On 09/30/2014 05:13 AM, Gabe Alford wrote:
Updated patch to fix merge conflicts from recent changes.

On Wed, Sep 24, 2014 at 8:34 PM, Gabe Alford <redhatri...@gmail.com
<mailto:redhatri...@gmail.com>> wrote:

    Hello,

    Patch for https://fedorahosted.org/freeipa/ticket/4399. Let me know
    if I missed any.

    Thanks,

    Gabe

Thanks for the patch, and sorry for the delay!

ipaserver/tools/ipa-upgradeconfig:
The `filename` and `ca_file` aren't module-level constants; I think in this case they improve readability.
The ticket calls for removing module-level lines like:
    NSSWITCH_CONF = paths.NSSWITCH_CONF
which are just silly, but assigning a name locally to a global constant is a valid thing to do -- even if the local name just says "the file we're working on now".


-        ca_file = paths.ALIAS_CACERT_ASC
-        if os.path.exists(ca_file):
+        if os.path.exists(paths.SYSCONFIG_HTTPD):

Whoops!


install/wsgi/plugins.py:

-PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR
-
[...]
-    if not os.path.isdir(PLUGINS_DIR):
+    if not os.path.isdir(paths.IPA_CA_CSR):

Whoops too!


ipaplatform/fedora/tasks.py:
ipa-client/ipa-install/ipa-client-install:
ipaserver/install/dsinstance.py:
ipaserver/install/httpinstance.py:
Again, I'd not change the target_fname, filepath.


ipapython/sysrestore.py:
Again, `SYSRESTORE_PATH` describes better what we do with `paths.TMP`, so I'd prefer keeping it.


ipaserver/install/adtrustinstance.py:
I don't think we want to convert the self.* to constants.


ipaserver/install/certs.py:
I'd leave NSS_DIR as it is, rather than lose the comment.


ipapython/ipautil.py:
ipaserver/install/ldapupdate.py:
ipalib/session.py:
ipaserver/install/bindinstance.py:
SHARE_DIR, UPDATES_DIR, and krbccache_dir, NAMED_CONF (respectively) need to stay, unless you also replace them in everything that uses them.

Be sure to run make-lint after doing these changes.


I've rebased, and I made some of the changes as I went along the review. You can base another revision on the attached patch.

--
PetrĀ³

From a04e19cfd767fa5a994030a6ecf0b3f74fcaa903 Mon Sep 17 00:00:00 2001
From: Gabe <redhatri...@gmail.com>
Date: Mon, 29 Sep 2014 17:23:25 -0600
Subject: [PATCH] Remove trivial path constants from modules

https://fedorahosted.org/freeipa/ticket/4399
---
 .../certmonger/dogtag-ipa-ca-renew-agent-submit    |  8 ++-
 install/tools/ipa-adtrust-install                  |  8 ++-
 install/tools/ipa-ca-install                       |  5 +-
 install/tools/ipa-dns-install                      |  8 ++-
 install/tools/ipa-replica-conncheck                |  9 ++--
 install/tools/ipa-replica-install                  |  6 +--
 install/tools/ipa-server-install                   | 39 ++++++--------
 install/tools/ipa-upgradeconfig                    | 30 +++++------
 install/wsgi/plugins.py                            |  6 +--
 ipa-client/ipa-install/ipa-client-automount        | 62 ++++++++++------------
 ipa-client/ipa-install/ipa-client-install          | 37 ++++++-------
 ipa-client/ipaclient/ntpconf.py                    | 28 +++++-----
 ipalib/session.py                                  |  4 +-
 ipaplatform/fedora/tasks.py                        |  6 +--
 ipapython/certmonger.py                            |  8 +--
 ipapython/ipautil.py                               |  1 -
 ipaserver/dcerpc.py                                |  3 +-
 ipaserver/install/adtrustinstance.py               |  3 +-
 ipaserver/install/bindinstance.py                  | 23 ++++----
 ipaserver/install/dsinstance.py                    |  9 ++--
 ipaserver/install/ipa_backup.py                    |  7 +--
 ipaserver/install/ipa_replica_prepare.py           | 15 +++---
 ipaserver/install/ipa_restore.py                   |  3 +-
 ipaserver/install/sysupgrade.py                    |  5 +-
 ipaserver/install/upgradeinstance.py               |  5 +-
 ipaserver/rpcserver.py                             |  5 +-
 26 files changed, 140 insertions(+), 203 deletions(-)

diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 4f0b78accac6840471f8b2e9f17288b3b4e82105..942ffec65d7b041fc6f9d3b2c19d3596fae79d31 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -71,8 +71,7 @@ def request_cert():
     syslog.syslog(syslog.LOG_NOTICE,
                   "Forwarding request to dogtag-ipa-renew-agent")
 
-    path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT
-    args = [path] + sys.argv[1:]
+    args = [paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT] + sys.argv[1:]
     stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ)
     sys.stderr.write(stderr)
     sys.stderr.flush()
@@ -282,12 +281,11 @@ def export_csr():
     if not cert:
         return (REJECTED, "New certificate requests not supported")
 
-    csr_file = paths.IPA_CA_CSR
     try:
-        with open(csr_file, 'wb') as f:
+        with open(paths.IPA_CA_CSR, 'wb') as f:
             f.write(csr)
     except Exception, e:
-        return (UNREACHABLE, "Failed to write %s: %s" % (csr_file, e))
+        return (UNREACHABLE, "Failed to write %s: %s" % (paths.IPA_CA_CSR, e))
 
     return (ISSUED, cert)
 
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 6e55bbe3e57f1c609398dc571e90cb8677d91a33..aabd695b8c63856875a5daa2a3b2aef70980973d 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -33,8 +33,6 @@ from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 
-log_file_name = paths.IPASERVER_INSTALL_LOG
-
 def parse_options():
     parser = IPAOptionParser(version=version.VERSION)
     parser.add_option("-d", "--debug", dest="debug", action="store_true",
@@ -213,8 +211,8 @@ def main():
     if os.getegid() != 0:
         sys.exit("Must be root to setup AD trusts on server")
 
