On 06/25/2014 04:59 PM, Tomas Babej wrote:
>
> On 06/25/2014 04:13 PM, Tomas Babej wrote:
>>
>> On 06/25/2014 04:01 PM, Tomas Babej wrote:
>>>
>>> On 06/25/2014 10:48 AM, Petr Viktorin wrote:
>>>> On 06/19/2014 03:52 PM, Tomas Babej wrote:
>>>>>
>>>>> On 06/19/2014 12:52 PM, Tomas Babej wrote:
>>>>>> On 06/18/2014 10:52 AM, Petr Viktorin wrote:
>>>>>>> On 06/17/2014 02:15 PM, Tomas Babej wrote:
>>>>>>>> On 06/17/2014 12:03 PM, Timo Aaltonen wrote:
>>>>>>>>> On 17.06.2014 11:16, Martin Kosek wrote:
>>>>>>>> Attached is a new version of patch 226, and a new patch 228,
>>>>>>>> which moves
>>>>>>>> the paths from installers to the paths module.
>>>>>>> In patch 226, there's another "certificated" typo in
>>>>>>> remove_ca_cert_from_systemwide_ca_store
>>>>>>>
>>>>>>>> I greped the repository, and I do not see many paths lurking
>>>>>>>> around any
>>>>>>>> more, there are only some in the error messages (as these can't be
>>>>>>>> reliably replaced automatically, and will need some manual love).
>>>>>>>>
>>>>>>>> If you see any forgotten paths, which should be added to the
>>>>>>>> module, let
>>>>>>>> me know.
>>>>
>>>> Well, since you asked...
>>>>
>>>> install/tools/ipa-upgradeconfig:236:
>>>> ipautil.run([paths.PKI_SETUP_PROXY, '-pki_instance_root=/var/lib'
>>>> ipaserver/install/cainstance.py:1330: "-pki_instance_root=/var/lib",
>>>>
>>>> ipaserver/install/dsinstance.py:209:InstallLdifFile=
>>>> /var/lib/dirsrv/boot.ldif
>>>> ipaserver/install/dsinstance.py:210:inst_dir=
>>>> /var/lib/dirsrv/scripts-$SERVERID
>>>>
>>>> ipaserver/install/ipa_backup.py:464: '--exclude=/var/lib/ipa/backup',
>>>>
>>>> ipatests/test_integration/tasks.py:451: host.run_command("find
>>>> /var/lib/sss/db -name '*.ldb' | "
>>>>
>>>> install/tools/ipa-replica-conncheck:403:
>>>> "/usr/sbin/ipa-replica-conncheck " +
>>>> install/tools/ipa-replica-conncheck:414:
>>>> print_info("/usr/sbin/ipa-replica-conncheck " + "
>>>> ".join(remote_check_opts))
>>>>
>>>> ipapython/ipautil.py:296: env["PATH"] =
>>>> "/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"
>>>>
>>>> ipaserver/install/cainstance.py:88:ConfigFile =
>>>> /usr/share/pki/ca/conf/database.ldif
>>>>
>>>> ipaserver/install/bindinstance.py:829:
>>>> ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
>>>>
>>>
>>> /me will think twice about teasing nex time.
>>>
>>> This are paths requiring manual changes in one way or the other and
>>> as such cannot be handled by my tool. Let's not stall the patcheset
>>> on this. We can fix these (and surely there are other) as we go along.
>>>
>>>>
>>>> I guess it'll be a while before we catch them all, but now it's at
>>>> least clear where these paths should be, so anyone porting to
>>>> another distro can send patches (or tickets) upstream.
>>>>
>>>>>>> I see another duplicate:
>>>>>>> SSS_KRB5_INCLUDE_D = "/var/lib/sss/pubconf/krb5.include.d"
>>>>>>> SSSD_PUBCONF_KRB5_INCLUDE_D_DIR =
>>>>>>> "/var/lib/sss/pubconf/krb5.include.d/"
>>>>
>>>> Could you just pick one instead? Would ipa_backup.py break if it
>>>> had a trailing slash here?
>>>>
>>>
>>> Yes. I verified it produces the same result with or without trailing
>>> slash, fixed.
>>>
>>>
>>>> In ipa-client-install, if you set:
>>>> NSSWITCH_CONF = paths.NSSWITCH_CONF
>>>> then you should only use one of those later. (Preferably paths.*,
>>>> to get rid of the redundant constants.)
>>>> Perhaps this is for another patch that would clean up all the cases
>>>> where these trivial module variables are used.
>>>>
>>>
>>> I agree. Fixed this occurence.
