On 06/25/2014 04:13 PM, Tomas Babej wrote:
>
> On 06/25/2014 04:01 PM, Tomas Babej wrote:
>>
>> On 06/25/2014 10:48 AM, Petr Viktorin wrote:
>>> On 06/19/2014 03:52 PM, Tomas Babej wrote:
>>>>
>>>> On 06/19/2014 12:52 PM, Tomas Babej wrote:
>>>>> On 06/18/2014 10:52 AM, Petr Viktorin wrote:
>>>>>> On 06/17/2014 02:15 PM, Tomas Babej wrote:
>>>>>>> On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
>>>>>>>> On 17.06.2014 11:16, Martin Kosek wrote:
>>>>>>> Attached is a new version of patch 226, and a new patch 228,
>>>>>>> which moves
>>>>>>> the paths from installers to the paths module.
>>>>>> In patch 226, there's another "certificated" typo in
>>>>>> remove_ca_cert_from_systemwide_ca_store
>>>>>>
>>>>>>> I greped the repository, and I do not see many paths lurking
>>>>>>> around any
>>>>>>> more, there are only some in the error messages (as these can't be
>>>>>>> reliably replaced automatically, and will need some manual love).
>>>>>>>
>>>>>>> If you see any forgotten paths, which should be added to the
>>>>>>> module, let
>>>>>>> me know.
>>>
>>> Well, since you asked...
>>>
>>> install/tools/ipa-upgradeconfig:236:
>>> ipautil.run([paths.PKI_SETUP_PROXY, '-pki_instance_root=/var/lib'
>>> ipaserver/install/cainstance.py:1330: "-pki_instance_root=/var/lib",
>>>
>>> ipaserver/install/dsinstance.py:209:InstallLdifFile=
>>> /var/lib/dirsrv/boot.ldif
>>> ipaserver/install/dsinstance.py:210:inst_dir=
>>> /var/lib/dirsrv/scripts-$SERVERID
>>>
>>> ipaserver/install/ipa_backup.py:464: '--exclude=/var/lib/ipa/backup',
>>>
>>> ipatests/test_integration/tasks.py:451: host.run_command("find
>>> /var/lib/sss/db -name '*.ldb' | "
>>>
>>> install/tools/ipa-replica-conncheck:403:
>>> "/usr/sbin/ipa-replica-conncheck " +
>>> install/tools/ipa-replica-conncheck:414:
>>> print_info("/usr/sbin/ipa-replica-conncheck " + "
>>> ".join(remote_check_opts))
>>>
>>> ipapython/ipautil.py:296: env["PATH"] =
>>> "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"
>>>
>>> ipaserver/install/cainstance.py:88:ConfigFile =
>>> /usr/share/pki/ca/conf/database.ldif
>>>
>>> ipaserver/install/bindinstance.py:829:
>>> ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
>>>
>>
>> /me will think twice about teasing nex time.
>>
>> This are paths requiring manual changes in one way or the other and
>> as such cannot be handled by my tool. Let's not stall the patcheset
>> on this. We can fix these (and surely there are other) as we go along.
>>
>>>
>>> I guess it'll be a while before we catch them all, but now it's at
>>> least clear where these paths should be, so anyone porting to
>>> another distro can send patches (or tickets) upstream.
>>>
>>>>>> I see another duplicate:
>>>>>> SSS_KRB5_INCLUDE_D = "/var/lib/sss/pubconf/krb5.include.d"
>>>>>> SSSD_PUBCONF_KRB5_INCLUDE_D_DIR =
>>>>>> "/var/lib/sss/pubconf/krb5.include.d/"
>>>
>>> Could you just pick one instead? Would ipa_backup.py break if it had
>>> a trailing slash here?
>>>
>>
>> Yes. I verified it produces the same result with or without trailing
>> slash, fixed.
>>
>>
>>> In ipa-client-install, if you set:
>>> NSSWITCH_CONF = paths.NSSWITCH_CONF
>>> then you should only use one of those later. (Preferably paths.*, to
>>> get rid of the redundant constants.)
>>> Perhaps this is for another patch that would clean up all the cases
>>> where these trivial module variables are used.
>>>
>>
>> I agree. Fixed this occurence.
>>
>>>>> Fixed all mentioned issues. I also attached a patch 230, which
>>>>> removes
>>>>> the base Authconfig class.
>>>
>>>
>>>> Attaching one additional patch, which removes unnecessary build
>>>> warnings.