-    standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
-    print "\nThe log file for this installation can be found in %s" % log_file_name
+    standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug, filemode='a')
+    print "\nThe log file for this installation can be found in %s" % paths.IPASERVER_INSTALL_LOG
 
     root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
     root_logger.debug("missing options might be asked for interactively later\n")
@@ -452,5 +450,5 @@ information"""
     return 0
 
 if __name__ == '__main__':
-    run_script(main, log_file_name=log_file_name,
+    run_script(main, log_file_name=paths.IPASERVER_INSTALL_LOG,
             operation_name='ipa-adtrust-install')
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index c984bf4778403f1a152afed2df567c8399e65809..9cdb06fccbb04e19008e550a3c8cd9f07891e417 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -43,7 +43,6 @@ from ipapython.ipa_log_manager import *
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-log_file_name = paths.IPAREPLICA_CA_INSTALL_LOG
 REPLICA_INFO_TOP_DIR = None
 
 def parse_options():
@@ -116,7 +115,7 @@ def install_dns_records(config, options):
 
 
 def install_replica(safe_options, options, filename):
-    standard_logging_setup(log_file_name, debug=options.debug)
+    standard_logging_setup(paths.IPAREPLICA_CA_INSTALL_LOG, debug=options.debug)
 
     root_logger.debug('%s was invoked with argument "%s" and options: %s',
         sys.argv[0], filename, safe_options)
@@ -388,7 +387,7 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
 if __name__ == '__main__':
     try:
         with private_ccache():
-            installutils.run_script(main, log_file_name=log_file_name,
+            installutils.run_script(main, log_file_name=paths.IPAREPLICA_CA_INSTALL_LOG,
                                     operation_name='ipa-ca-install',
                                     fail_message=fail_message)
     finally:
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index ae60f211ab65fb2fddba437d4352f7fbd5ab6f8b..38834cb79f1d8f15a0e2444ca2fca2c25effc5c5 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -34,8 +34,6 @@ from ipapython.config import IPAOptionParser
 from ipapython.ipa_log_manager import standard_logging_setup, root_logger
 from ipapython.ipautil import DN
 
-log_file_name = paths.IPASERVER_INSTALL_LOG
-
 def parse_options():
     parser = IPAOptionParser(version=version.VERSION)
     parser.add_option("-p", "--ds-password", dest="dm_password",
@@ -80,8 +78,8 @@ def main():
     if os.getegid() != 0:
         sys.exit("Must be root to setup server")
 
-    standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
-    print "\nThe log file for this installation can be found in %s" % log_file_name
+    standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug, filemode='a')
+    print "\nThe log file for this installation can be found in %s" % paths.IPASERVER_INSTALL_LOG
 
     root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
     root_logger.debug("missing options might be asked for interactively later\n")
@@ -191,5 +189,5 @@ def main():
 
 if __name__ == '__main__':
     with private_ccache():
-        installutils.run_script(main, log_file_name=log_file_name,
+        installutils.run_script(main, log_file_name=paths.IPASERVER_INSTALL_LOG,
             operation_name='ipa-dns-install')
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 88e42bafbc600fb7c36b7727c770e75edccd2196..349d6fd83fc1a0f4c3ed026b11c7500af5e526fb 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -42,7 +42,6 @@ from ipaplatform.paths import paths
 CONNECT_TIMEOUT = 5
 RESPONDERS = [ ]
 QUIET = False
-CCACHE_FILE = paths.CONNCHECK_CCACHE
 KRB5_CONFIG = None
 
 class SshExec(object):
@@ -67,7 +66,7 @@ class SshExec(object):
         if verbose:
             cmd.insert(1, '-v')
 
-        env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME': CCACHE_FILE}
+        env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME': paths.CONNCHECK_CCACHE}
         return ipautil.run(cmd, env=env, raiseonerr=False)
 
 
@@ -374,7 +373,7 @@ def main():
 
             stderr=''
             (stdout, stderr, returncode) = ipautil.run([paths.KINIT, principal],
-                 env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE},
+                 env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':paths.CONNCHECK_CCACHE},
                  stdin=password, raiseonerr=False)
             if returncode != 0:
                 raise RuntimeError("Cannot acquire Kerberos ticket: %s" % stderr)
@@ -383,7 +382,7 @@ def main():
             stderr=''
             (stdout, stderr, returncode) = ipautil.run([paths.BIN_KVNO,
                  'host/%s' % options.master],
-                 env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE},
+                 env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':paths.CONNCHECK_CCACHE},
                  raiseonerr=False)
             if returncode != 0:
                 raise RuntimeError("Could not get ticket for master server: %s" % stderr)
@@ -427,7 +426,7 @@ if __name__ == "__main__":
         sys.exit(e)
     finally:
         clean_responders(RESPONDERS)
-        for file_name in (CCACHE_FILE, KRB5_CONFIG):
+        for file_name in (paths.CONNCHECK_CCACHE, KRB5_CONFIG):
             if file_name:
                 try:
                     os.remove(file_name)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 74781d00d5432ae352bf01b3da834846a4cd5016..4e439f8058dd3a30b781801e6c102c4389bed7a7 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -54,7 +54,6 @@ from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-log_file_name = paths.IPAREPLICA_INSTALL_LOG
 DIRMAN_DN = DN(('cn', 'directory manager'))
 REPLICA_INFO_TOP_DIR = None
 
@@ -447,7 +446,7 @@ def main():
     if os.geteuid() != 0:
         sys.exit("\nYou must be root to run this script.\n")
 
-    standard_logging_setup(log_file_name, debug=options.debug)
+    standard_logging_setup(paths.IPAREPLICA_INSTALL_LOG, debug=options.debug)
     root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
     root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
 
@@ -750,7 +749,8 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
 if __name__ == '__main__':
     try:
         with private_ccache():
-            installutils.run_script(main, log_file_name=log_file_name,
+            installutils.run_script(main,
+                    log_file_name=paths.IPAREPLICA_INSTALL_LOG,
                     operation_name='ipa-replica-install',
                     fail_message=fail_message)
     finally:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 89d73304fbf7797c73f4f6251ff96c17a761d8af..9dcebf1f0370ad8269b627caf170bc0b283d3e9e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -92,8 +92,6 @@ VALID_SUBJECT_ATTRS = ['st', 'o', 'ou', 'dnqualifier', 'c',
                        'incorporationlocality', 'incorporationstate',
                        'incorporationcountry', 'businesscategory']
 
-SYSRESTORE_DIR_PATH = paths.SYSRESTORE
-
 def subject_callback(option, opt_str, value, parser):
     """
     Make sure the certificate subject base is a valid DN
@@ -401,31 +399,29 @@ def signal_handler(signum, frame):
             dsinstance.erase_ds_instance_data (ds.serverid)
     sys.exit(1)
 
-ANSWER_CACHE = paths.ROOT_IPA_CACHE
-
 def read_cache(dm_password):
     """
     Returns a dict of cached answers or empty dict if no cache file exists.
     """
-    if not ipautil.file_exists(ANSWER_CACHE):
+    if not ipautil.file_exists(paths.ROOT_IPA_CACHE):
         return {}
 
     top_dir = tempfile.mkdtemp("ipa")
     fname = "%s/cache" % top_dir
     try:
-        decrypt_file(ANSWER_CACHE, fname, dm_password, top_dir)
+        decrypt_file(paths.ROOT_IPA_CACHE, fname, dm_password, top_dir)
     except Exception, e:
         shutil.rmtree(top_dir)
-        raise Exception("Decryption of answer cache in %s failed, please check your password." % ANSWER_CACHE)
+        raise Exception("Decryption of answer cache in %s failed, please check your password." % paths.ROOT_IPA_CACHE)
 
     try:
         with open(fname, 'rb') as f:
             try:
                 optdict = pickle.load(f)
             except Exception, e:
-                raise Exception("Parse error in %s: %s" % (ANSWER_CACHE, str(e)))
+                raise Exception("Parse error in %s: %s" % (paths.ROOT_IPA_CACHE, str(e)))
     except IOError, e:
-        raise Exception("Read error in %s: %s" % (ANSWER_CACHE, str(e)))
+        raise Exception("Read error in %s: %s" % (paths.ROOT_IPA_CACHE, str(e)))
     finally:
         shutil.rmtree(top_dir)
 
