On 07.10.2015 17:26, Martin Basti wrote:
> thanks comments inline

Hey,

I hope these versions address the issues in the first batch..

-- 
t
commit 8fd0109b13eb87db2cfd22fe412e3adc4c0db9c3
Author: Timo Aaltonen <tjaal...@debian.org>
Date:   Tue Oct 6 16:02:37 2015 +0300

    ipaplatform: Add HTTPD_USER to constants, and use it.

diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index cef829e..3f78822 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -8,4 +8,5 @@ This base platform module exports platform dependant constants.
 
 
 class BaseConstantsNamespace(object):
+    HTTPD_USER = "apache"
     IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index c478881..6deaef5 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -48,6 +48,7 @@ from ipalib import pkcs10, x509
 from ipalib import errors
 
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks
 
@@ -1103,7 +1104,7 @@ class CAInstance(DogtagInstance):
         os.chmod(self.ra_agent_db + "/key3.db", 0o640)
         os.chmod(self.ra_agent_db + "/secmod.db", 0o640)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(constants.HTTPD_USER)
         os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
         os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
         os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 3e07ee3..f321561 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -42,6 +42,7 @@ from ipalib import pkcs10, x509, api
 from ipalib.errors import CertificateOperationError
 from ipalib.text import _
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 
 # Apache needs access to this database so we need to create it
@@ -518,8 +519,7 @@ class CertDB(object):
         f.write(pwdfile.read())
         f.close()
         pwdfile.close()
-        # TODO: replace explicit uid by a platform-specific one
-        self.set_perms(self.pwd_conf, uid="apache")
+        self.set_perms(self.pwd_conf, uid=constants.HTTPD_USER)
 
     def find_root_cert(self, nickname):
         """
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index ee4853a..a7fdfb1 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -41,6 +41,7 @@ import ipapython.errors
 from ipaserver.install import sysupgrade
 from ipalib import api
 from ipalib import errors
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 from ipaplatform import services
@@ -52,7 +53,7 @@ SELINUX_BOOLEAN_SETTINGS = dict(
 )
 
 KDCPROXY_USER = 'kdcproxy'
-
+HTTPD_USER = constants.HTTPD_USER
 
 def httpd_443_configured():
     """
@@ -188,14 +189,14 @@ class HTTPInstance(service.Service):
         self.move_service(self.principal)
         self.add_cert_to_service()
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(HTTPD_USER)
         os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
 
     def remove_httpd_ccache(self):
         # Clean up existing ccache
         # Make sure that empty env is passed to avoid passing KRB5CCNAME from
         # current env
-        ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+        ipautil.run(['kdestroy', '-A'], runas=HTTPD_USER, raiseonerr=False, env={})
 
     def __configure_http(self):
         target_fname = paths.HTTPD_IPA_CONF
@@ -324,7 +325,7 @@ class HTTPInstance(service.Service):
         os.chmod(certs.NSS_DIR + "/secmod.db", 0o660)
         os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0o660)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(HTTPD_USER)
         os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
         os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
         os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -493,7 +494,7 @@ class HTTPInstance(service.Service):
                 pass
 
         # Remove the ccache file for the HTTPD service
-        ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas='apache',
+        ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas=HTTPD_USER,
                     raiseonerr=False)
 
         # Remove the configuration files we create
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index e90b2ab..ac0b027 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -24,6 +24,7 @@ import os.path
 import pwd
 import optparse
 
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import admintool
 from ipapython.dn import DN
@@ -151,7 +152,7 @@ class ServerCertInstall(admintool.AdminTool):
         os.chmod(os.path.join(dirname, 'key3.db'), 0o640)
         os.chmod(os.path.join(dirname, 'secmod.db'), 0o640)
 
-        pent = pwd.getpwnam("apache")
+        pent = pwd.getpwnam(constants.HTTPD_USER)
         os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
         os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
         os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
commit 1d5f8d46ff718fc294d9e66e2fa72200b2be7795
Author: Timo Aaltonen <tjaal...@debian.org>
Date:   Tue Oct 6 16:43:09 2015 +0300

    httpinstance: Use full path via HTTPD_IPA_REWRITE_CONF for Include.

