From a2de6a17c56ab86b0f4f22f63406bfff131155cf Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Aug 30 2017 11:05:23 +0000 Subject: Move tmpfiles.d configuration handling back to spec file Since ipaapi user is now created during RPM install and not in runtime, we may switch back to shipping tmpfiles.d configuration directly in RPMs and not create it in runtime, which is a preferred way to handle drop-in configuration anyway. This also means that the drop-in config will be shipped in /usr/lib instead of /etc according to Fedora packaging guidelines. This partially reverts commit 38c66896de1769077cd5b057133606ec5eeaf62b. https://pagure.io/freeipa/issue/7053 Reviewed-By: Tibor Dudlak --- diff --git a/configure.ac b/configure.ac index c43759c..f098eb1 100644 --- a/configure.ac +++ b/configure.ac @@ -558,6 +558,7 @@ AC_CONFIG_FILES([ daemons/ipa-slapi-plugins/ipa-range-check/Makefile daemons/ipa-slapi-plugins/topology/Makefile init/systemd/Makefile + init/tmpfilesd/Makefile init/Makefile install/Makefile install/certmonger/Makefile diff --git a/freeipa.spec.in b/freeipa.spec.in index 3a22a6c..9aee440 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1091,6 +1091,7 @@ fi /bin/systemctl reload-or-try-restart dbus /bin/systemctl reload-or-try-restart oddjobd +%tmpfiles_create ipa.conf %posttrans server # don't execute upgrade and restart of IPA when server is not installed @@ -1377,6 +1378,8 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf +# NOTE: systemd specific section +%{_tmpfilesdir}/ipa.conf %attr(644,root,root) %{_unitdir}/ipa-custodia.service %ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf # END @@ -1386,7 +1389,6 @@ fi %{_usr}/share/ipa/*.ldif %{_usr}/share/ipa/*.uldif %{_usr}/share/ipa/*.template -%{_usr}/share/ipa/ipa.conf.tmpfiles %dir %{_usr}/share/ipa/advise %dir %{_usr}/share/ipa/advise/legacy %{_usr}/share/ipa/advise/legacy/*.template diff --git a/init/Makefile.am b/init/Makefile.am index bee4243..8f4d1d0 100644 --- a/init/Makefile.am +++ b/init/Makefile.am @@ -2,7 +2,7 @@ # AUTOMAKE_OPTIONS = 1.7 -SUBDIRS = systemd +SUBDIRS = systemd tmpfilesd dist_sysconfenv_DATA = \ ipa-dnskeysyncd \ diff --git a/init/tmpfilesd/Makefile.am b/init/tmpfilesd/Makefile.am new file mode 100644 index 0000000..b2d91c3 --- /dev/null +++ b/init/tmpfilesd/Makefile.am @@ -0,0 +1,10 @@ +dist_noinst_DATA = \ + ipa.conf.in + +systemdtmpfiles_DATA = \ + ipa.conf + +CLEANFILES = $(systemdtmpfiles_DATA) + +%: %.in Makefile + sed -e 's|@localstatedir[@]|$(localstatedir)|g' '$(srcdir)/$@.in' >$@ diff --git a/init/tmpfilesd/ipa.conf.in b/init/tmpfilesd/ipa.conf.in new file mode 100644 index 0000000..df66bef --- /dev/null +++ b/init/tmpfilesd/ipa.conf.in @@ -0,0 +1,2 @@ +d @localstatedir@/run/ipa 0711 root root +d @localstatedir@/run/ipa/ccaches 0770 ipaapi ipaapi diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 7a36551..41fdae4 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -87,7 +87,6 @@ dist_app_DATA = \ kdcproxy-disable.uldif \ ipa-httpd.conf.template \ gssapi.login \ - ipa.conf.tmpfiles \ gssproxy.conf.template \ kdcproxy.wsgi \ ipakrb5.aug \ diff --git a/install/share/ipa.conf.tmpfiles b/install/share/ipa.conf.tmpfiles deleted file mode 100644 index 573139b..0000000 --- a/install/share/ipa.conf.