Hi,

On 19.07.2011 16:36, Alexander Bokovoy wrote:
>> I believe that nss-pam-ldapd uses a different configuration file than
>> nss_ldap, I think I'd rather use the existence of that to determine what
>> is being used. Calling out to rpm seems heavy-weight.
> In continuation of the same story, ticket 1368 asks for propagating
> hostname into static configuration (/etc/sysconfig/network, HOSTNAME
> variable on Red Hat systems). This is an example of system-specific
> common code where we want to ensure configuration is made and backed up
> but we don't care what is configuration's location and format. I.e.
> perfect example to write platform-specific support.
> 
> I'm going to rework ipautil into providing common functions and loading
> platform-specific ones from separate files so that we can have Red Hat
> or Fedora (or LSB) platforms, Debian-based platforms and so on. Remeber,
> this is for ipa-client-install so some flexibility is welcomed here.
> 
> I'll try to avoid using package management tools in such
> platform-specific code as much as possible also to avoid lock conflicts
> (if something is being installed in background you might get locked when
> asking a package database).
> 
> We don't need to do platform detection at runtime as that is could be
> deferred to package maintainers. After all, IPA most likely will be
> packaged and ipa-client-install will come from such a package. Thus,
> providing proper ipautil-system.py file can be done as packaging effort.

Attached is a first cut for the refactoring. It introduces
ipapython.services which is a container for service- and
platform-specific methods and classes that would require different
behavior depending on a distribution in question.

I moved existing code to ipapython/platform/redhat.py.
ipapython/services.py is auto-generated and basically is one-liner:
=====
from ipapython.platform.<platform> import *
=====

Actual <platform> value is substituted using top-level Makefile's
SUPPORTED_PLAFTORM= variable (defaults to 'redhat', can be redefined
without modifying Makefile, in package building scripts, for example)
and then ipapython/services.py is generated from ipapython/services.py.in

I have converted all users of ipapython.iputil to a new interface but
haven't really tested the code yet apart from make dist and make-lint.

As it is work in progress, all comments and suggestions are welcome!
-- 
/ Alexander Bokovoy
From 8ab1740193ffca750658c27c957d00b8de1eabf6 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Wed, 20 Jul 2011 20:20:22 +0300
Subject: [PATCH] First phase of iputil refactoring: introduce
 ipapython.services and ipapython.platform

---
 Makefile                                  |    8 ++
 install/tools/ipa-nis-manage              |   11 ++-
 install/tools/ipa-replica-install         |    2 +-
 install/tools/ipa-server-install          |    7 +-
 ipa-client/ipa-install/ipa-client-install |   62 +++++++++-------
 ipapython/Makefile                        |    4 +-
 ipapython/ipautil.py                      |  117 +++++++++++++++++-----------
 ipapython/platform/__init__.py            |   23 ++++++
 ipapython/platform/redhat.py              |  116 ++++++++++++++++++++++++++++
 ipapython/setup.py.in                     |    2 +-
 ipaserver/install/bindinstance.py         |    2 +-
 ipaserver/install/cainstance.py           |    4 +-
 ipaserver/install/certs.py                |    2 +-
 ipaserver/install/dsinstance.py           |    6 +-
 ipaserver/install/httpinstance.py         |    2 +-
 ipaserver/install/krbinstance.py          |    2 +-
 ipaserver/install/ntpinstance.py          |    4 +-
 ipaserver/install/service.py              |   55 +++++++-------
 18 files changed, 306 insertions(+), 123 deletions(-)
 create mode 100644 ipapython/platform/__init__.py
 create mode 100644 ipapython/platform/redhat.py

diff --git a/Makefile b/Makefile
index 
6484dbbc9263e28b220d2819ad47baaf910ba5f1..9d8802587f9fa1130271d3824667d83b637ac9ee
 100644
--- a/Makefile
+++ b/Makefile
@@ -8,6 +8,8 @@ PRJ_PREFIX=freeipa
 RPMBUILD ?= $(PWD)/rpmbuild
 TARGET ?= master
 
+SUPPORTED_PLATFORM=redhat
+
 # After updating the version in VERSION you should run the version-update
 # target.
 
