On 09/30/2014 05:13 AM, Gabe Alford wrote:
Updated patch to fix merge conflicts from recent changes.
On Wed, Sep 24, 2014 at 8:34 PM, Gabe Alford <[email protected]
<mailto:[email protected]>> wrote:
Hello,
Patch for https://fedorahosted.org/freeipa/ticket/4399. Let me know
if I missed any.
Thanks,
Gabe
Thanks for the patch, and sorry for the delay!
ipaserver/tools/ipa-upgradeconfig:
The `filename` and `ca_file` aren't module-level constants; I think in
this case they improve readability.
The ticket calls for removing module-level lines like:
NSSWITCH_CONF = paths.NSSWITCH_CONF
which are just silly, but assigning a name locally to a global constant
is a valid thing to do -- even if the local name just says "the file
we're working on now".
- ca_file = paths.ALIAS_CACERT_ASC
- if os.path.exists(ca_file):
+ if os.path.exists(paths.SYSCONFIG_HTTPD):
Whoops!
install/wsgi/plugins.py:
-PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR
-
[...]
- if not os.path.isdir(PLUGINS_DIR):
+ if not os.path.isdir(paths.IPA_CA_CSR):
Whoops too!
ipaplatform/fedora/tasks.py:
ipa-client/ipa-install/ipa-client-install:
ipaserver/install/dsinstance.py:
ipaserver/install/httpinstance.py:
Again, I'd not change the target_fname, filepath.
ipapython/sysrestore.py:
Again, `SYSRESTORE_PATH` describes better what we do with `paths.TMP`,
so I'd prefer keeping it.
ipaserver/install/adtrustinstance.py:
I don't think we want to convert the self.* to constants.
ipaserver/install/certs.py:
I'd leave NSS_DIR as it is, rather than lose the comment.
ipapython/ipautil.py:
ipaserver/install/ldapupdate.py:
ipalib/session.py:
ipaserver/install/bindinstance.py:
SHARE_DIR, UPDATES_DIR, and krbccache_dir, NAMED_CONF (respectively)
need to stay, unless you also replace them in everything that uses them.
Be sure to run make-lint after doing these changes.
I've rebased, and I made some of the changes as I went along the review.
You can base another revision on the attached patch.
--
PetrĀ³
From a04e19cfd767fa5a994030a6ecf0b3f74fcaa903 Mon Sep 17 00:00:00 2001
From: Gabe <[email protected]>
Date: Mon, 29 Sep 2014 17:23:25 -0600
Subject: [PATCH] Remove trivial path constants from modules
https://fedorahosted.org/freeipa/ticket/4399
---
.../certmonger/dogtag-ipa-ca-renew-agent-submit | 8 ++-
install/tools/ipa-adtrust-install | 8 ++-
install/tools/ipa-ca-install | 5 +-
install/tools/ipa-dns-install | 8 ++-
install/tools/ipa-replica-conncheck | 9 ++--
install/tools/ipa-replica-install | 6 +--
install/tools/ipa-server-install | 39 ++++++--------
install/tools/ipa-upgradeconfig | 30 +++++------
install/wsgi/plugins.py | 6 +--
ipa-client/ipa-install/ipa-client-automount | 62 ++++++++++------------
ipa-client/ipa-install/ipa-client-install | 37 ++++++-------
ipa-client/ipaclient/ntpconf.py | 28 +++++-----
ipalib/session.py | 4 +-
ipaplatform/fedora/tasks.py | 6 +--
ipapython/certmonger.py | 8 +--
ipapython/ipautil.py | 1 -
ipaserver/dcerpc.py | 3 +-
ipaserver/install/adtrustinstance.py | 3 +-
ipaserver/install/bindinstance.py | 23 ++++----
ipaserver/install/dsinstance.py | 9 ++--
ipaserver/install/ipa_backup.py | 7 +--
ipaserver/install/ipa_replica_prepare.py | 15 +++---
ipaserver/install/ipa_restore.py | 3 +-
ipaserver/install/sysupgrade.py | 5 +-
ipaserver/install/upgradeinstance.py | 5 +-
ipaserver/rpcserver.py | 5 +-
26 files changed, 140 insertions(+), 203 deletions(-)
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 4f0b78accac6840471f8b2e9f17288b3b4e82105..942ffec65d7b041fc6f9d3b2c19d3596fae79d31 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -71,8 +71,7 @@ def request_cert():
syslog.syslog(syslog.LOG_NOTICE,
"Forwarding request to dogtag-ipa-renew-agent")
- path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT
- args = [path] + sys.argv[1:]
+ args = [paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT] + sys.argv[1:]
stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ)
sys.stderr.write(stderr)
sys.stderr.flush()
@@ -282,12 +281,11 @@ def export_csr():
if not cert:
return (REJECTED, "New certificate requests not supported")
- csr_file = paths.IPA_CA_CSR
try:
- with open(csr_file, 'wb') as f:
+ with open(paths.IPA_CA_CSR, 'wb') as f:
f.write(csr)
except Exception, e:
- return (UNREACHABLE, "Failed to write %s: %s" % (csr_file, e))
+ return (UNREACHABLE, "Failed to write %s: %s" % (paths.IPA_CA_CSR, e))
return (ISSUED, cert)
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 6e55bbe3e57f1c609398dc571e90cb8677d91a33..aabd695b8c63856875a5daa2a3b2aef70980973d 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -33,8 +33,6 @@ from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
-log_file_name = paths.IPASERVER_INSTALL_LOG
-
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
parser.add_option("-d", "--debug", dest="debug", action="store_true",
@@ -213,8 +211,8 @@ def main():
if os.getegid() != 0:
sys.exit("Must be root to setup AD trusts on server")
- standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
- print "\nThe log file for this installation can be found in %s" % log_file_name
+ standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug, filemode='a')
+ print "\nThe log file for this installation can be found in %s" % paths.IPASERVER_INSTALL_LOG
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
@@ -452,5 +450,5 @@ information"""
return 0
if __name__ == '__main__':
- run_script(main, log_file_name=log_file_name,
+ run_script(main, log_file_name=paths.IPASERVER_INSTALL_LOG,
operation_name='ipa-adtrust-install')
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index c984bf4778403f1a152afed2df567c8399e65809..9cdb06fccbb04e19008e550a3c8cd9f07891e417 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -43,7 +43,6 @@ from ipapython.ipa_log_manager import *
