Hello, Patch for https://fedorahosted.org/freeipa/ticket/4399. Let me know if I missed any.
Thanks, Gabe
From f55ea771a16f1083ad2ea4cdf4cb81abc9e5c194 Mon Sep 17 00:00:00 2001 From: Gabe <redhatri...@gmail.com> Date: Wed, 24 Sep 2014 20:14:11 -0600 Subject: [PATCH] Remove trivial path constants from modules https://fedorahosted.org/freeipa/ticket/4399 --- .../certmonger/dogtag-ipa-ca-renew-agent-submit | 8 +-- install/tools/ipa-adtrust-install | 8 +-- install/tools/ipa-ca-install | 5 +- install/tools/ipa-dns-install | 8 +-- install/tools/ipa-replica-conncheck | 9 ++- install/tools/ipa-replica-install | 6 +- install/tools/ipa-server-install | 39 +++++------- install/tools/ipa-upgradeconfig | 30 ++++----- install/wsgi/plugins.py | 6 +- ipa-client/ipa-install/ipa-client-automount | 62 +++++++++---------- ipa-client/ipa-install/ipa-client-install | 72 ++++++++++------------ ipa-client/ipaclient/ntpconf.py | 28 ++++----- ipalib/session.py | 5 +- ipaplatform/fedora/tasks.py | 44 ++++++------- ipapython/certmonger.py | 8 +-- ipapython/ipautil.py | 3 - ipapython/sysrestore.py | 5 +- ipaserver/dcerpc.py | 3 +- ipaserver/install/adtrustinstance.py | 15 ++--- ipaserver/install/bindinstance.py | 23 +++---- ipaserver/install/certs.py | 6 +- ipaserver/install/dsinstance.py | 35 +++++------ ipaserver/install/httpinstance.py | 32 ++++------ ipaserver/install/ipa_backup.py | 7 +-- ipaserver/install/ipa_replica_prepare.py | 15 ++--- ipaserver/install/ldapupdate.py | 3 - ipaserver/install/sysupgrade.py | 5 +- ipaserver/install/upgradeinstance.py | 5 +- ipaserver/rpcserver.py | 5 +- 29 files changed, 203 insertions(+), 297 deletions(-) diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 4f0b78accac6840471f8b2e9f17288b3b4e82105..942ffec65d7b041fc6f9d3b2c19d3596fae79d31 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -71,8 +71,7 @@ def request_cert(): syslog.syslog(syslog.LOG_NOTICE, "Forwarding request to dogtag-ipa-renew-agent") - path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT - args = [path] + sys.argv[1:] + args = [paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT] + sys.argv[1:] stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ) sys.stderr.write(stderr) sys.stderr.flush() @@ -282,12 +281,11 @@ def export_csr(): if not cert: return (REJECTED, "New certificate requests not supported") - csr_file = paths.IPA_CA_CSR try: - with open(csr_file, 'wb') as f: + with open(paths.IPA_CA_CSR, 'wb') as f: f.write(csr) except Exception, e: - return (UNREACHABLE, "Failed to write %s: %s" % (csr_file, e)) + return (UNREACHABLE, "Failed to write %s: %s" % (paths.IPA_CA_CSR, e)) return (ISSUED, cert) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 7b616c1b65c60945a2e5dc19c4afc39dad285978..40b1494365c1bdd357c7a1b9ac110dfdeadde634 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -33,8 +33,6 @@ from ipaplatform.paths import paths from ipapython.ipa_log_manager import * from ipapython.dn import DN -log_file_name = paths.IPASERVER_INSTALL_LOG - def parse_options(): parser = IPAOptionParser(version=version.VERSION) parser.add_option("-d", "--debug", dest="debug", action="store_true", @@ -213,8 +211,8 @@ def main(): if os.getegid() != 0: sys.exit("Must be root to setup AD trusts on server") - standard_logging_setup(log_file_name, debug=options.debug, filemode='a') - print "\nThe log file for this installation can be found in %s" % log_file_name + standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug, filemode='a') + print "\nThe log file for this installation can be found in %s" % paths.IPASERVER_INSTALL_LOG root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) root_logger.debug("missing options might be asked for interactively later\n") @@ -452,5 +450,5 @@ information""" return 0 if __name__ == '__main__': - run_script(main, log_file_name=log_file_name, + run_script(main, log_file_name=paths.IPASERVER_INSTALL_LOG, operation_name='ipa-adtrust-install') diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 475794bb6186725ad5ab079adfb98849c589e67e..631b12d93f2cdc3648185f942bd6f2b1f15e5028 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -42,7 +42,6 @@ from ipapython.ipa_log_manager import * from ipaplatform import services from ipaplatform.paths import paths -log_file_name = paths.IPAREPLICA_CA_INSTALL_LOG REPLICA_INFO_TOP_DIR = None def parse_options(): @@ -119,7 +118,7 @@ def install_dns_records(config, options): def install_replica(safe_options, options, filename): - standard_logging_setup(log_file_name, debug=options.debug) + standard_logging_setup(paths.IPAREPLICA_CA_INSTALL_LOG, debug=options.debug) root_logger.debug('%s was invoked with argument "%s" and options: %s', sys.argv[0], filename, safe_options) @@ -395,7 +394,7 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up. if __name__ == '__main__': try: with private_ccache(): - installutils.run_script(main, log_file_name=log_file_name, + installutils.run_script(main, log_file_name=paths.IPAREPLICA_CA_INSTALL_LOG, operation_name='ipa-ca-install', fail_message=fail_message) finally: diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index c9ea63ce3ce719324737c94fc35996a294cbb10f..8ba9a3e6c32ffb0224ed14e6dc9f89c6cfd22c1f 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -34,8 +34,6 @@ from ipapython.config import IPAOptionParser from ipapython.ipa_log_manager import standard_logging_setup, root_logger from ipapython.ipautil import DN -log_file_name = paths.IPASERVER_INSTALL_LOG - def parse_options(): parser = IPAOptionParser(version=version.VERSION) parser.add_option("-p", "--ds-password", dest="dm_password", @@ -77,8 +75,8 @@ def main(): if os.getegid() != 0: sys.exit("Must be root to setup server") - standard_logging_setup(log_file_name, debug=options.debug, filemode='a') - print "\nThe log file for this installation can be found in %s" % log_file_name + standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug, filemode='a') + print "\nThe log file for this installation can be found in %s" % paths.IPASERVER_INSTALL_LOG root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options)) root_logger.debug("missing options might be asked for interactively later\n") @@ -234,5 +232,5 @@ def main(): if __name__ == '__main__': with private_ccache(): - installutils.run_script(main, log_file_name=log_file_name, + installutils.run_script(main, log_file_name=paths.IPASERVER_INSTALL_LOG, operation_name='ipa-dns-install') diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 88e42bafbc600fb7c36b7727c770e75edccd2196..349d6fd83fc1a0f4c3ed026b11c7500af5e526fb 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -42,7 +42,6 @@ from ipaplatform.paths import paths CONNECT_TIMEOUT = 5 RESPONDERS = [ ] QUIET = False -CCACHE_FILE = paths.CONNCHECK_CCACHE KRB5_CONFIG = None class SshExec(object): @@ -67,7 +66,7 @@ class SshExec(object): if verbose: cmd.insert(1, '-v') - env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME': CCACHE_FILE} + env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME': paths.CONNCHECK_CCACHE} return ipautil.run(cmd, env=env, raiseonerr=False) @@ -374,7 +373,7 @@ def main(): stderr='' (stdout, stderr, returncode) = ipautil.run([paths.KINIT, principal], - env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE}, + env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':paths.CONNCHECK_CCACHE}, stdin=password, raiseonerr=False) if