@@ -446,7 +442,7 @@ def write_cache(options):
     try:
         with open(fname, 'wb') as f:
             pickle.dump(options, f)
-        ipautil.encrypt_file(fname, ANSWER_CACHE, options['dm_password'], top_dir)
+        ipautil.encrypt_file(fname, paths.ROOT_IPA_CACHE, options['dm_password'], top_dir)
     except IOError, e:
         raise Exception("Unable to cache command-line options %s" % str(e))
     finally:
@@ -583,7 +579,7 @@ def uninstall():
     tasks.restore_network_configuration(fstore, sstore)
     fstore.restore_all_files()
     try:
-        os.remove(ANSWER_CACHE)
+        os.remove(paths.ROOT_IPA_CACHE)
     except Exception:
         pass
     try:
@@ -608,11 +604,11 @@ def uninstall():
     sysupgrade.remove_upgrade_file()
 
     if fstore.has_files():
-        root_logger.error('Some files have not been restored, see %s/sysrestore.index' % SYSRESTORE_DIR_PATH)
+        root_logger.error('Some files have not been restored, see %s/sysrestore.index' % paths.SYSRESTORE)
     has_state = False
     for module in IPA_MODULES: # from installutils
         if sstore.has_state(module):
-            root_logger.error('Some installation state for %s has not been restored, see %s/sysrestore.state' % (module, SYSRESTORE_DIR_PATH))
+            root_logger.error('Some installation state for %s has not been restored, see %s/sysrestore.state' % (module, paths.SYSRESTORE))
             has_state = True
             rv = 1
 
@@ -620,7 +616,7 @@ def uninstall():
         root_logger.error('Some installation state has not been restored.\n'
                           'This may cause re-installation to fail.\n'
                           'It should be safe to remove %s/sysrestore.state but it may\n'
-                          'mean your system hasn\'t be restored to its pre-installation state.' % SYSRESTORE_DIR_PATH)
+                          'mean your system hasn\'t be restored to its pre-installation state.' % paths.SYSRESTORE)
 
     # Note that this name will be wrong after the first uninstall.
     dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm))
@@ -690,9 +686,9 @@ def main():
     root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
 
     global fstore
-    fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH)
+    fstore = sysrestore.FileStore(paths.SYSRESTORE)
     global sstore
-    sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH)
+    sstore = sysrestore.StateFile(paths.SYSRESTORE)
 
     # Configuration for ipalib, we will bootstrap and finalize later, after
     # we are sure we have the configuration file ready.
@@ -782,7 +778,7 @@ def main():
             sys.exit(1)
 
     # This will override any settings passed in on the cmdline
-    if ipautil.file_exists(ANSWER_CACHE):
+    if ipautil.file_exists(paths.ROOT_IPA_CACHE):
         if options.dm_password is not None:
             dm_password = options.dm_password
         else:
@@ -1066,8 +1062,7 @@ def main():
     installation_cleanup = False
 
     # Create the management framework config file and finalize api
-    target_fname = paths.IPA_DEFAULT_CONF
-    fd = open(target_fname, "w")
+    fd = open(paths.IPA_DEFAULT_CONF, "w")
     fd.write("[global]\n")
     fd.write("host=%s\n" % host_name)
     fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name))
@@ -1088,7 +1083,7 @@ def main():
     fd.close()
 
     # Must be readable for everyone
-    os.chmod(target_fname, 0644)
+    os.chmod(paths.IPA_DEFAULT_CONF, 0644)
 
     api.bootstrap(**cfg)
     api.finalize()
@@ -1343,8 +1338,8 @@ def main():
         print "In order for Firefox autoconfiguration to work you will need to"
         print "use a SSL signing certificate. See the IPA documentation for more details."
 
-    if ipautil.file_exists(ANSWER_CACHE):
-        os.remove(ANSWER_CACHE)
+    if ipautil.file_exists(paths.ROOT_IPA_CACHE):
+        os.remove(paths.ROOT_IPA_CACHE)
     return 0
 
 if __name__ == '__main__':
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3914eb59066b515d33bebc19ca5afb4f50548bb2..a812f9864f1ef15ac1255071f2fd94861fed989f 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -115,20 +115,18 @@ def update_conf(sub_dict, filename, template_filename):
 
 def find_hostname():
     """Find the hostname currently configured in ipa-rewrite.conf"""
-    filename=paths.HTTPD_IPA_REWRITE_CONF
-
-    if not ipautil.file_exists(filename):
+    if not ipautil.file_exists(paths.HTTPD_IPA_REWRITE_CONF):
         return None
 
     pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*"
     p = re.compile(pattern)
-    for line in fileinput.input(filename):
+    for line in fileinput.input(paths.HTTPD_IPA_REWRITE_CONF):
         if p.search(line):
             fileinput.close()
             return p.search(line).group(1)
     fileinput.close()
 
-    raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename)
+    raise RuntimeError("Unable to determine the fully qualified hostname from %s" % paths.HTTPD_IPA_REWRITE_CONF)
 
 def find_autoredirect(fqdn):
     """
@@ -138,11 +136,10 @@ def find_autoredirect(fqdn):
 
     Returns True if autoredirect is enabled, False otherwise
     """
-    filename = paths.HTTPD_IPA_REWRITE_CONF
-    if os.path.exists(filename):
+    if os.path.exists(paths.HTTPD_IPA_REWRITE_CONF):
         pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn
         p = re.compile(pattern)
-        for line in fileinput.input(filename):
+        for line in fileinput.input(paths.HTTPD_IPA_REWRITE_CONF):
             if p.search(line):
                 fileinput.close()
                 return True
@@ -202,11 +199,10 @@ def check_certs():
     """Check ca.crt is in the right place, and try to fix if not"""
     root_logger.info('[Verifying that root certificate is published]')
     if not os.path.exists(paths.CA_CRT):
-        ca_file = paths.ALIAS_CACERT_ASC
-        if os.path.exists(ca_file):
+        if os.path.exists(paths.ALIAS_CACERT_ASC):
             old_umask = os.umask(022)   # make sure its readable by httpd
             try:
-                shutil.copyfile(ca_file, paths.CA_CRT)
+                shutil.copyfile(paths.ALIAS_CACERT_ASC, paths.CA_CRT)
             finally:
                 os.umask(old_umask)
         else:
@@ -731,11 +727,10 @@ def certificate_renewal_update(ca):
 
     if not sysupgrade.get_upgrade_state('dogtag',
                                         'certificate_renewal_update_1'):
-        filename = paths.CERTMONGER_CAS_CA_RENEWAL
-        if os.path.exists(filename):
+        if os.path.exists(paths.CERTMONGER_CAS_CA_RENEWAL):
             with installutils.stopped_service('certmonger'):
-                root_logger.info("Removing %s" % filename)
-                installutils.remove_file(filename)
+                root_logger.info("Removing %s" % paths.CERTMONGER_CAS_CA_RENEWAL)
+                installutils.remove_file(paths.CERTMONGER_CAS_CA_RENEWAL)
 
     ca.configure_certmonger_renewal()
     ca.configure_renewal()
@@ -1112,11 +1107,10 @@ def main():
     update_dbmodules(api.env.realm)
     uninstall_ipa_kpasswd()
 