from ipaplatform import services
from ipaplatform.paths import paths
-log_file_name = paths.IPAREPLICA_CA_INSTALL_LOG
REPLICA_INFO_TOP_DIR = None
def parse_options():
@@ -116,7 +115,7 @@ def install_dns_records(config, options):
def install_replica(safe_options, options, filename):
- standard_logging_setup(log_file_name, debug=options.debug)
+ standard_logging_setup(paths.IPAREPLICA_CA_INSTALL_LOG, debug=options.debug)
root_logger.debug('%s was invoked with argument "%s" and options: %s',
sys.argv[0], filename, safe_options)
@@ -388,7 +387,7 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
if __name__ == '__main__':
try:
with private_ccache():
- installutils.run_script(main, log_file_name=log_file_name,
+ installutils.run_script(main, log_file_name=paths.IPAREPLICA_CA_INSTALL_LOG,
operation_name='ipa-ca-install',
fail_message=fail_message)
finally:
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index ae60f211ab65fb2fddba437d4352f7fbd5ab6f8b..38834cb79f1d8f15a0e2444ca2fca2c25effc5c5 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -34,8 +34,6 @@ from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import standard_logging_setup, root_logger
from ipapython.ipautil import DN
-log_file_name = paths.IPASERVER_INSTALL_LOG
-
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
parser.add_option("-p", "--ds-password", dest="dm_password",
@@ -80,8 +78,8 @@ def main():
if os.getegid() != 0:
sys.exit("Must be root to setup server")
- standard_logging_setup(log_file_name, debug=options.debug, filemode='a')
- print "\nThe log file for this installation can be found in %s" % log_file_name
+ standard_logging_setup(paths.IPASERVER_INSTALL_LOG, debug=options.debug, filemode='a')
+ print "\nThe log file for this installation can be found in %s" % paths.IPASERVER_INSTALL_LOG
root_logger.debug('%s was invoked with options: %s' % (sys.argv[0], safe_options))
root_logger.debug("missing options might be asked for interactively later\n")
@@ -191,5 +189,5 @@ def main():
if __name__ == '__main__':
with private_ccache():
- installutils.run_script(main, log_file_name=log_file_name,
+ installutils.run_script(main, log_file_name=paths.IPASERVER_INSTALL_LOG,
operation_name='ipa-dns-install')
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 88e42bafbc600fb7c36b7727c770e75edccd2196..349d6fd83fc1a0f4c3ed026b11c7500af5e526fb 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -42,7 +42,6 @@ from ipaplatform.paths import paths
CONNECT_TIMEOUT = 5
RESPONDERS = [ ]
QUIET = False
-CCACHE_FILE = paths.CONNCHECK_CCACHE
KRB5_CONFIG = None
class SshExec(object):
@@ -67,7 +66,7 @@ class SshExec(object):
if verbose:
cmd.insert(1, '-v')
- env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME': CCACHE_FILE}
+ env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME': paths.CONNCHECK_CCACHE}
return ipautil.run(cmd, env=env, raiseonerr=False)
@@ -374,7 +373,7 @@ def main():
stderr=''
(stdout, stderr, returncode) = ipautil.run([paths.KINIT, principal],
- env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE},
+ env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':paths.CONNCHECK_CCACHE},
stdin=password, raiseonerr=False)
if returncode != 0:
raise RuntimeError("Cannot acquire Kerberos ticket: %s" % stderr)
@@ -383,7 +382,7 @@ def main():
stderr=''
(stdout, stderr, returncode) = ipautil.run([paths.BIN_KVNO,
'host/%s' % options.master],
- env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':CCACHE_FILE},
+ env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME':paths.CONNCHECK_CCACHE},
raiseonerr=False)
if returncode != 0:
raise RuntimeError("Could not get ticket for master server: %s" % stderr)
@@ -427,7 +426,7 @@ if __name__ == "__main__":
sys.exit(e)
finally:
clean_responders(RESPONDERS)
- for file_name in (CCACHE_FILE, KRB5_CONFIG):
+ for file_name in (paths.CONNCHECK_CCACHE, KRB5_CONFIG):
if file_name:
try:
os.remove(file_name)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 74781d00d5432ae352bf01b3da834846a4cd5016..4e439f8058dd3a30b781801e6c102c4389bed7a7 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -54,7 +54,6 @@ from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
-log_file_name = paths.IPAREPLICA_INSTALL_LOG
DIRMAN_DN = DN(('cn', 'directory manager'))
REPLICA_INFO_TOP_DIR = None
@@ -447,7 +446,7 @@ def main():
if os.geteuid() != 0:
sys.exit("\nYou must be root to run this script.\n")
- standard_logging_setup(log_file_name, debug=options.debug)
+ standard_logging_setup(paths.IPAREPLICA_INSTALL_LOG, debug=options.debug)
root_logger.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
@@ -750,7 +749,8 @@ Run /usr/sbin/ipa-server-install --uninstall to clean up.
if __name__ == '__main__':
try:
with private_ccache():
- installutils.run_script(main, log_file_name=log_file_name,
+ installutils.run_script(main,
+ log_file_name=paths.IPAREPLICA_INSTALL_LOG,
operation_name='ipa-replica-install',
fail_message=fail_message)
finally:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 89d73304fbf7797c73f4f6251ff96c17a761d8af..9dcebf1f0370ad8269b627caf170bc0b283d3e9e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -92,8 +92,6 @@ VALID_SUBJECT_ATTRS = ['st', 'o', 'ou', 'dnqualifier', 'c',
'incorporationlocality', 'incorporationstate',
'incorporationcountry', 'businesscategory']
-SYSRESTORE_DIR_PATH = paths.SYSRESTORE
-
def subject_callback(option, opt_str, value, parser):
"""
Make sure the certificate subject base is a valid DN
@@ -401,31 +399,29 @@ def signal_handler(signum, frame):
dsinstance.erase_ds_instance_data (ds.serverid)
sys.exit(1)
-ANSWER_CACHE = paths.ROOT_IPA_CACHE
-
def read_cache(dm_password):
"""
Returns a dict of cached answers or empty dict if no cache file exists.
