[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 5a213f334d14bba8ad06240a37d843555db6dc2b Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir The environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Some scripts (e.g. servers, installers, and upgrades) set the confdir explicitly and do not support the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 ipalib/config.py | 12 ++- ipalib/plugable.py| 9 ipatests/test_ipalib/test_plugable.py | 40 +-- ipatests/util.py | 6 ++ 5 files changed, 68 insertions(+), 3 deletions(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index cc5641b..f35f557 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -190,6 +190,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/ipalib/config.py b/ipalib/config.py index 1075d62..9d87782 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -43,6 +43,7 @@ from ipalib.base import check_name from ipalib.constants import CONFIG_SECTION from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR +from ipapython.admintool import ScriptError if six.PY3: unicode = str @@ -460,8 +461,17 @@ def _bootstrap(self, **overrides): self.context = 'default' # Set confdir: +self.env_confdir = os.environ.get('IPA_CONFDIR') if 'confdir' not in self: -if self.in_tree: +if self.env_confdir is not None: +if (not path.isabs(self.env_confdir) +or not path.isdir(self.env_confdir)): +raise ScriptError( +"IPA_CONFDIR env var must be an absolute path to an " +"existing directory, got '{}'.".format( +self.env_confdir)) +self.confdir = self.env_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') diff --git a/ipalib/plugable.py b/ipalib/plugable.py index 503534f..142b3e6 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -713,6 +713,15 @@ def finalize(self): self.__doing('finalize') self.__do_if_not_done('load_plugins') +if self.env.env_confdir is not None: +if self.env.env_confdir == self.env.confdir: +self.log.info( +"IPA_CONFDIR env sets confdir to '%s'.", self.env.confdir) +else: +self.log.warn( +"IPA_CONFDIR env is overridden by an explicit confdir " +"argument.") + for plugin in self.__plugins: if not self.env.validate_api: if plugin.full_name not in DEFAULT_PLUGINS: diff --git a/ipatests/test_ipalib/test_plugable.py b/ipatests/test_ipalib/test_plugable.py index 1ee1102..ff22446 100644 --- a/ipatests/test_ipalib/test_plugable.py +++ b/ipatests/test_ipalib/test_plugable.py @@ -24,9 +24,13 @@ # FIXME: Pylint errors # pylint: disable=no-member +import os +import textwrap + +from ipalib import plugable, errors, create_api +from ipapython.admintool import ScriptError from ipatests.util import raises, read_only -from ipatests.util import ClassChecker, create_test_api -from ipalib import plugable, errors +from ipatests.util import ClassChecker, create_test_api, TempHome import pytest @@ -272,3 +276,35 @@ def test_load_plugins(self): assert o.isdone('load_plugins') is True e = raises(Exception, o.load_plugins) assert str(e) == 'API.load_plugins() already called' + +def test_ipaconf_env(self): +ipa_confdir = os.environ.get('IPA_CONFDIR', None) +try: +with TempHome() as home: +defaultconf = home.join('default.conf') +with open(defaultconf, 'w') as f: +f.write(textwrap.dedent(""" +[global] +
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 3805dfba1dc222f3cd6cc6299bfe97c70e3e8bae Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 28 Nov 2016 16:24:33 +0100 Subject: [PATCH 1/2] Set explicit confdir option for global contexts Some API contexts are used to modify global state (e.g. files in /etc and /var). These contexts do not support confdir overrides. Initialize the API with an explicit confdir argument to paths.ETC_IPA. The special contexts are: * backup * cli_installer * installer * ipctl * renew * restore * server * updates The patch also corrects the context of the ipa-httpd-kdcproxy script to 'server'. https://fedorahosted.org/freeipa/ticket/6389 Signed-off-by: Christian Heimes --- client/ipa-client-automount | 1 + install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 +- install/migration/migration.py | 3 ++- install/oddjob/com.redhat.idm.trust-fetch-domains | 4 +++- install/restart_scripts/renew_ca_cert | 2 +- install/restart_scripts/restart_dirsrv | 3 ++- install/restart_scripts/stop_pkicad | 3 ++- install/share/copy-schema-to-ca.py | 2 +- install/share/wsgi.py | 6 -- install/tools/ipa-httpd-kdcproxy| 3 ++- install/tools/ipa-replica-conncheck | 4 +++- install/tools/ipactl| 5 - ipaclient/install/client.py | 1 + ipaclient/install/ipa_certupdate.py | 2 +- ipaserver/install/ipa_backup.py | 2 +- ipaserver/install/ipa_ldap_updater.py | 2 +- ipaserver/install/ipa_restore.py| 1 + ipaserver/install/ipa_server_upgrade.py | 2 +- ipaserver/install/ipa_winsync_migrate.py| 3 ++- ipaserver/install/ldapupdate.py | 4 +++- ipaserver/install/server/install.py | 2 ++ ipaserver/install/server/replicainstall.py | 19 +-- 22 files changed, 52 insertions(+), 24 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 0dd15b3..18914bd 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -384,6 +384,7 @@ def main(): cfg = dict( context='cli_installer', +confdir=paths.ETC_IPA, in_server=False, debug=options.debug, verbose=0, diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 7389a5e..2e137ad 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -494,7 +494,7 @@ def main(): 'ipaCACertRenewal': renew_ca_cert, } -api.bootstrap(in_server=True, context='renew') +api.bootstrap(in_server=True, context='renew', confdir=paths.ETC_IPA) api.finalize() api.Backend.ldap2.connect() diff --git a/install/migration/migration.py b/install/migration/migration.py index 4743279..73e4777 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -24,6 +24,7 @@ import errno from wsgiref.util import request_uri +from ipaplatform.paths import paths from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN from ipapython import ipaldap @@ -72,7 +73,7 @@ def application(environ, start_response): # API object only for configuration, finalize() not needed api = create_api(mode=None) -api.bootstrap(context='server', in_server=True) +api.bootstrap(context='server', confdir=paths.ETC_IPA, in_server=True) try: bind(api.env.ldap_uri, api.env.basedn, form_data['username'].value, form_data['password'].value) diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains index a0d8a31..e5c2e8c 100755 --- a/install/oddjob/com.redhat.idm.trust-fetch-domains +++ b/install/oddjob/com.redhat.idm.trust-fetch-domains @@ -8,6 +8,7 @@ from ipapython.dn import DN from ipalib.config import Env from ipalib.constants import DEFAULT_CONFIG from ipaplatform.constants import constants +from ipaplatform.paths import paths import sys import os import pwd @@ -95,7 +96,8 @@ env._bootstrap(debug=options.debug, log=None) env._finalize_core(**dict(DEFAULT_CONFIG)) # Initialize the API with the proper debug level -api.bootstrap(in_server=True, debug=env.debug, log=None, context='server') +api.bootstrap(in_server=True, debug=env.debug, log=None, + context='server',
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 686ade0be3bffd8bda3795728163d5d27df0b9ad Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 28 Nov 2016 16:24:33 +0100 Subject: [PATCH 1/2] Set explicit confdir option for global contexts Some API contexts are used to modify global state (e.g. files in /etc and /var). These contexts do not support confdir overrides. Initialize the API with an explicit confdir argument to paths.ETC_IPA. The special contexts are: * backup * cli_installer * installer * ipctl * renew * restore * server * updates The patch also corrects the context of the ipa-httpd-kdcproxy script to 'server'. https://fedorahosted.org/freeipa/ticket/6389 Signed-off-by: Christian Heimes --- client/ipa-client-automount | 1 + install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 +- install/migration/migration.py | 3 ++- install/oddjob/com.redhat.idm.trust-fetch-domains | 4 +++- install/restart_scripts/renew_ca_cert | 2 +- install/restart_scripts/restart_dirsrv | 3 ++- install/restart_scripts/stop_pkicad | 3 ++- install/share/copy-schema-to-ca.py | 3 ++- install/share/wsgi.py | 6 -- install/tools/ipa-httpd-kdcproxy| 3 ++- install/tools/ipa-replica-conncheck | 4 +++- install/tools/ipactl| 5 - ipaclient/install/client.py | 1 + ipaclient/ipa_certupdate.py | 2 +- ipaserver/install/ipa_backup.py | 2 +- ipaserver/install/ipa_ldap_updater.py | 2 +- ipaserver/install/ipa_restore.py| 1 + ipaserver/install/ipa_server_upgrade.py | 2 +- ipaserver/install/ipa_winsync_migrate.py| 3 ++- ipaserver/install/ldapupdate.py | 4 +++- ipaserver/install/server/install.py | 2 ++ ipaserver/install/server/replicainstall.py | 19 +-- 22 files changed, 53 insertions(+), 24 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 53c0537..93b1eaf 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -383,6 +383,7 @@ def main(): cfg = dict( context='cli_installer', +confdir=paths.ETC_IPA, in_server=False, debug=options.debug, verbose=0, diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 7389a5e..2e137ad 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -494,7 +494,7 @@ def main(): 'ipaCACertRenewal': renew_ca_cert, } -api.bootstrap(in_server=True, context='renew') +api.bootstrap(in_server=True, context='renew', confdir=paths.ETC_IPA) api.finalize() api.Backend.ldap2.connect() diff --git a/install/migration/migration.py b/install/migration/migration.py index 4743279..73e4777 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -24,6 +24,7 @@ import errno from wsgiref.util import request_uri +from ipaplatform.paths import paths from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN from ipapython import ipaldap @@ -72,7 +73,7 @@ def application(environ, start_response): # API object only for configuration, finalize() not needed api = create_api(mode=None) -api.bootstrap(context='server', in_server=True) +api.bootstrap(context='server', confdir=paths.ETC_IPA, in_server=True) try: bind(api.env.ldap_uri, api.env.basedn, form_data['username'].value, form_data['password'].value) diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains index b663daa..073e254 100755 --- a/install/oddjob/com.redhat.idm.trust-fetch-domains +++ b/install/oddjob/com.redhat.idm.trust-fetch-domains @@ -9,6 +9,7 @@ from ipalib.config import Env from ipalib.constants import DEFAULT_CONFIG from ipapython.ipautil import kinit_keytab from ipaplatform.constants import constants +from ipaplatform.paths import paths import sys import os import pwd @@ -94,7 +95,8 @@ env._bootstrap(debug=options.debug, log=None) env._finalize_core(**dict(DEFAULT_CONFIG)) # Initialize the API with the proper debug level -api.bootstrap(in_server=True, debug=env.debug, log=None, context='server') +api.bootstrap(in_server=True, debug=env.debug, log=None, +
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From f47356a8a14cfec8454d52fff71a21e4d8ad2ff3 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir The environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Some contexts like server, installer and upgrades do not support the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 install/tools/ipa-httpd-kdcproxy | 2 +- install/tools/ipa-replica-conncheck | 2 +- ipalib/config.py | 18 +++- ipatests/test_ipalib/test_plugable.py | 40 +-- ipatests/util.py | 6 ++ 6 files changed, 67 insertions(+), 5 deletions(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index cc5641b..f35f557 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -190,6 +190,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy index 329565c..34cdd88 100755 --- a/install/tools/ipa-httpd-kdcproxy +++ b/install/tools/ipa-httpd-kdcproxy @@ -184,7 +184,7 @@ class KDCProxyConfig(object): def main(debug=DEBUG, time_limit=TIME_LIMIT): # initialize API without file logging if not api.isdone('bootstrap'): -api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug) +api.bootstrap(context='server', log=None, debug=debug) standard_logging_setup(verbose=True, debug=debug) try: diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 4045e41..fbe2dd5 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -478,7 +478,7 @@ def main(): else: nss_dir = None -api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, +api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri, nss_dir=nss_db.secdir) api.finalize() try: diff --git a/ipalib/config.py b/ipalib/config.py index 1075d62..9eeb763 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -43,6 +43,7 @@ from ipalib.base import check_name from ipalib.constants import CONFIG_SECTION from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR +from ipapython.admintool import ScriptError if six.PY3: unicode = str @@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance __locked = False +# Reserved contexts do not support IPA_CONFDIR env var +_reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl', + 'renew', 'restore', 'server', 'updates'} + def __init__(self, **initialize): object.__setattr__(self, '_Env__d', {}) object.__setattr__(self, '_Env__done', set()) @@ -461,7 +466,18 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +if ipa_confdir is not None: +if self.context in self._reserved_contexts: +raise ScriptError( +'IPA_CONFDIR env var is not allowed for context ' +'"{}".'.format(self.context)) +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise ScriptError( +'IPA_CONFDIR env var must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') diff --git a/ipatests/test_ipalib/test_plugable.py b/ipatests/test_ipalib/test_plugable.py index 1ee1102..ff22446 100644 --- a/ipatests/test_ipalib/test_plugable.py +++ b/ipatests/test_ipalib/test_plugable.py @@ -24,9 +24,13 @@ # FIXME: Pylint errors # pylint:
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 75095517c0312eaf5d25fead3eb4cdb6af2e4ab0 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir The environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Some contexts like server, installer and upgrades do not support the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1| 4 install/tools/ipa-httpd-kdcproxy| 2 +- install/tools/ipa-replica-conncheck | 2 +- ipalib/config.py| 18 +- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy index 329565c..34cdd88 100755 --- a/install/tools/ipa-httpd-kdcproxy +++ b/install/tools/ipa-httpd-kdcproxy @@ -184,7 +184,7 @@ class KDCProxyConfig(object): def main(debug=DEBUG, time_limit=TIME_LIMIT): # initialize API without file logging if not api.isdone('bootstrap'): -api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug) +api.bootstrap(context='server', log=None, debug=debug) standard_logging_setup(verbose=True, debug=debug) try: diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 4045e41..fbe2dd5 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -478,7 +478,7 @@ def main(): else: nss_dir = None -api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, +api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri, nss_dir=nss_db.secdir) api.finalize() try: diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..46da186 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -43,6 +43,7 @@ from ipalib.base import check_name from ipalib.constants import CONFIG_SECTION from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR +from ipapython.admintool import ScriptError if six.PY3: unicode = str @@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance __locked = False +# Reserved contexts do not support IPA_CONFDIR env var +_reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl', + 'renew', 'restore', 'server', 'updates'} + def __init__(self, **initialize): object.__setattr__(self, '_Env__d', {}) object.__setattr__(self, '_Env__done', set()) @@ -461,7 +466,18 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +if ipa_confdir is not None: +if self.context in self._reserved_contexts: +raise ScriptError( +'IPA_CONFDIR env var is not allowed for context ' +'"{}".'.format(self.context)) +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise ScriptError( +'IPA_CONFDIR env var must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 43e044878708e7619bd289a264edac755c180e50 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir The environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Some contexts like server, installer and upgrades do not support the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1| 4 install/tools/ipa-httpd-kdcproxy| 2 +- install/tools/ipa-replica-conncheck | 2 +- ipalib/config.py| 18 +- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy index 20674c2..20daacd 100755 --- a/install/tools/ipa-httpd-kdcproxy +++ b/install/tools/ipa-httpd-kdcproxy @@ -184,7 +184,7 @@ class KDCProxyConfig(object): def main(debug=DEBUG, time_limit=TIME_LIMIT): # initialize API without file logging if not api.isdone('bootstrap'): -api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug) +api.bootstrap(context='server', log=None, debug=debug) standard_logging_setup(verbose=True, debug=debug) try: diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 4045e41..fbe2dd5 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -478,7 +478,7 @@ def main(): else: nss_dir = None -api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, +api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri, nss_dir=nss_db.secdir) api.finalize() try: diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..46da186 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -43,6 +43,7 @@ from ipalib.base import check_name from ipalib.constants import CONFIG_SECTION from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR +from ipapython.admintool import ScriptError if six.PY3: unicode = str @@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance __locked = False +# Reserved contexts do not support IPA_CONFDIR env var +_reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl', + 'renew', 'restore', 'server', 'updates'} + def __init__(self, **initialize): object.__setattr__(self, '_Env__d', {}) object.__setattr__(self, '_Env__done', set()) @@ -461,7 +466,18 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +if ipa_confdir is not None: +if self.context in self._reserved_contexts: +raise ScriptError( +'IPA_CONFDIR env var is not allowed for context ' +'"{}".'