>>>
>>>>>> Fixed all mentioned issues. I also attached a patch 230, which
>>>>>> removes
>>>>>> the base Authconfig class.
>>>>
>>>>
>>>>> Attaching one additional patch, which removes unnecessary build
>>>>> warnings.
>>>>>
>>>>
>>>> 226, 230, 231 look good
>>>>
>>>
>>> Attaching whole updated patchset.
>>
>> Attaching one more patch which should fix broken CI tests.
>>
>>>
>>> --
>>> Tomas Babej
>>> Associate Software Engineer | Red Hat | Identity Management
>>> RHCE | Brno Site | IRC: tbabej | freeipa.org
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> [email protected]
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> --
>> Tomas Babej
>> Associate Software Engineer | Red Hat | Identity Management
>> RHCE | Brno Site | IRC: tbabej | freeipa.org
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> [email protected]
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> Self-NACK - It seems I omitted one occurence of NSSWITCH_CONF in
> ipa-client-install, fixed now.
>
> Attaching the whole patchset for your convenience.
> --
> Tomas Babej
> Associate Software Engineer | Red Hat | Identity Management
> RHCE | Brno Site | IRC: tbabej | freeipa.org
Attaching a correct patchset this time.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
>From 9c402cb6d6e8abf59284e6a524114253024059b3 Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Thu, 19 Jun 2014 15:09:37 +0200
Subject: [PATCH] ipaplatform: Fix build warnings
The newly created ipaplatform subdirectories base and fedora were
mentioned multiple times in the specfile, which produced build
warnings.
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
freeipa.spec.in | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 5a7ccea65ab37c0ebcbeefbfc103f8df606293df..ae730c369ae3fac868739de62a144cc611b58481 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -838,11 +838,7 @@ fi
%dir %{python_sitelib}/ipalib
%{python_sitelib}/ipalib/*
%dir %{python_sitelib}/ipaplatform
-%dir %{python_sitelib}/ipaplatform/base
-%dir %{python_sitelib}/ipaplatform/fedora
-%{python_sitelib}/ipaplatform/*.py*
-%{python_sitelib}/ipaplatform/base/*.py*
-%{python_sitelib}/ipaplatform/fedora/*.py*
+%{python_sitelib}/ipaplatform/*
%attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
%{python_sitelib}/ipapython-*.egg-info
%{python_sitelib}/freeipa-*.egg-info
--
1.9.3
>From 2fda5e386b9fdf75b6c02fbeedafaeb001d80a74 Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Wed, 25 Jun 2014 16:12:19 +0200
Subject: [PATCH] ipaplatform: Fix misspelled path constant
---
ipatests/test_integration/tasks.py | 2 +-
ipatests/test_integration/test_caless.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ccb0d8693a1e89d95bbeb4c75fc263d0f689cb36..cd8f98306030f46c099a08ca1a558fd10807bfa9 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -219,7 +219,7 @@ def install_replica(master, replica, setup_ca=True):
'--ip-address', replica.ip,
replica.hostname])
replica_bundle = master.get_file_contents(
- paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+ paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
replica_filename = os.path.join(replica.config.test_dir,
'replica-info.gpg')
replica.put_file_contents(replica_filename, replica_bundle)
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index d5382988b0674f7e96d48a53050100e2bb444ae9..28bfae5a239d0e134b83122c059a22674f0f4eca 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -245,7 +245,7 @@ class CALessBase(IntegrationTest):
if result.returncode == 0:
replica_bundle = master.get_file_contents(
- paths.REPLICA_INFO_TEMPLATE_GPG % replica.hostname)
+ paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
replica.put_file_contents(self.get_replica_filename(replica),
replica_bundle)
else:
--
1.9.3
>From 2d5b425e58da9ca705c66d2f5e82fd55d19834d8 Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Thu, 19 Jun 2014 15:09:37 +0200
Subject: [PATCH] ipaplatform: Fix build warnings
The newly created ipaplatform subdirectories base and fedora were
mentioned multiple times in the specfile, which produced build
warnings.
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
freeipa.spec.in | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 5a7ccea65ab37c0ebcbeefbfc103f8df606293df..ae730c369ae3fac868739de62a144cc611b58481 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -838,11 +838,7 @@ fi
%dir %{python_sitelib}/ipalib
%{python_sitelib}/ipalib/*
%dir %{python_sitelib}/ipaplatform
-%dir %{python_sitelib}/ipaplatform/base
-%dir %{python_sitelib}/ipaplatform/fedora
-%{python_sitelib}/ipaplatform/*.py*
-%{python_sitelib}/ipaplatform/base/*.py*
-%{python_sitelib}/ipaplatform/fedora/*.py*
+%{python_sitelib}/ipaplatform/*
%attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
%{python_sitelib}/ipapython-*.egg-info
%{python_sitelib}/freeipa-*.egg-info
--
1.9.3
>From 75b83b2f758eecdb38c87fe85e9b9c718d5c12ff Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Thu, 19 Jun 2014 12:47:46 +0200
Subject: [PATCH] ipaplatform: Drop the base authconfig class
As authconfig is a distro-specific tool there is no incentive for
implying that other platforms should implement any authconfig
implementation of their own.
