Hello Christian,
sorry for letting this patch rot for so long. I've forget about it the minute 
Fraser replied.
To compensate a little I've fixed pep8 error, rebased it and attaching two 
versions for master and for 4.3 branch.
I haven't found any missing cases and it works for me. If you're OK with the 
modified patches it can be pushed.

David

----- Original Message -----
From: "Christian Heimes" <chei...@redhat.com>
To: "Fraser Tweedale" <ftwee...@redhat.com>
Cc: "freeipa-devel" <freeipa-devel@redhat.com>
Sent: Wednesday, January 20, 2016 11:57:42 AM
Subject: Re: [Freeipa-devel] [PATCH 0029] Move user/group constants for PKI and 
DS into ipaplatform

On 2016-01-20 02:54, Fraser Tweedale wrote:
> On Tue, Jan 19, 2016 at 02:20:27PM +0100, Christian Heimes wrote:
>> ipaplatform.constants has platform specific names for a couple of system
>> users like Apache HTTPD. The user names for PKI_USER, PKI_GROUP, DS_USER
>> and DS_GROUP are defined in other modules. Similar to #5587 the patch my
>> patch moves the constants into the platform module.
>>
>> https://fedorahosted.org/freeipa/ticket/5619
> 
> I see a few remaining cases:
> 
> ipaserver/install/dsinstance.py
> 712:        pent = pwd.getpwnam("dirsrv")
> 
> ipatests/test_integration/test_backup_and_restore.py
> 167:            self.master.run_command(['userdel', 'dirsrv'])
> 168:            self.master.run_command(['userdel', 'pkiuser'])
> 
> ipaplatform/redhat/tasks.py
> 441:        if name == 'pkiuser':
> 
> When these are included, ACK.

Good catch!

My new patch takes care of remaining cases.


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
From e5801f7a7b051ea1bd5ae3460e4011e871528126 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Tue, 19 Jan 2016 14:18:30 +0100
Subject: [PATCH] Move user/group constants for PKI and DS into ipaplatform

https://fedorahosted.org/freeipa/ticket/5619
---
 install/share/copy-schema-to-ca.py                   |  8 ++++----
 ipaplatform/base/constants.py                        |  4 ++++
 ipaplatform/redhat/tasks.py                          |  5 +++--
 ipaserver/install/cainstance.py                      | 16 ++++++++--------
 ipaserver/install/dogtaginstance.py                  |  5 +++--
 ipaserver/install/dsinstance.py                      |  7 ++++---
 ipaserver/install/ipa_backup.py                      |  4 ++--
 ipaserver/install/ipa_restore.py                     | 16 +++++++++-------
 ipaserver/install/krainstance.py                     |  9 +++++----
 ipaserver/install/krbinstance.py                     |  4 ++--
 ipaserver/install/server/upgrade.py                  |  3 ++-
 ipatests/test_integration/test_backup_and_restore.py |  5 +++--
 12 files changed, 49 insertions(+), 37 deletions(-)

diff --git a/install/share/copy-schema-to-ca.py b/install/share/copy-schema-to-ca.py
index ac49fcd59f179b9fc7b2d5ef5b6b7b91a7da892e..424670605e470d60f42f0dbc89177d83b2e968f6 100755
--- a/install/share/copy-schema-to-ca.py
+++ b/install/share/copy-schema-to-ca.py
@@ -19,9 +19,9 @@ from hashlib import sha1
 
 from ipapython import ipautil, dogtag
 from ipapython.ipa_log_manager import root_logger, standard_logging_setup
-from ipaserver.install.dsinstance import DS_USER, schema_dirname
-from ipaserver.install.cainstance import PKI_USER
+from ipaserver.install.dsinstance import schema_dirname
 from ipalib import api
+from ipaplatform.constants import constants
 
 try:
     from ipaplatform import services
@@ -52,8 +52,8 @@ def _sha1_file(filename):
 def add_ca_schema():
     """Copy IPA schema files into the CA DS instance
     """
-    pki_pent = pwd.getpwnam(PKI_USER)
-    ds_pent = pwd.getpwnam(DS_USER)
+    pki_pent = pwd.getpwnam(constants.PKI_USER)
+    ds_pent = pwd.getpwnam(constants.DS_USER)
     for schema_fname in SCHEMA_FILENAMES:
         source_fname = os.path.join(ipautil.SHARE_DIR, schema_fname)
         target_fname = os.path.join(schema_dirname(SERVERID), schema_fname)
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index 50f8a3ed140aca0f6573231f2a7e5b20e2169919..52af12429d090dcc0d7eed14b76e8b651360f283 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -8,9 +8,13 @@ This base platform module exports platform dependant constants.
 
