|
|
483b06 |
From fd6873ad33493b5f395a92f03d54cd184b90d2a2 Mon Sep 17 00:00:00 2001
|
|
|
483b06 |
From: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
483b06 |
Date: Tue, 25 Apr 2017 18:55:59 +0200
|
|
|
483b06 |
Subject: [PATCH] separate function to set ipaConfigString values on service
|
|
|
483b06 |
entry
|
|
|
483b06 |
|
|
|
483b06 |
There is some code duplication regarding setting ipaConfigString values
|
|
|
483b06 |
when:
|
|
|
483b06 |
* LDAP-enabling a service entry
|
|
|
483b06 |
* advertising enabled KDCProxy in LDAP
|
|
|
483b06 |
|
|
|
483b06 |
We can delegate the common work to a single re-usable function and thus
|
|
|
483b06 |
expose it to future use-cases (like PKINIT advertising).
|
|
|
483b06 |
|
|
|
483b06 |
https://pagure.io/freeipa/issue/6830
|
|
|
483b06 |
|
|
|
483b06 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
483b06 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
483b06 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
483b06 |
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
|
|
483b06 |
---
|
|
|
483b06 |
ipaserver/install/httpinstance.py | 43 +-----------
|
|
|
483b06 |
ipaserver/install/service.py | 135 ++++++++++++++++++++++++++------------
|
|
|
483b06 |
2 files changed, 94 insertions(+), 84 deletions(-)
|
|
|
483b06 |
|
|
|
483b06 |
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
|
|
|
483b06 |
index aeb5c5e450813469e1b6cd374b30cd4aab338537..f0a477e0bf16b03ed8b937279dad88e6e2b3aab6 100644
|
|
|
483b06 |
--- a/ipaserver/install/httpinstance.py
|
|
|
483b06 |
+++ b/ipaserver/install/httpinstance.py
|
|
|
483b06 |
@@ -42,7 +42,6 @@ from ipapython.ipa_log_manager import root_logger
|
|
|
483b06 |
import ipapython.errors
|
|
|
483b06 |
from ipaserver.install import sysupgrade
|
|
|
483b06 |
from ipalib import api
|
|
|
483b06 |
-from ipalib import errors
|
|
|
483b06 |
from ipalib.constants import ANON_USER
|
|
|
483b06 |
from ipaplatform.constants import constants
|
|
|
483b06 |
from ipaplatform.tasks import tasks
|
|
|
483b06 |
@@ -451,46 +450,8 @@ class HTTPInstance(service.Service):
|
|
|
483b06 |
|
|
|
483b06 |
def enable_kdcproxy(self):
|
|
|
483b06 |
"""Add ipaConfigString=kdcProxyEnabled to cn=KDC"""
|
|
|
483b06 |
- entry_name = DN(('cn', 'KDC'), ('cn', self.fqdn), ('cn', 'masters'),
|
|
|
483b06 |
- ('cn', 'ipa'), ('cn', 'etc'), self.suffix)
|
|
|
483b06 |
- attr_name = 'kdcProxyEnabled'
|
|
|
483b06 |
-
|
|
|
483b06 |
- try:
|
|
|
483b06 |
- entry = api.Backend.ldap2.get_entry(
|
|
|
483b06 |
- entry_name, ['ipaConfigString'])
|
|
|
483b06 |
- except errors.NotFound:
|
|
|
483b06 |
- pass
|
|
|
483b06 |
- else:
|
|
|
483b06 |
- if any(attr_name.lower() == val.lower()
|
|
|
483b06 |
- for val in entry.get('ipaConfigString', [])):
|
|
|
483b06 |
- root_logger.debug("service KDCPROXY already enabled")
|
|
|
483b06 |
- return
|
|
|
483b06 |
-
|
|
|
483b06 |
- entry.setdefault('ipaConfigString', []).append(attr_name)
|
|
|
483b06 |
- try:
|
|
|
483b06 |
- api.Backend.ldap2.update_entry(entry)
|
|
|
483b06 |
- except errors.EmptyModlist:
|
|
|
483b06 |
- root_logger.debug("service KDCPROXY already enabled")
|
|
|
483b06 |
- return
|
|
|
483b06 |
- except:
|
|
|
483b06 |
- root_logger.debug("failed to enable service KDCPROXY")
|
|
|
483b06 |
- raise
|
|
|
483b06 |
-
|
|
|
483b06 |
- root_logger.debug("service KDCPROXY enabled")
|
|
|
483b06 |
- return
|
|
|
483b06 |
-
|
|
|
483b06 |
- entry = api.Backend.ldap2.make_entry(
|
|
|
483b06 |
- entry_name,
|
|
|
483b06 |
- objectclass=["nsContainer", "ipaConfigObject"],
|
|
|
483b06 |
- cn=['KDC'],
|
|
|
483b06 |
- ipaconfigstring=[attr_name]