"""
- if not ipautil.file_exists(ANSWER_CACHE):
+ if not ipautil.file_exists(paths.ROOT_IPA_CACHE):
return {}
top_dir = tempfile.mkdtemp("ipa")
fname = "%s/cache" % top_dir
try:
- decrypt_file(ANSWER_CACHE, fname, dm_password, top_dir)
+ decrypt_file(paths.ROOT_IPA_CACHE, fname, dm_password, top_dir)
except Exception, e:
shutil.rmtree(top_dir)
- raise Exception("Decryption of answer cache in %s failed, please check your password." % ANSWER_CACHE)
+ raise Exception("Decryption of answer cache in %s failed, please check your password." % paths.ROOT_IPA_CACHE)
try:
with open(fname, 'rb') as f:
try:
optdict = pickle.load(f)
except Exception, e:
- raise Exception("Parse error in %s: %s" % (ANSWER_CACHE, str(e)))
+ raise Exception("Parse error in %s: %s" % (paths.ROOT_IPA_CACHE, str(e)))
except IOError, e:
- raise Exception("Read error in %s: %s" % (ANSWER_CACHE, str(e)))
+ raise Exception("Read error in %s: %s" % (paths.ROOT_IPA_CACHE, str(e)))
finally:
shutil.rmtree(top_dir)
@@ -446,7 +442,7 @@ def write_cache(options):
try:
with open(fname, 'wb') as f:
pickle.dump(options, f)
- ipautil.encrypt_file(fname, ANSWER_CACHE, options['dm_password'], top_dir)
+ ipautil.encrypt_file(fname, paths.ROOT_IPA_CACHE, options['dm_password'], top_dir)
except IOError, e:
raise Exception("Unable to cache command-line options %s" % str(e))
finally:
@@ -583,7 +579,7 @@ def uninstall():
tasks.restore_network_configuration(fstore, sstore)
fstore.restore_all_files()
try:
- os.remove(ANSWER_CACHE)
+ os.remove(paths.ROOT_IPA_CACHE)
except Exception:
pass
try:
@@ -608,11 +604,11 @@ def uninstall():
sysupgrade.remove_upgrade_file()
if fstore.has_files():
- root_logger.error('Some files have not been restored, see %s/sysrestore.index' % SYSRESTORE_DIR_PATH)
+ root_logger.error('Some files have not been restored, see %s/sysrestore.index' % paths.SYSRESTORE)
has_state = False
for module in IPA_MODULES: # from installutils
if sstore.has_state(module):
- root_logger.error('Some installation state for %s has not been restored, see %s/sysrestore.state' % (module, SYSRESTORE_DIR_PATH))
+ root_logger.error('Some installation state for %s has not been restored, see %s/sysrestore.state' % (module, paths.SYSRESTORE))
has_state = True
rv = 1
@@ -620,7 +616,7 @@ def uninstall():
root_logger.error('Some installation state has not been restored.\n'
'This may cause re-installation to fail.\n'
'It should be safe to remove %s/sysrestore.state but it may\n'
- 'mean your system hasn\'t be restored to its pre-installation state.' % SYSRESTORE_DIR_PATH)
+ 'mean your system hasn\'t be restored to its pre-installation state.' % paths.SYSRESTORE)
# Note that this name will be wrong after the first uninstall.
dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm))
@@ -690,9 +686,9 @@ def main():
root_logger.debug('IPA version %s' % version.VENDOR_VERSION)
global fstore
- fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH)
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
global sstore
- sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH)
+ sstore = sysrestore.StateFile(paths.SYSRESTORE)
# Configuration for ipalib, we will bootstrap and finalize later, after
# we are sure we have the configuration file ready.
@@ -782,7 +778,7 @@ def main():
sys.exit(1)
# This will override any settings passed in on the cmdline
- if ipautil.file_exists(ANSWER_CACHE):
+ if ipautil.file_exists(paths.ROOT_IPA_CACHE):
if options.dm_password is not None:
dm_password = options.dm_password
else:
@@ -1066,8 +1062,7 @@ def main():
installation_cleanup = False
# Create the management framework config file and finalize api
- target_fname = paths.IPA_DEFAULT_CONF
- fd = open(target_fname, "w")
+ fd = open(paths.IPA_DEFAULT_CONF, "w")
fd.write("[global]\n")
fd.write("host=%s\n" % host_name)
fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name))
@@ -1088,7 +1083,7 @@ def main():
fd.close()
# Must be readable for everyone
- os.chmod(target_fname, 0644)
+ os.chmod(paths.IPA_DEFAULT_CONF, 0644)
api.bootstrap(**cfg)
api.finalize()
@@ -1343,8 +1338,8 @@ def main():
print "In order for Firefox autoconfiguration to work you will need to"
print "use a SSL signing certificate. See the IPA documentation for more details."
- if ipautil.file_exists(ANSWER_CACHE):
- os.remove(ANSWER_CACHE)
+ if ipautil.file_exists(paths.ROOT_IPA_CACHE):
+ os.remove(paths.ROOT_IPA_CACHE)
return 0
if __name__ == '__main__':
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3914eb59066b515d33bebc19ca5afb4f50548bb2..a812f9864f1ef15ac1255071f2fd94861fed989f 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -115,20 +115,18 @@ def update_conf(sub_dict, filename, template_filename):
def find_hostname():
"""Find the hostname currently configured in ipa-rewrite.conf"""
- filename=paths.HTTPD_IPA_REWRITE_CONF
-
- if not ipautil.file_exists(filename):
+ if not ipautil.file_exists(paths.HTTPD_IPA_REWRITE_CONF):
return None
pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*"
p = re.compile(pattern)
- for line in fileinput.input(filename):
+ for line in fileinput.input(paths.HTTPD_IPA_REWRITE_CONF):
if p.search(line):
fileinput.close()
return p.search(line).group(1)
fileinput.close()
- raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename)
+ raise RuntimeError("Unable to determine the fully qualified hostname from %s" % paths.HTTPD_IPA_REWRITE_CONF)