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -d /var/run/ipa 0711 root root -d /var/run/ipa/ccaches 0770 ipaapi ipaapi diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index de3cdce..d48ffca 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -130,7 +130,6 @@ class BasePathNamespace(object): SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service" SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service" ETC_TMPFILESD_DIRSRV = "/etc/tmpfiles.d/dirsrv-%s.conf" - ETC_TMPFILESD_IPA = "/etc/tmpfiles.d/ipa.conf" DNSSEC_TRUSTED_KEY = "/etc/trusted-key.key" HOME_DIR = "/home" PROC_FIPS_ENABLED = "/proc/sys/crypto/fips_enabled" diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 4175ea2..dc3cacc 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -200,14 +200,6 @@ class BaseTaskNamespace(object): """ raise NotImplementedError() - def configure_tmpfiles(self): - """Configure tmpfiles to be created at boot""" - raise NotImplementedError() - - def create_tmpfiles_dirs(self): - """Create run dirs for the install phase""" - raise NotImplementedError() - def configure_httpd_service_ipa_conf(self): """Configure httpd service to work with IPA""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index d98f8c1..26b35db 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -27,8 +27,6 @@ from __future__ import print_function import logging import os -import pwd -import shutil import socket import traceback import errno @@ -512,24 +510,5 @@ class RedHatTaskNamespace(BaseTaskNamespace): pass return False - def _create_tmpfiles_dir(self, name, mode, uid, gid): - if not os.path.exists(name): - os.mkdir(name) - os.chmod(name, mode) - os.chown(name, uid, gid) - - def create_tmpfiles_dirs(self): - parent = os.path.dirname(paths.IPA_CCACHES) - pent = pwd.getpwnam(IPAAPI_USER) - self._create_tmpfiles_dir(parent, 0o711, 0, 0) - self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770, - pent.pw_uid, pent.pw_gid) - - def configure_tmpfiles(self): - shutil.copy( - os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa.conf.tmpfiles'), - paths.ETC_TMPFILESD_IPA - ) - tasks = RedHatTaskNamespace() diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index a4e3d22..fe41fc2 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -722,9 +722,6 @@ def install(installer): if installer._update_hosts_file: update_hosts_file(ip_addresses, host_name, fstore) - # Make sure tmpfiles dir exist before installing components - tasks.create_tmpfiles_dirs() - # Create a directory server instance if not options.external_cert_files: # Configure ntpd @@ -897,9 +894,6 @@ def install(installer): except Exception: raise ScriptError("Configuration of client side components failed!") - # Make sure the files we crated in /var/run are recreated at startup - tasks.configure_tmpfiles() - # Everything installed properly, activate ipa service. services.knownservices.ipa.enable() @@ -1050,10 +1044,6 @@ def uninstall(installer): rv = 0 - # further steps assumes that temporary directories exists so rather - # ensure they are created - tasks.create_tmpfiles_dirs() - print("Shutting down all IPA services") try: services.knownservices.ipa.stop() diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6f3b2ac..9d251b5 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1355,9 +1355,6 @@ def install(installer): conn = remote_api.Backend.ldap2 ccache = os.environ['KRB5CCNAME'] - # Make sure tmpfiles dir exist before installing components - tasks.create_tmpfiles_dirs() - if promote: if installer._add_to_ipaservers: try: diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 5e1d74b..185f2de 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1927,10 +1927,6 @@ def upgrade_check(options): def upgrade(): - # Do this early so that any code depending on these dirs will not fail - tasks.create_tmpfiles_dirs() - tasks.configure_tmpfiles() - realm = api.env.realm schema_files = [os.path.join(paths.USR_SHARE_IPA_DIR, f) for f in dsinstance.ALL_SCHEMA_FILES]