|
|
|
483b06 |
- )
|
|
|
483b06 |
-
|
|
|
483b06 |
- try:
|
|
|
483b06 |
- api.Backend.ldap2.add_entry(entry)
|
|
|
483b06 |
- except errors.DuplicateEntry:
|
|
|
483b06 |
- root_logger.debug("failed to add service KDCPROXY entry")
|
|
|
483b06 |
- raise
|
|
|
483b06 |
+ service.set_service_entry_config(
|
|
|
483b06 |
+ 'KDC', self.fqdn, [u'kdcProxyEnabled'], self.suffix)
|
|
|
483b06 |
|
|
|
483b06 |
def create_kdcproxy_conf(self):
|
|
|
483b06 |
"""Create ipa-kdc-proxy.conf in /etc/ipa/kdcproxy"""
|
|
|
483b06 |
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
|
|
|
483b06 |
index 9533a887ca41b8d9f9480ec30b908b213807ca7e..6b5e69ccd08444c591f15eb680b4cbdf5b6f4de1 100644
|
|
|
483b06 |
--- a/ipaserver/install/service.py
|
|
|
483b06 |
+++ b/ipaserver/install/service.py
|
|
|
483b06 |
@@ -136,6 +136,87 @@ def find_providing_server(svcname, conn, host_name=None, api=api):
|
|
|
483b06 |
return None
|
|
|
483b06 |
|
|
|
483b06 |
|
|
|
483b06 |
+def case_insensitive_attr_has_value(attr, value):
|
|
|
483b06 |
+ """
|
|
|
483b06 |
+ Helper function to find value in an attribute having case-insensitive
|
|
|
483b06 |
+ matching rules
|
|
|
483b06 |
+
|
|
|
483b06 |
+ :param attr: attribute values
|
|
|
483b06 |
+ :param value: value to find
|
|
|
483b06 |
+
|
|
|
483b06 |
+ :returns: True if the case-insensitive match succeeds, false otherwise
|
|
|
483b06 |
+
|
|
|
483b06 |
+ """
|
|
|
483b06 |
+ if any(value.lower() == val.lower()
|
|
|
483b06 |
+ for val in attr):
|
|
|
483b06 |
+ return True
|
|
|
483b06 |
+
|
|
|
483b06 |
+ return False
|
|
|
483b06 |
+
|
|
|
483b06 |
+
|
|
|
483b06 |
+def set_service_entry_config(name, fqdn, config_values,
|
|
|
483b06 |
+ ldap_suffix='',
|
|
|
483b06 |
+ post_add_config=()):
|
|
|
483b06 |
+ """
|
|
|
483b06 |
+ Sets the 'ipaConfigString' values on the entry. If the entry is not present
|
|
|
483b06 |
+ already, create a new one with desired 'ipaConfigString'
|
|
|
483b06 |
+
|
|
|
483b06 |
+ :param name: service entry name
|
|
|
483b06 |
+ :param config_values: configuration values to store
|
|
|
483b06 |
+ :param fqdn: master fqdn
|
|
|
483b06 |
+ :param ldap_suffix: LDAP backend suffix
|
|
|
483b06 |
+ :param post_add_config: additional configuration to add when adding a
|
|
|
483b06 |
+ non-existent entry
|
|
|
483b06 |
+ """
|
|
|
483b06 |
+ assert isinstance(ldap_suffix, DN)
|
|
|
483b06 |
+
|
|
|
483b06 |
+ entry_name = DN(
|
|
|
483b06 |
+ ('cn', name), ('cn', fqdn), ('cn', 'masters'),
|
|
|
483b06 |
+ ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
|
|
|
483b06 |
+
|
|
|
483b06 |
+ # enable disabled service
|
|
|
483b06 |
+ try:
|
|
|
483b06 |
+ entry = api.Backend.ldap2.get_entry(
|
|
|
483b06 |
+ entry_name, ['ipaConfigString'])
|
|
|
483b06 |
+ except errors.NotFound:
|
|
|
483b06 |
+ pass
|
|
|
483b06 |
+ else:
|
|
|
483b06 |
+ existing_values = entry.get('ipaConnfigString', [])
|
|
|
483b06 |
+ for value in config_values:
|
|
|
483b06 |
+ if case_insensitive_attr_has_value(existing_values, value):
|
|
|
483b06 |
+ root_logger.debug(
|
|
|
483b06 |
+ "service %s: config string %s already set", name, value)
|
|
|
483b06 |
+
|
|
|
483b06 |
+ entry.setdefault('ipaConfigString', []).append(value)
|
|
|
483b06 |
+
|
|
|
483b06 |
+ try:
|
|
|
483b06 |
+ api.Backend.ldap2.update_entry(entry)
|
|
|
483b06 |
+ except errors.EmptyModlist:
|
|
|
483b06 |
+ root_logger.debug(
|
|
|
483b06 |
+ "service %s has already enabled config values %s", name,
|
|
|
483b06 |
+ config_values)
|
|
|
483b06 |
+ return
|
|
|
483b06 |
+ except:
|
|
|
483b06 |
+ root_logger.debug("failed to set service %s config values", name)