 
 class BaseConstantsNamespace(object):
+    DS_USER = 'dirsrv'
+    DS_GROUP = 'dirsrv'
     HTTPD_USER = "apache"
     IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
     NAMED_USER = "named"
+    PKI_USER = 'pkiuser'
+    PKI_GROUP = 'pkiuser'
     # ntpd init variable used for daemon options
     NTPD_OPTS_VAR = "OPTIONS"
     # quote used for daemon options
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 6380486792bf62e3a7e607aba8658b0c519f67f8..7c29b51e1eb354f03acda815e89e552eea004a17 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -45,6 +45,7 @@ import ipapython.errors
 
 from ipalib import x509 # FIXME: do not import from ipalib
 
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform.redhat.authconfig import RedHatAuthConfig
 from ipaplatform.base.tasks import BaseTaskNamespace
@@ -438,14 +439,14 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         This values should be constant and may be hardcoded.
         Add other values for other users when needed.
         """
-        if name == 'pkiuser':
+        if name == constants.PKI_USER:
             if uid is None:
                 uid = 17
             if gid is None:
                 gid = 17
             if comment is None:
                 comment = 'CA System User'
-        if name == 'dirsrv':
+        if name == constants.DS_USER:
             if comment is None:
                 comment = 'DS System User'
 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index cac0a8b5322d0bdca27ccc0af6dc70b260ba9972..7fa0fd58265a9fd53bbd38af607126e265c01469 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -67,8 +67,8 @@ from ipaserver.install import installutils
 from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import service
-from ipaserver.install.dogtaginstance import (
-    PKI_USER, export_kra_agent_pem, DogtagInstance)
+from ipaserver.install.dogtaginstance import (export_kra_agent_pem,
+                                              DogtagInstance)
 from ipaserver.plugins import ldap2
 
 # Python 3 rename. The package is available in "six.moves.http_client", but
@@ -280,8 +280,8 @@ def is_ca_installed_locally():
 def create_ca_user():
     """Create PKI user/group if it doesn't exist yet."""
     tasks.create_system_user(
-        name=PKI_USER,
-        group=PKI_USER,
+        name=constants.PKI_USER,
+        group=constants.PKI_GROUP,
         homedir=paths.VAR_LIB,
         shell=paths.NOLOGIN,
     )
@@ -443,7 +443,7 @@ class CAInstance(DogtagInstance):
         # Create an empty and secured file
         (cfg_fd, cfg_file) = tempfile.mkstemp()
         os.close(cfg_fd)
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
 
         # Create CA configuration
@@ -512,7 +512,7 @@ class CAInstance(DogtagInstance):
 
             cafile = self.pkcs12_info[0]
             shutil.copy(cafile, paths.TMP_CA_P12)
-            pent = pwd.getpwnam(PKI_USER)
+            pent = pwd.getpwnam(constants.PKI_USER)
             os.chown(paths.TMP_CA_P12, pent.pw_uid, pent.pw_gid)
 
             # Security domain registration
@@ -607,7 +607,7 @@ class CAInstance(DogtagInstance):
             'ca.enableNonces=false')
         if update_result != 0:
             raise RuntimeError("Disabling nonces failed")
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(paths.CA_CS_CFG_PATH, pent.pw_uid, pent.pw_gid)
 
     def enable_pkix(self):
@@ -942,7 +942,7 @@ class CAInstance(DogtagInstance):
             os.mkdir(publishdir)
 
         os.chmod(publishdir, 0o775)
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(publishdir, 0, pent.pw_gid)
 
         tasks.restore_context(publishdir)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 5c2b28202329240e264e0b0a6149308ee208e8fa..a6f57f9d769ff951393790fd75b7bca520e6ec5a 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -33,8 +33,8 @@ import pki.system
 from ipalib import errors
 
 from ipaplatform import services
-from ipaplatform.paths import paths
 from ipaplatform.constants import constants
+from ipaplatform.paths import paths
 from ipapython import certmonger
 from ipapython import ipaldap
 from ipapython import ipautil
@@ -45,9 +45,10 @@ from ipaserver.install import replication
 from ipaserver.install.installutils import stopped_service
 from ipapython.ipa_log_manager import log_mgr
 