def find_autoredirect(fqdn):
"""
@@ -138,11 +136,10 @@ def find_autoredirect(fqdn):
Returns True if autoredirect is enabled, False otherwise
"""
- filename = paths.HTTPD_IPA_REWRITE_CONF
- if os.path.exists(filename):
+ if os.path.exists(paths.HTTPD_IPA_REWRITE_CONF):
pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn
p = re.compile(pattern)
- for line in fileinput.input(filename):
+ for line in fileinput.input(paths.HTTPD_IPA_REWRITE_CONF):
if p.search(line):
fileinput.close()
return True
@@ -202,11 +199,10 @@ def check_certs():
"""Check ca.crt is in the right place, and try to fix if not"""
root_logger.info('[Verifying that root certificate is published]')
if not os.path.exists(paths.CA_CRT):
- ca_file = paths.ALIAS_CACERT_ASC
- if os.path.exists(ca_file):
+ if os.path.exists(paths.ALIAS_CACERT_ASC):
old_umask = os.umask(022) # make sure its readable by httpd
try:
- shutil.copyfile(ca_file, paths.CA_CRT)
+ shutil.copyfile(paths.ALIAS_CACERT_ASC, paths.CA_CRT)
finally:
os.umask(old_umask)
else:
@@ -731,11 +727,10 @@ def certificate_renewal_update(ca):
if not sysupgrade.get_upgrade_state('dogtag',
'certificate_renewal_update_1'):
- filename = paths.CERTMONGER_CAS_CA_RENEWAL
- if os.path.exists(filename):
+ if os.path.exists(paths.CERTMONGER_CAS_CA_RENEWAL):
with installutils.stopped_service('certmonger'):
- root_logger.info("Removing %s" % filename)
- installutils.remove_file(filename)
+ root_logger.info("Removing %s" % paths.CERTMONGER_CAS_CA_RENEWAL)
+ installutils.remove_file(paths.CERTMONGER_CAS_CA_RENEWAL)
ca.configure_certmonger_renewal()
ca.configure_renewal()
@@ -1112,11 +1107,10 @@ def main():
update_dbmodules(api.env.realm)
uninstall_ipa_kpasswd()
- removed_sysconfig_file = paths.SYSCONFIG_HTTPD
- if fstore.has_file(removed_sysconfig_file):
+ if fstore.has_file(paths.SYSCONFIG_HTTPD):
root_logger.info('Restoring %s as it is no longer required',
removed_sysconfig_file)
- fstore.restore_file(removed_sysconfig_file)
+ fstore.restore_file(paths.SYSCONFIG_HTTPD)
http = httpinstance.HTTPInstance(fstore)
http.remove_httpd_ccache()
diff --git a/install/wsgi/plugins.py b/install/wsgi/plugins.py
index 82b35eb438f7915e0672cbc116fa8344a2704bf4..64df08765d6ef9f2915282f6594902e0cbe05ea1 100644
--- a/install/wsgi/plugins.py
+++ b/install/wsgi/plugins.py
@@ -25,14 +25,12 @@
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import root_logger
-PLUGINS_DIR = paths.IPA_JS_PLUGINS_DIR
-
def get_plugin_index():
- if not os.path.isdir(PLUGINS_DIR):
+ if not os.path.isdir(paths.IPA_JS_PLUGINS_DIR):
raise Exception("Supplied plugin directory path is not a directory")
- dirs = os.listdir(PLUGINS_DIR)
+ dirs = os.listdir(paths.IPA_JS_PLUGINS_DIR)
index = 'define([],function(){return['
index += ','.join("'"+x+"'" for x in dirs)
index += '];});'
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index 110e0ba13287e8c3061864b2e6c7b27d0ca83a6c..a275284b2d03fedf448e8e86984e0d279c102d54 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -41,12 +41,6 @@ from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
-AUTOFS_CONF = paths.SYSCONFIG_AUTOFS
-NSSWITCH_CONF = paths.NSSWITCH_CONF
-AUTOFS_LDAP_AUTH = paths.AUTOFS_LDAP_AUTH_CONF
-NFS_CONF = paths.SYSCONFIG_NFS
-IDMAPD_CONF = paths.IDMAPD_CONF
-
def parse_options():
usage = "%prog [options]\n"
parser = OptionParser(usage=usage)
@@ -96,10 +90,10 @@ def wait_for_sssd():
def configure_xml(fstore):
from lxml import etree
- fstore.backup_file(AUTOFS_LDAP_AUTH)
+ fstore.backup_file(paths.AUTOFS_LDAP_AUTH_CONF)
try:
- f = open(AUTOFS_LDAP_AUTH, 'r')
+ f = open(paths.AUTOFS_LDAP_AUTH_CONF, 'r')
lines = f.read()
f.close()
@@ -113,7 +107,7 @@ def configure_xml(fstore):
root = element[0].getroottree()
if len(element) != 1:
- raise RuntimeError('Unable to parse %s' % AUTOFS_LDAP_AUTH)
+ raise RuntimeError('Unable to parse %s' % paths.AUTOFS_LDAP_AUTH_CONF)
element[0].set('usetls', 'no')
element[0].set('tlsrequired', 'no')
@@ -121,20 +115,20 @@ def configure_xml(fstore):
element[0].set('authtype', 'GSSAPI')
element[0].set('clientprinc', 'host/%s@%s' % (api.env.host, api.env.realm))
- newconf = open(AUTOFS_LDAP_AUTH, 'w')
+ newconf = open(paths.AUTOFS_LDAP_AUTH_CONF, 'w')
try:
root.write(newconf, pretty_print=True, xml_declaration=True, encoding='UTF-8')
newconf.close()
except IOError, e:
- print "Unable to write %s: %s" % (AUTOFS_LDAP_AUTH, e)
- print "Configured %s" % AUTOFS_LDAP_AUTH
+ print "Unable to write %s: %s" % (paths.AUTOFS_LDAP_AUTH_CONF, e)
+ print "Configured %s" % paths.AUTOFS_LDAP_AUTH_CONF
def configure_nsswitch(fstore, options):
"""
Point automount to ldap in nsswitch.conf. This function is for non-SSSD
setups only
"""
- fstore.backup_file(NSSWITCH_CONF)
+ fstore.backup_file(paths.NSSWITCH_CONF)
conf = ipachangeconf.IPAChangeConf("IPA Installer")
conf.setOptionAssignment(':')
@@ -144,9 +138,9 @@ def configure_nsswitch(fstore, options):
opts = [{'name':'automount', 'type':'option', 'action':'set', 'value':nss_value},
{'name':'empty', 'type':'empty'}]
- conf.changeConf(NSSWITCH_CONF, opts)
+ conf.changeConf(paths.NSSWITCH_CONF, opts)
- print "Configured %s" % NSSWITCH_CONF
+ print "Configured %s" % paths.NSSWITCH_CONF
def configure_autofs_sssd(fstore, statestore, autodiscover, options):
try:
@@ -221,11 +215,11 @@ def configure_autofs(fstore, statestore, autodiscover, server, options):