@@ -109,6 +111,12 @@ version-update: release-update
                ipa-client/ipa-client.spec.in > ipa-client/ipa-client.spec
        sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-client/version.m4.in \
                > ipa-client/version.m4
+       
+       if [ "$(SUPPORTED_PLATFORM)" != "" ]; then \
+               sed -e s/SUPPORTED_PLATFORM/$(SUPPORTED_PLATFORM)/ 
ipapython/services.py.in \
+                       > ipapython/services.py; \
+       fi
+       
        if [ "$(SKIP_API_VERSION_CHECK)" != "yes" ]; then \
                ./makeapi --validate; \
        fi
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 
3625ae03a79830cb832e0644f0954c5fe0e8e67b..63977da6a72bd35eb32e408c09914ef9888487ef
 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -24,6 +24,7 @@ import os
 try:
     from optparse import OptionParser
     from ipapython import ipautil, config
+    from ipapython import services as ipaservices
     from ipaserver.install import installutils
     from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
     from ipaserver.plugins.ldap2 import ldap2
@@ -143,15 +144,15 @@ def main():
 
             # Enable either the portmap or rpcbind service
             try:
-                ipautil.run(["/sbin/chkconfig", "portmap", "on"])
-                servicemsg = "portmap"
+                ipaservices.service_on(ipaservices.SERVICE_PORTMAP)
+                servicemsg = ipaservices.SERVICE_PORTMAP
             except ipautil.CalledProcessError, cpe:
                 if cpe.returncode == 1:
                     try:
-                        ipautil.run(["/sbin/chkconfig", "rpcbind", "on"])
-                        servicemsg = "rpcbind"
+                        ipaservices.service_on(ipaservices.SERVICE_RPCBIND)
+                        servicemsg = ipaservices.SERVICE_RPCBIND
                     except ipautil.CalledProcessError, cpe:
-                        print "Unable to enable either portmap or rpcbind"
+                        print "Unable to enable either %s or %s" % 
(ipaservices.SERVICE_PORTMAP, ipaservices.SERVICE_RPCBIND)
                         retval = 3
 
             # The cn=config entry for the plugin may already exist but it
diff --git a/install/tools/ipa-replica-install 
b/install/tools/ipa-replica-install
index 
6531421ab47b58e04187d860456bb4ce49bec74f..ac6ccf5dbc9dc48510b7c76ab9e7bc6e29e6c077
 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -464,7 +464,7 @@ def main():
     ds.init_memberof()
 
     #Everything installed properly, activate ipa service.
-    service.chkconfig_on('ipa')
+    service.service_on('ipa')
 
 try:
     if not os.geteuid()==0:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 
8f8100bc96819378f1e59457ffb494f3858cd45d..fe5558786dcc2345ff6d13f52c1bcceec4011a44
 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -55,6 +55,7 @@ from ipaserver.plugins.ldap2 import ldap2
 
 from ipapython import sysrestore
 from ipapython.ipautil import *
+import ipapython.services as ipaservices
 from ipalib import api, errors, util
 from ipalib.parameters import IA5Str
 from ipapython.config import IPAOptionParser
@@ -462,7 +463,7 @@ def uninstall():
         except KeyError:
             logging.info("Group %s already removed", dsinstance.DS_GROUP)
 
-    service.chkconfig_off('ipa')
+    service.service_off('ipa')
 
     return 0
 
@@ -888,7 +889,7 @@ def main():
         os.remove(pw_name)
     else:
         http.create_instance(realm_name, host_name, domain_name, dm_password, 
autoconfig=True, self_signed_ca=options.selfsign, subject_base=options.subject)
-    ipautil.run(["/sbin/restorecon", "/var/cache/ipa/sessions"])
+    ipaservices.restore_context("/var/cache/ipa/sessions")
 
     set_subject_in_config(realm_name, dm_password, 
util.realm_to_suffix(realm_name), options.subject)
     if not options.selfsign:
@@ -943,7 +944,7 @@ def main():
 
