#260 Abstract away distro-specific paths into "distro profiles"
Opened 2 years ago by puiterwijk. Modified 2 years ago
puiterwijk/ipsilon distro-profiles  into  master

@@ -0,0 +1,23 @@ 

+ Alias /idp/ui /usr/share/ipsilon/ui

+ WSGIScriptAlias /idp /usr/share/ipsilon/wsgi/ipsilon

+ WSGIDaemonProcess idp maximum-requests=2 user=ipsilon group=ipsilon

+ WSGIProcessGroup idp

+ 

+ <Location /idp/login/gssapi/negotiate>

+   AuthType GSSAPI

+   AuthName "GSSAPI Single Sign On Login"

+   GssapiCredStore /etc/apache2/conf/http.keytab

+   GssapiSSLonly On

+   GssapiLocalName on

+   Require valid-user

+ 

+   ErrorDocument 401 /idp/login/gssapi/unauthorized

+   ErrorDocument 500 /idp/login/gssapi/failed

+ </Location>

+ 

+ <Directory /usr/share/ipsilon/wsgi>

+     Order allow,deny

+     Allow from all

+     Require all granted

+ </Directory>

+ 

examples/apache.fedora.conf examples/apache.conf
file renamed
file was moved with no change to the file

@@ -0,0 +1,14 @@ 

+ # Copyright (C) 2017 Ipsilon project Contributors, for license see COPYING

+ # pragma pylint: disable=wildcard-import

+ 

+ import platform

+ 

+ distro = platform.linux_distribution()[0].lower()

+ 

+ if distro.startswith(('fedora', 'centos', 'red hat')):

+     from ipsilon.distro_profile.fedora import *

+ elif distro.startswith(('debian', 'ubuntu')):

+     from ipsilon.distro_profile.debian import *

+ else:

+     # We need to do something... Let's just default to Fedora?

+     from ipsilon.distro_profile.fedora import *

What about Gentoo‽ ☺

If anyone wants to contribute Gentoo paths, that's perfectly fine with me, I just don't know them, so I'm not intending to add those :)

@@ -0,0 +1,23 @@ 

+ # Copyright (C) 2017 Ipsilon project Contributors, for license see COPYING

+ import glob

+ 

+ BINDIR = '/usr/share/ipsilon/wsgi'

+ HTTPD_BIN = '/usr/sbin/apache2'

+ HTTPD_IPA_KEYTAB = '/etc/apache2/ipa.keytab'

+ HTTPD_HTTP_KEYTAB = '/etc/apache2/http.keytab'

+ HTTPD_USER = 'www-data'

+ HTTPD_CONFD = '/etc/apache2/conf-enabled'

+ HTTPD_CLIENT_CONFFILE = '/etc/apache2/conf-enabled/ipsilon-%s.conf'

+ HTTPD_CLIENT_CONFDIR = '/etc/apache2/%s'

+ HTTPD_MODULESDIR = '/usr/lib/apache2/modules'

+ LDAP_SCHEMADIR = '/etc/ldap/schema'

+ 

+ # Debian has a version numbered pg_ctl

+ pgctls = glob.glob('/usr/lib/postgresql/*/bin/pg_ctl')

+ if len(pgctls) == 0:

+     POSTGRES_PGCTL = None

+ else:

+     # We either have exactly one, or more than one version of postges available

+     # Given that Ipsilon is not really sensitive to Postgres version, let's

+     # just grab the first one we find

+     POSTGRES_PGCTL = pgctls[0]

@@ -0,0 +1,13 @@ 

+ # Copyright (C) 2017 Ipsilon project Contributors, for license see COPYING

+ 

+ BINDIR = '/usr/libexec'

+ HTTPD_BIN = '/usr/sbin/httpd'

+ HTTPD_IPA_KEYTAB = '/etc/httpd/conf/ipa.keytab'

+ HTTPD_HTTP_KEYTAB = '/etc/httpd/conf/http.keytab'

+ HTTPD_USER = 'apache'

+ HTTPD_CONFD = '/etc/httpd/conf.d'

+ HTTPD_CLIENT_CONFFILE = '/etc/httpd/conf.d/ipsilon-%s.conf'

+ HTTPD_CLIENT_CONFDIR = '/etc/httpd/%s'

+ HTTPD_MODULESDIR = '/etc/httpd/modules'

+ LDAP_SCHEMADIR = '/etc/openldap/schema'

+ POSTGRES_PGCTL = '/usr/bin/pg_ctl'

file modified
+3 -2

@@ -7,13 +7,14 @@ 

  import subprocess

  

  from ipsilon.helpers.common import EnvHelpersInstaller

+ import ipsilon.distro_profile as distro

  

  

  IPA_CONFIG_FILE = '/etc/ipa/default.conf'

- HTTPD_IPA_KEYTAB = '/etc/httpd/conf/ipa.keytab'

+ HTTPD_IPA_KEYTAB = distro.HTTPD_IPA_KEYTAB

  IPA_COMMAND = '/usr/bin/ipa'

  IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'

- HTTPD_USER = 'apache'

+ HTTPD_USER = distro.HTTPD_USER

  

  NO_CREDS_FOR_KEYTAB = """

  Valid IPA admin credentials are required to get a keytab.