}
ipautil.backup_config_and_replace_variables(fstore,
- AUTOFS_CONF, replacevars=replacevars)
- tasks.restore_context(AUTOFS_CONF)
+ paths.SYSCONFIG_AUTOFS, replacevars=replacevars)
+ tasks.restore_context(paths.SYSCONFIG_AUTOFS)
statestore.backup_state('autofs', 'sssd', False)
- print "Configured %s" % AUTOFS_CONF
+ print "Configured %s" % paths.SYSCONFIG_AUTOFS
def configure_autofs_common(fstore, statestore, options):
autofs = services.knownservices.autofs
@@ -244,16 +238,16 @@ def configure_autofs_common(fstore, statestore, options):
def uninstall(fstore, statestore):
print "Restoring configuration"
- if fstore.has_file(AUTOFS_CONF):
- fstore.restore_file(AUTOFS_CONF)
- if fstore.has_file(NSSWITCH_CONF):
- fstore.restore_file(NSSWITCH_CONF)
- if fstore.has_file(AUTOFS_LDAP_AUTH):
- fstore.restore_file(AUTOFS_LDAP_AUTH)
- if fstore.has_file(NFS_CONF):
- fstore.restore_file(NFS_CONF)
- if fstore.has_file(IDMAPD_CONF):
- fstore.restore_file(IDMAPD_CONF)
+ if fstore.has_file(paths.SYSCONFIG_AUTOFS):
+ fstore.restore_file(paths.SYSCONFIG_AUTOFS)
+ if fstore.has_file(paths.NSSWITCH_CONF):
+ fstore.restore_file(paths.NSSWITCH_CONF)
+ if fstore.has_file(paths.AUTOFS_LDAP_AUTH_CONF):
+ fstore.restore_file(paths.AUTOFS_LDAP_AUTH_CONF)
+ if fstore.has_file(paths.SYSCONFIG_NFS):
+ fstore.restore_file(paths.SYSCONFIG_NFS)
+ if fstore.has_file(paths.IDMAPD_CONF):
+ fstore.restore_file(paths.IDMAPD_CONF)
if statestore.has_state('autofs'):
enabled = statestore.restore_state('autofs', 'enabled')
running = statestore.restore_state('autofs', 'running')
@@ -314,19 +308,19 @@ def configure_nfs(fstore, statestore):
'SECURE_NFS': 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
- NFS_CONF, replacevars=replacevars)
- tasks.restore_context(NFS_CONF)
+ paths.SYSCONFIG_NFS, replacevars=replacevars)
+ tasks.restore_context(paths.SYSCONFIG_NFS)
- print "Configured %s" % NFS_CONF
+ print "Configured %s" % paths.SYSCONFIG_NFS
replacevars = {
'Domain': api.env.domain,
}
ipautil.backup_config_and_replace_variables(fstore,
- IDMAPD_CONF, replacevars=replacevars)
- tasks.restore_context(IDMAPD_CONF)
+ paths.IDMAPD_CONF, replacevars=replacevars)
+ tasks.restore_context(paths.IDMAPD_CONF)
- print "Configured %s" % IDMAPD_CONF
+ print "Configured %s" % paths.IDMAPD_CONF
rpcidmapd = services.knownservices.rpcidmapd
statestore.backup_state('rpcidmapd', 'enabled', rpcidmapd.is_enabled())
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 2e59df99551dfb457e8ca19a31d51b103f59825a..c70d5bfde3cf39d60f90f0fc0bcdae8d65606198 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -70,10 +70,6 @@ CLIENT_NOT_CONFIGURED = 2
CLIENT_ALREADY_CONFIGURED = 3
CLIENT_UNINSTALL_ERROR = 4 # error after restoring files/state
-SSH_AUTHORIZEDKEYSCOMMAND = paths.SSS_SSH_AUTHORIZEDKEYS
-SSH_PROXYCOMMAND = paths.SSS_SSH_KNOWNHOSTSPROXY
-SSH_KNOWNHOSTSFILE = paths.SSSD_PUBCONF_KNOWN_HOSTS
-
client_nss_nickname_format = 'IPA Machine Certificate - %s'
def parse_options():
@@ -1276,9 +1272,9 @@ def configure_ssh_config(fstore, options):
'PubkeyAuthentication': 'yes',
}
- if options.sssd and file_exists(SSH_PROXYCOMMAND):
- changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND
- changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE
+ if options.sssd and file_exists(paths.SSS_SSH_KNOWNHOSTSPROXY):
+ changes['ProxyCommand'] = '%s -p %%p %%h' % paths.SSS_SSH_KNOWNHOSTSPROXY
+ changes['GlobalKnownHostsFile'] = paths.SSSD_PUBCONF_KNOWN_HOSTS
if options.trust_sshfp:
changes['VerifyHostKeyDNS'] = 'yes'
changes['HostKeyAlgorithms'] = 'ssh-rsa,ssh-dss'
@@ -1304,20 +1300,20 @@ def configure_sshd_config(fstore, options):
'UsePAM': 'yes',
}
- if options.sssd and file_exists(SSH_AUTHORIZEDKEYSCOMMAND):
+ if options.sssd and file_exists(paths.SSS_SSH_AUTHORIZEDKEYS):
authorized_keys_changes = None
candidates = (
{
- 'AuthorizedKeysCommand': SSH_AUTHORIZEDKEYSCOMMAND,
+ 'AuthorizedKeysCommand': paths.SSS_SSH_AUTHORIZEDKEYS,
'AuthorizedKeysCommandUser': 'nobody',
},
{
- 'AuthorizedKeysCommand': SSH_AUTHORIZEDKEYSCOMMAND,
+ 'AuthorizedKeysCommand': paths.SSS_SSH_AUTHORIZEDKEYS,
'AuthorizedKeysCommandRunAs': 'nobody',
},
{
- 'PubKeyAgent': '%s %%u' % SSH_AUTHORIZEDKEYSCOMMAND,
+ 'PubKeyAgent': '%s %%u' % paths.SSS_SSH_AUTHORIZEDKEYS,
'PubKeyAgentRunAs': 'nobody',
},
)
@@ -1454,23 +1450,23 @@ def resolve_ipaddress(server):
raise last_socket_error # pylint: disable=E0702
def do_nsupdate(update_txt):
- root_logger.debug("Writing nsupdate commands to %s:", UPDATE_FILE)
+ root_logger.debug("Writing nsupdate commands to %s:", paths.IPA_DNS_UPDATE_TXT)
root_logger.debug("%s", update_txt)
- update_fd = file(UPDATE_FILE, "w")
+ update_fd = file(paths.IPA_DNS_UPDATE_TXT, "w")
update_fd.write(update_txt)
update_fd.flush()
update_fd.close()
result = False
try:
- ipautil.run([paths.NSUPDATE, '-g', UPDATE_FILE])
+ ipautil.run([paths.NSUPDATE, '-g', paths.IPA_DNS_UPDATE_TXT])
result = True
except CalledProcessError, e:
root_logger.debug('nsupdate failed: %s', str(e))
try:
- os.remove(UPDATE_FILE)
+ os.remove(paths.IPA_DNS_UPDATE_TXT)
except Exception:
pass
@@ -1498,9 +1494,6 @@ show
send
"""
-UPDATE_FILE = paths.IPA_DNS_UPDATE_TXT
-CCACHE_FILE = paths.IPA_DNS_CCACHE
-
def update_dns(server, hostname):
try:
@@ -2429,7 +2422,7 @@ def install(options, env, fstore, statestore):
