URL: https://github.com/freeipa/freeipa/pull/3082
Author: tiran
Title: #3082: [Backport][ipa-4-7] More ubuntu fixes
Action: opened
PR body:
"""
Manual backport of PR #3078
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3082/head:pr3082
git checkout pr3082
From 9d99a95d21522d88e46a4ed6654bae8ba2817fe9 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Fri, 26 Apr 2019 09:01:42 +0200
Subject: [PATCH 1/3] Guard dbus.start() with dbus.is_running()
Some platforms like Debian protect the dbus.service with
RefuseManualStart=True. "systemctl start dbus" fails with operation
refused (it is configured to refuse manual start/stop). On Fedora
"systemctl start dbus" is a no-op when dbus is already running.
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
ipaserver/install/cainstance.py | 4 +++-
ipaserver/install/dogtaginstance.py | 8 ++++++--
ipaserver/install/server/replicainstall.py | 12 +++++++-----
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 7389985450..99d79ecd70 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1084,7 +1084,9 @@ def uninstall(self):
# cause files to have a new owner.
self.restore_state("user_exists")
- services.knownservices.dbus.start()
+ if not services.knownservices.dbus.is_running():
+ # some platforms protect dbus with RefuseManualStart=True
+ services.knownservices.dbus.start()
cmonger = services.knownservices.certmonger
cmonger.start()
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index d05e401618..3a72c43a54 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -267,7 +267,9 @@ def configure_certmonger_renewal(self):
"""
cmonger = services.knownservices.certmonger
cmonger.enable()
- services.knownservices.dbus.start()
+ if not services.knownservices.dbus.is_running():
+ # some platforms protect dbus with RefuseManualStart=True
+ services.knownservices.dbus.start()
cmonger.start()
bus = dbus.SystemBus()
@@ -339,7 +341,9 @@ def stop_tracking_certificates(self, stop_certmonger=True):
"for %s", self.subsystem)
cmonger = services.knownservices.certmonger
- services.knownservices.dbus.start()
+ if not services.knownservices.dbus.is_running():
+ # some platforms protect dbus with RefuseManualStart=True
+ services.knownservices.dbus.start()
cmonger.start()
nicknames = list(self.tracking_reqs)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index de52f4f563..066c77a30b 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -363,11 +363,13 @@ def check_dns_resolution(host_name, dns_servers):
def configure_certmonger():
dbus = services.knownservices.dbus
- try:
- dbus.start()
- except Exception as e:
- raise ScriptError("dbus service unavailable: %s" % str(e),
- rval=3)
+ if not dbus.is_running():
+ # some platforms protect dbus with RefuseManualStart=True
+ try:
+ dbus.start()
+ except Exception as e:
+ raise ScriptError("dbus service unavailable: %s" % str(e),
+ rval=3)
# Ensure that certmonger has been started at least once to generate the
# cas files in /var/lib/certmonger/cas.
From b0ebb25cd4984df668779d30dc3971e3386352f3 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Fri, 26 Apr 2019 09:25:37 +0200
Subject: [PATCH 2/3] Add helper to look for missing binaries
Fedora has merged /usr/bin and /bin while Debian uses distinct
directories for /usr/bin and /bin. Debian also uses different directory
for libexec files.
A new paths.check_paths() helper makes it easier to detect missing or
wrong paths.
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
ipaplatform/base/paths.py | 30 ++++++++++++++++++++++++++++++
ipaplatform/debian/paths.py | 2 ++
2 files changed, 32 insertions(+)
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index b4fa748ddb..b3ad9a044e 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -20,6 +20,9 @@
'''
This base platform module exports default filesystem paths.
