From bc559c0b386cf6e55df6e60d6dcfbc39cf68b85e Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Sep 02 2013 14:30:07 +0000 Subject: Create DS user and group during ipa-restore ipa-restore would fail if DS user did not exist. Check for presence of DS user and group and create them if needed. https://fedorahosted.org/freeipa/ticket/3856 --- diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 947c51f..2a88c10 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -22,7 +22,6 @@ import sys import socket import os, pwd, shutil -import grp from optparse import OptionGroup from contextlib import contextmanager @@ -33,13 +32,13 @@ import dns.exception from ipapython import ipautil from ipaserver.install import dsinstance, installutils, krbinstance, service -from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs +from ipaserver.install import bindinstance, httpinstance, ntpinstance from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager -from ipaserver.install.installutils import (HostnameLocalhost, resolve_host, - ReplicaConfig, expand_replica_info, read_replica_info ,get_host_name, - BadHostError, private_ccache) +from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info, + read_replica_info ,get_host_name, + BadHostError, private_ccache) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance from ipalib import api, errors, util @@ -574,18 +573,7 @@ def main(): api.finalize() # Create DS group if it doesn't exist yet - try: - grp.getgrnam(dsinstance.DS_GROUP) - root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) - group_exists = True - except KeyError: - group_exists = False - args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] - try: - ipautil.run(args) - root_logger.debug("done adding DS group") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add DS group: %s" % e) + group_exists = dsinstance.create_ds_group() sstore.backup_state("install", "group_exists", group_exists) #Automatically disable pkinit w/ dogtag until that is supported diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 86ca344..bfdef82 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -971,16 +971,7 @@ def main(): ipaservices.backup_and_replace_hostname(fstore, sstore, host_name) # Create DS group if it doesn't exist yet - try: - grp.getgrnam(dsinstance.DS_GROUP) - root_logger.debug("ds group %s exists" % dsinstance.DS_GROUP) - except KeyError: - args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] - try: - ipautil.run(args) - root_logger.debug("done adding DS group") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add DS group: %s" % e) + dsinstance.create_ds_group() # Create a directory server instance if external != 2: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index f543efa..06f9e3a 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -27,6 +27,7 @@ import time import tempfile import base64 import stat +import grp from ipapython.ipa_log_manager import * from ipapython import ipautil, sysrestore, ipaldap @@ -130,6 +131,52 @@ def check_ports(): def is_ds_running(server_id=''): return ipaservices.knownservices.dirsrv.is_running(instance_name=server_id) + +def create_ds_user(): + """ + Create DS user if it doesn't exist yet. + """ + try: + pwd.getpwnam(DS_USER) + root_logger.debug('DS user %s exists', DS_USER) + except KeyError: + root_logger.debug('Adding DS user %s', DS_USER) + args = [ + '/usr/sbin/useradd', + '-g', DS_GROUP, + '-c', 'DS System User', + '-d', '/var/lib/dirsrv', + '-s', '/sbin/nologin', + '-M', '-r', DS_USER + ] + try: + ipautil.run(args) + root_logger.debug('Done adding DS user') + except ipautil.CalledProcessError, e: + root_logger.critical('Failed to add DS user: %s', e) + + +def create_ds_group(): + """ + Create DS group if it doesn't exist yet. + Returns True if the group already exists. + """ + try: + grp.getgrnam(DS_GROUP) + root_logger.debug('DS group %s exists', DS_GROUP) + group_exists = True + except KeyError: + group_exists = False + root_logger.debug('Adding DS group %s', DS_GROUP) + args = ['/usr/sbin/groupadd', '-r', DS_GROUP] + try: + ipautil.run(args) + root_logger.debug('Done adding DS group') + except ipautil.CalledProcessError, e: + root_logger.critical('Failed to add DS group: %s', e) + + return group_exists + INF_TEMPLATE = """ [General] FullMachineName= $FQDN @@ -194,7 +241,7 @@ class DsInstance(service.Service): def __common_setup(self, enable_ssl=False): - self.step("creating directory server user", self.__create_ds_user) + self.step("creating directory server user", create_ds_user) self.step("creating directory server instance", self.__create_instance) self.step("adding default schema", self.__add_default_schemas) self.step("enabling memberof plugin", self.__add_memberof_module) @@ -346,23 +393,6 @@ class DsInstance(service.Service): IDRANGE_SIZE=idrange_size ) - def __create_ds_user(self): - try: - pwd.getpwnam(DS_USER) - root_logger.debug("ds user %s exists" % DS_USER) - except KeyError: - root_logger.debug("adding ds user %s" % DS_USER) - args = ["/usr/sbin/useradd", "-g", DS_GROUP, - "-c", "DS System User", - "-d", "/var/lib/dirsrv", - "-s", "/sbin/nologin", - "-M", "-r", DS_USER] - try: - ipautil.run(args) - root_logger.debug("done adding user") - except ipautil.CalledProcessError, e: - root_logger.critical("failed to add user %s" % e) - def __create_instance(self): pent = pwd.getpwnam(DS_USER) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 2d4be57..8211371 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -20,28 +20,24 @@ import os import sys import shutil -import glob import tempfile import time import pwd -from optparse import OptionGroup from ConfigParser import SafeConfigParser from ipalib import api, errors from ipapython import version from ipapython.ipautil import run, user_input from ipapython import admintool -from ipapython.config import IPAOptionParser from ipapython.dn import DN -from ipaserver.install.dsinstance import realm_to_serverid, DS_USER +from ipaserver.install.dsinstance import (realm_to_serverid, create_ds_group, + create_ds_user, DS_USER) from ipaserver.install.cainstance import PKI_USER from ipaserver.install.replication import (wait_for_task, ReplicationManager, - CSReplicationManager, get_cs_replication_manager) + get_cs_replication_manager) from ipaserver.install import installutils from ipapython import services as ipaservices from ipapython import ipaldap -from ipapython import version -from ipalib.session import ISO8601_DATETIME_FMT from ipaserver.install.ipa_backup import BACKUP_DIR @@ -190,6 +186,8 @@ class Restore(admintool.AdminTool): if options.data_only and not instances: raise admintool.ScriptError('No instances to restore to') + create_ds_group() + create_ds_user() pent = pwd.getpwnam(DS_USER) # Temporary directory for decrypting files before restoring