|
|
|
483b06 |
+ raise
|
|
|
483b06 |
+
|
|
|
483b06 |
+ root_logger.debug("service %s has all config values set", name)
|
|
|
483b06 |
+ return
|
|
|
483b06 |
+
|
|
|
483b06 |
+ entry = api.Backend.ldap2.make_entry(
|
|
|
483b06 |
+ entry_name,
|
|
|
483b06 |
+ objectclass=["nsContainer", "ipaConfigObject"],
|
|
|
483b06 |
+ cn=[name],
|
|
|
483b06 |
+ ipaconfigstring=config_values + list(post_add_config),
|
|
|
483b06 |
+ )
|
|
|
483b06 |
+
|
|
|
483b06 |
+ try:
|
|
|
483b06 |
+ api.Backend.ldap2.add_entry(entry)
|
|
|
483b06 |
+ except (errors.DuplicateEntry) as e:
|
|
|
483b06 |
+ root_logger.debug("failed to add service entry %s", name)
|
|
|
483b06 |
+ raise e
|
|
|
483b06 |
+
|
|
|
483b06 |
+
|
|
|
483b06 |
class Service(object):
|
|
|
483b06 |
def __init__(self, service_name, service_desc=None, sstore=None,
|
|
|
483b06 |
fstore=None, api=api, realm_name=None,
|
|
|
483b06 |
@@ -442,51 +523,19 @@ class Service(object):
|
|
|
483b06 |
|
|
|
483b06 |
def ldap_enable(self, name, fqdn, dm_password=None, ldap_suffix='',
|
|
|
483b06 |
config=[]):
|
|
|
483b06 |
- assert isinstance(ldap_suffix, DN)
|
|
|
483b06 |
- self.disable()
|
|
|
483b06 |
+ extra_config_opts = [
|
|
|
483b06 |
+ ' '.join([u'startOrder', unicode(SERVICE_LIST[name][1])])
|
|
|
483b06 |
+ ]
|
|
|
483b06 |
+ extra_config_opts.extend(config)
|
|
|
483b06 |
|
|
|
483b06 |
- entry_name = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
|
|
|
483b06 |
-
|
|
|
483b06 |
- # enable disabled service
|
|
|
483b06 |
- try:
|
|
|
483b06 |
- entry = api.Backend.ldap2.get_entry(
|
|
|
483b06 |
- entry_name, ['ipaConfigString'])
|
|
|
483b06 |
- except errors.NotFound:
|
|
|
483b06 |
- pass
|
|
|
483b06 |
- else:
|
|
|
483b06 |
- if any(u'enabledservice' == val.lower()
|
|
|
483b06 |
- for val in entry.get('ipaConfigString', [])):
|
|
|
483b06 |
- root_logger.debug("service %s startup entry already enabled", name)
|
|
|
483b06 |
- return
|
|
|
483b06 |
-
|
|
|
483b06 |
- entry.setdefault('ipaConfigString', []).append(u'enabledService')
|
|
|
483b06 |
-
|
|
|
483b06 |
- try:
|
|
|
483b06 |
- api.Backend.ldap2.update_entry(entry)
|
|
|
483b06 |
- except errors.EmptyModlist:
|
|
|
483b06 |
- root_logger.debug("service %s startup entry already enabled", name)
|
|
|
483b06 |
- return
|
|
|
483b06 |
- except:
|
|
|
483b06 |
- root_logger.debug("failed to enable service %s startup entry", name)
|
|
|
483b06 |
- raise
|
|
|
483b06 |
-
|
|
|
483b06 |
- root_logger.debug("service %s startup entry enabled", name)
|
|
|
483b06 |
- return
|
|
|
483b06 |
-
|
|
|
483b06 |
- order = SERVICE_LIST[name][1]
|
|
|
483b06 |
- entry = api.Backend.ldap2.make_entry(
|
|
|
483b06 |
- entry_name,
|
|
|
483b06 |
- objectclass=["nsContainer", "ipaConfigObject"],
|
|
|
483b06 |
- cn=[name],
|
|
|
483b06 |
- ipaconfigstring=[
|
|
|
483b06 |
- "enabledService", "startOrder " + str(order)] + config,
|
|
|
483b06 |
- )
|
|
|
483b06 |
+ self.disable()
|
|
|
483b06 |
|
|
|
483b06 |
- try:
|
|
|
483b06 |
- api.Backend.ldap2.add_entry(entry)
|
|
|
483b06 |
- except (errors.DuplicateEntry) as e:
|
|
|
483b06 |
- root_logger.debug("failed to add service %s startup entry", name)
|
|
|
483b06 |
- raise e
|
|
|
483b06 |
+ set_service_entry_config(
|
|
|
483b06 |
+ name,
|
|
|
483b06 |
+ fqdn,
|
|
|
483b06 |
+ [u'enabledService'],
|
|
|
483b06 |
+ ldap_suffix=ldap_suffix,
|
|
|
483b06 |
+ post_add_config=extra_config_opts)
|
|
|
483b06 |
|
|
|
483b06 |
def ldap_disable(self, name, fqdn, ldap_suffix):
|
|
|
483b06 |
assert isinstance(ldap_suffix, DN)
|
|
|
483b06 |
--
|
|
|
483b06 |
2.12.2
|
|
|
483b06 |
|