subject:"\[Freeipa\-devel\] \[freeipa PR#182\]\[synchronized\] Use env var IPA_CONFDIR to get confdir for 'cli' context"

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-12-02 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 5a213f334d14bba8ad06240a37d843555db6dc2b Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir

The environment variable IPA_CONFDIR overrides the default confdir path.
The value of the environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Some scripts (e.g. servers, installers, and upgrades) set the confdir
explicitly and do not support the env var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1  |  4 
 ipalib/config.py  | 12 ++-
 ipalib/plugable.py|  9 
 ipatests/test_ipalib/test_plugable.py | 40 +--
 ipatests/util.py  |  6 ++
 5 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index cc5641b..f35f557 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -190,6 +190,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/ipalib/config.py b/ipalib/config.py
index 1075d62..9d87782 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
 from ipalib.base import check_name
 from ipalib.constants import CONFIG_SECTION
 from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
 
 if six.PY3:
 unicode = str
@@ -460,8 +461,17 @@ def _bootstrap(self, **overrides):
 self.context = 'default'
 
 # Set confdir:
+self.env_confdir = os.environ.get('IPA_CONFDIR')
 if 'confdir' not in self:
-if self.in_tree:
+if self.env_confdir is not None:
+if (not path.isabs(self.env_confdir)
+or not path.isdir(self.env_confdir)):
+raise ScriptError(
+"IPA_CONFDIR env var must be an absolute path to an "
+"existing directory, got '{}'.".format(
+self.env_confdir))
+self.confdir = self.env_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
diff --git a/ipalib/plugable.py b/ipalib/plugable.py
index 503534f..142b3e6 100644
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -713,6 +713,15 @@ def finalize(self):
 self.__doing('finalize')
 self.__do_if_not_done('load_plugins')
 
+if self.env.env_confdir is not None:
+if self.env.env_confdir == self.env.confdir:
+self.log.info(
+"IPA_CONFDIR env sets confdir to '%s'.", self.env.confdir)
+else:
+self.log.warn(
+"IPA_CONFDIR env is overridden by an explicit confdir "
+"argument.")
+
 for plugin in self.__plugins:
 if not self.env.validate_api:
 if plugin.full_name not in DEFAULT_PLUGINS:
diff --git a/ipatests/test_ipalib/test_plugable.py b/ipatests/test_ipalib/test_plugable.py
index 1ee1102..ff22446 100644
--- a/ipatests/test_ipalib/test_plugable.py
+++ b/ipatests/test_ipalib/test_plugable.py
@@ -24,9 +24,13 @@
 # FIXME: Pylint errors
 # pylint: disable=no-member
 
+import os
+import textwrap
+
+from ipalib import plugable, errors, create_api
+from ipapython.admintool import ScriptError
 from ipatests.util import raises, read_only
-from ipatests.util import ClassChecker, create_test_api
-from ipalib import plugable, errors
+from ipatests.util import ClassChecker, create_test_api, TempHome
 
 import pytest
 
@@ -272,3 +276,35 @@ def test_load_plugins(self):
 assert o.isdone('load_plugins') is True
 e = raises(Exception, o.load_plugins)
 assert str(e) == 'API.load_plugins() already called'
+
+def test_ipaconf_env(self):
+ipa_confdir = os.environ.get('IPA_CONFDIR', None)
+try:
+with TempHome() as home:
+defaultconf = home.join('default.conf')
+with open(defaultconf, 'w') as f:
+f.write(textwrap.dedent("""
+[global]
+

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-30 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 3805dfba1dc222f3cd6cc6299bfe97c70e3e8bae Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 28 Nov 2016 16:24:33 +0100
Subject: [PATCH 1/2] Set explicit confdir option for global contexts

Some API contexts are used to modify global state (e.g. files in /etc
and /var). These contexts do not support confdir overrides. Initialize
the API with an explicit confdir argument to paths.ETC_IPA.