-    removed_sysconfig_file = paths.SYSCONFIG_HTTPD
-    if fstore.has_file(removed_sysconfig_file):
+    if fstore.has_file(paths.SYSCONFIG_HTTPD):
         root_logger.info('Restoring %s as it is no longer required',
             removed_sysconfig_file)
-        fstore.restore_file(removed_sysconfig_file)
+        fstore.restore_file(paths.SYSCONFIG_HTTPD)
 
     http = httpinstance.HTTPInstance(fstore)
     http.remove_httpd_ccache()
diff --git a/install/wsgi/plugins.py b/install/wsgi/plugins.py
index 82b35eb438f7915e0672cbc116fa8344a2704bf4..64df08765d6ef9f2915282f6594902e0cbe05ea1 100644
--- a/install/wsgi/plugins.py
+++ b/install/wsgi/plugins.py
@@ -25,14 +25,12 @@
 from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import root_logger
 
-PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR
-
 def get_plugin_index():
 
-    if not os.path.isdir(PLUGINS_DIR):
+    if not os.path.isdir(paths.IPA_JS_PLUGINS_DIR):
         raise Exception("Supplied plugin directory path is not a directory")
 
-    dirs = os.listdir(PLUGINS_DIR)
+    dirs = os.listdir(paths.IPA_JS_PLUGINS_DIR)
     index = 'define([],function(){return['
     index += ','.join("'"+x+"'" for x in dirs)
     index += '];});'
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index 110e0ba13287e8c3061864b2e6c7b27d0ca83a6c..a275284b2d03fedf448e8e86984e0d279c102d54 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -41,12 +41,6 @@ from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-AUTOFS_CONF = paths.SYSCONFIG_AUTOFS
-NSSWITCH_CONF = paths.NSSWITCH_CONF
-AUTOFS_LDAP_AUTH = paths.AUTOFS_LDAP_AUTH_CONF
-NFS_CONF = paths.SYSCONFIG_NFS
-IDMAPD_CONF = paths.IDMAPD_CONF
-
 def parse_options():
     usage = "%prog [options]\n"
     parser = OptionParser(usage=usage)
@@ -96,10 +90,10 @@ def wait_for_sssd():
 def configure_xml(fstore):
     from lxml import etree
 
-    fstore.backup_file(AUTOFS_LDAP_AUTH)
+    fstore.backup_file(paths.AUTOFS_LDAP_AUTH_CONF)
 
     try:
-        f = open(AUTOFS_LDAP_AUTH, 'r')
+        f = open(paths.AUTOFS_LDAP_AUTH_CONF, 'r')
         lines = f.read()
         f.close()
 
@@ -113,7 +107,7 @@ def configure_xml(fstore):
         root = element[0].getroottree()
 
     if len(element) != 1:
-        raise RuntimeError('Unable to parse %s' % AUTOFS_LDAP_AUTH)
+        raise RuntimeError('Unable to parse %s' % paths.AUTOFS_LDAP_AUTH_CONF)
 
     element[0].set('usetls', 'no')
     element[0].set('tlsrequired', 'no')
@@ -121,20 +115,20 @@ def configure_xml(fstore):
     element[0].set('authtype', 'GSSAPI')
     element[0].set('clientprinc', 'host/%s@%s' % (api.env.host, api.env.realm))
 
-    newconf = open(AUTOFS_LDAP_AUTH, 'w')
+    newconf = open(paths.AUTOFS_LDAP_AUTH_CONF, 'w')
     try:
         root.write(newconf, pretty_print=True, xml_declaration=True, encoding='UTF-8')
         newconf.close()
     except IOError, e:
-        print "Unable to write %s: %s" % (AUTOFS_LDAP_AUTH, e)
-    print "Configured %s" % AUTOFS_LDAP_AUTH
+        print "Unable to write %s: %s" % (paths.AUTOFS_LDAP_AUTH_CONF, e)
+    print "Configured %s" % paths.AUTOFS_LDAP_AUTH_CONF
 
 def configure_nsswitch(fstore, options):
     """
     Point automount to ldap in nsswitch.conf. This function is for non-SSSD
     setups only
     """
-    fstore.backup_file(NSSWITCH_CONF)
+    fstore.backup_file(paths.NSSWITCH_CONF)
 
     conf = ipachangeconf.IPAChangeConf("IPA Installer")
     conf.setOptionAssignment(':')
@@ -144,9 +138,9 @@ def configure_nsswitch(fstore, options):
     opts = [{'name':'automount', 'type':'option', 'action':'set', 'value':nss_value},
             {'name':'empty', 'type':'empty'}]
 
-    conf.changeConf(NSSWITCH_CONF, opts)
+    conf.changeConf(paths.NSSWITCH_CONF, opts)
 
-    print "Configured %s" % NSSWITCH_CONF
+    print "Configured %s" % paths.NSSWITCH_CONF
 
 def configure_autofs_sssd(fstore, statestore, autodiscover, options):
     try:
@@ -221,11 +215,11 @@ def configure_autofs(fstore, statestore, autodiscover, server, options):
     }
 
     ipautil.backup_config_and_replace_variables(fstore,
-        AUTOFS_CONF, replacevars=replacevars)
-    tasks.restore_context(AUTOFS_CONF)
+        paths.SYSCONFIG_AUTOFS, replacevars=replacevars)
+    tasks.restore_context(paths.SYSCONFIG_AUTOFS)
     statestore.backup_state('autofs', 'sssd', False)
 