returncode != 0: raise RuntimeError("Cannot acquire Kerberos ticket: %s" % stderr) @@ -383,7 +382,7 @@ def main(): stderr='' (stdout, stderr, returncode) = ipautil.run([paths.BIN_KVNO, 'host/%s' % options.master], - env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE}, + env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':paths.CONNCHECK_CCACHE}, raiseonerr=False) if returncode != 0: raise RuntimeError("Could not get ticket for master server: %s" % stderr) @@ -427,7 +426,7 @@ if __name__ == "__main__": sys.exit(e) finally: clean_responders(RESPONDERS) - for file_name in (CCACHE_FILE, KRB5_CONFIG): + for file_name in (paths.CONNCHECK_CCACHE, KRB5_CONFIG): if file_name: try: os.remove(file_name) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2986685d0975024428480d191cb0188d4a499f02..0f16011b105c97ecab33a95fc3d4425190a7a53a 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -54,7 +54,6 @@ from ipaplatform.tasks import tasks from ipaplatform import services from ipaplatform.paths import paths -log_file_name = paths.IPAREPLICA_INSTALL_LOG DIRMAN_DN = DN(('cn', 'directory manager')) REPLICA_INFO_TOP_DIR = None @@ -456,7 +455,7 @@ def main(): if os.geteuid() != 0: sys.exit("\nYou must be root to run this script.\n") - standard_logging_setup(log_file_name, debug=options.debug) + standard_logging_setup(paths.IPAREPLICA_INSTALL_LOG, debug=options.debug) root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options)) root_logger.debug('IPA version %s' % version.VENDOR_VERSION) @@ -751,7 +750,8 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up. if __name__ == '__main__': try: with private_ccache(): - installutils.run_script(main, log_file_name=log_file_name, + installutils.run_script(main, + log_file_name=paths.IPAREPLICA_INSTALL_LOG, operation_name='ipa-replica-install', fail_message=fail_message) finally: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 86422e3322068dd80f37a4b5dc6dde77dfb57387..361548314bdda0e8357dbcbc2aee010f42c4fee3 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -92,8 +92,6 @@ VALID_SUBJECT_ATTRS = ['st', 'o', 'ou', 'dnqualifier', 'c', 'incorporationlocality', 'incorporationstate', 'incorporationcountry', 'businesscategory'] -SYSRESTORE_DIR_PATH = paths.SYSRESTORE - def subject_callback(option, opt_str, value, parser): """ Make sure the certificate subject base is a valid DN @@ -359,31 +357,29 @@ def signal_handler(signum, frame): dsinstance.erase_ds_instance_data (ds.serverid) sys.exit(1) -ANSWER_CACHE = paths.ROOT_IPA_CACHE - def read_cache(dm_password): """ Returns a dict of cached answers or empty dict if no cache file exists. """ - if not ipautil.file_exists(ANSWER_CACHE): + if not ipautil.file_exists(paths.ROOT_IPA_CACHE): return {} top_dir = tempfile.mkdtemp("ipa") fname = "%s/cache" % top_dir try: - decrypt_file(ANSWER_CACHE, fname, dm_password, top_dir) + decrypt_file(paths.ROOT_IPA_CACHE, fname, dm_password, top_dir) except Exception, e: shutil.rmtree(top_dir) - raise Exception("Decryption of answer cache in %s failed, please check your password." % ANSWER_CACHE) + raise Exception("Decryption of answer cache in %s failed, please check your password." % paths.ROOT_IPA_CACHE) try: with open(fname, 'rb') as f: try: optdict = pickle.load(f) except Exception, e: - raise Exception("Parse error in %s: %s" % (ANSWER_CACHE, str(e))) + raise Exception("Parse error in %s: %s" % (paths.ROOT_IPA_CACHE, str(e))) except IOError, e: - raise Exception("Read error in %s: %s" % (ANSWER_CACHE, str(e))) + raise Exception("Read error in %s: %s" % (paths.ROOT_IPA_CACHE, str(e))) finally: shutil.rmtree(top_dir) @@ -405,7 +401,7 @@ def write_cache(options): try: with open(fname, 'wb') as f: pickle.dump(options, f) - ipautil.encrypt_file(fname, ANSWER_CACHE, options['dm_password'], top_dir) + ipautil.encrypt_file(fname, paths.ROOT_IPA_CACHE, options['dm_password'], top_dir) except IOError, e: raise Exception("Unable to cache command-line options %s" % str(e)) finally: @@ -542,7 +538,7 @@ def uninstall(): tasks.restore_network_configuration(fstore, sstore) fstore.restore_all_files() try: - os.remove(ANSWER_CACHE) + os.remove(paths.ROOT_IPA_CACHE) except Exception: pass try: @@ -567,11 +563,11 @@ def uninstall(): sysupgrade.remove_upgrade_file() if fstore.has_files(): - root_logger.error('Some files have not been restored, see %s/sysrestore.index' % SYSRESTORE_DIR_PATH) + root_logger.error('Some files have not been restored, see %s/sysrestore.index' % paths.SYSRESTORE) has_state = False for module in IPA_MODULES: # from installutils if sstore.has_state(module): - root_logger.error('Some installation state for %s has not been restored, see %s/sysrestore.state' % (module, SYSRESTORE_DIR_PATH)) + root_logger.error('Some installation state for %s has not been restored, see %s/sysrestore.state' % (module, paths.SYSRESTORE)) has_state = True rv = 1 @@ -579,7 +575,7 @@ def uninstall(): root_logger.error('Some installation state has not been restored.\n' 'This may cause re-installation to fail.\n' 'It should be safe to remove %s/sysrestore.state but it may\n' - 'mean your system hasn\'t be restored to its pre-installation state.' % SYSRESTORE_DIR_PATH) + 'mean your system hasn\'t be restored to its pre-installation state.' % paths.SYSRESTORE) # Note that this name will be wrong after the first uninstall. dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm)) @@ -649,9 +645,9 @@ def main(): root_logger.debug('IPA version %s' % version.VENDOR_VERSION) global fstore - fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH) + fstore = sysrestore.FileStore(paths.SYSRESTORE) global sstore - sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH) + sstore = sysrestore.StateFile(paths.SYSRESTORE) # Configuration for ipalib, we will bootstrap and finalize later, after # we are sure we have the configuration file ready. @@ -741,7 +737,7 @@ def main(): sys.exit(1) # This will override any settings passed in on the cmdline - if ipautil.file_exists(ANSWER_CACHE): + if ipautil.file_exists(paths.ROOT_IPA_CACHE): if options.dm_password is not None: dm_password = options.dm_password else: @@ -1023,8 +1019,7 @@ def main(): installation_cleanup = False # Create the management framework config file and finalize api - target_fname = paths.IPA_DEFAULT_CONF - fd = open(target_fname, "w") + fd = open(paths.IPA_DEFAULT_CONF, "w") fd.write("[global]\n") fd.write("host=%s\n" % host_name) fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name)) @@ -1045,7 +1040,7 @@ def main(): fd.close() # Must be readable for everyone - os.chmod(target_fname, 0644) + os.chmod(paths.IPA_DEFAULT_CONF, 0644) api.bootstrap(**cfg) api.finalize() @@ -1298,8 +1293,8 @@ def main(): print "In order for Firefox autoconfiguration to work you will need to" print "use a SSL signing certificate. See the IPA documentation for more details." - if ipautil.file_exists(ANSWER_CACHE): - os.remove(ANSWER_CACHE) + if ipautil.file_exists(paths.ROOT_IPA_CACHE): + os.remove(paths.ROOT_IPA_CACHE) return 0 if __name__ == '__main__': diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 3914eb59066b515d33bebc19ca5afb4f50548bb2..3ecca621b292e994ec1239871c1c28d20aa02ceb 