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
ipaplatform/base/authconfig.py | 102 ---------------------------------------
ipaplatform/fedora/authconfig.py | 38 +++++++++++++--
2 files changed, 34 insertions(+), 106 deletions(-)
delete mode 100644 ipaplatform/base/authconfig.py
diff --git a/ipaplatform/base/authconfig.py b/ipaplatform/base/authconfig.py
deleted file mode 100644
index f3f207be749abcc38dd6d325486f9d5fd9dd56b8..0000000000000000000000000000000000000000
--- a/ipaplatform/base/authconfig.py
+++ /dev/null
@@ -1,102 +0,0 @@
-# Authors:
-# Alexander Bokovoy <[email protected]>
-# Tomas Babej <[email protected]>
-#
-# Copyright (C) 2011-2014 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-class AuthConfig(object):
- """
- AuthConfig class implements system-independent interface to configure
- system authentication resources. In Red Hat systems this is done with
- authconfig(8) utility.
-
- AuthConfig class is nothing more than a tool to gather configuration
- options and execute their processing. These options then converted by
- an actual implementation to series of a system calls to appropriate
- utilities performing real configuration.
-
- IPA *expects* names of AuthConfig's options to follow authconfig(8)
- naming scheme!
-
- Actual implementation should be done in ipapython/platform/<platform>.py
- by inheriting from platform.AuthConfig and redefining build_args()
- and execute() methods.
-
- from ipapython.platform import platform
- class PlatformAuthConfig(platform.AuthConfig):
- def build_args():
- ...
-
- def execute():
- ...
-
- authconfig = PlatformAuthConfig
- ....
-
- See ipapython/platform/redhat.py for a sample implementation that uses
- authconfig(8) as its backend.
-
- From IPA code perspective, the authentication configuration should be
- done with use of ipapython.services.authconfig:
-
- from ipapython import services as ipaservices
- auth_config = ipaservices.authconfig()
- auth_config.disable("ldap")
- auth_config.disable("krb5")
- auth_config.disable("sssd")
- auth_config.disable("sssdauth")
- auth_config.disable("mkhomedir")
- auth_config.add_option("update")
- auth_config.enable("nis")
- auth_config.add_parameter("nisdomain","foobar")
- auth_config.execute()
-
- If you need to re-use existing AuthConfig instance for multiple runs,
- make sure to call 'AuthConfig.reset()' between the runs.
- """
-
- def __init__(self):
- self.parameters = {}
-
- def enable(self, option):
- self.parameters[option] = True
- return self
-
- def disable(self, option):
- self.parameters[option] = False
- return self
-
- def add_option(self, option):
- self.parameters[option] = None
- return self
-
- def add_parameter(self, option, value):
- self.parameters[option] = [value]
- return self
-
- def build_args(self):
- # do nothing
- return None
-
- def execute(self):
- # do nothing
- return None
-
- def reset(self):
- self.parameters = {}
- return self
diff --git a/ipaplatform/fedora/authconfig.py b/ipaplatform/fedora/authconfig.py
index 166a826f756c1050340c0d8826e45c69f4a48716..524d76929bd4c4a29e28539b2e291fde3a083f55 100644
--- a/ipaplatform/fedora/authconfig.py
+++ b/ipaplatform/fedora/authconfig.py
@@ -19,16 +19,46 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipapython import ipautil
-from ipaplatform.base.authconfig import AuthConfig
-class FedoraAuthConfig(AuthConfig):
+class FedoraAuthConfig(object):
"""
AuthConfig class implements system-independent interface to configure
- system authentication resources. In Red Hat-produced systems this is done
- with authconfig(8) utility.
+ system authentication resources. In Red Hat systems this is done with
+ authconfig(8) utility.
+
+ AuthConfig class is nothing more than a tool to gather configuration
+ options and execute their processing. These options then converted by
+ an actual implementation to series of a system calls to appropriate
+ utilities performing real configuration.
+
+ If you need to re-use existing AuthConfig instance for multiple runs,
+ make sure to call 'AuthConfig.reset()' between the runs.
