def configure_autofs(fstore, statestore, autodiscover, server, options): """ fstore: the FileStore to back up files in options.server: the IPA server to use options.location: the Automount location to use """ if not autodiscover: ldap_uri = "ldap://%s" % server else: ldap_uri = "ldap:///%s" % api.env.basedn search_base = str( DN( ('cn', options.location), api.env.container_automount, api.env.basedn, ) ) replacevars = { 'MAP_OBJECT_CLASS': 'automountMap', 'ENTRY_OBJECT_CLASS': 'automount', 'MAP_ATTRIBUTE': 'automountMapName', 'ENTRY_ATTRIBUTE': 'automountKey', 'VALUE_ATTRIBUTE': 'automountInformation', 'SEARCH_BASE': search_base, 'LDAP_URI': ldap_uri, } ipautil.backup_config_and_replace_variables( fstore, paths.SYSCONFIG_AUTOFS, replacevars=replacevars ) tasks.restore_context(paths.SYSCONFIG_AUTOFS) statestore.backup_state('autofs', 'sssd', False) print("Configured %s" % paths.SYSCONFIG_AUTOFS)
def __configure_instance(self): self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None) self.__template_file(paths.KRB5_CONF) self.__template_file(paths.HTML_KRB5_INI) self.__template_file(paths.KRB_CON) self.__template_file(paths.HTML_KRBREALM_CON) MIN_KRB5KDC_WITH_WORKERS = "1.9" cpus = os.sysconf('SC_NPROCESSORS_ONLN') workers = False result = ipautil.run([paths.KLIST, '-V'], raiseonerr=False, capture_output=True) if result.returncode == 0: verstr = result.output.split()[-1] ver = tasks.parse_ipa_version(verstr) min = tasks.parse_ipa_version(MIN_KRB5KDC_WITH_WORKERS) if ver >= min: workers = True # Write down config file # We write realm and also number of workers (for multi-CPU systems) replacevars = {'KRB5REALM': self.realm} appendvars = {} if workers and cpus > 1: appendvars = {'KRB5KDC_ARGS': "'-w %s'" % str(cpus)} ipautil.backup_config_and_replace_variables( self.fstore, paths.SYSCONFIG_KRB5KDC_DIR, replacevars=replacevars, appendvars=appendvars) tasks.restore_context(paths.SYSCONFIG_KRB5KDC_DIR)
def __configure_instance(self): self.__template_file(paths.KRB5KDC_KDC_CONF, chmod=None) self.__template_file(paths.KRB5_CONF) self.__template_file(paths.HTML_KRB5_INI) self.__template_file(paths.KRB_CON) self.__template_file(paths.HTML_KRBREALM_CON) MIN_KRB5KDC_WITH_WORKERS = "1.9" cpus = os.sysconf('SC_NPROCESSORS_ONLN') workers = False result = ipautil.run(['klist', '-V'], raiseonerr=False, capture_output=True) if result.returncode == 0: verstr = result.output.split()[-1] ver = tasks.parse_ipa_version(verstr) min = tasks.parse_ipa_version(MIN_KRB5KDC_WITH_WORKERS) if ver >= min: workers = True # Write down config file # We write realm and also number of workers (for multi-CPU systems) replacevars = {'KRB5REALM':self.realm} appendvars = {} if workers and cpus > 1: appendvars = {'KRB5KDC_ARGS': "'-w %s'" % str(cpus)} ipautil.backup_config_and_replace_variables(self.fstore, paths.SYSCONFIG_KRB5KDC_DIR, replacevars=replacevars, appendvars=appendvars) tasks.restore_context(paths.SYSCONFIG_KRB5KDC_DIR)
def configure_dirsrv_ccache(self): pent = pwd.getpwnam(platformconstants.DS_USER) ccache = paths.TMP_KRB5CC % pent.pw_uid filepath = paths.SYSCONFIG_DIRSRV if not os.path.exists(filepath): # file doesn't exist; create it with correct ownership & mode open(filepath, "a").close() os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) os.chown(filepath, 0, 0) replacevars = {"KRB5CCNAME": ccache} ipautil.backup_config_and_replace_variables(self.fstore, filepath, replacevars=replacevars) tasks.restore_context(filepath)
def configure_nfs(fstore, statestore, options): """ Configure secure NFS """ # Newer Fedora releases ship /etc/nfs.conf instead of /etc/sysconfig/nfs # and do not require changes there. On these, SECURE_NFS_VAR == None if constants.SECURE_NFS_VAR: replacevars = {constants.SECURE_NFS_VAR: 'yes'} ipautil.backup_config_and_replace_variables( fstore, paths.SYSCONFIG_NFS, replacevars=replacevars ) tasks.restore_context(paths.SYSCONFIG_NFS) print("Configured %s" % paths.SYSCONFIG_NFS) # Prepare the changes # We need to use IPAChangeConf as simple regexp substitution # does not cut it here conf = ipachangeconf.IPAChangeConf("IPA automount installer") conf.case_insensitive_sections = False conf.setOptionAssignment(" = ") conf.setSectionNameDelimiters(("[", "]")) if