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -115,20 +115,18 @@ def update_conf(sub_dict, filename, template_filename): def find_hostname(): """Find the hostname currently configured in ipa-rewrite.conf""" - filename=paths.HTTPD_IPA_REWRITE_CONF - - if not ipautil.file_exists(filename): + if not ipautil.file_exists(paths.HTTPD_IPA_REWRITE_CONF): return None pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*" p = re.compile(pattern) - for line in fileinput.input(filename): + for line in fileinput.input(paths.HTTPD_IPA_REWRITE_CONF): if p.search(line): fileinput.close() return p.search(line).group(1) fileinput.close() - raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename) + raise RuntimeError("Unable to determine the fully qualified hostname from %s" % paths.HTTPD_IPA_REWRITE_CONF) def find_autoredirect(fqdn): """ @@ -138,11 +136,10 @@ def find_autoredirect(fqdn): Returns True if autoredirect is enabled, False otherwise """ - filename = paths.HTTPD_IPA_REWRITE_CONF - if os.path.exists(filename): + if os.path.exists(paths.HTTPD_IPA_REWRITE_CONF): pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn p = re.compile(pattern) - for line in fileinput.input(filename): + for line in fileinput.input(paths.HTTPD_IPA_REWRITE_CONF): if p.search(line): fileinput.close() return True @@ -202,11 +199,10 @@ def check_certs(): """Check ca.crt is in the right place, and try to fix if not""" root_logger.info('[Verifying that root certificate is published]') if not os.path.exists(paths.CA_CRT): - ca_file = paths.ALIAS_CACERT_ASC - if os.path.exists(ca_file): + if os.path.exists(paths.SYSCONFIG_HTTPD): old_umask = os.umask(022) # make sure its readable by httpd try: - shutil.copyfile(ca_file, paths.CA_CRT) + shutil.copyfile(paths.SYSCONFIG_HTTPD, paths.CA_CRT) finally: os.umask(old_umask) else: @@ -731,11 +727,10 @@ def certificate_renewal_update(ca): if not sysupgrade.get_upgrade_state('dogtag', 'certificate_renewal_update_1'): - filename = paths.CERTMONGER_CAS_CA_RENEWAL - if os.path.exists(filename): + if os.path.exists(paths.CERTMONGER_CAS_CA_RENEWAL): with installutils.stopped_service('certmonger'): - root_logger.info("Removing %s" % filename) - installutils.remove_file(filename) + root_logger.info("Removing %s" % paths.CERTMONGER_CAS_CA_RENEWAL) + installutils.remove_file(paths.CERTMONGER_CAS_CA_RENEWAL) ca.configure_certmonger_renewal() ca.configure_renewal() @@ -1112,11 +1107,10 @@ def main(): update_dbmodules(api.env.realm) uninstall_ipa_kpasswd() - removed_sysconfig_file = paths.SYSCONFIG_HTTPD - if fstore.has_file(removed_sysconfig_file): + if fstore.has_file(paths.SYSCONFIG_HTTPD): root_logger.info('Restoring %s as it is no longer required', removed_sysconfig_file) - fstore.restore_file(removed_sysconfig_file) + fstore.restore_file(paths.SYSCONFIG_HTTPD) http = httpinstance.HTTPInstance(fstore) http.remove_httpd_ccache() diff --git a/install/wsgi/plugins.py b/install/wsgi/plugins.py index 82b35eb438f7915e0672cbc116fa8344a2704bf4..7d1bdcf8210689e17864a3467334e32490059e43 100644 --- a/install/wsgi/plugins.py +++ b/install/wsgi/plugins.py @@ -25,14 +25,12 @@ import os from ipaplatform.paths import paths from ipapython.ipa_log_manager import root_logger -PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR - def get_plugin_index(): - if not os.path.isdir(PLUGINS_DIR): + if not os.path.isdir(paths.IPA_CA_CSR): raise Exception("Supplied plugin directory path is not a directory") - dirs = os.listdir(PLUGINS_DIR) + dirs = os.listdir(paths.IPA_CA_CSR) index = 'define([],function(){return[' index += ','.join("'"+x+"'" for x in dirs) index += '];});' diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount index 110e0ba13287e8c3061864b2e6c7b27d0ca83a6c..a275284b2d03fedf448e8e86984e0d279c102d54 100755 --- a/ipa-client/ipa-install/ipa-client-automount +++ b/ipa-client/ipa-install/ipa-client-automount @@ -41,12 +41,6 @@ from ipaplatform.tasks import tasks from ipaplatform import services from ipaplatform.paths import paths -AUTOFS_CONF = paths.SYSCONFIG_AUTOFS -NSSWITCH_CONF = paths.NSSWITCH_CONF -AUTOFS_LDAP_AUTH = paths.AUTOFS_LDAP_AUTH_CONF -NFS_CONF = paths.SYSCONFIG_NFS -IDMAPD_CONF = paths.IDMAPD_CONF - def parse_options(): usage = "%prog [options]\n" parser = OptionParser(usage=usage) @@ -96,10 +90,10 @@ def wait_for_sssd(): def configure_xml(fstore): from lxml import etree - fstore.backup_file(AUTOFS_LDAP_AUTH) + fstore.backup_file(paths.AUTOFS_LDAP_AUTH_CONF) try: - f = open(AUTOFS_LDAP_AUTH, 'r') + f = open(paths.AUTOFS_LDAP_AUTH_CONF, 'r') lines = f.read() f.close() @@ -113,7 +107,7 @@ def configure_xml(fstore): root = element[0].getroottree() if len(element) != 1: - raise RuntimeError('Unable to parse %s' % AUTOFS_LDAP_AUTH) + raise RuntimeError('Unable to parse %s' % paths.AUTOFS_LDAP_AUTH_CONF) element[0].set('usetls', 'no') element[0].set('tlsrequired', 'no') @@ -121,20 +115,20 @@ def configure_xml(fstore): element[0].set('authtype', 'GSSAPI') element[0].set('clientprinc', 'host/%s@%s' % (api.env.host, api.env.realm)) - newconf = open(AUTOFS_LDAP_AUTH, 'w') + newconf = open(paths.AUTOFS_LDAP_AUTH_CONF, 'w') try: root.write(newconf, pretty_print=True, xml_declaration=True, encoding='UTF-8') newconf.close() except IOError, e: - print "Unable to write %s: %s" % (AUTOFS_LDAP_AUTH, e) - print "Configured %s" % AUTOFS_LDAP_AUTH + print "Unable to write %s: %s" % (paths.AUTOFS_LDAP_AUTH_CONF, e) + print "Configured %s" % paths.AUTOFS_LDAP_AUTH_CONF def configure_nsswitch(fstore, options): """ Point automount to ldap in nsswitch.conf. This function is for non-SSSD setups only """ - fstore.backup_file(NSSWITCH_CONF) + fstore.backup_file(paths.NSSWITCH_CONF) conf = ipachangeconf.IPAChangeConf("IPA Installer") conf.setOptionAssignment(':') @@ -144,9 +138,9 @@ def configure_nsswitch(fstore, options): opts = [{'name':'automount', 'type':'option', 'action':'set', 'value':nss_value}, {'name':'empty', 'type':'empty'}] - conf.changeConf(NSSWITCH_CONF, opts) + conf.changeConf(paths.NSSWITCH_CONF, opts) - print "Configured %s" % NSSWITCH_CONF + print "Configured %s" % paths.NSSWITCH_CONF def configure_autofs_sssd(fstore, statestore, autodiscover, options): try: @@ -221,11 +215,11 @@ def configure_autofs(fstore, statestore, autodiscover, server, options): } ipautil.backup_config_and_replace_variables(fstore, - AUTOFS_CONF, replacevars=replacevars) - tasks.restore_context(AUTOFS_CONF) + paths.SYSCONFIG_AUTOFS, replacevars=replacevars) + tasks.restore_context(paths.SYSCONFIG_AUTOFS) statestore.backup_state('autofs', 'sssd', False) - print "Configured %s" % AUTOFS_CONF + print "Configured %s" % paths.SYSCONFIG_AUTOFS def configure_autofs_common(fstore, statestore, options): autofs = services.knownservices.autofs @@ -244,16 +238,16 @@ def configure_autofs_common(fstore, statestore, options): def uninstall(fstore, statestore): print "Restoring configuration" - if fstore.has_file(AUTOFS_CONF): - fstore.restore_file(AUTOFS_CONF) - if fstore.has_file(NSSWITCH_CONF): - fstore.restore_file(NSSWITCH_CONF) - if fstore.has_file(AUTOFS_LDAP_AUTH): - fstore.restore_file(AUTOFS_LDAP_AUTH) - if fstore.has_file(NFS_CONF): - fstore.restore_file(NFS_CONF) - if fstore.has_file(IDMAPD_CONF): - fstore.restore_file(IDMAPD_CONF) + if