>>>>
>>>
>>> 226, 230, 231 look good
>>>
>>
>> Attaching whole updated patchset.
>
> Attaching one more patch which should fix broken CI tests.
>
>>
>> --
>> Tomas Babej
>> Associate Software Engineer | Red Hat | Identity Management
>> RHCE | Brno Site | IRC: tbabej | freeipa.org
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> [email protected]
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> --
> Tomas Babej
> Associate Software Engineer | Red Hat | Identity Management
> RHCE | Brno Site | IRC: tbabej | freeipa.org
>
>
> _______________________________________________
> Freeipa-devel mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Self-NACK - It seems I omitted one occurence of NSSWITCH_CONF in
ipa-client-install, fixed now.
Attaching the whole patchset for your convenience.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
>From 5c1cc30a4100ab11fa9a31d478ecb4677edf78dc Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Wed, 25 Jun 2014 16:12:19 +0200
Subject: [PATCH] ipaplatform: Fix misspelled path constant
---
ipatests/test_integration/tasks.py | 2 +-
ipatests/test_integration/test_caless.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ccb0d8693a1e89d95bbeb4c75fc263d0f689cb36..cd8f98306030f46c099a08ca1a558fd10807bfa9 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -219,7 +219,7 @@ def install_replica(master, replica, setup_ca=True):
'--ip-address', replica.ip,
replica.hostname])
replica_bundle = master.get_file_contents(
- paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+ paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
replica_filename = os.path.join(replica.config.test_dir,
'replica-info.gpg')
replica.put_file_contents(replica_filename, replica_bundle)
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index d5382988b0674f7e96d48a53050100e2bb444ae9..28bfae5a239d0e134b83122c059a22674f0f4eca 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -245,7 +245,7 @@ class CALessBase(IntegrationTest):
if result.returncode == 0:
replica_bundle = master.get_file_contents(
- paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+ paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
replica.put_file_contents(self.get_replica_filename(replica),
replica_bundle)
else:
--
1.9.3
>From 2fda5e386b9fdf75b6c02fbeedafaeb001d80a74 Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Wed, 25 Jun 2014 16:12:19 +0200
Subject: [PATCH] ipaplatform: Fix misspelled path constant
---
ipatests/test_integration/tasks.py | 2 +-
ipatests/test_integration/test_caless.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ccb0d8693a1e89d95bbeb4c75fc263d0f689cb36..cd8f98306030f46c099a08ca1a558fd10807bfa9 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -219,7 +219,7 @@ def install_replica(master, replica, setup_ca=True):
'--ip-address', replica.ip,
replica.hostname])
replica_bundle = master.get_file_contents(
- paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+ paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
replica_filename = os.path.join(replica.config.test_dir,
'replica-info.gpg')
replica.put_file_contents(replica_filename, replica_bundle)
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index d5382988b0674f7e96d48a53050100e2bb444ae9..28bfae5a239d0e134b83122c059a22674f0f4eca 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -245,7 +245,7 @@ class CALessBase(IntegrationTest):
if result.returncode == 0:
replica_bundle = master.get_file_contents(
- paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+ paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
replica.put_file_contents(self.get_replica_filename(replica),
replica_bundle)
else:
--
1.9.3
>From 2d5b425e58da9ca705c66d2f5e82fd55d19834d8 Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Thu, 19 Jun 2014 15:09:37 +0200
Subject: [PATCH] ipaplatform: Fix build warnings
The newly created ipaplatform subdirectories base and fedora were
mentioned multiple times in the specfile, which produced build
warnings.
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
freeipa.spec.in | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 5a7ccea65ab37c0ebcbeefbfc103f8df606293df..ae730c369ae3fac868739de62a144cc611b58481 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -838,11 +838,7 @@ fi
%dir %{python_sitelib}/ipalib
%{python_sitelib}/ipalib/*
%dir %{python_sitelib}/ipaplatform
-%dir %{python_sitelib}/ipaplatform/base
-%dir %{python_sitelib}/ipaplatform/fedora
-%{python_sitelib}/ipaplatform/*.py*
-%{python_sitelib}/ipaplatform/base/*.py*
-%{python_sitelib}/ipaplatform/fedora/*.py*
+%{python_sitelib}/ipaplatform/*
%attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
%{python_sitelib}/ipapython-*.egg-info
%{python_sitelib}/freeipa-*.egg-info
--
1.9.3
>From 75b83b2f758eecdb38c87fe85e9b9c718d5c12ff Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Thu, 19 Jun 2014 12:47:46 +0200
Subject: [PATCH] ipaplatform: Drop the base authconfig class
As authconfig is a distro-specific tool there is no incentive for
implying that other platforms should implement any authconfig
implementation of their own.