-PKI_USER = "pkiuser"
+PKI_USER = constants.PKI_USER
 HTTPD_USER = constants.HTTPD_USER
 
+
 def get_security_domain():
     """
     Get the security domain from the REST interface on the local Dogtag CA
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 7f27cacacdbfdad7a044a41e41c068088b10804a..36065689c0d8a41dae107ae13e159ac07eb734c0 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -44,14 +44,15 @@ from ipalib import api
 from ipalib import certstore
 from ipalib import errors
 from ipalib import constants
+from ipaplatform.constants import constants as platformconstants
 from ipaplatform.tasks import tasks
 from ipalib.constants import CACERT
 from ipapython.dn import DN
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-DS_USER = 'dirsrv'
-DS_GROUP = 'dirsrv'
+DS_USER = platformconstants.DS_USER
+DS_GROUP = platformconstants.DS_GROUP
 
 IPA_SCHEMA_FILES = ("60kerberos.ldif",
                     "60samba.ldif",
@@ -708,7 +709,7 @@ class DsInstance(service.Service):
         self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict)
 
     def configure_dirsrv_ccache(self):
-        pent = pwd.getpwnam("dirsrv")
+        pent = pwd.getpwnam(platformconstants.DS_USER)
         ccache = paths.TMP_KRB5CC % pent.pw_uid
         filepath = paths.SYSCONFIG_DIRSRV
         if not os.path.exists(filepath):
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 06137b5fa2c691133b3e92b28a924f2725b2f57f..80b5510ea045f3d15bfcf97b50acc7108eea22d5 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -35,13 +35,13 @@ from ipapython.ipautil import run, write_tmp_file
 from ipapython import admintool
 from ipapython.config import IPAOptionParser
 from ipapython.dn import DN
-from ipaserver.install.dsinstance import DS_USER
 from ipaserver.install.replication import wait_for_task
 from ipaserver.install import installutils
 from ipapython import ipaldap
 from ipalib.session import ISO8601_DATETIME_FMT
 from ipalib.constants import CACERT
 from six.moves.configparser import SafeConfigParser
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 
 """
@@ -264,7 +264,7 @@ class Backup(admintool.AdminTool):
 
         self.log.info("Preparing backup on %s", api.env.host)
 
-        pent = pwd.getpwnam(DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
 
         self.top_dir = tempfile.mkdtemp("ipa")
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 43311d5c847ddc0940d136db2d859eea41264fa3..18479d33971596b4ab9bd3c46e0203cd23fd713b 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -35,14 +35,15 @@ from ipapython import version, ipautil, certdb
 from ipapython.ipautil import run, user_input
 from ipapython import admintool
 from ipapython.dn import DN
-from ipaserver.install.dsinstance import create_ds_user, DS_USER
-from ipaserver.install.cainstance import PKI_USER, create_ca_user
+from ipaserver.install.dsinstance import create_ds_user
+from ipaserver.install.cainstance import create_ca_user
 from ipaserver.install.replication import (wait_for_task, ReplicationManager,
                                            get_cs_replication_manager)
 from ipaserver.install import installutils
 from ipaserver.install import dsinstance, httpinstance, cainstance
 from ipapython import ipaldap
 import ipapython.errors
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
@@ -296,7 +297,7 @@ class Restore(admintool.AdminTool):
                 raise admintool.ScriptError("Aborted")
 
         create_ds_user()
-        pent = pwd.getpwnam(DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
 