fstore.has_file(paths.SYSCONFIG_AUTOFS): + fstore.restore_file(paths.SYSCONFIG_AUTOFS) + if fstore.has_file(paths.NSSWITCH_CONF): + fstore.restore_file(paths.NSSWITCH_CONF) + if fstore.has_file(paths.AUTOFS_LDAP_AUTH_CONF): + fstore.restore_file(paths.AUTOFS_LDAP_AUTH_CONF) + if fstore.has_file(paths.SYSCONFIG_NFS): + fstore.restore_file(paths.SYSCONFIG_NFS) + if fstore.has_file(paths.IDMAPD_CONF): + fstore.restore_file(paths.IDMAPD_CONF) if statestore.has_state('autofs'): enabled = statestore.restore_state('autofs', 'enabled') running = statestore.restore_state('autofs', 'running') @@ -314,19 +308,19 @@ def configure_nfs(fstore, statestore): 'SECURE_NFS': 'yes', } ipautil.backup_config_and_replace_variables(fstore, - NFS_CONF, replacevars=replacevars) - tasks.restore_context(NFS_CONF) + paths.SYSCONFIG_NFS, replacevars=replacevars) + tasks.restore_context(paths.SYSCONFIG_NFS) - print "Configured %s" % NFS_CONF + print "Configured %s" % paths.SYSCONFIG_NFS replacevars = { 'Domain': api.env.domain, } ipautil.backup_config_and_replace_variables(fstore, - IDMAPD_CONF, replacevars=replacevars) - tasks.restore_context(IDMAPD_CONF) + paths.IDMAPD_CONF, replacevars=replacevars) + tasks.restore_context(paths.IDMAPD_CONF) - print "Configured %s" % IDMAPD_CONF + print "Configured %s" % paths.IDMAPD_CONF rpcidmapd = services.knownservices.rpcidmapd statestore.backup_state('rpcidmapd', 'enabled', rpcidmapd.is_enabled()) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index b3da28df19654a2bf676fd7499057828394c9618..c55ea1b633c1efa81290f2d64205f7f796545b5e 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -70,10 +70,6 @@ CLIENT_NOT_CONFIGURED = 2 CLIENT_ALREADY_CONFIGURED = 3 CLIENT_UNINSTALL_ERROR = 4 # error after restoring files/state -SSH_AUTHORIZEDKEYSCOMMAND = paths.SSS_SSH_AUTHORIZEDKEYS -SSH_PROXYCOMMAND = paths.SSS_SSH_KNOWNHOSTSPROXY -SSH_KNOWNHOSTSFILE = paths.SSSD_PUBCONF_KNOWN_HOSTS - client_nss_nickname_format = 'IPA Machine Certificate - %s' def parse_options(): @@ -235,19 +231,18 @@ def nickname_exists(nickname): return False def purge_ipa_certs(additional=[]): - filename = paths.NSSDB_IPA_TXT - if file_exists(filename): + if file_exists(paths.NSSDB_IPA_TXT): try: - with open(filename, 'r') as f: + with open(paths.NSSDB_IPA_TXT, 'r') as f: lines = f.readlines() except IOError, e: - root_logger.error("Failed to open %s: %s", filename, e) + root_logger.error("Failed to open %s: %s", paths.NSSDB_IPA_TXT, e) return False finally: try: - os.unlink(filename) + os.unlink(paths.NSSDB_IPA_TXT) except OSError, e: - root_logger.error("Failed to remove %s: %s", filename, e) + root_logger.error("Failed to remove %s: %s", paths.NSSDB_IPA_TXT, e) return False else: lines = [] @@ -831,10 +826,9 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server): opts.append({'name':'global', 'type':'section', 'value':defopts}) opts.append({'name':'empty', 'type':'empty'}) - target_fname = paths.IPA_DEFAULT_CONF - fstore.backup_file(target_fname) - ipaconf.newConf(target_fname, opts) - os.chmod(target_fname, 0644) + fstore.backup_file(paths.IPA_DEFAULT_CONF) + ipaconf.newConf(paths.IPA_DEFAULT_CONF, opts) + os.chmod(paths.IPA_DEFAULT_CONF, 0644) return 0 @@ -984,26 +978,25 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server): {'action':'addifnotset', 'name':'TLS_CACERT', 'type':'option', 'value':CACERT},] - target_fname = paths.OPENLDAP_LDAP_CONF - fstore.backup_file(target_fname) + fstore.backup_file(paths.OPENLDAP_LDAP_CONF) error_msg = "Configuring {path} failed with: {err}" try: - ldapconf.changeConf(target_fname, opts) + ldapconf.changeConf(paths.OPENLDAP_LDAP_CONF, opts) except SyntaxError, e: - root_logger.info("Could not parse {path}".format(path=target_fname)) - root_logger.debug(error_msg.format(path=target_fname, err=str(e))) + root_logger.info("Could not parse {path}".format(path=paths.OPENLDAP_LDAP_CONF)) + root_logger.debug(error_msg.format(path=paths.OPENLDAP_LDAP_CONF, err=str(e))) return False except IOError,e : - root_logger.info("{path} does not exist.".format(path=target_fname)) - root_logger.debug(error_msg.format(path=target_fname, err=str(e))) + root_logger.info("{path} does not exist.".format(path=paths.OPENLDAP_LDAP_CONF)) + root_logger.debug(error_msg.format(path=paths.OPENLDAP_LDAP_CONF, err=str(e))) return False except Exception, e: # we do not want to fail in an optional step - root_logger.debug(error_msg.format(path=target_fname, err=str(e))) + root_logger.debug(error_msg.format(path=paths.OPENLDAP_LDAP_CONF, err=str(e))) return False - os.chmod(target_fname, 0644) + os.chmod(paths.OPENLDAP_LDAP_CONF, 0644) return True def hardcode_ldap_server(cli_server): @@ -1294,9 +1287,9 @@ def configure_ssh_config(fstore, options): 'PubkeyAuthentication': 'yes', } - if options.sssd and file_exists(SSH_PROXYCOMMAND): - changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND - changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE + if options.sssd and file_exists(paths.SSS_SSH_KNOWNHOSTSPROXY): + changes['ProxyCommand'] = '%s -p %%p %%h' % paths.SSS_SSH_KNOWNHOSTSPROXY + changes['GlobalKnownHostsFile'] = paths.SSSD_PUBCONF_KNOWN_HOSTS if options.trust_sshfp: changes['VerifyHostKeyDNS'] = 'yes' changes['HostKeyAlgorithms'] = 'ssh-rsa,ssh-dss' @@ -1322,20 +1315,20 @@ def configure_sshd_config(fstore, options): 'UsePAM': 'yes', } - if options.sssd and file_exists(SSH_AUTHORIZEDKEYSCOMMAND): + if options.sssd and file_exists(paths.SSS_SSH_AUTHORIZEDKEYS): authorized_keys_changes = None candidates = ( { - 'AuthorizedKeysCommand': SSH_AUTHORIZEDKEYSCOMMAND, + 'AuthorizedKeysCommand': paths.SSS_SSH_AUTHORIZEDKEYS, 'AuthorizedKeysCommandUser': 'nobody', }, { - 'AuthorizedKeysCommand': SSH_AUTHORIZEDKEYSCOMMAND, + 'AuthorizedKeysCommand': paths.SSS_SSH_AUTHORIZEDKEYS, 'AuthorizedKeysCommandRunAs': 'nobody', }, { - 'PubKeyAgent': '%s %%u' % SSH_AUTHORIZEDKEYSCOMMAND, + 'PubKeyAgent': '%s %%u' % paths.SSS_SSH_AUTHORIZEDKEYS, 'PubKeyAgentRunAs': 'nobody', }, ) @@ -1472,23 +1465,23 @@ def resolve_ipaddress(server): raise last_socket_error # pylint: disable=E0702 def do_nsupdate(update_txt): - root_logger.debug("Writing nsupdate commands to %s:", UPDATE_FILE) + root_logger.debug("Writing nsupdate commands to %s:", paths.IPA_DNS_UPDATE_TXT) root_logger.debug("%s", update_txt) - update_fd = file(UPDATE_FILE, "w") + update_fd = file(paths.IPA_DNS_UPDATE_TXT, "w") update_fd.write(update_txt) update_fd.flush() update_fd.close() result = False try: - ipautil.run([paths.NSUPDATE, '-g', UPDATE_FILE]) + ipautil.run([paths.NSUPDATE, '-g', paths.IPA_DNS_UPDATE_TXT]) result = True except CalledProcessError, e: root_logger.debug('nsupdate failed: %s', str(e)) try: - os.remove(UPDATE_FILE) + os.remove(paths.IPA_DNS_UPDATE_TXT) except Exception: pass @@ -1516,9 +1509,6 @@ show send """ -UPDATE_FILE = paths.IPA_DNS_UPDATE_TXT -CCACHE_FILE = paths.IPA_DNS_CCACHE - def update_dns(server, hostname): try: @@ -2447,7 +2437,7 @@ def install(options, env, fstore, statestore): # only the KDC we're installing under is contacted. # Other KDCs might not have replicated the principal yet. # Once we have the TGT, it's usable on any server. - env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = CCACHE_FILE + env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE try: run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB, 'host/%s@%s' % (hostname, cli_realm)], env=env) @@ -2493,7 +2483,7 @@ def install(options, env, fstore, statestore): if options.on_master: # If on master assume kerberos is already configured properly. # Get the host TGT. - os.environ['KRB5CCNAME'] = CCACHE_FILE + os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE try: run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB, host_principal]) @@ -2638,7 +2628,7 @@ def install(options, env, fstore, statestore): update_ssh_keys(cli_server[0], hostname, services.knownservices.sshd.get_config_dir(), options.create_sshfp) try: - os.remove(CCACHE_FILE) + os.remove(paths.IPA_DNS_CCACHE) except Exception: pass @@ -2851,7 +2841,7 @@ except RuntimeError, e: sys.exit(e) finally: try: - os.remove(CCACHE_FILE) + os.remove(paths.IPA_DNS_CCACHE) except Exception: pass try: diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index e1ac55a1d734acda4766ba3cf8598c020c30deac..a5c5b2257f8d9732c8fa862b4bdf2813efa04abe 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -97,9 +97,6 @@ def __write_config(path, content): fd.close() def config_ntp(server_fqdn, fstore = None, sysstore = None): - path_step_tickers = paths.NTP_STEP_TICKERS - path_ntp_conf = paths.NTP_CONF - path_ntp_sysconfig = paths.SYSCONFIG_NTPD sub_dict = { } sub_dict["SERVER"] = server_fqdn @@ -107,12 +104,12 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None): config_step_tickers = False - if os.path.exists(path_step_tickers): + if os.path.exists(paths.NTP_STEP_TICKERS): config_step_tickers = True ns = ipautil.template_str(ntp_step_tickers, sub_dict) - __backup_config(path_step_tickers, fstore) - __write_config(path_step_tickers, ns) - tasks.restore_context(path_step_tickers) + __backup_config(paths.NTP_STEP_TICKERS, fstore) + __write_config(paths.NTP_STEP_TICKERS, ns) + tasks.restore_context(paths.NTP_STEP_TICKERS) if sysstore: module = 'ntp' @@ -120,13 +117,13 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None): if config_step_tickers: sysstore.backup_state(module, "step-tickers", True) - __backup_config(path_ntp_conf, fstore) - __write_config(path_ntp_conf, nc) - tasks.restore_context(path_ntp_conf) + __backup_config(paths.NTP_CONF, fstore) + __write_config(paths.NTP_CONF, nc) + tasks.restore_context(paths.NTP_CONF) - __backup_config(path_ntp_sysconfig, fstore) - __write_config(path_ntp_sysconfig, ntp_sysconfig) - tasks.restore_context(path_ntp_sysconfig) + __backup_config(paths.SYSCONFIG_NTPD, fstore) + __write_config(paths.SYSCONFIG_NTPD, ntp_sysconfig) + tasks.restore_context(paths.SYSCONFIG_NTPD) # Set the ntpd to start on boot services.knownservices.ntpd.enable() @@ -143,13 +140,12 @@ def synconce_ntp(server_fqdn): Returns True if sync was successful """ - ntpd = paths.NTPD - if not os.path.exists(ntpd): + if not os.path.exists(paths.NTPD): return False tmp_ntp_conf = ipautil.write_tmp_file('server %s' % server_fqdn) try: - ipautil.run([ntpd, '-qgc', tmp_ntp_conf.name]) + ipautil.run([paths.NTPD, '-qgc', tmp_ntp_conf.name]) return True except ipautil.CalledProcessError: return False diff --git a/ipalib/session.py b/ipalib/session.py index ae40fdfe189b3bfd5f0437c04efaab73ac31f88a..2720ad09cbf8df02343de7c365afb0bf57a4be6c 100644 --- a/ipalib/session.py +++ b/ipalib/session.py @@ -1209,15 +1209,14 @@ class MemcacheSessionManager(SessionManager): #------------------------------------------------------------------------------- -krbccache_dir =paths.IPA_MEMCACHED_DIR krbccache_prefix = 'krbcc_' def _get_krbccache_pathname(): - return os.path.join(krbccache_dir, '%s%s' % (krbccache_prefix, os.getpid())) + return os.path.join(paths.IPA_MEMCACHED_DIR, '%s%s' % (krbccache_prefix, os.getpid())) def get_ipa_ccache_name(scheme='FILE'): if scheme == 'FILE': - name = os.path.join(krbccache_dir, '%s%s' % (krbccache_prefix, os.getpid())) + name = os.path.join(paths.IPA_MEMCACHED_DIR, '%s%s' % (krbccache_prefix, os.getpid())) else: raise ValueError('ccache scheme "%s" unsupported', scheme) diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py index 926c0ea6664c7da6fcbec5bcc184750cbfa2a995..8aaec0787e0595eb81ba337509dd61cd86608e04 100644 --- a/ipaplatform/fedora/tasks.py +++ b/ipaplatform/fedora/tasks.py @@ -155,12 +155,10 @@ class FedoraTaskNamespace(BaseTaskNamespace): auth_config.execute() def insert_ca_certs_into_systemwide_ca_store(self, ca_certs): - new_cacert_path = paths.IPA_P11_KIT - try: - f = open(new_cacert_path, 'w') + f = open(paths.IPA_P11_KIT, 'w') except IOError, e: - root_logger.info("Failed to open %s: %s" % (new_cacert_path, e)) + root_logger.info("Failed to open %s: %s" % (paths.IPA_P11_KIT, e)) return False f.write("# This file was created by IPA. Do not edit.\n" @@ -247,16 +245,14 @@ class FedoraTaskNamespace(BaseTaskNamespace): return False def remove_ca_certs_from_systemwide_ca_store(self): - new_cacert_path = paths.IPA_P11_KIT - # Remove CA cert from systemwide store - if os.path.exists(new_cacert_path): + if os.path.exists(paths.IPA_P11_KIT): try: - os.remove(new_cacert_path) + os.remove(paths.IPA_P11_KIT) ipautil.run([paths.UPDATE_CA_TRUST]) except OSError, e: root_logger.error('Could not remove: %s, %s' - % (new_cacert_path, str(e))) + % (paths.IPA_P11_KIT, str(e))) return False except CalledProcessError, e: root_logger.error('Could not update systemwide CA trust ' @@ -275,10 +271,9 @@ class FedoraTaskNamespace(BaseTaskNamespace): print >>sys.stderr, ("Failed to set this machine hostname to " "%s (%s)." % (hostname, str(e))) - filepath = paths.ETC_HOSTNAME - if os.path.exists(filepath): + if os.path.exists(paths.ETC_HOSTNAME): # read old hostname - with open(filepath, 'r') as f: + with open(paths.ETC_HOSTNAME, 'r') as f: for line in f.readlines(): line = line.strip() if not line or line.startswith('#'): @@ -286,43 +281,40 @@ class FedoraTaskNamespace(BaseTaskNamespace): continue old_hostname = line break - fstore.backup_file(filepath) + fstore.backup_file(paths.ETC_HOSTNAME) - with open(filepath, 'w') as f: + with open(paths.ETC_HOSTNAME, 'w') as f: f.write("%s\n" % hostname) - os.chmod(filepath, + os.chmod(paths.ETC_HOSTNAME, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) - os.chown(filepath, 0, 0) - self.restore_context(filepath) + os.chown(paths.ETC_HOSTNAME, 0, 0) + self.restore_context(paths.ETC_HOSTNAME) # store old hostname statestore.backup_state('network', 'hostname', old_hostname) def restore_network_configuration(self, fstore, statestore): - old_filepath = paths.SYSCONFIG_NETWORK old_hostname = statestore.get_state('network', 'hostname') hostname_was_configured = False - if fstore.has_file(old_filepath): + if fstore.has_file(paths.SYSCONFIG_NETWORK): # This is Fedora >=18 instance that was upgraded from previous # Fedora version which held network configuration # in /etc/sysconfig/network - old_filepath_restore = paths.SYSCONFIG_NETWORK_IPABKP - fstore.restore_file(old_filepath, old_filepath_restore) + fstore.restore_file(paths.SYSCONFIG_NETWORK, paths.SYSCONFIG_NETWORK_IPABKP) print "Deprecated configuration file '%s' was restored to '%s'" \ - % (old_filepath, old_filepath_restore) + % (paths.SYSCONFIG_NETWORK, paths.SYSCONFIG_NETWORK_IPABKP) hostname_was_configured = True - filepath = paths.ETC_HOSTNAME - if