-    print "Configured %s" % AUTOFS_CONF
+    print "Configured %s" % paths.SYSCONFIG_AUTOFS
 
 def configure_autofs_common(fstore, statestore, options):
     autofs = services.knownservices.autofs
@@ -244,16 +238,16 @@ def configure_autofs_common(fstore, statestore, options):
 
 def uninstall(fstore, statestore):
     print "Restoring configuration"
-    if fstore.has_file(AUTOFS_CONF):
-        fstore.restore_file(AUTOFS_CONF)
-    if fstore.has_file(NSSWITCH_CONF):
-        fstore.restore_file(NSSWITCH_CONF)
-    if fstore.has_file(AUTOFS_LDAP_AUTH):
-        fstore.restore_file(AUTOFS_LDAP_AUTH)
-    if fstore.has_file(NFS_CONF):
-        fstore.restore_file(NFS_CONF)
-    if fstore.has_file(IDMAPD_CONF):
-        fstore.restore_file(IDMAPD_CONF)
+    if fstore.has_file(paths.SYSCONFIG_AUTOFS):
+        fstore.restore_file(paths.SYSCONFIG_AUTOFS)
+    if fstore.has_file(paths.NSSWITCH_CONF):
+        fstore.restore_file(paths.NSSWITCH_CONF)
+    if fstore.has_file(paths.AUTOFS_LDAP_AUTH_CONF):
+        fstore.restore_file(paths.AUTOFS_LDAP_AUTH_CONF)
+    if fstore.has_file(paths.SYSCONFIG_NFS):
+        fstore.restore_file(paths.SYSCONFIG_NFS)
+    if fstore.has_file(paths.IDMAPD_CONF):
+        fstore.restore_file(paths.IDMAPD_CONF)
     if statestore.has_state('autofs'):
         enabled = statestore.restore_state('autofs', 'enabled')
         running = statestore.restore_state('autofs', 'running')
@@ -314,19 +308,19 @@ def configure_nfs(fstore, statestore):
         'SECURE_NFS': 'yes',
     }
     ipautil.backup_config_and_replace_variables(fstore,
-        NFS_CONF, replacevars=replacevars)
-    tasks.restore_context(NFS_CONF)
+        paths.SYSCONFIG_NFS, replacevars=replacevars)
+    tasks.restore_context(paths.SYSCONFIG_NFS)
 
-    print "Configured %s" % NFS_CONF
+    print "Configured %s" % paths.SYSCONFIG_NFS
 
     replacevars = {
         'Domain': api.env.domain,
     }
     ipautil.backup_config_and_replace_variables(fstore,
-        IDMAPD_CONF, replacevars=replacevars)
-    tasks.restore_context(IDMAPD_CONF)
+        paths.IDMAPD_CONF, replacevars=replacevars)
+    tasks.restore_context(paths.IDMAPD_CONF)
 
-    print "Configured %s" % IDMAPD_CONF
+    print "Configured %s" % paths.IDMAPD_CONF
 
     rpcidmapd = services.knownservices.rpcidmapd
     statestore.backup_state('rpcidmapd', 'enabled', rpcidmapd.is_enabled())
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 2e59df99551dfb457e8ca19a31d51b103f59825a..c70d5bfde3cf39d60f90f0fc0bcdae8d65606198 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -70,10 +70,6 @@ CLIENT_NOT_CONFIGURED = 2
 CLIENT_ALREADY_CONFIGURED = 3
 CLIENT_UNINSTALL_ERROR = 4 # error after restoring files/state
 
-SSH_AUTHORIZEDKEYSCOMMAND = paths.SSS_SSH_AUTHORIZEDKEYS
-SSH_PROXYCOMMAND = paths.SSS_SSH_KNOWNHOSTSPROXY
-SSH_KNOWNHOSTSFILE = paths.SSSD_PUBCONF_KNOWN_HOSTS
-
 client_nss_nickname_format = 'IPA Machine Certificate - %s'
 
 def parse_options():
@@ -1276,9 +1272,9 @@ def configure_ssh_config(fstore, options):
         'PubkeyAuthentication': 'yes',
     }
 
-    if options.sssd and file_exists(SSH_PROXYCOMMAND):
-        changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND
-        changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE
+    if options.sssd and file_exists(paths.SSS_SSH_KNOWNHOSTSPROXY):
+        changes['ProxyCommand'] = '%s -p %%p %%h' % paths.SSS_SSH_KNOWNHOSTSPROXY
+        changes['GlobalKnownHostsFile'] = paths.SSSD_PUBCONF_KNOWN_HOSTS
     if options.trust_sshfp:
         changes['VerifyHostKeyDNS'] = 'yes'
         changes['HostKeyAlgorithms'] = 'ssh-rsa,ssh-dss'
@@ -1304,20 +1300,20 @@ def configure_sshd_config(fstore, options):
         'UsePAM': 'yes',
     }
 
-    if options.sssd and file_exists(SSH_AUTHORIZEDKEYSCOMMAND):
+    if options.sssd and file_exists(paths.SSS_SSH_AUTHORIZEDKEYS):
         authorized_keys_changes = None
 
         candidates = (
             {
-                'AuthorizedKeysCommand': SSH_AUTHORIZEDKEYSCOMMAND,
+                'AuthorizedKeysCommand': paths.SSS_SSH_AUTHORIZEDKEYS,
                 'AuthorizedKeysCommandUser': 'nobody',
             },
             {
-                'AuthorizedKeysCommand': SSH_AUTHORIZEDKEYSCOMMAND,
+                'AuthorizedKeysCommand': paths.SSS_SSH_AUTHORIZEDKEYS,
                 'AuthorizedKeysCommandRunAs': 'nobody',
             },
             {
-                'PubKeyAgent': '%s %%u' % SSH_AUTHORIZEDKEYSCOMMAND,
+                'PubKeyAgent': '%s %%u' % paths.SSS_SSH_AUTHORIZEDKEYS,
                 'PubKeyAgentRunAs': 'nobody',
             },
         )
@@ -1454,23 +1450,23 @@ def resolve_ipaddress(server):
         raise last_socket_error  # pylint: disable=E0702
 
 def do_nsupdate(update_txt):
-    root_logger.debug("Writing nsupdate commands to %s:", UPDATE_FILE)
+    root_logger.debug("Writing nsupdate commands to %s:", paths.IPA_DNS_UPDATE_TXT)
     root_logger.debug("%s", update_txt)
 
-    update_fd = file(UPDATE_FILE, "w")
+    update_fd = file(paths.IPA_DNS_UPDATE_TXT, "w")
     update_fd.write(update_txt)
     update_fd.flush()
     update_fd.close()
 
     result = False
     try:
-        ipautil.run([paths.NSUPDATE, '-g', UPDATE_FILE])
+        ipautil.run([paths.NSUPDATE, '-g', paths.IPA_DNS_UPDATE_TXT])
         result = True
     except CalledProcessError, e:
         root_logger.debug('nsupdate failed: %s', str(e))
 
     try:
-        os.remove(UPDATE_FILE)
+        os.remove(paths.IPA_DNS_UPDATE_TXT)
     except Exception:
         pass
 
@@ -1498,9 +1494,6 @@ show
 send
 """
 