"""
+ def __init__(self):
+ self.parameters = {}
+
+ def enable(self, option):
+ self.parameters[option] = True
+ return self
+
+ def disable(self, option):
+ self.parameters[option] = False
+ return self
+
+ def add_option(self, option):
+ self.parameters[option] = None
+ return self
+
+ def add_parameter(self, option, value):
+ self.parameters[option] = [value]
+ return self
+
+ def reset(self):
+ self.parameters = {}
+ return self
+
def build_args(self):
args = []
--
1.9.3
>From 51981bf73d2bb95c59b533f055a8df20e1dc1fea Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Fri, 13 Jun 2014 16:20:14 +0200
Subject: [PATCH] ipaplatform: Document the platform tasks API
Part of: https://fedorahosted.org/freeipa/ticket/4052
---
ipaplatform/base/tasks.py | 76 ++++++++++++++++++++++++++++++++++++++++++---
ipaplatform/fedora/tasks.py | 2 +-
2 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index b8ebbdfacfd7be0e9c1d334100b77e0b857b2491..67c20f31dc305f14cd3a3a2901fc6d7532a25f26 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -26,44 +26,110 @@ from ipaplatform.paths import paths
class BaseTaskNamespace(object):
- # restore context default implementation that does nothing
+
def restore_context(self, filepath):
+ """
+ Restore SELinux security context on the given filepath.
+
+ No return value expected.
+ """
+
return
- # Default implementation of backup and replace hostname that does nothing
def backup_and_replace_hostname(self, fstore, statestore, hostname):
+ """
+ Backs up the current hostname in the statestore (so that it can be
+ restored by the restore_network_configuration platform task).
+
+ Makes sure that new hostname (passed via hostname argument) is set
+ as a new pemanent hostname for this host.
+
+ No return value expected.
+ """
+
return
def insert_ca_cert_into_systemwide_ca_store(self, path):
+ """
+ Adds the CA certificate located at 'path' to the systemwide CA store
+ (if available on the platform).
+
+ Returns True if the operation succeeded, False otherwise.
+ """
+
return True
def remove_ca_cert_from_systemwide_ca_store(self, path):
+ """
+ Removes the CA certificate located at 'path' from the systemwide CA
+ store (if available on the platform).
+
+ Returns True if the operation succeeded, False otherwise.
+ """
+
return True
def get_svc_list_file(self):
+ """
+ Returns the path to the IPA service list file.
+ """
+
return paths.SVC_LIST_FILE
- # See if SELinux is enabled and /usr/sbin/restorecon is installed.
- # Default to a no-op. Those platforms that support SELinux should
- # implement this function.
def check_selinux_status(self):
+ """
+ Checks if SELinux is available on the platform. If it is, this task
+ also makes sure that restorecon tool is available.
+
+ If SELinux is available, but restorcon tool is not installed, raises
+ an RuntimeError, which suggest installing the package containing
+ restorecon and rerunning the installation.
+ """
+
return
def restore_network_configuration(self, fstore, statestore):
+ """
+ Restores the original hostname as backed up in the
+ backup_and_replace_hostname platform task.
+ """
+
return
def restore_pre_ipa_client_configuration(self, fstore, statestore,
was_sssd_installed,
was_sssd_configured):
+ """
+ Restores the pre-ipa-client configuration that was modified by the
+ following platform tasks:
+ modify_nsswitch_pam_stack
+ modify_pam_to_use_krb5
+ """
+
return
def set_nisdomain(self, nisdomain):
+ """
+ Sets the NIS domain name to 'nisdomain'.
+ """
+
return
def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+ """
+ If sssd flag is true, configure pam and nsswtich so that SSSD is used
+ for retrieving user information and authentication.
+
+ Otherwise, configure pam and nsswitch to leverage pure LDAP.
+ """
+
return
def modify_pam_to_use_krb5(self, statestore):
+ """
+ Configure pam stack to allow kerberos authentication.
+ """
+
return
task_namespace = BaseTaskNamespace()
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py
index c20ecd30142281377f49eb56f92530414d2960a7..e7583f7bd25611ef536b5a38e3ec13e39655dd5c 100644
--- a/ipaplatform/fedora/tasks.py
+++ b/ipaplatform/fedora/tasks.py
@@ -36,7 +36,7 @@ from ipapython import ipautil
from ipaplatform.paths import paths
from ipaplatform.fedora.authconfig import FedoraAuthConfig
-from ipaplatform.base.tasks import *
+from ipaplatform.base.tasks import BaseTaskNamespace
class FedoraTaskNamespace(BaseTaskNamespace):
--
1.9.3
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
