On 06/25/2014 04:13 PM, Tomas Babej wrote:
>
> On 06/25/2014 04:01 PM, Tomas Babej wrote:
>>
>> On 06/25/2014 10:48 AM, Petr Viktorin wrote:
>>> On 06/19/2014 03:52 PM, Tomas Babej wrote:
>>>>
>>>> On 06/19/2014 12:52 PM, Tomas Babej wrote:
>>>>> On 06/18/2014 10:52 AM, Petr Viktorin wrote:
>>>>>> On 06/17/2014 02:15 PM, Tomas Babej wrote:
>>>>>>> On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
>>>>>>>> On 17.06.2014 11:16, Martin Kosek wrote:
>>>>>>> Attached is a new version of patch 226, and a new patch 228,
>>>>>>> which moves
>>>>>>> the paths from installers to the paths module.
>>>>>> In patch 226, there's another "certificated" typo in
>>>>>> remove_ca_cert_from_systemwide_ca_store
>>>>>>
>>>>>>> I greped the repository, and I do not see many paths lurking
>>>>>>> around any
>>>>>>> more, there are only some in the error messages (as these can't be
>>>>>>> reliably replaced automatically, and will need some manual love).
>>>>>>>
>>>>>>> If you see any forgotten paths, which should be added to the
>>>>>>> module, let
>>>>>>> me know.
>>>
>>> Well, since you asked...
>>>
>>> install/tools/ipa-upgradeconfig:236:
>>> ipautil.run([paths.PKI_SETUP_PROXY, '-pki_instance_root=/var/lib'
>>> ipaserver/install/cainstance.py:1330: "-pki_instance_root=/var/lib",
>>>
>>> ipaserver/install/dsinstance.py:209:InstallLdifFile=
>>> /var/lib/dirsrv/boot.ldif
>>> ipaserver/install/dsinstance.py:210:inst_dir=
>>> /var/lib/dirsrv/scripts-$SERVERID
>>>
>>> ipaserver/install/ipa_backup.py:464: '--exclude=/var/lib/ipa/backup',
>>>
>>> ipatests/test_integration/tasks.py:451:    host.run_command("find
>>> /var/lib/sss/db -name '*.ldb' | "
>>>
>>> install/tools/ipa-replica-conncheck:403:
>>> "/usr/sbin/ipa-replica-conncheck " +
>>> install/tools/ipa-replica-conncheck:414:
>>> print_info("/usr/sbin/ipa-replica-conncheck " + "
>>> ".join(remote_check_opts))
>>>
>>> ipapython/ipautil.py:296:        env["PATH"] =
>>> "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"
>>>
>>> ipaserver/install/cainstance.py:88:ConfigFile =
>>> /usr/share/pki/ca/conf/database.ldif
>>>
>>> ipaserver/install/bindinstance.py:829:
>>> ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
>>>
>>
>> /me will think twice about teasing nex time.
>>
>> This are paths requiring manual changes in one way or the other and
>> as such cannot be handled by my tool. Let's not stall the patcheset
>> on this. We can fix these (and surely there are other) as we go along.
>>
>>>
>>> I guess it'll be a while before we catch them all, but now it's at
>>> least clear where these paths should be, so anyone porting to
>>> another distro can send patches (or tickets) upstream.
>>>
>>>>>> I see another duplicate:
>>>>>>      SSS_KRB5_INCLUDE_D = "/var/lib/sss/pubconf/krb5.include.d"
>>>>>>      SSSD_PUBCONF_KRB5_INCLUDE_D_DIR =
>>>>>> "/var/lib/sss/pubconf/krb5.include.d/"
>>>
>>> Could you just pick one instead? Would ipa_backup.py break if it had
>>> a trailing slash here?
>>>
>>
>> Yes. I verified it produces the same result with or without trailing
>> slash, fixed.
>>
>>
>>> In ipa-client-install, if you set:
>>>     NSSWITCH_CONF = paths.NSSWITCH_CONF
>>> then you should only use one of those later. (Preferably paths.*, to
>>> get rid of the redundant constants.)
>>> Perhaps this is for another patch that would clean up all the cases
>>> where these trivial module variables are used.
>>>
>>
>> I agree. Fixed this occurence.
>>
>>>>> Fixed all mentioned issues. I also attached a patch 230, which
>>>>> removes
>>>>> the base Authconfig class.
>>>
>>>
>>>> Attaching one additional patch, which removes unnecessary build
>>>> warnings.
>>>>
>>>
>>> 226, 230, 231 look good
>>>
>>
>> Attaching whole updated patchset.
>
> Attaching one more patch which should fix broken CI tests.
>
>>
>> -- 
>> Tomas Babej
>> Associate Software Engineer | Red Hat | Identity Management
>> RHCE | Brno Site | IRC: tbabej | freeipa.org 
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> -- 
> Tomas Babej
> Associate Software Engineer | Red Hat | Identity Management
> RHCE | Brno Site | IRC: tbabej | freeipa.org 
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Self-NACK - It seems I omitted one occurence of NSSWITCH_CONF in
ipa-client-install, fixed now.