-UPDATE_FILE = paths.IPA_DNS_UPDATE_TXT
-CCACHE_FILE = paths.IPA_DNS_CCACHE
-
 def update_dns(server, hostname):
 
     try:
@@ -2429,7 +2422,7 @@ def install(options, env, fstore, statestore):
             # only the KDC we're installing under is contacted.
             # Other KDCs might not have replicated the principal yet.
             # Once we have the TGT, it's usable on any server.
-            env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = CCACHE_FILE
+            env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
             try:
                 run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB,
                         'host/%s@%s' % (hostname, cli_realm)], env=env)
@@ -2475,7 +2468,7 @@ def install(options, env, fstore, statestore):
     if options.on_master:
         # If on master assume kerberos is already configured properly.
         # Get the host TGT.
-        os.environ['KRB5CCNAME'] = CCACHE_FILE
+        os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
         try:
             run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB,
                     host_principal])
@@ -2616,7 +2609,7 @@ def install(options, env, fstore, statestore):
     update_ssh_keys(cli_server[0], hostname, services.knownservices.sshd.get_config_dir(), options.create_sshfp)
 
     try:
-        os.remove(CCACHE_FILE)
+        os.remove(paths.IPA_DNS_CCACHE)
     except Exception:
         pass
 
@@ -2829,6 +2822,6 @@ except RuntimeError, e:
     sys.exit(e)
 finally:
     try:
-        os.remove(CCACHE_FILE)
+        os.remove(paths.IPA_DNS_CCACHE)
     except Exception:
         pass
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index e1ac55a1d734acda4766ba3cf8598c020c30deac..a5c5b2257f8d9732c8fa862b4bdf2813efa04abe 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -97,9 +97,6 @@ def __write_config(path, content):
     fd.close()
 
 def config_ntp(server_fqdn, fstore = None, sysstore = None):
-    path_step_tickers = paths.NTP_STEP_TICKERS
-    path_ntp_conf = paths.NTP_CONF
-    path_ntp_sysconfig = paths.SYSCONFIG_NTPD
     sub_dict = { }
     sub_dict["SERVER"] = server_fqdn
 
@@ -107,12 +104,12 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None):
     config_step_tickers = False
 
 
-    if os.path.exists(path_step_tickers):
+    if os.path.exists(paths.NTP_STEP_TICKERS):
         config_step_tickers = True
         ns = ipautil.template_str(ntp_step_tickers, sub_dict)
-        __backup_config(path_step_tickers, fstore)
-        __write_config(path_step_tickers, ns)
-        tasks.restore_context(path_step_tickers)
+        __backup_config(paths.NTP_STEP_TICKERS, fstore)
+        __write_config(paths.NTP_STEP_TICKERS, ns)
+        tasks.restore_context(paths.NTP_STEP_TICKERS)
 
     if sysstore:
         module = 'ntp'
@@ -120,13 +117,13 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None):
         if config_step_tickers:
             sysstore.backup_state(module, "step-tickers", True)
 
-    __backup_config(path_ntp_conf, fstore)
-    __write_config(path_ntp_conf, nc)
-    tasks.restore_context(path_ntp_conf)
+    __backup_config(paths.NTP_CONF, fstore)
+    __write_config(paths.NTP_CONF, nc)
+    tasks.restore_context(paths.NTP_CONF)
 
-    __backup_config(path_ntp_sysconfig, fstore)
-    __write_config(path_ntp_sysconfig, ntp_sysconfig)
-    tasks.restore_context(path_ntp_sysconfig)
+    __backup_config(paths.SYSCONFIG_NTPD, fstore)
+    __write_config(paths.SYSCONFIG_NTPD, ntp_sysconfig)
+    tasks.restore_context(paths.SYSCONFIG_NTPD)
 
     # Set the ntpd to start on boot
     services.knownservices.ntpd.enable()
@@ -143,13 +140,12 @@ def synconce_ntp(server_fqdn):
 
     Returns True if sync was successful
     """
-    ntpd = paths.NTPD
-    if not os.path.exists(ntpd):
+    if not os.path.exists(paths.NTPD):
         return False
 
     tmp_ntp_conf = ipautil.write_tmp_file('server %s' % server_fqdn)
     try:
-        ipautil.run([ntpd, '-qgc', tmp_ntp_conf.name])
+        ipautil.run([paths.NTPD, '-qgc', tmp_ntp_conf.name])
         return True
     except ipautil.CalledProcessError:
         return False
diff --git a/ipalib/session.py b/ipalib/session.py
index ae40fdfe189b3bfd5f0437c04efaab73ac31f88a..df5f835525049d58f7a172d0e060f5ef66deaa19 100644
--- a/ipalib/session.py
+++ b/ipalib/session.py
@@ -1213,11 +1213,11 @@ def delete_session_data(self, session_id):
 krbccache_prefix = 'krbcc_'
 
 def _get_krbccache_pathname():
-    return os.path.join(krbccache_dir, '%s%s' % (krbccache_prefix, os.getpid()))
+    return os.path.join(paths.IPA_MEMCACHED_DIR, '%s%s' % (krbccache_prefix, os.getpid()))
 
 def get_ipa_ccache_name(scheme='FILE'):
     if scheme == 'FILE':
-        name = os.path.join(krbccache_dir, '%s%s' % (krbccache_prefix, os.getpid()))
+        name = os.path.join(paths.IPA_MEMCACHED_DIR, '%s%s' % (krbccache_prefix, os.getpid()))
     else:
         raise ValueError('ccache scheme "%s" unsupported', scheme)
 
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py
index 351f523c112381e7859573025fdbf085d1c771b7..abb1661fb8840835ab1fcc9a873f5cb6b78b8d7c 100644
--- a/ipaplatform/fedora/tasks.py
+++ b/ipaplatform/fedora/tasks.py
@@ -168,12 +168,10 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
                     "Could not remove %s: %s", new_cacert_path, e)
                 return False
 
-        new_cacert_path = paths.IPA_P11_KIT
-
         try:
-            f = open(new_cacert_path, 'w')
+            f = open(paths.IPA_P11_KIT, 'w')
         except IOError, e:
-            root_logger.info("Failed to open %s: %s" % (new_cacert_path, e))
+            root_logger.info("Failed to open %s: %s" % (paths.IPA_P11_KIT, e))
             return False
 
         f.write("# This file was created by IPA. Do not edit.\n"
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index bcfafdaf450903a1e67a0bcfa23d26d0ce311428..0fbff6167d3332d40fee63028c6351255034cfaf 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -32,9 +32,6 @@
 from ipaplatform.paths import paths
 from ipaplatform import services
 
