3 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
5 # see file 'COPYING' for use and warranty information
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 from ipsilon.login.common import LoginMgrsInstall
21 from ipsilon.providers.common import ProvidersInstall
22 from ipsilon.helpers.common import EnvHelpersInstall
23 from ipsilon.util.data import Store
24 from ipsilon.tools import files
38 TEMPLATES = '/usr/share/ipsilon/templates/install'
39 CONFDIR = '/etc/ipsilon'
40 DATADIR = '/var/lib/ipsilon'
41 HTTPDCONFD = '/etc/httpd/conf.d'
43 STATICDIR = '/usr/share/ipsilon'
44 WSGI_SOCKET_PREFIX = None
47 class ConfigurationError(Exception):
49 def __init__(self, message):
50 super(ConfigurationError, self).__init__(message)
51 self.message = message
54 return repr(self.message)
57 #Silence cherrypy logging to screen
58 cherrypy.log.screen = False
61 LOGFILE = '/var/log/ipsilon-install.log'
62 logger = logging.getLogger()
66 global logger # pylint: disable=W0603
67 if os.path.isfile(LOGFILE):
69 created = '%s' % time.ctime(os.path.getctime(LOGFILE))
70 shutil.move(LOGFILE, '%s.%s' % (LOGFILE, created))
73 logger = logging.getLogger()
75 lh = logging.FileHandler(LOGFILE)
77 print >> sys.stderr, 'Unable to open %s (%s)' % (LOGFILE, str(e))
78 lh = logging.StreamHandler(sys.stderr)
79 formatter = logging.Formatter('[%(asctime)s] %(message)s')
80 lh.setFormatter(formatter)
84 def install(plugins, args):
85 logger.info('Installation initiated')
86 now = time.strftime("%Y%m%d%H%M%S", time.gmtime())
87 instance_conf = os.path.join(CONFDIR, args['instance'])
89 logger.info('Installing default config files')
90 ipsilon_conf = os.path.join(instance_conf, 'ipsilon.conf')
91 idp_conf = os.path.join(instance_conf, 'idp.conf')
92 args['httpd_conf'] = os.path.join(HTTPDCONFD,
93 'ipsilon-%s.conf' % args['instance'])
94 args['data_dir'] = os.path.join(DATADIR, args['instance'])
95 if os.path.exists(ipsilon_conf):
96 shutil.move(ipsilon_conf, '%s.bakcup.%s' % (ipsilon_conf, now))
97 if os.path.exists(idp_conf):
98 shutil.move(idp_conf, '%s.backup.%s' % (idp_conf, now))
99 if not os.path.exists(instance_conf):
100 os.makedirs(instance_conf, 0700)
101 confopts = {'instance': args['instance'],
102 'datadir': args['data_dir'],
103 'sysuser': args['system_user'],
104 'ipsilondir': BINDIR,
105 'staticdir': STATICDIR,
106 'debugging': "True" if args['server_debugging'] else "False"}
107 if WSGI_SOCKET_PREFIX:
108 confopts['wsgi_socket'] = 'WSGISocketPrefix %s' % WSGI_SOCKET_PREFIX
110 confopts['wsgi_socket'] = ''
111 files.write_from_template(ipsilon_conf,
112 os.path.join(TEMPLATES, 'ipsilon.conf'),
114 files.write_from_template(idp_conf,
115 os.path.join(TEMPLATES, 'idp.conf'),
117 if not os.path.exists(args['httpd_conf']):
118 os.symlink(idp_conf, args['httpd_conf'])
119 sessdir = os.path.join(args['data_dir'], 'sessions')
120 if not os.path.exists(sessdir):
121 os.makedirs(sessdir, 0700)
122 data_conf = os.path.join(args['data_dir'], 'ipsilon.conf')
123 if not os.path.exists(data_conf):
124 os.symlink(ipsilon_conf, data_conf)
125 # Load the cherrypy config from the newly installed file so
126 # that db paths and all is properly set before configuring
128 cherrypy.config.update(ipsilon_conf)
130 # Move pre-existing admin db away
131 admin_db = cherrypy.config['admin.config.db']
132 if os.path.exists(admin_db):
133 shutil.move(admin_db, '%s.backup.%s' % (admin_db, now))
136 users_db = cherrypy.config['user.prefs.db']
137 if os.path.exists(users_db):
138 shutil.move(users_db, '%s.backup.%s' % (users_db, now))
140 db.save_user_preferences(args['admin_user'], {'is_admin': 1})
142 logger.info('Configuring environment helpers')
143 for plugin_name in plugins['Environment Helpers']:
144 plugin = plugins['Environment Helpers'][plugin_name]
145 plugin.configure_server(args)
147 logger.info('Configuring login managers')
148 for plugin_name in args['lm_order']:
149 plugin = plugins['Login Managers'][plugin_name]
150 plugin.configure(args)
152 logger.info('Configuring Authentication Providers')