The special contexts are:

* backup
* cli_installer
* installer
* ipctl
* renew
* restore
* server
* updates

The patch also corrects the context of the ipa-httpd-kdcproxy script to
'server'.

https://fedorahosted.org/freeipa/ticket/6389

Signed-off-by: Christian Heimes 
---
 client/ipa-client-automount |  1 +
 install/certmonger/dogtag-ipa-ca-renew-agent-submit |  2 +-
 install/migration/migration.py  |  3 ++-
 install/oddjob/com.redhat.idm.trust-fetch-domains   |  4 +++-
 install/restart_scripts/renew_ca_cert   |  2 +-
 install/restart_scripts/restart_dirsrv  |  3 ++-
 install/restart_scripts/stop_pkicad |  3 ++-
 install/share/copy-schema-to-ca.py  |  2 +-
 install/share/wsgi.py   |  6 --
 install/tools/ipa-httpd-kdcproxy|  3 ++-
 install/tools/ipa-replica-conncheck |  4 +++-
 install/tools/ipactl|  5 -
 ipaclient/install/client.py |  1 +
 ipaclient/install/ipa_certupdate.py |  2 +-
 ipaserver/install/ipa_backup.py |  2 +-
 ipaserver/install/ipa_ldap_updater.py   |  2 +-
 ipaserver/install/ipa_restore.py|  1 +
 ipaserver/install/ipa_server_upgrade.py |  2 +-
 ipaserver/install/ipa_winsync_migrate.py|  3 ++-
 ipaserver/install/ldapupdate.py |  4 +++-
 ipaserver/install/server/install.py |  2 ++
 ipaserver/install/server/replicainstall.py  | 19 +--
 22 files changed, 52 insertions(+), 24 deletions(-)

diff --git a/client/ipa-client-automount b/client/ipa-client-automount
index 0dd15b3..18914bd 100755
--- a/client/ipa-client-automount
+++ b/client/ipa-client-automount
@@ -384,6 +384,7 @@ def main():
 
 cfg = dict(
 context='cli_installer',
+confdir=paths.ETC_IPA,
 in_server=False,
 debug=options.debug,
 verbose=0,
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 7389a5e..2e137ad 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -494,7 +494,7 @@ def main():
 'ipaCACertRenewal': renew_ca_cert,
 }
 
-api.bootstrap(in_server=True, context='renew')
+api.bootstrap(in_server=True, context='renew', confdir=paths.ETC_IPA)
 api.finalize()
 api.Backend.ldap2.connect()
 
diff --git a/install/migration/migration.py b/install/migration/migration.py
index 4743279..73e4777 100644
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -24,6 +24,7 @@
 import errno
 from wsgiref.util import request_uri
 
+from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
 from ipapython import ipaldap
@@ -72,7 +73,7 @@ def application(environ, start_response):
 
 # API object only for configuration, finalize() not needed
 api = create_api(mode=None)
-api.bootstrap(context='server', in_server=True)
+api.bootstrap(context='server', confdir=paths.ETC_IPA, in_server=True)
 try:
 bind(api.env.ldap_uri, api.env.basedn,
  form_data['username'].value, form_data['password'].value)
diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains
index a0d8a31..e5c2e8c 100755
--- a/install/oddjob/com.redhat.idm.trust-fetch-domains
+++ b/install/oddjob/com.redhat.idm.trust-fetch-domains
@@ -8,6 +8,7 @@ from ipapython.dn import DN
 from ipalib.config import Env
 from ipalib.constants import DEFAULT_CONFIG
 from ipaplatform.constants import constants
+from ipaplatform.paths import paths
 import sys
 import os
 import pwd
@@ -95,7 +96,8 @@ env._bootstrap(debug=options.debug, log=None)
 env._finalize_core(**dict(DEFAULT_CONFIG))
 
 # Initialize the API with the proper debug level
-api.bootstrap(in_server=True, debug=env.debug, log=None, context='server')
+api.bootstrap(in_server=True, debug=env.debug, log=None,
+  context='server',

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-28 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 686ade0be3bffd8bda3795728163d5d27df0b9ad Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 28 Nov 2016 16:24:33 +0100
Subject: [PATCH 1/2] Set explicit confdir option for global contexts

Some API contexts are used to modify global state (e.g. files in /etc
and /var). These contexts do not support confdir overrides. Initialize
the API with an explicit confdir argument to paths.ETC_IPA.