         # Temporary directory for decrypting files before restoring
         self.top_dir = tempfile.mkdtemp("ipa")
@@ -533,7 +534,7 @@ class Restore(admintool.AdminTool):
         srcldiffile = os.path.join(self.dir, ldifname)
 
         if not os.path.exists(ldifdir):
-            pent = pwd.getpwnam(DS_USER)
+            pent = pwd.getpwnam(constants.DS_USER)
             os.mkdir(ldifdir)
             os.chmod(ldifdir, 0o770)
             os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
@@ -758,7 +759,7 @@ class Restore(admintool.AdminTool):
                ]
         run(args)
 
-        pent = pwd.getpwnam(DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
         recursive_chown(self.dir, pent.pw_uid, pent.pw_gid)
 
@@ -784,9 +785,10 @@ class Restore(admintool.AdminTool):
                      paths.TOMCAT_SIGNEDAUDIT_DIR]
 
         try:
-            pent = pwd.getpwnam(PKI_USER)
+            pent = pwd.getpwnam(constants.PKI_USER)
         except KeyError:
-            self.log.debug("No %s user exists, skipping CA directory creation" % PKI_USER)
+            self.log.debug("No %s user exists, skipping CA directory creation",
+                           constants.PKI_USER)
             return
         self.log.debug('Creating log directories for dogtag')
         for dir in dirs:
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 6589bb54eadf9bc5017ef99cdfbf3c46dabc27c6..b1357048c9c89264e5348285690c31b6491bcd2f 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -28,6 +28,7 @@ from six.moves.configparser import ConfigParser
 from ipalib import api
 from ipalib import x509
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import certdb
 from ipapython import ipautil
@@ -37,8 +38,8 @@ from ipaserver.install import cainstance
 from ipaserver.install import installutils
 from ipaserver.install import ldapupdate
 from ipaserver.install import service
-from ipaserver.install.dogtaginstance import (
-    PKI_USER, export_kra_agent_pem, DogtagInstance)
+from ipaserver.install.dogtaginstance import (export_kra_agent_pem,
+                                              DogtagInstance)
 from ipaserver.plugins import ldap2
 from ipapython.ipa_log_manager import log_mgr
 
@@ -134,7 +135,7 @@ class KRAInstance(DogtagInstance):
         # Create an empty and secured file
         (cfg_fd, cfg_file) = tempfile.mkstemp()
         os.close(cfg_fd)
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
 
         # Create KRA configuration
@@ -223,7 +224,7 @@ class KRAInstance(DogtagInstance):
         if self.clone:
             krafile = self.pkcs12_info[0]
             shutil.copy(krafile, p12_tmpfile_name)
-            pent = pwd.getpwnam(PKI_USER)
+            pent = pwd.getpwnam(constants.PKI_USER)
             os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid)
 
             # Security domain registration
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 20de71de03daab477b626f1b1301bdd339c451b3..ca5b6acdc1840f5ba1bc2336e0ea0b0de1d56153 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -40,7 +40,6 @@ from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 
 from ipaserver.install import replication
-from ipaserver.install import dsinstance
 from ipaserver.install import ldapupdate
 
 import pyasn1.codec.ber.decoder
@@ -48,6 +47,7 @@ import struct
 
 from ipaserver.install import certs
 from distutils import version
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 
@@ -334,7 +334,7 @@ class KrbInstance(service.Service):
         vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
         ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
                                          replacevars=vardict)
-        pent = pwd.getpwnam(dsinstance.DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
         os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
 
     def __create_host_keytab(self):
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index a3344443ef89da667404ff74a17163c9a276e22e..6f961e73c7b8c78a46567112a8608fd117dbea6e 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -25,6 +25,7 @@ from ipapython import ipaldap
 from ipapython.ipa_log_manager import *
 from ipapython import certmonger
 from ipapython.dn import DN
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaserver.install import installutils
 from ipaserver.install import dsinstance
@@ -945,7 +946,7 @@ def copy_crl_file(old_path, new_path=None):
         os.symlink(realpath, new_path)
     else:
         shutil.copy2(old_path, new_path)
-        pent = pwd.getpwnam(cainstance.PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(new_path, pent.pw_uid, pent.pw_gid)
 
     tasks.restore_context(new_path)
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index b8abb343b027a9b61c6c2d8660ac2e926c5e70bf..ffd086bae93f95e9f04617b5fe7e656d53d292b7 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -23,6 +23,7 @@ import os
 import re
 import contextlib
 