# only the KDC we're installing under is contacted.
# Other KDCs might not have replicated the principal yet.
# Once we have the TGT, it's usable on any server.
- env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = CCACHE_FILE
+ env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
try:
run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB,
'host/%s@%s' % (hostname, cli_realm)], env=env)
@@ -2475,7 +2468,7 @@ def install(options, env, fstore, statestore):
if options.on_master:
# If on master assume kerberos is already configured properly.
# Get the host TGT.
- os.environ['KRB5CCNAME'] = CCACHE_FILE
+ os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
try:
run([paths.KINIT, '-k', '-t', paths.KRB5_KEYTAB,
host_principal])
@@ -2616,7 +2609,7 @@ def install(options, env, fstore, statestore):
update_ssh_keys(cli_server[0], hostname, services.knownservices.sshd.get_config_dir(), options.create_sshfp)
try:
- os.remove(CCACHE_FILE)
+ os.remove(paths.IPA_DNS_CCACHE)
except Exception:
pass
@@ -2829,6 +2822,6 @@ except RuntimeError, e:
sys.exit(e)
finally:
try:
- os.remove(CCACHE_FILE)
+ os.remove(paths.IPA_DNS_CCACHE)
except Exception:
pass
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
index e1ac55a1d734acda4766ba3cf8598c020c30deac..a5c5b2257f8d9732c8fa862b4bdf2813efa04abe 100644
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -97,9 +97,6 @@ def __write_config(path, content):
fd.close()
def config_ntp(server_fqdn, fstore = None, sysstore = None):
- path_step_tickers = paths.NTP_STEP_TICKERS
- path_ntp_conf = paths.NTP_CONF
- path_ntp_sysconfig = paths.SYSCONFIG_NTPD
sub_dict = { }
sub_dict["SERVER"] = server_fqdn
@@ -107,12 +104,12 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None):
config_step_tickers = False
- if os.path.exists(path_step_tickers):
+ if os.path.exists(paths.NTP_STEP_TICKERS):
config_step_tickers = True
ns = ipautil.template_str(ntp_step_tickers, sub_dict)
- __backup_config(path_step_tickers, fstore)
- __write_config(path_step_tickers, ns)
- tasks.restore_context(path_step_tickers)
+ __backup_config(paths.NTP_STEP_TICKERS, fstore)
+ __write_config(paths.NTP_STEP_TICKERS, ns)
+ tasks.restore_context(paths.NTP_STEP_TICKERS)
if sysstore:
module = 'ntp'
@@ -120,13 +117,13 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None):
if config_step_tickers:
sysstore.backup_state(module, "step-tickers", True)
- __backup_config(path_ntp_conf, fstore)
- __write_config(path_ntp_conf, nc)
- tasks.restore_context(path_ntp_conf)
+ __backup_config(paths.NTP_CONF, fstore)
+ __write_config(paths.NTP_CONF, nc)
+ tasks.restore_context(paths.NTP_CONF)
- __backup_config(path_ntp_sysconfig, fstore)
- __write_config(path_ntp_sysconfig, ntp_sysconfig)
- tasks.restore_context(path_ntp_sysconfig)
+ __backup_config(paths.SYSCONFIG_NTPD, fstore)
+ __write_config(paths.SYSCONFIG_NTPD, ntp_sysconfig)
+ tasks.restore_context(paths.SYSCONFIG_NTPD)
# Set the ntpd to start on boot
services.knownservices.ntpd.enable()
@@ -143,13 +140,12 @@ def synconce_ntp(server_fqdn):
Returns True if sync was successful
"""
- ntpd = paths.NTPD
- if not os.path.exists(ntpd):
+ if not os.path.exists(paths.NTPD):
return False
tmp_ntp_conf = ipautil.write_tmp_file('server %s' % server_fqdn)
try:
- ipautil.run([ntpd, '-qgc', tmp_ntp_conf.name])
+ ipautil.run([paths.NTPD, '-qgc', tmp_ntp_conf.name])
return True
except ipautil.CalledProcessError:
return False
diff --git a/ipalib/session.py b/ipalib/session.py
index ae40fdfe189b3bfd5f0437c04efaab73ac31f88a..df5f835525049d58f7a172d0e060f5ef66deaa19 100644
--- a/ipalib/session.py
+++ b/ipalib/session.py
@@ -1213,11 +1213,11 @@ def delete_session_data(self, session_id):
krbccache_prefix = 'krbcc_'
def _get_krbccache_pathname():
- return os.path.join(krbccache_dir, '%s%s' % (krbccache_prefix, os.getpid()))
+ return os.path.join(paths.IPA_MEMCACHED_DIR, '%s%s' % (krbccache_prefix, os.getpid()))
def get_ipa_ccache_name(scheme='FILE'):
if scheme == 'FILE':
- name = os.path.join(krbccache_dir, '%s%s' % (krbccache_prefix, os.getpid()))
+ name = os.path.join(paths.IPA_MEMCACHED_DIR, '%s%s' % (krbccache_prefix, os.getpid()))
else:
raise ValueError('ccache scheme "%s" unsupported', scheme)
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py
index 351f523c112381e7859573025fdbf085d1c771b7..abb1661fb8840835ab1fcc9a873f5cb6b78b8d7c 100644
--- a/ipaplatform/fedora/tasks.py
+++ b/ipaplatform/fedora/tasks.py
@@ -168,12 +168,10 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
"Could not remove %s: %s", new_cacert_path, e)
return False
- new_cacert_path = paths.IPA_P11_KIT
-
try:
- f = open(new_cacert_path, 'w')
+ f = open(paths.IPA_P11_KIT, 'w')
except IOError, e:
- root_logger.info("Failed to open %s: %s" % (new_cacert_path, e))
+ root_logger.info("Failed to open %s: %s" % (paths.IPA_P11_KIT, e))
return False
f.write("# This file was created by IPA. Do not edit.\n"
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py
index bcfafdaf450903a1e67a0bcfa23d26d0ce311428..0fbff6167d3332d40fee63028c6351255034cfaf 100644
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -32,9 +32,6 @@
from ipaplatform.paths import paths
from ipaplatform import services
-REQUEST_DIR = paths.CERTMONGER_REQUESTS_DIR
-CA_DIR = paths.CERTMONGER_CAS_DIR
-
DBUS_CM_PATH = '/org/fedorahosted/certmonger'
DBUS_CM_IF = 'org.fedorahosted.certmonger'
DBUS_CM_REQUEST_IF = 'org.fedorahosted.certmonger.request'
@@ -417,7 +414,6 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
"""
cm = _connect_to_certmonger()
- certmonger_cmd_template = paths.CERTMONGER_COMMAND_TEMPLATE
params = {'TRACK': True}
params['cert-nickname'] = nickname
@@ -439,7 +435,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
libpath = 'lib64'
else:
libpath = 'lib'
- pre_command = certmonger_cmd_template % (libpath, pre_command)
+ pre_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, pre_command)
params['cert-presave-command'] = pre_command
if post_command:
if not os.path.isabs(post_command):
@@ -447,7 +443,7 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command,
libpath = 'lib64'
else:
libpath = 'lib'
- post_command = certmonger_cmd_template % (libpath, post_command)
+ post_command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, post_command)
params['cert-postsave-command'] = post_command
if profile:
params['ca-profile'] = profile
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 45b334d0a3c2ebf7ee5b6d1cb980e05895fa1e0a..9b473b372a1e5ba4767459e23c158233118b46d1 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -46,7 +46,6 @@
from ipapython.dn import DN
SHARE_DIR = paths.USR_SHARE_IPA_DIR
-PLUGINS_SHARE_DIR = paths.IPA_PLUGINS
GEN_PWD_LEN = 12
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index caeca3c4ab357193aef4d0e6a373240acfdf1993..d957a34d5d949d42464321c20531cfe0b911598b 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -524,7 +524,6 @@ def kinit_as_http(self, domain):
realm = api.env.realm
hostname = api.env.host
principal = 'HTTP/%s@%s' % (hostname, realm)
- keytab = paths.IPA_KEYTAB
# Destroy the contents of the ccache
root_logger.debug('Destroying the contents of the separate ccache')
@@ -539,7 +538,7 @@ def kinit_as_http(self, domain):
'service principal with MS-PAC attached.')