The special contexts are:

* backup
* cli_installer
* installer
* ipctl
* renew
* restore
* server
* updates

The patch also corrects the context of the ipa-httpd-kdcproxy script to
'server'.

https://fedorahosted.org/freeipa/ticket/6389

Signed-off-by: Christian Heimes 
---
 client/ipa-client-automount |  1 +
 install/certmonger/dogtag-ipa-ca-renew-agent-submit |  2 +-
 install/migration/migration.py  |  3 ++-
 install/oddjob/com.redhat.idm.trust-fetch-domains   |  4 +++-
 install/restart_scripts/renew_ca_cert   |  2 +-
 install/restart_scripts/restart_dirsrv  |  3 ++-
 install/restart_scripts/stop_pkicad |  3 ++-
 install/share/copy-schema-to-ca.py  |  3 ++-
 install/share/wsgi.py   |  6 --
 install/tools/ipa-httpd-kdcproxy|  3 ++-
 install/tools/ipa-replica-conncheck |  4 +++-
 install/tools/ipactl|  5 -
 ipaclient/install/client.py |  1 +
 ipaclient/ipa_certupdate.py |  2 +-
 ipaserver/install/ipa_backup.py |  2 +-
 ipaserver/install/ipa_ldap_updater.py   |  2 +-
 ipaserver/install/ipa_restore.py|  1 +
 ipaserver/install/ipa_server_upgrade.py |  2 +-
 ipaserver/install/ipa_winsync_migrate.py|  3 ++-
 ipaserver/install/ldapupdate.py |  4 +++-
 ipaserver/install/server/install.py |  2 ++
 ipaserver/install/server/replicainstall.py  | 19 +--
 22 files changed, 53 insertions(+), 24 deletions(-)

diff --git a/client/ipa-client-automount b/client/ipa-client-automount
index 53c0537..93b1eaf 100755
--- a/client/ipa-client-automount
+++ b/client/ipa-client-automount
@@ -383,6 +383,7 @@ def main():
 
 cfg = dict(
 context='cli_installer',
+confdir=paths.ETC_IPA,
 in_server=False,
 debug=options.debug,
 verbose=0,
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 7389a5e..2e137ad 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -494,7 +494,7 @@ def main():
 'ipaCACertRenewal': renew_ca_cert,
 }
 
-api.bootstrap(in_server=True, context='renew')
+api.bootstrap(in_server=True, context='renew', confdir=paths.ETC_IPA)
 api.finalize()
 api.Backend.ldap2.connect()
 
diff --git a/install/migration/migration.py b/install/migration/migration.py
index 4743279..73e4777 100644
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -24,6 +24,7 @@
 import errno
 from wsgiref.util import request_uri
 
+from ipaplatform.paths import paths
 from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
 from ipapython import ipaldap
@@ -72,7 +73,7 @@ def application(environ, start_response):
 
 # API object only for configuration, finalize() not needed
 api = create_api(mode=None)
-api.bootstrap(context='server', in_server=True)
+api.bootstrap(context='server', confdir=paths.ETC_IPA, in_server=True)
 try:
 bind(api.env.ldap_uri, api.env.basedn,
  form_data['username'].value, form_data['password'].value)
diff --git a/install/oddjob/com.redhat.idm.trust-fetch-domains b/install/oddjob/com.redhat.idm.trust-fetch-domains
index b663daa..073e254 100755
--- a/install/oddjob/com.redhat.idm.trust-fetch-domains
+++ b/install/oddjob/com.redhat.idm.trust-fetch-domains
@@ -9,6 +9,7 @@ from ipalib.config import Env
 from ipalib.constants import DEFAULT_CONFIG
 from ipapython.ipautil import kinit_keytab
 from ipaplatform.constants import constants
+from ipaplatform.paths import paths
 import sys
 import os
 import pwd
@@ -94,7 +95,8 @@ env._bootstrap(debug=options.debug, log=None)
 env._finalize_core(**dict(DEFAULT_CONFIG))
 
