def __create_instance(self): pent = pwd.getpwnam(DS_USER) self.backup_state("serverid", self.serverid) self.fstore.backup_file("/etc/sysconfig/dirsrv") self.sub_dict['BASEDC'] = self.realm.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) root_logger.debug(base_txt) target_fname = '/var/lib/dirsrv/boot.ldif' base_fd = open(target_fname, "w") base_fd.write(base_txt) base_fd.close() # Must be readable for dirsrv os.chmod(target_fname, 0440) os.chown(target_fname, pent.pw_uid, pent.pw_gid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) root_logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) root_logger.debug(inf_txt) if ipautil.file_exists("/usr/sbin/setup-ds.pl"): args = ["/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name] root_logger.debug("calling setup-ds.pl") else: args = ["/usr/bin/ds_newinst.pl", inf_fd.name] root_logger.debug("calling ds_newinst.pl") try: ipautil.run(args) root_logger.debug("completed creating ds instance") except ipautil.CalledProcessError, e: root_logger.critical("failed to create ds instance %s" % e)
def __create_instance(self): pent = pwd.getpwnam(DS_USER) self.backup_state("serverid", self.serverid) self.fstore.backup_file(paths.SYSCONFIG_DIRSRV) self.sub_dict['BASEDC'] = self.realm.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) root_logger.debug(base_txt) target_fname = paths.DIRSRV_BOOT_LDIF base_fd = open(target_fname, "w") base_fd.write(base_txt) base_fd.close() # Must be readable for dirsrv os.chmod(target_fname, 0440) os.chown(target_fname, pent.pw_uid, pent.pw_gid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) root_logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) root_logger.debug(inf_txt) if ipautil.file_exists(paths.SETUP_DS_PL): args = [paths.SETUP_DS_PL, "--silent", "--logfile", "-", "-f", inf_fd.name] root_logger.debug("calling setup-ds.pl") else: args = [paths.DS_NEWINST_PL, inf_fd.name] root_logger.debug("calling ds_newinst.pl") try: ipautil.run(args) root_logger.debug("completed creating ds instance") except ipautil.CalledProcessError, e: root_logger.critical("failed to create ds instance %s" % e)
def _convert_provider_to_endpoints(self, entry_attrs, provider=None, elements=None): """ Converts provider options to auth-uri and token-uri """ if provider: if provider not in self.idp_providers: raise errors.ValidationError(name='provider', error=_('unknown provider')) # For each string in the template check if a variable # is required, it is provided as an option points = deepcopy(self.idp_providers[provider]) r = string.Template.pattern for (k, v) in points.items(): # build list of variables to be replaced subs = list( chain.from_iterable( (filter(None, s) for s in r.findall(v)))) if subs: for s in subs: if s not in elements: raise errors.ValidationError( name=self.options[s].cli_name, error=_('value is missing')) points[k] = template_str(v, elements) entry_attrs.update(points)
def __create_instance(self): pent = pwd.getpwnam(DS_USER) self.backup_state("serverid", self.serverid) self.fstore.backup_file(paths.SYSCONFIG_DIRSRV) self.sub_dict['BASEDC'] = self.realm.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) root_logger.debug(base_txt) target_fname = paths.DIRSRV_BOOT_LDIF base_fd = open(target_fname, "w") base_fd.write(base_txt) base_fd.close() # Must be readable for dirsrv os.chmod(target_fname, 0o440) os.chown(target_fname, pent.pw_uid, pent.pw_gid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) root_logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) root_logger.debug(inf_txt) args = [ paths.SETUP_DS_PL, "--silent", "--logfile", "-", "-f", inf_fd.name, ] root_logger.debug("calling setup-ds.pl") try: ipautil.run(args) root_logger.debug("completed creating DS instance") except ipautil.CalledProcessError as e: raise RuntimeError("failed to create DS instance %s" % e) # check for open port 389 from now on self.open_ports.append(389) inf_fd.close() os.remove(paths.DIRSRV_BOOT_LDIF)