(stdout, stderr, returncode) = ipautil.run(
- [paths.KINIT, '-kt', keytab, principal],
+ [paths.KINIT, '-kt', paths.IPA_KEYTAB, principal],
env={'KRB5CCNAME': ccache_path},
raiseonerr=False)
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index b4d644fdbf784dd7936adc8eb085f4825cab797e..4025cfb0bb49ee2e479dc347f0555976bb2ce464 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -911,8 +911,7 @@ def uninstall(self):
self.print_msg('WARNING: ' + str(e))
# Remove samba's credentials cache
- krb5cc_samba = paths.KRB5CC_SAMBA
- installutils.remove_file(krb5cc_samba)
+ installutils.remove_file(paths.KRB5CC_SAMBA)
# Remove samba's configuration file
installutils.remove_file(self.smb_conf)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 2e8836ec6bc9e727a6917523a0979febd33a1585..17094f7fd46ca298aa88f480e5b18f7e607f8c95 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -42,9 +42,6 @@
normalize_zone, get_reverse_zone_default, zone_is_reverse)
from ipalib.constants import CACERT
-NAMED_CONF = paths.NAMED_CONF
-RESOLV_CONF = paths.RESOLV_CONF
-
named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{')
named_conf_section_options_start_re = re.compile('\s*options\s+{')
named_conf_section_end_re = re.compile('};')
@@ -75,7 +72,7 @@ def check_inst(unattended):
if not has_bind:
return False
- if not unattended and os.path.exists(NAMED_CONF):
+ if not unattended and os.path.exists(paths.NAMED_CONF):
msg = "Existing BIND configuration detected, overwrite?"
return ipautil.user_input(msg, False)
@@ -86,7 +83,7 @@ def create_reverse():
def named_conf_exists():
try:
- named_fd = open(NAMED_CONF, 'r')
+ named_fd = open(paths.NAMED_CONF, 'r')
except IOError:
return False
lines = named_fd.readlines()
@@ -116,7 +113,7 @@ def named_conf_get_directive(name, section=NAMED_SECTION_IPA, str_val=True):
else:
raise NotImplementedError('Section "%s" is not supported' % section)
- with open(NAMED_CONF, 'r') as f:
+ with open(paths.NAMED_CONF, 'r') as f:
target_section = False
for line in f:
if named_conf_section_start_re.match(line):
@@ -163,7 +160,7 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA,
else:
raise NotImplementedError('Section "%s" is not supported' % section)
- with open(NAMED_CONF, 'r') as f:
+ with open(paths.NAMED_CONF, 'r') as f:
target_section = False
matched = False
last_indent = "\t"
@@ -200,7 +197,7 @@ def named_conf_set_directive(name, value, section=NAMED_SECTION_IPA,
new_lines.append(line)
# write new configuration
- with open(NAMED_CONF, 'w') as f:
+ with open(paths.NAMED_CONF, 'w') as f:
f.write("".join(new_lines))
def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False, realm=None,
@@ -832,16 +829,16 @@ def __setup_principal(self):
raise
def __setup_named_conf(self):
- self.fstore.backup_file(NAMED_CONF)
+ self.fstore.backup_file(paths.NAMED_CONF)
named_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.named.conf.template", self.sub_dict)
- named_fd = open(NAMED_CONF, 'w')
+ named_fd = open(paths.NAMED_CONF, 'w')
named_fd.seek(0)
named_fd.truncate(0)
named_fd.write(named_txt)
named_fd.close()
def __setup_resolv_conf(self):
- self.fstore.backup_file(RESOLV_CONF)
+ self.fstore.backup_file(paths.RESOLV_CONF)
resolv_txt = "search "+self.domain+"\n"
for ip_address in self.ip_addresses:
@@ -854,7 +851,7 @@ def __setup_resolv_conf(self):
resolv_txt += "nameserver ::1\n"
break
try:
- resolv_fd = open(RESOLV_CONF, 'w')
+ resolv_fd = open(paths.RESOLV_CONF, 'w')
resolv_fd.seek(0)
resolv_fd.truncate(0)
resolv_fd.write(resolv_txt)
@@ -1045,7 +1042,7 @@ def uninstall(self):
if not running is None:
self.stop()
- for f in [NAMED_CONF, RESOLV_CONF]:
+ for f in [paths.NAMED_CONF, paths.RESOLV_CONF]:
try:
self.fstore.restore_file(f)
except ValueError, error:
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c9a1c15e9495108382f6e2e8a58f6cc4e8f79c98..62eeabec90d542d4b7a5e7a86c30d3cafedc2db5 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -45,9 +45,6 @@
from ipaplatform import services
from ipaplatform.paths import paths
-SERVER_ROOT_64 = paths.USR_LIB_DIRSRV_64
-SERVER_ROOT_32 = paths.USR_LIB_DIRSRV
-
DS_USER = 'dirsrv'
DS_GROUP = 'dirsrv'
@@ -69,10 +66,10 @@
def find_server_root():
- if ipautil.dir_exists(SERVER_ROOT_64):
- return SERVER_ROOT_64
+ if ipautil.dir_exists(paths.USR_LIB_DIRSRV_64):
+ return paths.USR_LIB_DIRSRV_64
else:
- return SERVER_ROOT_32
+ return paths.USR_LIB_DIRSRV
def realm_to_serverid(realm_name):
return "-".join(realm_name.split("."))