 # Initialize the API with the proper debug level
-api.bootstrap(in_server=True, debug=env.debug, log=None, context='server')
+api.bootstrap(in_server=True, debug=env.debug, log=None,
+

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-18 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From f47356a8a14cfec8454d52fff71a21e4d8ad2ff3 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir

The environment variable IPA_CONFDIR overrides the default confdir path.
The value of the environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Some contexts like server, installer and upgrades do not support the env
var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1  |  4 
 install/tools/ipa-httpd-kdcproxy  |  2 +-
 install/tools/ipa-replica-conncheck   |  2 +-
 ipalib/config.py  | 18 +++-
 ipatests/test_ipalib/test_plugable.py | 40 +--
 ipatests/util.py  |  6 ++
 6 files changed, 67 insertions(+), 5 deletions(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index cc5641b..f35f557 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -190,6 +190,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 329565c..34cdd88 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -184,7 +184,7 @@ class KDCProxyConfig(object):
 def main(debug=DEBUG, time_limit=TIME_LIMIT):
 # initialize API without file logging
 if not api.isdone('bootstrap'):
-api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug)
+api.bootstrap(context='server', log=None, debug=debug)
 standard_logging_setup(verbose=True, debug=debug)
 
 try:
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 4045e41..fbe2dd5 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -478,7 +478,7 @@ def main():
 else:
 nss_dir = None
 
-api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri,
   nss_dir=nss_db.secdir)
 api.finalize()
 try:
diff --git a/ipalib/config.py b/ipalib/config.py
index 1075d62..9eeb763 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
 from ipalib.base import check_name
 from ipalib.constants import CONFIG_SECTION
 from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
 
 if six.PY3:
 unicode = str
@@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance
 
 __locked = False
 
+# Reserved contexts do not support IPA_CONFDIR env var
+_reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl',
+  'renew', 'restore', 'server', 'updates'}
+
 def __init__(self, **initialize):
 object.__setattr__(self, '_Env__d', {})
 object.__setattr__(self, '_Env__done', set())
@@ -461,7 +466,18 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+if ipa_confdir is not None:
+if self.context in self._reserved_contexts:
+raise ScriptError(
+'IPA_CONFDIR env var is not allowed for context '
+'"{}".'.format(self.context))
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise ScriptError(
+'IPA_CONFDIR env var must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
diff --git a/ipatests/test_ipalib/test_plugable.py b/ipatests/test_ipalib/test_plugable.py
index 1ee1102..ff22446 100644
--- a/ipatests/test_ipalib/test_plugable.py
+++ b/ipatests/test_ipalib/test_plugable.py
@@ -24,9 +24,13 @@
 # FIXME: Pylint errors
 # pylint:

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-16 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 75095517c0312eaf5d25fead3eb4cdb6af2e4ab0 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir

The environment variable IPA_CONFDIR overrides the default confdir path.
The value of the environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Some contexts like server, installer and upgrades do not support the env
var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1|  4 
 install/tools/ipa-httpd-kdcproxy|  2 +-
 install/tools/ipa-replica-conncheck |  2 +-
 ipalib/config.py| 18 +-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 329565c..34cdd88 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -184,7 +184,7 @@ class KDCProxyConfig(object):
 def main(debug=DEBUG, time_limit=TIME_LIMIT):
 # initialize API without file logging
 if not api.isdone('bootstrap'):
-api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug)
+api.bootstrap(context='server', log=None, debug=debug)
 standard_logging_setup(verbose=True, debug=debug)
 
 try:
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 4045e41..fbe2dd5 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -478,7 +478,7 @@ def main():
 else:
 nss_dir = None
 
-api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri,
   nss_dir=nss_db.secdir)
 api.finalize()
 try:
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..46da186 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
 from ipalib.base import check_name
 from ipalib.constants import CONFIG_SECTION
 from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
 
 if six.PY3:
 unicode = str
@@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance
 