def named_test_template(host): # create bind instance to get a substitution dict bind = bindinstance.BindInstance() bind.setup_templating( fqdn=host.hostname, realm_name=host.domain.realm, domain_name=host.domain.name, ) sub_dict = bind.sub_dict.copy() sub_dict.update(BINDKEYS_FILE="/etc/named.iscdlv.key") return template_str(OLD_NAMED_TEMPLATE, sub_dict)
def __create_instance(self): pent = pwd.getpwnam(DS_USER) self.backup_state("serverid", self.serverid) self.fstore.backup_file(paths.SYSCONFIG_DIRSRV) self.sub_dict['BASEDC'] = self.realm.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) logger.debug("%s", base_txt) target_fname = paths.DIRSRV_BOOT_LDIF base_fd = open(target_fname, "w") base_fd.write(base_txt) base_fd.close() # Must be readable for dirsrv os.chmod(target_fname, 0o440) os.chown(target_fname, pent.pw_uid, pent.pw_gid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) logger.debug("%s", inf_txt) args = [ paths.SETUP_DS_PL, "--silent", "--logfile", "-", "-f", inf_fd.name, ] logger.debug("calling setup-ds.pl") try: ipautil.run(args) logger.debug("completed creating DS instance") except ipautil.CalledProcessError as e: raise RuntimeError("failed to create DS instance %s" % e) # check for open port 389 from now on self.open_ports.append(389) inf_fd.close() os.remove(paths.DIRSRV_BOOT_LDIF)
def config_ntp(ntp_servers, fstore=None, sysstore=None): path_step_tickers = paths.NTP_STEP_TICKERS path_ntp_conf = paths.NTP_CONF path_ntp_sysconfig = paths.SYSCONFIG_NTPD sub_dict = {} sub_dict["SERVERS_BLOCK"] = "\n".join("server %s" % s for s in ntp_servers) sub_dict["TICKER_SERVERS_BLOCK"] = "\n".join(ntp_servers) nc = ipautil.template_str(ntp_conf, sub_dict) config_step_tickers = False if os.path.exists(path_step_tickers): config_step_tickers = True ns = ipautil.template_str(ntp_step_tickers, sub_dict) __backup_config(path_step_tickers, fstore) __write_config(path_step_tickers, ns) tasks.restore_context(path_step_tickers) if sysstore: module = 'ntp' sysstore.backup_state(module, "enabled", services.knownservices.ntpd.is_enabled()) if config_step_tickers: sysstore.backup_state(module, "step-tickers", True) __backup_config(path_ntp_conf, fstore) __write_config(path_ntp_conf, nc) tasks.restore_context(path_ntp_conf) __backup_config(path_ntp_sysconfig, fstore) __write_config(path_ntp_sysconfig, ntp_sysconfig) tasks.restore_context(path_ntp_sysconfig) # Set the ntpd to start on boot services.knownservices.ntpd.enable() # Restart ntpd services.knownservices.ntpd.restart()
def config_ntp(ntp_servers, fstore = None, sysstore = None): path_step_tickers = paths.NTP_STEP_TICKERS path_ntp_conf = paths.NTP_CONF path_ntp_sysconfig = paths.SYSCONFIG_NTPD sub_dict = {} sub_dict["SERVERS_BLOCK"] = "\n".join("server %s" % s for s in ntp_servers) sub_dict["TICKER_SERVERS_BLOCK"] = "\n".join(ntp_servers) nc = ipautil.template_str(ntp_conf, sub_dict) config_step_tickers = False if os.path.exists(path_step_tickers): config_step_tickers = True ns = ipautil.template_str(ntp_step_tickers, sub_dict) __backup_config(path_step_tickers, fstore) __write_config(path_step_tickers, ns) tasks.restore_context(path_step_tickers) if sysstore: module = 'ntp' sysstore.backup_state(module, "enabled", services.knownservices.ntpd.is_enabled()) if config_step_tickers: sysstore.backup_state(module, "step-tickers", True) __backup_config(path_ntp_conf, fstore) __write_config(path_ntp_conf, nc) tasks.restore_context(path_ntp_conf) __backup_config(path_ntp_sysconfig, fstore) __write_config(path_ntp_sysconfig, ntp_sysconfig) tasks.restore_context(path_ntp_sysconfig) # Set the ntpd to start on boot services.knownservices.ntpd.enable() # Restart ntpd services.knownservices.ntpd.restart()