 
     #Everything installed properly, activate ipa service.
-    service.chkconfig_on('ipa')
+    service.service_on('ipa')
 
     print 
"=============================================================================="
     print "Setup complete"
diff --git a/ipa-client/ipa-install/ipa-client-install 
b/ipa-client/ipa-install/ipa-client-install
index 
4610583d7a314ba0fa67ed86d243ea4676ba39b4..506edfe1e8990c3f4c6a4d573b3a02ee82fe43eb
 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -32,6 +32,7 @@ try:
     import ipaclient.ipachangeconf
     import ipaclient.ntpconf
     from ipapython.ipautil import run, user_input, CalledProcessError, 
file_exists
+    import ipapython.services as ipaservices
     from ipapython import ipautil
     from ipapython import dnsclient
     from ipapython import sysrestore
@@ -179,14 +180,14 @@ def uninstall(options, env):
     # Always start certmonger. We can't untrack something if it isn't
     # running
     try:
-        ipautil.service_start('certmonger')
+        ipaservices.service_start(ipaservices.SERVICE_CERTMONGER)
     except Exception, e:
         logging.error("certmonger failed to start: %s" % str(e))
 
     try:
         certmonger.stop_tracking('/etc/pki/nssdb', 
nickname=client_nss_nickname)
     except (CalledProcessError, RuntimeError), e:
-        logging.error("certmonger failed to stop tracking certificate: %s" % 
str(e))
+        logging.error("%s failed to stop tracking certificate: %s" % 
(ipaservices.SERVICE_CERTMONGER, str(e)))
 
     if nickname_exists(client_nss_nickname):
         try:
@@ -195,18 +196,18 @@ def uninstall(options, env):
             print "Failed to remove %s from /etc/pki/nssdb: %s" % 
(client_nss_nickname, str(e))
 
     try:
-        ipautil.service_stop('certmonger')
+        ipaservices.service_stop(ipaservices.SERVICE_CERTMONGER)
     except Exception, e:
-        logging.error("certmonger failed to stop: %s" % str(e))
+        logging.error("%s failed to stop: %s" % 
(ipaservices.SERVICE_CERTMONGER, str(e)))
 
     # Remove any special principal names we added to the IPA CA helper
     certmonger.remove_principal_from_cas()
 
     try:
-        ipautil.chkconfig_off('certmonger')
+        ipaservices.service_off(ipaservices.SERVICE_CERTMONGER)
     except Exception, e:
-        print "Failed to disable automatic startup of the certmonger daemon"
-        logging.error("Failed to disable automatic startup of the certmonger 
daemon: %s" % str(e))
+        print "Failed to disable automatic startup of the %s service" % 
(ipaservices.SERVICE_CERTMONGER)
+        logging.error("Failed to disable automatic startup of the %s service: 
%s" % (ipaservices.SERVICE_CERTMONGER, str(e)))
 
     if not options.on_master:
         print "Unenrolling client from IPA server"
@@ -229,7 +230,14 @@ def uninstall(options, env):
 
     print "Disabling client Kerberos and LDAP configurations"
     try:
-        run(["/usr/sbin/authconfig", "--disableldap", "--disablekrb5", 
"--disablesssd", "--disablesssdauth", "--disablemkhomedir", "--update"])
+        auth_config = ipaservices.authconfig()
+        auth_config.disable("ldap").\
+                    disable("krb5").\
+                    disable("sssd").\
+                    disable("sssdauth").\
+                    disable("mkhomedir").\
+                    add_option("update")
+        auth_config.execute()
     except Exception, e:
         print "Failed to remove krb5/LDAP configuration. " +str(e)
         sys.exit(1)
@@ -237,28 +245,28 @@ def uninstall(options, env):
     print "Restoring client configuration files"
     fstore.restore_all_files()
 
-    if ipautil.service_is_installed('nscd'):
+    if ipaservices.service_is_installed('nscd'):
         try:
-            ipautil.service_restart('nscd')
+            ipaservices.service_restart('nscd')
         except:
             print "Failed to restart start the NSCD daemon"
 
         try:
-            ipautil.chkconfig_on('nscd')
+            ipaservices.service_on('nscd')
         except:
             print "Failed to configure automatic startup of the NSCD daemon"
     else:
         # this is optional service, just log
         logging.info("NSCD daemon is not installed, skip configuration")
 
-    if ipautil.service_is_installed('nslcd'):
+    if ipaservices.service_is_installed('nslcd'):
         try:
-            ipautil.service_stop('nslcd')
+            ipaservices.service_stop('nslcd')
         except:
             print "Failed to stop the NSLCD daemon"
 
         try:
-            ipautil.chkconfig_off('nslcd')
+            ipaservices.service_off('nslcd')
         except:
             print "Failed to disable automatic startup of the NSLCD daemon"
     else:
@@ -381,14 +389,14 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, 
cli_domain, cli_server,
             print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
             return 1
 