 __locked = False
 
+# Reserved contexts do not support IPA_CONFDIR env var
+_reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl',
+  'renew', 'restore', 'server', 'updates'}
+
 def __init__(self, **initialize):
 object.__setattr__(self, '_Env__d', {})
 object.__setattr__(self, '_Env__done', set())
@@ -461,7 +466,18 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+if ipa_confdir is not None:
+if self.context in self._reserved_contexts:
+raise ScriptError(
+'IPA_CONFDIR env var is not allowed for context '
+'"{}".'.format(self.context))
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise ScriptError(
+'IPA_CONFDIR env var must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-10 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 43e044878708e7619bd289a264edac755c180e50 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir

The environment variable IPA_CONFDIR overrides the default confdir path.
The value of the environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Some contexts like server, installer and upgrades do not support the env
var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1|  4 
 install/tools/ipa-httpd-kdcproxy|  2 +-
 install/tools/ipa-replica-conncheck |  2 +-
 ipalib/config.py| 18 +-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 20674c2..20daacd 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -184,7 +184,7 @@ class KDCProxyConfig(object):
 def main(debug=DEBUG, time_limit=TIME_LIMIT):
 # initialize API without file logging
 if not api.isdone('bootstrap'):
-api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug)
+api.bootstrap(context='server', log=None, debug=debug)
 standard_logging_setup(verbose=True, debug=debug)
 
 try:
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 4045e41..fbe2dd5 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -478,7 +478,7 @@ def main():
 else:
 nss_dir = None
 
-api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri,
   nss_dir=nss_db.secdir)
 api.finalize()
 try:
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..46da186 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
 from ipalib.base import check_name
 from ipalib.constants import CONFIG_SECTION
 from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
 
 if six.PY3:
 unicode = str
@@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance
 
 __locked = False
 
+# Reserved contexts do not support IPA_CONFDIR env var
+_reserved_contexts = {'backup', 'cli_installer', 'installer', 'ipactl',
+  'renew', 'restore', 'server', 'updates'}
+
 def __init__(self, **initialize):
 object.__setattr__(self, '_Env__d', {})
 object.__setattr__(self, '_Env__done', set())
@@ -461,7 +466,18 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+if ipa_confdir is not None:
+if self.context in self._reserved_contexts:
+raise ScriptError(
+'IPA_CONFDIR env var is not allowed for context '
+'"{}".'.format(self.context))
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise ScriptError(
+'IPA_CONFDIR env var must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-10 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 8ffcd720d01bc7394a3de7ce7d8c7d6e00fb35e8 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir

The environment variable IPA_CONFDIR overrides the default confdir path.
The value of the environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Some contexts like server, installer and upgrades do not support the env
var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1|  4 
 install/tools/ipa-httpd-kdcproxy|  2 +-
 install/tools/ipa-replica-conncheck |  2 +-
 ipalib/config.py| 18 +-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 20674c2..20daacd 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -184,7 +184,7 @@ class KDCProxyConfig(object):
 def main(debug=DEBUG, time_limit=TIME_LIMIT):
 # initialize API without file logging
 if not api.isdone('bootstrap'):
-api.bootstrap(context='ipa-httpd-kdcproxy', log=None, debug=debug)
+api.bootstrap(context='server', log=None, debug=debug)
 standard_logging_setup(verbose=True, debug=debug)
 
 try:
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 4045e41..fbe2dd5 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -478,7 +478,7 @@ def main():
 else:
 nss_dir = None
 
-api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
+api.bootstrap(context='installer', xmlrpc_uri=xmlrpc_uri,
   nss_dir=nss_db.secdir)
 api.finalize()
 try:
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..7b32056 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
 from ipalib.base import check_name
 from ipalib.constants import CONFIG_SECTION
 from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
 
 if six.PY3:
 unicode = str
@@ -200,6 +201,10 @@ class provides high-level methods for bootstraping a fresh `Env` instance
 