def __create_instance(self): pent = pwd.getpwnam(DS_USER) self.backup_state("serverid", self.serverid) self.fstore.backup_file("/etc/sysconfig/dirsrv") self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) root_logger.debug(base_txt) target_fname = '/var/lib/dirsrv/boot.ldif' base_fd = open(target_fname, "w") base_fd.write(base_txt) base_fd.close() # Must be readable for dirsrv os.chmod(target_fname, 0440) os.chown(target_fname, pent.pw_uid, pent.pw_gid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) root_logger.debug("writing inf template") inf_fd = ipautil.write_tmp_file(inf_txt) inf_txt = re.sub(r"RootDNPwd=.*\n", "", inf_txt) root_logger.debug(inf_txt) if ipautil.file_exists("/usr/sbin/setup-ds.pl"): args = [ "/usr/sbin/setup-ds.pl", "--silent", "--logfile", "-", "-f", inf_fd.name ] root_logger.debug("calling setup-ds.pl") else: args = ["/usr/bin/ds_newinst.pl", inf_fd.name] root_logger.debug("calling ds_newinst.pl") try: ipautil.run(args) root_logger.debug("completed creating ds instance") except ipautil.CalledProcessError, e: root_logger.critical("failed to create ds instance %s" % e)
def configure_smb_conf(fstore, statestore, options, domains): sub_dict = { "samba_keytab": paths.SAMBA_KEYTAB, "realm": api.env.realm, "machine_name": options.netbiosname, } # First domain in the list is ours, pull our domain name from there sub_dict["netbios_name"] = domains[0]["netbios_name"] # Construct elements of smb.conf by pre-rendering idmap configuration template = [smb_conf_template] for dom in domains: template.extend([ipautil.template_str(idmap_conf_domain_snippet, dom)]) # Add default homes share so that users can log into Samba if not options.no_homes: template.extend([homes_conf_snippet]) fstore.backup_file(paths.SMB_CONF) with open(paths.SMB_CONF, "w") as f: f.write(ipautil.template_str("\n".join(template), sub_dict)) tasks.restore_context(paths.SMB_CONF)
def config_ntp(server_fqdn, fstore = None, sysstore = None): path_step_tickers = "/etc/ntp/step-tickers" path_ntp_conf = "/etc/ntp.conf" path_ntp_sysconfig = "/etc/sysconfig/ntpd" sub_dict = { } sub_dict["SERVER"] = server_fqdn nc = ipautil.template_str(ntp_conf, sub_dict) config_step_tickers = False if os.path.exists(path_step_tickers): config_step_tickers = True ns = ipautil.template_str(ntp_step_tickers, sub_dict) __backup_config(path_step_tickers, fstore) __write_config(path_step_tickers, ns) ipaservices.restore_context(path_step_tickers) if sysstore: module = 'ntp' sysstore.backup_state(module, "enabled", ipaservices.knownservices.ntpd.is_enabled()) if config_step_tickers: sysstore.backup_state(module, "step-tickers", True) __backup_config(path_ntp_conf, fstore) __write_config(path_ntp_conf, nc) ipaservices.restore_context(path_ntp_conf) __backup_config(path_ntp_sysconfig, fstore) __write_config(path_ntp_sysconfig, ntp_sysconfig) ipaservices.restore_context(path_ntp_sysconfig) # Set the ntpd to start on boot ipaservices.knownservices.ntpd.enable() # Restart ntpd ipaservices.knownservices.ntpd.restart()