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
ipaplatform/base/authconfig.py | 102 ---------------------------------------
ipaplatform/fedora/authconfig.py | 38 +++++++++++++--
2 files changed, 34 insertions(+), 106 deletions(-)
delete mode 100644 ipaplatform/base/authconfig.py
diff --git a/ipaplatform/base/authconfig.py b/ipaplatform/base/authconfig.py
deleted file mode 100644
index f3f207be749abcc38dd6d325486f9d5fd9dd56b8..0000000000000000000000000000000000000000
--- a/ipaplatform/base/authconfig.py
+++ /dev/null
@@ -1,102 +0,0 @@
-# Authors:
-# Alexander Bokovoy <[email protected]>
-# Tomas Babej <[email protected]>
-#
-# Copyright (C) 2011-2014 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-class AuthConfig(object):
- """
- AuthConfig class implements system-independent interface to configure
- system authentication resources. In Red Hat systems this is done with
- authconfig(8) utility.
-
- AuthConfig class is nothing more than a tool to gather configuration
- options and execute their processing. These options then converted by
- an actual implementation to series of a system calls to appropriate
- utilities performing real configuration.
-
- IPA *expects* names of AuthConfig's options to follow authconfig(8)
- naming scheme!
-
- Actual implementation should be done in ipapython/platform/<platform>.py
- by inheriting from platform.AuthConfig and redefining build_args()
- and execute() methods.
-
- from ipapython.platform import platform
- class PlatformAuthConfig(platform.AuthConfig):
- def build_args():
- ...
-
- def execute():
- ...
-
- authconfig = PlatformAuthConfig
- ....
-
- See ipapython/platform/redhat.py for a sample implementation that uses
- authconfig(8) as its backend.
-
- From IPA code perspective, the authentication configuration should be
- done with use of ipapython.services.authconfig:
-
- from ipapython import services as ipaservices
- auth_config = ipaservices.authconfig()
- auth_config.disable("ldap")
- auth_config.disable("krb5")
- auth_config.disable("sssd")
- auth_config.disable("sssdauth")
- auth_config.disable("mkhomedir")
- auth_config.add_option("update")
- auth_config.enable("nis")
- auth_config.add_parameter("nisdomain","foobar")
- auth_config.execute()
-
- If you need to re-use existing AuthConfig instance for multiple runs,
- make sure to call 'AuthConfig.reset()' between the runs.
- """
-
- def __init__(self):
- self.parameters = {}
-
- def enable(self, option):
- self.parameters[option] = True
- return self
-
- def disable(self, option):
- self.parameters[option] = False
- return self
-
- def add_option(self, option):
- self.parameters[option] = None
- return self
-
- def add_parameter(self, option, value):
- self.parameters[option] = [value]
- return self
-
- def build_args(self):
- # do nothing
- return None
-
- def execute(self):
- # do nothing
- return None
-
- def reset(self):
- self.parameters = {}
- return self
diff --git a/ipaplatform/fedora/authconfig.py b/ipaplatform/fedora/authconfig.py
index 166a826f756c1050340c0d8826e45c69f4a48716..524d76929bd4c4a29e28539b2e291fde3a083f55 100644
--- a/ipaplatform/fedora/authconfig.py
+++ b/ipaplatform/fedora/authconfig.py
@@ -19,16 +19,46 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipapython import ipautil
-from ipaplatform.base.authconfig import AuthConfig
-class FedoraAuthConfig(AuthConfig):
+class FedoraAuthConfig(object):
"""
AuthConfig class implements system-independent interface to configure
- system authentication resources. In Red Hat-produced systems this is done
- with authconfig(8) utility.
+ system authentication resources. In Red Hat systems this is done with
+ authconfig(8) utility.
+
+ AuthConfig class is nothing more than a tool to gather configuration
+ options and execute their processing. These options then converted by
+ an actual implementation to series of a system calls to appropriate
+ utilities performing real configuration.
+
+ If you need to re-use existing AuthConfig instance for multiple runs,
+ make sure to call 'AuthConfig.reset()' between the runs.