+from ipaplatform.constants import constants
 from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN
 from ipatests.test_integration.base import IntegrationTest
@@ -164,8 +165,8 @@ class TestBackupAndRestore(IntegrationTest):
                                      '--uninstall',
                                      '-U'])
 
-            self.master.run_command(['userdel', 'dirsrv'])
-            self.master.run_command(['userdel', 'pkiuser'])
+            self.master.run_command(['userdel', constants.DS_USER])
+            self.master.run_command(['userdel', constants.PKI_USER])
 
             homedir = os.path.join(self.master.config.test_dir,
                                    'testuser_homedir')
-- 
2.5.0

From 5579dd624cef32ebe6fc7fa7dd29f80ff75fa55c Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Tue, 19 Jan 2016 14:18:30 +0100
Subject: [PATCH] Move user/group constants for PKI and DS into ipaplatform

https://fedorahosted.org/freeipa/ticket/5619
---
 install/share/copy-schema-to-ca.py                   |  8 ++++----
 ipaplatform/base/constants.py                        |  4 ++++
 ipaplatform/redhat/tasks.py                          |  5 +++--
 ipaserver/install/cainstance.py                      | 16 ++++++++--------
 ipaserver/install/dogtaginstance.py                  |  5 +++--
 ipaserver/install/dsinstance.py                      |  7 ++++---
 ipaserver/install/ipa_backup.py                      |  4 ++--
 ipaserver/install/ipa_restore.py                     | 16 +++++++++-------
 ipaserver/install/krainstance.py                     |  9 +++++----
 ipaserver/install/krbinstance.py                     |  4 ++--
 ipaserver/install/server/upgrade.py                  |  3 ++-
 ipatests/test_integration/test_backup_and_restore.py |  5 +++--
 12 files changed, 49 insertions(+), 37 deletions(-)

diff --git a/install/share/copy-schema-to-ca.py b/install/share/copy-schema-to-ca.py
index 10fd3d740bb60b9506a233a6aea6c6ac98356c18..c2f070aa29b7abf1cb32c46020ae80450cfd5080 100755
--- a/install/share/copy-schema-to-ca.py
+++ b/install/share/copy-schema-to-ca.py
@@ -19,9 +19,9 @@ from hashlib import sha1
 
 from ipapython import ipautil
 from ipapython.ipa_log_manager import root_logger, standard_logging_setup
-from ipaserver.install.dsinstance import DS_USER, schema_dirname
-from ipaserver.install.cainstance import PKI_USER
+from ipaserver.install.dsinstance import schema_dirname
 from ipalib import api
+from ipaplatform.constants import constants
 
 try:
     from ipaplatform import services
@@ -52,8 +52,8 @@ def _sha1_file(filename):
 def add_ca_schema():
     """Copy IPA schema files into the CA DS instance
     """
-    pki_pent = pwd.getpwnam(PKI_USER)
-    ds_pent = pwd.getpwnam(DS_USER)
+    pki_pent = pwd.getpwnam(constants.PKI_USER)
+    ds_pent = pwd.getpwnam(constants.DS_USER)
     for schema_fname in SCHEMA_FILENAMES:
         source_fname = os.path.join(ipautil.SHARE_DIR, schema_fname)
         target_fname = os.path.join(schema_dirname(SERVERID), schema_fname)
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index 50f8a3ed140aca0f6573231f2a7e5b20e2169919..52af12429d090dcc0d7eed14b76e8b651360f283 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -8,9 +8,13 @@ This base platform module exports platform dependant constants.
 