Attaching the whole patchset for your convenience.

-- 
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 

>From 5c1cc30a4100ab11fa9a31d478ecb4677edf78dc Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 25 Jun 2014 16:12:19 +0200
Subject: [PATCH] ipaplatform: Fix misspelled path constant

---
 ipatests/test_integration/tasks.py       | 2 +-
 ipatests/test_integration/test_caless.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ccb0d8693a1e89d95bbeb4c75fc263d0f689cb36..cd8f98306030f46c099a08ca1a558fd10807bfa9 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -219,7 +219,7 @@ def install_replica(master, replica, setup_ca=True):
                         '--ip-address', replica.ip,
                         replica.hostname])
     replica_bundle = master.get_file_contents(
-        paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+        paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
     replica_filename = os.path.join(replica.config.test_dir,
                                     'replica-info.gpg')
     replica.put_file_contents(replica_filename, replica_bundle)
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index d5382988b0674f7e96d48a53050100e2bb444ae9..28bfae5a239d0e134b83122c059a22674f0f4eca 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -245,7 +245,7 @@ class CALessBase(IntegrationTest):
 
         if result.returncode == 0:
             replica_bundle = master.get_file_contents(
-                paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+                paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
             replica.put_file_contents(self.get_replica_filename(replica),
                                       replica_bundle)
         else:
-- 
1.9.3

>From 2fda5e386b9fdf75b6c02fbeedafaeb001d80a74 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 25 Jun 2014 16:12:19 +0200
Subject: [PATCH] ipaplatform: Fix misspelled path constant

---
 ipatests/test_integration/tasks.py       | 2 +-
 ipatests/test_integration/test_caless.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ccb0d8693a1e89d95bbeb4c75fc263d0f689cb36..cd8f98306030f46c099a08ca1a558fd10807bfa9 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -219,7 +219,7 @@ def install_replica(master, replica, setup_ca=True):
                         '--ip-address', replica.ip,
                         replica.hostname])
     replica_bundle = master.get_file_contents(
-        paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+        paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
     replica_filename = os.path.join(replica.config.test_dir,
                                     'replica-info.gpg')
     replica.put_file_contents(replica_filename, replica_bundle)
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index d5382988b0674f7e96d48a53050100e2bb444ae9..28bfae5a239d0e134b83122c059a22674f0f4eca 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -245,7 +245,7 @@ class CALessBase(IntegrationTest):
 
         if result.returncode == 0:
             replica_bundle = master.get_file_contents(
-                paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+                paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
             replica.put_file_contents(self.get_replica_filename(replica),
                                       replica_bundle)
         else:
-- 
1.9.3

>From 2d5b425e58da9ca705c66d2f5e82fd55d19834d8 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 19 Jun 2014 15:09:37 +0200
Subject: [PATCH] ipaplatform: Fix build warnings

The newly created ipaplatform subdirectories base and fedora were
mentioned multiple times in the specfile, which produced build
warnings.

Part of: https://fedorahosted.org/freeipa/ticket/4052
---
 freeipa.spec.in | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 5a7ccea65ab37c0ebcbeefbfc103f8df606293df..ae730c369ae3fac868739de62a144cc611b58481 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -838,11 +838,7 @@ fi
 %dir %{python_sitelib}/ipalib
 %{python_sitelib}/ipalib/*
 %dir %{python_sitelib}/ipaplatform
-%dir %{python_sitelib}/ipaplatform/base
-%dir %{python_sitelib}/ipaplatform/fedora
-%{python_sitelib}/ipaplatform/*.py*
-%{python_sitelib}/ipaplatform/base/*.py*
-%{python_sitelib}/ipaplatform/fedora/*.py*
+%{python_sitelib}/ipaplatform/*
 %attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
 %{python_sitelib}/ipapython-*.egg-info
 %{python_sitelib}/freeipa-*.egg-info
-- 
1.9.3

>From 75b83b2f758eecdb38c87fe85e9b9c718d5c12ff Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 19 Jun 2014 12:47:46 +0200
Subject: [PATCH] ipaplatform: Drop the base authconfig class

As authconfig is a distro-specific tool there is no incentive for
implying that other platforms should implement any authconfig
implementation of their own.

Part of: https://fedorahosted.org/freeipa/ticket/4052
---
 ipaplatform/base/authconfig.py   | 102 ---------------------------------------
 ipaplatform/fedora/authconfig.py |  38 +++++++++++++--
 2 files changed, 34 insertions(+), 106 deletions(-)
 delete mode 100644 ipaplatform/base/authconfig.py

diff --git a/ipaplatform/base/authconfig.py b/ipaplatform/base/authconfig.py
deleted file mode 100644
index f3f207be749abcc38dd6d325486f9d5fd9dd56b8..0000000000000000000000000000000000000000
--- a/ipaplatform/base/authconfig.py
+++ /dev/null
@@ -1,102 +0,0 @@
-# Authors:
-#   Alexander Bokovoy <aboko...@redhat.com>
-#   Tomas Babej <tba...@redhat.com>
-#
-# Copyright (C) 2011-2014  Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-
-class AuthConfig(object):
-    """
-    AuthConfig class implements system-independent interface to configure
-    system authentication resources. In Red Hat systems this is done with
-    authconfig(8) utility.
-
-    AuthConfig class is nothing more than a tool to gather configuration
-    options and execute their processing. These options then converted by
-    an actual implementation to series of a system calls to appropriate
-    utilities performing real configuration.
-
-    IPA *expects* names of AuthConfig's options to follow authconfig(8)
-    naming scheme!
-
-    Actual implementation should be done in ipapython/platform/<platform>.py
-    by inheriting from platform.AuthConfig and redefining build_args()
-    and execute() methods.
-
-    from ipapython.platform import platform
-    class PlatformAuthConfig(platform.AuthConfig):
-        def build_args():
-        ...
-
-        def execute():
-        ...
-
-    authconfig = PlatformAuthConfig
-    ....
-
-    See ipapython/platform/redhat.py for a sample implementation that uses
-    authconfig(8) as its backend.
-
-    From IPA code perspective, the authentication configuration should be
-    done with use of ipapython.services.authconfig:
-
-    from ipapython import services as ipaservices
-    auth_config = ipaservices.authconfig()
-    auth_config.disable("ldap")
-    auth_config.disable("krb5")
-    auth_config.disable("sssd")
-    auth_config.disable("sssdauth")
-    auth_config.disable("mkhomedir")
-    auth_config.add_option("update")
-    auth_config.enable("nis")
-    auth_config.add_parameter("nisdomain","foobar")
-    auth_config.execute()
-
-    If you need to re-use existing AuthConfig instance for multiple runs,
-    make sure to call 'AuthConfig.reset()' between the runs.
-    """
-
-    def __init__(self):
-        self.parameters = {}
-
-    def enable(self, option):
-        self.parameters[option] = True
-        return self
-
-    def disable(self, option):
-        self.parameters[option] = False
-        return self
-
-    def add_option(self, option):
-        self.parameters[option] = None
-        return self
-
-    def add_parameter(self, option, value):
-        self.parameters[option] = [value]
-        return self
-
-    def build_args(self):
-        # do nothing
-        return None
-
-    def execute(self):
-        # do nothing
-        return None
-
-    def reset(self):
-        self.parameters = {}
-        return self
diff --git a/ipaplatform/fedora/authconfig.py b/ipaplatform/fedora/authconfig.py
index 166a826f756c1050340c0d8826e45c69f4a48716..524d76929bd4c4a29e28539b2e291fde3a083f55 100644
--- a/ipaplatform/fedora/authconfig.py
+++ b/ipaplatform/fedora/authconfig.py
@@ -19,16 +19,46 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipapython import ipautil
-from ipaplatform.base.authconfig import AuthConfig
 
 
-class FedoraAuthConfig(AuthConfig):
+class FedoraAuthConfig(object):
     """
     AuthConfig class implements system-independent interface to configure
-    system authentication resources. In Red Hat-produced systems this is done
-    with authconfig(8) utility.
+    system authentication resources. In Red Hat systems this is done with
+    authconfig(8) utility.
+
+    AuthConfig class is nothing more than a tool to gather configuration
+    options and execute their processing. These options then converted by
+    an actual implementation to series of a system calls to appropriate
+    utilities performing real configuration.
+
+    If you need to re-use existing AuthConfig instance for multiple runs,
+    make sure to call 'AuthConfig.reset()' between the runs.
     """
 
