From 02986ff42b97dceb689abb32cf937da993880ddd Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Jul 30 2020 09:38:25 +0000 Subject: Add ipaplatform for Fedora and RHEL container Container platforms for Fedora and RHEL simplify FreeIPA container effort. Paths are based on patches from https://github.com/freeipa/freeipa-container Fixes: https://pagure.io/freeipa/issue/8401 Signed-off-by: Christian Heimes Reviewed-By: Alexander Bokovoy Reviewed-By: Francois Cami --- diff --git a/install/share/ipaca_default.ini b/install/share/ipaca_default.ini index a512561..e71edac 100644 --- a/install/share/ipaca_default.ini +++ b/install/share/ipaca_default.ini @@ -25,7 +25,6 @@ ipa_ca_pem_file=/etc/ipa/ca.crt # Dogtag defaults pki_instance_name=pki-tomcat -pki_configuration_path=/etc/pki pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 4ede2b3..55999ee 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -114,6 +114,7 @@ class BasePathNamespace: CA_CERTIFICATES_BUNDLE_PEM = None CA_CERTIFICATES_DIR = None NSS_DB_DIR = "/etc/pki/nssdb" + PKI_CONFIGURATION = "/etc/pki" PKI_TOMCAT = "/etc/pki/pki-tomcat" PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias" PKI_TOMCAT_ALIAS_PWDFILE_TXT = "/etc/pki/pki-tomcat/alias/pwdfile.txt" @@ -328,7 +329,7 @@ class BasePathNamespace: "/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg") KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg" KRACERT_P12 = "/root/kracert.p12" - SAMBA_DIR = "/var/lib/samba/" + SAMBA_DIR = "/var/lib/samba" SSSD_DB = "/var/lib/sss/db" SSSD_MC_GROUP = "/var/lib/sss/mc/group" SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd" diff --git a/ipaplatform/fedora_container/__init__.py b/ipaplatform/fedora_container/__init__.py new file mode 100644 index 0000000..62f6488 --- /dev/null +++ b/ipaplatform/fedora_container/__init__.py @@ -0,0 +1,7 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +""" +This module contains Fedora Container specific platform files. +""" +NAME = 'fedora_container' diff --git a/ipaplatform/fedora_container/constants.py b/ipaplatform/fedora_container/constants.py new file mode 100644 index 0000000..21f04c4 --- /dev/null +++ b/ipaplatform/fedora_container/constants.py @@ -0,0 +1,13 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""Fedora container constants +""" +from ipaplatform.fedora.constants import FedoraConstantsNamespace + + +class FedoraContainerConstantsNamespace(FedoraConstantsNamespace): + pass + + +constants = FedoraContainerConstantsNamespace() diff --git a/ipaplatform/fedora_container/paths.py b/ipaplatform/fedora_container/paths.py new file mode 100644 index 0000000..47e7b59 --- /dev/null +++ b/ipaplatform/fedora_container/paths.py @@ -0,0 +1,29 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""Fedora container paths +""" +import os + +from ipaplatform.fedora.paths import FedoraPathNamespace + + +def data(path): + return os.path.join("/data", path[1:]) + + +class FedoraContainerPathNamespace(FedoraPathNamespace): + KRB5_CONF = data(FedoraPathNamespace.KRB5_CONF) + KRB5_KEYTAB = data(FedoraPathNamespace.KRB5_KEYTAB) + NAMED_KEYTAB = data(FedoraPathNamespace.NAMED_KEYTAB) + NAMED_CUSTOM_CONF = data(FedoraPathNamespace.NAMED_CUSTOM_CONF) + NAMED_CUSTOM_OPTIONS_CONF = data( + FedoraPathNamespace.NAMED_CUSTOM_OPTIONS_CONF + ) + NSSWITCH_CONF = data(FedoraPathNamespace.NSSWITCH_CONF) + PKI_CONFIGURATION = data(FedoraPathNamespace.PKI_CONFIGURATION) + SAMBA_DIR = data(FedoraPathNamespace.SAMBA_DIR) + HTTPD_IPA_WSGI_MODULES_CONF = None + + +paths = FedoraContainerPathNamespace() diff --git a/ipaplatform/fedora_container/services.py b/ipaplatform/fedora_container/services.py new file mode 100644 index 0000000..46fda2d --- /dev/null +++ b/ipaplatform/fedora_container/services.py @@ -0,0 +1,27 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""Fedora container services +""" +from ipaplatform.fedora import services as fedora_services + + +fedora_container_system_units = fedora_services.fedora_system_units.copy() + + +class FedoraContainerService(fedora_services.FedoraService): + system_units = fedora_container_system_units + + +def fedora_container_service_class_factory(name, api=None): + return fedora_services.fedora_service_class_factory(name, api) + + +class FedoraContainerServices(fedora_services.FedoraServices): + def service_class_factory(self, name, api=None): + return fedora_container_service_class_factory(name, api) + + +timedate_services = fedora_services.timedate_services +service = fedora_container_service_class_factory +knownservices = FedoraContainerServices() diff --git a/ipaplatform/fedora_container/tasks.py b/ipaplatform/fedora_container/tasks.py new file mode 100644 index 0000000..946e581 --- /dev/null +++ b/ipaplatform/fedora_container/tasks.py @@ -0,0 +1,13 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""Fedora container tasks +""" +from ipaplatform.fedora.tasks import FedoraTaskNamespace + + +class FedoraContainerTaskNamespace(FedoraTaskNamespace): + pass + + +tasks = FedoraContainerTaskNamespace() diff --git a/ipaplatform/rhel_container/__init__.py b/ipaplatform/rhel_container/__init__.py new file mode 100644 index 0000000..8bd13a4 --- /dev/null +++ b/ipaplatform/rhel_container/__init__.py @@ -0,0 +1,7 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +""" +This module contains RHEL Container specific platform files. +""" +NAME = 'rhel_container' diff --git a/ipaplatform/rhel_container/constants.py b/ipaplatform/rhel_container/constants.py new file mode 100644 index 0000000..7cf5cb3 --- /dev/null +++ b/ipaplatform/rhel_container/constants.py @@ -0,0 +1,13 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""RHEL container constants +""" +from ipaplatform.rhel.constants import RHELConstantsNamespace + + +class RHELContainerConstantsNamespace(RHELConstantsNamespace): + pass + + +constants = RHELContainerConstantsNamespace() diff --git a/ipaplatform/rhel_container/paths.py b/ipaplatform/rhel_container/paths.py new file mode 100644 index 0000000..5598dae --- /dev/null +++ b/ipaplatform/rhel_container/paths.py @@ -0,0 +1,29 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""RHEL container paths +""" +import os + +from ipaplatform.rhel.paths import RHELPathNamespace + + +def data(path): + return os.path.join("/data", path[1:]) + + +class RHELContainerPathNamespace(RHELPathNamespace): + KRB5_CONF = data(RHELPathNamespace.KRB5_CONF) + KRB5_KEYTAB = data(RHELPathNamespace.KRB5_KEYTAB) + NAMED_KEYTAB = data(RHELPathNamespace.NAMED_KEYTAB) + NAMED_CUSTOM_CONF = data(RHELPathNamespace.NAMED_CUSTOM_CONF) + NAMED_CUSTOM_OPTIONS_CONF = data( + RHELPathNamespace.NAMED_CUSTOM_OPTIONS_CONF + ) + NSSWITCH_CONF = data(RHELPathNamespace.NSSWITCH_CONF) + PKI_CONFIGURATION = data(RHELPathNamespace.PKI_CONFIGURATION) + SAMBA_DIR = data(RHELPathNamespace.SAMBA_DIR) + HTTPD_IPA_WSGI_MODULES_CONF = None + + +paths = RHELContainerPathNamespace() diff --git a/ipaplatform/rhel_container/services.py b/ipaplatform/rhel_container/services.py new file mode 100644 index 0000000..ed7b12e --- /dev/null +++ b/ipaplatform/rhel_container/services.py @@ -0,0 +1,27 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""RHEL container services +""" +from ipaplatform.rhel import services as rhel_services + + +rhel_container_system_units = rhel_services.rhel_system_units.copy() + + +class RHELContainerService(rhel_services.RHELService): + system_units = rhel_container_system_units + + +def rhel_container_service_class_factory(name, api=None): + return rhel_services.rhel_service_class_factory(name, api) + + +class RHELContainerServices(rhel_services.RHELServices): + def service_class_factory(self, name, api=None): + return rhel_container_service_class_factory(name, api) + + +timedate_services = rhel_services.timedate_services +service = rhel_container_service_class_factory +knownservices = RHELContainerServices() diff --git a/ipaplatform/rhel_container/tasks.py b/ipaplatform/rhel_container/tasks.py new file mode 100644 index 0000000..0b7fdcf --- /dev/null +++ b/ipaplatform/rhel_container/tasks.py @@ -0,0 +1,13 @@ +# +# Copyright (C) 2020 FreeIPA Contributors see COPYING for license +# +"""RHEL container tasks +""" +from ipaplatform.rhel.tasks import RHELTaskNamespace + + +class RHELContainerTaskNamespace(RHELTaskNamespace): + pass + + +tasks = RHELContainerTaskNamespace() diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py index 20bfc69..0d4bb38 100644 --- a/ipaplatform/setup.py +++ b/ipaplatform/setup.py @@ -36,8 +36,10 @@ if __name__ == '__main__': "ipaplatform.base", "ipaplatform.debian", "ipaplatform.fedora", + "ipaplatform.fedora_container", "ipaplatform.redhat", "ipaplatform.rhel", + "ipaplatform.rhel_container", "ipaplatform.suse" ], install_requires=[ diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index d590cef..60ef72f 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -921,6 +921,7 @@ class PKIIniLoader: self.defaults = dict( # pretty much static ipa_ca_pem_file=paths.IPA_CA_CRT, + pki_configuration_path=paths.PKI_CONFIGURATION, # variable ipa_ca_subject=ca_subject, ipa_subject_base=subject_base,