-REQUEST_DIR = paths.CERTMONGER_REQUESTS_DIR
-CA_DIR = paths.CERTMONGER_CAS_DIR
-
 DBUS_CM_PATH = '/org/fedorahosted/certmonger'
 DBUS_CM_IF = 'org.fedorahosted.certmonger'
 DBUS_CM_REQUEST_IF = 'org.fedorahosted.certmonger.request'
@@ -417,7 +414,6 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
     """
 
     cm = _connect_to_certmonger()
-    certmonger_cmd_template = paths.CERTMONGER_COMMAND_TEMPLATE
 
     params = {'TRACK': True}
     params['cert-nickname'] = nickname
@@ -439,7 +435,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
                 libpath = 'lib64'
             else:
                 libpath = 'lib'
-            pre_command = certmonger_cmd_template % (libpath, pre_command)
+            pre_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, pre_command)
         params['cert-presave-command'] = pre_command
     if post_command:
         if not os.path.isabs(post_command):
@@ -447,7 +443,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
                 libpath = 'lib64'
             else:
                 libpath = 'lib'
-            post_command = certmonger_cmd_template % (libpath, post_command)
+            post_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, post_command)
         params['cert-postsave-command'] = post_command
     if profile:
         params['ca-profile'] = profile
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 45b334d0a3c2ebf7ee5b6d1cb980e05895fa1e0a..9b473b372a1e5ba4767459e23c158233118b46d1 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -46,7 +46,6 @@
 from ipapython.dn import DN
 
 SHARE_DIR = paths.USR_SHARE_IPA_DIR
-PLUGINS_SHARE_DIR = paths.IPA_PLUGINS
 
 GEN_PWD_LEN = 12
 
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index caeca3c4ab357193aef4d0e6a373240acfdf1993..d957a34d5d949d42464321c20531cfe0b911598b 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -524,7 +524,6 @@ def kinit_as_http(self, domain):
         realm = api.env.realm
         hostname = api.env.host
         principal = 'HTTP/%s@%s' % (hostname, realm)
-        keytab = paths.IPA_KEYTAB
 
         # Destroy the contents of the ccache
         root_logger.debug('Destroying the contents of the separate ccache')
@@ -539,7 +538,7 @@ def kinit_as_http(self, domain):
                           'service principal with MS-PAC attached.')
 
         (stdout, stderr, returncode) = ipautil.run(
-            [paths.KINIT, '-kt', keytab, principal],
+            [paths.KINIT, '-kt', paths.IPA_KEYTAB, principal],
             env={'KRB5CCNAME': ccache_path},
             raiseonerr=False)
 
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index b4d644fdbf784dd7936adc8eb085f4825cab797e..4025cfb0bb49ee2e479dc347f0555976bb2ce464 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -911,8 +911,7 @@ def uninstall(self):
             self.print_msg('WARNING: ' + str(e))
 
         # Remove samba's credentials cache
-        krb5cc_samba = paths.KRB5CC_SAMBA
-        installutils.remove_file(krb5cc_samba)
+        installutils.remove_file(paths.KRB5CC_SAMBA)
 
         # Remove samba's configuration file
         installutils.remove_file(self.smb_conf)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 2e8836ec6bc9e727a6917523a0979febd33a1585..17094f7fd46ca298aa88f480e5b18f7e607f8c95 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -42,9 +42,6 @@
         normalize_zone, get_reverse_zone_default, zone_is_reverse)
 from ipalib.constants import CACERT
 
-NAMED_CONF = paths.NAMED_CONF
-RESOLV_CONF = paths.RESOLV_CONF
-
 named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{')
 named_conf_section_options_start_re = re.compile('\s*options\s+{')
 named_conf_section_end_re = re.compile('};')
@@ -75,7 +72,7 @@ def check_inst(unattended):
     if not has_bind:
         return False
 
-    if not unattended and os.path.exists(NAMED_CONF):
+    if not unattended and os.path.exists(paths.NAMED_CONF):
         msg = "Existing BIND configuration detected, overwrite?"
         return ipautil.user_input(msg, False)
 
@@ -86,7 +83,7 @@ def create_reverse():
 
 def named_conf_exists():
     try:
-        named_fd = open(NAMED_CONF, 'r')
+        named_fd = open(paths.NAMED_CONF, 'r')
     except IOError:
         return False
     lines = named_fd.readlines()
@@ -116,7 +113,7 @@ def named_conf_get_directive(name, section=NAMED_SECTION_IPA, str_val=True):
     else:
         raise NotImplementedError('Section "%s" is not supported' % section)
 
-    with open(NAMED_CONF, 'r') as f:
+    with open(paths.NAMED_CONF, 'r') as f:
         target_section = False
         for line in f:
             if named_conf_section_start_re.match(line):
@@ -163,7 +160,7 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA,
     else:
         raise NotImplementedError('Section "%s" is not supported' % section)
 
-    with open(NAMED_CONF, 'r') as f:
+    with open(paths.NAMED_CONF, 'r') as f:
         target_section = False
         matched = False
         last_indent = "\t"
@@ -200,7 +197,7 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA,
             new_lines.append(line)
 
     # write new configuration
-    with open(NAMED_CONF, 'w') as f:
+    with open(paths.NAMED_CONF, 'w') as f:
         f.write("".join(new_lines))
 
 def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False, realm=None,
@@ -832,16 +829,16 @@ def __setup_principal(self):
             raise
 
     def __setup_named_conf(self):
-        self.fstore.backup_file(NAMED_CONF)
+        self.fstore.backup_file(paths.NAMED_CONF)
         named_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.named.conf.template", self.sub_dict)
-        named_fd = open(NAMED_CONF, 'w')
+        named_fd = open(paths.NAMED_CONF, 'w')
         named_fd.seek(0)
         named_fd.truncate(0)
         named_fd.write(named_txt)
         named_fd.close()
 
     def __setup_resolv_conf(self):
-        self.fstore.backup_file(RESOLV_CONF)
+        self.fstore.backup_file(paths.RESOLV_CONF)
         resolv_txt = "search "+self.domain+"\n"
 
         for ip_address in self.ip_addresses:
@@ -854,7 +851,7 @@ def __setup_resolv_conf(self):
                 resolv_txt += "nameserver ::1\n"
                 break
         try:
-            resolv_fd = open(RESOLV_CONF, 'w')
+            resolv_fd = open(paths.RESOLV_CONF, 'w')
             resolv_fd.seek(0)
             resolv_fd.truncate(0)
             resolv_fd.write(resolv_txt)
@@ -1045,7 +1042,7 @@ def uninstall(self):
         if not running is None:
             self.stop()
 
-        for f in [NAMED_CONF, RESOLV_CONF]:
+        for f in [paths.NAMED_CONF, paths.RESOLV_CONF]:
             try:
                 self.fstore.restore_file(f)
             except ValueError, error:
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c9a1c15e9495108382f6e2e8a58f6cc4e8f79c98..62eeabec90d542d4b7a5e7a86c30d3cafedc2db5 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -45,9 +45,6 @@
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-SERVER_ROOT_64 = paths.USR_LIB_DIRSRV_64
-SERVER_ROOT_32 = paths.USR_LIB_DIRSRV
-
 DS_USER = 'dirsrv'
 DS_GROUP = 'dirsrv'
 
@@ -69,10 +66,10 @@
 
 
 def find_server_root():
-    if ipautil.dir_exists(SERVER_ROOT_64):
-        return SERVER_ROOT_64
+    if ipautil.dir_exists(paths.USR_LIB_DIRSRV_64):
+        return paths.USR_LIB_DIRSRV_64
     else:
-        return SERVER_ROOT_32
+        return paths.USR_LIB_DIRSRV
 
 def realm_to_serverid(realm_name):
     return "-".join(realm_name.split("."))
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 2baa5dde035fa8fb93817d5f94b1fc257483798b..230bb37e31d16632085d3c4893facf725ef3d157 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -63,9 +63,6 @@
       --keyring /root/backup.pub --list-secret-keys
 """
 
-BACKUP_DIR = paths.IPA_BACKUP_DIR
-
-
 def encrypt_file(filename, keyring, remove_original=True):
     source = filename
     dest = filename + '.gpg'
@@ -526,10 +523,10 @@ def finalize_backup(self, data_only=False, encrypt=False, keyring=None):
         '''
 
         if data_only:
-            backup_dir = os.path.join(BACKUP_DIR, time.strftime('ipa-data-%Y-%m-%d-%H-%M-%S'))
+            backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-data-%Y-%m-%d-%H-%M-%S'))
             filename = os.path.join(backup_dir, "ipa-data.tar")
         else:
-            backup_dir = os.path.join(BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
+            backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
             filename = os.path.join(backup_dir, "ipa-full.tar")
 
         os.mkdir(backup_dir, 0700)
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index ce0cff22ab03525882b1ae232d45f132b93a8d43..e70e25a8fa7dca23c214a561803df0b47cf4e6a0 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -424,15 +424,12 @@ def copy_misc_files(self):
         self.log.info("Copying additional files")
 
         self.copy_info_file(CACERT, "ca.crt")
-        preferences_filename = paths.PREFERENCES_HTML
-        if ipautil.file_exists(preferences_filename):
-            self.copy_info_file(preferences_filename, "preferences.html")
-        jar_filename = paths.CONFIGURE_JAR
-        if ipautil.file_exists(jar_filename):
-            self.copy_info_file(jar_filename, "configure.jar")
-        cacert_filename = paths.CACERT_PEM
-        if ipautil.file_exists(cacert_filename):
-            self.copy_info_file(cacert_filename, "cacert.pem")
+        if ipautil.file_exists(paths.PREFERENCES_HTML):
+            self.copy_info_file(paths.PREFERENCES_HTML, "preferences.html")
+        if ipautil.file_exists(paths.CONFIGURE_JAR):
+            self.copy_info_file(paths.CONFIGURE_JAR, "configure.jar")
+        if ipautil.file_exists(paths.CACERT_PEM):
+            self.copy_info_file(paths.CACERT_PEM, "cacert.pem")
         self.copy_info_file(paths.IPA_DEFAULT_CONF, "default.conf")
 
     def save_config(self):
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 239de99c462639854e8e25c6b9278cb94b6fc6b8..7898de0f6f6613db95ea93bb4a91bd44a2c68951 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -41,7 +41,6 @@
 from ipapython import ipaldap
 import ipapython.errors
 from ipaplatform.tasks import tasks
-from ipaserver.install.ipa_backup import BACKUP_DIR
 from ipaplatform import services
 from ipaplatform.paths import paths
 
@@ -144,7 +143,7 @@ def validate_options(self):
 
         dirname = self.args[0]
         if not os.path.isabs(dirname):
-            self.backup_dir = os.path.join(BACKUP_DIR, dirname)
+            self.backup_dir = os.path.join(paths.IPA_BACKUP_DIR, dirname)
         else:
             self.backup_dir = dirname
 
diff --git a/ipaserver/install/sysupgrade.py b/ipaserver/install/sysupgrade.py
index 4ce652ca1ceeed212e918a17eb60629e38507773..19e017d904a67f1165f2054068612418029d4463 100644
--- a/ipaserver/install/sysupgrade.py
+++ b/ipaserver/install/sysupgrade.py
@@ -24,7 +24,6 @@
 from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import *
 
-STATEFILE_DIR = paths.STATEFILE_DIR
 STATEFILE_FILE = 'sysupgrade.state'
 
 _sstore = None
@@ -32,7 +31,7 @@
 def _load_sstore():
     global _sstore
     if _sstore is None:
-        _sstore = sysrestore.StateFile(STATEFILE_DIR, STATEFILE_FILE)
+        _sstore = sysrestore.StateFile(paths.STATEFILE_DIR, STATEFILE_FILE)
 
 def get_upgrade_state(module, state):
     _load_sstore()
@@ -51,6 +50,6 @@ def remove_upgrade_state(module, state):
 
 def remove_upgrade_file():
     try:
-        os.remove(os.path.join(STATEFILE_DIR, STATEFILE_FILE))
+        os.remove(os.path.join(paths.STATEFILE_DIR, STATEFILE_FILE))
     except Exception, e:
         root_logger.debug('Cannot remove sysupgrade state file: %s', e)
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index b553721eba615f324f9e52331cbd0910c3e14be6..622f2b8cfca6aa7e07452868a8c9264dd3b0f88d 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -31,7 +31,6 @@
 from ipaserver.install import ldapupdate
 from ipaserver.install import service
 
-DSBASE = paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE
 DSE = 'dse.ldif'
 
 class IPAUpgrade(service.Service):
@@ -54,8 +53,8 @@ def __init__(self, realm_name, files=[], live_run=True, schema_files=[]):
             ext += h
         service.Service.__init__(self, "dirsrv")
         serverid = dsinstance.realm_to_serverid(realm_name)
-        self.filename = '%s/%s' % (DSBASE % serverid, DSE)
-        self.savefilename = '%s/%s.ipa.%s' % (DSBASE % serverid, DSE, ext)
+        self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE)
+        self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext)
         self.live_run = live_run
         self.files = files
         self.modified = False
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 18de23d3a5bed485d35adb18b22d04255f933448..09ba42ee16a732ba5d32bf503f8c3de238f0da4d 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -957,15 +957,14 @@ def kinit(self, user, realm, password, ccache_name):
         # get http service ccache as an armor for FAST to enable OTP authentication
         armor_principal = krb5_format_service_principal_name(
             'HTTP', self.api.env.host, realm)
-        keytab = paths.IPA_KEYTAB
         armor_name = "%sA_%s" % (krbccache_prefix, user)
         armor_path = os.path.join(krbccache_dir, armor_name)
 
         self.debug('Obtaining armor ccache: principal=%s keytab=%s ccache=%s',
-                   armor_principal, keytab, armor_path)
+                   armor_principal, paths.IPA_KEYTAB, armor_path)
 
         (stdout, stderr, returncode) = ipautil.run(
-            [paths.KINIT, '-kt', keytab, armor_principal],
+            [paths.KINIT, '-kt', paths.IPA_KEYTAB, armor_principal],
             env={'KRB5CCNAME': armor_path}, raiseonerr=False)
 
         if returncode != 0:
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to