+    def __init__(self):
+        self.parameters = {}
+
+    def enable(self, option):
+        self.parameters[option] = True
+        return self
+
+    def disable(self, option):
+        self.parameters[option] = False
+        return self
+
+    def add_option(self, option):
+        self.parameters[option] = None
+        return self
+
+    def add_parameter(self, option, value):
+        self.parameters[option] = [value]
+        return self
+
+    def reset(self):
+        self.parameters = {}
+        return self
+
     def build_args(self):
         args = []
 
-- 
1.9.3

>From 51981bf73d2bb95c59b533f055a8df20e1dc1fea Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Fri, 13 Jun 2014 16:20:14 +0200
Subject: [PATCH] ipaplatform: Document the platform tasks API

Part of: https://fedorahosted.org/freeipa/ticket/4052
---
 ipaplatform/base/tasks.py   | 76 ++++++++++++++++++++++++++++++++++++++++++---
 ipaplatform/fedora/tasks.py |  2 +-
 2 files changed, 72 insertions(+), 6 deletions(-)

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index b8ebbdfacfd7be0e9c1d334100b77e0b857b2491..67c20f31dc305f14cd3a3a2901fc6d7532a25f26 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -26,44 +26,110 @@ from ipaplatform.paths import paths
 
 
 class BaseTaskNamespace(object):
-    # restore context default implementation  that does nothing
+
     def restore_context(self, filepath):
+        """
+        Restore SELinux security context on the given filepath.
+
+        No return value expected.
+        """
+
         return
 
-    # Default implementation of backup and replace hostname that does nothing
     def backup_and_replace_hostname(self, fstore, statestore, hostname):
+        """
+        Backs up the current hostname in the statestore (so that it can be
+        restored by the restore_network_configuration platform task).
+
+        Makes sure that new hostname (passed via hostname argument) is set
+        as a new pemanent hostname for this host.
+
+        No return value expected.
+        """
+
         return
 
     def insert_ca_cert_into_systemwide_ca_store(self, path):
+        """
+        Adds the CA certificate located at 'path' to the systemwide CA store
+        (if available on the platform).
+
+        Returns True if the operation succeeded, False otherwise.
+        """
+
         return True
 
     def remove_ca_cert_from_systemwide_ca_store(self, path):
+        """
+        Removes the CA certificate located at 'path' from the systemwide CA
+        store (if available on the platform).
+
+        Returns True if the operation succeeded, False otherwise.
+        """
+
         return True
 
     def get_svc_list_file(self):
+        """
+        Returns the path to the IPA service list file.
+        """
+
         return paths.SVC_LIST_FILE
 
-    # See if SELinux is enabled and /usr/sbin/restorecon is installed.
-    # Default to a no-op. Those platforms that support SELinux should
-    # implement this function.
     def check_selinux_status(self):
+        """
+        Checks if SELinux is available on the platform. If it is, this task
+        also makes sure that restorecon tool is available.
+
+        If SELinux is available, but restorcon tool is not installed, raises
+        an RuntimeError, which suggest installing the package containing
+        restorecon and rerunning the installation.
+        """
+
         return
 
     def restore_network_configuration(self, fstore, statestore):
+        """
+        Restores the original hostname as backed up in the
+        backup_and_replace_hostname platform task.
+        """
+
         return
 
     def restore_pre_ipa_client_configuration(self, fstore, statestore,
                                              was_sssd_installed,
                                              was_sssd_configured):
+        """
+        Restores the pre-ipa-client configuration that was modified by the
+        following platform tasks:
+            modify_nsswitch_pam_stack
+            modify_pam_to_use_krb5
+        """
+
         return
 
     def set_nisdomain(self, nisdomain):
+        """
+        Sets the NIS domain name to 'nisdomain'.
+        """
+
         return
 
     def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+        """
+        If sssd flag is true, configure pam and nsswtich so that SSSD is used
+        for retrieving user information and authentication.
+
+        Otherwise, configure pam and nsswitch to leverage pure LDAP.
+        """
+
         return
 
     def modify_pam_to_use_krb5(self, statestore):
+        """
+        Configure pam stack to allow kerberos authentication.
+        """
+
         return
 
 task_namespace = BaseTaskNamespace()
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py
index c20ecd30142281377f49eb56f92530414d2960a7..e7583f7bd25611ef536b5a38e3ec13e39655dd5c 100644
--- a/ipaplatform/fedora/tasks.py
+++ b/ipaplatform/fedora/tasks.py
@@ -36,7 +36,7 @@ from ipapython import ipautil
 
 from ipaplatform.paths import paths
 from ipaplatform.fedora.authconfig import FedoraAuthConfig
-from ipaplatform.base.tasks import *
+from ipaplatform.base.tasks import BaseTaskNamespace
 
 
 class FedoraTaskNamespace(BaseTaskNamespace):
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to