 __locked = False
 
+# reserved contexts do not support IPA_CONFDIR env var
+_reserved_contexts = {'backup', 'installer', 'ipactl', 'renew',
+  'restore', 'server', 'updates'}
+
 def __init__(self, **initialize):
 object.__setattr__(self, '_Env__d', {})
 object.__setattr__(self, '_Env__done', set())
@@ -461,7 +466,18 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+if ipa_confdir is not None:
+if self.context in self._reserved_contexts:
+raise ScriptError(
+'IPA_CONFDIR env var is not allowed for context '
+'"{}".'.format(self.context))
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise ScriptError(
+'IPA_CONFDIR env var must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-11-09 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 3047e5472166e5aee8ec283188da32a46aefdbe9 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts

For 'cli' and 'cli_installer' contexts, the environment variable
IPA_CONFDIR overrides the default confdir path. The value of the
environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Server and server installer contexts do not use the env var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1 |  4 
 ipalib/config.py | 11 ++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..77c28a6 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -43,6 +43,7 @@
 from ipalib.base import check_name
 from ipalib.constants import CONFIG_SECTION
 from ipalib.constants import OVERRIDE_ERROR, SET_ERROR, DEL_ERROR
+from ipapython.admintool import ScriptError
 
 if six.PY3:
 unicode = str
@@ -461,7 +462,15 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+env_contexts = {'cli', 'cli_installer'}
+if ipa_confdir is not None and self.context in env_contexts:
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise ScriptError(
+'IPA_CONFDIR must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-10-25 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From efa099f727898172f4addd7cfd89666d56c9988f Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts

For 'cli' and 'cli_installer' contexts, the environment variable
IPA_CONFDIR overrides the default confdir path. The value of the
environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Server and server installer contexts do not use the env var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1 |  4 
 ipalib/config.py | 10 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..3b1eaeb 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -461,7 +461,15 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+env_contexts = {'cli', 'cli_installer'}
+if ipa_confdir is not None and self.context in env_contexts:
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise AttributeError(
+'IPA_CONFDIR must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

2016-10-25 Thread tiran

   URL: https://github.com/freeipa/freeipa/pull/182
Author: tiran
 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/182/head:pr182
git checkout pr182
From 703a8e7c36cc0d9c4005681436a5cdba7d0bff47 Mon Sep 17 00:00:00 2001
From: Christian Heimes 
Date: Mon, 24 Oct 2016 10:35:41 +0200
Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts

For 'cli' and 'cli_installer' contexts, the environment variable
IPA_CONFDIR overrides the default confdir path. The value of the
environment variable must be an absolute path to an existing
directory. The new variable makes it much simpler to use the 'ipa'
command and ipalib with a local configuration directory.

Server and server installer contexts do not use the env var.

Signed-off-by: Christian Heimes 
---
 client/man/ipa.1 |  4 
 ipalib/config.py | 10 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/client/man/ipa.1 b/client/man/ipa.1
index 9194ca0..b843e7b 100644
--- a/client/man/ipa.1
+++ b/client/man/ipa.1
@@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order:
 
 .TP
 If a kerberos error is raised by any of the requests then it will stop processing and display the error message.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBIPA_CONFDIR\fR
+Override path to confdir (default: \fB/etc/ipa\fR).
 .SH "FILES"
 .TP
 \fB/etc/ipa/default.conf\fR
diff --git a/ipalib/config.py b/ipalib/config.py
index cf9e925..b55a524 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -461,7 +461,15 @@ def _bootstrap(self, **overrides):
 
 # Set confdir:
 if 'confdir' not in self:
-if self.in_tree:
+ipa_confdir = os.environ.get('IPA_CONFDIR')
+env_contexts = {'cli', 'cli_installer'}
+if ipa_confdir is not None and self.context in env_contests:
+if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir):
+raise AttributeError(
+'IPA_CONFDIR must be an absolute path to an '
+'existing directory.')
+self.confdir = ipa_confdir
+elif self.in_tree:
 self.confdir = self.dot_ipa
 else:
 self.confdir = path.join('/', 'etc', 'ipa')
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context

10 matches

Site Navigation

Mail list logo

Footer information