-    if ipautil.service_is_installed('nslcd'):
+    if ipaservices.service_is_installed('nslcd'):
         try:
-            ipautil.service_restart('nslcd')
+            ipaservices.service_restart('nslcd')
         except Exception, e:
             logging.error("nslcd failed to restart: %s" % str(e))
 
         try:
-            ipautil.chkconfig_on('nslcd')
+            ipaservices.service_on('nslcd')
         except Exception, e:
             print "Failed to configure automatic startup of the NSLCD daemon"
             logging.error("Failed to enable automatic startup of the NSLCD 
daemon: %s" % str(e))
@@ -482,14 +490,14 @@ def configure_certmonger(fstore, subject_base, cli_realm, 
hostname, options):
     # Ensure that certmonger has been started at least once to generate the
     # cas files in /var/lib/certmonger/cas.
     try:
-        ipautil.service_restart('certmonger')
+        ipaservices.service_restart('certmonger')
     except Exception, e:
         logging.error("certmonger failed to restart: %s" % str(e))
 
     if options.hostname:
         # It needs to be stopped if we touch them
         try:
-            ipautil.service_stop('certmonger')
+            ipaservices.service_stop('certmonger')
         except Exception, e:
             logging.error("certmonger failed to stop: %s" % str(e))
         # If the hostname is explicitly set then we need to tell certmonger
@@ -497,7 +505,7 @@ def configure_certmonger(fstore, subject_base, cli_realm, 
hostname, options):
         certmonger.add_principal_to_cas(principal)
 
     try:
-        ipautil.service_restart('certmonger')
+        ipaservices.service_restart('certmonger')
     except Exception, e:
         print "Failed to start the certmonger daemon"
         print "Automatic certificate management will not be available"
@@ -505,7 +513,7 @@ def configure_certmonger(fstore, subject_base, cli_realm, 
hostname, options):
         started = False
 
     try:
-        ipautil.chkconfig_on('certmonger')
+        ipaservices.service_on('certmonger')
     except Exception, e:
         print "Failed to configure automatic startup of the certmonger daemon"
         print "Automatic certificate management will not be available"
@@ -915,15 +923,15 @@ def main():
         client_dns(cli_server, hostname, options.dns_updates)
 
     #Name Server Caching Daemon. Disable for SSSD, use otherwise (if installed)
-    if ipautil.service_is_installed("nscd"):
+    if ipaservices.service_is_installed("nscd"):
         if options.sssd:
             nscd_service_action = "stop"
-            nscd_service_cmd = ipautil.service_stop
-            nscd_chkconfig_cmd = ipautil.chkconfig_off
+            nscd_service_cmd = ipaservices.service_stop
+            nscd_service_cmd = ipaservices.service_off
         else:
             nscd_service_action = "restart"
-            nscd_service_cmd = ipautil.service_restart
-            nscd_chkconfig_cmd = ipautil.chkconfig_on
+            nscd_service_cmd = ipaservices.service_restart
+            nscd_service_cmd = ipaservices.service_on
 
         try:
             nscd_service_cmd('nscd')
@@ -933,7 +941,7 @@ def main():
                 print >>sys.stderr, "Caching of users/groups will not be 
available"
 
         try:
-            nscd_chkconfig_cmd('nscd')
+            nscd_service_cmd('nscd')
         except:
             if not options.sssd:
                 print >>sys.stderr, "Failed to configure automatic startup of 
the NSCD daemon"
diff --git a/ipapython/Makefile b/ipapython/Makefile
index 
c96d5d9c1498140af7188a1d4b55c8e9453e3f71..7b046383a9552a1a241b0138126e5a638d1340d6
 100644
--- a/ipapython/Makefile
+++ b/ipapython/Makefile
@@ -3,7 +3,7 @@ PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
 CONFIGDIR ?= $(DESTDIR)/etc/ipa
 TESTS = $(wildcard test/*.py)
 