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index a7fdfb1..e95d3a1 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -249,7 +249,7 @@ class HTTPInstance(service.Service):
 
     def __add_include(self):
         """This should run after __set_mod_nss_port so is already backed up"""
-        if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+        if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include {path}\n</VirtualHost>'.format(path=paths.HTTPD_IPA_REWRITE_CONF)) != 0:
             print("Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF)
 
     def configure_certmonger_renewal_guard(self):
commit 4e9af2078fa4cdc69f97892b1055ac4a1558845c
Author: Timo Aaltonen <tjaal...@debian.org>
Date:   Tue Oct 6 16:35:24 2015 +0300

    ipaplatform: Add SECURE_NFS_VAR to constants

diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index 5e4ab13..ab7fe3b 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -40,6 +40,7 @@ from ipaclient import ipadiscovery
 from ipaclient import ipachangeconf
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
@@ -309,7 +310,7 @@ def configure_nfs(fstore, statestore):
     Configure secure NFS
     """
     replacevars = {
-        'SECURE_NFS': 'yes',
+        constants.SECURE_NFS_VAR: 'yes',
     }
     ipautil.backup_config_and_replace_variables(fstore,
         paths.SYSCONFIG_NFS, replacevars=replacevars)
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index 9a12371..77d50a7 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -11,3 +11,5 @@ class BaseConstantsNamespace(object):
     HTTPD_USER = "apache"
     IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
     NAMED_USER = "named"
+    # nfsd init variable used to enable kerberized NFS
+    SECURE_NFS_VAR = "SECURE_NFS"
commit 69a26e0f5bd8286758579cff2264bfd9522a6e86
Author: Timo Aaltonen <tjaal...@debian.org>
Date:   Tue Oct 6 18:46:00 2015 +0300

    ipaplatform: Add NTPD_OPTS_VAR and NTPD_OPTS_QUOTE to constants

diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index 77d50a7..50f8a3e 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -11,5 +11,9 @@ class BaseConstantsNamespace(object):
     HTTPD_USER = "apache"
     IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
     NAMED_USER = "named"
+    # ntpd init variable used for daemon options
+    NTPD_OPTS_VAR = "OPTIONS"
+    # quote used for daemon options
+    NTPD_OPTS_QUOTE = "\""
     # nfsd init variable used to enable kerberized NFS
     SECURE_NFS_VAR = "SECURE_NFS"
diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py
index 1fef6fd..567dec6 100644
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -21,9 +21,13 @@
 from ipaserver.install import service
 from ipapython import sysrestore
 from ipapython import ipautil
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import *
 
+NTPD_OPTS_VAR = constants.NTPD_OPTS_VAR
+NTPD_OPTS_QUOTE = constants.NTPD_OPTS_QUOTE
+
 class NTPInstance(service.Service):
     def __init__(self, fstore=None):
         service.Service.__init__(self, "ntpd", service_desc="NTP daemon")
@@ -106,9 +110,9 @@ class NTPInstance(service.Service):
         fd.close()
         for line in lines:
             sline = line.strip()
-            if not sline.startswith('OPTIONS'):
+            if not sline.startswith(NTPD_OPTS_VAR):
                 continue
-            sline = sline.replace('"', '')
+            sline = sline.replace(NTPD_OPTS_QUOTE, '')
             for opt in needopts:
                 if sline.find(opt['val']) != -1:
                     opt['need'] = False
@@ -124,12 +128,12 @@ class NTPInstance(service.Service):
             for line in lines:
                 if not done:
                     sline = line.strip()
-                    if not sline.startswith('OPTIONS'):
+                    if not sline.startswith(NTPD_OPTS_VAR):
                         fd.write(line)
                         continue
-                    sline = sline.replace('"', '')
+                    sline = sline.replace(NTPD_OPTS_QUOTE, '')
                     (variable, opts) = sline.split('=', 1)
-                    fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+                    fd.write(NTPD_OPTS_VAR + '="%s %s"\n' % (opts, ' '.join(newopts)))
                     done = True
                 else:
                     fd.write(line)
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to