'''
+from __future__ import print_function
+
+import os
class BasePathNamespace(object):
@@ -212,11 +215,13 @@ class BasePathNamespace(object):
LIB64_FIREFOX = "/usr/lib64/firefox"
LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
PAM_KRB5_SO_64 = "/usr/lib64/security/pam_krb5.so"
+ LIBEXEC_CERTMONGER_DIR = "/usr/libexec/certmonger"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit"
DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit"
CERTMONGER_DOGTAG_SUBMIT = "/usr/libexec/certmonger/dogtag-submit"
IPA_SERVER_GUARD = "/usr/libexec/certmonger/ipa-server-guard"
GENERATE_RNDC_KEY = "/usr/libexec/generate-rndc-key.sh"
+ LIBEXEC_IPA_DIR = "/usr/libexec/ipa"
IPA_DNSKEYSYNCD_REPLICA = "/usr/libexec/ipa/ipa-dnskeysync-replica"
IPA_DNSKEYSYNCD = "/usr/libexec/ipa/ipa-dnskeysyncd"
IPA_HTTPD_KDCPROXY = "/usr/libexec/ipa/ipa-httpd-kdcproxy"
@@ -403,5 +408,30 @@ class BasePathNamespace(object):
SSSCTL = '/usr/sbin/sssctl'
LIBARCH = "64"
+ def check_paths(self):
+ """Check paths for missing files
+
+ python3 -c 'from ipaplatform.paths import paths; paths.check_paths()'
+ """
+ executables = (
+ "/bin", "/sbin", "/usr/bin", "/usr/sbin",
+ self.LIBEXEC_IPA_DIR, self.LIBEXEC_CERTMONGER_DIR
+ )
+ for name in sorted(dir(self)):
+ if not name[0].isupper():
+ continue
+
+ value = getattr(self, name)
+ if not value or not isinstance(value, str):
+ # skip empty values
+ continue
+ if "%" in value or "{" in value:
+ # skip templates
+ continue
+
+ if value.startswith(executables) and value not in executables:
+ if not os.path.isfile(value):
+ print("Missing executable {}={}".format(name, value))
+
paths = BasePathNamespace()
diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py
index c705942fa8..ad1ae8ba90 100644
--- a/ipaplatform/debian/paths.py
+++ b/ipaplatform/debian/paths.py
@@ -75,11 +75,13 @@ class DebianPathNamespace(BasePathNamespace):
LIBSOFTHSM2_SO = "/usr/lib/softhsm/libsofthsm2.so"
PAM_KRB5_SO = "/usr/lib/{0}/security/pam_krb5.so".format(MULTIARCH)
LIB_SYSTEMD_SYSTEMD_DIR = "/lib/systemd/system/"
+ LIBEXEC_CERTMONGER_DIR = "/usr/lib/certmonger"
DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit"
DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit"
CERTMONGER_DOGTAG_SUBMIT = "/usr/lib/certmonger/dogtag-submit"
IPA_SERVER_GUARD = "/usr/lib/certmonger/ipa-server-guard"
GENERATE_RNDC_KEY = "/bin/true"
+ LIBEXEC_IPA_DIR = "/usr/lib/ipa"
IPA_DNSKEYSYNCD_REPLICA = "/usr/lib/ipa/ipa-dnskeysync-replica"
IPA_DNSKEYSYNCD = "/usr/lib/ipa/ipa-dnskeysyncd"
IPA_HTTPD_KDCPROXY = "/usr/lib/ipa/ipa-httpd-kdcproxy"
From 52fd749937301c71dac428b2632eaff01dc718aa Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Fri, 26 Apr 2019 09:28:34 +0200
Subject: [PATCH 3/3] Correct path to systemd-detect-virt
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
ipaplatform/base/paths.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index b3ad9a044e..ec822be2aa 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -33,7 +33,7 @@ class BasePathNamespace(object):
LS = "/bin/ls"
SH = "/bin/sh"
SYSTEMCTL = "/bin/systemctl"
- SYSTEMD_DETECT_VIRT = "/bin/systemd-detect-virt"
+ SYSTEMD_DETECT_VIRT = "/usr/bin/systemd-detect-virt"
TAR = "/bin/tar"
AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
ETC_DIRSRV = "/etc/dirsrv"
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
