Hello, This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3856.
-- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc.
From f1a2a00f72961c88530be8aa1a62fb15758d90b5 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic <[email protected]> Date: Thu, 29 Aug 2013 12:11:55 +0200 Subject: [PATCH] Create DS user and group during ipa-restore ipa-restore would fail if DS user did not exist. Check for presence of DS user and group and create them if needed. https://fedorahosted.org/freeipa/ticket/3856 --- install/share/copy-schema-to-ca.py | 5 ++-- install/tools/ipa-replica-install | 15 ++---------- install/tools/ipa-server-install | 11 +-------- ipaserver/install/dsinstance.py | 29 ++++------------------- ipaserver/install/installutils.py | 47 ++++++++++++++++++++++++++++++++++++++ ipaserver/install/ipa_backup.py | 4 ++-- ipaserver/install/ipa_restore.py | 8 ++++--- ipaserver/install/krbinstance.py | 2 +- 8 files changed, 66 insertions(+), 55 deletions(-) diff --git a/install/share/copy-schema-to-ca.py b/install/share/copy-schema-to-ca.py index 1888f12513aa3edf22149e9330afea99f62bf41d..fe99a9256f1298bae1c746ea0c4d41339a4fbebb 100755 --- a/install/share/copy-schema-to-ca.py +++ b/install/share/copy-schema-to-ca.py @@ -15,10 +15,11 @@ import pwd import shutil -from ipapython import services, ipautil, dogtag +from ipapython import services, ipautil from ipapython.ipa_log_manager import root_logger, standard_logging_setup -from ipaserver.install.dsinstance import DS_USER, schema_dirname +from ipaserver.install.dsinstance import schema_dirname from ipaserver.install.cainstance import PKI_USER +from ipaserver.install.installutils import DS_USER from ipalib import api SERVERID = "PKI-IPA" diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 947c51f6f287ffce52994408352601388faf56a6..0c2a1c6804e28cfef89da86c0e3b5fcaf2c5bfa1 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -147,7 +147,7 @@ def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False) def set_owner(config, dir): - pw = pwd.getpwnam(dsinstance.DS_USER) + pw = pwd.getpwnam(installutils.DS_USER) os.chown(dir, pw.pw_uid, pw.pw_gid) def install_replica_ds(config): @@ -574,18 +574,7 @@ def main(): api.finalize() # Create DS group if it doesn't exist yet - try: - grp.getgrnam(dsinstance.DS_GROUP) - root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) - group_exists = True - except KeyError: - group_exists = False - args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] - try: - ipautil.run(args) - root_logger.debug("done adding DS group") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add DS group: %s" % e) + group_exists = installutils.create_ds_group() sstore.backup_state("install", "group_exists", group_exists) #Automatically disable pkinit w/ dogtag until that is supported diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 86ca3447bfaab1763324ce57c67c073a8fa93963..3054a5c99b5d72d74ea3908cfc3d60647c25ce4b 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -971,16 +971,7 @@ def main(): ipaservices.backup_and_replace_hostname(fstore, sstore, host_name) # Create DS group if it doesn't exist yet - try: - grp.getgrnam(dsinstance.DS_GROUP) - root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) - except KeyError: - args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] - try: - ipautil.run(args) - root_logger.debug("done adding DS group") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add DS group: %s" % e) + installutils.create_ds_group() # Create a directory server instance if external != 2: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index f543efadc6568a022fbb0a2ee07833612f9466f7..872e8c1941608f47a52335b1ac813102abdecff3 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -45,8 +45,6 @@ SERVER_ROOT_32 = "/usr/lib/dirsrv" CACERT="/etc/ipa/ca.crt" -DS_USER = 'dirsrv' -DS_GROUP = 'dirsrv' def find_server_root(): if ipautil.dir_exists(SERVER_ROOT_64): @@ -194,7 +192,7 @@ def __init__(self, realm_name=None, domain_name=None, dm_password=None, def __common_setup(self, enable_ssl=False): - self.step("creating directory server user", self.__create_ds_user) + self.step("creating directory server user", installutils.create_ds_user) self.step("creating directory server instance", self.__create_instance) self.step("adding default schema", self.__add_default_schemas) self.step("enabling memberof plugin", self.__add_memberof_module) @@ -337,34 +335,17 @@ def __setup_sub_dict(self): PASSWORD=self.dm_password, RANDOM_PASSWORD=self.generate_random(), SUFFIX=self.suffix, - REALM=self.realm_name, USER=DS_USER, + REALM=self.realm_name, USER=installutils.DS_USER, SERVER_ROOT=server_root, DOMAIN=self.domain, TIME=int(time.time()), IDSTART=self.idstart, IDMAX=self.idmax, HOST=self.fqdn, ESCAPED_SUFFIX=str(self.suffix), - GROUP=DS_GROUP, + GROUP=installutils.DS_GROUP, IDRANGE_SIZE=idrange_size ) - def __create_ds_user(self): - try: - pwd.getpwnam(DS_USER) - root_logger.debug("ds user %s exists" % DS_USER) - except KeyError: - root_logger.debug("adding ds user %s" % DS_USER) - args = ["/usr/sbin/useradd", "-g", DS_GROUP, - "-c", "DS System User", - "-d", "/var/lib/dirsrv", - "-s", "/sbin/nologin", - "-M", "-r", DS_USER] - try: - ipautil.run(args) - root_logger.debug("done adding user") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add user %s" % e) - def __create_instance(self): - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(installutils.DS_USER) self.backup_state("serverid", self.serverid) self.fstore.backup_file("/etc/sysconfig/dirsrv") @@ -413,7 +394,7 @@ def __create_instance(self): os.remove("/var/lib/dirsrv/boot.ldif") def __add_default_schemas(self): - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(installutils.DS_USER) for schema_fname in ("60kerberos.ldif", "60samba.ldif", "60ipaconfig.ldif", diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 268279dc9d22b9f983406303cbfc80c00a2b8fa0..84846221d2800443ba6e291ec9c28b37a482d735 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -28,6 +28,8 @@ from ConfigParser import SafeConfigParser, NoOptionError import traceback import textwrap +import pwd +import grp from contextlib import contextmanager from dns import resolver, rdatatype @@ -49,6 +51,9 @@ 'httpd', 'kadmin', 'dirsrv', 'pki-cad', 'pki-tomcatd', 'install', 'krb5kdc', 'ntpd', 'named', 'ipa_memcached'] +DS_USER = 'dirsrv' +DS_GROUP = 'dirsrv' + class BadHostError(Exception): pass @@ -828,3 +833,45 @@ def stopped_service(service, instance_name=""): yield root_logger.debug('Starting %s%s.', service, log_instance_name) ipaservices.knownservices[service].start(instance_name) + + +def create_ds_user(): + """ + Create DS user if it doesn't exist yet + """ + try: + pwd.getpwnam(DS_USER) + root_logger.debug("DS user %s exists" % DS_USER) + except KeyError: + root_logger.debug("Adding DS user %s" % DS_USER) + args = ["/usr/sbin/useradd", "-g", DS_GROUP, + "-c", "DS System User", + "-d", "/var/lib/dirsrv", + "-s", "/sbin/nologin", + "-M", "-r", DS_USER] + try: + ipautil.run(args) + root_logger.debug("Done adding DS user") + except ipautil.CalledProcessError, e: + root_logger.critical("Failed to add DS user %s" % e) + + +def create_ds_group(): + """ + Create DS group if it doesn't exist yet + """ + try: + grp.getgrnam(DS_GROUP) + root_logger.debug("DS group %s exists" % DS_GROUP) + group_exists = True + except KeyError: + group_exists = False + root_logger.debug("Adding DS group %s" % DS_GROUP) + args = ["/usr/sbin/groupadd", "-r", DS_GROUP] + try: + ipautil.run(args) + root_logger.debug("Done adding DS group") + except ipautil.CalledProcessError, e: + root_logger.critical("Failed to add DS group: %s" % e) + + return group_exists diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 12c62154e94cc89054b0b1450504eef95c0700a4..3605d3508790dfb446f4ebbd32cb6d137049fbe3 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -32,7 +32,7 @@ from ipapython import admintool from ipapython.config import IPAOptionParser from ipapython.dn import DN -from ipaserver.install.dsinstance import realm_to_serverid, DS_USER +from ipaserver.install.dsinstance import realm_to_serverid from ipaserver.install.replication import wait_for_task from ipaserver.install import installutils from ipapython import services as ipaservices @@ -243,7 +243,7 @@ def run(self): self.log.info("Preparing backup on %s", api.env.host) - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(installutils.DS_USER) self.top_dir = tempfile.mkdtemp("ipa") os.chown(self.top_dir, pent.pw_uid, pent.pw_gid) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 2d4be57f7c9643edcee58f35b00baebbb18257f8..8919468467079aac21a4e6b9cf0446ebdfeeedbe 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -33,7 +33,7 @@ from ipapython import admintool from ipapython.config import IPAOptionParser from ipapython.dn import DN -from ipaserver.install.dsinstance import realm_to_serverid, DS_USER +from ipaserver.install.dsinstance import realm_to_serverid from ipaserver.install.cainstance import PKI_USER from ipaserver.install.replication import (wait_for_task, ReplicationManager, CSReplicationManager, get_cs_replication_manager) @@ -190,7 +190,9 @@ def run(self): if options.data_only and not instances: raise admintool.ScriptError('No instances to restore to') - pent = pwd.getpwnam(DS_USER) + installutils.create_ds_group() + installutils.create_ds_user() + pent = pwd.getpwnam(installutils.DS_USER) # Temporary directory for decrypting files before restoring self.top_dir = tempfile.mkdtemp("ipa") @@ -575,7 +577,7 @@ def extract_backup(self, keyring=None): ] run(args) - pent = pwd.getpwnam(DS_USER) + pent = pwd.getpwnam(installutils.DS_USER) os.chown(self.top_dir, pent.pw_uid, pent.pw_gid) recursive_chown(self.dir, pent.pw_uid, pent.pw_gid) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 3c59db8535a85ae5c99c09016b5ff5bc5ea89a11..69c221f94a6edfcf26c07bff359a85a35ec68d87 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -403,7 +403,7 @@ def __create_ds_keytab(self): installutils.create_keytab("/etc/dirsrv/ds.keytab", ldap_principal) update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab") - pent = pwd.getpwnam(dsinstance.DS_USER) + pent = pwd.getpwnam(installutils.DS_USER) os.chown("/etc/dirsrv/ds.keytab", pent.pw_uid, pent.pw_gid) def __create_host_keytab(self): -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