options.idmapdomain is None: # Set NFSv4 domain to the IPA domain changes = [conf.setOption('Domain', api.env.domain)] elif options.idmapdomain == 'DNS': # Rely on idmapd auto-detection (DNS) changes = [conf.rmOption('Domain')] else: # Set NFSv4 domain to what was provided changes = [conf.setOption('Domain', options.idmapdomain)] if changes is not None: section_with_changes = [conf.setSection('General', changes)] # Backup the file and apply the changes fstore.backup_file(paths.IDMAPD_CONF) conf.changeConf(paths.IDMAPD_CONF, section_with_changes) tasks.restore_context(paths.IDMAPD_CONF) print("Configured %s" % paths.IDMAPD_CONF) rpcgssd = services.knownservices.rpcgssd try: rpcgssd.restart() except Exception as e: logger.error("Failed to restart rpc-gssd (%s)", str(e)) nfsutils = services.knownservices['nfs-utils'] try: nfsutils.restart() except Exception as e: logger.error("Failed to restart nfs client services (%s)", str(e))
def configure_dirsrv_ccache(self): pent = pwd.getpwnam(platformconstants.DS_USER) ccache = paths.TMP_KRB5CC % pent.pw_uid filepath = paths.SYSCONFIG_DIRSRV if not os.path.exists(filepath): # file doesn't exist; create it with correct ownership & mode open(filepath, 'a').close() os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) os.chown(filepath, 0, 0) replacevars = {'KRB5CCNAME': ccache} ipautil.backup_config_and_replace_variables( self.fstore, filepath, replacevars=replacevars) tasks.restore_context(filepath)
def configure_dirsrv_ccache(self): pent = pwd.getpwnam("dirsrv") ccache = '/tmp/krb5cc_%d' % pent.pw_uid filepath = '/etc/sysconfig/dirsrv' if not os.path.exists(filepath): # file doesn't exist; create it with correct ownership & mode open(filepath, 'a').close() os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) os.chown(filepath, 0, 0) replacevars = {'KRB5CCNAME': ccache} old_values = ipautil.backup_config_and_replace_variables( self.fstore, filepath, replacevars=replacevars) ipaservices.restore_context(filepath)
def backup_and_replace_hostname(fstore, statestore, hostname): old_hostname = socket.gethostname() try: ipautil.run(['/bin/hostname', hostname]) except ipautil.CalledProcessError, e: print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) replacevars = {'HOSTNAME':hostname} filepath = '/etc/sysconfig/network' if not os.path.exists(filepath): # file doesn't exist; create it with correct ownership & mode open(filepath, 'a').close() os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) os.chown(filepath, 0, 0) old_values = ipautil.backup_config_and_replace_variables( fstore, filepath, replacevars=replacevars) restore_context("/etc/sysconfig/network") if 'HOSTNAME' in old_values: statestore.backup_state('network', 'hostname', old_values['HOSTNAME']) else: statestore.backup_state('network', 'hostname', old_hostname) def check_selinux_status(restorecon='/sbin/restorecon'): """ We don't have a specific package requirement for policycoreutils which provides restorecon. This is because we don't require SELinux on client installs. However if SELinux is enabled then this package is required. This function returns nothing but may raise a Runtime exception
old_hostname = socket.gethostname() try: ipautil.run(['/bin/hostname', hostname]) except ipautil.CalledProcessError, e: print >> sys.stderr, "Failed to set this machine hostname to %s (%s)." % ( hostname, str(e)) replacevars = {'HOSTNAME': hostname} filepath = '/etc/sysconfig/network' if not os.path.exists(filepath): # file doesn't exist; create it with correct ownership & mode open(filepath, 'a').close() os.chmod(filepath, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) os.chown(filepath, 0, 0) old_values = ipautil.backup_config_and_replace_variables( fstore, filepath, replacevars=replacevars) restore_context("/etc/sysconfig/network") if 'HOSTNAME' in old_values: statestore.backup_state('network', 'hostname', old_values['HOSTNAME']) else: statestore.backup_state('network', 'hostname', old_hostname) def check_selinux_status(restorecon='/sbin/restorecon'): """ We don't have a specific package requirement for policycoreutils which provides restorecon. This is because we don't require SELinux on client installs. However if SELinux is enabled then this package is required.