-SUBDIRS = py_default_encoding
+SUBDIRS = py_default_encoding platform
 
 all:
        @for subdir in $(SUBDIRS); do \
@@ -27,7 +27,7 @@ clean:
        done
 
 distclean: clean
-       rm -f setup.py ipa-python.spec version.py
+       rm -f setup.py ipa-python.spec version.py services.py
        @for subdir in $(SUBDIRS); do \
                (cd $$subdir && $(MAKE) $@) || exit 1; \
        done
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 
0191662cdea28306c0b274578f9bfafc58faf143..b64f81d05715e59e16fbab6e3eb6bafe6b6cb859
 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -1,6 +1,7 @@
 # Authors: Simo Sorce <sso...@redhat.com>
+#          Alexander Bokovoy <aboko...@redhat.com>
 #
-# Copyright (C) 2007    Red Hat
+# Copyright (C) 2007-2011  Red Hat
 # see file 'COPYING' for use and warranty information
 #
 # This program is free software; you can redistribute it and/or modify
@@ -1050,51 +1051,6 @@ def get_gsserror(e):
     return (major, minor)
 
 
-def service_stop(service_name, instance_name="", capture_output=True):
-    run(["/sbin/service", service_name, "stop", instance_name],
-                capture_output=capture_output)
-
-def service_start(service_name, instance_name="", capture_output=True):
-    run(["/sbin/service", service_name, "start", instance_name],
-                capture_output=capture_output)
-
-def service_restart(service_name, instance_name="", capture_output=True):
-    run(["/sbin/service", service_name, "restart", instance_name],
-                capture_output=capture_output)
-
-def service_is_running(service_name, instance_name=""):
-    ret = True
-    try:
-        run(["/sbin/service", service_name, "status", instance_name])
-    except CalledProcessError:
-        ret = False
-    return ret
-
-def service_is_installed(service_name):
-    installed = True
-    try:
-        run(["/sbin/service", service_name, "status"])
-    except CalledProcessError, e:
-        if e.returncode == 1:
-            # service is not installed or there is other serious issue
-            installed = False
-    return installed
-
-def service_is_enabled(service_name):
-    (stdout, stderr, returncode) = run(["/sbin/chkconfig", service_name], 
raiseonerr=False)
-    return (returncode == 0)
-
-def chkconfig_on(service_name):
-    run(["/sbin/chkconfig", service_name, "on"])
-
-def chkconfig_off(service_name):
-    run(["/sbin/chkconfig", service_name, "off"])
-
-def chkconfig_add(service_name):
-    run(["/sbin/chkconfig", "--add", service_name])
-
-def chkconfig_del(service_name):
-    run(["/sbin/chkconfig", "--del", service_name])
 