def config_ntp(server_fqdn, fstore=None, sysstore=None): path_step_tickers = "/etc/ntp/step-tickers" path_ntp_conf = "/etc/ntp.conf" path_ntp_sysconfig = "/etc/sysconfig/ntpd" sub_dict = {} sub_dict["SERVER"] = server_fqdn nc = ipautil.template_str(ntp_conf, sub_dict) config_step_tickers = False if os.path.exists(path_step_tickers): config_step_tickers = True ns = ipautil.template_str(ntp_step_tickers, sub_dict) __backup_config(path_step_tickers, fstore) __write_config(path_step_tickers, ns) ipaservices.restore_context(path_step_tickers) if sysstore: module = 'ntp' sysstore.backup_state(module, "enabled", ipaservices.knownservices.ntpd.is_enabled()) if config_step_tickers: sysstore.backup_state(module, "step-tickers", True) __backup_config(path_ntp_conf, fstore) __write_config(path_ntp_conf, nc) ipaservices.restore_context(path_ntp_conf) __backup_config(path_ntp_sysconfig, fstore) __write_config(path_ntp_sysconfig, ntp_sysconfig) ipaservices.restore_context(path_ntp_sysconfig) # Set the ntpd to start on boot ipaservices.knownservices.ntpd.enable() # Restart ntpd ipaservices.knownservices.ntpd.restart()
def update_permission(self, ldap, obj, name, template, anonymous_read_aci): """Update the given permission and the corresponding ACI""" assert name.startswith('System:') dn = self.api.Object[permission].get_dn(name) permission_plugin = self.api.Object[permission] try: attrs_list = list(permission_plugin.default_attributes) attrs_list.remove('memberindirect') entry = ldap.get_entry(dn, attrs_list) is_new = False except errors.NotFound: entry = ldap.make_entry(dn) is_new = True self.update_entry(obj, entry, template, anonymous_read_aci, is_new=is_new) remove_legacy = False if 'replaces' in template: sub_dict = { 'SUFFIX': str(self.api.env.basedn), 'REALM': str(self.api.env.realm), } legacy_acistrs = [ipautil.template_str(r, sub_dict) for r in template['replaces']] legacy_aci = ACI(legacy_acistrs[0]) prefix, sep, legacy_name = legacy_aci.name.partition(':') assert prefix == 'permission' and sep legacy_dn = permission_plugin.get_dn(legacy_name) try: legacy_entry = ldap.get_entry(legacy_dn, ['ipapermissiontype', 'cn']) except errors.NotFound: logger.debug("Legacy permission %s not found", legacy_name) else: if 'ipapermissiontype' not in legacy_entry: if is_new: _acientry, acistr = ( permission_plugin._get_aci_entry_and_string( legacy_entry, notfound_ok=True)) try: included, excluded = self.get_upgrade_attr_lists( acistr, legacy_acistrs) except IncompatibleACIModification: logger.error( "Permission '%s' has been modified from its " "default; not updating it to '%s'.", legacy_name, name) return else: logger.debug("Merging attributes from legacy " "permission '%s'", legacy_name) logger.debug("Included attrs: %s", ', '.join(sorted(included))) logger.debug("Excluded attrs: %s", ', '.join(sorted(excluded))) entry['ipapermincludedattr'] = list(included) entry['ipapermexcludedattr'] = list(excluded) remove_legacy = True else: logger.debug("Ignoring attributes in legacy " "permission '%s' because '%s' exists", legacy_name, name) remove_legacy = True else: logger.debug("Ignoring V2 permission named '%s'", legacy_name) update_aci = True logger.debug('Updating managed permission: %s', name) if is_new: ldap.add_entry(entry) else: try: ldap.update_entry(entry) except errors.EmptyModlist: logger.debug('No changes to permission: %s', name) update_aci = False if update_aci: logger.debug('Updating ACI for managed permission: %s', name) permission_plugin.update_aci(entry) if remove_legacy: logger.debug("Removing legacy permission '%s'", legacy_name) self.api.Command[permission_del](unicode(legacy_name)) for name in template.get('replaces_system', ()): name = unicode(name) try: entry = ldap.get_entry(permission_plugin.get_dn(name), ['ipapermissiontype']) except errors.NotFound: logger.debug("Legacy permission '%s' not found", name) else: flags = entry.get('ipapermissiontype', []) if list(flags) == ['SYSTEM']: logger.debug("Removing legacy permission '%s'", name) self.api.Command[permission_del](name, force=True) else: logger.debug("Ignoring V2 permission '%s'", name)
def _template_str(self, s): try: return ipautil.template_str(s, self.sub_dict) except KeyError as e: raise BadSyntax("Unknown template keyword %s" % e)