"""
+ def __init__(self):
+ self.parameters = {}
+
+ def enable(self, option):
+ self.parameters[option] = True
+ return self
+
+ def disable(self, option):
+ self.parameters[option] = False
+ return self
+
+ def add_option(self, option):
+ self.parameters[option] = None
+ return self
+
+ def add_parameter(self, option, value):
+ self.parameters[option] = [value]
+ return self
+
+ def reset(self):
+ self.parameters = {}
+ return self
+
def build_args(self):
args = []
--
1.9.3
>From 51981bf73d2bb95c59b533f055a8df20e1dc1fea Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Fri, 13 Jun 2014 16:20:14 +0200
Subject: [PATCH] ipaplatform: Document the platform tasks API
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
ipaplatform/base/tasks.py | 76 ++++++++++++++++++++++++++++++++++++++++++---
ipaplatform/fedora/tasks.py | 2 +-
2 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index b8ebbdfacfd7be0e9c1d334100b77e0b857b2491..67c20f31dc305f14cd3a3a2901fc6d7532a25f26 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -26,44 +26,110 @@ from ipaplatform.paths import paths
class BaseTaskNamespace(object):
- # restore context default implementation that does nothing
+
def restore_context(self, filepath):
+ """
+ Restore SELinux security context on the given filepath.
+
+ No return value expected.
+ """
+
return
- # Default implementation of backup and replace hostname that does nothing
def backup_and_replace_hostname(self, fstore, statestore, hostname):
+ """
+ Backs up the current hostname in the statestore (so that it can be
+ restored by the restore_network_configuration platform task).
+
+ Makes sure that new hostname (passed via hostname argument) is set
+ as a new pemanent hostname for this host.
+
+ No return value expected.
+ """
+
return
def insert_ca_cert_into_systemwide_ca_store(self, path):
+ """
+ Adds the CA certificate located at 'path' to the systemwide CA store
+ (if available on the platform).
+
+ Returns True if the operation succeeded, False otherwise.
+ """
+
return True
def remove_ca_cert_from_systemwide_ca_store(self, path):
+ """
+ Removes the CA certificate located at 'path' from the systemwide CA
+ store (if available on the platform).
+
+ Returns True if the operation succeeded, False otherwise.
+ """
+
return True
def get_svc_list_file(self):
+ """
+ Returns the path to the IPA service list file.
+ """
+
return paths.SVC_LIST_FILE
- # See if SELinux is enabled and /usr/sbin/restorecon is installed.
- # Default to a no-op. Those platforms that support SELinux should
- # implement this function.
def check_selinux_status(self):
+ """
+ Checks if SELinux is available on the platform. If it is, this task
+ also makes sure that restorecon tool is available.
+
+ If SELinux is available, but restorcon tool is not installed, raises
+ an RuntimeError, which suggest installing the package containing
+ restorecon and rerunning the installation.
+ """
+
return
def restore_network_configuration(self, fstore, statestore):
+ """
+ Restores the original hostname as backed up in the
+ backup_and_replace_hostname platform task.
+ """
+
return
def restore_pre_ipa_client_configuration(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
+ """
+ Restores the pre-ipa-client configuration that was modified by the
+ following platform tasks:
+ modify_nsswitch_pam_stack
+ modify_pam_to_use_krb5
+ """
+
return
def set_nisdomain(self, nisdomain):
+ """
+ Sets the NIS domain name to 'nisdomain'.
+ """
+
return
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+ """
+ If sssd flag is true, configure pam and nsswtich so that SSSD is used
+ for retrieving user information and authentication.
+
+ Otherwise, configure pam and nsswitch to leverage pure LDAP.
+ """
+
return
def modify_pam_to_use_krb5(self, statestore):
+ """
+ Configure pam stack to allow kerberos authentication.
+ """
+
return
task_namespace = BaseTaskNamespace()
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py
index c20ecd30142281377f49eb56f92530414d2960a7..e7583f7bd25611ef536b5a38e3ec13e39655dd5c 100644
--- a/ipaplatform/fedora/tasks.py
+++ b/ipaplatform/fedora/tasks.py
@@ -36,7 +36,7 @@ from ipapython import ipautil
from ipaplatform.paths import paths
from ipaplatform.fedora.authconfig import FedoraAuthConfig
-from ipaplatform.base.tasks import *
+from ipaplatform.base.tasks import BaseTaskNamespace
class FedoraTaskNamespace(BaseTaskNamespace):
--
1.9.3
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