.format(self.context)) +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise ScriptError( +'IPA_CONFDIR env var must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 8ffcd720d01bc7394a3de7ce7d8c7d6e00fb35e8 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir The environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Some contexts like server, installer and upgrades do not support the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1| 4 install/tools/ipa-httpd-kdcproxy| 2 +- install/tools/ipa-replica-conncheck | 2 +- ipalib/config.py| 18 +- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy index 20674c2..20daacd 100755 --- a/install/tools/ipa-httpd-kdcproxy +++ b/install/tools/ipa-httpd-kdcproxy @@ -184,7 +184,7 @@ class KDCProxyConfig(object): def main(debug=DEBUG, time_limit=TIME_LIMIT): # initialize API without file logging if not api.isdone('bootstrap'): -api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug) +api.bootstrap(context='server', log=None, debug=debug) standard_logging_setup(verbose=True, debug=debug) try: diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 4045e41..fbe2dd5 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -478,7 +478,7 @@ def main(): else: nss_dir = None -api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri, +api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri, nss_dir=nss_db.secdir) api.finalize() try: diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..7b32056 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -43,6 +43,7 @@ from ipalib.base import check_name from ipalib.constants import CONFIG_SECTION from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR +from ipapython.admintool import ScriptError if six.PY3: unicode = str @@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance __locked = False +# reserved contexts do not support IPA_CONFDIR env var +_reserved_contexts = {'backup', 'installer', 'ipactl', 'renew', + 'restore', 'server', 'updates'} + def __init__(self, **initialize): object.__setattr__(self, '_Env__d', {}) object.__setattr__(self, '_Env__done', set()) @@ -461,7 +466,18 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +if ipa_confdir is not None: +if self.context in self._reserved_contexts: +raise ScriptError( +'IPA_CONFDIR env var is not allowed for context ' +'"{}".'.format(self.context)) +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise ScriptError( +'IPA_CONFDIR env var must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 3047e5472166e5aee8ec283188da32a46aefdbe9 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts For 'cli' and 'cli_installer' contexts, the environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Server and server installer contexts do not use the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 ipalib/config.py | 11 ++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..77c28a6 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -43,6 +43,7 @@ from ipalib.base import check_name from ipalib.constants import CONFIG_SECTION from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR +from ipapython.admintool import ScriptError if six.PY3: unicode = str @@ -461,7 +462,15 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +env_contexts = {'cli', 'cli_installer'} +if ipa_confdir is not None and self.context in env_contexts: +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise ScriptError( +'IPA_CONFDIR must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From efa099f727898172f4addd7cfd89666d56c9988f Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts For 'cli' and 'cli_installer' contexts, the environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Server and server installer contexts do not use the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 ipalib/config.py | 10 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..3b1eaeb 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -461,7 +461,15 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +env_contexts = {'cli', 'cli_installer'} +if ipa_confdir is not None and self.context in env_contexts: +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise AttributeError( +'IPA_CONFDIR must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 703a8e7c36cc0d9c4005681436a5cdba7d0bff47 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts For 'cli' and 'cli_installer' contexts, the environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Server and server installer contexts do not use the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 ipalib/config.py | 10 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..b55a524 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -461,7 +461,15 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +env_contexts = {'cli', 'cli_installer'} +if ipa_confdir is not None and self.context in env_contests: +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise AttributeError( +'IPA_CONFDIR must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code