 def host_port_open(host, port, socket_stream=True, socket_timeout=None):
     families = (socket.AF_INET, socket.AF_INET6)
@@ -1168,3 +1124,72 @@ def bind_port_responder(port, socket_stream=True, 
socket_timeout=None, responder
                 s.sendto(responder_data, addr)
     finally:
         s.close()
+
+class AuthConfig:
+    """
+    AuthConfig class implements system-independent interface to configure
+    system authentication resources. In Red Hat systems this is done with
+    authconfig(8) utility.
+    
+    AuthConfig class is nothing more than a tool to gather configuration 
options
+    and execute their processing. These options then converted by an actual 
implementation
+    to series of a system calls to appropriate utilities performing real 
configuration.
+    
+    Actual implementation should be done in ipapython/platform/<platform>.py 
by inheriting from ipautil.AuthConfig
+    and redefining __build_args() and execute() methods.
+    ....
+    class PlatformAuthConfig(ipautil.AuthConfig):
+        def __build_args():
+        ...
+        
+        def execute():
+        ...
+    
+    authconfig = PlatformAuthConfig
+    ....
+    
+    See ipapython/platform/redhat.py for a sample implementation that uses 
authconfig(8) as its backend.
+    
+    From IPA perspective, the authentication configuration should be done with 
use of ipapython.services.authconfig:
+    
+    auth_config = ipapython.services.authconfig()
+    auth_config.disable("ldap").\
+                disable("krb5").\
+                disable("sssd").\
+                disable("sssdauth").\
+                disable("mkhomedir").\
+                add_option("update").\
+                enable("nis").\
+                add_parameter("nisdomain","foobar")
+    auth_config.execute()
+    """
+    
+    def __init__(self):
+        self.parameters = {}
+    
+    def enable(self, option):
+        self.parameters[option] = True
+        return self
+
+    def disable(self, option):
+        self.parameters[option] = False
+        return self
+
+    def add_option(self, option):
+        self.parameters[option] = None
+        return self
+
+    def add_parameter(self, option, value):
+        self.parameters[option] = [value]
+        return self
+
+    def __build_args(self):
+        # do nothing
+        return None
+                
+    def execute(self):
+        # do nothing
+        return None
+
+
+
diff --git a/ipapython/platform/__init__.py b/ipapython/platform/__init__.py
new file mode 100644
index 
0000000000000000000000000000000000000000..e0a394b0276b3750f0bfe60d8ff88dd17f262285
--- /dev/null
+++ b/ipapython/platform/__init__.py
@@ -0,0 +1,23 @@
+# Authors:
+#   Alexander Bokovoy <aboko...@redhat.com>
+#
+# Copyright (C) 2011  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Sub-package containing all platform-specific adaptation for ipapython.services.
+Should not be used directly.
+"""
diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py
new file mode 100644
index 
0000000000000000000000000000000000000000..c6d2631cdb3a51edf3a4bd4b906a9aba39c0d47b
--- /dev/null
+++ b/ipapython/platform/redhat.py
@@ -0,0 +1,116 @@
+# Authors: Simo Sorce <sso...@redhat.com>
+#          Alexander Bokovoy <aboko...@redhat.com>
+#
+# Copyright (C) 2007-2011   Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.    See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from ipapython import ipautil
+
+SERVICE_PORTMAP = "portmap"
+SERVICE_RPCBIND = "rpcbind"
+SERVICE_CERTMONGER = "certmonger"
+SERVICE_NSCD = "nscd"
+SERVICE_NLSCD = "nlscd"
+
+def service_stop(service_name, instance_name="", capture_output=True):
+    ipautil.run(["/sbin/service", service_name, "stop", instance_name],
+                capture_output=capture_output)
+
+def service_start(service_name, instance_name="", capture_output=True):
+    ipautil.run(["/sbin/service", service_name, "start", instance_name],
+                capture_output=capture_output)
+
+def service_restart(service_name, instance_name="", capture_output=True):
+    ipautil.run(["/sbin/service", service_name, "restart", instance_name],
+                capture_output=capture_output)
+
+def service_is_running(service_name, instance_name=""):
+    ret = True
+    try:
+        ipautil.run(["/sbin/service", service_name, "status", instance_name])
+    except ipautil.CalledProcessError:
+        ret = False
+    return ret
+
+def service_is_installed(service_name):
+    installed = True
+    try:
+        ipautil.run(["/sbin/service", service_name, "status"])
+    except ipautil.CalledProcessError, e:
+        if e.returncode == 1:
+            # service is not installed or there is other serious issue
+            installed = False
+    return installed
+
+def service_is_enabled(service_name):
+    (stdout, stderr, returncode) = ipautil.run(["/sbin/chkconfig", 
service_name], raiseonerr=False)
+    return (returncode == 0)
+
+def service_on(service_name):
+    ipautil.run(["/sbin/chkconfig", service_name, "on"])
+
+def service_off(service_name):
+    ipautil.run(["/sbin/chkconfig", service_name, "off"])
+
+def service_add(service_name):
+    ipautil.run(["/sbin/chkconfig", "--add", service_name])
+
+def service_del(service_name):
+    ipautil.run(["/sbin/chkconfig", "--del", service_name])
+
+def restore_context(dirname):
+    """
+    restore security context on the directory
+    SE Linux equivalent is /sbin/restorecon <dirname>
+    """
+    ipautil.run(["/sbin/restorecon", dirname])
+
+class RedHatAuthConfig(ipautil.AuthConfig):
+    """
+    AuthConfig class implements system-independent interface to configure
+    system authentication resources. In Red Hat-produced systems this is done 
with
+    authconfig(8) utility.
+    
+    """
+    S_SHADOW = "shadow"
+    S_MD5    = "md5"
+    S_NIS    = "nis"
+    S_LDAP   = "ldap"
+    S_SSSD   = "sssd"
+    
+    def __build_args(self):
+        args = []
+        for (option, value) in self.parameters.items():
+            if type(value) is bool:
+                if value:
+                    args.append("--enable%s" % (option))
+                else:
+                    args.append("--disable%s" % (option))
+            elif type(value) in (tuple, list):
+                args.append("--%s" % (option))
+                args.append("%s" % (value[0]))
+            elif value is None:
+                args.append("--%s" % (option))
+            else:
+                args.append("--%s%s" % (option,value))
+        return args
+                
+    def execute(self):
+        args = self.__build_args()
+        ipautil.run(["/usr/sbin/authconfig"]+args)
+
+authconfig = RedHatAuthConfig
diff --git a/ipapython/setup.py.in b/ipapython/setup.py.in
index 
d9ee28c5586a9eb468176e101fc133dd45c25fee..df1cacf85b3e6482764e11757cbb63f85c36d0f1
 100644
--- a/ipapython/setup.py.in
+++ b/ipapython/setup.py.in
@@ -65,7 +65,7 @@ def setup_package():
             classifiers=filter(None, CLASSIFIERS.split('\n')),
             platforms = ["Linux", "Solaris", "Unix"],
             package_dir = {'ipapython': ''},
-            packages = [ "ipapython" ],
+            packages = [ "ipapython", "ipapython.platform" ],
         )
     finally:
         del sys.path[0]
diff --git a/ipaserver/install/bindinstance.py 
b/ipaserver/install/bindinstance.py
index 
7aa8a2664dd7b5395c24fefab8b7c1ed0080d35b..6a08a9588a12399ae527e38af253a03b111496b9
 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -607,7 +607,7 @@ class BindInstance(service.Service):
                 pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         if not running is None and running:
             self.start()
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 
3561dc9e43522532bc62a74b85a7c0e3baf7b5d0..f1fbb64646ff39fa6756708b052f555905c4ea17
 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -397,7 +397,7 @@ class CADSInstance(service.Service):
             self.stop(serverid)
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         if not serverid is None:
             # drop the trailing / off the config_dirname so the directory
@@ -1074,7 +1074,7 @@ class CAInstance(service.Service):
 