@@ -7,6 +7,7 @@ 

  from ipsilon.tools.saml2metadata import SAML2_SERVICE_MAP

  from ipsilon.tools.certs import Certificate

  from ipsilon.tools import files

+ import ipsilon.distro_profile as distro

  from urllib import urlencode

  import argparse

  import ConfigParser

@@ -22,11 +23,11 @@ 

  import base64

  

  

- HTTPDCONFD = '/etc/httpd/conf.d'

+ HTTPDCONFD = distro.HTTPD_CONFD

  SAML2_TEMPLATE = '/usr/share/ipsilon/templates/install/saml2/sp.conf'

  OPENIDC_TEMPLATE = '/usr/share/ipsilon/templates/install/openidc/rp.conf'

- CONFFILE = '/etc/httpd/conf.d/ipsilon-%s.conf'

- HTTPDIR = '/etc/httpd/%s'

+ CONFFILE = distro.HTTPD_CLIENT_CONFFILE

+ HTTPDIR = distro.HTTPD_CLIENT_CONFDIR

  PROTECTED = '/protected'

  

  #Installation arguments

@@ -523,7 +524,7 @@ 

      parser.add_argument('--admin-password', default=None,

                          help="File containing the password for the account " +

                               "used to create a SP (- to read from stdin)")

-     parser.add_argument('--httpd-user', default='apache',

+     parser.add_argument('--httpd-user', default=distro.HTTPD_USER,

                          help="Web server account used to read certs")

      parser.add_argument('--auth-location', default=PROTECTED,

                          help="Where authentication is enforced")

@@ -11,6 +11,7 @@ 

  from ipsilon.authz.common import AuthzProviderInstall

  from ipsilon.util.data import UserStore

  from ipsilon.tools import files, dbupgrade

+ import ipsilon.distro_profile as distro

  import ConfigParser

  import argparse

  import cherrypy

@@ -28,8 +29,8 @@ 

  TEMPLATES = '/usr/share/ipsilon/templates/install'

  CONFDIR = '/etc/ipsilon'

  DATADIR = '/var/lib/ipsilon'

- HTTPDCONFD = '/etc/httpd/conf.d'

- BINDIR = '/usr/libexec'

+ HTTPDCONFD = distro.HTTPD_CONFD

+ BINDIR = distro.BINDIR

  STATICDIR = '/usr/share/ipsilon'

  CACHEDIR = '/var/cache/ipsilon'

  WSGI_SOCKET_PREFIX = None

file modified
+2 -1

@@ -4,6 +4,7 @@ 

      LoginManagerInstaller

  from ipsilon.util.plugin import PluginObject

  from ipsilon.util.user import UserSession

+ import ipsilon.distro_profile as distro

  from string import Template

  import cherrypy

  import os

@@ -119,7 +120,7 @@ 

          group.add_argument('--gssapi', choices=['yes', 'no'], default='no',

                             help='Configure GSSAPI authentication')

          group.add_argument('--gssapi-httpd-keytab',

-                            default='/etc/httpd/conf/http.keytab',

+                            default=distro.HTTPD_HTTP_KEYTAB,

                             help='Kerberos keytab location for HTTPD')

  

      def configure(self, opts, changes):

file modified
+4 -2

@@ -30,8 +30,10 @@ 

                  ('share/man/man1', ['man/ipsilon-client-install.1',

                                      'man/ipsilon-server-install.1']),

                  ('share/doc/ipsilon', ['COPYING', 'README.md']),

-                 ('share/doc/ipsilon/examples', ['examples/ipsilon.conf',

-                                                 'examples/apache.conf']),

+                 ('share/doc/ipsilon/examples',

+                  ['examples/ipsilon.conf',

+                   'examples/apache.fedora.conf',

+                   'examples/apache.debian.conf']),

                  (DATA+'ui/css', glob('ui/css/*.css')),

                  (DATA+'ui/img', glob('ui/img/*')),

                  (DATA+'ui/js', glob('ui/js/*.js')),

file modified
+9 -6

@@ -13,6 +13,7 @@ 

  import subprocess

  

  from control import TC  # pylint: disable=relative-import

+ import ipsilon.distro_profile as distro

  