 
 class BaseConstantsNamespace(object):
+    DS_USER = 'dirsrv'
+    DS_GROUP = 'dirsrv'
     HTTPD_USER = "apache"
     IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
     NAMED_USER = "named"
+    PKI_USER = 'pkiuser'
+    PKI_GROUP = 'pkiuser'
     # ntpd init variable used for daemon options
     NTPD_OPTS_VAR = "OPTIONS"
     # quote used for daemon options
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 6380486792bf62e3a7e607aba8658b0c519f67f8..7c29b51e1eb354f03acda815e89e552eea004a17 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -45,6 +45,7 @@ import ipapython.errors
 
 from ipalib import x509 # FIXME: do not import from ipalib
 
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform.redhat.authconfig import RedHatAuthConfig
 from ipaplatform.base.tasks import BaseTaskNamespace
@@ -438,14 +439,14 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         This values should be constant and may be hardcoded.
         Add other values for other users when needed.
         """
-        if name == 'pkiuser':
+        if name == constants.PKI_USER:
             if uid is None:
                 uid = 17
             if gid is None:
                 gid = 17
             if comment is None:
                 comment = 'CA System User'
-        if name == 'dirsrv':
+        if name == constants.DS_USER:
             if comment is None:
                 comment = 'DS System User'
 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index b72255f1ad2f95c5265a40eddfb1fe413826dba4..65a1f143c8e1d99b5c23c5e83ca3fd95c5f996da 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -66,8 +66,8 @@ from ipaserver.install import installutils
 from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import service
-from ipaserver.install.dogtaginstance import (
-    PKI_USER, export_kra_agent_pem, DogtagInstance)
+from ipaserver.install.dogtaginstance import (export_kra_agent_pem,
+                                              DogtagInstance)
 from ipaserver.plugins import ldap2
 
 # Python 3 rename. The package is available in "six.moves.http_client", but
@@ -279,8 +279,8 @@ def is_ca_installed_locally():
 def create_ca_user():
     """Create PKI user/group if it doesn't exist yet."""
     tasks.create_system_user(
-        name=PKI_USER,
-        group=PKI_USER,
+        name=constants.PKI_USER,
+        group=constants.PKI_GROUP,
         homedir=paths.VAR_LIB,
         shell=paths.NOLOGIN,
     )
@@ -442,7 +442,7 @@ class CAInstance(DogtagInstance):
         # Create an empty and secured file
         (cfg_fd, cfg_file) = tempfile.mkstemp()
         os.close(cfg_fd)
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
 
         # Create CA configuration
@@ -511,7 +511,7 @@ class CAInstance(DogtagInstance):
 
             cafile = self.pkcs12_info[0]
             shutil.copy(cafile, paths.TMP_CA_P12)
-            pent = pwd.getpwnam(PKI_USER)
+            pent = pwd.getpwnam(constants.PKI_USER)
             os.chown(paths.TMP_CA_P12, pent.pw_uid, pent.pw_gid)
 
             # Security domain registration
@@ -606,7 +606,7 @@ class CAInstance(DogtagInstance):
             'ca.enableNonces=false')
         if update_result != 0:
             raise RuntimeError("Disabling nonces failed")
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(paths.CA_CS_CFG_PATH, pent.pw_uid, pent.pw_gid)
 
     def enable_pkix(self):
@@ -941,7 +941,7 @@ class CAInstance(DogtagInstance):
             os.mkdir(publishdir)
 
         os.chmod(publishdir, 0o775)
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(publishdir, 0, pent.pw_gid)
 
         tasks.restore_context(publishdir)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 5c2b28202329240e264e0b0a6149308ee208e8fa..a6f57f9d769ff951393790fd75b7bca520e6ec5a 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -33,8 +33,8 @@ import pki.system
 from ipalib import errors
 
 from ipaplatform import services
-from ipaplatform.paths import paths
 from ipaplatform.constants import constants
+from ipaplatform.paths import paths
 from ipapython import certmonger
 from ipapython import ipaldap
 from ipapython import ipautil
@@ -45,9 +45,10 @@ from ipaserver.install import replication
 from ipaserver.install.installutils import stopped_service
 from ipapython.ipa_log_manager import log_mgr
 
-PKI_USER = "pkiuser"
+PKI_USER = constants.PKI_USER
 HTTPD_USER = constants.HTTPD_USER
 
+
 def get_security_domain():
     """
     Get the security domain from the REST interface on the local Dogtag CA
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 93af0ac0a3f6a9a36fbc500f05f9795f9db0de2f..20e41f43e81aa7138a400db108ae7da1b7397f6b 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -44,14 +44,15 @@ from ipalib import api
 from ipalib import certstore
 from ipalib import errors
 from ipalib import constants
+from ipaplatform.constants import constants as platformconstants
 from ipaplatform.tasks import tasks
 from ipalib.constants import CACERT
 from ipapython.dn import DN
 from ipaplatform import services
 from ipaplatform.paths import paths
 
