[snip] On 06/19/2013 08:58 PM, Alexander Bokovoy wrote:
As the output is almost usable for cut&paste to run on client machines, may be prefix the description/instructions with #?
[snip]
+1 I think the reason why Tomas did it as root was that he can that autobind to the DS. But he could easily operate in 2 modes, similarly to ipa-ldap-updater and simply just auth wuth GSSAPI when he is not logged as a root. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Providing new version: - no longer requires root access defaultly - headers are printed out as comments Tomas
From d145dd7c26c20335248892507ca0364d8d205c4d Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Mon, 10 Jun 2013 14:43:24 +0200 Subject: [PATCH] Provide ipa-advise tool Provides a pluggable framework for generating configuration scriptlets and instructions for various machine setups and use cases. Creates a new ipa-advise command, available to root user on the IPA server. Also provides an example configuration plugin, config-fedora-authconfig. https://fedorahosted.org/freeipa/ticket/3670 --- freeipa.spec.in | 4 + install/tools/Makefile.am | 1 + install/tools/ipa-advise | 23 ++++ install/tools/man/Makefile.am | 1 + install/tools/man/ipa-advise.1 | 45 ++++++++ ipalib/__init__.py | 7 +- ipalib/frontend.py | 17 +++ ipalib/plugable.py | 2 + ipaserver/advise/__init__.py | 22 ++++ ipaserver/advise/base.py | 144 ++++++++++++++++++++++++++ ipaserver/advise/plugins/__init__.py | 22 ++++ ipaserver/advise/plugins/fedora_authconfig.py | 40 +++++++ make-lint | 2 +- setup.py | 2 + 14 files changed, 329 insertions(+), 3 deletions(-) create mode 100755 install/tools/ipa-advise create mode 100644 install/tools/man/ipa-advise.1 create mode 100644 ipaserver/advise/__init__.py create mode 100644 ipaserver/advise/base.py create mode 100644 ipaserver/advise/plugins/__init__.py create mode 100644 ipaserver/advise/plugins/fedora_authconfig.py diff --git a/freeipa.spec.in b/freeipa.spec.in index 239811ac26aa84e1928cefb9c3adac58326ad9a7..2bd2ca5558d189e7f64f3e575bae53ba64614a5a 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -598,6 +598,7 @@ fi %{_sbindir}/ipactl %{_sbindir}/ipa-upgradeconfig %{_sbindir}/ipa-compliance +%{_sbindir}/ipa-advise %{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit %{_libexecdir}/ipa-otpd %{_sysconfdir}/cron.d/ipa-compliance @@ -614,6 +615,8 @@ fi %dir %{python_sitelib}/ipaserver %dir %{python_sitelib}/ipaserver/install %dir %{python_sitelib}/ipaserver/install/plugins +%dir %{python_sitelib}/ipaserver/advise +%dir %{python_sitelib}/ipaserver/advise/plugins %dir %{python_sitelib}/ipaserver/plugins %dir %{_libdir}/ipa/certmonger %attr(755,root,root) %{_libdir}/ipa/certmonger/* @@ -730,6 +733,7 @@ fi %{_mandir}/man1/ipa-compliance.1.gz %{_mandir}/man1/ipa-backup.1.gz %{_mandir}/man1/ipa-restore.1.gz +%{_mandir}/man1/ipa-advise.1.gz %files server-trust-ad %{_sbindir}/ipa-adtrust-install diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 7c553116cdfdce69e594f9d9a36e6bebcab5f692..13bf1f78ab159b2f57e72a21cc3a9a036826ba27 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -24,6 +24,7 @@ sbin_SCRIPTS = \ ipa-compliance \ ipa-backup \ ipa-restore \ + ipa-advise \ $(NULL) EXTRA_DIST = \ diff --git a/install/tools/ipa-advise b/install/tools/ipa-advise new file mode 100755 index 0000000000000000000000000000000000000000..28a1ce101a5d6581395ad56347946fd6cc36e195 --- /dev/null +++ b/install/tools/ipa-advise @@ -0,0 +1,23 @@ +#! /usr/bin/python -E +# Authors: Tomas Babej <tba...@redhat.com> +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from ipaserver.advise.base import ConfigAdvise + +ConfigAdvise.run_cli() diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am index a1bf076bf7917d309b67cf714f069f41c3496f0e..1fc4362da0e02bcb38873e4e9de49cf589b6fc99 100644 --- a/install/tools/man/Makefile.am +++ b/install/tools/man/Makefile.am @@ -22,6 +22,7 @@ man1_MANS = \ ipa-compliance.1 \ ipa-backup.1 \ ipa-restore.1 \ + ipa-advise.1 \ $(NULL) man8_MANS = \ diff --git a/install/tools/man/ipa-advise.1 b/install/tools/man/ipa-advise.1 new file mode 100644 index 0000000000000000000000000000000000000000..c1e1bcb2fdc5470c8b96ac64e656c19b21acaa72 --- /dev/null +++ b/install/tools/man/ipa-advise.1 @@ -0,0 +1,45 @@ +.\" A man page for ipa-advise +.\" Copyright (C) 2013 Red Hat, Inc. +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation, either version 3 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +.\" General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program. If not, see <http://www.gnu.org/licenses/>. +.\" +.\" Author: Tomas Babej <tba...@redhat.com> +.