         enabled = self.restore_state("enabled")
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         try:
             ipautil.run(["/usr/bin/pkiremove", "-pki_instance_root=/var/lib",
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 
1bbcbabe6b57f03e5b45e76f2859a6316fc4ea63..292f10133557fadb09da8273eb6be3b0a950f6a1
 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -481,7 +481,7 @@ class CertDB(object):
         """
         Tell certmonger to track the given certificate nickname.
         """
-        service.chkconfig_on("certmonger")
+        service.service_on("certmonger")
         service.start("certmonger")
         try:
             (stdout, stderr, rc) = certmonger.start_tracking(nickname, 
self.secdir, password_file)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 
99b021590bdd233a1e0c72c91a3e78a34fd2cd65..806a0225c422e9075d199232e654de6fdce903f6
 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -312,8 +312,8 @@ class DsInstance(service.Service):
         self.backup_state("enabled", self.is_enabled())
         # At the end of the installation ipa-server-install will enable the
         # 'ipa' service wich takes care of starting/stopping dirsrv
-        # self.chkconfig_on()
-        self.chkconfig_off()
+        # self.service_on()
+        self.service_off()
 
     def __setup_sub_dict(self):
         server_root = find_server_root()
@@ -645,7 +645,7 @@ class DsInstance(service.Service):
             pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         serverid = self.restore_state("serverid")
         if not serverid is None:
diff --git a/ipaserver/install/httpinstance.py 
b/ipaserver/install/httpinstance.py
index 
d2eb27c96eb2dbf6baf5f1b24edf579cd6d0881a..7ab4d5d369aeb874e74b0ab7aaa610157eb5bea7
 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -259,7 +259,7 @@ class HTTPInstance(service.Service):
         db = certs.CertDB(api.env.realm)
         db.untrack_server_cert("Server-Cert")
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]:
             try:
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 
ecb842772ebe7112b0a4ffbe8593d8fe8c529b0b..a9ca9f7b0279e0b972dc729273bbc5be44342160
 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -575,7 +575,7 @@ class KrbInstance(service.Service):
                 pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         if not running is None and running:
             self.start()
diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py
index 
d85e430b73cd67830fb87eb5451f01e4483229bd..7fc16d495b1651800fc83f847077263ddae56d7b
 100644
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -143,7 +143,7 @@ class NTPInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        self.service_on()
 
     def create_instance(self):
 