153 for plugin_name in plugins['Auth Providers']:
154 plugin = plugins['Auth Providers'][plugin_name]
155 plugin.configure(args)
157 # Fixup permissions so only the ipsilon user can read these files
158 files.fix_user_dirs(instance_conf, opts['system_user'])
159 files.fix_user_dirs(args['data_dir'], opts['system_user'])
161 subprocess.call(['/usr/sbin/restorecon', '-R', args['data_dir']])
162 except Exception: # pylint: disable=broad-except
165 def uninstall(plugins, args):
166 logger.info('Uninstallation initiated')
167 raise Exception('Not Implemented')
172 'Environment Helpers': EnvHelpersInstall().plugins,
173 'Login Managers': LoginMgrsInstall().plugins,
174 'Auth Providers': ProvidersInstall().plugins
179 def parse_config_profile(args):
180 config = ConfigParser.ConfigParser()
181 files = config.read(args['config_profile'])
183 raise ConfigurationError('Config Profile file %s not found!' %
184 args['config_profile'])
186 if 'globals' in config.sections():
187 G = config.options('globals')
189 val = config.get('globals', g)
193 for k in globals().keys():
194 if k.lower() == g.lower():
198 if 'arguments' in config.sections():
199 A = config.options('arguments')
201 args[a] = config.get('arguments', a)
206 def parse_args(plugins):
207 parser = argparse.ArgumentParser(description='Ipsilon Install Options')
208 parser.add_argument('--version',
209 action='version', version='%(prog)s 0.1')
210 parser.add_argument('-o', '--login-managers-order', dest='lm_order',
211 help='Comma separated list of login managers')
212 parser.add_argument('--hostname',
213 help="Machine's fully qualified host name")
214 parser.add_argument('--instance', default='idp',
215 help="IdP instance name, each is a separate idp")
216 parser.add_argument('--system-user', default='ipsilon',
217 help="User account used to run the server")
218 parser.add_argument('--admin-user', default='admin',
219 help="User account that is assigned admin privileges")
220 parser.add_argument('--config-profile', default=None,
221 help="File containing install options")
222 parser.add_argument('--server-debugging', action='store_true',
223 help="Uninstall the server and all data")
224 parser.add_argument('--uninstall', action='store_true',
225 help="Uninstall the server and all data")
229 for plugin_group in plugins:
230 group = parser.add_argument_group(plugin_group)
231 for plugin_name in plugins[plugin_group]:
232 plugin = plugins[plugin_group][plugin_name]
233 if plugin.ptype == 'login':
234 lms.append(plugin.name)
235 plugin.install_args(group)
237 args = vars(parser.parse_args())
239 if args['config_profile']:
240 args = parse_config_profile(args)
242 if not args['hostname']:
243 args['hostname'] = socket.getfqdn()
245 if len(args['hostname'].split('.')) < 2:
246 raise ConfigurationError('Hostname: %s is not a FQDN')
249 pwd.getpwnam(args['system_user'])
251 raise ConfigurationError('User: %s not found on the system')
253 if args['lm_order'] is None:
254 args['lm_order'] = []
256 if args[name] == 'yes':
257 args['lm_order'].append(name)
259 args['lm_order'] = args['lm_order'].split(',')
261 if len(args['lm_order']) == 0:
262 #force the basic pam provider if nothing else is selected
263 if 'pam' not in args:
266 args['lm_order'] = ['pam']
269 #FIXME: check instance is only alphanums
273 if __name__ == '__main__':
278 fplugins = find_plugins()
279 opts = parse_args(fplugins)
281 logger.setLevel(logging.DEBUG)
283 logger.info('Intallation arguments:')
284 for k in sorted(opts.iterkeys()):
285 logger.info('%s: %s', k, opts[k])
287 if 'uninstall' in opts and opts['uninstall'] is True:
288 uninstall(fplugins, opts)
290 install(fplugins, opts)
291 except Exception, e: # pylint: disable=broad-except
293 if 'uninstall' in opts and opts['uninstall'] is True:
294 print 'Uninstallation aborted.'
296 print 'Installation aborted.'
297 print 'See log file %s for details' % LOGFILE
301 if 'uninstall' in opts and opts['uninstall'] is True:
302 print 'Uninstallation complete.'
304 print 'Installation complete.'
305 print 'Please restart HTTPD to enable the IdP instance.'