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 2baa5dde035fa8fb93817d5f94b1fc257483798b..230bb37e31d16632085d3c4893facf725ef3d157 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -63,9 +63,6 @@
--keyring /root/backup.pub --list-secret-keys
"""
-BACKUP_DIR = paths.IPA_BACKUP_DIR
-
-
def encrypt_file(filename, keyring, remove_original=True):
source = filename
dest = filename + '.gpg'
@@ -526,10 +523,10 @@ def finalize_backup(self, data_only=False, encrypt=False, keyring=None):
'''
if data_only:
- backup_dir = os.path.join(BACKUP_DIR, time.strftime('ipa-data-%Y-%m-%d-%H-%M-%S'))
+ backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-data-%Y-%m-%d-%H-%M-%S'))
filename = os.path.join(backup_dir, "ipa-data.tar")
else:
- backup_dir = os.path.join(BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
+ backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
filename = os.path.join(backup_dir, "ipa-full.tar")
os.mkdir(backup_dir, 0700)
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index ce0cff22ab03525882b1ae232d45f132b93a8d43..e70e25a8fa7dca23c214a561803df0b47cf4e6a0 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -424,15 +424,12 @@ def copy_misc_files(self):
self.log.info("Copying additional files")
self.copy_info_file(CACERT, "ca.crt")
- preferences_filename = paths.PREFERENCES_HTML
- if ipautil.file_exists(preferences_filename):
- self.copy_info_file(preferences_filename, "preferences.html")
- jar_filename = paths.CONFIGURE_JAR
- if ipautil.file_exists(jar_filename):
- self.copy_info_file(jar_filename, "configure.jar")
- cacert_filename = paths.CACERT_PEM
- if ipautil.file_exists(cacert_filename):
- self.copy_info_file(cacert_filename, "cacert.pem")
+ if ipautil.file_exists(paths.PREFERENCES_HTML):
+ self.copy_info_file(paths.PREFERENCES_HTML, "preferences.html")
+ if ipautil.file_exists(paths.CONFIGURE_JAR):
+ self.copy_info_file(paths.CONFIGURE_JAR, "configure.jar")
+ if ipautil.file_exists(paths.CACERT_PEM):
+ self.copy_info_file(paths.CACERT_PEM, "cacert.pem")
self.copy_info_file(paths.IPA_DEFAULT_CONF, "default.conf")
def save_config(self):
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 239de99c462639854e8e25c6b9278cb94b6fc6b8..7898de0f6f6613db95ea93bb4a91bd44a2c68951 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -41,7 +41,6 @@
from ipapython import ipaldap
import ipapython.errors
from ipaplatform.tasks import tasks
-from ipaserver.install.ipa_backup import BACKUP_DIR
from ipaplatform import services
from ipaplatform.paths import paths
@@ -144,7 +143,7 @@ def validate_options(self):
dirname = self.args[0]
if not os.path.isabs(dirname):
- self.backup_dir = os.path.join(BACKUP_DIR, dirname)
+ self.backup_dir = os.path.join(paths.IPA_BACKUP_DIR, dirname)
else:
self.backup_dir = dirname
diff --git a/ipaserver/install/sysupgrade.py b/ipaserver/install/sysupgrade.py
index 4ce652ca1ceeed212e918a17eb60629e38507773..19e017d904a67f1165f2054068612418029d4463 100644
--- a/ipaserver/install/sysupgrade.py
+++ b/ipaserver/install/sysupgrade.py
@@ -24,7 +24,6 @@
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
-STATEFILE_DIR = paths.STATEFILE_DIR
STATEFILE_FILE = 'sysupgrade.state'
_sstore = None
@@ -32,7 +31,7 @@
def _load_sstore():
global _sstore
if _sstore is None:
- _sstore = sysrestore.StateFile(STATEFILE_DIR, STATEFILE_FILE)
+ _sstore = sysrestore.StateFile(paths.STATEFILE_DIR, STATEFILE_FILE)
def get_upgrade_state(module, state):
_load_sstore()
@@ -51,6 +50,6 @@ def remove_upgrade_state(module, state):
def remove_upgrade_file():
try:
- os.remove(os.path.join(STATEFILE_DIR, STATEFILE_FILE))
+ os.remove(os.path.join(paths.STATEFILE_DIR, STATEFILE_FILE))
except Exception, e:
root_logger.debug('Cannot remove sysupgrade state file: %s', e)
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index b553721eba615f324f9e52331cbd0910c3e14be6..622f2b8cfca6aa7e07452868a8c9264dd3b0f88d 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -31,7 +31,6 @@
from ipaserver.install import ldapupdate
from ipaserver.install import service
-DSBASE = paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE
DSE = 'dse.ldif'
class IPAUpgrade(service.Service):
@@ -54,8 +53,8 @@ def __init__(self, realm_name, files=[], live_run=True, schema_files=[]):
ext += h
service.Service.__init__(self, "dirsrv")
serverid = dsinstance.realm_to_serverid(realm_name)
- self.filename = '%s/%s' % (DSBASE % serverid, DSE)
- self.savefilename = '%s/%s.ipa.%s' % (DSBASE % serverid, DSE, ext)
+ self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE)
+ self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext)
self.live_run = live_run
self.files = files
self.modified = False
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 18de23d3a5bed485d35adb18b22d04255f933448..09ba42ee16a732ba5d32bf503f8c3de238f0da4d 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -957,15 +957,14 @@ def kinit(self, user, realm, password, ccache_name):
# get http service ccache as an armor for FAST to enable OTP authentication
armor_principal = krb5_format_service_principal_name(
'HTTP', self.api.env.host, realm)
- keytab = paths.IPA_KEYTAB
armor_name = "%sA_%s" % (krbccache_prefix, user)
armor_path = os.path.join(krbccache_dir, armor_name)
self.debug('Obtaining armor ccache: principal=%s keytab=%s ccache=%s',
- armor_principal, keytab, armor_path)
+ armor_principal, paths.IPA_KEYTAB, armor_path)
(stdout, stderr, returncode) = ipautil.run(
- [paths.KINIT, '-kt', keytab, armor_principal],
+ [paths.KINIT, '-kt', paths.IPA_KEYTAB, armor_principal],
env={'KRB5CCNAME': armor_path}, raiseonerr=False)
if returncode != 0:
--
1.9.3
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
