181,7 @@ class FedoraTaskNamespace(BaseTaskNamespace): if os.path.exists(new_cacert_path): try: os.remove(new_cacert_path) - ipautil.run(['/usr/bin/update-ca-trust']) + ipautil.run([paths.UPDATE_CA_TRUST]) except OSError, e: root_logger.error('Could not remove: %s, %s' % (new_cacert_path, str(e))) @@ -198,12 +198,12 @@ class FedoraTaskNamespace(BaseTaskNamespace): def backup_and_replace_hostname(self, fstore, statestore, hostname): old_hostname = socket.gethostname() try: - ipautil.run(['/bin/hostname', hostname]) + ipautil.run([paths.BIN_HOSTNAME, hostname]) except ipautil.CalledProcessError, e: print >>sys.stderr, ("Failed to set this machine hostname to " "%s (%s)." % (hostname, str(e))) - filepath = '/etc/hostname' + filepath = paths.ETC_HOSTNAME if os.path.exists(filepath): # read old hostname with open(filepath, 'r') as f: @@ -227,7 +227,7 @@ class FedoraTaskNamespace(BaseTaskNamespace): statestore.backup_state('network', 'hostname', old_hostname) def restore_network_configuration(self, fstore, statestore): - old_filepath = '/etc/sysconfig/network' + old_filepath = paths.SYSCONFIG_NETWORK old_hostname = statestore.get_state('network', 'hostname') hostname_was_configured = False @@ -235,13 +235,13 @@ class FedoraTaskNamespace(BaseTaskNamespace): # This is Fedora >=18 instance that was upgraded from previous # Fedora version which held network configuration # in /etc/sysconfig/network - old_filepath_restore = '/etc/sysconfig/network.ipabkp' + old_filepath_restore = paths.SYSCONFIG_NETWORK_IPABKP fstore.restore_file(old_filepath, old_filepath_restore) print "Deprecated configuration file '%s' was restored to '%s'" \ % (old_filepath, old_filepath_restore) hostname_was_configured = True - filepath = '/etc/hostname' + filepath = paths.ETC_HOSTNAME if fstore.has_file(filepath): fstore.restore_file(filepath) hostname_was_configured = True -- cgit