-DS_USER = 'dirsrv'
-DS_GROUP = 'dirsrv'
+DS_USER = platformconstants.DS_USER
+DS_GROUP = platformconstants.DS_GROUP
 
 IPA_SCHEMA_FILES = ("60kerberos.ldif",
                     "60samba.ldif",
@@ -708,7 +709,7 @@ class DsInstance(service.Service):
         self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict)
 
     def configure_dirsrv_ccache(self):
-        pent = pwd.getpwnam("dirsrv")
+        pent = pwd.getpwnam(platformconstants.DS_USER)
         ccache = paths.TMP_KRB5CC % pent.pw_uid
         filepath = paths.SYSCONFIG_DIRSRV
         if not os.path.exists(filepath):
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index ae387ad8d143f779c5a6095ed089c12d936ddc94..638f05f332e02f66ec5eb66fdd1610d97dfa59d1 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -32,13 +32,13 @@ from ipapython import version
 from ipapython.ipautil import run, write_tmp_file
 from ipapython import admintool
 from ipapython.dn import DN
-from ipaserver.install.dsinstance import DS_USER
 from ipaserver.install.replication import wait_for_task
 from ipaserver.install import installutils
 from ipapython import ipaldap
 from ipalib.session import ISO8601_DATETIME_FMT
 from ipalib.constants import CACERT
 from six.moves.configparser import SafeConfigParser
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 
 """
@@ -261,7 +261,7 @@ class Backup(admintool.AdminTool):
 
         self.log.info("Preparing backup on %s", api.env.host)
 
-        pent = pwd.getpwnam(DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
 
         self.top_dir = tempfile.mkdtemp("ipa")
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index b6ac511028564985268d05cc9c178eb1c3762d27..214409e11fbff9ac4aa3e12c94ccfa8da3d95465 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -32,14 +32,15 @@ from ipapython import version, ipautil, certdb
 from ipapython.ipautil import run, user_input
 from ipapython import admintool
 from ipapython.dn import DN
-from ipaserver.install.dsinstance import create_ds_user, DS_USER
-from ipaserver.install.cainstance import PKI_USER, create_ca_user
+from ipaserver.install.dsinstance import create_ds_user
+from ipaserver.install.cainstance import create_ca_user
 from ipaserver.install.replication import (wait_for_task, ReplicationManager,
                                            get_cs_replication_manager)
 from ipaserver.install import installutils
 from ipaserver.install import dsinstance, httpinstance, cainstance
 from ipapython import ipaldap
 import ipapython.errors
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform import services
 from ipaplatform.paths import paths
@@ -293,7 +294,7 @@ class Restore(admintool.AdminTool):
                 raise admintool.ScriptError("Aborted")
 
         create_ds_user()
-        pent = pwd.getpwnam(DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
 
         # Temporary directory for decrypting files before restoring
         self.top_dir = tempfile.mkdtemp("ipa")
@@ -530,7 +531,7 @@ class Restore(admintool.AdminTool):
         srcldiffile = os.path.join(self.dir, ldifname)
 
         if not os.path.exists(ldifdir):
-            pent = pwd.getpwnam(DS_USER)
+            pent = pwd.getpwnam(constants.DS_USER)
             os.mkdir(ldifdir)
             os.chmod(ldifdir, 0o770)
             os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
@@ -755,7 +756,7 @@ class Restore(admintool.AdminTool):
                ]
         run(args)
 
-        pent = pwd.getpwnam(DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
         recursive_chown(self.dir, pent.pw_uid, pent.pw_gid)
 