fstore.has_file(filepath): - fstore.restore_file(filepath) + if fstore.has_file(paths.ETC_HOSTNAME): + fstore.restore_file(paths.ETC_HOSTNAME) hostname_was_configured = True if not hostname_was_configured and old_hostname: # hostname was not configured before but was set by IPA. Delete # /etc/hostname to restore previous configuration try: - os.remove(filepath) + os.remove(paths.ETC_HOSTNAME) except OSError: pass diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py index 85b0e9a798a571190fc6f8bf357429dd6bd62aa5..9c854603eb97302fba3a56ce9cfef320ae36d003 100644 --- a/ipapython/certmonger.py +++ b/ipapython/certmonger.py @@ -32,9 +32,6 @@ from ipapython.ipa_log_manager import * from ipaplatform.paths import paths from ipaplatform import services -REQUEST_DIR = paths.CERTMONGER_REQUESTS_DIR -CA_DIR = paths.CERTMONGER_CAS_DIR - DBUS_CM_PATH = '/org/fedorahosted/certmonger' DBUS_CM_IF = 'org.fedorahosted.certmonger' DBUS_CM_REQUEST_IF = 'org.fedorahosted.certmonger.request' @@ -417,7 +414,6 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, """ cm = _connect_to_certmonger() - certmonger_cmd_template = paths.CERTMONGER_COMMAND_TEMPLATE params = {'TRACK': True} params['cert-nickname'] = nickname @@ -439,7 +435,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, libpath = 'lib64' else: libpath = 'lib' - pre_command = certmonger_cmd_template % (libpath, pre_command) + pre_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, pre_command) params['cert-presave-command'] = pre_command if post_command: if not os.path.isabs(post_command): @@ -447,7 +443,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, libpath = 'lib64' else: libpath = 'lib' - post_command = certmonger_cmd_template % (libpath, post_command) + post_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, post_command) params['cert-postsave-command'] = post_command if profile: params['ca-profile'] = profile diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 45b334d0a3c2ebf7ee5b6d1cb980e05895fa1e0a..d240a12f5a019b18ebe13048cca49696729cf179 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -45,9 +45,6 @@ from ipapython import config from ipaplatform.paths import paths from ipapython.dn import DN -SHARE_DIR = paths.USR_SHARE_IPA_DIR -PLUGINS_SHARE_DIR = paths.IPA_PLUGINS - GEN_PWD_LEN = 12 IPA_BASEDN_INFO = 'ipa v2.0' diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py index 6db33a7efe944baca5838264040d71cd06e6129c..f5c0b58ba73b0e7c55a11ea0c5e2cfe3996df392 100644 --- a/ipapython/sysrestore.py +++ b/ipapython/sysrestore.py @@ -35,14 +35,13 @@ from ipapython import ipautil from ipaplatform.tasks import tasks from ipaplatform.paths import paths -SYSRESTORE_PATH = paths.TMP SYSRESTORE_INDEXFILE = "sysrestore.index" SYSRESTORE_STATEFILE = "sysrestore.state" class FileStore: """Class for handling backup and restore of files""" - def __init__(self, path = SYSRESTORE_PATH, index_file = SYSRESTORE_INDEXFILE): + def __init__(self, path = paths.TMP, index_file = SYSRESTORE_INDEXFILE): """Create a _StoreFiles object, that uses @path as the base directory. @@ -291,7 +290,7 @@ class StateFile: enabled=False """ - def __init__(self, path = SYSRESTORE_PATH, state_file = SYSRESTORE_STATEFILE): + def __init__(self, path = paths.TMP, state_file = SYSRESTORE_STATEFILE): """Create a StateFile object, loading from @path. The dictionary @modules, a member of the returned object, diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 3944b19e0e5368ea00660ce29d86ca13ba98a2dd..3b5024dc53470342198f9a832edf69154e0653a7 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -475,7 +475,6 @@ class DomainValidator(object): realm = api.env.realm hostname = api.env.host principal = 'HTTP/%s@%s' % (hostname, realm) - keytab = paths.IPA_KEYTAB # Destroy the contents of the ccache root_logger.debug('Destroying the contents of the separate ccache') @@ -490,7 +489,7 @@ class DomainValidator(object): 'service principal with MS-PAC attached.') (stdout, stderr, returncode) = ipautil.run( - [paths.KINIT, '-kt', keytab, principal], + [paths.KINIT, '-kt', paths.IPA_KEYTAB, principal], env={'KRB5CCNAME': ccache_path}, raiseonerr=False) diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 38b0801314c3c98438ce4d07cdb54059dde94ce9..a4321a5fb8b5fc58abfd4c9b9d22eaf65322e113 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -146,8 +146,6 @@ class ADTRUSTInstance(service.Service): """ # Constants - self.smb_conf = paths.SMB_CONF - self.samba_keytab = paths.SAMBA_KEYTAB self.selinux_booleans = ["samba_portmapper"] self.cifs_hosts = [] @@ -405,7 +403,7 @@ class ADTRUSTInstance(service.Service): self.admin_conn.add_entry(entry) def __write_smb_conf(self): - conf_fd = open(self.smb_conf, "w") + conf_fd = open(paths.SMB_CONF, "w") conf_fd.write('### Added by IPA Installer ###\n') conf_fd.write('[global]\n') conf_fd.write('debug pid = yes\n') @@ -528,16 +526,16 @@ class ADTRUSTInstance(service.Service): try: ipautil.run(["ipa-getkeytab", "--server", self.fqdn, "--principal", self.cifs_principal, - "-k", self.samba_keytab]) + "-k", paths.SAMBA_KEYTAB]) except ipautil.CalledProcessError: root_logger.critical("Failed to add key for %s" % self.cifs_principal) def clean_samba_keytab(self): - if os.path.exists(self.samba_keytab): + if os.path.exists(paths.SAMBA_KEYTAB): try: ipautil.run(["ipa-rmkeytab", "--principal", self.cifs_principal, - "-k", self.samba_keytab]) + "-k", paths.SAMBA_KEYTAB]) except ipautil.CalledProcessError, e: if e.returncode != 5: root_logger.critical("Failed to remove old key for %s" @@ -919,11 +917,10 @@ class ADTRUSTInstance(service.Service): self.print_msg(SELINUX_WARNING % dict(var=var)) # Remove samba's credentials cache - krb5cc_samba = paths.KRB5CC_SAMBA - installutils.remove_file(krb5cc_samba) + installutils.remove_file(paths.KRB5CC_SAMBA) # Remove samba's configuration file - installutils.remove_file(self.smb_conf) + installutils.remove_file(paths.SMB_CONF) # Remove samba's persistent and temporary tdb files tdb_files = [tdb_file for tdb_file in os.listdir(paths.SAMBA_DIR) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 9a27c781764f3dc311d20cfcf9150fde31307b03..949581da11d0ca3b12917a191c48c1915e777cbd 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -41,9 +41,6 @@ from ipalib.util import (validate_zonemgr_str, normalize_zonemgr, normalize_zone, get_reverse_zone_default, zone_is_reverse) from ipalib.constants import CACERT -NAMED_CONF = paths.NAMED_CONF -RESOLV_CONF = paths.RESOLV_CONF - named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{') named_conf_section_options_start_re = re.compile('\s*options\s+{') named_conf_section_end_re = re.compile('};') @@ -74,7 +71,7 @@ def check_inst(unattended): if not has_bind: return False - if not unattended and os.path.exists(NAMED_CONF): + if not unattended and os.path.exists(paths.NAMED_CONF): msg = "Existing BIND configuration detected, overwrite?" return ipautil.user_input(msg, False) @@ -85,7 +82,7 @@ def create_reverse(): def named_conf_exists(): try: - named_fd = open(NAMED_CONF, 'r') + named_fd = open(paths.NAMED_CONF, 'r') except IOError: return False lines = named_fd.readlines() @@ -115,7 +112,7 @@ def named_conf_get_directive(name, section=NAMED_SECTION_IPA, str_val=True): else: raise NotImplementedError('Section "%s" is not supported' % section) - with open(NAMED_CONF, 'r') as f: + with open(paths.NAMED_CONF, 'r') as f: target_section = False for line in f: if named_conf_section_start_re.match(line): @@ -162,7 +159,7 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA, else: raise NotImplementedError('Section "%s" is not supported' % section) - with open(NAMED_CONF, 'r') as f: + with open(paths.NAMED_CONF, 'r') as f: target_section = False matched = False last_indent = "\t" @@ -199,7 +196,7 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA, new_lines.append(line) # write new configuration - with open(NAMED_CONF, 'w') as f: + with open(paths.NAMED_CONF, 'w') as f: f.write("".join(new_lines)) def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False, realm=None): @@ -822,19 +819,19 @@ class BindInstance(service.Service): raise def __setup_named_conf(self): - self.fstore.backup_file(NAMED_CONF) + self.fstore.backup_file(paths.NAMED_CONF) named_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.named.conf.template", self.sub_dict) - named_fd = open(NAMED_CONF, 'w') + named_fd = open(paths.NAMED_CONF, 'w') named_fd.seek(0) named_fd.truncate(0) named_fd.write(named_txt) named_fd.close() def __setup_resolv_conf(self): - self.fstore.backup_file(RESOLV_CONF) + self.fstore.backup_file(paths.RESOLV_CONF) resolv_txt = "search "+self.domain+"\nnameserver "+self.ip_address+"\n" try: - resolv_fd = open(RESOLV_CONF, 'w') + resolv_fd = open(paths.RESOLV_CONF, 'w') resolv_fd.seek(0) resolv_fd.truncate(0) resolv_fd.write(resolv_txt) @@ -996,7 +993,7 @@ class BindInstance(service.Service): if not running is None: self.stop() - for f in [NAMED_CONF, RESOLV_CONF]: + for f in [paths.NAMED_CONF, paths.RESOLV_CONF]: try: self.fstore.restore_file(f) except ValueError, error: diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 4d508cde8511f95480cf74772e4b066414ea3c35..f4c2fb06726425a5a3d37a21a7ad370268fef7ed 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -44,10 +44,6 @@ from ipalib.text import _ from ipaplatform import services from ipaplatform.paths import paths -# Apache needs access to this database so we need to create it -# where apache can reach -NSS_DIR = paths.HTTPD_ALIAS_DIR - def find_cert_from_txt(cert, start=0): """ Given a cert blob (str) which may or may not contian leading and @@ -320,7 +316,7 @@ class CertDB(object): CA cert name. """ # TODO: Remove all selfsign code - def __init__(self, realm, nssdir=NSS_DIR, fstore=None, host_name=None, subject_base=None): + def __init__(self, realm, nssdir=paths.HTTPD_ALIAS_DIR, fstore=None, host_name=None, subject_base=None): self.nssdb = NSSDatabase(nssdir) self.secdir = nssdir diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 0edd4ed635eff96e0d534848240dc30da2b4971e..fc9a30c6518832c2a1f1ede94d1f27eb82f53c0b 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -45,9 +45,6 @@ from ipapython.dn import DN from ipaplatform import services from ipaplatform.paths import paths -SERVER_ROOT_64 = paths.USR_LIB_DIRSRV_64 -SERVER_ROOT_32 = paths.USR_LIB_DIRSRV - DS_USER = 'dirsrv' DS_GROUP = 'dirsrv' @@ -68,10 +65,10 @@ ALL_SCHEMA_FILES = IPA_SCHEMA_FILES + ("05rfc2247.ldif", ) def find_server_root(): - if ipautil.dir_exists(SERVER_ROOT_64): - return SERVER_ROOT_64 + if ipautil.dir_exists(paths.USR_LIB_DIRSRV_64): + return paths.USR_LIB_DIRSRV_64 else: - return SERVER_ROOT_32 + return paths.USR_LIB_DIRSRV def realm_to_serverid(realm_name): return "-".join(realm_name.split(".")) @@ -114,13 +111,11 @@ def get_ds_instances(): matches 389ds behavior. ''' - dirsrv_instance_dir=paths.ETC_DIRSRV instance_prefix = 'slapd-' - instances = [] - for basename in os.listdir(dirsrv_instance_dir): - pathname = os.path.join(dirsrv_instance_dir, basename) + for basename in os.listdir(paths.ETC_DIRSRV): + pathname = os.path.join(paths.ETC_DIRSRV, basename) # Must be a directory if os.path.isdir(pathname): # Must start with prefix and not end with .removed @@ -408,14 +403,13 @@ class DsInstance(service.Service): base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) root_logger.debug(base_txt) - target_fname = paths.DIRSRV_BOOT_LDIF - base_fd = open(target_fname, "w") + base_fd = open(paths.DIRSRV_BOOT_LDIF, "w") base_fd.write(base_txt) base_fd.close() # Must be readable for dirsrv - os.chmod(target_fname, 0440) - os.chown(target_fname, pent.pw_uid, pent.pw_gid) + os.chmod(paths.DIRSRV_BOOT_LDIF, 0440) + os.chown(paths.DIRSRV_BOOT_LDIF, pent.pw_uid, pent.pw_gid) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) root_logger.debug("writing inf template") @@ -561,18 +555,17 @@ class DsInstance(service.Service): def configure_dirsrv_ccache(self): pent = pwd.getpwnam("dirsrv") ccache = paths.TMP_KRB5CC % pent.pw_uid - filepath = paths.SYSCONFIG_DIRSRV - if not os.path.exists(filepath): + if not os.path.exists(paths.SYSCONFIG_DIRSRV): # file doesn't exist; create it with correct ownership & mode - open(filepath, 'a').close() - os.chmod(filepath, + open(paths.SYSCONFIG_DIRSRV, 'a').close() + os.chmod(paths.SYSCONFIG_DIRSRV, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) - os.chown(filepath, 0, 0) + os.chown(paths.SYSCONFIG_DIRSRV, 0, 0) replacevars = {'KRB5CCNAME': ccache} old_values = ipautil.backup_config_and_replace_variables( - self.fstore, filepath, replacevars=replacevars) - tasks.restore_context(filepath) + self.fstore, paths.SYSCONFIG_DIRSRV, replacevars=replacevars) + tasks.restore_context(paths.SYSCONFIG_DIRSRV) def __managed_entries(self): self._ldap_mod("managed-entries.ldif", self.sub_dict) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 329dbb07643b51363d9fba1466455c3efbdcd807..755e386351c099cacac11fdec25d1f39557eb7ea 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -213,21 +213,19 @@ class HTTPInstance(service.Service): ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={}) def __configure_http(self): - target_fname = paths.HTTPD_IPA_CONF http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict) self.fstore.backup_file(paths.HTTPD_IPA_CONF) - http_fd = open(target_fname, "w") + http_fd = open(paths.HTTPD_IPA_CONF, "w") http_fd.write(http_txt) http_fd.close() - os.chmod(target_fname, 0644) + os.chmod(paths.HTTPD_IPA_CONF, 0644) - target_fname = paths.HTTPD_IPA_REWRITE_CONF http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict) self.fstore.backup_file(paths.HTTPD_IPA_REWRITE_CONF) - http_fd = open(target_fname, "w") + http_fd = open(paths.HTTPD_IPA_REWRITE_CONF, "w") http_fd.write(http_txt) http_fd.close() - os.chmod(target_fname, 0644) + os.chmod(paths.HTTPD_IPA_REWRITE_CONF, 0644) def change_mod_nss_port_from_http(self): # mod_ssl enforces SSLEngine on for vhost on 443 even though @@ -321,11 +319,10 @@ class HTTPInstance(service.Service): self.import_ca_certs(db, api.env.enable_ra) def __setup_autoconfig(self): - target_fname = paths.PREFERENCES_HTML ipautil.copy_template_file( ipautil.SHARE_DIR + "preferences.html.template", - target_fname, self.sub_dict) - os.chmod(target_fname, 0644) + paths.PREFERENCES_HTML, self.sub_dict) + os.chmod(paths.PREFERENCES_HTML, 0644) # The signing cert is generated in __setup_ssl db = certs.CertDB(self.realm, subject_base=self.subject_base) @@ -335,14 +332,13 @@ class HTTPInstance(service.Service): # Setup configure.jar if