URL: https://github.com/freeipa/freeipa/pull/1563
Author: stlaz
Title: #1563: Support the 1.4.x python installer tools in 389-ds
Action: opened
PR body:
"""
Opened on behalf of https://github.com/Firstyear
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1563/head:pr1563
git checkout pr1563
From 06c24ae5112000874cf81ca27ebbc65855377230 Mon Sep 17 00:00:00 2001
From: William Brown <firsty...@redhat.com>
Date: Fri, 1 Dec 2017 16:33:45 +0100
Subject: [PATCH] Support the 1.4.x python installer tools in 389-ds
---
install/share/ldapi.ldif | 4 ++
ipaplatform/base/paths.py | 48 +++++++++-------
ipaserver/install/dsinstance.py | 119 ++++++++++++++++++++++++++++++++++++++--
3 files changed, 145 insertions(+), 26 deletions(-)
diff --git a/install/share/ldapi.ldif b/install/share/ldapi.ldif
index 607506fd16..47f3f2caa8 100644
--- a/install/share/ldapi.ldif
+++ b/install/share/ldapi.ldif
@@ -3,4 +3,8 @@ dn: cn=config
changetype: modify
replace: nsslapd-ldapilisten
nsslapd-ldapilisten: on
+-
+replace: nsslapd-ldapifilepath
+nsslapd-ldapifilepath: /var/run/slapd-$SERVERID.socket
+-
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 189506d897..98592fbf79 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -32,9 +32,6 @@ class BasePathNamespace(object):
SYSTEMCTL = "/bin/systemctl"
TAR = "/bin/tar"
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
- ETC_DIRSRV = "/etc/dirsrv"
- DS_KEYTAB = "/etc/dirsrv/ds.keytab"
- ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
ETC_FEDORA_RELEASE = "/etc/fedora-release"
GROUP = "/etc/group"
ETC_HOSTNAME = "/etc/hostname"
@@ -189,13 +186,11 @@ class BasePathNamespace(object):
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
- USR_LIB_DIRSRV = "/usr/lib/dirsrv"
LIB_FIREFOX = "/usr/lib/firefox"
LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
PAM_KRB5_SO = "/usr/lib/security/pam_krb5.so"
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
- USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
LIB64_FIREFOX = "/usr/lib64/firefox"
LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
PAM_KRB5_SO_64 = "/usr/lib64/security/pam_krb5.so"
@@ -226,11 +221,9 @@ class BasePathNamespace(object):
PKIDESTROY = "/usr/sbin/pkidestroy"
PKISPAWN = "/usr/sbin/pkispawn"
PKI = "/usr/bin/pki"
- REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
RESTORECON = "/usr/sbin/restorecon"
SELINUXENABLED = "/usr/sbin/selinuxenabled"
SETSEBOOL = "/usr/sbin/setsebool"
- SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
SMBD = "/usr/sbin/smbd"
USERADD = "/usr/sbin/useradd"
FONTS_DIR = "/usr/share/fonts"
@@ -265,11 +258,6 @@ class BasePathNamespace(object):
CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/"
VAR_LIB_DIRSRV = "/var/lib/dirsrv"
DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif"
- VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
- VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
- SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
- SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
- SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
VAR_LIB_IPA = "/var/lib/ipa"
IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
@@ -304,10 +292,6 @@ class BasePathNamespace(object):
SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
VAR_LOG_AUDIT = "/var/log/audit/audit.log"
- DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
- VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
- SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
- SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
VAR_LOG_HTTPD_DIR = "/var/log/httpd"
VAR_LOG_HTTPD_ERROR = "/var/log/httpd/error_log"
IPABACKUP_LOG = "/var/log/ipabackup.log"
@@ -347,13 +331,8 @@ class BasePathNamespace(object):
SVC_LIST_FILE = "/var/run/ipa/services.list"
KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
- ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
ENTROPY_AVAIL = '/proc/sys/kernel/random/entropy_avail'
- LDIF2DB = '/usr/sbin/ldif2db'
- DB2LDIF = '/usr/sbin/db2ldif'
- BAK2DB = '/usr/sbin/bak2db'
- DB2BAK = '/usr/sbin/db2bak'
KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
CERTMONGER = '/usr/sbin/certmonger'
NETWORK_MANAGER_CONFIG_DIR = '/etc/NetworkManager/conf.d'
@@ -369,6 +348,33 @@ class BasePathNamespace(object):
IF_INET6 = '/proc/net/if_inet6'
WSGI_PREFIX_DIR = "/run/httpd/wsgi"
AUTHCONFIG = None
+ # 389 DS related commands.
+ DSCREATE = '/usr/sbin/dscreate'
+ DSCTL = '/usr/sbin/dsctl'
+ DSCONF = '/usr/sbin/dsconf'
+ # DS related constants
+ ETC_DIRSRV = "/etc/dirsrv"
+ DS_KEYTAB = "/etc/dirsrv/ds.keytab"
+ ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
+ USR_LIB_DIRSRV = "/usr/lib/dirsrv"
+ USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
+ VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
+ VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
+ SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
+ SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
+ SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
+ DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
+ ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
+ VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
+ SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
+ SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
+ # Legacy 389 commands
+ LDIF2DB = '/usr/sbin/ldif2db'
+ DB2LDIF = '/usr/sbin/db2ldif'
+ BAK2DB = '/usr/sbin/bak2db'
+ DB2BAK = '/usr/sbin/db2bak'
+ SETUP_DS_PL = "/usr/sbin/setup-ds.pl"
+ REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
IPA_SERVER_UPGRADE = '/usr/sbin/ipa-server-upgrade'
KEYCTL = '/usr/bin/keyctl'
GETENT = '/usr/bin/getent'
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2493b8a54e..a98dee1411 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -96,7 +96,7 @@ def schema_dirname(serverid):
return config_dirname(serverid) + "/schema/"
-def remove_ds_instance(serverid, force=False):
+def __remove_instance_legacy(serverid, force=False):
"""A wrapper around the 'remove-ds.pl' script used by
389ds to remove a single directory server instance. In case of error
additional call with the '-f' flag is performed (forced removal). If this
@@ -118,6 +118,36 @@ def remove_ds_instance(serverid, force=False):
"Attempting to force removal", paths.REMOVE_DS_PL)
remove_ds_instance(serverid, force=True)
+def __remove_instance_python(serverid):
+ """Call the lib389 api to remove the instance. Because of the
+ design of the api, there is no "force" command. Provided a marker
+ file exists, it will attempt the removal, and the marker is the *last*
+ file to be removed. IE just run this multiple times til it works (if
+ you even need multiple times ....)
+ """
+
+ from lib389.instance.remove import remove_ds_instance
+ from lib389 import DirSrv
+
+ logger.debug("Attempting to remove instance %s" % serverid)
+ # Alloc the local instance by name (no creds needed!)
+ inst = DirSrv(verbose=True, external_log=logger)
+ inst.local_simple_allocate(serverid)
+
+ # Remove it
+ remove_ds_instance(instance)
+ logger.debug("Instance removed correctly.")
+
+def remove_ds_instance(serverid, force=False):
+ if os.path.exists(paths.REMOVE_DS_PL):
+ # We still have legacy tools. Lets use them.
+ self.__remove_instance_legacy(serverid, force)
+ else:
+ # Okay, 389 have removed their perl tools. Great! Use the api driven installer
+ self.__remove_instance_python(serverid)
+
+
+
def get_ds_instances():
'''
@@ -537,7 +567,7 @@ def __setup_sub_dict(self):
' '.join(replication.TOTAL_EXCLUDES),
)
- def __create_instance(self):
+ def __create_instance_legacy(self):
pent = pwd.getpwnam(DS_USER)
self.backup_state("serverid", self.serverid)
@@ -579,6 +609,68 @@ def __create_instance(self):
inf_fd.close()
os.remove(paths.DIRSRV_BOOT_LDIF)
+ def __create_instance_python(self):
+ # We only import lib389 now, because we can't always guarantee it's presence
+ # yet. After f28, this can be made a dependency proper.