@@ -781,9 +782,10 @@ class Restore(admintool.AdminTool):
                      paths.TOMCAT_SIGNEDAUDIT_DIR]
 
         try:
-            pent = pwd.getpwnam(PKI_USER)
+            pent = pwd.getpwnam(constants.PKI_USER)
         except KeyError:
-            self.log.debug("No %s user exists, skipping CA directory creation" % PKI_USER)
+            self.log.debug("No %s user exists, skipping CA directory creation",
+                           constants.PKI_USER)
             return
         self.log.debug('Creating log directories for dogtag')
         for dir in dirs:
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 6589bb54eadf9bc5017ef99cdfbf3c46dabc27c6..b1357048c9c89264e5348285690c31b6491bcd2f 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -28,6 +28,7 @@ from six.moves.configparser import ConfigParser
 from ipalib import api
 from ipalib import x509
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipapython import certdb
 from ipapython import ipautil
@@ -37,8 +38,8 @@ from ipaserver.install import cainstance
 from ipaserver.install import installutils
 from ipaserver.install import ldapupdate
 from ipaserver.install import service
-from ipaserver.install.dogtaginstance import (
-    PKI_USER, export_kra_agent_pem, DogtagInstance)
+from ipaserver.install.dogtaginstance import (export_kra_agent_pem,
+                                              DogtagInstance)
 from ipaserver.plugins import ldap2
 from ipapython.ipa_log_manager import log_mgr
 
@@ -134,7 +135,7 @@ class KRAInstance(DogtagInstance):
         # Create an empty and secured file
         (cfg_fd, cfg_file) = tempfile.mkstemp()
         os.close(cfg_fd)
-        pent = pwd.getpwnam(PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(cfg_file, pent.pw_uid, pent.pw_gid)
 
         # Create KRA configuration
@@ -223,7 +224,7 @@ class KRAInstance(DogtagInstance):
         if self.clone:
             krafile = self.pkcs12_info[0]
             shutil.copy(krafile, p12_tmpfile_name)
-            pent = pwd.getpwnam(PKI_USER)
+            pent = pwd.getpwnam(constants.PKI_USER)
             os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid)
 
             # Security domain registration
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 31149752a1eab62ce142ac9614309a1d0a098754..9f73aab237dfc7555cf2378164c6e911dfd00918 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -36,11 +36,11 @@ from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
 
 from ipaserver.install import replication
-from ipaserver.install import dsinstance
 from ipaserver.install import ldapupdate
 
 from ipaserver.install import certs
 from distutils import version
+from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 
@@ -327,7 +327,7 @@ class KrbInstance(service.Service):
         vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
         ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
                                          replacevars=vardict)
-        pent = pwd.getpwnam(dsinstance.DS_USER)
+        pent = pwd.getpwnam(constants.DS_USER)
         os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
 
     def __create_host_keytab(self):
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index d6e6b2e0daccd1905216414a162acea089a0d687..31575803a8fa9ab5e5e1316a7d4bad90ee621721 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -25,6 +25,7 @@ from ipapython import ipaldap
 from ipapython.ipa_log_manager import root_logger
 from ipapython import certmonger
 from ipapython.dn import DN
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaserver.install import installutils
 from ipaserver.install import dsinstance
@@ -945,7 +946,7 @@ def copy_crl_file(old_path, new_path=None):
         os.symlink(realpath, new_path)
     else:
         shutil.copy2(old_path, new_path)
-        pent = pwd.getpwnam(cainstance.PKI_USER)
+        pent = pwd.getpwnam(constants.PKI_USER)
         os.chown(new_path, pent.pw_uid, pent.pw_gid)
 
     tasks.restore_context(new_path)
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index b8abb343b027a9b61c6c2d8660ac2e926c5e70bf..ffd086bae93f95e9f04617b5fe7e656d53d292b7 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -23,6 +23,7 @@ import os
 import re
 import contextlib
 
+from ipaplatform.constants import constants
 from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN
 from ipatests.test_integration.base import IntegrationTest
@@ -164,8 +165,8 @@ class TestBackupAndRestore(IntegrationTest):
                                      '--uninstall',
                                      '-U'])
 
-            self.master.run_command(['userdel', 'dirsrv'])
-            self.master.run_command(['userdel', 'pkiuser'])
+            self.master.run_command(['userdel', constants.DS_USER])
+            self.master.run_command(['userdel', constants.PKI_USER])
 
             homedir = os.path.join(self.master.config.test_dir,
                                    'testuser_homedir')
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to