\" +.TH "ipa-advise" "1" "Jun 10 2013" "FreeIPA" "FreeIPA Manual Pages" +.SH "NAME" +ipa\-advise \- Provide configurations advice for various use cases. +.SH "SYNOPSIS" +ipa\-advise [\fI\-\-list\fR] TOPIC +.SH "DESCRIPTION" +Provides customized advice for various IPA configuration issues. +.SH "OPTIONS" +.TP +\fB\-\-list\fR +Shows up the list of possible advices to offer. +.TP +\fB\-\-v\fR, \fB\-\-verbose\fR +Print debugging information +.TP +\fB\-d\fR, \fB\-\-debug\fR +Alias for \-\-verbose +.TP +\fB\-q\fR, \fB\-\-quiet\fR +Output only errors +.TP +\fB\-\-log\-file\fR=\fIFILE\fR +Log to the given file +.SH "EXIT STATUS" +0 if the command was successful + +1 if an error occurred \ No newline at end of file diff --git a/ipalib/__init__.py b/ipalib/__init__.py index 57f78472172b614f68021aeef2ee6e240c427888..d822ba5956d6afb6ef6d88063f8359926e47016b 100644 --- a/ipalib/__init__.py +++ b/ipalib/__init__.py @@ -882,7 +882,7 @@ freeIPA.org: import os import plugable from backend import Backend -from frontend import Command, LocalOrRemote, Updater +from frontend import Command, LocalOrRemote, Updater, Advice from frontend import Object, Method, Property from crud import Create, Retrieve, Update, Delete, Search from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam, DeprecatedParam @@ -912,9 +912,12 @@ def create_api(mode='dummy'): - `frontend.Property` + - `frontend.Advice` + - `backend.Backend` """ - api = plugable.API(Command, Object, Method, Property, Backend, Updater) + api = plugable.API(Command, Object, Method, Property, Backend, Updater, + Advice) if mode is not None: api.env.mode = mode assert mode != 'production' diff --git a/ipalib/frontend.py b/ipalib/frontend.py index 427f682357579b1abcef5dcc684ef644112df124..194e0065668fa3b6723694cce4ad92d8b352c2ef 100644 --- a/ipalib/frontend.py +++ b/ipalib/frontend.py @@ -1445,3 +1445,20 @@ class Updater(Method): ) return self.execute(**options) + + +class Advice(Plugin): + """ + Base class for advices, plugins for ipa-config-advice. + """ + + def __init__(self): + super(Advice, self).__init__() + + def get_info(self): + """ + This method should be overriden by child Advices. + + Returns a string with instructions. + """ + raise NotImplementedError \ No newline at end of file diff --git a/ipalib/plugable.py b/ipalib/plugable.py index aaa0dea480f092e32815c525751359f056936e3c..25698d8f5bf4a578e4c95cf56ef4ec3e573fa615 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -615,6 +615,8 @@ class API(DictProxy): self.import_plugins('ipaserver') if self.env.context in ('installer', 'updates'): self.import_plugins('ipaserver/install/plugins') + if self.env.context in ('advise'): + self.import_plugins('ipaserver/advise/plugins') # FIXME: This method has no unit test def import_plugins(self, package): diff --git a/ipaserver/advise/__init__.py b/ipaserver/advise/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..4fdade51300db9030dc6b7aa7c6b0e8e77f93439 --- /dev/null +++ b/ipaserver/advise/__init__.py @@ -0,0 +1,22 @@ +# Authors: Tomas Babej <tba...@redhat.com> +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +""" +Base subpackage for ipa-advise related code. +""" diff --git a/ipaserver/advise/base.py b/ipaserver/advise/base.py new file mode 100644 index 0000000000000000000000000000000000000000..3475cb931bdd4364d6f9f9f07980f4adad2fa5cf --- /dev/null +++ b/ipaserver/advise/base.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# Authors: Tomas Babej <tba...@redhat.com> +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from ipalib import api +from ipalib.errors import ValidationError +from ipapython import admintool + +""" +To add configuration instructions for a new use case, define a new class that +inherits from Advice class. + +You should create a plugin file for it in ipaserver/advise/plugins folder. + +The classcan run any arbitrary code or IPA command via api.Command['command']() +calls. It needs to override get_info() method, which returns the formatted +advice string. + +>>> class sample_advice(Advice): +>>> description = 'Instructions for machine with SSSD 1.0 setup.' + +Description provided shows itself as a header and in the list of all advices +currently available via ipa-advise. + +>>>.....def get_info(): +>>> return 'Install newer version of SSSD.' + +Do not forget to register the class to the API. + +>>> api.register(sample_advice) +""" + + +class ConfigAdvise(admintool.AdminTool): + """ + Admin tool that given systems's configuration provides instructions how to + configure the system for the trusts. + """ + + command_name = 'ipa-advise' + usage = "%prog [options]" + description = "Provides configuration advice for various use cases." + + def __init__(self, options, args): + super(ConfigAdvise, self).