URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 75095517c0312eaf5d25fead3eb4cdb6af2e4ab0 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir
The environment variable IPA_CONFDIR overrides the default confdir path.
The value of the environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.
Some contexts like server, installer and upgrades do not support the env
var.
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
client/man/ipa.1 | 4 ++++
install/tools/ipa-httpd-kdcproxy | 2 +-
install/tools/ipa-replica-conncheck | 2 +-
ipalib/config.py | 18 +++++++++++++++++-
4 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
.TP
If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
.SH "FILES"
.TP
\fB/etc/ipa/default.conf\fR
diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 329565c..34cdd88 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -184,7 +184,7 @@ class KDCProxyConfig(object):
def main(debug=DEBUG, time_limit=TIME_LIMIT):
# initialize API without file logging
if not api.isdone('bootstrap'):
- api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug)
+ api.bootstrap(context='server', log=None, debug=debug)
standard_logging_setup(verbose=True, debug=debug)
try:
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 4045e41..fbe2dd5 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -478,7 +478,7 @@ def main():
else:
nss_dir = None
- api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+ api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri,
nss_dir=nss_db.secdir)
api.finalize()
try:
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..46da186 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
from ipalib.base import check_name
from ipalib.constants import CONFIG_SECTION
from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
if six.PY3:
unicode = str
@@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance
__locked = False
+ # Reserved contexts do not support IPA_CONFDIR env var
+ _reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl',
+ 'renew', 'restore', 'server', 'updates'}
+
def __init__(self, **initialize):
object.__setattr__(self, '_Env__d', {})
object.__setattr__(self, '_Env__done', set())
@@ -461,7 +466,18 @@ def _bootstrap(self, **overrides):
# Set confdir:
if 'confdir' not in self:
- if self.in_tree:
+ ipa_confdir = os.environ.get('IPA_CONFDIR')
+ if ipa_confdir is not None:
+ if self.context in self._reserved_contexts:
+ raise ScriptError(
+ 'IPA_CONFDIR env var is not allowed for context '
+ '"{}".'.format(self.context))
+ if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+ raise ScriptError(
+ 'IPA_CONFDIR env var must be an absolute path to an '
+ 'existing directory.')
+ self.confdir = ipa_confdir
+ elif self.in_tree:
self.confdir = self.dot_ipa
else:
self.confdir = path.join('/', 'etc', 'ipa')
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