db.has_nickname('Signing-Cert'): tmpdir = tempfile.mkdtemp(prefix="tmp-") - target_fname = paths.CONFIGURE_JAR shutil.copy(paths.PREFERENCES_HTML, tmpdir) db.run_signtool(["-k", "Signing-Cert", - "-Z", target_fname, + "-Z", paths.CONFIGURE_JAR, "-e", ".html", "-p", pwd, tmpdir]) shutil.rmtree(tmpdir) - os.chmod(target_fname, 0644) + os.chmod(paths.CONFIGURE_JAR, 0644) else: root_logger.warning('Object-signing certificate was not found; ' 'therefore, configure.jar was not created.') @@ -353,34 +349,32 @@ class HTTPInstance(service.Service): """Set up the signed browser configuration extension """ - target_fname = paths.KRB_JS sub_dict = dict(REALM=realm, DOMAIN=domain) db = certs.CertDB(realm) with open(db.passwd_fname) as pwdfile: pwd = pwdfile.read() ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template", - target_fname, sub_dict) - os.chmod(target_fname, 0644) + paths.KRB_JS, sub_dict) + os.chmod(paths.KRB_JS, 0644) # Setup extension tmpdir = tempfile.mkdtemp(prefix="tmp-") extdir = tmpdir + "/ext" - target_fname = paths.KERBEROSAUTH_XPI shutil.copytree(paths.FFEXTENSION, extdir) if db.has_nickname('Signing-Cert'): db.run_signtool(["-k", "Signing-Cert", "-p", pwd, - "-X", "-Z", target_fname, + "-X", "-Z", paths.KERBEROSAUTH_XPI, extdir]) else: root_logger.warning('Object-signing certificate was not found. ' 'Creating unsigned Firefox configuration extension.') filenames = os.listdir(extdir) - ipautil.run([paths.ZIP, '-r', target_fname] + filenames, + ipautil.run([paths.ZIP, '-r', paths.KERBEROSAUTH_XPI] + filenames, cwd=extdir) shutil.rmtree(tmpdir) - os.chmod(target_fname, 0644) + os.chmod(paths.KERBEROSAUTH_XPI, 0644) def __publish_ca_cert(self): ca_db = certs.CertDB(self.realm) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 2baa5dde035fa8fb93817d5f94b1fc257483798b..230bb37e31d16632085d3c4893facf725ef3d157 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -63,9 +63,6 @@ EOF --keyring /root/backup.pub --list-secret-keys """ -BACKUP_DIR = paths.IPA_BACKUP_DIR - - def encrypt_file(filename, keyring, remove_original=True): source = filename dest = filename + '.gpg' @@ -526,10 +523,10 @@ class Backup(admintool.AdminTool): ''' if data_only: - backup_dir = os.path.join(BACKUP_DIR, time.strftime('ipa-data-%Y-%m-%d-%H-%M-%S')) + backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-data-%Y-%m-%d-%H-%M-%S')) filename = os.path.join(backup_dir, "ipa-data.tar") else: - backup_dir = os.path.join(BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S')) + backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S')) filename = os.path.join(backup_dir, "ipa-full.tar") os.mkdir(backup_dir, 0700) diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index 2e91ddd92d9eb9ccd690daa1c78d9027f1b0b965..71c8c52a7ca4f7aaf7ffb94012c01162ef372526 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -367,15 +367,12 @@ class ReplicaPrepare(admintool.AdminTool): self.log.info("Copying additional files") self.copy_info_file(CACERT, "ca.crt") - preferences_filename = paths.PREFERENCES_HTML - if ipautil.file_exists(preferences_filename): - self.copy_info_file(preferences_filename, "preferences.html") - jar_filename = paths.CONFIGURE_JAR - if ipautil.file_exists(jar_filename): - self.copy_info_file(jar_filename, "configure.jar") - cacert_filename = paths.CACERT_PEM - if ipautil.file_exists(cacert_filename): - self.copy_info_file(cacert_filename, "cacert.pem") + if ipautil.file_exists(paths.PREFERENCES_HTML): + self.copy_info_file(paths.PREFERENCES_HTML, "preferences.html") + if ipautil.file_exists(paths.CONFIGURE_JAR): + self.copy_info_file(paths.CONFIGURE_JAR, "configure.jar") + if ipautil.file_exists(paths.CACERT_PEM): + self.copy_info_file(paths.CACERT_PEM, "cacert.pem") self.copy_info_file(paths.IPA_DEFAULT_CONF, "default.conf") def save_config(self): diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 6bed046d2661f48218b66c11e6f6a43c6dc0f6bf..b27c195a9ae29bb02a6262055ac4c8ad47bc065f 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -46,9 +46,6 @@ from ipaserver.install.plugins import (PRE_UPDATE, POST_UPDATE, PRE_SCHEMA_UPDATE) from ipaserver.plugins import ldap2 -UPDATES_DIR=paths.UPDATES_DIR - - def connect(ldapi=False, realm=None, fqdn=None, dm_password=None, pw_name=None): """Create a connection for updates""" if ldapi: diff --git a/ipaserver/install/sysupgrade.py b/ipaserver/install/sysupgrade.py index 4ce652ca1ceeed212e918a17eb60629e38507773..19e017d904a67f1165f2054068612418029d4463 100644 --- a/ipaserver/install/sysupgrade.py +++ b/ipaserver/install/sysupgrade.py @@ -24,7 +24,6 @@ from ipapython import sysrestore from ipaplatform.paths import paths from ipapython.ipa_log_manager import * -STATEFILE_DIR = paths.STATEFILE_DIR STATEFILE_FILE = 'sysupgrade.state' _sstore = None @@ -32,7 +31,7 @@ _sstore = None def _load_sstore(): global _sstore if _sstore is None: - _sstore = sysrestore.StateFile(STATEFILE_DIR, STATEFILE_FILE) + _sstore = sysrestore.StateFile(paths.STATEFILE_DIR, STATEFILE_FILE) def get_upgrade_state(module, state): _load_sstore() @@ -51,6 +50,6 @@ def remove_upgrade_state(module, state): def remove_upgrade_file(): try: - os.remove(os.path.join(STATEFILE_DIR, STATEFILE_FILE)) + os.remove(os.path.join(paths.STATEFILE_DIR, STATEFILE_FILE)) except Exception, e: root_logger.debug('Cannot remove sysupgrade state file: %s', e) diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index 062d5da22c32dd905189309d83a0295a3f6dbdd8..0a6d2293dde12338dd7d0cdbb371e759a1380715 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -31,7 +31,6 @@ from ipaserver.install import schemaupdate from ipaserver.install import ldapupdate from ipaserver.install import service -DSBASE = paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE DSE = 'dse.ldif' class IPAUpgrade(service.Service): @@ -54,8 +53,8 @@ class IPAUpgrade(service.Service): ext += h service.Service.__init__(self, "dirsrv") serverid = dsinstance.realm_to_serverid(realm_name) - self.filename = '%s/%s' % (DSBASE % serverid, DSE) - self.savefilename = '%s/%s.ipa.%s' % (DSBASE % serverid, DSE, ext) + self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE) + self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext) self.live_run = live_run self.files = files self.modified = False diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 18de23d3a5bed485d35adb18b22d04255f933448..09ba42ee16a732ba5d32bf503f8c3de238f0da4d 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -957,15 +957,14 @@ class login_password(Backend, KerberosSession, HTTP_Status): # get http service ccache as an armor for FAST to enable OTP authentication armor_principal = krb5_format_service_principal_name( 'HTTP', self.api.env.host, realm) - keytab = paths.IPA_KEYTAB armor_name = "%sA_%s" % (krbccache_prefix, user) armor_path = os.path.join(krbccache_dir, armor_name) self.debug('Obtaining armor ccache: principal=%s keytab=%s ccache=%s', - armor_principal, keytab, armor_path) + armor_principal, paths.IPA_KEYTAB, armor_path) (stdout, stderr, returncode) = ipautil.run( - [paths.KINIT, '-kt', keytab, armor_principal], + [paths.KINIT, '-kt', paths.IPA_KEYTAB, armor_principal], env={'KRB5CCNAME': armor_path}, raiseonerr=False) if returncode != 0: -- 2.0.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel