def _install_ds(self, general, slapd, backends):
"""
Actually install the Ds from the dicts provided.
You should never call this directly, as it bypasses assert_cions.
"""
# register the instance to /etc/sysconfig
# We do this first so that we can trick remove-ds.pl if needed.
# There may be a way to create this from template like the dse.ldif ...
initconfig = ""
with open("%s/dirsrv/config/template-initconfig" % slapd['sysconf_dir']) as template_init:
for line in template_init.readlines():
initconfig += line.replace('{{', '{', 1).replace('}}', '}', 1).replace('-', '_')
try:
os.makedirs("%s/sysconfig" % slapd['sysconf_dir'], mode=0o775)
except FileExistsError:
pass
with open("%s/sysconfig/dirsrv-%s" % (slapd['sysconf_dir'], slapd['instance_name']), 'w') as f:
f.write(initconfig.format(
SERVER_DIR=slapd['lib_dir'],
SERVERBIN_DIR=slapd['sbin_dir'],
CONFIG_DIR=slapd['config_dir'],
INST_DIR=slapd['inst_dir'],
RUN_DIR=slapd['run_dir'],
DS_ROOT='',
PRODUCT_NAME='slapd',
))
# Create all the needed paths
# we should only need to make bak_dir, cert_dir, config_dir, db_dir, ldif_dir, lock_dir, log_dir, run_dir? schema_dir,
for path in ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir', 'lock_dir', 'log_dir', 'run_dir'):
if self.verbose:
self.log.info("ACTION: creating %s" % slapd[path])
try:
os.makedirs(slapd[path], mode=0o775)
except OSError:
pass
os.chown(slapd[path], slapd['user_uid'], slapd['group_gid'])
### Warning! We need to down the directory under db too for .restore to work.
# See dblayer.c for more!
db_parent = os.path.join(slapd['db_dir'], '..')
os.chown(db_parent, slapd['user_uid'], slapd['group_gid'])
# Copy correct data to the paths.
# Copy in the schema
# This is a little fragile, make it better.
# It won't matter when we move schema to usr anyway ...
_ds_shutil_copytree(os.path.join(slapd['sysconf_dir'], 'dirsrv/schema'), slapd['schema_dir'])
os.chown(slapd['schema_dir'], slapd['user_uid'], slapd['group_gid'])
# Copy in the collation
srcfile = os.path.join(slapd['sysconf_dir'], 'dirsrv/config/slapd-collations.conf')
dstfile = os.path.join(slapd['config_dir'], 'slapd-collations.conf')
shutil.copy2(srcfile, dstfile)
os.chown(dstfile, slapd['user_uid'], slapd['group_gid'])
# Copy in the certmap configuration
srcfile = os.path.join(slapd['sysconf_dir'], 'dirsrv/config/certmap.conf')
dstfile = os.path.join(slapd['config_dir'], 'certmap.conf')
shutil.copy2(srcfile, dstfile)
os.chown(dstfile, slapd['user_uid'], slapd['group_gid'])
# If we are on the correct platform settings, systemd
if general['systemd'] and not self.containerised:
# Should create the symlink we need, but without starting it.
subprocess.check_call(["/usr/bin/systemctl",
"enable",
"dirsrv@%s" % slapd['instance_name']])
# Else we need to detect other init scripts?
# Bind sockets to our type?
# Create certdb in sysconfidir
if self.verbose:
self.log.info("ACTION: Creating certificate database is %s" % slapd['cert_dir'])
# Create dse.ldif with a temporary root password.
# The template is in slapd['data_dir']/dirsrv/data/template-dse.ldif
# Variables are done with %KEY%.
# You could cheat and read it in, do a replace of % to { and } then use format?
if self.verbose:
self.log.info("ACTION: Creating dse.ldif")
dse = ""
with open(os.path.join(slapd['data_dir'], 'dirsrv', 'data', 'template-dse.ldif')) as template_dse:
for line in template_dse.readlines():
dse += line.replace('%', '{', 1).replace('%', '}', 1)
with open(os.path.join(slapd['config_dir'], 'dse.ldif'), 'w') as file_dse:
file_dse.write(dse.format(
schema_dir=slapd['schema_dir'],
lock_dir=slapd['lock_dir'],
tmp_dir=slapd['tmp_dir'],
cert_dir=slapd['cert_dir'],
ldif_dir=slapd['ldif_dir'],
bak_dir=slapd['backup_dir'],
run_dir=slapd['run_dir'],
inst_dir="",
log_dir=slapd['log_dir'],
fqdn=general['full_machine_name'],
ds_port=slapd['port'],
ds_user=slapd['user'],
rootdn=slapd['root_dn'],
# ds_passwd=slapd['root_password'],
ds_passwd=self._secure_password, # We set our own password here, so we can connect and mod.
ds_suffix='',
config_dir=slapd['config_dir'],
db_dir=slapd['db_dir'],
))
# open the connection to the instance.
# Should I move this import? I think this prevents some recursion
from lib389 import DirSrv
ds_instance = DirSrv(self.verbose)
ds_instance.containerised = self.containerised
args = {
SER_PORT: slapd['port'],
SER_SERVERID_PROP: slapd['instance_name'],
SER_ROOT_DN: slapd['root_dn'],
SER_ROOT_PW: self._raw_secure_password,
SER_DEPLOYED_DIR: slapd['prefix']
}
ds_instance.allocate(args)
# Does this work?
assert_c(ds_instance.exists(), "Instance failed to install, does not exist when expected")
# Create a certificate database.
tlsdb = NssSsl(dbpath=slapd['cert_dir'])
if not tlsdb._db_exists():
tlsdb.reinit()
if slapd['self_sign_cert']:
# If it doesn't exist, create a cadb.
ssca_path = os.path.join(slapd['sysconf_dir'], 'dirsrv/ssca/')
ssca = NssSsl(dbpath=ssca_path)
if not ssca._db_exists():
ssca.reinit()
ssca.create_rsa_ca()
csr = tlsdb.create_rsa_key_and_csr()
(ca, crt) = ssca.rsa_ca_sign_csr(csr)
tlsdb.import_rsa_crt(ca, crt)
## LAST CHANCE, FIX PERMISSIONS.
# Selinux fixups?
# Restorecon of paths?
# Start the server
ds_instance.start(timeout=60)
ds_instance.open()
# In some cases we may want to change log settings
# ds_instance.config.enable_log('audit')
# Create the configs related to this version.
base_config = get_config(general['defaults'])
base_config_inst = base_config(ds_instance)
base_config_inst.apply_config(install=True)
# Setup TLS with the instance.
ds_instance.config.set('nsslapd-secureport', '%s' % slapd['secure_port'])
if slapd['self_sign_cert']:
ds_instance.config.set('nsslapd-security', 'on')
# Create the backends as listed
# Load example data if needed.
for backend in backends:
ds_instance.backends.create(properties=backend)
# Make changes using the temp root
# Change the root password finally
# Initialise ldapi socket information. IPA expects this ....
ds_instance.config.set('nsslapd-ldapifilepath', ds_instance.get_ldapi_path())
ds_instance.config.set('nsslapd-ldapilisten', 'on')
# Complete.
ds_instance.config.set('nsslapd-rootpw',
ensure_str(slapd['root_password']))
if self.containerised:
# In a container build we need to stop DirSrv at the end
ds_instance.stop()
else:
# Restart for changes to take effect - this could be removed later
ds_instance.restart(post_open=False)