@@ -174,7 +174,7 @@ class NTPInstance(service.Service):
             pass
 
         if not enabled is None and not enabled:
-            self.chkconfig_off()
+            self.service_off()
 
         if not running is None and running:
             self.start()
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 
efbb2c9334b4b1267863cb5712cc1f02d7e6cfda..a111a05ef01d0e7dacc6374d55bfdd3f19ea60fd
 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -22,6 +22,7 @@ import os, socket
 import tempfile
 from ipapython import sysrestore
 from ipapython import ipautil
+from ipapython import services as ipaservices
 from ipalib import errors
 import ldap
 from ipaserver import ipaldap
@@ -41,34 +42,34 @@ SERVICE_LIST = {
 }
 
 def stop(service_name, instance_name="", capture_output=True):
-    ipautil.service_stop(service_name, instance_name, capture_output)
+    ipaservices.service_stop(service_name, instance_name, capture_output)
 
 def start(service_name, instance_name="", capture_output=True):
-    ipautil.service_start(service_name, instance_name, capture_output)
+    ipaservices.service_start(service_name, instance_name, capture_output)
 
 def restart(service_name, instance_name="", capture_output=True):
-    ipautil.service_restart(service_name, instance_name, capture_output)
+    ipaservices.service_restart(service_name, instance_name, capture_output)
 
 def is_running(service_name, instance_name=""):
-    return ipautil.service_is_running(service_name, instance_name)
+    return ipaservices.service_is_running(service_name, instance_name)
 
 def is_installed(service_name):
-    return ipautil.service_is_installed(service_name)
+    return ipaservices.service_is_installed(service_name)
 
-def chkconfig_on(service_name):
-    ipautil.chkconfig_on(service_name)
+def service_on(service_name):
+    ipaservices.service_on(service_name)
 
-def chkconfig_off(service_name):
-    ipautil.chkconfig_on(service_name)
+def service_off(service_name):
+    ipaservices.service_on(service_name)
 
-def chkconfig_add(service_name):
-    ipautil.chkconfig_on(service_name)
+def service_add(service_name):
+    ipaservices.service_on(service_name)
 
-def chkconfig_del(service_name):
-    ipautil.chkconfig_on(service_name)
+def service_del(service_name):
+    ipaservices.service_on(service_name)
 
 def is_enabled(service_name):
-    return ipautil.service_is_enabled(service_name)
+    return ipaservices.service_is_enabled(service_name)
 
 def print_msg(message, output_fd=sys.stdout):
     logging.debug(message)
@@ -224,17 +225,17 @@ class Service(object):
     def is_running(self):
         return is_running(self.service_name)
 
-    def chkconfig_add(self):
-        chkconfig_add(self.service_name)
+    def service_add(self):
+        service_add(self.service_name)
 
-    def chkconfig_del(self):
-        chkconfig_del(self.service_name)
+    def service_del(self):
+        service_del(self.service_name)
 
-    def chkconfig_on(self):
-        chkconfig_on(self.service_name)
+    def service_on(self):
+        service_on(self.service_name)
 
-    def chkconfig_off(self):
-        chkconfig_off(self.service_name)
+    def service_off(self):
+        service_off(self.service_name)
 
     def is_enabled(self):
         return is_enabled(self.service_name)
@@ -297,7 +298,7 @@ class Service(object):
         return conn
 
     def ldap_enable(self, name, fqdn, dm_password, ldap_suffix):
-        self.chkconfig_off()
+        self.service_off()
         conn = self.__get_conn(fqdn, dm_password)
 
         entry_name = "cn=%s,cn=%s,%s,%s" % (name, fqdn,
@@ -333,10 +334,10 @@ class SimpleServiceInstance(Service):
         self.restart()
 
     def __enable(self):
-        self.chkconfig_add()
+        self.service_add()
         self.backup_state("enabled", self.is_enabled())
         if self.gensvc_name == None:
-            self.chkconfig_on()
+            self.service_on()
         else:
             self.ldap_enable(self.gensvc_name, self.fqdn,
                              self.dm_password, self.suffix)
@@ -351,5 +352,5 @@ class SimpleServiceInstance(Service):
         if not running is None and not running:
             self.stop()
         if not enabled is None and not enabled:
-            self.chkconfig_off()
-            self.chkconfig_del()
+            self.service_off()
+            self.service_del()
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to