+ from lib389.instance.setup import SetupDs
+ from lib389.instance.options import General2Base, Slapd2Base
+ from lib389.idm.ipadomain import IpaDomain
+ from lib389 import DirSrv
+
+ # The new installer is api driven. We can pass it a log function
+ # and it will use it. Because of this, we can pass verbose true,
+ # and allow our logger to control the display based on level.
+ sds = SetupDs(verbose=True, dryrun=False, log=logger)
+
+ # General environmental options.
+ general_options = General2Base(logger)
+ general_options.set('strict_host_checking', False)
+ # Check that our requested configuration is actually valid ...
+ general_options.verify()
+ general = general_options.collect()
+
+ # Slapd options, ie instance name.
+ slapd_options = Slapd2Base(logger)
+ slapd_options.set('instance_name', self.serverid)
+ slapd_options.set('root_password', self.dm_password)
+ slapd_options.verify()
+ slapd = slapd_options.collect()
+
+ # Create userroot. Note that the new install does NOT
+ # create sample entries, so this is *empty*.
+ userroot = {
+ 'cn': 'userRoot',
+ 'nsslapd-suffix': self.suffix.ldap_text()
+ }
+
+ backends = [userroot,]
+
+ sds.create_from_args(general, slapd, backends, None)
+
+ # Now create the new domain root object in the format that IPA expects.
+ # Get the instance ....
+
+ inst = DirSrv(verbose=True, external_log=logger)
+ inst.remote_simple_allocate(ldapuri=ipaldap.get_ldap_uri(self.fqdn), password=self.dm_password)
+ # This actually opens the conn and binds.
+ inst.open()
+
+ ipadomain = IpaDomain(inst, dn=self.suffix.ldap_text())
+ ipadomain.create(properties={
+ 'dc' : self.realm.split('.')[0].lower(),
+ 'info': 'IPA V2.0',
+ })
+ # Done!
+ logger.debug("completed creating DS instance")
+
+ def __create_instance(self):
+ if os.path.exists(paths.SETUP_DS_PL):
+ # We still have legacy tools. Lets use them.
+ self.__create_instance_legacy()
+ else:
+ # Okay, 389 have removed their perl tools. Great! Use the api driven installer
+ self.__create_instance_python()
+
def __update_dse_ldif(self):
"""
This method updates dse.ldif right after instance creation. This is
@@ -1039,25 +1131,42 @@ def uninstall(self):
try:
self.fstore.restore_file(paths.LIMITS_CONF)
+ except ValueError as error:
+ logger.debug("%s: %s" % (paths.LIMITS_CONF , error))
+
+ try:
self.fstore.restore_file(paths.SYSCONFIG_DIRSRV)
except ValueError as error:
- logger.debug("%s", error)
+ logger.debug("%s: %s" % (paths.SYSCONFIG_DIRSRV , error))
# disabled during IPA installation
if enabled:
+ logger.debug("Re-enabling instance of Directory Server")
self.enable()
serverid = self.restore_state("serverid")
if serverid is not None:
+ # What if this fails? Then what?
self.stop_tracking_certificates(serverid)
logger.debug("Removing DS instance %s", serverid)
try:
remove_ds_instance(serverid)
- installutils.remove_keytab(paths.DS_KEYTAB)
- installutils.remove_ccache(run_as=DS_USER)
except ipautil.CalledProcessError:
logger.error("Failed to remove DS instance. You may "
"need to remove instance data manually")
+ try:
+ installutils.remove_keytab(paths.DS_KEYTAB)
+ except ipautil.CalledProcessError:
+ logger.error("Failed to remove DS keytab. You may "
+ "need to remove keytab data manually")
+ try:
+ installutils.remove_ccache(run_as=DS_USER)
+ except:
+ logger.error("Failed to remove DS ccache. You may "
+ "need to remove ccache data manually")
+ else:
+ logger.error("Failed to remove DS instance. No serverid present"
+ "in sysrestore file.")
# Just eat this state
self.restore_state("user_exists")
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