__init__(options, args) + + @classmethod + def add_options(cls, parser): + super(ConfigAdvise, cls).add_options(parser) + + parser.add_option("--list", dest="list", action="store_true", + default=False, help="Lists all the advices available.") + + def validate_options(self): + super(ConfigAdvise, self).validate_options(needs_root=False) + + if self.args and self.options.list: + raise self.option_parser.error("Option --list and a positional " + "argument cannot be used together.") + + if len(self.args) > 1: + raise self.option_parser.error("You can only provide one " + "positional argument.") + + def log_success(self): + pass + + def print_config_list(self): + self.print_header('List of available advices') + + max_keyword_len = max((len(keyword) for keyword in api.Advice)) + + for keyword in api.Advice: + advice = getattr(api.Advice, keyword, '') + description = getattr(advice, 'description', '') + keyword = keyword.replace('_', '-') + + # Compute the number of spaces needed for the table to be aligned + offset = max_keyword_len - len(keyword) + print(" {key} {off}: {desc}".format(key=keyword, + desc=description, + off=' ' * offset)) + + def print_header(self, header, print_shell=False): + header_size = len(header) + + prefix = '' + if print_shell: + prefix = '# ' + print '#!/bin/sh' + + # Do not print out empty header + if header_size > 0: + print(prefix + '-' * (header_size - len(prefix))) + print(prefix + header) + print(prefix + '-' * (header_size - len(prefix))) + + def print_advice(self, keyword): + advice = getattr(api.Advice, keyword, None) + + # Ensure that Configuration class for given --setup option value exists + if advice is None: + raise ValidationError( + name="setup", + error="No instructions are available for '{con}'. " + "See the list of available configuration " + "advices using the --list option." + .format(con=keyword.replace('_', '-'))) + + # Print out nicely formatted header + self.print_header(advice.description, print_shell=True) + + # Print out the actual advice + print advice.get_info() + + def run(self): + super(ConfigAdvise, self).run() + + api.bootstrap(in_server=False, context='advise') + api.finalize() + + # With --list option, print the list out and exit + if self.options.list or not self.args: + self.print_config_list() + return + else: + keyword = self.args[0].replace('-', '_') + self.print_advice(keyword) diff --git a/ipaserver/advise/plugins/__init__.py b/ipaserver/advise/plugins/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..2d561b41ef321b500526848024f704ce462621fd --- /dev/null +++ b/ipaserver/advise/plugins/__init__.py @@ -0,0 +1,22 @@ +# Authors: Tomas Babej <tba...@redhat.com> +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +""" +Provides a separate api for ipa-advise plugins. +""" diff --git a/ipaserver/advise/plugins/fedora_authconfig.py b/ipaserver/advise/plugins/fedora_authconfig.py new file mode 100644 index 0000000000000000000000000000000000000000..dd818d9562a207b5b153954a6fa6cada1de82c12 --- /dev/null +++ b/ipaserver/advise/plugins/fedora_authconfig.py @@ -0,0 +1,40 @@ +# Authors: Tomas Babej <tba...@redhat.com> +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from ipalib import api +from ipalib.frontend import Advice + + +class config_fedora_authconfig(Advice): + """ + Provides client configuration instructions using authconfig. + """ + + description = 'Authconfig instructions for configuring Fedora 18/19 '\ + 'client with IPA server without use of SSSD.' + + def get_info(self): + template = "/sbin/authconfig --enableldap --ldapserver={server} "\ + "--enablerfc2307bis --enablekrb5" + advice = template.format(server=api.env.host) + + return advice + + +api.register(config_fedora_authconfig) diff --git a/make-lint b/make-lint index 4f3e94afe1441329238af7184c9e67fec74b642b..fd7bea2130b94f07ff3e19f8168f95fa561b50fc 100755 --- a/make-lint +++ b/make-lint @@ -42,7 +42,7 @@ IGNORE_PATHS = ('build', 'rpmbuild', 'dist', 'install/po/test_i18n.py', class IPATypeChecker(TypeChecker): NAMESPACE_ATTRS = ['Command', 'Object', 'Method', 'Property', 'Backend', - 'Updater'] + 'Updater', 'Advice'] LOGGING_ATTRS = ['log', 'debug', 'info', 'warning', 'error', 'exception', 'critical'] diff --git a/setup.py b/setup.py index 04b20e05bb01660e3f3c77a528e7752c690e1fc7..08a14d3a10a46a6087596abf70ecadecd6b68634 100755 --- a/setup.py +++ b/setup.py @@ -79,6 +79,8 @@ setup( 'ipalib', 'ipalib.plugins', 'ipaserver', + 'ipaserver.advise', + 'ipaserver.advise.plugins', 'ipaserver.plugins', 'ipaserver.install', 'ipaserver.install.plugins', -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