  

  WRAP_HOSTNAME = 'idp.ipsilon.dev'

@@ -188,7 +189,7 @@ 

          os.mkdir(os.path.join(httpdir, 'conf.d'))

          os.mkdir(os.path.join(httpdir, 'html'))

          os.mkdir(os.path.join(httpdir, 'logs'))

-         os.symlink('/etc/httpd/modules', os.path.join(httpdir, 'modules'))

+         os.symlink(distro.HTTPD_MODULESDIR, os.path.join(httpdir, 'modules'))

  

          with open(os.path.join(self.rootdir, 'tests/httpd.conf')) as f:

              t = Template(f.read())

@@ -264,7 +265,8 @@ 

          return http_conf_file

  

      def setup_pgdb(self, datadir, env):

-         cmd = ['/usr/bin/pg_ctl', 'initdb', '-D', datadir, '-o', '-E UNICODE']

+         cmd = [distro.POSTGRES_PGCTL, 'initdb', '-D', datadir, '-o',

+                '-E UNICODE']

          subprocess.check_call(cmd, env=env,

                                stdout=self.stdout, stderr=self.stderr)

          auth = 'host all all 127.0.0.1/24 trust\n'

@@ -293,15 +295,15 @@ 

          env['MALLOC_PERTURB_'] = str(random.randint(0, 32767) % 255 + 1)

          env['REQUESTS_CA_BUNDLE'] = os.path.join(self.testdir, 'certs',

                                                   'root.cert.pem')

-         p = subprocess.Popen(['/usr/sbin/httpd', '-DFOREGROUND', '-f', conf],

+         p = subprocess.Popen([distro.HTTPD_BIN, '-DFOREGROUND', '-f', conf],

                               env=env, preexec_fn=os.setsid,

                               stdout=self.stdout, stderr=self.stderr)

          self.processes.append(p)

          return p

  

      def start_pgdb_server(self, datadir, rundir, log, addr, port, env):

-         p = subprocess.Popen(['/usr/bin/pg_ctl', 'start', '-D', datadir, '-o',

-                               '-k %s -c port=%s -c \

+         p = subprocess.Popen([distro.POSTGRES_PGCTL, 'start', '-D', datadir,

+                               '-o', '-k %s -c port=%s -c \

                                 listen_addresses=%s' % (rundir, port, addr),

                                '-l', log, '-w'],

                               env=env, preexec_fn=os.setsid,

@@ -319,7 +321,8 @@ 

          os.mkdir(ldapdir)

          with open(os.path.join(self.rootdir, 'tests/slapd.conf')) as f:

              t = Template(f.read())

-             text = t.substitute({'ldapdir': ldapdir})

+             text = t.substitute({'ldapdir': ldapdir,

+                                  'schemadir': distro.LDAP_SCHEMADIR})

          filename = os.path.join(ldapdir, 'slapd.conf')

          with open(filename, 'w+') as f:

              f.write(text)

file modified
+6 -4

@@ -1,7 +1,9 @@ 

- include   /etc/openldap/schema/core.schema

- include   /etc/openldap/schema/cosine.schema

- include   /etc/openldap/schema/inetorgperson.schema

- include   /etc/openldap/schema/nis.schema

+ moduleload back_mdb

+ 

+ include   ${schemadir}/core.schema

+ include   ${schemadir}/cosine.schema

+ include   ${schemadir}/inetorgperson.schema

+ include   ${schemadir}/nis.schema

  pidfile   ${ldapdir}/slapd.pid

  

  attributeoptions x-hidden lang-

no initial comment

3 new commits added

  • Add Debian distro profile
  • Abstract distro-specific paths away
  • Add Debian example apache conf
2 years ago

3 new commits added

  • Add Debian distro profile
  • Abstract distro-specific paths away
  • Add Debian example apache conf
2 years ago

3 new commits added

  • Add Debian distro profile
  • Abstract distro-specific paths away
  • Add Debian example apache conf
2 years ago

If anyone wants to contribute Gentoo paths, that's perfectly fine with me, I just don't know them, so I'm not intending to add those :)

Do we still need this on Debian? Maybe it should be /usr/share/ipsilon/wsgi

This should be /etc/apache2/%s, I think.

:( at the version number, but OK.

rebased

2 years ago

Thanks for the corrections regarding paths, and I've also made the Debian version no longer pgctl version specific!